panic: free: size too small 24 <= 256 / 2 (ADDR) type in_multi
3 views
Skip to first unread message
syzbot
Oct 12, 2019, 3:01:09 AM10/12/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 353d0464 When available use "interrupt-names" to select th..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1257b3f0e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=d77aa43f13941058b685
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d77aa4...@syzkaller.appspotmail.com
panic: free: size too small 24 <= 256 / 2 (0xffff800000b067e8) type in_multi
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
free(ffff800000b067e8,36,18) at free+0x54c
in6_purgeaddr(ffff800000ad4500) at in6_purgeaddr+0x1b7
sys/netinet6/in6.c:913
in6_ifdetach(ffff800000a75000) at in6_ifdetach+0x74
sys/netinet6/in6_ifattach.c:422
if_detach(ffff800000a75000) at if_detach+0x155 sys/net/if.c:1110
tun_clone_destroy(ffff800000a75000) at tun_clone_destroy+0x1c0
sys/net/if_tun.c:278
spec_close(ffff80001653ddb0) at spec_close+0x3b0 sys/kern/spec_vnops.c:553
VOP_CLOSE(fffffd80365a38f0,7,fffffd803f7c6ba0,ffff8000ffff89e8) at
VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175
vn_closefile(fffffd802de93cb8,ffff8000ffff89e8) at vn_closefile+0xd3
vn_close sys/kern/vfs_vnops.c:301 [inline]
vn_closefile(fffffd802de93cb8,ffff8000ffff89e8) at vn_closefile+0xd3
sys/kern/vfs_vnops.c:613
fdrop(fffffd802de93cb8,ffff8000ffff89e8) at fdrop+0xc2
sys/kern/kern_descrip.c:1273
closef(fffffd802de93cb8,ffff8000ffff89e8) at closef+0x118
sys/kern/kern_descrip.c:1257
fdfree(ffff8000ffff89e8) at fdfree+0x100 sys/kern/kern_descrip.c:1189
exit1(ffff8000ffff89e8,19,1) at exit1+0x32f sys/kern/kern_exit.c:196
end trace frame: 0xffff80001653e100, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
free: size too small 24 <= 256 / 2 (0xffff800000b067e8) type in_multi
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
free(ffff800000b067e8,36,18) at free+0x54c
in6_purgeaddr(ffff800000ad4500) at in6_purgeaddr+0x1b7
sys/netinet6/in6.c:913
in6_ifdetach(ffff800000a75000) at in6_ifdetach+0x74
sys/netinet6/in6_ifattach.c:422
if_detach(ffff800000a75000) at if_detach+0x155 sys/net/if.c:1110
tun_clone_destroy(ffff800000a75000) at tun_clone_destroy+0x1c0
sys/net/if_tun.c:278
spec_close(ffff80001653ddb0) at spec_close+0x3b0 sys/kern/spec_vnops.c:553
VOP_CLOSE(fffffd80365a38f0,7,fffffd803f7c6ba0,ffff8000ffff89e8) at
VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175
vn_closefile(fffffd802de93cb8,ffff8000ffff89e8) at vn_closefile+0xd3
vn_close sys/kern/vfs_vnops.c:301 [inline]
vn_closefile(fffffd802de93cb8,ffff8000ffff89e8) at vn_closefile+0xd3
sys/kern/vfs_vnops.c:613
fdrop(fffffd802de93cb8,ffff8000ffff89e8) at fdrop+0xc2
sys/kern/kern_descrip.c:1273
closef(fffffd802de93cb8,ffff8000ffff89e8) at closef+0x118
sys/kern/kern_descrip.c:1257
fdfree(ffff8000ffff89e8) at fdfree+0x100 sys/kern/kern_descrip.c:1189
exit1(ffff8000ffff89e8,19,1) at exit1+0x32f sys/kern/kern_exit.c:196
postsig(ffff8000ffff89e8,19) at postsig+0x4a6 sigexit
sys/kern/kern_sig.c:1499 [inline]
postsig(ffff8000ffff89e8,19) at postsig+0x4a6 sys/kern/kern_sig.c:1431
userret(ffff8000ffff89e8) at userret+0x159 sys/kern/kern_sig.c:1889
Xsyscall(6,38,7f7ffffcebd0,3,0,67e0507a000) at Xsyscall+0x156
end of kernel
end trace frame: 0x7f7ffffcebc0, count: -17
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001653da50
rbx 0xffff80001653db00
rdx 0x2
rcx 0
rax 0
r8 0xffff80001653da10
r9 0x1
r10 0
r11 0x4d72e25e86620980
r12 0x3000000008
r13 0xffff80001653da60
r14 0x100
r15 0x1
rip 0xffffffff81878d48 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001653da40
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=57824 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
pri=17, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff93c8,0xffff8000ffff5658
process=0xffff8000148a2a38 user=0xffff800016539000,
vmspace=0xfffffd803f014000
estcpu=28, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
94786 163048 1472 0 2 0x2 syz-executor.1
3875 356581 0 0 3 0x14200 acct acct
921 93914 0 0 3 0x14200 bored sosplice
1472 459902 60157 0 3 0x82 thrsleep syz-fuzzer
1472 280627 60157 0 3 0x4000082 nanosleep syz-fuzzer
1472 60454 60157 0 2 0x4000082 syz-fuzzer
1472 434517 60157 0 3 0x4000082 thrsleep syz-fuzzer
1472 165355 60157 0 3 0x4000082 thrsleep syz-fuzzer
1472 342708 60157 0 3 0x4000082 thrsleep syz-fuzzer
1472 38055 60157 0 3 0x4000082 thrsleep syz-fuzzer
60157 256245 45101 0 3 0x10008a pause ksh
45101 120596 67840 0 3 0x92 select sshd
35768 144160 1 0 3 0x100083 ttyin getty
67840 153936 1 0 3 0x80 select sshd
94435 264288 78621 73 3 0x100090 kqread syslogd
78621 314512 1 0 3 0x100082 netio syslogd
10450 15222 1 77 2 0x100090 dhclient
97397 95766 1 0 3 0x80 poll dhclient
55943 385882 0 0 2 0x14200 zerothread
4029 183268 0 0 3 0x14200 aiodoned aiodoned
33571 479297 0 0 3 0x14200 syncer update
40630 426923 0 0 3 0x14200 cleaner cleaner
66597 324091 0 0 3 0x14200 reaper reaper
39816 352101 0 0 3 0x14200 pgdaemon pagedaemon
91594 167358 0 0 3 0x14200 bored crynlk
52945 436200 0 0 3 0x14200 bored crypto
82782 504608 0 0 3 0x40014200 acpi0 acpi0
36313 37249 0 0 2 0x14200 softnet
76218 448742 0 0 2 0x14200 systqmp
26445 117137 0 0 3 0x14200 bored systq
17298 453197 0 0 3 0x40014200 bored softclock
82197 351250 0 0 3 0x40014200 idle0
52543 523600 0 0 3 0x14200 bored smr
1 148139 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9533 6351K 7493K 78643K 12690 0 0
pcb 13 9K 9K 78643K 364 0 0
rtable 75 3K 4K 78643K 628 0 0
ifaddr 63 13K 13K 78643K 100 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 83 0 0
iov 0 0K 24K 78643K 191 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1228 77K 77K 78643K 2032 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 12 0 0
VM map 8 2K 2K 78643K 11 0 0
sem 12 0K 1K 78643K 251 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 4 9K 25K 78643K 844 0 0
sigio 0 0K 0K 78643K 19 0 0
proc 49 38K 63K 78643K 481 0 0
subproc 23 1K 2K 78643K 68 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 41 0 0
in_multi 12 0K 2K 78643K 63 0 0
ether_multi 1 0K 0K 78643K 3 0 0
mrt 0 0K 0K 78643K 4 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 84 371K 371K 78643K 84 0 0
exec 0 0K 1K 78643K 306 0 0
pfkey data 0 0K 4K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 116 71K 71K 78643K 2903 0 0
UVM aobj 104 3K 3K 78643K 108 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 116 0 0
NDP 15 0K 0K 78643K 29 0 0
temp 197 3540K 3608K 78643K 36267 0 0
kqueue 0 0K 0K 78643K 6 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 17 0 14 1 0 1 1 0
8 0
rtpcb 80 107 0 105 1 0 1 1 0
8 0
rtentry 112 98 0 72 2 0 2 2 0
8 0
unpcb 120 458 0 450 1 0 1 1 0
8 0
syncache 264 13 0 13 3 3 0 1 0
8 0
tcpqe 32 277 0 277 2 2 0 1 0
8 0
tcpcb 544 317 0 312 4 3 1 2 0
8 0
ipq 40 11 0 11 3 2 1 1 0
8 1
ipqe 40 157 0 157 3 2 1 1 0
8 1
inpcb 280 2543 0 2535 5 3 2 4 0
8 1
rttmr 72 2 0 2 1 1 0 1 0
8 0
ip6q 72 1 0 1 1 1 0 1 0
8 0
ip6af 40 3 0 3 1 1 0 1 0
8 0
nd6 48 12 0 11 1 0 1 1 0
8 0
pkpcb 40 10 0 10 3 2 1 1 0
8 1
ppxss 1128 3 0 3 3 2 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 397 0 201 16 0 16 16 0
8 0
art_table 32 398 0 201 2 0 2 2 0
8 0
art_node 16 97 0 65 1 0 1 1 0
8 0
sysvmsgpl 40 55 0 15 1 0 1 1 0
8 0
semupl 112 3 0 3 1 1 0 1 0
8 0
semapl 112 249 0 239 1 0 1 1 0
8 0
shmpl 112 106 0 4 3 0 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 2669 0 1278 46 0 46 46 0
8 0
ffsino 240 2669 0 1278 83 0 83 83 0
8 0
nchpl 144 4020 0 2416 60 0 60 60 0
8 0
uvmvnodes 72 3274 0 0 60 0 60 60 0
8 0
vnodes 208 3274 0 0 173 0 173 173 0
8 0
namei 1024 12375 0 12375 1 0 1 1 0
8 1
vcpupl 1984 6 0 0 1 0 1 1 0
8 0
vmpool 520 9 0 3 2 1 1 1 0
8 0
scxspl 192 13019 0 13019 11 10 1 6 0
8 1
plimitpl 152 86 0 79 1 0 1 1 0
8 0
sigapl 432 1009 0 997 2 0 2 2 0
8 0
futexpl 56 23210 0 23210 1 0 1 1 0
8 1
knotepl 112 176 0 157 1 0 1 1 0
8 0
kqueuepl 104 175 0 173 1 0 1 1 0
8 0
pipepl 112 568 0 550 4 3 1 2 0
8 0
fdescpl 424 1010 0 997 2 0 2 2 0
8 0
filepl 120 8775 0 8689 7 2 5 5 0
8 2
lockfpl 104 302 0 301 1 0 1 1 0
8 0
lockfspl 48 101 0 100 1 0 1 1 0
8 0
sessionpl 112 19 0 9 1 0 1 1 0
8 0
pgrppl 48 27 0 17 1 0 1 1 0
8 0
ucredpl 96 1582 0 1575 1 0 1 1 0
8 0
zombiepl 144 998 0 997 1 0 1 1 0
8 0
processpl 864 1026 0 997 4 0 4 4 0
8 0
procpl 632 2091 0 2056 4 0 4 4 0
8 0
sosppl 128 14 0 14 4 3 1 1 0
8 1
sockpl 384 3214 0 3196 9 5 4 7 0
8 2
mcl64k 65536 70 0 70 2 1 1 1 0
8 1
mcl16k 16384 10 0 10 4 3 1 1 0
8 1
mcl12k 12288 19 0 19 3 2 1 1 0
8 1
mcl9k 9216 14 0 14 2 1 1 1 0
8 1
mcl8k 8192 39 0 39 1 0 1 1 0
8 1
mcl4k 4096 92 0 92 2 1 1 1 0
8 1
mcl2k2 2112 8 0 8 5 4 1 1 0
8 1
mcl2k 2048 64213 0 64170 19 12 7 17 0
8 1
mtagpl 80 18 0 18 2 1 1 1 0
8 1
mbufpl 256 108925 0 108827 34 16 18 22 0
8 8
bufpl 256 10237 0 3919 396 0 396 396 0
8 0
anonpl 16 124898 0 107523 108 31 77 100 0
62 2
amapchunkpl 152 4749 0 4617 19 12 7 16 0
158 0
amappl16 192 5915 0 4904 89 33 56 70 0
8 5
amappl15 184 9 0 9 1 1 0 1 0
8 0
amappl14 176 41 0 38 1 0 1 1 0
8 0
amappl13 168 131 0 130 1 0 1 1 0
8 0
amappl12 160 362 0 359 1 0 1 1 0
8 0
amappl11 152 53 0 42 1 0 1 1 0
8 0
amappl10 144 107 0 104 1 0 1 1 0
8 0
amappl9 136 830 0 821 1 0 1 1 0
8 0
amappl8 128 401 0 369 2 0 2 2 0
8 0
amappl7 120 132 0 126 1 0 1 1 0
8 0
amappl6 112 68 0 58 1 0 1 1 0
8 0
amappl5 104 517 0 507 1 0 1 1 0
8 0
amappl4 96 1352 0 1328 1 0 1 1 0
8 0
amappl3 88 146 0 141 1 0 1 1 0
8 0
amappl2 80 7196 0 7140 3 1 2 3 0
8 0
amappl1 72 26811 0 26413 26 17 9 20 0
8 0
amappl 80 2352 0 2307 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 107 0 4 2 0 2 2 0
8 0
uaddrrnd 24 1019 0 997 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 1019 0 997 1 0 1 1 0
8 0
vmmpekpl 168 10047 0 10017 2 0 2 2 0
8 0
vmmpepl 168 128361 0 126385 165 46 119 130 0 357
25
vmsppl 272 1009 0 997 2 1 1 2 0
8 0
pdppl 4096 2044 0 2006 7 1 6 6 0
8 0
pvpl 32 374821 0 354479 259 48 211 241 0 265
37
pmappl 200 1018 0 1000 2 0 2 2 0
8 1
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 577 0 40 16 0 16 16 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 353d0464 When available use "interrupt-names" to select th..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1257b3f0e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=d77aa43f13941058b685
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d77aa4...@syzkaller.appspotmail.com
panic: free: size too small 24 <= 256 / 2 (0xffff800000b067e8) type in_multi
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
free(ffff800000b067e8,36,18) at free+0x54c
in6_purgeaddr(ffff800000ad4500) at in6_purgeaddr+0x1b7
sys/netinet6/in6.c:913
in6_ifdetach(ffff800000a75000) at in6_ifdetach+0x74
sys/netinet6/in6_ifattach.c:422
if_detach(ffff800000a75000) at if_detach+0x155 sys/net/if.c:1110
tun_clone_destroy(ffff800000a75000) at tun_clone_destroy+0x1c0
sys/net/if_tun.c:278
spec_close(ffff80001653ddb0) at spec_close+0x3b0 sys/kern/spec_vnops.c:553
VOP_CLOSE(fffffd80365a38f0,7,fffffd803f7c6ba0,ffff8000ffff89e8) at
VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175
vn_closefile(fffffd802de93cb8,ffff8000ffff89e8) at vn_closefile+0xd3
vn_close sys/kern/vfs_vnops.c:301 [inline]
vn_closefile(fffffd802de93cb8,ffff8000ffff89e8) at vn_closefile+0xd3
sys/kern/vfs_vnops.c:613
fdrop(fffffd802de93cb8,ffff8000ffff89e8) at fdrop+0xc2
sys/kern/kern_descrip.c:1273
closef(fffffd802de93cb8,ffff8000ffff89e8) at closef+0x118
sys/kern/kern_descrip.c:1257
fdfree(ffff8000ffff89e8) at fdfree+0x100 sys/kern/kern_descrip.c:1189
exit1(ffff8000ffff89e8,19,1) at exit1+0x32f sys/kern/kern_exit.c:196
end trace frame: 0xffff80001653e100, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
free: size too small 24 <= 256 / 2 (0xffff800000b067e8) type in_multi
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
free(ffff800000b067e8,36,18) at free+0x54c
in6_purgeaddr(ffff800000ad4500) at in6_purgeaddr+0x1b7
sys/netinet6/in6.c:913
in6_ifdetach(ffff800000a75000) at in6_ifdetach+0x74
sys/netinet6/in6_ifattach.c:422
if_detach(ffff800000a75000) at if_detach+0x155 sys/net/if.c:1110
tun_clone_destroy(ffff800000a75000) at tun_clone_destroy+0x1c0
sys/net/if_tun.c:278
spec_close(ffff80001653ddb0) at spec_close+0x3b0 sys/kern/spec_vnops.c:553
VOP_CLOSE(fffffd80365a38f0,7,fffffd803f7c6ba0,ffff8000ffff89e8) at
VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175
vn_closefile(fffffd802de93cb8,ffff8000ffff89e8) at vn_closefile+0xd3
vn_close sys/kern/vfs_vnops.c:301 [inline]
vn_closefile(fffffd802de93cb8,ffff8000ffff89e8) at vn_closefile+0xd3
sys/kern/vfs_vnops.c:613
fdrop(fffffd802de93cb8,ffff8000ffff89e8) at fdrop+0xc2
sys/kern/kern_descrip.c:1273
closef(fffffd802de93cb8,ffff8000ffff89e8) at closef+0x118
sys/kern/kern_descrip.c:1257
fdfree(ffff8000ffff89e8) at fdfree+0x100 sys/kern/kern_descrip.c:1189
exit1(ffff8000ffff89e8,19,1) at exit1+0x32f sys/kern/kern_exit.c:196
postsig(ffff8000ffff89e8,19) at postsig+0x4a6 sigexit
sys/kern/kern_sig.c:1499 [inline]
postsig(ffff8000ffff89e8,19) at postsig+0x4a6 sys/kern/kern_sig.c:1431
userret(ffff8000ffff89e8) at userret+0x159 sys/kern/kern_sig.c:1889
Xsyscall(6,38,7f7ffffcebd0,3,0,67e0507a000) at Xsyscall+0x156
end of kernel
end trace frame: 0x7f7ffffcebc0, count: -17
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001653da50
rbx 0xffff80001653db00
rdx 0x2
rcx 0
rax 0
r8 0xffff80001653da10
r9 0x1
r10 0
r11 0x4d72e25e86620980
r12 0x3000000008
r13 0xffff80001653da60
r14 0x100
r15 0x1
rip 0xffffffff81878d48 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001653da40
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=57824 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
pri=17, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff93c8,0xffff8000ffff5658
process=0xffff8000148a2a38 user=0xffff800016539000,
vmspace=0xfffffd803f014000
estcpu=28, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
94786 163048 1472 0 2 0x2 syz-executor.1
3875 356581 0 0 3 0x14200 acct acct
921 93914 0 0 3 0x14200 bored sosplice
1472 459902 60157 0 3 0x82 thrsleep syz-fuzzer
1472 280627 60157 0 3 0x4000082 nanosleep syz-fuzzer
1472 60454 60157 0 2 0x4000082 syz-fuzzer
1472 434517 60157 0 3 0x4000082 thrsleep syz-fuzzer
1472 165355 60157 0 3 0x4000082 thrsleep syz-fuzzer
1472 342708 60157 0 3 0x4000082 thrsleep syz-fuzzer
1472 38055 60157 0 3 0x4000082 thrsleep syz-fuzzer
60157 256245 45101 0 3 0x10008a pause ksh
45101 120596 67840 0 3 0x92 select sshd
35768 144160 1 0 3 0x100083 ttyin getty
67840 153936 1 0 3 0x80 select sshd
94435 264288 78621 73 3 0x100090 kqread syslogd
78621 314512 1 0 3 0x100082 netio syslogd
10450 15222 1 77 2 0x100090 dhclient
97397 95766 1 0 3 0x80 poll dhclient
55943 385882 0 0 2 0x14200 zerothread
4029 183268 0 0 3 0x14200 aiodoned aiodoned
33571 479297 0 0 3 0x14200 syncer update
40630 426923 0 0 3 0x14200 cleaner cleaner
66597 324091 0 0 3 0x14200 reaper reaper
39816 352101 0 0 3 0x14200 pgdaemon pagedaemon
91594 167358 0 0 3 0x14200 bored crynlk
52945 436200 0 0 3 0x14200 bored crypto
82782 504608 0 0 3 0x40014200 acpi0 acpi0
36313 37249 0 0 2 0x14200 softnet
76218 448742 0 0 2 0x14200 systqmp
26445 117137 0 0 3 0x14200 bored systq
17298 453197 0 0 3 0x40014200 bored softclock
82197 351250 0 0 3 0x40014200 idle0
52543 523600 0 0 3 0x14200 bored smr
1 148139 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9533 6351K 7493K 78643K 12690 0 0
pcb 13 9K 9K 78643K 364 0 0
rtable 75 3K 4K 78643K 628 0 0
ifaddr 63 13K 13K 78643K 100 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 83 0 0
iov 0 0K 24K 78643K 191 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1228 77K 77K 78643K 2032 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 12 0 0
VM map 8 2K 2K 78643K 11 0 0
sem 12 0K 1K 78643K 251 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 4 9K 25K 78643K 844 0 0
sigio 0 0K 0K 78643K 19 0 0
proc 49 38K 63K 78643K 481 0 0
subproc 23 1K 2K 78643K 68 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 41 0 0
in_multi 12 0K 2K 78643K 63 0 0
ether_multi 1 0K 0K 78643K 3 0 0
mrt 0 0K 0K 78643K 4 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 84 371K 371K 78643K 84 0 0
exec 0 0K 1K 78643K 306 0 0
pfkey data 0 0K 4K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 116 71K 71K 78643K 2903 0 0
UVM aobj 104 3K 3K 78643K 108 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 116 0 0
NDP 15 0K 0K 78643K 29 0 0
temp 197 3540K 3608K 78643K 36267 0 0
kqueue 0 0K 0K 78643K 6 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 17 0 14 1 0 1 1 0
8 0
rtpcb 80 107 0 105 1 0 1 1 0
8 0
rtentry 112 98 0 72 2 0 2 2 0
8 0
unpcb 120 458 0 450 1 0 1 1 0
8 0
syncache 264 13 0 13 3 3 0 1 0
8 0
tcpqe 32 277 0 277 2 2 0 1 0
8 0
tcpcb 544 317 0 312 4 3 1 2 0
8 0
ipq 40 11 0 11 3 2 1 1 0
8 1
ipqe 40 157 0 157 3 2 1 1 0
8 1
inpcb 280 2543 0 2535 5 3 2 4 0
8 1
rttmr 72 2 0 2 1 1 0 1 0
8 0
ip6q 72 1 0 1 1 1 0 1 0
8 0
ip6af 40 3 0 3 1 1 0 1 0
8 0
nd6 48 12 0 11 1 0 1 1 0
8 0
pkpcb 40 10 0 10 3 2 1 1 0
8 1
ppxss 1128 3 0 3 3 2 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 397 0 201 16 0 16 16 0
8 0
art_table 32 398 0 201 2 0 2 2 0
8 0
art_node 16 97 0 65 1 0 1 1 0
8 0
sysvmsgpl 40 55 0 15 1 0 1 1 0
8 0
semupl 112 3 0 3 1 1 0 1 0
8 0
semapl 112 249 0 239 1 0 1 1 0
8 0
shmpl 112 106 0 4 3 0 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 2669 0 1278 46 0 46 46 0
8 0
ffsino 240 2669 0 1278 83 0 83 83 0
8 0
nchpl 144 4020 0 2416 60 0 60 60 0
8 0
uvmvnodes 72 3274 0 0 60 0 60 60 0
8 0
vnodes 208 3274 0 0 173 0 173 173 0
8 0
namei 1024 12375 0 12375 1 0 1 1 0
8 1
vcpupl 1984 6 0 0 1 0 1 1 0
8 0
vmpool 520 9 0 3 2 1 1 1 0
8 0
scxspl 192 13019 0 13019 11 10 1 6 0
8 1
plimitpl 152 86 0 79 1 0 1 1 0
8 0
sigapl 432 1009 0 997 2 0 2 2 0
8 0
futexpl 56 23210 0 23210 1 0 1 1 0
8 1
knotepl 112 176 0 157 1 0 1 1 0
8 0
kqueuepl 104 175 0 173 1 0 1 1 0
8 0
pipepl 112 568 0 550 4 3 1 2 0
8 0
fdescpl 424 1010 0 997 2 0 2 2 0
8 0
filepl 120 8775 0 8689 7 2 5 5 0
8 2
lockfpl 104 302 0 301 1 0 1 1 0
8 0
lockfspl 48 101 0 100 1 0 1 1 0
8 0
sessionpl 112 19 0 9 1 0 1 1 0
8 0
pgrppl 48 27 0 17 1 0 1 1 0
8 0
ucredpl 96 1582 0 1575 1 0 1 1 0
8 0
zombiepl 144 998 0 997 1 0 1 1 0
8 0
processpl 864 1026 0 997 4 0 4 4 0
8 0
procpl 632 2091 0 2056 4 0 4 4 0
8 0
sosppl 128 14 0 14 4 3 1 1 0
8 1
sockpl 384 3214 0 3196 9 5 4 7 0
8 2
mcl64k 65536 70 0 70 2 1 1 1 0
8 1
mcl16k 16384 10 0 10 4 3 1 1 0
8 1
mcl12k 12288 19 0 19 3 2 1 1 0
8 1
mcl9k 9216 14 0 14 2 1 1 1 0
8 1
mcl8k 8192 39 0 39 1 0 1 1 0
8 1
mcl4k 4096 92 0 92 2 1 1 1 0
8 1
mcl2k2 2112 8 0 8 5 4 1 1 0
8 1
mcl2k 2048 64213 0 64170 19 12 7 17 0
8 1
mtagpl 80 18 0 18 2 1 1 1 0
8 1
mbufpl 256 108925 0 108827 34 16 18 22 0
8 8
bufpl 256 10237 0 3919 396 0 396 396 0
8 0
anonpl 16 124898 0 107523 108 31 77 100 0
62 2
amapchunkpl 152 4749 0 4617 19 12 7 16 0
158 0
amappl16 192 5915 0 4904 89 33 56 70 0
8 5
amappl15 184 9 0 9 1 1 0 1 0
8 0
amappl14 176 41 0 38 1 0 1 1 0
8 0
amappl13 168 131 0 130 1 0 1 1 0
8 0
amappl12 160 362 0 359 1 0 1 1 0
8 0
amappl11 152 53 0 42 1 0 1 1 0
8 0
amappl10 144 107 0 104 1 0 1 1 0
8 0
amappl9 136 830 0 821 1 0 1 1 0
8 0
amappl8 128 401 0 369 2 0 2 2 0
8 0
amappl7 120 132 0 126 1 0 1 1 0
8 0
amappl6 112 68 0 58 1 0 1 1 0
8 0
amappl5 104 517 0 507 1 0 1 1 0
8 0
amappl4 96 1352 0 1328 1 0 1 1 0
8 0
amappl3 88 146 0 141 1 0 1 1 0
8 0
amappl2 80 7196 0 7140 3 1 2 3 0
8 0
amappl1 72 26811 0 26413 26 17 9 20 0
8 0
amappl 80 2352 0 2307 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 107 0 4 2 0 2 2 0
8 0
uaddrrnd 24 1019 0 997 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 1019 0 997 1 0 1 1 0
8 0
vmmpekpl 168 10047 0 10017 2 0 2 2 0
8 0
vmmpepl 168 128361 0 126385 165 46 119 130 0 357
25
vmsppl 272 1009 0 997 2 1 1 2 0
8 0
pdppl 4096 2044 0 2006 7 1 6 6 0
8 0
pvpl 32 374821 0 354479 259 48 211 241 0 265
37
pmappl 200 1018 0 1000 2 0 2 2 0
8 1
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 577 0 40 16 0 16 16 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 10, 2020, 2:01:05 AM1/10/20
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages