uvm_fault: ml_enlist (2)
0 views
Skip to first unread message
syzbot
Jul 4, 2020, 6:22:15 PM7/4/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 474af46f Small XXX.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=155fc737100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=f5729b715a35ccfdc948
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f5729b...@syzkaller.appspotmail.com
uvm_fault(0xfffffd8065b079a0, 0x8, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at ml_enlist+0x5c: movq %rbx,0x8(%rax)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd8065b079a0, 0x8, 0, 2) -> e
ml_enlist(ffff80001f7c8f48,ffff800000b38f00) at ml_enlist+0x5c sys/kern/uipc_mbuf.c:1582
end trace frame: 0xffff80001f7c8f90, count: 0
ddb> trace
ml_enlist(ffff80001f7c8f48,ffff800000b38f00) at ml_enlist+0x5c sys/kern/uipc_mbuf.c:1582
ifq_purge(ffff800000b42278) at ifq_purge+0x5d sys/net/ifq.c:453
tun_dev_close(5d01,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460
spec_close(ffff80001f7c9070) at spec_close+0x311 sys/kern/spec_vnops.c:560
VOP_CLOSE(fffffd8058187750,7,fffffd806c3bfc60,ffff80001d6aa5f8) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614
fdrop(fffffd80576dc6a0,ffff80001d6aa5f8) at fdrop+0xc2 sys/kern/kern_descrip.c:1279
closef(fffffd80576dc6a0,ffff80001d6aa5f8) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff80001d6aa5f8) at fdfree+0x100 sys/kern/kern_descrip.c:1195
exit1(ffff80001d6aa5f8,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197
sys_exit(ffff80001d6aa5f8,ffff80001f7c9300,ffff80001f7c9350) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80001f7c93d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb050, count: -13
ddb> show registers
rdi 0
rsi 0x7
rbp 0xffff80001f7c8f30
rbx 0xfffffd80663dfa00
rdx 0x2000 __ALIGN_SIZE+0x1000
rcx 0xffff80001d6aa5f8
rax 0
r8 0xffffffff81e4e0d2 spec_close+0x52
r9 0x5
r10 0x477e3a13ed388fe8
r11 0xa22d6904704afb2
r12 0x7
r13 0
r14 0xffff800000b38f00
r15 0xffff80001f7c8f48
rip 0xffffffff817fbfdc ml_enlist+0x5c
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001f7c8ef0
ss 0x10
ml_enlist+0x5c: movq %rbx,0x8(%rax)
ddb> show proc
PROC (syz-executor.1) pid=73598 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff80001d6a99c8,0xffffffff82817430
process=0xffff8000ffffb5a0 user=0xffff80001f7c4000, vmspace=0xfffffd8065b079a0
estcpu=28, cpticks=2, pctcpu=0.4
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
94790 428606 0 0 3 0x14200 acct acct
81566 325903 1 0 3 0x100083 ttyin getty
77128 449288 0 0 3 0x14200 bored sosplice
7501 107200 41298 0 3 0x82 piperd syz-executor.0
41298 497172 41112 0 3 0x82 thrsleep syz-fuzzer
41298 154204 41112 0 3 0x4000082 nanosleep syz-fuzzer
41298 167367 41112 0 2 0x4000002 syz-fuzzer
41298 409115 41112 0 3 0x4000082 thrsleep syz-fuzzer
41298 139283 41112 0 3 0x4000082 thrsleep syz-fuzzer
41298 211100 41112 0 3 0x4000082 thrsleep syz-fuzzer
41298 516605 41112 0 3 0x4000082 thrsleep syz-fuzzer
41298 288326 41112 0 3 0x4000082 thrsleep syz-fuzzer
41112 187651 36880 0 3 0x10008a pause ksh
36880 330922 53195 0 3 0x92 select sshd
53195 520634 1 0 3 0x80 select sshd
90767 118508 77447 73 3 0x100090 kqread syslogd
77447 190491 1 0 3 0x100082 netio syslogd
31502 433584 1 77 3 0x100090 poll dhclient
20047 480251 1 0 3 0x80 poll dhclient
51385 26435 0 0 3 0x14200 bored smr
77818 29738 0 0 2 0x14200 zerothread
85472 40761 0 0 3 0x14200 aiodoned aiodoned
18806 57508 0 0 3 0x14200 syncer update
12643 264642 0 0 3 0x14200 cleaner cleaner
621 3389 0 0 3 0x14200 reaper reaper
54389 390899 0 0 3 0x14200 pgdaemon pagedaemon
35661 333503 0 0 3 0x14200 bored crynlk
30306 210751 0 0 3 0x14200 bored crypto
86149 293292 0 0 3 0x40014200 acpi0 acpi0
48488 2555 0 0 3 0x14200 bored softnet
71397 511306 0 0 3 0x14200 bored systqmp
44478 413892 0 0 2 0x14200 systq
23623 479149 0 0 3 0x40014200 bored softclock
69078 444991 0 0 3 0x40014200 idle0
1 61073 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9514 6357K 7122K 78643K 12444 0
pcb 13 8K 8K 78643K 117 0
rtable 130 9K 11K 78643K 485 0
ifaddr 95 19K 19K 78643K 424 0
counters 21 16K 16K 78643K 28 0
ioctlops 0 0K 4K 78643K 109 0
iov 0 0K 12K 78643K 85 0
mount 1 1K 1K 78643K 1 0
vnodes 1225 77K 77K 78643K 1710 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 5 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 1K 78643K 106 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 4 9K 25K 78643K 773 0
sigio 0 0K 0K 78643K 17 0
proc 49 38K 54K 78643K 444 0
subproc 23 1K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 304 0
in_multi 72 3K 3K 78643K 274 0
ether_multi 1 0K 0K 78643K 14 0
mrt 0 0K 0K 78643K 4 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 245 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 132 55K 58K 78643K 2611 0
UVM aobj 13 2K 4K 78643K 17 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 76 0
NDP 13 0K 0K 78643K 36 0
temp 107 3857K 3921K 78643K 16769 0
kqueue 3 4K 8K 78643K 23 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 9 0 4 1 0 1 1 0 8 0
rtpcb 80 49 0 47 1 0 1 1 0 8 0
rtentry 112 80 0 39 2 0 2 2 0 8 0
unpcb 120 275 0 267 1 0 1 1 0 8 0
syncache 264 12 0 12 3 2 1 1 0 8 1
tcpcb 544 218 0 214 1 0 1 1 0 8 0
inpcb 296 1434 0 1427 5 3 2 2 0 8 1
rttmr 72 1 0 1 1 1 0 1 0 8 0
nd6 48 22 0 17 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 1 0 1 0 8 0
ppxss 1128 3 0 3 2 1 1 1 0 8 1
pfstscr 40 1 0 1 1 1 0 1 0 8 0
pfosfp 40 1 0 0 1 0 1 1 0 8 0
pfosfpen 112 2 0 0 1 0 1 1 0 8 0
pfrktable 1344 55 0 44 3 2 1 2 0 8 0
pftag 88 14 0 10 2 1 1 1 0 8 0
pfstkey 112 2 0 2 1 1 0 1 0 8 0
pfstate 328 1 0 1 1 1 0 1 0 8 0
pfrule 1360 20 0 12 2 1 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 440 0 227 17 3 14 15 0 8 0
art_table 32 441 0 227 2 0 2 2 0 8 0
art_node 16 79 0 41 1 0 1 1 0 8 0
sysvmsgpl 40 2 0 0 1 0 1 1 0 8 0
semupl 112 5 0 5 1 1 0 1 0 8 0
semapl 112 102 0 92 1 0 1 1 0 8 0
shmpl 112 15 0 4 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2366 0 966 88 0 88 88 0 8 0
ffsino 240 2366 0 966 83 0 83 83 0 8 0
nchpl 144 3512 0 1920 60 0 60 60 0 8 0
uvmvnodes 72 2812 0 0 52 0 52 52 0 8 0
vnodes 208 2812 0 0 148 0 148 148 0 8 0
namei 1024 9641 0 9641 3 2 1 1 0 8 1
vcpupl 1984 4 0 0 1 0 1 1 0 8 0
vmpool 528 13 0 9 2 1 1 1 0 8 0
pfiaddrpl 120 22 0 14 1 0 1 1 0 8 0
scxspl 192 11446 0 11446 2 1 1 1 0 8 1
plimitpl 152 67 0 60 1 0 1 1 0 8 0
sigapl 424 959 0 930 4 0 4 4 0 8 0
futexpl 56 14669 0 14669 3 2 1 1 0 8 1
knotepl 112 103 0 84 1 0 1 1 0 8 0
kqueuepl 144 70 0 67 1 0 1 1 0 8 0
pipepl 272 146 0 136 3 2 1 2 0 8 0
fdescpl 432 943 0 930 2 0 2 2 0 8 0
filepl 120 5303 0 5220 6 2 4 5 0 8 1
lockfpl 104 101 0 100 1 0 1 1 0 8 0
lockfspl 48 38 0 37 1 0 1 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 25 0 15 1 0 1 1 0 8 0
ucredpl 96 452 0 444 1 0 1 1 0 8 0
zombiepl 144 931 0 929 3 2 1 1 0 8 0
processpl 920 959 0 929 4 0 4 4 0 8 0
procpl 624 1839 0 1802 4 0 4 4 0 8 1
sosppl 128 7 0 7 3 2 1 1 0 8 1
sockpl 400 1763 0 1746 6 3 3 4 0 8 1
mcl64k 65536 293 0 293 35 34 1 33 0 8 1
mcl16k 16384 2 0 2 2 2 0 1 0 8 0
mcl12k 12288 15 0 15 3 3 0 1 0 8 0
mcl9k 9216 6 0 6 4 3 1 1 0 8 1
mcl8k 8192 17 0 17 3 2 1 1 0 8 1
mcl4k 4096 43 0 43 4 3 1 1 0 8 1
mcl2k2 2112 4 0 4 3 2 1 1 0 8 1
mcl2k 2048 75927 0 75882 16 9 7 13 0 8 0
mtagpl 96 51 0 30 2 1 1 1 0 8 0
mbufpl 256 124688 0 124536 31 20 11 22 0 8 0
bufpl 280 5197 0 136 362 0 362 362 0 8 0
anonpl 16 94311 0 77433 85 17 68 75 0 107 0
amapchunkpl 152 3816 0 3691 21 14 7 13 0 158 1
amappl16 192 4099 0 3166 58 11 47 52 0 8 0
amappl15 184 267 0 264 1 0 1 1 0 8 0
amappl14 176 229 0 225 1 0 1 1 0 8 0
amappl13 168 287 0 283 1 0 1 1 0 8 0
amappl12 160 265 0 261 1 0 1 1 0 8 0
amappl11 152 46 0 36 1 0 1 1 0 8 0
amappl10 144 276 0 273 1 0 1 1 0 8 0
amappl9 136 367 0 366 1 0 1 1 0 8 0
amappl8 128 350 0 309 2 0 2 2 0 8 0
amappl7 120 115 0 102 1 0 1 1 0 8 0
amappl6 112 24 0 18 1 0 1 1 0 8 0
amappl5 104 911 0 898 1 0 1 1 0 8 0
amappl4 96 445 0 417 1 0 1 1 0 8 0
amappl3 88 325 0 320 1 0 1 1 0 8 0
amappl2 80 7192 0 7127 2 0 2 2 0 8 0
amappl1 72 25323 0 24906 24 15 9 17 0 8 0
amappl 80 2086 0 2045 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 16 0 4 1 0 1 1 0 8 0
uaddrrnd 24 956 0 939 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 956 0 939 1 0 1 1 0 8 0
vmmpekpl 168 8830 0 8801 2 0 2 2 0 8 0
vmmpepl 168 115562 0 113601 147 57 90 120 0 357 0
vmsppl 272 955 0 939 3 1 2 2 0 8 0
pdppl 4096 1918 0 1882 9 4 5 6 0 8 0
pvpl 32 282233 0 262437 199 34 165 177 0 265 4
pmappl 200 955 0 939 2 1 1 2 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 316 0 88 8 0 8 8 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
ml_enlist(ffff80001f7c8f48,ffff800000b38f00) at ml_enlist+0x5c sys/kern/uipc_mbuf.c:1582
ifq_purge(ffff800000b42278) at ifq_purge+0x5d sys/net/ifq.c:453
tun_dev_close(5d01,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460
spec_close(ffff80001f7c9070) at spec_close+0x311 sys/kern/spec_vnops.c:560
VOP_CLOSE(fffffd8058187750,7,fffffd806c3bfc60,ffff80001d6aa5f8) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614
fdrop(fffffd80576dc6a0,ffff80001d6aa5f8) at fdrop+0xc2 sys/kern/kern_descrip.c:1279
closef(fffffd80576dc6a0,ffff80001d6aa5f8) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff80001d6aa5f8) at fdfree+0x100 sys/kern/kern_descrip.c:1195
exit1(ffff80001d6aa5f8,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197
sys_exit(ffff80001d6aa5f8,ffff80001f7c9300,ffff80001f7c9350) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80001f7c93d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb050, count: -13
ddb> machine ddbcpu 1
No such command
ddb> trace
ml_enlist(ffff80001f7c8f48,ffff800000b38f00) at ml_enlist+0x5c sys/kern/uipc_mbuf.c:1582
ifq_purge(ffff800000b42278) at ifq_purge+0x5d sys/net/ifq.c:453
tun_dev_close(5d01,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460
spec_close(ffff80001f7c9070) at spec_close+0x311 sys/kern/spec_vnops.c:560
VOP_CLOSE(fffffd8058187750,7,fffffd806c3bfc60,ffff80001d6aa5f8) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614
fdrop(fffffd80576dc6a0,ffff80001d6aa5f8) at fdrop+0xc2 sys/kern/kern_descrip.c:1279
closef(fffffd80576dc6a0,ffff80001d6aa5f8) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff80001d6aa5f8) at fdfree+0x100 sys/kern/kern_descrip.c:1195
exit1(ffff80001d6aa5f8,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197
sys_exit(ffff80001d6aa5f8,ffff80001f7c9300,ffff80001f7c9350) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80001f7c93d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb050, count: -13
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 474af46f Small XXX.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=155fc737100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=f5729b715a35ccfdc948
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f5729b...@syzkaller.appspotmail.com
uvm_fault(0xfffffd8065b079a0, 0x8, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at ml_enlist+0x5c: movq %rbx,0x8(%rax)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd8065b079a0, 0x8, 0, 2) -> e
ml_enlist(ffff80001f7c8f48,ffff800000b38f00) at ml_enlist+0x5c sys/kern/uipc_mbuf.c:1582
end trace frame: 0xffff80001f7c8f90, count: 0
ddb> trace
ml_enlist(ffff80001f7c8f48,ffff800000b38f00) at ml_enlist+0x5c sys/kern/uipc_mbuf.c:1582
ifq_purge(ffff800000b42278) at ifq_purge+0x5d sys/net/ifq.c:453
tun_dev_close(5d01,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460
spec_close(ffff80001f7c9070) at spec_close+0x311 sys/kern/spec_vnops.c:560
VOP_CLOSE(fffffd8058187750,7,fffffd806c3bfc60,ffff80001d6aa5f8) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614
fdrop(fffffd80576dc6a0,ffff80001d6aa5f8) at fdrop+0xc2 sys/kern/kern_descrip.c:1279
closef(fffffd80576dc6a0,ffff80001d6aa5f8) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff80001d6aa5f8) at fdfree+0x100 sys/kern/kern_descrip.c:1195
exit1(ffff80001d6aa5f8,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197
sys_exit(ffff80001d6aa5f8,ffff80001f7c9300,ffff80001f7c9350) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80001f7c93d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb050, count: -13
ddb> show registers
rdi 0
rsi 0x7
rbp 0xffff80001f7c8f30
rbx 0xfffffd80663dfa00
rdx 0x2000 __ALIGN_SIZE+0x1000
rcx 0xffff80001d6aa5f8
rax 0
r8 0xffffffff81e4e0d2 spec_close+0x52
r9 0x5
r10 0x477e3a13ed388fe8
r11 0xa22d6904704afb2
r12 0x7
r13 0
r14 0xffff800000b38f00
r15 0xffff80001f7c8f48
rip 0xffffffff817fbfdc ml_enlist+0x5c
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001f7c8ef0
ss 0x10
ml_enlist+0x5c: movq %rbx,0x8(%rax)
ddb> show proc
PROC (syz-executor.1) pid=73598 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff80001d6a99c8,0xffffffff82817430
process=0xffff8000ffffb5a0 user=0xffff80001f7c4000, vmspace=0xfffffd8065b079a0
estcpu=28, cpticks=2, pctcpu=0.4
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
94790 428606 0 0 3 0x14200 acct acct
81566 325903 1 0 3 0x100083 ttyin getty
77128 449288 0 0 3 0x14200 bored sosplice
7501 107200 41298 0 3 0x82 piperd syz-executor.0
41298 497172 41112 0 3 0x82 thrsleep syz-fuzzer
41298 154204 41112 0 3 0x4000082 nanosleep syz-fuzzer
41298 167367 41112 0 2 0x4000002 syz-fuzzer
41298 409115 41112 0 3 0x4000082 thrsleep syz-fuzzer
41298 139283 41112 0 3 0x4000082 thrsleep syz-fuzzer
41298 211100 41112 0 3 0x4000082 thrsleep syz-fuzzer
41298 516605 41112 0 3 0x4000082 thrsleep syz-fuzzer
41298 288326 41112 0 3 0x4000082 thrsleep syz-fuzzer
41112 187651 36880 0 3 0x10008a pause ksh
36880 330922 53195 0 3 0x92 select sshd
53195 520634 1 0 3 0x80 select sshd
90767 118508 77447 73 3 0x100090 kqread syslogd
77447 190491 1 0 3 0x100082 netio syslogd
31502 433584 1 77 3 0x100090 poll dhclient
20047 480251 1 0 3 0x80 poll dhclient
51385 26435 0 0 3 0x14200 bored smr
77818 29738 0 0 2 0x14200 zerothread
85472 40761 0 0 3 0x14200 aiodoned aiodoned
18806 57508 0 0 3 0x14200 syncer update
12643 264642 0 0 3 0x14200 cleaner cleaner
621 3389 0 0 3 0x14200 reaper reaper
54389 390899 0 0 3 0x14200 pgdaemon pagedaemon
35661 333503 0 0 3 0x14200 bored crynlk
30306 210751 0 0 3 0x14200 bored crypto
86149 293292 0 0 3 0x40014200 acpi0 acpi0
48488 2555 0 0 3 0x14200 bored softnet
71397 511306 0 0 3 0x14200 bored systqmp
44478 413892 0 0 2 0x14200 systq
23623 479149 0 0 3 0x40014200 bored softclock
69078 444991 0 0 3 0x40014200 idle0
1 61073 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9514 6357K 7122K 78643K 12444 0
pcb 13 8K 8K 78643K 117 0
rtable 130 9K 11K 78643K 485 0
ifaddr 95 19K 19K 78643K 424 0
counters 21 16K 16K 78643K 28 0
ioctlops 0 0K 4K 78643K 109 0
iov 0 0K 12K 78643K 85 0
mount 1 1K 1K 78643K 1 0
vnodes 1225 77K 77K 78643K 1710 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 5 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 1K 78643K 106 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 4 9K 25K 78643K 773 0
sigio 0 0K 0K 78643K 17 0
proc 49 38K 54K 78643K 444 0
subproc 23 1K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 304 0
in_multi 72 3K 3K 78643K 274 0
ether_multi 1 0K 0K 78643K 14 0
mrt 0 0K 0K 78643K 4 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 245 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 132 55K 58K 78643K 2611 0
UVM aobj 13 2K 4K 78643K 17 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 76 0
NDP 13 0K 0K 78643K 36 0
temp 107 3857K 3921K 78643K 16769 0
kqueue 3 4K 8K 78643K 23 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 9 0 4 1 0 1 1 0 8 0
rtpcb 80 49 0 47 1 0 1 1 0 8 0
rtentry 112 80 0 39 2 0 2 2 0 8 0
unpcb 120 275 0 267 1 0 1 1 0 8 0
syncache 264 12 0 12 3 2 1 1 0 8 1
tcpcb 544 218 0 214 1 0 1 1 0 8 0
inpcb 296 1434 0 1427 5 3 2 2 0 8 1
rttmr 72 1 0 1 1 1 0 1 0 8 0
nd6 48 22 0 17 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 1 0 1 0 8 0
ppxss 1128 3 0 3 2 1 1 1 0 8 1
pfstscr 40 1 0 1 1 1 0 1 0 8 0
pfosfp 40 1 0 0 1 0 1 1 0 8 0
pfosfpen 112 2 0 0 1 0 1 1 0 8 0
pfrktable 1344 55 0 44 3 2 1 2 0 8 0
pftag 88 14 0 10 2 1 1 1 0 8 0
pfstkey 112 2 0 2 1 1 0 1 0 8 0
pfstate 328 1 0 1 1 1 0 1 0 8 0
pfrule 1360 20 0 12 2 1 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 440 0 227 17 3 14 15 0 8 0
art_table 32 441 0 227 2 0 2 2 0 8 0
art_node 16 79 0 41 1 0 1 1 0 8 0
sysvmsgpl 40 2 0 0 1 0 1 1 0 8 0
semupl 112 5 0 5 1 1 0 1 0 8 0
semapl 112 102 0 92 1 0 1 1 0 8 0
shmpl 112 15 0 4 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2366 0 966 88 0 88 88 0 8 0
ffsino 240 2366 0 966 83 0 83 83 0 8 0
nchpl 144 3512 0 1920 60 0 60 60 0 8 0
uvmvnodes 72 2812 0 0 52 0 52 52 0 8 0
vnodes 208 2812 0 0 148 0 148 148 0 8 0
namei 1024 9641 0 9641 3 2 1 1 0 8 1
vcpupl 1984 4 0 0 1 0 1 1 0 8 0
vmpool 528 13 0 9 2 1 1 1 0 8 0
pfiaddrpl 120 22 0 14 1 0 1 1 0 8 0
scxspl 192 11446 0 11446 2 1 1 1 0 8 1
plimitpl 152 67 0 60 1 0 1 1 0 8 0
sigapl 424 959 0 930 4 0 4 4 0 8 0
futexpl 56 14669 0 14669 3 2 1 1 0 8 1
knotepl 112 103 0 84 1 0 1 1 0 8 0
kqueuepl 144 70 0 67 1 0 1 1 0 8 0
pipepl 272 146 0 136 3 2 1 2 0 8 0
fdescpl 432 943 0 930 2 0 2 2 0 8 0
filepl 120 5303 0 5220 6 2 4 5 0 8 1
lockfpl 104 101 0 100 1 0 1 1 0 8 0
lockfspl 48 38 0 37 1 0 1 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 25 0 15 1 0 1 1 0 8 0
ucredpl 96 452 0 444 1 0 1 1 0 8 0
zombiepl 144 931 0 929 3 2 1 1 0 8 0
processpl 920 959 0 929 4 0 4 4 0 8 0
procpl 624 1839 0 1802 4 0 4 4 0 8 1
sosppl 128 7 0 7 3 2 1 1 0 8 1
sockpl 400 1763 0 1746 6 3 3 4 0 8 1
mcl64k 65536 293 0 293 35 34 1 33 0 8 1
mcl16k 16384 2 0 2 2 2 0 1 0 8 0
mcl12k 12288 15 0 15 3 3 0 1 0 8 0
mcl9k 9216 6 0 6 4 3 1 1 0 8 1
mcl8k 8192 17 0 17 3 2 1 1 0 8 1
mcl4k 4096 43 0 43 4 3 1 1 0 8 1
mcl2k2 2112 4 0 4 3 2 1 1 0 8 1
mcl2k 2048 75927 0 75882 16 9 7 13 0 8 0
mtagpl 96 51 0 30 2 1 1 1 0 8 0
mbufpl 256 124688 0 124536 31 20 11 22 0 8 0
bufpl 280 5197 0 136 362 0 362 362 0 8 0
anonpl 16 94311 0 77433 85 17 68 75 0 107 0
amapchunkpl 152 3816 0 3691 21 14 7 13 0 158 1
amappl16 192 4099 0 3166 58 11 47 52 0 8 0
amappl15 184 267 0 264 1 0 1 1 0 8 0
amappl14 176 229 0 225 1 0 1 1 0 8 0
amappl13 168 287 0 283 1 0 1 1 0 8 0
amappl12 160 265 0 261 1 0 1 1 0 8 0
amappl11 152 46 0 36 1 0 1 1 0 8 0
amappl10 144 276 0 273 1 0 1 1 0 8 0
amappl9 136 367 0 366 1 0 1 1 0 8 0
amappl8 128 350 0 309 2 0 2 2 0 8 0
amappl7 120 115 0 102 1 0 1 1 0 8 0
amappl6 112 24 0 18 1 0 1 1 0 8 0
amappl5 104 911 0 898 1 0 1 1 0 8 0
amappl4 96 445 0 417 1 0 1 1 0 8 0
amappl3 88 325 0 320 1 0 1 1 0 8 0
amappl2 80 7192 0 7127 2 0 2 2 0 8 0
amappl1 72 25323 0 24906 24 15 9 17 0 8 0
amappl 80 2086 0 2045 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 16 0 4 1 0 1 1 0 8 0
uaddrrnd 24 956 0 939 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 956 0 939 1 0 1 1 0 8 0
vmmpekpl 168 8830 0 8801 2 0 2 2 0 8 0
vmmpepl 168 115562 0 113601 147 57 90 120 0 357 0
vmsppl 272 955 0 939 3 1 2 2 0 8 0
pdppl 4096 1918 0 1882 9 4 5 6 0 8 0
pvpl 32 282233 0 262437 199 34 165 177 0 265 4
pmappl 200 955 0 939 2 1 1 2 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 316 0 88 8 0 8 8 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
ml_enlist(ffff80001f7c8f48,ffff800000b38f00) at ml_enlist+0x5c sys/kern/uipc_mbuf.c:1582
ifq_purge(ffff800000b42278) at ifq_purge+0x5d sys/net/ifq.c:453
tun_dev_close(5d01,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460
spec_close(ffff80001f7c9070) at spec_close+0x311 sys/kern/spec_vnops.c:560
VOP_CLOSE(fffffd8058187750,7,fffffd806c3bfc60,ffff80001d6aa5f8) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614
fdrop(fffffd80576dc6a0,ffff80001d6aa5f8) at fdrop+0xc2 sys/kern/kern_descrip.c:1279
closef(fffffd80576dc6a0,ffff80001d6aa5f8) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff80001d6aa5f8) at fdfree+0x100 sys/kern/kern_descrip.c:1195
exit1(ffff80001d6aa5f8,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197
sys_exit(ffff80001d6aa5f8,ffff80001f7c9300,ffff80001f7c9350) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80001f7c93d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb050, count: -13
ddb> machine ddbcpu 1
No such command
ddb> trace
ml_enlist(ffff80001f7c8f48,ffff800000b38f00) at ml_enlist+0x5c sys/kern/uipc_mbuf.c:1582
ifq_purge(ffff800000b42278) at ifq_purge+0x5d sys/net/ifq.c:453
tun_dev_close(5d01,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460
spec_close(ffff80001f7c9070) at spec_close+0x311 sys/kern/spec_vnops.c:560
VOP_CLOSE(fffffd8058187750,7,fffffd806c3bfc60,ffff80001d6aa5f8) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd80576dc6a0,ffff80001d6aa5f8) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614
fdrop(fffffd80576dc6a0,ffff80001d6aa5f8) at fdrop+0xc2 sys/kern/kern_descrip.c:1279
closef(fffffd80576dc6a0,ffff80001d6aa5f8) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff80001d6aa5f8) at fdfree+0x100 sys/kern/kern_descrip.c:1195
exit1(ffff80001d6aa5f8,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197
sys_exit(ffff80001d6aa5f8,ffff80001f7c9300,ffff80001f7c9350) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80001f7c93d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb050, count: -13
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Oct 2, 2020, 6:22:11 PM10/2/20
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages