kernel: integer divide fault trap, code=NUM (4)
1 view
Skip to first unread message
syzbot
Apr 22, 2023, 8:55:48 AM4/22/23
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 1e5b016c5082 sync for __syscall removal
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=155d9f0bc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=a377d5cd833c2343429a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cb9a404e2563/disk-1e5b016c.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/27dc2036237a/bsd-1e5b016c.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ea0ea667b9fa/kernel-1e5b016c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a377d5...@syzkaller.appspotmail.com
kernel: integer divide fault trap, code=0
Stopped at tcp_update_sndspace+0x1e1: divl %ecx,%eax
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
tcp_update_sndspace(ffff800000cde308) at tcp_update_sndspace+0x1e1 sys/netinet/tcp_usrreq.c:1514
tcp_output(ffff800000cde308) at tcp_output+0x23c8 sys/netinet/tcp_output.c:993
tcp_connect(fffffd806f4c9008,fffffd80755fb500) at tcp_connect+0x348 sys/netinet/tcp_usrreq.c:679
sys_connect(ffff800022d28b28,ffff80002e43fa28,ffff80002e43fa70) at sys_connect+0x203 sys/kern/uipc_syscalls.c:422
syscall(ffff80002e43faf0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002e43faf0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9e7f2df4c60, count: -6
ddb{0}> show registers
rdi 0xffff800027b6e000
rsi 0x4e2
rbp 0xffff80002e43f770
rbx 0x4000 __ALIGN_SIZE+0x3000
rdx 0
rcx 0
rax 0x4000 __ALIGN_SIZE+0x3000
r8 0xd0
r9 0x34ddd43f6b16a38e
r10 0x11c11affa8f7e480
r11 0xdecdf86f6b8dcf5
r12 0x800
r13 0x800
r14 0x4000 __ALIGN_SIZE+0x3000
r15 0xfffffd806f4c9008
rip 0xffffffff82165851 tcp_update_sndspace+0x1e1
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002e43f710
ss 0x10
tcp_update_sndspace+0x1e1: divl %ecx,%eax
ddb{0}> show proc
PROC (syz-executor.2) pid=416455 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=83, nice=20
forw=0xffffffffffffffff, list=0xffff8000211f4590,0xffff800022d28df0
process=0xffff8000ffff6e30 user=0xffff80002e43a000, vmspace=0xfffffd80670f9dc8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
57759 161696 57218 0 7 0 syz-executor.3
57759 116190 57218 0 2 0x4000000 syz-executor.3
68871 364124 70411 0 2 0 syz-executor.2
*68871 416455 70411 0 7 0x4000000 syz-executor.2
16203 344058 82846 0 3 0x80 nanoslp syz-executor.7
16203 117506 82846 0 3 0x4000080 lockf syz-executor.7
16203 146867 82846 0 3 0x4000080 fsleep syz-executor.7
27976 280899 57439 0 2 0 syz-executor.6
27976 135623 57439 0 3 0x4000080 fsleep syz-executor.6
27976 264137 57439 0 3 0x4000080 fsleep syz-executor.6
70411 9630 84599 0 3 0x82 nanoslp syz-executor.2
57218 387486 84599 0 3 0x82 nanoslp syz-executor.3
34221 260964 84599 0 3 0x82 nanoslp syz-executor.4
9561 292828 84599 0 2 0x2 syz-executor.5
57439 253383 84599 0 3 0x82 nanoslp syz-executor.6
51218 131300 84599 0 2 0x2 syz-executor.0
83013 203392 84599 0 2 0x2 syz-executor.1
82846 406571 84599 0 3 0x82 nanoslp syz-executor.7
82889 99131 1 0 3 0x100083 ttyin getty
4930 109205 1 0 3 0 vmmapbsy syz-executor.6
4930 274781 1 0 3 0x4000000 vmmaplk syz-executor.6
15740 40596 0 0 3 0x14200 bored sosplice
84599 495551 88701 0 3 0x82 wait syz-fuzzer
84599 209885 88701 0 3 0x4000082 nanoslp syz-fuzzer
84599 29093 88701 0 3 0x4000082 thrsleep syz-fuzzer
84599 164662 88701 0 2 0x4000002 syz-fuzzer
84599 189448 88701 0 3 0x4000082 thrsleep syz-fuzzer
84599 487784 88701 0 3 0x4000082 wait syz-fuzzer
84599 52620 88701 0 3 0x4000082 thrsleep syz-fuzzer
84599 440167 88701 0 3 0x4000082 wait syz-fuzzer
84599 278794 88701 0 3 0x4000082 wait syz-fuzzer
84599 77942 88701 0 3 0x4000082 wait syz-fuzzer
84599 320644 88701 0 3 0x4000082 thrsleep syz-fuzzer
84599 15122 88701 0 3 0x4000082 thrsleep syz-fuzzer
84599 494698 88701 0 3 0x4000082 kqread syz-fuzzer
84599 157053 88701 0 3 0x4000082 wait syz-fuzzer
84599 65702 88701 0 3 0x4000082 wait syz-fuzzer
84599 432665 88701 0 3 0x4000082 wait syz-fuzzer
88701 194645 18016 0 3 0x10008a sigsusp ksh
18016 20213 23748 0 2 0x9a sshd
23748 498776 1 0 3 0x88 kqread sshd
51642 404352 15779 74 3 0x1100092 bpf pflogd
15779 85236 1 0 3 0x80 netio pflogd
19460 493738 95171 73 3 0x1100090 kqread syslogd
95171 380808 1 0 3 0x100082 netio syslogd
96748 458075 1 0 3 0x100080 kqread resolvd
50330 327397 81196 77 3 0x100092 kqread dhcpleased
31989 373057 81196 77 3 0x100092 kqread dhcpleased
81196 193665 1 0 3 0x80 kqread dhcpleased
56777 276646 0 0 3 0x14200 bored smr
33988 357107 0 0 2 0x14200 zerothread
71101 281878 0 0 3 0x14200 aiodoned aiodoned
4277 386774 0 0 3 0x14200 syncer update
46582 382310 0 0 3 0x14200 cleaner cleaner
36554 294928 0 0 3 0x14200 reaper reaper
91849 221783 0 0 3 0x14200 pgdaemon pagedaemon
38428 455343 0 0 3 0x14200 bored viomb
8342 475998 0 0 3 0x40014200 acpi0 acpi0
30715 159497 0 0 3 0x40014200 idle1
61585 260510 0 0 3 0x14200 bored softnet
8982 125183 0 0 3 0x14200 bored softnet
2501 26923 0 0 3 0x14200 bored softnet
35912 520872 0 0 3 0x14200 bored softnet
76924 378540 0 0 3 0x14200 bored systqmp
17165 101263 0 0 3 0x14200 bored systq
6379 361649 0 0 3 0x40014200 bored softclock
77507 166178 0 0 3 0x40014200 idle0
1 155633 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 68871 (syz-executor.2) thread 0xffff800022d28b28 (416455)
exclusive rwlock netlock r = 0 (0xffffffff82b49670)
#0 witness_lock+0x44d
#1 sys_connect+0x1ba isdnssocket sys/kern/uipc_syscalls.c:127 [inline]
#1 sys_connect+0x1ba sys/kern/uipc_syscalls.c:413
#2 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#2 syscall+0x606 sys/arch/amd64/amd64/trap.c:625
#3 Xsyscall+0x128
Process 4930 (syz-executor.6) thread 0xffff800022d29b78 (274781)
shared rwlock vmmaplk r = 0 (0xfffffd806c28dec8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5376
#3 uvm_map_pageable_all+0x53 sys/uvm/uvm_map.c:2406
#4 sys_mlockall+0x5d sys/uvm/uvm_mmap.c:890
#5 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#5 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:625
#6 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10315 6674K 7451K 78643K 20698 0
pcb 13 18K 20K 78643K 1687 0
rtable 208 15K 16K 78643K 1805 0
ifaddr 84 27K 29K 78643K 675 0
sysctl 2 0K 0K 78643K 2 0
counters 58 35K 36K 78643K 514 0
ioctlops 0 0K 4K 78643K 1987 0
iov 0 0K 36K 78643K 6687 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1481 93K 93K 78643K 6211 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 46 0
VM map 2 1K 1K 78643K 2 0
sem 12 1K 1K 78643K 18 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 86K 78643K 6522 0
sigio 0 0K 0K 78643K 91 0
proc 71 91K 128K 78643K 1563 0
subproc 117 7K 7K 78643K 435 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 381 0
in_multi 79 5K 7K 78643K 556 0
ether_multi 1 0K 0K 78643K 30 0
mrt 1 0K 0K 78643K 36 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 229 1023K 1023K 78643K 229 0
exec 0 0K 1K 78643K 1828 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 359 103K 117K 78643K 36319 0
UVM aobj 131 7K 7K 78643K 142 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 145 0
NDP 15 0K 1K 78643K 215 0
temp 146 5779K 6803K 78643K 105089 0
kqueue 12 18K 26K 78643K 604 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 550 0 547 6 5 1 3 0 8 0
rtentry 112 503 0 414 4 1 3 4 0 8 0
unpcb 144 5377 0 5362 57 53 4 6 0 8 3
syncache 296 34 0 34 11 11 0 1 0 8 0
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 930 0 930 5 5 0 2 0 8 0
tcpcb 776 2226 0 2221 74 67 7 11 0 8 6
arp 120 76 0 59 1 0 1 1 0 8 0
inpcb 368 7445 0 7434 108 98 10 17 0 8 8
nd6 48 112 0 91 1 0 1 1 0 8 0
pkpcb 40 4 0 4 1 1 0 1 0 8 0
kcovpl 48 33 0 24 1 0 1 1 0 8 0
mppekey 1024 16 0 16 6 6 0 1 0 8 0
ppxss 1256 138 0 138 12 12 0 1 0 8 0
pppxif 1456 94 0 94 7 7 0 1 0 8 0
pfstscr 40 77 0 77 8 7 1 1 0 8 1
pffrag 232 65 0 61 1 0 1 1 0 482 0
pffrnode 88 63 0 59 1 0 1 1 0 8 0
pffrent 40 153 0 149 2 1 1 1 0 8 0
pfosfp 40 1434 0 1009 5 0 5 5 0 8 0
pfosfpen 112 1434 0 718 21 0 21 21 0 8 0
pfanchor 1280 840 3 328 47 4 43 43 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 264 9 0 9 2 2 0 1 0 8 0
pfstitem 24 107 0 105 1 0 1 1 0 8 0
pfstkey 128 223 0 219 2 1 1 2 0 8 0
pfstate 384 158 0 156 5 4 1 4 0 8 0
pfrule 1344 21 0 20 2 1 1 2 0 8 0
rttmr 136 7 0 7 3 3 0 1 0 8 0
art_heap8 4096 2 0 1 2 1 1 2 0 8 0
art_heap4 256 2261 0 1904 47 20 27 29 0 8 0
art_table 32 2263 0 1905 4 0 4 4 0 8 0
art_node 16 498 0 421 1 0 1 1 0 8 0
sysvmsgpl 40 10 0 6 1 0 1 1 0 8 0
semupl 112 5 0 5 2 2 0 1 0 8 0
semapl 112 10 0 0 1 0 1 1 0 8 0
shmpl 112 139 0 11 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 11384 0 9893 95 1 94 94 0 8 0
ffsino 272 11384 0 9893 100 0 100 100 0 8 0
nchpl 144 21190 0 19533 63 0 63 63 0 8 0
uvmvnodes 80 5929 0 0 121 0 121 121 0 8 0
vnodes 216 5929 0 0 330 0 330 330 0 8 0
namei 1024 77402 0 77402 5 4 1 2 0 8 1
percpumem 16 270 0 228 1 0 1 1 0 8 0
vmpool 696 16 0 16 5 4 1 1 0 8 1
kstatmem 264 282 0 252 3 0 3 3 0 8 0
scsiplug 72 12 0 12 3 3 0 1 0 8 0
scxspl 216 74404 0 74404 16 15 1 8 0 8 1
plimitpl 152 1094 0 1076 1 0 1 1 0 8 0
sigapl 424 6791 0 6744 9 3 6 7 0 8 0
futexpl 64 64136 0 64133 3 2 1 1 0 8 0
knotepl 120 593 0 0 14 0 14 14 0 8 0
kqueuepl 216 1221 0 1213 19 18 1 5 0 8 0
pipepl 320 1905 0 1875 43 35 8 10 0 8 5
fdescpl 496 6773 0 6745 7 2 5 5 0 8 0
filepl 152 53828 0 53560 85 67 18 21 0 8 6
lockfpl 104 11086 0 11078 16 14 2 3 0 8 1
lockfspl 48 2031 0 2027 1 0 1 1 0 8 0
sessionpl 144 52 0 34 1 0 1 1 0 8 0
pgrppl 48 92 0 74 1 0 1 1 0 8 0
ucredpl 104 5935 0 5919 1 0 1 1 0 8 0
zombiepl 144 6745 0 6744 2 1 1 1 0 8 0
processpl 1072 6791 0 6744 5 1 4 4 0 8 0
procpl 696 18839 0 18770 11 3 8 9 0 8 0
srpgc 96 44 0 44 12 12 0 1 0 8 0
sosppl 168 90 0 90 13 13 0 1 0 8 0
sockpl 488 13389 0 13363 286 274 12 29 0 8 8
mcl64k 65536 17 0 0 3 0 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 25 0 0 2 0 2 2 0 8 0
mcl9k 9216 13 0 0 1 0 1 1 0 8 0
mcl8k 8192 34 0 0 5 2 3 3 0 8 0
mcl4k 4096 25 0 0 3 0 3 3 0 8 0
mcl2k2 2112 6 0 0 1 0 1 1 0 8 0
mcl2k 2048 457 0 0 55 4 51 55 0 8 0
mtagpl 96 335 0 0 5 0 5 5 0 8 0
mbufpl 256 1456 0 0 72 0 72 72 0 8 0
bufpl 288 15656 0 9331 452 0 452 452 0 8 0
anonpl 24 1020162 0 1001260 296 170 126 191 0 186 0
amapchunkpl 152 88405 0 87378 116 69 47 72 0 158 3
amappl16 200 17394 0 16833 105 72 33 42 0 8 2
amappl15 192 18 0 17 1 0 1 1 0 8 0
amappl14 184 251 0 236 2 1 1 2 0 8 0
amappl13 176 7 0 7 1 1 0 1 0 8 0
amappl12 168 732 0 730 1 0 1 1 0 8 0
amappl11 160 51 0 37 1 0 1 1 0 8 0
amappl10 152 81 0 70 1 0 1 1 0 8 0
amappl9 144 987 0 985 1 0 1 1 0 8 0
amappl8 136 447 0 351 6 2 4 4 0 8 0
amappl7 128 234 0 206 2 1 1 2 0 8 0
amappl6 120 348 0 327 2 1 1 2 0 8 0
amappl5 112 335 0 326 1 0 1 1 0 8 0
amappl4 104 883 0 851 3 2 1 2 0 8 0
amappl3 96 8114 0 8074 2 0 2 2 0 8 0
amappl2 88 7763 0 7678 6 4 2 4 0 8 0
amappl1 80 238536 0 237615 38 15 23 28 0 8 0
amappl 88 34007 0 33815 7 1 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 141 0 11 3 0 3 3 0 8 0
uaddrrnd 24 6789 0 6761 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 6789 0 6761 1 0 1 1 0 8 0
vmmpekpl 168 59182 0 59109 4 0 4 4 0 8 0
vmmpepl 168 700180 0 697215 233 86 147 153 0 357 0
vmsppl 440 6788 0 6761 7 3 4 5 0 8 0
rwobjpl 56 226120 0 218123 125 9 116 117 0 8 0
pdppl 4096 13585 0 13522 392 321 71 81 0 8 8
pvpl 32 2446847 0 2422206 565 349 216 366 0 265 0
pmappl 248 6788 0 6761 3 1 2 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1366 0 471 26 0 26 26 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
tcp_update_sndspace(ffff800000cde308) at tcp_update_sndspace+0x1e1 sys/netinet/tcp_usrreq.c:1514
tcp_output(ffff800000cde308) at tcp_output+0x23c8 sys/netinet/tcp_output.c:993
tcp_connect(fffffd806f4c9008,fffffd80755fb500) at tcp_connect+0x348 sys/netinet/tcp_usrreq.c:679
sys_connect(ffff800022d28b28,ffff80002e43fa28,ffff80002e43fa70) at sys_connect+0x203 sys/kern/uipc_syscalls.c:422
syscall(ffff80002e43faf0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002e43faf0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9e7f2df4c60, count: -6
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
end of kernel
end trace frame: 0x7f7ffffbf2d0, count: -3
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 1e5b016c5082 sync for __syscall removal
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=155d9f0bc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=a377d5cd833c2343429a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cb9a404e2563/disk-1e5b016c.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/27dc2036237a/bsd-1e5b016c.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ea0ea667b9fa/kernel-1e5b016c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a377d5...@syzkaller.appspotmail.com
kernel: integer divide fault trap, code=0
Stopped at tcp_update_sndspace+0x1e1: divl %ecx,%eax
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
tcp_update_sndspace(ffff800000cde308) at tcp_update_sndspace+0x1e1 sys/netinet/tcp_usrreq.c:1514
tcp_output(ffff800000cde308) at tcp_output+0x23c8 sys/netinet/tcp_output.c:993
tcp_connect(fffffd806f4c9008,fffffd80755fb500) at tcp_connect+0x348 sys/netinet/tcp_usrreq.c:679
sys_connect(ffff800022d28b28,ffff80002e43fa28,ffff80002e43fa70) at sys_connect+0x203 sys/kern/uipc_syscalls.c:422
syscall(ffff80002e43faf0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002e43faf0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9e7f2df4c60, count: -6
ddb{0}> show registers
rdi 0xffff800027b6e000
rsi 0x4e2
rbp 0xffff80002e43f770
rbx 0x4000 __ALIGN_SIZE+0x3000
rdx 0
rcx 0
rax 0x4000 __ALIGN_SIZE+0x3000
r8 0xd0
r9 0x34ddd43f6b16a38e
r10 0x11c11affa8f7e480
r11 0xdecdf86f6b8dcf5
r12 0x800
r13 0x800
r14 0x4000 __ALIGN_SIZE+0x3000
r15 0xfffffd806f4c9008
rip 0xffffffff82165851 tcp_update_sndspace+0x1e1
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002e43f710
ss 0x10
tcp_update_sndspace+0x1e1: divl %ecx,%eax
ddb{0}> show proc
PROC (syz-executor.2) pid=416455 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=83, nice=20
forw=0xffffffffffffffff, list=0xffff8000211f4590,0xffff800022d28df0
process=0xffff8000ffff6e30 user=0xffff80002e43a000, vmspace=0xfffffd80670f9dc8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
57759 161696 57218 0 7 0 syz-executor.3
57759 116190 57218 0 2 0x4000000 syz-executor.3
68871 364124 70411 0 2 0 syz-executor.2
*68871 416455 70411 0 7 0x4000000 syz-executor.2
16203 344058 82846 0 3 0x80 nanoslp syz-executor.7
16203 117506 82846 0 3 0x4000080 lockf syz-executor.7
16203 146867 82846 0 3 0x4000080 fsleep syz-executor.7
27976 280899 57439 0 2 0 syz-executor.6
27976 135623 57439 0 3 0x4000080 fsleep syz-executor.6
27976 264137 57439 0 3 0x4000080 fsleep syz-executor.6
70411 9630 84599 0 3 0x82 nanoslp syz-executor.2
57218 387486 84599 0 3 0x82 nanoslp syz-executor.3
34221 260964 84599 0 3 0x82 nanoslp syz-executor.4
9561 292828 84599 0 2 0x2 syz-executor.5
57439 253383 84599 0 3 0x82 nanoslp syz-executor.6
51218 131300 84599 0 2 0x2 syz-executor.0
83013 203392 84599 0 2 0x2 syz-executor.1
82846 406571 84599 0 3 0x82 nanoslp syz-executor.7
82889 99131 1 0 3 0x100083 ttyin getty
4930 109205 1 0 3 0 vmmapbsy syz-executor.6
4930 274781 1 0 3 0x4000000 vmmaplk syz-executor.6
15740 40596 0 0 3 0x14200 bored sosplice
84599 495551 88701 0 3 0x82 wait syz-fuzzer
84599 209885 88701 0 3 0x4000082 nanoslp syz-fuzzer
84599 29093 88701 0 3 0x4000082 thrsleep syz-fuzzer
84599 164662 88701 0 2 0x4000002 syz-fuzzer
84599 189448 88701 0 3 0x4000082 thrsleep syz-fuzzer
84599 487784 88701 0 3 0x4000082 wait syz-fuzzer
84599 52620 88701 0 3 0x4000082 thrsleep syz-fuzzer
84599 440167 88701 0 3 0x4000082 wait syz-fuzzer
84599 278794 88701 0 3 0x4000082 wait syz-fuzzer
84599 77942 88701 0 3 0x4000082 wait syz-fuzzer
84599 320644 88701 0 3 0x4000082 thrsleep syz-fuzzer
84599 15122 88701 0 3 0x4000082 thrsleep syz-fuzzer
84599 494698 88701 0 3 0x4000082 kqread syz-fuzzer
84599 157053 88701 0 3 0x4000082 wait syz-fuzzer
84599 65702 88701 0 3 0x4000082 wait syz-fuzzer
84599 432665 88701 0 3 0x4000082 wait syz-fuzzer
88701 194645 18016 0 3 0x10008a sigsusp ksh
18016 20213 23748 0 2 0x9a sshd
23748 498776 1 0 3 0x88 kqread sshd
51642 404352 15779 74 3 0x1100092 bpf pflogd
15779 85236 1 0 3 0x80 netio pflogd
19460 493738 95171 73 3 0x1100090 kqread syslogd
95171 380808 1 0 3 0x100082 netio syslogd
96748 458075 1 0 3 0x100080 kqread resolvd
50330 327397 81196 77 3 0x100092 kqread dhcpleased
31989 373057 81196 77 3 0x100092 kqread dhcpleased
81196 193665 1 0 3 0x80 kqread dhcpleased
56777 276646 0 0 3 0x14200 bored smr
33988 357107 0 0 2 0x14200 zerothread
71101 281878 0 0 3 0x14200 aiodoned aiodoned
4277 386774 0 0 3 0x14200 syncer update
46582 382310 0 0 3 0x14200 cleaner cleaner
36554 294928 0 0 3 0x14200 reaper reaper
91849 221783 0 0 3 0x14200 pgdaemon pagedaemon
38428 455343 0 0 3 0x14200 bored viomb
8342 475998 0 0 3 0x40014200 acpi0 acpi0
30715 159497 0 0 3 0x40014200 idle1
61585 260510 0 0 3 0x14200 bored softnet
8982 125183 0 0 3 0x14200 bored softnet
2501 26923 0 0 3 0x14200 bored softnet
35912 520872 0 0 3 0x14200 bored softnet
76924 378540 0 0 3 0x14200 bored systqmp
17165 101263 0 0 3 0x14200 bored systq
6379 361649 0 0 3 0x40014200 bored softclock
77507 166178 0 0 3 0x40014200 idle0
1 155633 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 68871 (syz-executor.2) thread 0xffff800022d28b28 (416455)
exclusive rwlock netlock r = 0 (0xffffffff82b49670)
#0 witness_lock+0x44d
#1 sys_connect+0x1ba isdnssocket sys/kern/uipc_syscalls.c:127 [inline]
#1 sys_connect+0x1ba sys/kern/uipc_syscalls.c:413
#2 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#2 syscall+0x606 sys/arch/amd64/amd64/trap.c:625
#3 Xsyscall+0x128
Process 4930 (syz-executor.6) thread 0xffff800022d29b78 (274781)
shared rwlock vmmaplk r = 0 (0xfffffd806c28dec8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5376
#3 uvm_map_pageable_all+0x53 sys/uvm/uvm_map.c:2406
#4 sys_mlockall+0x5d sys/uvm/uvm_mmap.c:890
#5 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#5 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:625
#6 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10315 6674K 7451K 78643K 20698 0
pcb 13 18K 20K 78643K 1687 0
rtable 208 15K 16K 78643K 1805 0
ifaddr 84 27K 29K 78643K 675 0
sysctl 2 0K 0K 78643K 2 0
counters 58 35K 36K 78643K 514 0
ioctlops 0 0K 4K 78643K 1987 0
iov 0 0K 36K 78643K 6687 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1481 93K 93K 78643K 6211 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 46 0
VM map 2 1K 1K 78643K 2 0
sem 12 1K 1K 78643K 18 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 86K 78643K 6522 0
sigio 0 0K 0K 78643K 91 0
proc 71 91K 128K 78643K 1563 0
subproc 117 7K 7K 78643K 435 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 381 0
in_multi 79 5K 7K 78643K 556 0
ether_multi 1 0K 0K 78643K 30 0
mrt 1 0K 0K 78643K 36 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 229 1023K 1023K 78643K 229 0
exec 0 0K 1K 78643K 1828 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 359 103K 117K 78643K 36319 0
UVM aobj 131 7K 7K 78643K 142 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 145 0
NDP 15 0K 1K 78643K 215 0
temp 146 5779K 6803K 78643K 105089 0
kqueue 12 18K 26K 78643K 604 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 550 0 547 6 5 1 3 0 8 0
rtentry 112 503 0 414 4 1 3 4 0 8 0
unpcb 144 5377 0 5362 57 53 4 6 0 8 3
syncache 296 34 0 34 11 11 0 1 0 8 0
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 930 0 930 5 5 0 2 0 8 0
tcpcb 776 2226 0 2221 74 67 7 11 0 8 6
arp 120 76 0 59 1 0 1 1 0 8 0
inpcb 368 7445 0 7434 108 98 10 17 0 8 8
nd6 48 112 0 91 1 0 1 1 0 8 0
pkpcb 40 4 0 4 1 1 0 1 0 8 0
kcovpl 48 33 0 24 1 0 1 1 0 8 0
mppekey 1024 16 0 16 6 6 0 1 0 8 0
ppxss 1256 138 0 138 12 12 0 1 0 8 0
pppxif 1456 94 0 94 7 7 0 1 0 8 0
pfstscr 40 77 0 77 8 7 1 1 0 8 1
pffrag 232 65 0 61 1 0 1 1 0 482 0
pffrnode 88 63 0 59 1 0 1 1 0 8 0
pffrent 40 153 0 149 2 1 1 1 0 8 0
pfosfp 40 1434 0 1009 5 0 5 5 0 8 0
pfosfpen 112 1434 0 718 21 0 21 21 0 8 0
pfanchor 1280 840 3 328 47 4 43 43 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 264 9 0 9 2 2 0 1 0 8 0
pfstitem 24 107 0 105 1 0 1 1 0 8 0
pfstkey 128 223 0 219 2 1 1 2 0 8 0
pfstate 384 158 0 156 5 4 1 4 0 8 0
pfrule 1344 21 0 20 2 1 1 2 0 8 0
rttmr 136 7 0 7 3 3 0 1 0 8 0
art_heap8 4096 2 0 1 2 1 1 2 0 8 0
art_heap4 256 2261 0 1904 47 20 27 29 0 8 0
art_table 32 2263 0 1905 4 0 4 4 0 8 0
art_node 16 498 0 421 1 0 1 1 0 8 0
sysvmsgpl 40 10 0 6 1 0 1 1 0 8 0
semupl 112 5 0 5 2 2 0 1 0 8 0
semapl 112 10 0 0 1 0 1 1 0 8 0
shmpl 112 139 0 11 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 11384 0 9893 95 1 94 94 0 8 0
ffsino 272 11384 0 9893 100 0 100 100 0 8 0
nchpl 144 21190 0 19533 63 0 63 63 0 8 0
uvmvnodes 80 5929 0 0 121 0 121 121 0 8 0
vnodes 216 5929 0 0 330 0 330 330 0 8 0
namei 1024 77402 0 77402 5 4 1 2 0 8 1
percpumem 16 270 0 228 1 0 1 1 0 8 0
vmpool 696 16 0 16 5 4 1 1 0 8 1
kstatmem 264 282 0 252 3 0 3 3 0 8 0
scsiplug 72 12 0 12 3 3 0 1 0 8 0
scxspl 216 74404 0 74404 16 15 1 8 0 8 1
plimitpl 152 1094 0 1076 1 0 1 1 0 8 0
sigapl 424 6791 0 6744 9 3 6 7 0 8 0
futexpl 64 64136 0 64133 3 2 1 1 0 8 0
knotepl 120 593 0 0 14 0 14 14 0 8 0
kqueuepl 216 1221 0 1213 19 18 1 5 0 8 0
pipepl 320 1905 0 1875 43 35 8 10 0 8 5
fdescpl 496 6773 0 6745 7 2 5 5 0 8 0
filepl 152 53828 0 53560 85 67 18 21 0 8 6
lockfpl 104 11086 0 11078 16 14 2 3 0 8 1
lockfspl 48 2031 0 2027 1 0 1 1 0 8 0
sessionpl 144 52 0 34 1 0 1 1 0 8 0
pgrppl 48 92 0 74 1 0 1 1 0 8 0
ucredpl 104 5935 0 5919 1 0 1 1 0 8 0
zombiepl 144 6745 0 6744 2 1 1 1 0 8 0
processpl 1072 6791 0 6744 5 1 4 4 0 8 0
procpl 696 18839 0 18770 11 3 8 9 0 8 0
srpgc 96 44 0 44 12 12 0 1 0 8 0
sosppl 168 90 0 90 13 13 0 1 0 8 0
sockpl 488 13389 0 13363 286 274 12 29 0 8 8
mcl64k 65536 17 0 0 3 0 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 25 0 0 2 0 2 2 0 8 0
mcl9k 9216 13 0 0 1 0 1 1 0 8 0
mcl8k 8192 34 0 0 5 2 3 3 0 8 0
mcl4k 4096 25 0 0 3 0 3 3 0 8 0
mcl2k2 2112 6 0 0 1 0 1 1 0 8 0
mcl2k 2048 457 0 0 55 4 51 55 0 8 0
mtagpl 96 335 0 0 5 0 5 5 0 8 0
mbufpl 256 1456 0 0 72 0 72 72 0 8 0
bufpl 288 15656 0 9331 452 0 452 452 0 8 0
anonpl 24 1020162 0 1001260 296 170 126 191 0 186 0
amapchunkpl 152 88405 0 87378 116 69 47 72 0 158 3
amappl16 200 17394 0 16833 105 72 33 42 0 8 2
amappl15 192 18 0 17 1 0 1 1 0 8 0
amappl14 184 251 0 236 2 1 1 2 0 8 0
amappl13 176 7 0 7 1 1 0 1 0 8 0
amappl12 168 732 0 730 1 0 1 1 0 8 0
amappl11 160 51 0 37 1 0 1 1 0 8 0
amappl10 152 81 0 70 1 0 1 1 0 8 0
amappl9 144 987 0 985 1 0 1 1 0 8 0
amappl8 136 447 0 351 6 2 4 4 0 8 0
amappl7 128 234 0 206 2 1 1 2 0 8 0
amappl6 120 348 0 327 2 1 1 2 0 8 0
amappl5 112 335 0 326 1 0 1 1 0 8 0
amappl4 104 883 0 851 3 2 1 2 0 8 0
amappl3 96 8114 0 8074 2 0 2 2 0 8 0
amappl2 88 7763 0 7678 6 4 2 4 0 8 0
amappl1 80 238536 0 237615 38 15 23 28 0 8 0
amappl 88 34007 0 33815 7 1 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 141 0 11 3 0 3 3 0 8 0
uaddrrnd 24 6789 0 6761 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 6789 0 6761 1 0 1 1 0 8 0
vmmpekpl 168 59182 0 59109 4 0 4 4 0 8 0
vmmpepl 168 700180 0 697215 233 86 147 153 0 357 0
vmsppl 440 6788 0 6761 7 3 4 5 0 8 0
rwobjpl 56 226120 0 218123 125 9 116 117 0 8 0
pdppl 4096 13585 0 13522 392 321 71 81 0 8 8
pvpl 32 2446847 0 2422206 565 349 216 366 0 265 0
pmappl 248 6788 0 6761 3 1 2 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1366 0 471 26 0 26 26 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
tcp_update_sndspace(ffff800000cde308) at tcp_update_sndspace+0x1e1 sys/netinet/tcp_usrreq.c:1514
tcp_output(ffff800000cde308) at tcp_output+0x23c8 sys/netinet/tcp_output.c:993
tcp_connect(fffffd806f4c9008,fffffd80755fb500) at tcp_connect+0x348 sys/netinet/tcp_usrreq.c:679
sys_connect(ffff800022d28b28,ffff80002e43fa28,ffff80002e43fa70) at sys_connect+0x203 sys/kern/uipc_syscalls.c:422
syscall(ffff80002e43faf0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002e43faf0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9e7f2df4c60, count: -6
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
end of kernel
end trace frame: 0x7f7ffffbf2d0, count: -3
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jun 17, 2023, 6:45:07 AM6/17/23
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 54e1723ed8a9 Convert two K&R function definitions to ANSI
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12b261d3280000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=a377d5cd833c2343429a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1211f39b280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1302c83d280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2d639f0619bd/disk-54e1723e.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/6a39284090fe/bsd-54e1723e.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/85372abcbdf5/kernel-54e1723e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a377d5...@syzkaller.appspotmail.com
kernel: integer divide fault trap, code=0
Stopped at m_pool_used+0x45: divl %ecx,%eax
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
m_pool_used() at m_pool_used+0x45 sys/kern/uipc_mbuf.c:1502
sbchecklowmem() at sbchecklowmem+0x21 sys/kern/uipc_socket2.c:642
tcp_update_sndspace(ffff800000cdcf28) at tcp_update_sndspace+0x43 sys/netinet/tcp_usrreq.c:1527
tcp_output(ffff800000cdcf28) at tcp_output+0x24cc sys/netinet/tcp_output.c:1029
tcp_send(fffffd806e5dbac0,fffffd807f020500,0,0) at tcp_send+0xf5 sys/netinet/tcp_usrreq.c:849
sosend(fffffd806e5dbac0,0,ffff800021674858,0,0,80) at sosend+0x66d
dofilewritev(ffff8000ffff5060,4,ffff800021674858,0,ffff800021674940) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_write(ffff8000ffff5060,ffff8000216748f0,ffff800021674940) at sys_write+0x87 sys/kern/sys_generic.c:295
syscall(ffff8000216749c0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632
ddb> show registers
rdi 0xffff800000cdcf28
rsi 0x4000000 __kernel_phys_end+0x1200000
rbp 0xffff800021674410
rbx 0x140003e4
rdx 0
rcx 0
rax 0x2198000 __kernel_phys_base+0x1198000
r8 0x7f7fffffc000
r9 0x80
r10 0x96d1b423280e31aa
r11 0x247a440ab14bb97d
r12 0x43e0 __ALIGN_SIZE+0x33e0
r13 0xfffffd806e5dbac0
r14 0xffff800000cdcf28
r15 0x43e0 __ALIGN_SIZE+0x33e0
rip 0xffffffff81be7f15 m_pool_used+0x45
ss 0x10
m_pool_used+0x45: divl %ecx,%eax
ddb> show proc
PROC (sshd) pid=112316 stat=onproc
flags process=12<EXEC,SUGID> proc=0
pri=24, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff5b40,0xffff8000ffff5328
process=0xffff8000ffff6010 user=0xffff80002166f000, vmspace=0xfffffd807f013000
estcpu=0, cpticks=1, pctcpu=0.3
user=0, sys=0, intr=0
ddb> ps
95206 392157 14604 0 3 0x82 nanoslp syz-executor1998899681
14604 519376 68093 0 3 0x10008a sigsusp ksh
*68093 112316 44768 0 7 0x12 sshd
18464 111215 1 0 3 0x100083 ttyin getty
44768 489605 1 0 3 0x88 kqread sshd
36925 397362 55902 73 3 0x1100090 kqread syslogd
55902 429082 1 0 3 0x100082 netio syslogd
31121 331257 1 0 3 0x100080 kqread resolvd
15262 379982 14146 77 3 0x100092 kqread dhcpleased
80039 367478 14146 77 3 0x100092 kqread dhcpleased
14146 18566 1 0 3 0x80 kqread dhcpleased
99577 2469 0 0 3 0x14200 bored smr
86893 33431 0 0 3 0x14200 pgzero zerothread
53258 154480 0 0 3 0x14200 aiodoned aiodoned
53220 401039 0 0 3 0x14200 syncer update
8350 364067 0 0 3 0x14200 cleaner cleaner
38262 33716 0 0 3 0x14200 reaper reaper
29452 290613 0 0 3 0x14200 pgdaemon pagedaemon
23459 94468 0 0 3 0x14200 bored viomb
54341 418043 0 0 3 0x40014200 acpi0 acpi0
42487 316210 0 0 3 0x14200 bored softnet3
29693 301725 0 0 3 0x14200 bored softnet2
62650 503077 0 0 3 0x14200 bored softnet1
92601 103978 0 0 3 0x14200 bored softnet0
69325 442951 0 0 3 0x14200 bored systqmp
65676 246084 0 0 3 0x14200 bored systq
63169 487431 0 0 3 0x40014200 bored softclock
78691 291626 0 0 3 0x40014200 idle0
1 224331 0 0 3 0x82 wait init
No such command
ddb> show malloc
pcb 13 8K 8K 78643K 13 0
rtable 58 1K 2K 78643K 112 0
ifaddr 23 11K 11K 78643K 23 0
counters 20 16K 16K 78643K 20 0
ioctlops 0 0K 2K 78643K 21 0
proc 55 58K 59K 78643K 246 0
ether_multi 1 0K 0K 78643K 1 0
exec 0 0K 1K 78643K 246 0
UVM aobj 3 2K 2K 78643K 3 0
temp 18 5841K 5905K 78643K 2788 0
kqueue 11 16K 18K 78643K 24 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 35 0 22 1 0 1 1 0 8 0
syncache 296 5 0 5 1 0 1 1 0 8 1
tcpqe 32 129 0 129 1 1 0 1 0 8 0
tcpcb 776 8 0 5 1 0 1 1 0 8 0
arp 88 2 0 0 1 0 1 1 0 8 0
inpcb 336 26 0 20 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
semapl 112 1 0 0 1 0 1 1 0 8 0
ffsino 240 1422 0 37 82 0 82 82 0 8 0
nchpl 144 1605 0 47 58 0 58 58 0 8 0
uvmvnodes 80 1431 0 0 30 0 30 30 0 8 0
vnodes 216 1431 0 0 80 0 80 80 0 8 0
namei 1024 4271 0 4271 1 0 1 1 0 8 1
kstatmem 264 6 0 0 1 0 1 1 0 8 0
scxspl 216 4634 0 4634 3 1 2 3 0 8 2
plimitpl 152 16 0 10 1 0 1 1 0 8 0
sigapl 424 313 0 283 4 0 4 4 0 8 0
knotepl 120 3350 0 3320 2 0 2 2 0 8 1
kqueuepl 184 20 0 13 1 0 1 1 0 8 0
pipepl 288 89 0 86 1 0 1 1 0 8 0
fdescpl 432 297 0 283 2 0 2 2 0 8 0
filepl 120 1137 0 1084 2 0 2 2 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 104 66 0 56 1 0 1 1 0 8 0
zombiepl 144 283 0 283 1 0 1 1 0 8 1
processpl 1008 313 0 283 5 1 4 5 0 8 0
procpl 696 313 0 283 4 1 3 4 0 8 0
sockpl 456 82 0 60 3 0 3 3 0 8 0
mcl8k 8192 9 0 9 2 1 1 1 0 8 1
mcl4k 4096 5 0 5 1 0 1 1 0 8 1
mcl2k 2048 10798 0 10762 28 15 13 28 0 8 7
mtagpl 96 4 0 4 1 1 0 1 0 8 0
mbufpl 256 17446 0 17403 15 5 10 15 0 8 7
bufpl 288 2398 0 92 165 0 165 165 0 8 0
anonpl 24 185765 0 183923 24 1 23 24 0 188 11
amapchunkpl 152 8350 0 8210 7 1 6 7 0 158 0
amappl16 200 5582 0 5582 5 1 4 5 0 8 4
amappl15 192 13 0 13 2 2 0 1 0 8 0
amappl14 184 104 0 95 1 0 1 1 0 8 0
amappl13 176 11 0 11 1 1 0 1 0 8 0
amappl12 168 823 0 810 1 0 1 1 0 8 0
amappl11 160 50 0 40 1 0 1 1 0 8 0
amappl10 152 24 0 24 1 0 1 1 0 8 1
amappl9 144 123 0 123 1 0 1 1 0 8 1
amappl8 136 46 0 44 1 0 1 1 0 8 0
amappl7 128 33 0 28 1 0 1 1 0 8 0
amappl6 120 152 0 140 1 0 1 1 0 8 0
amappl5 112 84 0 77 1 0 1 1 0 8 0
amappl4 104 427 0 400 1 0 1 1 0 8 0
amappl3 96 2261 0 2230 1 0 1 1 0 8 0
amappl2 88 467 0 428 2 1 1 2 0 8 0
amappl1 80 9054 0 8632 11 0 11 11 0 8 0
amappl 88 1899 0 1848 2 0 2 2 0 92 0
uaddrrnd 24 297 0 283 1 0 1 1 0 8 0
vmmpekpl 168 7001 0 6990 1 0 1 1 0 8 0
vmmpepl 168 34159 0 33227 46 1 45 46 0 357 1
vmsppl 368 296 0 283 2 0 2 2 0 8 0
rwobjpl 24 19077 0 17031 14 1 13 14 0 8 0
pdppl 4096 601 0 566 51 16 35 41 0 8 0
pvpl 32 280085 0 275903 52 1 51 52 0 265 14
pmappl 216 296 0 283 1 0 1 1 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
m_pool_used() at m_pool_used+0x45 sys/kern/uipc_mbuf.c:1502
sbchecklowmem() at sbchecklowmem+0x21 sys/kern/uipc_socket2.c:642
tcp_update_sndspace(ffff800000cdcf28) at tcp_update_sndspace+0x43 sys/netinet/tcp_usrreq.c:1527
tcp_output(ffff800000cdcf28) at tcp_output+0x24cc sys/netinet/tcp_output.c:1029
tcp_send(fffffd806e5dbac0,fffffd807f020500,0,0) at tcp_send+0xf5 sys/netinet/tcp_usrreq.c:849
sosend(fffffd806e5dbac0,0,ffff800021674858,0,0,80) at sosend+0x66d
dofilewritev(ffff8000ffff5060,4,ffff800021674858,0,ffff800021674940) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_write(ffff8000ffff5060,ffff8000216748f0,ffff800021674940) at sys_write+0x87 sys/kern/sys_generic.c:295
syscall(ffff8000216749c0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632
ddb> machine ddbcpu 1
No such command
ddb> trace
m_pool_used() at m_pool_used+0x45 sys/kern/uipc_mbuf.c:1502
sbchecklowmem() at sbchecklowmem+0x21 sys/kern/uipc_socket2.c:642
tcp_update_sndspace(ffff800000cdcf28) at tcp_update_sndspace+0x43 sys/netinet/tcp_usrreq.c:1527
tcp_output(ffff800000cdcf28) at tcp_output+0x24cc sys/netinet/tcp_output.c:1029
tcp_send(fffffd806e5dbac0,fffffd807f020500,0,0) at tcp_send+0xf5 sys/netinet/tcp_usrreq.c:849
sosend(fffffd806e5dbac0,0,ffff800021674858,0,0,80) at sosend+0x66d
dofilewritev(ffff8000ffff5060,4,ffff800021674858,0,ffff800021674940) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_write(ffff8000ffff5060,ffff8000216748f0,ffff800021674940) at sys_write+0x87 sys/kern/sys_generic.c:295
syscall(ffff8000216749c0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 54e1723ed8a9 Convert two K&R function definitions to ANSI
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12b261d3280000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=a377d5cd833c2343429a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1211f39b280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1302c83d280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2d639f0619bd/disk-54e1723e.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/6a39284090fe/bsd-54e1723e.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/85372abcbdf5/kernel-54e1723e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a377d5...@syzkaller.appspotmail.com
kernel: integer divide fault trap, code=0
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
m_pool_used() at m_pool_used+0x45 sys/kern/uipc_mbuf.c:1502
sbchecklowmem() at sbchecklowmem+0x21 sys/kern/uipc_socket2.c:642
tcp_update_sndspace(ffff800000cdcf28) at tcp_update_sndspace+0x43 sys/netinet/tcp_usrreq.c:1527
tcp_output(ffff800000cdcf28) at tcp_output+0x24cc sys/netinet/tcp_output.c:1029
tcp_send(fffffd806e5dbac0,fffffd807f020500,0,0) at tcp_send+0xf5 sys/netinet/tcp_usrreq.c:849
sosend(fffffd806e5dbac0,0,ffff800021674858,0,0,80) at sosend+0x66d
dofilewritev(ffff8000ffff5060,4,ffff800021674858,0,ffff800021674940) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_write(ffff8000ffff5060,ffff8000216748f0,ffff800021674940) at sys_write+0x87 sys/kern/sys_generic.c:295
syscall(ffff8000216749c0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7e783a53f170, count: -10
end of kernel
ddb> show registers
rdi 0xffff800000cdcf28
rsi 0x4000000 __kernel_phys_end+0x1200000
rbp 0xffff800021674410
rbx 0x140003e4
rdx 0
rcx 0
rax 0x2198000 __kernel_phys_base+0x1198000
r8 0x7f7fffffc000
r9 0x80
r10 0x96d1b423280e31aa
r11 0x247a440ab14bb97d
r12 0x43e0 __ALIGN_SIZE+0x33e0
r13 0xfffffd806e5dbac0
r14 0xffff800000cdcf28
r15 0x43e0 __ALIGN_SIZE+0x33e0
rip 0xffffffff81be7f15 m_pool_used+0x45
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800021674400
rflags 0x10246 __ALIGN_SIZE+0xf246
ss 0x10
m_pool_used+0x45: divl %ecx,%eax
ddb> show proc
PROC (sshd) pid=112316 stat=onproc
flags process=12<EXEC,SUGID> proc=0
pri=24, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff5b40,0xffff8000ffff5328
process=0xffff8000ffff6010 user=0xffff80002166f000, vmspace=0xfffffd807f013000
estcpu=0, cpticks=1, pctcpu=0.3
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
85795 492034 95206 0 2 0 syz-executor1998899681
95206 392157 14604 0 3 0x82 nanoslp syz-executor1998899681
14604 519376 68093 0 3 0x10008a sigsusp ksh
*68093 112316 44768 0 7 0x12 sshd
18464 111215 1 0 3 0x100083 ttyin getty
44768 489605 1 0 3 0x88 kqread sshd
36925 397362 55902 73 3 0x1100090 kqread syslogd
55902 429082 1 0 3 0x100082 netio syslogd
31121 331257 1 0 3 0x100080 kqread resolvd
15262 379982 14146 77 3 0x100092 kqread dhcpleased
80039 367478 14146 77 3 0x100092 kqread dhcpleased
14146 18566 1 0 3 0x80 kqread dhcpleased
99577 2469 0 0 3 0x14200 bored smr
86893 33431 0 0 3 0x14200 pgzero zerothread
53258 154480 0 0 3 0x14200 aiodoned aiodoned
53220 401039 0 0 3 0x14200 syncer update
8350 364067 0 0 3 0x14200 cleaner cleaner
38262 33716 0 0 3 0x14200 reaper reaper
29452 290613 0 0 3 0x14200 pgdaemon pagedaemon
23459 94468 0 0 3 0x14200 bored viomb
54341 418043 0 0 3 0x40014200 acpi0 acpi0
42487 316210 0 0 3 0x14200 bored softnet3
29693 301725 0 0 3 0x14200 bored softnet2
62650 503077 0 0 3 0x14200 bored softnet1
92601 103978 0 0 3 0x14200 bored softnet0
69325 442951 0 0 3 0x14200 bored systqmp
65676 246084 0 0 3 0x14200 bored systq
63169 487431 0 0 3 0x40014200 bored softclock
78691 291626 0 0 3 0x40014200 idle0
1 224331 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10133 6381K 6412K 78643K 11223 0
pcb 13 8K 8K 78643K 13 0
rtable 58 1K 2K 78643K 112 0
ifaddr 23 11K 11K 78643K 23 0
counters 20 16K 16K 78643K 20 0
ioctlops 0 0K 2K 78643K 21 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1174 73K 74K 78643K 1187 0
log 0 0K 0K 78643K 4 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 3 0K 0K 78643K 3 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 1 0K 0K 78643K 1 0
ACPI 1697 195K 286K 78643K 12548 0
proc 55 58K 59K 78643K 246 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 25 122K 122K 78643K 25 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 1K 78643K 246 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 88 4K 5K 78643K 2170 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 3 0K 0K 78643K 3 0
crypto data 1 1K 1K 78643K 1 0
temp 18 5841K 5905K 78643K 2788 0
kqueue 11 16K 18K 78643K 24 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 21 0 18 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 35 0 22 1 0 1 1 0 8 0
syncache 296 5 0 5 1 0 1 1 0 8 1
tcpqe 32 129 0 129 1 1 0 1 0 8 0
tcpcb 776 8 0 5 1 0 1 1 0 8 0
arp 88 2 0 0 1 0 1 1 0 8 0
inpcb 336 26 0 20 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
semapl 112 1 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1422 0 37 87 0 87 87 0 8 0
ffsino 240 1422 0 37 82 0 82 82 0 8 0
nchpl 144 1605 0 47 58 0 58 58 0 8 0
uvmvnodes 80 1431 0 0 30 0 30 30 0 8 0
vnodes 216 1431 0 0 80 0 80 80 0 8 0
namei 1024 4271 0 4271 1 0 1 1 0 8 1
kstatmem 264 6 0 0 1 0 1 1 0 8 0
scxspl 216 4634 0 4634 3 1 2 3 0 8 2
plimitpl 152 16 0 10 1 0 1 1 0 8 0
sigapl 424 313 0 283 4 0 4 4 0 8 0
knotepl 120 3350 0 3320 2 0 2 2 0 8 1
kqueuepl 184 20 0 13 1 0 1 1 0 8 0
pipepl 288 89 0 86 1 0 1 1 0 8 0
fdescpl 432 297 0 283 2 0 2 2 0 8 0
filepl 120 1137 0 1084 2 0 2 2 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 104 66 0 56 1 0 1 1 0 8 0
zombiepl 144 283 0 283 1 0 1 1 0 8 1
processpl 1008 313 0 283 5 1 4 5 0 8 0
procpl 696 313 0 283 4 1 3 4 0 8 0
sockpl 456 82 0 60 3 0 3 3 0 8 0
mcl8k 8192 9 0 9 2 1 1 1 0 8 1
mcl4k 4096 5 0 5 1 0 1 1 0 8 1
mcl2k 2048 10798 0 10762 28 15 13 28 0 8 7
mtagpl 96 4 0 4 1 1 0 1 0 8 0
mbufpl 256 17446 0 17403 15 5 10 15 0 8 7
bufpl 288 2398 0 92 165 0 165 165 0 8 0
anonpl 24 185765 0 183923 24 1 23 24 0 188 11
amapchunkpl 152 8350 0 8210 7 1 6 7 0 158 0
amappl16 200 5582 0 5582 5 1 4 5 0 8 4
amappl15 192 13 0 13 2 2 0 1 0 8 0
amappl14 184 104 0 95 1 0 1 1 0 8 0
amappl13 176 11 0 11 1 1 0 1 0 8 0
amappl12 168 823 0 810 1 0 1 1 0 8 0
amappl11 160 50 0 40 1 0 1 1 0 8 0
amappl10 152 24 0 24 1 0 1 1 0 8 1
amappl9 144 123 0 123 1 0 1 1 0 8 1
amappl8 136 46 0 44 1 0 1 1 0 8 0
amappl7 128 33 0 28 1 0 1 1 0 8 0
amappl6 120 152 0 140 1 0 1 1 0 8 0
amappl5 112 84 0 77 1 0 1 1 0 8 0
amappl4 104 427 0 400 1 0 1 1 0 8 0
amappl3 96 2261 0 2230 1 0 1 1 0 8 0
amappl2 88 467 0 428 2 1 1 2 0 8 0
amappl1 80 9054 0 8632 11 0 11 11 0 8 0
amappl 88 1899 0 1848 2 0 2 2 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 297 0 283 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 297 0 283 1 0 1 1 0 8 0
vmmpekpl 168 7001 0 6990 1 0 1 1 0 8 0
vmmpepl 168 34159 0 33227 46 1 45 46 0 357 1
vmsppl 368 296 0 283 2 0 2 2 0 8 0
rwobjpl 24 19077 0 17031 14 1 13 14 0 8 0
pdppl 4096 601 0 566 51 16 35 41 0 8 0
pvpl 32 280085 0 275903 52 1 51 52 0 265 14
pmappl 216 296 0 283 1 0 1 1 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 449 0 39 12 0 12 12 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
m_pool_used() at m_pool_used+0x45 sys/kern/uipc_mbuf.c:1502
sbchecklowmem() at sbchecklowmem+0x21 sys/kern/uipc_socket2.c:642
tcp_update_sndspace(ffff800000cdcf28) at tcp_update_sndspace+0x43 sys/netinet/tcp_usrreq.c:1527
tcp_output(ffff800000cdcf28) at tcp_output+0x24cc sys/netinet/tcp_output.c:1029
tcp_send(fffffd806e5dbac0,fffffd807f020500,0,0) at tcp_send+0xf5 sys/netinet/tcp_usrreq.c:849
sosend(fffffd806e5dbac0,0,ffff800021674858,0,0,80) at sosend+0x66d
dofilewritev(ffff8000ffff5060,4,ffff800021674858,0,ffff800021674940) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_write(ffff8000ffff5060,ffff8000216748f0,ffff800021674940) at sys_write+0x87 sys/kern/sys_generic.c:295
syscall(ffff8000216749c0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7e783a53f170, count: -10
end of kernel
ddb> machine ddbcpu 1
No such command
ddb> trace
m_pool_used() at m_pool_used+0x45 sys/kern/uipc_mbuf.c:1502
sbchecklowmem() at sbchecklowmem+0x21 sys/kern/uipc_socket2.c:642
tcp_update_sndspace(ffff800000cdcf28) at tcp_update_sndspace+0x43 sys/netinet/tcp_usrreq.c:1527
tcp_output(ffff800000cdcf28) at tcp_output+0x24cc sys/netinet/tcp_output.c:1029
tcp_send(fffffd806e5dbac0,fffffd807f020500,0,0) at tcp_send+0xf5 sys/netinet/tcp_usrreq.c:849
sosend(fffffd806e5dbac0,0,ffff800021674858,0,0,80) at sosend+0x66d
dofilewritev(ffff8000ffff5060,4,ffff800021674858,0,ffff800021674940) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_write(ffff8000ffff5060,ffff8000216748f0,ffff800021674940) at sys_write+0x87 sys/kern/sys_generic.c:295
syscall(ffff8000216749c0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7e783a53f170, count: -10
end of kernel
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages