uvm_fault: arp_rtrequest
1 view
Skip to first unread message
syzbot
May 23, 2019, 4:34:05 PM5/23/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: df989dde Fix line numbers - commands are added after the l..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=132cb04ca00000
kernel config: https://syzkaller.appspot.com/x/.config?x=60e2b7157576c8d7
dashboard link: https://syzkaller.appspot.com/bug?extid=927e93a362f3ae33dd9c
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+927e93...@syzkaller.appspotmail.com
uvm_fault(0xfffffd803f013d68, 0x100000008, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd803f013d68, 0x100000008, 0, 2) -> e
arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201
end trace frame: 0xffff8000149adff0, count: 0
ddb> trace
arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201
rtm_output(ffff8000009e7200,ffff8000149ae0a8,ffff8000149ae000,40,0) at
rtm_output+0xbf4 sys/net/rtsock.c:1040
route_output(fffffd8036b1bb00,fffffd8038ec2a80,0,0) at route_output+0x7d7
sys/net/rtsock.c:814
route_usrreq(fffffd8038ec2a80,9,fffffd8036b1bb00,0,0,ffff8000ffff8e18) at
route_usrreq+0x363 sys/net/rtsock.c:271
sosend(fffffd8038ec2a80,0,ffff8000149ae2a0,0,0,80) at sosend+0x660
sys/kern/uipc_socket.c:513
sendit(ffff8000ffff8e18,3,ffff8000149ae380,0,ffff8000149ae490) at
sendit+0x53c sys/kern/uipc_syscalls.c:662
sys_sendto(ffff8000ffff8e18,ffff8000149ae428,ffff8000149ae490) at
sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
syscall(ffff8000149ae500) at syscall+0x511
Xsyscall(6,0,ffffffffffffffd8,0,6,33fcb204010) at Xsyscall+0x128
end of kernel
end trace frame: 0x3420517bf60, count: -9
ddb> show registers
rdi 0xffffffff81d28db7 arp_rtrequest+0x157
rsi 0x194
rbp 0xffff8000149adf50
rbx 0xffff80000005bea0
rdx 0x195
rcx 0xdeaf4152deaf4152
rax 0xffff80000005bea8
r8 0x40
r9 0x5
r10 0xffff800000994b80
r11 0xf26f4d82e91f5047
r12 0xffff800000172290
r13 0x2
r14 0xfffffd802fc5c4d8
r15 0x100000000
rip 0xffffffff81d28dbf arp_rtrequest+0x15f
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000149aded0
ss 0x10
arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb> show proc
PROC (syz-executor.1) pid=388573 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff8710,0xffffffff82296ba0
process=0xffff8000ffff66a0 user=0xffff8000149a9000,
vmspace=0xfffffd803f013d68
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
3906 106073 13035 0 2 0 syz-executor.1
* 3906 388573 13035 0 7 0x4000000 syz-executor.1
12359 372097 79845 0 2 0x2 syz-executor.0
62875 238105 1 0 3 0x100083 ttyin getty
81951 207673 0 0 3 0x14200 bored sosplice
13035 272899 79845 0 3 0x82 nanosleep syz-executor.1
79845 74386 96347 0 3 0x82 thrsleep syz-fuzzer
79845 130935 96347 0 2 0x4000482 syz-fuzzer
79845 387134 96347 0 3 0x4000082 thrsleep syz-fuzzer
79845 457227 96347 0 3 0x4000082 thrsleep syz-fuzzer
79845 81104 96347 0 3 0x4000082 kqread syz-fuzzer
79845 333543 96347 0 3 0x4000082 thrsleep syz-fuzzer
79845 157955 96347 0 3 0x4000082 thrsleep syz-fuzzer
79845 484705 96347 0 3 0x4000082 thrsleep syz-fuzzer
96347 262282 71619 0 3 0x10008a pause ksh
71619 368070 24922 0 3 0x92 select sshd
24922 495474 1 0 3 0x80 select sshd
75188 174483 14525 73 2 0x100090 syslogd
14525 4235 1 0 3 0x100082 netio syslogd
57259 131095 1 77 3 0x100090 poll dhclient
85036 501701 1 0 3 0x80 poll dhclient
14293 118114 0 0 2 0x14200 zerothread
19259 336301 0 0 3 0x14200 aiodoned aiodoned
59898 316910 0 0 3 0x14200 syncer update
77564 261048 0 0 3 0x14200 cleaner cleaner
11297 461761 0 0 3 0x14200 reaper reaper
22821 80193 0 0 3 0x14200 pgdaemon pagedaemon
33280 287641 0 0 3 0x14200 bored crynlk
13100 370942 0 0 3 0x14200 bored crypto
96194 443697 0 0 3 0x40014200 acpi0 acpi0
58045 328927 0 0 3 0x14200 bored softnet
10272 452273 0 0 3 0x14200 bored systqmp
72215 19320 0 0 3 0x14200 bored systq
22182 324441 0 0 3 0x40014200 bored softclock
67233 162735 0 0 3 0x40014200 idle0
82388 277610 0 0 3 0x14200 bored smr
1 373690 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9523 6356K 7276K 78643K 22803 0 0
pcb 24 9K 11K 78643K 3678 0 0
rtable 131 5K 5K 78643K 5257 0 0
ifaddr 59 24K 32K 78643K 2533 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 236 0 0
iov 0 0K 32K 78643K 593 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1194 75K 76K 78643K 7289 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 61 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 0K 1K 78643K 614 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12537 0 0
file desc 5 13K 25K 78643K 9029 0 0
sigio 0 0K 0K 78643K 98 0 0
proc 42 30K 54K 78643K 941 0 0
subproc 32 2K 2K 78643K 85 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 442 0 0
in_multi 33 2K 2K 78643K 162 0 0
ether_multi 1 0K 0K 78643K 15 0 0
mrt 0 0K 0K 78643K 13 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 108 477K 477K 78643K 108 0 0
exec 0 0K 1K 78643K 599 0 0
pfkey data 0 0K 4K 78643K 6 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 84 20K 29K 78643K 20656 0 0
UVM aobj 130 4K 4K 78643K 131 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 214 0 0
NDP 12 0K 0K 78643K 641 0 0
temp 182 2715K 2843K 78643K 30869 0 0
kqueue 0 0K 0K 78643K 32 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 12 0 6 1 0 1 1 0
8 0
inpcbpl 280 3133 0 3126 1 0 1 1 0
8 0
plimitpl 152 137 0 130 1 0 1 1 0
8 0
rtentry 112 126 0 77 2 0 2 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 1825 0 1821 1 0 1 1 0
8 0
nd6 48 15 0 9 1 0 1 1 0
8 0
swfcl 56 1 0 0 1 0 1 1 0
8 0
ppxss 1128 605 0 605 17 16 1 1 0
8 1
art_heap8 4096 2 0 0 2 0 2 2 0
8 0
art_heap4 256 350 0 144 13 0 13 13 0
8 0
art_table 32 352 0 144 2 0 2 2 0
8 0
art_node 16 83 0 41 1 0 1 1 0
8 0
sysvmsgpl 40 6 0 2 1 0 1 1 0
8 0
semapl 112 612 0 602 1 0 1 1 0
8 0
shmpl 112 129 0 1 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 16291 0 14825 48 0 48 48 0
8 0
ffsino 240 16291 0 14825 88 1 87 87 0
8 0
nchpl 144 28023 0 26417 61 0 61 61 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 200 5926 0 0 312 0 312 312 0
8 0
namei 1024 79643 0 79643 2 1 1 1 0
8 1
scsiplug 64 10 0 10 6 6 0 1 0
8 0
scxspl 192 79581 0 79581 18 17 1 7 0
8 1
sigapl 432 9192 0 9179 2 0 2 2 0
8 0
futexpl 56 116325 0 116325 1 0 1 1 0
8 1
knotepl 112 881 0 862 1 0 1 1 0
8 0
kqueuepl 104 1107 0 1105 1 0 1 1 0
8 0
pipepl 112 3746 0 3727 10 9 1 2 0
8 0
fdescpl 424 9193 0 9179 2 0 2 2 0
8 0
filepl 120 42546 0 42451 6 2 4 5 0
8 1
lockfpl 104 2351 0 2351 4 3 1 1 0
8 1
lockfspl 48 760 0 760 4 3 1 1 0
8 1
sessionpl 112 21 0 11 1 0 1 1 0
8 0
pgrppl 48 89 0 79 1 0 1 1 0
8 0
ucredpl 96 9059 0 9052 1 0 1 1 0
8 0
zombiepl 144 9179 0 9179 2 1 1 1 0
8 1
processpl 840 9208 0 9179 4 0 4 4 0
8 0
procpl 600 19703 0 19666 5 1 4 4 0
8 1
sosppl 128 77 0 77 18 17 1 1 0
8 1
sockpl 384 6895 0 6877 12 9 3 4 0
8 1
mcl64k 65536 1153 0 1153 90 90 0 33 0
8 0
mcl16k 16384 32 0 32 14 14 0 1 0
8 0
mcl12k 12288 80 0 80 26 25 1 1 0
8 1
mcl9k 9216 83 0 83 23 22 1 1 0
8 1
mcl8k 8192 69 0 69 24 23 1 1 0
8 1
mcl4k 4096 227 0 227 16 16 0 1 0
8 0
mcl2k2 2112 31 0 31 14 14 0 1 0
8 0
mcl2k 2048 61100 0 61054 21 14 7 11 0
8 0
mtagpl 80 6 0 6 3 3 0 1 0
8 0
mbufpl 256 153386 0 153236 54 43 11 22 0
8 0
bufpl 256 20470 0 15922 285 0 285 285 0
8 0
anonpl 16 625582 0 616991 193 155 38 67 0
62 2
amapchunkpl 152 32859 0 32778 34 29 5 11 0
158 0
amappl16 192 42052 0 41595 157 133 24 47 0
8 0
amappl15 184 16 0 15 1 0 1 1 0
8 0
amappl14 176 69 0 68 2 1 1 1 0
8 0
amappl13 168 19 0 18 1 0 1 1 0
8 0
amappl12 160 4545 0 4540 1 0 1 1 0
8 0
amappl11 152 58 0 44 1 0 1 1 0
8 0
amappl10 144 1737 0 1734 2 1 1 1 0
8 0
amappl9 136 3320 0 3315 1 0 1 1 0
8 0
amappl8 128 2898 0 2881 1 0 1 1 0
8 0
amappl7 120 1705 0 1699 1 0 1 1 0
8 0
amappl6 112 53 0 46 1 0 1 1 0
8 0
amappl5 104 4747 0 4735 1 0 1 1 0
8 0
amappl4 96 9369 0 9348 1 0 1 1 0
8 0
amappl3 88 342 0 332 1 0 1 1 0
8 0
amappl2 80 73588 0 73521 4 2 2 3 0
8 0
amappl1 72 160264 0 159864 24 15 9 19 0
8 0
amappl 80 19990 0 19958 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 130 0 1 3 0 3 3 0
8 0
uaddrrnd 24 9193 0 9179 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 9193 0 9179 1 0 1 1 0
8 0
vmmpekpl 168 55383 0 55358 2 0 2 2 0
8 0
vmmpepl 168 892339 0 890923 197 130 67 87 0
357 4
vmsppl 264 9192 0 9179 3 2 1 2 0
8 0
pdppl 4096 18392 0 18358 6 1 5 6 0
8 0
pvpl 32 1780920 0 1769254 409 299 110 164 0 265
13
pmappl 200 9192 0 9179 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 621 0 205 16 3 13 14 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: df989dde Fix line numbers - commands are added after the l..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=132cb04ca00000
kernel config: https://syzkaller.appspot.com/x/.config?x=60e2b7157576c8d7
dashboard link: https://syzkaller.appspot.com/bug?extid=927e93a362f3ae33dd9c
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+927e93...@syzkaller.appspotmail.com
uvm_fault(0xfffffd803f013d68, 0x100000008, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd803f013d68, 0x100000008, 0, 2) -> e
arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201
end trace frame: 0xffff8000149adff0, count: 0
ddb> trace
arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201
rtm_output(ffff8000009e7200,ffff8000149ae0a8,ffff8000149ae000,40,0) at
rtm_output+0xbf4 sys/net/rtsock.c:1040
route_output(fffffd8036b1bb00,fffffd8038ec2a80,0,0) at route_output+0x7d7
sys/net/rtsock.c:814
route_usrreq(fffffd8038ec2a80,9,fffffd8036b1bb00,0,0,ffff8000ffff8e18) at
route_usrreq+0x363 sys/net/rtsock.c:271
sosend(fffffd8038ec2a80,0,ffff8000149ae2a0,0,0,80) at sosend+0x660
sys/kern/uipc_socket.c:513
sendit(ffff8000ffff8e18,3,ffff8000149ae380,0,ffff8000149ae490) at
sendit+0x53c sys/kern/uipc_syscalls.c:662
sys_sendto(ffff8000ffff8e18,ffff8000149ae428,ffff8000149ae490) at
sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
syscall(ffff8000149ae500) at syscall+0x511
Xsyscall(6,0,ffffffffffffffd8,0,6,33fcb204010) at Xsyscall+0x128
end of kernel
end trace frame: 0x3420517bf60, count: -9
ddb> show registers
rdi 0xffffffff81d28db7 arp_rtrequest+0x157
rsi 0x194
rbp 0xffff8000149adf50
rbx 0xffff80000005bea0
rdx 0x195
rcx 0xdeaf4152deaf4152
rax 0xffff80000005bea8
r8 0x40
r9 0x5
r10 0xffff800000994b80
r11 0xf26f4d82e91f5047
r12 0xffff800000172290
r13 0x2
r14 0xfffffd802fc5c4d8
r15 0x100000000
rip 0xffffffff81d28dbf arp_rtrequest+0x15f
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000149aded0
ss 0x10
arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb> show proc
PROC (syz-executor.1) pid=388573 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff8710,0xffffffff82296ba0
process=0xffff8000ffff66a0 user=0xffff8000149a9000,
vmspace=0xfffffd803f013d68
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
3906 106073 13035 0 2 0 syz-executor.1
* 3906 388573 13035 0 7 0x4000000 syz-executor.1
12359 372097 79845 0 2 0x2 syz-executor.0
62875 238105 1 0 3 0x100083 ttyin getty
81951 207673 0 0 3 0x14200 bored sosplice
13035 272899 79845 0 3 0x82 nanosleep syz-executor.1
79845 74386 96347 0 3 0x82 thrsleep syz-fuzzer
79845 130935 96347 0 2 0x4000482 syz-fuzzer
79845 387134 96347 0 3 0x4000082 thrsleep syz-fuzzer
79845 457227 96347 0 3 0x4000082 thrsleep syz-fuzzer
79845 81104 96347 0 3 0x4000082 kqread syz-fuzzer
79845 333543 96347 0 3 0x4000082 thrsleep syz-fuzzer
79845 157955 96347 0 3 0x4000082 thrsleep syz-fuzzer
79845 484705 96347 0 3 0x4000082 thrsleep syz-fuzzer
96347 262282 71619 0 3 0x10008a pause ksh
71619 368070 24922 0 3 0x92 select sshd
24922 495474 1 0 3 0x80 select sshd
75188 174483 14525 73 2 0x100090 syslogd
14525 4235 1 0 3 0x100082 netio syslogd
57259 131095 1 77 3 0x100090 poll dhclient
85036 501701 1 0 3 0x80 poll dhclient
14293 118114 0 0 2 0x14200 zerothread
19259 336301 0 0 3 0x14200 aiodoned aiodoned
59898 316910 0 0 3 0x14200 syncer update
77564 261048 0 0 3 0x14200 cleaner cleaner
11297 461761 0 0 3 0x14200 reaper reaper
22821 80193 0 0 3 0x14200 pgdaemon pagedaemon
33280 287641 0 0 3 0x14200 bored crynlk
13100 370942 0 0 3 0x14200 bored crypto
96194 443697 0 0 3 0x40014200 acpi0 acpi0
58045 328927 0 0 3 0x14200 bored softnet
10272 452273 0 0 3 0x14200 bored systqmp
72215 19320 0 0 3 0x14200 bored systq
22182 324441 0 0 3 0x40014200 bored softclock
67233 162735 0 0 3 0x40014200 idle0
82388 277610 0 0 3 0x14200 bored smr
1 373690 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9523 6356K 7276K 78643K 22803 0 0
pcb 24 9K 11K 78643K 3678 0 0
rtable 131 5K 5K 78643K 5257 0 0
ifaddr 59 24K 32K 78643K 2533 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 236 0 0
iov 0 0K 32K 78643K 593 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1194 75K 76K 78643K 7289 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 61 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 0K 1K 78643K 614 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12537 0 0
file desc 5 13K 25K 78643K 9029 0 0
sigio 0 0K 0K 78643K 98 0 0
proc 42 30K 54K 78643K 941 0 0
subproc 32 2K 2K 78643K 85 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 442 0 0
in_multi 33 2K 2K 78643K 162 0 0
ether_multi 1 0K 0K 78643K 15 0 0
mrt 0 0K 0K 78643K 13 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 108 477K 477K 78643K 108 0 0
exec 0 0K 1K 78643K 599 0 0
pfkey data 0 0K 4K 78643K 6 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 84 20K 29K 78643K 20656 0 0
UVM aobj 130 4K 4K 78643K 131 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 214 0 0
NDP 12 0K 0K 78643K 641 0 0
temp 182 2715K 2843K 78643K 30869 0 0
kqueue 0 0K 0K 78643K 32 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 12 0 6 1 0 1 1 0
8 0
inpcbpl 280 3133 0 3126 1 0 1 1 0
8 0
plimitpl 152 137 0 130 1 0 1 1 0
8 0
rtentry 112 126 0 77 2 0 2 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 1825 0 1821 1 0 1 1 0
8 0
nd6 48 15 0 9 1 0 1 1 0
8 0
swfcl 56 1 0 0 1 0 1 1 0
8 0
ppxss 1128 605 0 605 17 16 1 1 0
8 1
art_heap8 4096 2 0 0 2 0 2 2 0
8 0
art_heap4 256 350 0 144 13 0 13 13 0
8 0
art_table 32 352 0 144 2 0 2 2 0
8 0
art_node 16 83 0 41 1 0 1 1 0
8 0
sysvmsgpl 40 6 0 2 1 0 1 1 0
8 0
semapl 112 612 0 602 1 0 1 1 0
8 0
shmpl 112 129 0 1 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 16291 0 14825 48 0 48 48 0
8 0
ffsino 240 16291 0 14825 88 1 87 87 0
8 0
nchpl 144 28023 0 26417 61 0 61 61 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 200 5926 0 0 312 0 312 312 0
8 0
namei 1024 79643 0 79643 2 1 1 1 0
8 1
scsiplug 64 10 0 10 6 6 0 1 0
8 0
scxspl 192 79581 0 79581 18 17 1 7 0
8 1
sigapl 432 9192 0 9179 2 0 2 2 0
8 0
futexpl 56 116325 0 116325 1 0 1 1 0
8 1
knotepl 112 881 0 862 1 0 1 1 0
8 0
kqueuepl 104 1107 0 1105 1 0 1 1 0
8 0
pipepl 112 3746 0 3727 10 9 1 2 0
8 0
fdescpl 424 9193 0 9179 2 0 2 2 0
8 0
filepl 120 42546 0 42451 6 2 4 5 0
8 1
lockfpl 104 2351 0 2351 4 3 1 1 0
8 1
lockfspl 48 760 0 760 4 3 1 1 0
8 1
sessionpl 112 21 0 11 1 0 1 1 0
8 0
pgrppl 48 89 0 79 1 0 1 1 0
8 0
ucredpl 96 9059 0 9052 1 0 1 1 0
8 0
zombiepl 144 9179 0 9179 2 1 1 1 0
8 1
processpl 840 9208 0 9179 4 0 4 4 0
8 0
procpl 600 19703 0 19666 5 1 4 4 0
8 1
sosppl 128 77 0 77 18 17 1 1 0
8 1
sockpl 384 6895 0 6877 12 9 3 4 0
8 1
mcl64k 65536 1153 0 1153 90 90 0 33 0
8 0
mcl16k 16384 32 0 32 14 14 0 1 0
8 0
mcl12k 12288 80 0 80 26 25 1 1 0
8 1
mcl9k 9216 83 0 83 23 22 1 1 0
8 1
mcl8k 8192 69 0 69 24 23 1 1 0
8 1
mcl4k 4096 227 0 227 16 16 0 1 0
8 0
mcl2k2 2112 31 0 31 14 14 0 1 0
8 0
mcl2k 2048 61100 0 61054 21 14 7 11 0
8 0
mtagpl 80 6 0 6 3 3 0 1 0
8 0
mbufpl 256 153386 0 153236 54 43 11 22 0
8 0
bufpl 256 20470 0 15922 285 0 285 285 0
8 0
anonpl 16 625582 0 616991 193 155 38 67 0
62 2
amapchunkpl 152 32859 0 32778 34 29 5 11 0
158 0
amappl16 192 42052 0 41595 157 133 24 47 0
8 0
amappl15 184 16 0 15 1 0 1 1 0
8 0
amappl14 176 69 0 68 2 1 1 1 0
8 0
amappl13 168 19 0 18 1 0 1 1 0
8 0
amappl12 160 4545 0 4540 1 0 1 1 0
8 0
amappl11 152 58 0 44 1 0 1 1 0
8 0
amappl10 144 1737 0 1734 2 1 1 1 0
8 0
amappl9 136 3320 0 3315 1 0 1 1 0
8 0
amappl8 128 2898 0 2881 1 0 1 1 0
8 0
amappl7 120 1705 0 1699 1 0 1 1 0
8 0
amappl6 112 53 0 46 1 0 1 1 0
8 0
amappl5 104 4747 0 4735 1 0 1 1 0
8 0
amappl4 96 9369 0 9348 1 0 1 1 0
8 0
amappl3 88 342 0 332 1 0 1 1 0
8 0
amappl2 80 73588 0 73521 4 2 2 3 0
8 0
amappl1 72 160264 0 159864 24 15 9 19 0
8 0
amappl 80 19990 0 19958 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 130 0 1 3 0 3 3 0
8 0
uaddrrnd 24 9193 0 9179 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 9193 0 9179 1 0 1 1 0
8 0
vmmpekpl 168 55383 0 55358 2 0 2 2 0
8 0
vmmpepl 168 892339 0 890923 197 130 67 87 0
357 4
vmsppl 264 9192 0 9179 3 2 1 2 0
8 0
pdppl 4096 18392 0 18358 6 1 5 6 0
8 0
pvpl 32 1780920 0 1769254 409 299 110 164 0 265
13
pmappl 200 9192 0 9179 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 621 0 205 16 3 13 14 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 23, 2019, 7:55:08 PM5/23/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: df989dde Fix line numbers - commands are added after the l..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=145c9a82a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+927e93...@syzkaller.appspotmail.com
login: uvm_fault(0xfffffd803f013630, 0x100000008, 0, 2) -> e
rtm_output+0xbf4 sys/net/rtsock.c:1040
route_output(fffffd8035e47700,fffffd8034f6ea90,0,0) at route_output+0x7d7
sys/net/rtsock.c:814
route_usrreq(fffffd8034f6ea90,9,fffffd8035e47700,0,0,ffff8000ffff5c30) at
route_usrreq+0x363 sys/net/rtsock.c:271
sosend(fffffd8034f6ea90,0,ffff800014a021b0,0,0,80) at sosend+0x660
sys/kern/uipc_socket.c:513
sendit(ffff8000ffff5c30,5,ffff800014a02290,0,ffff800014a023a0) at
sendit+0x53c sys/kern/uipc_syscalls.c:662
sys_sendto(ffff8000ffff5c30,ffff800014a02338,ffff800014a023a0) at
sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
syscall(ffff800014a02410) at syscall+0x511
Xsyscall(6,0,ffffffffffffffd8,0,6,ba04b669010) at Xsyscall+0x128
end of kernel
end trace frame: 0xba28065ab70, count: -9
ddb> show registers
rdi 0x2
rsi 0xffffffff821fb4b0 __sancov_gen_cov_switch_values
rbp 0xffff800014a01e60
rbx 0xffff8000000253c0
rdx 0x4
rcx 0xdeafbeaddeafbead
rax 0xffff8000000253c8
r8 0x40
r9 0x5
r10 0x4a7b7a38ac14aed8
r11 0x44cf83fd09a0e60e
r12 0xffff800000172290
r13 0x2
r14 0xfffffd8034ec24d8
flags process=0 proc=4000000<THREAD>
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff52d0,0xffff8000ffff8978
process=0xffff8000ffff69e8 user=0xffff8000149fd000,
vmspace=0xfffffd803f013630
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
42700 299598 89467 0 2 0 syz-executor.0
*42700 433880 89467 0 7 0x4000000 syz-executor.0
42700 181353 89467 0 2 0x4000000 syz-executor.0
32237 1118 45759 0 3 0x82 nanosleep syz-executor.1
89467 366902 45759 0 3 0x82 nanosleep syz-executor.0
45759 175050 29814 0 3 0x82 kqread syz-execprog
45759 353567 29814 0 3 0x4000082 thrsleep syz-execprog
45759 31672 29814 0 3 0x4000082 thrsleep syz-execprog
45759 140978 29814 0 3 0x4000082 thrsleep syz-execprog
45759 506738 29814 0 3 0x4000082 thrsleep syz-execprog
45759 24529 29814 0 3 0x4000082 thrsleep syz-execprog
45759 279779 29814 0 3 0x4000082 thrsleep syz-execprog
29814 384502 18274 0 3 0x10008a pause ksh
18274 409752 14522 0 3 0x92 select sshd
82089 234975 1 0 3 0x100083 ttyin getty
14522 496256 1 0 3 0x80 select sshd
17711 422002 80745 73 2 0x100090 syslogd
80745 492917 1 0 3 0x100082 netio syslogd
60063 369019 1 77 3 0x100090 poll dhclient
76419 281900 1 0 3 0x80 poll dhclient
73121 211790 0 0 2 0x14200 zerothread
80653 195067 0 0 3 0x14200 aiodoned aiodoned
15117 219717 0 0 3 0x14200 syncer update
53644 91682 0 0 3 0x14200 cleaner cleaner
65333 447966 0 0 3 0x14200 reaper reaper
89345 513927 0 0 3 0x14200 pgdaemon pagedaemon
40193 88179 0 0 3 0x14200 bored crynlk
22639 81301 0 0 3 0x14200 bored crypto
61036 295587 0 0 3 0x40014200 acpi0 acpi0
69259 37137 0 0 3 0x14200 bored softnet
57341 12092 0 0 3 0x14200 bored systqmp
71550 346621 0 0 3 0x14200 bored systq
40579 272303 0 0 3 0x40014200 bored softclock
5597 230091 0 0 3 0x40014200 idle0
79418 68981 0 0 3 0x14200 bored smr
1 57510 0 0 3 0x82 wait init
pcb 26 9K 10K 78643K 366 0 0
rtable 110 3K 3K 78643K 1103 0 0
ifaddr 34 9K 9K 78643K 34 0 0
proc 40 30K 54K 78643K 287 0 0
ether_multi 1 0K 0K 78643K 1 0 0
exec 0 0K 1K 78643K 185 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
temp 195 2700K 2764K 78643K 3287 0 0
8 0
inpcbpl 280 30 0 22 1 0 1 1 0
8 0
plimitpl 152 15 0 8 1 0 1 1 0
8 0
rtentry 112 198 0 153 2 0 2 2 0
8 0
syncache 264 5 0 5 1 1 0 1 0
8 0
tcpqe 32 2 0 2 1 1 0 1 0
8 0
tcpcb 544 8 0 3 1 0 1 1 0
8 0
nd6 48 6 0 0 1 0 1 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 194 0 0 13 0 13 13 0
8 0
art_table 32 195 0 0 2 0 2 2 0
8 0
art_node 16 45 0 4 1 0 1 1 0
8 0
ffsino 240 1513 0 96 84 0 84 84 0
8 0
nchpl 144 1820 0 188 61 0 61 61 0
8 0
uvmvnodes 72 1522 0 0 28 0 28 28 0
8 0
vnodes 200 1522 0 0 81 0 81 81 0
8 0
namei 1024 4337 0 4337 2 1 1 1 0
8 1
scxspl 192 4233 0 4233 9 8 1 7 0
8 1
sigapl 432 287 0 273 2 0 2 2 0
8 0
futexpl 56 911 0 911 1 0 1 1 0
8 1
knotepl 112 51 0 34 1 0 1 1 0
8 0
kqueuepl 104 2 0 0 1 0 1 1 0
8 0
pipepl 112 146 0 127 2 1 1 1 0
8 0
fdescpl 424 288 0 273 2 0 2 2 0
8 0
filepl 120 1350 0 1286 3 0 3 3 0
8 1
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 48 3 0 3 1 1 0 1 0
8 0
sessionpl 112 19 0 9 1 0 1 1 0
8 0
pgrppl 48 19 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 273 0 273 2 1 1 1 0
8 1
processpl 840 302 0 273 4 0 4 4 0
8 0
procpl 600 395 0 358 4 0 4 4 0
8 1
sockpl 384 383 0 362 3 0 3 3 0
8 0
mcl4k 4096 10 0 10 1 1 0 1 0
8 0
mcl2k 2048 5519 0 5491 6 2 4 6 0
8 0
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 13509 0 13342 19 1 18 18 0
8 3
bufpl 256 5367 0 1262 257 0 257 257 0
8 0
anonpl 16 24928 0 23354 14 2 12 12 0
62 5
amapchunkpl 152 1181 0 1117 5 0 5 5 0
158 2
amappl16 192 468 0 424 3 0 3 3 0
8 0
amappl15 184 53 0 52 1 0 1 1 0
8 0
amappl14 176 34 0 33 2 1 1 1 0
8 0
amappl13 168 1 0 0 1 0 1 1 0
8 0
amappl12 160 8 0 7 1 0 1 1 0
8 0
amappl11 152 56 0 41 1 0 1 1 0
8 0
amappl10 144 103 0 99 2 1 1 1 0
8 0
amappl9 136 390 0 387 1 0 1 1 0
8 0
amappl8 128 117 0 109 1 0 1 1 0
8 0
amappl7 120 70 0 64 1 0 1 1 0
8 0
amappl6 112 59 0 51 1 0 1 1 0
8 0
amappl5 104 148 0 139 1 0 1 1 0
8 0
amappl4 96 434 0 413 1 0 1 1 0
8 0
amappl3 88 182 0 171 1 0 1 1 0
8 0
amappl2 80 1506 0 1444 4 1 3 3 0
8 1
amappl1 72 14855 0 14439 27 11 16 19 0
8 8
amappl 80 624 0 594 1 0 1 1 0
8 0
uaddrrnd 24 288 0 273 1 0 1 1 0
8 0
vmmpekpl 168 6576 0 6559 1 0 1 1 0
8 0
vmmpepl 168 35449 0 34464 92 18 74 74 0 357
31
vmsppl 264 287 0 273 2 0 2 2 0
8 1
pdppl 4096 582 0 546 6 0 6 6 0
8 1
pvpl 32 114153 0 110203 104 5 99 99 0 265
65
pmappl 200 287 0 273 1 0 1 1 0
8 0
ddb>
HEAD commit: df989dde Fix line numbers - commands are added after the l..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=60e2b7157576c8d7
dashboard link: https://syzkaller.appspot.com/bug?extid=927e93a362f3ae33dd9c
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12849c72a00000
dashboard link: https://syzkaller.appspot.com/bug?extid=927e93a362f3ae33dd9c
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+927e93...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Stopped at arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd803f013630, 0x100000008, 0, 2) -> e
Stopped at arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201
end trace frame: 0xffff800014a01f00, count: 0
ddb> trace
arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201
rtm_output(ffff80000096a600,ffff800014a01fb8,ffff800014a01f10,40,0) at
arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201
rtm_output+0xbf4 sys/net/rtsock.c:1040
route_output(fffffd8035e47700,fffffd8034f6ea90,0,0) at route_output+0x7d7
sys/net/rtsock.c:814
route_usrreq(fffffd8034f6ea90,9,fffffd8035e47700,0,0,ffff8000ffff5c30) at
route_usrreq+0x363 sys/net/rtsock.c:271
sosend(fffffd8034f6ea90,0,ffff800014a021b0,0,0,80) at sosend+0x660
sys/kern/uipc_socket.c:513
sendit(ffff8000ffff5c30,5,ffff800014a02290,0,ffff800014a023a0) at
sendit+0x53c sys/kern/uipc_syscalls.c:662
sys_sendto(ffff8000ffff5c30,ffff800014a02338,ffff800014a023a0) at
sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
syscall(ffff800014a02410) at syscall+0x511
Xsyscall(6,0,ffffffffffffffd8,0,6,ba04b669010) at Xsyscall+0x128
end of kernel
end trace frame: 0xba28065ab70, count: -9
ddb> show registers
rdi 0x2
rsi 0xffffffff821fb4b0 __sancov_gen_cov_switch_values
rbp 0xffff800014a01e60
rbx 0xffff8000000253c0
rdx 0x4
rcx 0xdeafbeaddeafbead
rax 0xffff8000000253c8
r8 0x40
r9 0x5
r10 0x4a7b7a38ac14aed8
r11 0x44cf83fd09a0e60e
r12 0xffff800000172290
r13 0x2
r14 0xfffffd8034ec24d8
r15 0x100000000
rip 0xffffffff81d28dbf arp_rtrequest+0x15f
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800014a01de0
rip 0xffffffff81d28dbf arp_rtrequest+0x15f
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
ss 0x10
arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb> show proc
PROC (syz-executor.0) pid=433880 stat=onproc
arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb> show proc
flags process=0 proc=4000000<THREAD>
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff52d0,0xffff8000ffff8978
process=0xffff8000ffff69e8 user=0xffff8000149fd000,
vmspace=0xfffffd803f013630
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
82846 338596 32237 0 2 0 syz-executor.1
PID TID PPID UID S FLAGS WAIT COMMAND
42700 299598 89467 0 2 0 syz-executor.0
*42700 433880 89467 0 7 0x4000000 syz-executor.0
42700 181353 89467 0 2 0x4000000 syz-executor.0
32237 1118 45759 0 3 0x82 nanosleep syz-executor.1
89467 366902 45759 0 3 0x82 nanosleep syz-executor.0
45759 175050 29814 0 3 0x82 kqread syz-execprog
45759 353567 29814 0 3 0x4000082 thrsleep syz-execprog
45759 31672 29814 0 3 0x4000082 thrsleep syz-execprog
45759 140978 29814 0 3 0x4000082 thrsleep syz-execprog
45759 506738 29814 0 3 0x4000082 thrsleep syz-execprog
45759 24529 29814 0 3 0x4000082 thrsleep syz-execprog
45759 279779 29814 0 3 0x4000082 thrsleep syz-execprog
29814 384502 18274 0 3 0x10008a pause ksh
18274 409752 14522 0 3 0x92 select sshd
82089 234975 1 0 3 0x100083 ttyin getty
14522 496256 1 0 3 0x80 select sshd
17711 422002 80745 73 2 0x100090 syslogd
80745 492917 1 0 3 0x100082 netio syslogd
60063 369019 1 77 3 0x100090 poll dhclient
76419 281900 1 0 3 0x80 poll dhclient
73121 211790 0 0 2 0x14200 zerothread
80653 195067 0 0 3 0x14200 aiodoned aiodoned
15117 219717 0 0 3 0x14200 syncer update
53644 91682 0 0 3 0x14200 cleaner cleaner
65333 447966 0 0 3 0x14200 reaper reaper
89345 513927 0 0 3 0x14200 pgdaemon pagedaemon
40193 88179 0 0 3 0x14200 bored crynlk
22639 81301 0 0 3 0x14200 bored crypto
61036 295587 0 0 3 0x40014200 acpi0 acpi0
69259 37137 0 0 3 0x14200 bored softnet
57341 12092 0 0 3 0x14200 bored systqmp
71550 346621 0 0 3 0x14200 bored systq
40579 272303 0 0 3 0x40014200 bored softclock
5597 230091 0 0 3 0x40014200 idle0
79418 68981 0 0 3 0x14200 bored smr
1 57510 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9436 6311K 6311K 78643K 10529 0 0
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
pcb 26 9K 10K 78643K 366 0 0
rtable 110 3K 3K 78643K 1103 0 0
ifaddr 34 9K 9K 78643K 34 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 15 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1174 74K 74K 78643K 1179 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
UFS mount 5 36K 36K 78643K 5 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12537 0 0
file desc 5 16K 24K 78643K 111 0 0
ACPI 1793 195K 288K 78643K 12537 0 0
proc 40 30K 54K 78643K 287 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 33 2K 2K 78643K 33 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
exec 0 0K 1K 78643K 185 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 75 20K 20K 78643K 1076 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 5 0K 0K 78643K 9 0 0
crypto data 1 1K 1K 78643K 1 0 0
temp 195 2700K 2764K 78643K 3287 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 6 0 0 1 0 1 1 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
8 0
inpcbpl 280 30 0 22 1 0 1 1 0
8 0
plimitpl 152 15 0 8 1 0 1 1 0
8 0
rtentry 112 198 0 153 2 0 2 2 0
8 0
syncache 264 5 0 5 1 1 0 1 0
8 0
tcpqe 32 2 0 2 1 1 0 1 0
8 0
tcpcb 544 8 0 3 1 0 1 1 0
8 0
nd6 48 6 0 0 1 0 1 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 194 0 0 13 0 13 13 0
8 0
art_table 32 195 0 0 2 0 2 2 0
8 0
art_node 16 45 0 4 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 1513 0 96 46 0 46 46 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
8 0
ffsino 240 1513 0 96 84 0 84 84 0
8 0
nchpl 144 1820 0 188 61 0 61 61 0
8 0
uvmvnodes 72 1522 0 0 28 0 28 28 0
8 0
vnodes 200 1522 0 0 81 0 81 81 0
8 0
namei 1024 4337 0 4337 2 1 1 1 0
8 1
scxspl 192 4233 0 4233 9 8 1 7 0
8 1
sigapl 432 287 0 273 2 0 2 2 0
8 0
futexpl 56 911 0 911 1 0 1 1 0
8 1
knotepl 112 51 0 34 1 0 1 1 0
8 0
kqueuepl 104 2 0 0 1 0 1 1 0
8 0
pipepl 112 146 0 127 2 1 1 1 0
8 0
fdescpl 424 288 0 273 2 0 2 2 0
8 0
filepl 120 1350 0 1286 3 0 3 3 0
8 1
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 48 3 0 3 1 1 0 1 0
8 0
sessionpl 112 19 0 9 1 0 1 1 0
8 0
pgrppl 48 19 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 273 0 273 2 1 1 1 0
8 1
processpl 840 302 0 273 4 0 4 4 0
8 0
procpl 600 395 0 358 4 0 4 4 0
8 1
sockpl 384 383 0 362 3 0 3 3 0
8 0
mcl4k 4096 10 0 10 1 1 0 1 0
8 0
mcl2k 2048 5519 0 5491 6 2 4 6 0
8 0
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 13509 0 13342 19 1 18 18 0
8 3
bufpl 256 5367 0 1262 257 0 257 257 0
8 0
anonpl 16 24928 0 23354 14 2 12 12 0
62 5
amapchunkpl 152 1181 0 1117 5 0 5 5 0
158 2
amappl16 192 468 0 424 3 0 3 3 0
8 0
amappl15 184 53 0 52 1 0 1 1 0
8 0
amappl14 176 34 0 33 2 1 1 1 0
8 0
amappl13 168 1 0 0 1 0 1 1 0
8 0
amappl12 160 8 0 7 1 0 1 1 0
8 0
amappl11 152 56 0 41 1 0 1 1 0
8 0
amappl10 144 103 0 99 2 1 1 1 0
8 0
amappl9 136 390 0 387 1 0 1 1 0
8 0
amappl8 128 117 0 109 1 0 1 1 0
8 0
amappl7 120 70 0 64 1 0 1 1 0
8 0
amappl6 112 59 0 51 1 0 1 1 0
8 0
amappl5 104 148 0 139 1 0 1 1 0
8 0
amappl4 96 434 0 413 1 0 1 1 0
8 0
amappl3 88 182 0 171 1 0 1 1 0
8 0
amappl2 80 1506 0 1444 4 1 3 3 0
8 1
amappl1 72 14855 0 14439 27 11 16 19 0
8 8
amappl 80 624 0 594 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
8 0
uaddrrnd 24 288 0 273 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 288 0 273 1 0 1 1 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
8 0
vmmpekpl 168 6576 0 6559 1 0 1 1 0
8 0
vmmpepl 168 35449 0 34464 92 18 74 74 0 357
31
vmsppl 264 287 0 273 2 0 2 2 0
8 1
pdppl 4096 582 0 546 6 0 6 6 0
8 1
pvpl 32 114153 0 110203 104 5 99 99 0 265
65
pmappl 200 287 0 273 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 395 0 7 12 0 12 12 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
8 0
ddb>
syzbot
May 23, 2019, 9:39:06 PM5/23/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: df989dde Fix line numbers - commands are added after the l..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=132fcdf8a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7f659e47e42d9641
dashboard link: https://syzkaller.appspot.com/bug?extid=927e93a362f3ae33dd9c
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11cdc652a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=139b7ae4a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+927e93...@syzkaller.appspotmail.com
login: uvm_fault(0xfffffd806e7e2b48, 0x100000008, 0, 2) -> e
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xfffffd806e7e2b48, 0x100000008, 0, 2) -> e
ddb{1}> trace
rtm_output+0xbf4 sys/net/rtsock.c:1040
route_output(fffffd806f0ce800,fffffd806e9a5788,0,0) at route_output+0x7d2
sys/net/rtsock.c:814
route_usrreq(fffffd806e9a5788,9,fffffd806f0ce800,0,0,ffff800020b85780) at
route_usrreq+0x363 sys/net/rtsock.c:271
sosend(fffffd806e9a5788,0,ffff800020bc1ce0,0,0,80) at sosend+0x668
sys/kern/uipc_socket.c:513
sendit(ffff800020b85780,4,ffff800020bc1dc0,0,ffff800020bc1ed0) at
sendit+0x52c sys/kern/uipc_syscalls.c:662
sys_sendto(ffff800020b85780,ffff800020bc1e68,ffff800020bc1ed0) at
sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
syscall(ffff800020bc1f40) at syscall+0x552 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020bc1f40) at syscall+0x552 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,191,0,2a,4) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffabe0, count: -9
ddb{1}> show registers
rdi 0x2
rsi 0xffffffff82245450 __sancov_gen_cov_switch_values
rbp 0xffff800020bc1990
rbx 0xffff80000005b850
rdx 0x8b
rcx 0xdeaf4152deaf4152
rax 0xffff80000005b858
r8 0xffffffff81f09c1f arp_rtrequest+0x11f
r9 0x5
r10 0xa1052ed823511cd4
r11 0xaad29c102df2beda
r12 0xffff800000173290
r13 0x2
r14 0xfffffd806f738540
r15 0x100000000
rip 0xffffffff81f09c5f arp_rtrequest+0x15f
PROC (syz-executor5432) pid=233399 stat=onproc
flags process=0 proc=0
pri=51, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff800020b85528,0xffffffff82398cb8
process=0xffff800020afb070 user=0xffff800020bbc000,
vmspace=0xfffffd806e7e2b48
estcpu=2, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
70887 144140 93405 0 3 0x82 nanosleep syz-executor5432
93405 217815 87825 0 3 0x10008a pause ksh
87825 217624 21294 0 3 0x92 select sshd
64666 135616 1 0 3 0x100083 ttyin getty
21294 95289 1 0 3 0x80 select sshd
46492 36289 48194 74 3 0x100092 bpf pflogd
48194 46670 1 0 3 0x80 netio pflogd
62947 506589 59714 73 7 0x100010 syslogd
59714 468757 1 0 3 0x100082 netio syslogd
8579 70541 1 77 3 0x100090 poll dhclient
41766 53879 1 0 3 0x80 poll dhclient
40381 407465 0 0 3 0x14200 pgzero zerothread
70244 332952 0 0 3 0x14200 aiodoned aiodoned
26835 480035 0 0 3 0x14200 syncer update
92500 86850 0 0 3 0x14200 cleaner cleaner
43568 86206 0 0 3 0x14200 reaper reaper
75885 51045 0 0 3 0x14200 pgdaemon pagedaemon
68434 220042 0 0 3 0x14200 bored crynlk
11323 520983 0 0 3 0x14200 bored crypto
14789 428451 0 0 3 0x40014200 acpi0 acpi0
34297 454419 0 0 3 0x40014200 idle1
58051 158086 0 0 3 0x14200 bored softnet
72615 42831 0 0 3 0x14200 bored systqmp
99895 272031 0 0 3 0x14200 bored systq
90433 385291 0 0 3 0x40014200 bored softclock
49943 346609 0 0 3 0x40014200 idle0
36385 82975 0 0 3 0x14200 bored smr
1 29890 0 0 3 0x82 wait init
Process 78814 (syz-executor5432) thread 0xffff800020b85780 (233399)
exclusive rwlock netlock r = 0 (0xffffffff82200df8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 rtm_output+0xb86 sys/net/rtsock.c:1031
#2 route_output+0x7d2 sys/net/rtsock.c:814
#3 route_usrreq+0x363 sys/net/rtsock.c:271
#4 sosend+0x668 sys/kern/uipc_socket.c:513
#5 sendit+0x52c sys/kern/uipc_syscalls.c:662
#6 sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
#7 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#7 syscall+0x552 sys/arch/amd64/amd64/trap.c:574
#8 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82360fe0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 solock+0x66 sys/kern/uipc_socket2.c:292
#2 sosend+0x52c sys/kern/uipc_socket.c:501
#3 sendit+0x52c sys/kern/uipc_syscalls.c:662
#4 sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
#5 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#5 syscall+0x552 sys/arch/amd64/amd64/trap.c:574
#6 Xsyscall+0x128
ddb{1}> show malloc
pcb 27 9K 9K 78643K 62 0 0
rtable 65 2K 2K 78643K 136 0 0
ifaddr 25 7K 7K 78643K 26 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1467 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
file desc 1 0K 0K 78643K 1 0 0
proc 52 50K 58K 78643K 279 0 0
ether_multi 1 0K 0K 78643K 1 0 0
exec 0 0K 1K 78643K 179 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
temp 40 2712K 2776K 78643K 2007 0 0
8 0
inpcbpl 280 29 0 23 1 0 1 1 0
8 0
plimitpl 152 14 0 8 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 24 0 1 1 0 1 1 0
8 0
syncache 264 5 0 5 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 8 0 0 1 0 1 1 0
8 0
pfstkey 112 8 0 0 1 0 1 1 0
8 0
pfstate 328 8 0 0 1 0 1 1 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 102 0 0 7 0 7 7 0
8 0
art_table 32 103 0 0 1 0 1 1 0
8 0
art_node 16 23 0 2 1 0 1 1 0
8 0
8 0
ffsino 272 1394 0 17 92 0 92 92 0
8 0
nchpl 144 1567 0 32 57 0 57 57 0
8 0
uvmvnodes 72 1404 0 0 26 0 26 26 0
8 0
vnodes 200 1404 0 0 74 0 74 74 0
8 0
namei 1024 3555 0 3555 2 1 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
scxspl 192 2452 0 2452 8 2 6 6 0
8 6
sigapl 432 207 0 194 2 0 2 2 0
8 0
knotepl 112 5 0 0 1 0 1 1 0
8 0
kqueuepl 104 1 0 0 1 0 1 1 0
8 0
pipepl 112 134 0 127 2 1 1 1 0
8 0
fdescpl 488 208 0 194 3 0 3 3 0
8 0
filepl 152 964 0 915 2 0 2 2 0
8 0
lockfpl 104 6 0 6 1 1 0 1 0
8 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 52 0 43 1 0 1 1 0
8 0
zombiepl 144 194 0 194 2 1 1 1 0
8 1
processpl 840 223 0 194 4 0 4 4 0
8 0
procpl 600 223 0 194 3 0 3 3 0
8 0
sockpl 384 78 0 58 3 0 3 3 0
8 1
mcl4k 4096 5 0 0 1 0 1 1 0
8 0
mcl2k 2048 56 0 0 7 0 7 7 0
8 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
mbufpl 256 82 0 0 5 0 5 5 0
8 0
bufpl 256 2162 0 287 118 0 118 118 0
8 0
anonpl 16 19428 0 18204 8 2 6 7 0
125 1
amapchunkpl 152 554 0 516 2 0 2 2 0
158 0
amappl16 192 83 0 77 1 0 1 1 0
8 0
amappl14 176 16 0 15 2 1 1 1 0
8 0
amappl12 160 7 0 7 1 0 1 1 0
8 1
amappl11 152 45 0 27 1 0 1 1 0
8 0
amappl10 144 62 0 60 1 0 1 1 0
8 0
amappl9 136 425 0 424 1 0 1 1 0
8 0
amappl8 128 101 0 97 1 0 1 1 0
8 0
amappl7 120 18 0 17 1 0 1 1 0
8 0
amappl6 112 45 0 41 1 0 1 1 0
8 0
amappl5 104 113 0 98 1 0 1 1 0
8 0
amappl4 96 376 0 356 1 0 1 1 0
8 0
amappl3 88 163 0 152 1 0 1 1 0
8 0
amappl2 80 848 0 794 3 1 2 2 0
8 0
amappl1 72 13423 0 13008 15 5 10 15 0
8 0
amappl 80 428 0 406 1 0 1 1 0
8 0
uaddrrnd 24 208 0 194 1 0 1 1 0
8 0
vmmpekpl 168 5600 0 5578 2 0 2 2 0
8 0
vmmpepl 168 28736 0 27922 50 11 39 47 0
357 1
vmsppl 360 207 0 194 2 0 2 2 0
8 0
pdppl 4096 424 0 388 6 0 6 6 0
8 0
pvpl 32 80756 0 77743 31 3 28 28 0
265 3
pmappl 232 207 0 194 1 0 1 1 0
8 0
HEAD commit: df989dde Fix line numbers - commands are added after the l..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=7f659e47e42d9641
dashboard link: https://syzkaller.appspot.com/bug?extid=927e93a362f3ae33dd9c
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11cdc652a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=139b7ae4a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+927e93...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Stopped at arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb{1}>
Stopped at arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xfffffd806e7e2b48, 0x100000008, 0, 2) -> e
arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201
end trace frame: 0xffff800020bc1a30, count: 0
ddb{1}> trace
arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201
rtm_output(ffff800000975400,ffff800020bc1af0,ffff800020bc1a40,40,0) at
rtm_output+0xbf4 sys/net/rtsock.c:1040
route_output(fffffd806f0ce800,fffffd806e9a5788,0,0) at route_output+0x7d2
sys/net/rtsock.c:814
route_usrreq(fffffd806e9a5788,9,fffffd806f0ce800,0,0,ffff800020b85780) at
route_usrreq+0x363 sys/net/rtsock.c:271
sosend(fffffd806e9a5788,0,ffff800020bc1ce0,0,0,80) at sosend+0x668
sys/kern/uipc_socket.c:513
sendit(ffff800020b85780,4,ffff800020bc1dc0,0,ffff800020bc1ed0) at
sendit+0x52c sys/kern/uipc_syscalls.c:662
sys_sendto(ffff800020b85780,ffff800020bc1e68,ffff800020bc1ed0) at
sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
syscall(ffff800020bc1f40) at syscall+0x552 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020bc1f40) at syscall+0x552 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,191,0,2a,4) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffabe0, count: -9
ddb{1}> show registers
rdi 0x2
rsi 0xffffffff82245450 __sancov_gen_cov_switch_values
rbp 0xffff800020bc1990
rbx 0xffff80000005b850
rdx 0x8b
rcx 0xdeaf4152deaf4152
rax 0xffff80000005b858
r8 0xffffffff81f09c1f arp_rtrequest+0x11f
r9 0x5
r10 0xa1052ed823511cd4
r11 0xaad29c102df2beda
r12 0xffff800000173290
r13 0x2
r14 0xfffffd806f738540
r15 0x100000000
rip 0xffffffff81f09c5f arp_rtrequest+0x15f
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800020bc1910
rflags 0x10246 __ALIGN_SIZE+0xf246
ss 0x10
arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
ddb{1}> show proc
arp_rtrequest+0x15f: movq %rcx,0x8(%r15)
PROC (syz-executor5432) pid=233399 stat=onproc
flags process=0 proc=0
pri=51, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff800020b85528,0xffffffff82398cb8
process=0xffff800020afb070 user=0xffff800020bbc000,
vmspace=0xfffffd806e7e2b48
estcpu=2, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*78814 233399 70887 0 7 0 syz-executor5432
70887 144140 93405 0 3 0x82 nanosleep syz-executor5432
93405 217815 87825 0 3 0x10008a pause ksh
87825 217624 21294 0 3 0x92 select sshd
64666 135616 1 0 3 0x100083 ttyin getty
21294 95289 1 0 3 0x80 select sshd
46492 36289 48194 74 3 0x100092 bpf pflogd
48194 46670 1 0 3 0x80 netio pflogd
62947 506589 59714 73 7 0x100010 syslogd
59714 468757 1 0 3 0x100082 netio syslogd
8579 70541 1 77 3 0x100090 poll dhclient
41766 53879 1 0 3 0x80 poll dhclient
40381 407465 0 0 3 0x14200 pgzero zerothread
70244 332952 0 0 3 0x14200 aiodoned aiodoned
26835 480035 0 0 3 0x14200 syncer update
92500 86850 0 0 3 0x14200 cleaner cleaner
43568 86206 0 0 3 0x14200 reaper reaper
75885 51045 0 0 3 0x14200 pgdaemon pagedaemon
68434 220042 0 0 3 0x14200 bored crynlk
11323 520983 0 0 3 0x14200 bored crypto
14789 428451 0 0 3 0x40014200 acpi0 acpi0
34297 454419 0 0 3 0x40014200 idle1
58051 158086 0 0 3 0x14200 bored softnet
72615 42831 0 0 3 0x14200 bored systqmp
99895 272031 0 0 3 0x14200 bored systq
90433 385291 0 0 3 0x40014200 bored softclock
49943 346609 0 0 3 0x40014200 idle0
36385 82975 0 0 3 0x14200 bored smr
1 29890 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 78814 (syz-executor5432) thread 0xffff800020b85780 (233399)
exclusive rwlock netlock r = 0 (0xffffffff82200df8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 rtm_output+0xb86 sys/net/rtsock.c:1031
#2 route_output+0x7d2 sys/net/rtsock.c:814
#3 route_usrreq+0x363 sys/net/rtsock.c:271
#4 sosend+0x668 sys/kern/uipc_socket.c:513
#5 sendit+0x52c sys/kern/uipc_syscalls.c:662
#6 sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
#7 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#7 syscall+0x552 sys/arch/amd64/amd64/trap.c:574
#8 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82360fe0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 solock+0x66 sys/kern/uipc_socket2.c:292
#2 sosend+0x52c sys/kern/uipc_socket.c:501
#3 sendit+0x52c sys/kern/uipc_syscalls.c:662
#4 sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
#5 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#5 syscall+0x552 sys/arch/amd64/amd64/trap.c:574
#6 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9450 6382K 6383K 78643K 10537 0 0
pcb 27 9K 9K 78643K 62 0 0
rtable 65 2K 2K 78643K 136 0 0
ifaddr 25 7K 7K 78643K 26 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1467 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1175 74K 74K 78643K 1180 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
UFS mount 5 36K 36K 78643K 5 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12628 0 0
file desc 1 0K 0K 78643K 1 0 0
proc 52 50K 58K 78643K 279 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 11 0K 0K 78643K 11 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
exec 0 0K 1K 78643K 179 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 58 3K 3K 78643K 817 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 4 0K 0K 78643K 4 0 0
crypto data 1 1K 1K 78643K 1 0 0
temp 40 2712K 2776K 78643K 2007 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 2 0 0 1 0 1 1 0
Idle
8 0
inpcbpl 280 29 0 23 1 0 1 1 0
8 0
plimitpl 152 14 0 8 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 24 0 1 1 0 1 1 0
8 0
syncache 264 5 0 5 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 8 0 0 1 0 1 1 0
8 0
pfstkey 112 8 0 0 1 0 1 1 0
8 0
pfstate 328 8 0 0 1 0 1 1 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 102 0 0 7 0 7 7 0
8 0
art_table 32 103 0 0 1 0 1 1 0
8 0
art_node 16 23 0 2 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 1394 0 17 45 0 45 45 0
8 0
8 0
ffsino 272 1394 0 17 92 0 92 92 0
8 0
nchpl 144 1567 0 32 57 0 57 57 0
8 0
uvmvnodes 72 1404 0 0 26 0 26 26 0
8 0
vnodes 200 1404 0 0 74 0 74 74 0
8 0
namei 1024 3555 0 3555 2 1 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
scxspl 192 2452 0 2452 8 2 6 6 0
8 6
sigapl 432 207 0 194 2 0 2 2 0
8 0
knotepl 112 5 0 0 1 0 1 1 0
8 0
kqueuepl 104 1 0 0 1 0 1 1 0
8 0
pipepl 112 134 0 127 2 1 1 1 0
8 0
fdescpl 488 208 0 194 3 0 3 3 0
8 0
filepl 152 964 0 915 2 0 2 2 0
8 0
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 48 3 0 3 1 1 0 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 52 0 43 1 0 1 1 0
8 0
zombiepl 144 194 0 194 2 1 1 1 0
8 1
processpl 840 223 0 194 4 0 4 4 0
8 0
procpl 600 223 0 194 3 0 3 3 0
8 0
sockpl 384 78 0 58 3 0 3 3 0
8 1
mcl4k 4096 5 0 0 1 0 1 1 0
8 0
mcl2k 2048 56 0 0 7 0 7 7 0
8 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
mbufpl 256 82 0 0 5 0 5 5 0
8 0
bufpl 256 2162 0 287 118 0 118 118 0
8 0
anonpl 16 19428 0 18204 8 2 6 7 0
125 1
amapchunkpl 152 554 0 516 2 0 2 2 0
158 0
amappl16 192 83 0 77 1 0 1 1 0
8 0
amappl14 176 16 0 15 2 1 1 1 0
8 0
amappl12 160 7 0 7 1 0 1 1 0
8 1
amappl11 152 45 0 27 1 0 1 1 0
8 0
amappl10 144 62 0 60 1 0 1 1 0
8 0
amappl9 136 425 0 424 1 0 1 1 0
8 0
amappl8 128 101 0 97 1 0 1 1 0
8 0
amappl7 120 18 0 17 1 0 1 1 0
8 0
amappl6 112 45 0 41 1 0 1 1 0
8 0
amappl5 104 113 0 98 1 0 1 1 0
8 0
amappl4 96 376 0 356 1 0 1 1 0
8 0
amappl3 88 163 0 152 1 0 1 1 0
8 0
amappl2 80 848 0 794 3 1 2 2 0
8 0
amappl1 72 13423 0 13008 15 5 10 15 0
8 0
amappl 80 428 0 406 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
8 0
uaddrrnd 24 208 0 194 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 208 0 194 1 0 1 1 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
8 0
vmmpekpl 168 5600 0 5578 2 0 2 2 0
8 0
vmmpepl 168 28736 0 27922 50 11 39 47 0
357 1
vmsppl 360 207 0 194 2 0 2 2 0
8 0
pdppl 4096 424 0 388 6 0 6 6 0
8 0
pvpl 32 80756 0 77743 31 3 28 28 0
265 3
pmappl 232 207 0 194 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 247 0 4 7 0 7 7 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
8 0
Reply all
Reply to author
Forward
0 new messages