assert "dupe == NULL" failed in uvm_page.c
3 views
Skip to first unread message
syzbot
Oct 20, 2019, 4:49:09 PM10/20/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 06f3ae2a unstub amdgpu_ttm_bo_eviction_valuable()
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=169e875f600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=90a28fb739296ecc0fd4
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+90a28f...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "dupe == NULL" failed:
file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 140
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
308736 37704 0 0 0x4000080 0 syz-executor.0
*220704 7044 0 0x100003 0 1K getty
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82207803,ffffffff821a7b14,8c,ffffffff82196f2c) at
__assert+0x2b sys/kern/subr_prf.c:154
uvm_pagealloc(fffffd8062dbaa30,faf91f000,0,3) at uvm_pagealloc+0x476
sys/uvm/uvm_page.c:140
pmap_get_ptp(fffffd8062dbaa00,1f5f23ed0000) at pmap_get_ptp+0xe8
sys/arch/amd64/amd64/pmap.c:1107
pmap_enter(fffffd8062dbaa00,1f5f23ed0000,6ef59000,1,20) at pmap_enter+0x2a8
uvm_fault(fffffd807f00a450,1f5f23ed1000,0,1) at uvm_fault+0xad6
sys/uvm/uvm_fault.c:803
pageflttrap() at pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
usertrap(ffff800020abf9f0) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
recall_trap(6,1f,18,4,1f5fa9008400,1f5f8b3708e0) at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffecbf8, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel diagnostic assertion "dupe == NULL" failed:
file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 140
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82207803,ffffffff821a7b14,8c,ffffffff82196f2c) at
__assert+0x2b sys/kern/subr_prf.c:154
uvm_pagealloc(fffffd8062dbaa30,faf91f000,0,3) at uvm_pagealloc+0x476
sys/uvm/uvm_page.c:140
pmap_get_ptp(fffffd8062dbaa00,1f5f23ed0000) at pmap_get_ptp+0xe8
sys/arch/amd64/amd64/pmap.c:1107
pmap_enter(fffffd8062dbaa00,1f5f23ed0000,6ef59000,1,20) at pmap_enter+0x2a8
uvm_fault(fffffd807f00a450,1f5f23ed1000,0,1) at uvm_fault+0xad6
sys/uvm/uvm_fault.c:803
pageflttrap() at pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
usertrap(ffff800020abf9f0) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
recall_trap(6,1f,18,4,1f5fa9008400,1f5f8b3708e0) at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffecbf8, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020abf3e0
rbx 0xffff800020abf490
rdx 0xffff800020ab0508
rcx 0
rax 0
r8 0xffffffff81918aaf kprintf+0x16f
r9 0x1
r10 0x25
r11 0x20c66746f08ba255
r12 0x3000000008
r13 0xffff800020abf3f0
r14 0x100
r15 0x1
rip 0xffffffff814a9118 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020abf3d0
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (getty) pid=220704 stat=onproc
flags process=100003<CONTROLT,EXEC,PLEDGE> proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020ab1160,0xffff800020ab0790
process=0xffff800020add880 user=0xffff800020aba000,
vmspace=0xfffffd807f00a450
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
37704 144826 26972 0 2 0 syz-executor.0
37704 308736 26972 0 7 0x4000080 syz-executor.0
99258 356974 0 0 3 0x14200 acct acct
46043 46609 36279 0 3 0x82 nanosleep syz-executor.1
26972 171658 36279 0 3 0x82 nanosleep syz-executor.0
12541 325642 0 0 3 0x14200 bored sosplice
* 7044 220704 1 0 7 0x100003 getty
36279 209165 54064 0 3 0x82 thrsleep syz-fuzzer
36279 101951 54064 0 3 0x4000082 nanosleep syz-fuzzer
36279 55364 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 104151 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 268628 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 286752 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 888 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 340902 54064 0 3 0x4000082 kqread syz-fuzzer
36279 132059 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 320352 54064 0 3 0x4000082 thrsleep syz-fuzzer
54064 337967 81233 0 3 0x10008a pause ksh
81233 390294 33527 0 3 0x92 select sshd
33527 439935 1 0 3 0x80 select sshd
31691 52825 50294 74 3 0x100092 bpf pflogd
50294 13586 1 0 3 0x80 netio pflogd
11285 135706 31197 73 3 0x100090 kqread syslogd
31197 435083 1 0 3 0x100082 netio syslogd
87925 45345 1 77 3 0x100090 poll dhclient
83673 119158 1 0 3 0x80 poll dhclient
56401 496098 0 0 3 0x14200 pgzero zerothread
30522 172019 0 0 3 0x14200 aiodoned aiodoned
26753 258292 0 0 3 0x14200 syncer update
86799 499658 0 0 3 0x14200 cleaner cleaner
15669 513591 0 0 3 0x14200 reaper reaper
2333 291030 0 0 3 0x14200 pgdaemon pagedaemon
96954 313035 0 0 3 0x14200 bored crynlk
37972 289184 0 0 3 0x14200 bored crypto
93018 13658 0 0 3 0x40014200 acpi0 acpi0
11063 244834 0 0 3 0x40014200 idle1
34223 332430 0 0 3 0x14200 bored softnet
11762 199473 0 0 3 0x14200 bored systqmp
30609 410026 0 0 3 0x14200 bored systq
39778 213650 0 0 3 0x40014200 bored softclock
46469 146401 0 0 3 0x40014200 idle0
16168 38428 0 0 3 0x14200 bored smr
1 405420 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd8062dbaa10)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_enter+0x1bc rcr3 machine/cpufunc.h:141 [inline]
#3 pmap_enter+0x1bc pmap_map_ptes sys/arch/amd64/amd64/pmap.c:418 [inline]
#3 pmap_enter+0x1bc sys/arch/amd64/amd64/pmap.c:2610
#4 uvm_fault+0xad6 sys/uvm/uvm_fault.c:803
#5 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
#6 usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
#7 recall_trap+0x8
Process 7044 (getty) thread 0xffff800020ab0508 (220704)
shared rwlock vmmaplk r = 0 (0xfffffd807f00a468)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1448
#2 uvm_fault+0x7f sys/uvm/uvm_fault.c:524
#3 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
#4 usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
#5 recall_trap+0x8
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82625ee0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 pageflttrap+0x6f sys/arch/amd64/amd64/trap.c:162
#2 usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
#3 recall_trap+0x8
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd8062dbaa10)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_enter+0x1bc rcr3 machine/cpufunc.h:141 [inline]
#3 pmap_enter+0x1bc pmap_map_ptes sys/arch/amd64/amd64/pmap.c:418 [inline]
#3 pmap_enter+0x1bc sys/arch/amd64/amd64/pmap.c:2610
#4 uvm_fault+0xad6 sys/uvm/uvm_fault.c:803
#5 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
#6 usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
#7 recall_trap+0x8
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9575 6440K 7076K 78643K 12982 0 0
pcb 13 10K 12K 78643K 248 0 0
rtable 74 11K 12K 78643K 960 0 0
ifaddr 73 15K 18K 78643K 290 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1548 0 0
iov 0 0K 32K 78643K 243 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1215 76K 77K 78643K 2211 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 14 0 0
VM map 14 7K 7K 78643K 21 0 0
sem 12 1K 1K 78643K 266 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 5 13K 25K 78643K 1165 0 0
sigio 0 0K 0K 78643K 19 0 0
proc 60 63K 95K 78643K 828 0 0
subproc 32 2K 2K 78643K 136 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 1K 78643K 151 0 0
in_multi 14 0K 2K 78643K 165 0 0
ether_multi 1 0K 0K 78643K 14 0 0
mrt 0 0K 0K 78643K 11 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 78 344K 344K 78643K 78 0 0
exec 0 0K 1K 78643K 435 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 127 112K 112K 78643K 5040 0 0
UVM aobj 62 5K 5K 78643K 66 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 267 0 0
NDP 18 0K 0K 78643K 88 0 0
temp 213 3564K 3637K 78643K 32617 0 0
kqueue 0 0K 0K 78643K 12 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 35 0 32 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 90 0 88 1 0 1 1 0
8 0
rtentry 112 170 0 145 2 0 2 2 0
8 0
unpcb 120 715 0 705 1 0 1 1 0
8 0
syncache 264 7 0 7 3 3 0 1 0
8 0
tcpqe 32 14 0 14 2 2 0 1 0
8 0
tcpcb 544 899 0 895 13 12 1 12 0
8 0
inpcb 280 2062 0 2055 12 11 1 9 0
8 0
rttmr 72 4 0 4 3 3 0 1 0
8 0
nd6 48 26 0 26 1 0 1 1 0
8 1
pkpcb 40 4 0 4 1 1 0 1 0
8 0
ppxss 1128 32 0 32 3 2 1 1 0
8 1
pffrag 232 34 0 34 3 2 1 1 0
482 1
pffrnode 88 34 0 34 3 2 1 1 0
8 1
pffrent 40 866 0 866 3 2 1 1 0
8 1
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 115 0 59 1 0 1 1 0
8 0
pfstkey 112 115 0 59 3 0 3 3 0
8 0
pfstate 328 115 0 59 6 0 6 6 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 3 0 2 3 2 1 3 0
8 0
art_heap4 256 713 0 584 19 5 14 16 0
8 3
art_table 32 716 0 586 2 0 2 2 0
8 0
art_node 16 169 0 146 1 0 1 1 0
8 0
sysvmsgpl 40 31 0 17 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 258 0 248 1 0 1 1 0
8 0
shmpl 112 64 0 4 2 0 2 2 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 3244 0 1833 46 0 46 46 0
8 0
ffsino 272 3244 0 1833 96 1 95 95 0
8 0
nchpl 144 5157 0 3550 61 0 61 61 0
8 0
uvmvnodes 72 3927 0 0 72 0 72 72 0
8 0
vnodes 208 3927 0 0 207 0 207 207 0
8 0
namei 1024 18873 0 18873 1 0 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vcpupl 1984 13 0 1 2 0 2 2 0
8 0
vmpool 552 19 0 7 1 0 1 1 0
8 0
scxspl 192 16149 0 16149 16 12 4 7 0
8 4
plimitpl 152 106 0 98 1 0 1 1 0
8 0
sigapl 432 1348 0 1333 3 1 2 3 0
8 0
futexpl 56 26245 0 26245 1 0 1 1 0
8 1
knotepl 112 329 0 310 1 0 1 1 0
8 0
kqueuepl 104 364 0 362 4 3 1 4 0
8 0
pipepl 112 1748 0 1729 6 4 2 2 0
8 1
fdescpl 488 1349 0 1333 3 0 3 3 0
8 0
filepl 152 13424 0 13324 18 12 6 13 0
8 2
lockfpl 104 450 0 449 1 0 1 1 0
8 0
lockfspl 48 142 0 141 1 0 1 1 0
8 0
sessionpl 112 25 0 14 1 0 1 1 0
8 0
pgrppl 48 47 0 36 1 0 1 1 0
8 0
ucredpl 96 2935 0 2926 1 0 1 1 0
8 0
zombiepl 144 1333 0 1332 1 0 1 1 0
8 0
processpl 896 1366 0 1332 4 0 4 4 0
8 0
procpl 632 3934 0 3890 6 1 5 5 0
8 1
srpgc 64 12 0 12 3 3 0 1 0
8 0
sosppl 128 25 0 25 4 3 1 1 0
8 1
sockpl 384 2883 0 2864 19 16 3 14 0
8 1
mcl64k 65536 511 0 0 64 8 56 64 0
8 0
mcl16k 16384 6 0 0 1 0 1 1 0
8 0
mcl12k 12288 21 0 0 2 0 2 2 0
8 0
mcl9k 9216 4 0 0 1 0 1 1 0
8 0
mcl8k 8192 12 0 0 2 0 2 2 0
8 0
mcl4k 4096 7 0 0 1 0 1 1 0
8 0
mcl2k2 2112 2 0 0 1 0 1 1 0
8 0
mcl2k 2048 154 0 0 19 0 19 19 0
8 0
mtagpl 80 32 0 0 1 0 1 1 0
8 0
mbufpl 256 590 0 0 37 0 37 37 0
8 0
bufpl 256 9735 0 2687 441 0 441 441 0
8 0
anonpl 16 174348 0 155507 120 34 86 92 0
124 8
amapchunkpl 152 9330 0 9204 24 17 7 12 0
158 0
amappl16 192 7208 0 6149 83 26 57 65 0
8 3
amappl15 184 449 0 449 1 1 0 1 0
8 0
amappl14 176 65 0 62 1 0 1 1 0
8 0
amappl13 168 255 0 254 2 1 1 1 0
8 0
amappl12 160 16 0 14 2 1 1 1 0
8 0
amappl11 152 496 0 479 1 0 1 1 0
8 0
amappl10 144 53 0 49 1 0 1 1 0
8 0
amappl9 136 826 0 819 1 0 1 1 0
8 0
amappl8 128 368 0 335 3 1 2 2 0
8 0
amappl7 120 102 0 95 1 0 1 1 0
8 0
amappl6 112 488 0 474 1 0 1 1 0
8 0
amappl5 104 186 0 171 1 0 1 1 0
8 0
amappl4 96 1795 0 1763 1 0 1 1 0
8 0
amappl3 88 167 0 157 1 0 1 1 0
8 0
amappl2 80 9837 0 9763 3 1 2 3 0
8 0
amappl1 72 39654 0 39210 25 15 10 20 0
8 0
amappl 80 4295 0 4250 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 65 0 4 1 0 1 1 0
8 0
uaddrrnd 24 1368 0 1333 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 1368 0 1333 1 0 1 1 0
8 0
vmmpekpl 168 16673 0 16636 2 0 2 2 0
8 0
vmmpepl 168 177757 0 175526 175 51 124 138 0 357
22
vmsppl 368 1348 0 1333 2 0 2 2 0
8 0
pdppl 4096 2743 0 2692 7 0 7 7 0
8 0
pvpl 32 483536 0 461493 258 51 207 212 0 265
25
pmappl 232 1367 0 1340 2 0 2 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 713 0 31 20 0 20 20 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 06f3ae2a unstub amdgpu_ttm_bo_eviction_valuable()
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=169e875f600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=90a28fb739296ecc0fd4
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+90a28f...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "dupe == NULL" failed:
file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 140
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
308736 37704 0 0 0x4000080 0 syz-executor.0
*220704 7044 0 0x100003 0 1K getty
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82207803,ffffffff821a7b14,8c,ffffffff82196f2c) at
__assert+0x2b sys/kern/subr_prf.c:154
uvm_pagealloc(fffffd8062dbaa30,faf91f000,0,3) at uvm_pagealloc+0x476
sys/uvm/uvm_page.c:140
pmap_get_ptp(fffffd8062dbaa00,1f5f23ed0000) at pmap_get_ptp+0xe8
sys/arch/amd64/amd64/pmap.c:1107
pmap_enter(fffffd8062dbaa00,1f5f23ed0000,6ef59000,1,20) at pmap_enter+0x2a8
uvm_fault(fffffd807f00a450,1f5f23ed1000,0,1) at uvm_fault+0xad6
sys/uvm/uvm_fault.c:803
pageflttrap() at pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
usertrap(ffff800020abf9f0) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
recall_trap(6,1f,18,4,1f5fa9008400,1f5f8b3708e0) at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffecbf8, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel diagnostic assertion "dupe == NULL" failed:
file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 140
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82207803,ffffffff821a7b14,8c,ffffffff82196f2c) at
__assert+0x2b sys/kern/subr_prf.c:154
uvm_pagealloc(fffffd8062dbaa30,faf91f000,0,3) at uvm_pagealloc+0x476
sys/uvm/uvm_page.c:140
pmap_get_ptp(fffffd8062dbaa00,1f5f23ed0000) at pmap_get_ptp+0xe8
sys/arch/amd64/amd64/pmap.c:1107
pmap_enter(fffffd8062dbaa00,1f5f23ed0000,6ef59000,1,20) at pmap_enter+0x2a8
uvm_fault(fffffd807f00a450,1f5f23ed1000,0,1) at uvm_fault+0xad6
sys/uvm/uvm_fault.c:803
pageflttrap() at pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
usertrap(ffff800020abf9f0) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
recall_trap(6,1f,18,4,1f5fa9008400,1f5f8b3708e0) at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffecbf8, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020abf3e0
rbx 0xffff800020abf490
rdx 0xffff800020ab0508
rcx 0
rax 0
r8 0xffffffff81918aaf kprintf+0x16f
r9 0x1
r10 0x25
r11 0x20c66746f08ba255
r12 0x3000000008
r13 0xffff800020abf3f0
r14 0x100
r15 0x1
rip 0xffffffff814a9118 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020abf3d0
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (getty) pid=220704 stat=onproc
flags process=100003<CONTROLT,EXEC,PLEDGE> proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020ab1160,0xffff800020ab0790
process=0xffff800020add880 user=0xffff800020aba000,
vmspace=0xfffffd807f00a450
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
37704 144826 26972 0 2 0 syz-executor.0
37704 308736 26972 0 7 0x4000080 syz-executor.0
99258 356974 0 0 3 0x14200 acct acct
46043 46609 36279 0 3 0x82 nanosleep syz-executor.1
26972 171658 36279 0 3 0x82 nanosleep syz-executor.0
12541 325642 0 0 3 0x14200 bored sosplice
* 7044 220704 1 0 7 0x100003 getty
36279 209165 54064 0 3 0x82 thrsleep syz-fuzzer
36279 101951 54064 0 3 0x4000082 nanosleep syz-fuzzer
36279 55364 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 104151 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 268628 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 286752 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 888 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 340902 54064 0 3 0x4000082 kqread syz-fuzzer
36279 132059 54064 0 3 0x4000082 thrsleep syz-fuzzer
36279 320352 54064 0 3 0x4000082 thrsleep syz-fuzzer
54064 337967 81233 0 3 0x10008a pause ksh
81233 390294 33527 0 3 0x92 select sshd
33527 439935 1 0 3 0x80 select sshd
31691 52825 50294 74 3 0x100092 bpf pflogd
50294 13586 1 0 3 0x80 netio pflogd
11285 135706 31197 73 3 0x100090 kqread syslogd
31197 435083 1 0 3 0x100082 netio syslogd
87925 45345 1 77 3 0x100090 poll dhclient
83673 119158 1 0 3 0x80 poll dhclient
56401 496098 0 0 3 0x14200 pgzero zerothread
30522 172019 0 0 3 0x14200 aiodoned aiodoned
26753 258292 0 0 3 0x14200 syncer update
86799 499658 0 0 3 0x14200 cleaner cleaner
15669 513591 0 0 3 0x14200 reaper reaper
2333 291030 0 0 3 0x14200 pgdaemon pagedaemon
96954 313035 0 0 3 0x14200 bored crynlk
37972 289184 0 0 3 0x14200 bored crypto
93018 13658 0 0 3 0x40014200 acpi0 acpi0
11063 244834 0 0 3 0x40014200 idle1
34223 332430 0 0 3 0x14200 bored softnet
11762 199473 0 0 3 0x14200 bored systqmp
30609 410026 0 0 3 0x14200 bored systq
39778 213650 0 0 3 0x40014200 bored softclock
46469 146401 0 0 3 0x40014200 idle0
16168 38428 0 0 3 0x14200 bored smr
1 405420 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd8062dbaa10)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_enter+0x1bc rcr3 machine/cpufunc.h:141 [inline]
#3 pmap_enter+0x1bc pmap_map_ptes sys/arch/amd64/amd64/pmap.c:418 [inline]
#3 pmap_enter+0x1bc sys/arch/amd64/amd64/pmap.c:2610
#4 uvm_fault+0xad6 sys/uvm/uvm_fault.c:803
#5 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
#6 usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
#7 recall_trap+0x8
Process 7044 (getty) thread 0xffff800020ab0508 (220704)
shared rwlock vmmaplk r = 0 (0xfffffd807f00a468)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1448
#2 uvm_fault+0x7f sys/uvm/uvm_fault.c:524
#3 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
#4 usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
#5 recall_trap+0x8
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82625ee0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 pageflttrap+0x6f sys/arch/amd64/amd64/trap.c:162
#2 usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
#3 recall_trap+0x8
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd8062dbaa10)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_enter+0x1bc rcr3 machine/cpufunc.h:141 [inline]
#3 pmap_enter+0x1bc pmap_map_ptes sys/arch/amd64/amd64/pmap.c:418 [inline]
#3 pmap_enter+0x1bc sys/arch/amd64/amd64/pmap.c:2610
#4 uvm_fault+0xad6 sys/uvm/uvm_fault.c:803
#5 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
#6 usertrap+0x21a sys/arch/amd64/amd64/trap.c:369
#7 recall_trap+0x8
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9575 6440K 7076K 78643K 12982 0 0
pcb 13 10K 12K 78643K 248 0 0
rtable 74 11K 12K 78643K 960 0 0
ifaddr 73 15K 18K 78643K 290 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1548 0 0
iov 0 0K 32K 78643K 243 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1215 76K 77K 78643K 2211 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 14 0 0
VM map 14 7K 7K 78643K 21 0 0
sem 12 1K 1K 78643K 266 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 5 13K 25K 78643K 1165 0 0
sigio 0 0K 0K 78643K 19 0 0
proc 60 63K 95K 78643K 828 0 0
subproc 32 2K 2K 78643K 136 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 1K 78643K 151 0 0
in_multi 14 0K 2K 78643K 165 0 0
ether_multi 1 0K 0K 78643K 14 0 0
mrt 0 0K 0K 78643K 11 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 78 344K 344K 78643K 78 0 0
exec 0 0K 1K 78643K 435 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 127 112K 112K 78643K 5040 0 0
UVM aobj 62 5K 5K 78643K 66 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 267 0 0
NDP 18 0K 0K 78643K 88 0 0
temp 213 3564K 3637K 78643K 32617 0 0
kqueue 0 0K 0K 78643K 12 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 35 0 32 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 90 0 88 1 0 1 1 0
8 0
rtentry 112 170 0 145 2 0 2 2 0
8 0
unpcb 120 715 0 705 1 0 1 1 0
8 0
syncache 264 7 0 7 3 3 0 1 0
8 0
tcpqe 32 14 0 14 2 2 0 1 0
8 0
tcpcb 544 899 0 895 13 12 1 12 0
8 0
inpcb 280 2062 0 2055 12 11 1 9 0
8 0
rttmr 72 4 0 4 3 3 0 1 0
8 0
nd6 48 26 0 26 1 0 1 1 0
8 1
pkpcb 40 4 0 4 1 1 0 1 0
8 0
ppxss 1128 32 0 32 3 2 1 1 0
8 1
pffrag 232 34 0 34 3 2 1 1 0
482 1
pffrnode 88 34 0 34 3 2 1 1 0
8 1
pffrent 40 866 0 866 3 2 1 1 0
8 1
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 115 0 59 1 0 1 1 0
8 0
pfstkey 112 115 0 59 3 0 3 3 0
8 0
pfstate 328 115 0 59 6 0 6 6 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 3 0 2 3 2 1 3 0
8 0
art_heap4 256 713 0 584 19 5 14 16 0
8 3
art_table 32 716 0 586 2 0 2 2 0
8 0
art_node 16 169 0 146 1 0 1 1 0
8 0
sysvmsgpl 40 31 0 17 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 258 0 248 1 0 1 1 0
8 0
shmpl 112 64 0 4 2 0 2 2 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 3244 0 1833 46 0 46 46 0
8 0
ffsino 272 3244 0 1833 96 1 95 95 0
8 0
nchpl 144 5157 0 3550 61 0 61 61 0
8 0
uvmvnodes 72 3927 0 0 72 0 72 72 0
8 0
vnodes 208 3927 0 0 207 0 207 207 0
8 0
namei 1024 18873 0 18873 1 0 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vcpupl 1984 13 0 1 2 0 2 2 0
8 0
vmpool 552 19 0 7 1 0 1 1 0
8 0
scxspl 192 16149 0 16149 16 12 4 7 0
8 4
plimitpl 152 106 0 98 1 0 1 1 0
8 0
sigapl 432 1348 0 1333 3 1 2 3 0
8 0
futexpl 56 26245 0 26245 1 0 1 1 0
8 1
knotepl 112 329 0 310 1 0 1 1 0
8 0
kqueuepl 104 364 0 362 4 3 1 4 0
8 0
pipepl 112 1748 0 1729 6 4 2 2 0
8 1
fdescpl 488 1349 0 1333 3 0 3 3 0
8 0
filepl 152 13424 0 13324 18 12 6 13 0
8 2
lockfpl 104 450 0 449 1 0 1 1 0
8 0
lockfspl 48 142 0 141 1 0 1 1 0
8 0
sessionpl 112 25 0 14 1 0 1 1 0
8 0
pgrppl 48 47 0 36 1 0 1 1 0
8 0
ucredpl 96 2935 0 2926 1 0 1 1 0
8 0
zombiepl 144 1333 0 1332 1 0 1 1 0
8 0
processpl 896 1366 0 1332 4 0 4 4 0
8 0
procpl 632 3934 0 3890 6 1 5 5 0
8 1
srpgc 64 12 0 12 3 3 0 1 0
8 0
sosppl 128 25 0 25 4 3 1 1 0
8 1
sockpl 384 2883 0 2864 19 16 3 14 0
8 1
mcl64k 65536 511 0 0 64 8 56 64 0
8 0
mcl16k 16384 6 0 0 1 0 1 1 0
8 0
mcl12k 12288 21 0 0 2 0 2 2 0
8 0
mcl9k 9216 4 0 0 1 0 1 1 0
8 0
mcl8k 8192 12 0 0 2 0 2 2 0
8 0
mcl4k 4096 7 0 0 1 0 1 1 0
8 0
mcl2k2 2112 2 0 0 1 0 1 1 0
8 0
mcl2k 2048 154 0 0 19 0 19 19 0
8 0
mtagpl 80 32 0 0 1 0 1 1 0
8 0
mbufpl 256 590 0 0 37 0 37 37 0
8 0
bufpl 256 9735 0 2687 441 0 441 441 0
8 0
anonpl 16 174348 0 155507 120 34 86 92 0
124 8
amapchunkpl 152 9330 0 9204 24 17 7 12 0
158 0
amappl16 192 7208 0 6149 83 26 57 65 0
8 3
amappl15 184 449 0 449 1 1 0 1 0
8 0
amappl14 176 65 0 62 1 0 1 1 0
8 0
amappl13 168 255 0 254 2 1 1 1 0
8 0
amappl12 160 16 0 14 2 1 1 1 0
8 0
amappl11 152 496 0 479 1 0 1 1 0
8 0
amappl10 144 53 0 49 1 0 1 1 0
8 0
amappl9 136 826 0 819 1 0 1 1 0
8 0
amappl8 128 368 0 335 3 1 2 2 0
8 0
amappl7 120 102 0 95 1 0 1 1 0
8 0
amappl6 112 488 0 474 1 0 1 1 0
8 0
amappl5 104 186 0 171 1 0 1 1 0
8 0
amappl4 96 1795 0 1763 1 0 1 1 0
8 0
amappl3 88 167 0 157 1 0 1 1 0
8 0
amappl2 80 9837 0 9763 3 1 2 3 0
8 0
amappl1 72 39654 0 39210 25 15 10 20 0
8 0
amappl 80 4295 0 4250 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 65 0 4 1 0 1 1 0
8 0
uaddrrnd 24 1368 0 1333 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 1368 0 1333 1 0 1 1 0
8 0
vmmpekpl 168 16673 0 16636 2 0 2 2 0
8 0
vmmpepl 168 177757 0 175526 175 51 124 138 0 357
22
vmsppl 368 1348 0 1333 2 0 2 2 0
8 0
pdppl 4096 2743 0 2692 7 0 7 7 0
8 0
pvpl 32 483536 0 461493 258 51 207 212 0 265
25
pmappl 232 1367 0 1340 2 0 2 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 713 0 31 20 0 20 20 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 10, 2020, 6:18:09 PM5/10/20
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages