uvm_fault: pfsync_state_import
1 view
Skip to first unread message
syzbot
Jun 13, 2020, 5:47:14 PM6/13/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 2ed200e5 Load CTF section to enable DDB's "show struct"
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=125a2551100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=7de8d8aecb6de84a0bc9
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7de8d8...@syzkaller.appspotmail.com
uvm_fault(0xfffffd8006023bc0, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pfsync_state_import+0x110: movq 0(%r14,%rbx,8),%r12
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd8006023bc0, 0x0, 0, 1) -> e
pfsync_state_import(ffff800000aab400,1) at pfsync_state_import+0x110 sys/net/if_pfsync.c:518
end trace frame: 0xffff8000207a2840, count: 0
ddb> trace
pfsync_state_import(ffff800000aab400,1) at pfsync_state_import+0x110 sys/net/if_pfsync.c:518
pfioctl(4900,c1084425,ffff800000aab400,3,ffff80001d709020) at pfioctl+0x284a sys/net/pf_ioctl.c:1686
VOP_IOCTL(fffffd805d8411a0,c1084425,ffff800000aab400,3,fffffd806c3bfae0,ffff80001d709020) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd80578d1720,c1084425,ffff800000aab400,ffff80001d709020) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d709020,ffff8000207a2b28,ffff8000207a2b70) at sys_ioctl+0x4a1
syscall(ffff8000207a2bf0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb35f401a30, count: -7
ddb> show registers
rdi 0xffffffff8155ce30 pfsync_state_import+0x110
rsi 0x172
rbp 0xffff8000207a26e0
rbx 0
rdx 0x173
rcx 0xffff80001e779000
rax 0xffff80001e779000
r8 0xffffffff815d4ade pfioctl+0x16e
r9 0x7
r10 0xff419b300ece3dfc
r11 0x32e64b339d6946b7
r12 0
r13 0xffff800000aab400
r14 0
r15 0x1
rip 0xffffffff8155ce30 pfsync_state_import+0x110
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000207a2660
ss 0x10
pfsync_state_import+0x110: movq 0(%r14,%rbx,8),%r12
ddb> show proc
PROC (syz-executor.1) pid=352307 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=76, nice=20
forw=0xffffffffffffffff, list=0xffff80001d709500,0xffff80001d7099f0
process=0xffff8000207b4030 user=0xffff80002079d000, vmspace=0xfffffd8006023bc0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
42437 247729 57231 0 2 0 syz-executor.1
*42437 352307 57231 0 7 0x4000000 syz-executor.1
42437 54287 57231 0 3 0x4000080 fsleep syz-executor.1
69848 222504 0 0 3 0x14280 nfsidl nfsio
91074 467066 0 0 3 0x14280 nfsidl nfsio
14663 383579 0 0 3 0x14280 nfsidl nfsio
64523 322424 0 0 3 0x14280 nfsidl nfsio
21461 418202 0 0 3 0x14280 nfsidl nfsio
60229 398229 0 0 3 0x14280 nfsidl nfsio
91082 47794 0 0 3 0x14280 nfsidl nfsio
23701 405180 0 0 3 0x14280 nfsidl nfsio
49846 386029 0 0 3 0x14280 nfsidl nfsio
25864 327456 0 0 3 0x14280 nfsidl nfsio
93138 71854 0 0 3 0x14280 nfsidl nfsio
23352 140259 0 0 3 0x14280 nfsidl nfsio
9305 390276 0 0 3 0x14280 nfsidl nfsio
68485 477446 0 0 3 0x14280 nfsidl nfsio
53545 304196 0 0 3 0x14280 nfsidl nfsio
36458 382247 0 0 3 0x14280 nfsidl nfsio
90429 393350 0 0 3 0x14280 nfsidl nfsio
10065 404567 0 0 3 0x14280 nfsidl nfsio
99163 214669 0 0 3 0x14280 nfsidl nfsio
32994 127673 0 0 3 0x14280 nfsidl nfsio
17915 486558 0 0 3 0x14200 bored sosplice
57231 255832 84408 0 3 0x82 nanosleep syz-executor.1
48066 90752 84408 0 3 0x82 nanosleep syz-executor.0
84408 213043 20880 0 3 0x82 kqread syz-fuzzer
84408 38382 20880 0 3 0x4000082 thrsleep syz-fuzzer
84408 157350 20880 0 3 0x4000082 thrsleep syz-fuzzer
84408 420124 20880 0 3 0x4000082 thrsleep syz-fuzzer
84408 436680 20880 0 3 0x4000082 thrsleep syz-fuzzer
84408 22256 20880 0 3 0x4000082 thrsleep syz-fuzzer
84408 83305 20880 0 3 0x4000082 thrsleep syz-fuzzer
20880 144310 33726 0 3 0x10008a pause ksh
33726 91707 98237 0 3 0x92 select sshd
18170 443278 1 0 3 0x100083 ttyin getty
98237 477008 1 0 3 0x80 select sshd
14253 97175 81106 73 3 0x100090 kqread syslogd
81106 423826 1 0 3 0x100082 netio syslogd
23188 96068 1 77 3 0x100090 poll dhclient
15961 263256 1 0 3 0x80 poll dhclient
39658 245026 0 0 3 0x14200 bored smr
84506 293331 0 0 2 0x14200 zerothread
32528 76896 0 0 3 0x14200 aiodoned aiodoned
43750 23991 0 0 3 0x14200 syncer update
22354 36897 0 0 3 0x14200 cleaner cleaner
1516 69930 0 0 3 0x14200 reaper reaper
5807 111166 0 0 3 0x14200 pgdaemon pagedaemon
2108 33330 0 0 3 0x14200 bored crynlk
27608 324471 0 0 3 0x14200 bored crypto
16439 412316 0 0 3 0x40014200 acpi0 acpi0
93727 493855 0 0 3 0x14200 bored softnet
49594 276613 0 0 3 0x14200 bored systqmp
74181 357485 0 0 3 0x14200 bored systq
97026 448808 0 0 3 0x40014200 bored softclock
59654 502947 0 0 3 0x40014200 idle0
1 489355 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9490 6464K 7235K 78643K 11287 0
pcb 13 8K 8K 78643K 41 0
rtable 96 4K 8K 78643K 351 0
ifaddr 58 13K 14K 78643K 109 0
counters 20 16K 17K 78643K 26 0
ioctlops 1 0K 4K 78643K 37 0
iov 0 0K 24K 78643K 30 0
mount 1 1K 1K 78643K 1 0
vnodes 1224 77K 77K 78643K 1396 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 4 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 26 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 5 13K 25K 78643K 161 0
proc 49 38K 54K 78643K 363 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 2 0
in_multi 47 2K 3K 78643K 61 0
ether_multi 1 0K 0K 78643K 2 0
mrt 0 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 43 201K 201K 78643K 43 0
exec 0 0K 1K 78643K 185 0
pfkey data 0 0K 0K 78643K 2 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 121 38K 40K 78643K 1207 0
UVM aobj 13 4K 4K 78643K 13 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 4 0
NDP 8 0K 0K 78643K 18 0
temp 74 3841K 3906K 78643K 16908 0
kqueue 3 4K 10K 78643K 9 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 2 1 0 1 1 0 8 0
rtpcb 80 31 0 29 1 0 1 1 0 8 0
rtentry 112 47 0 13 2 0 2 2 0 8 0
unpcb 120 99 0 91 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 290 0 290 1 1 0 1 0 8 0
tcpcb 544 36 0 32 1 0 1 1 0 8 0
inpcb 280 110 0 103 2 0 2 2 0 8 1
nd6 48 7 0 4 1 0 1 1 0 8 0
pkpcb 40 4 0 4 1 0 1 1 0 8 1
pfrktable 1344 46 0 43 1 0 1 1 0 8 0
pftag 88 4 0 4 2 1 1 1 0 8 1
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 112 2 0 0 1 0 1 1 0 8 0
pfstate 328 1 0 0 1 0 1 1 0 8 0
pfrule 1360 11 0 4 1 0 1 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 197 0 46 13 1 12 13 0 8 0
art_table 32 199 0 46 2 0 2 2 0 8 0
art_node 16 46 0 15 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 24 0 14 1 0 1 1 0 8 0
shmpl 112 11 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1609 0 210 88 0 88 88 0 8 0
ffsino 240 1609 0 210 83 0 83 83 0 8 0
nchpl 144 2065 0 460 60 0 60 60 0 8 0
uvmvnodes 72 1803 0 0 33 0 33 33 0 8 0
vnodes 208 1803 0 0 95 0 95 95 0 8 0
namei 1024 5324 0 5324 1 0 1 1 0 8 1
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 528 2 0 0 1 0 1 1 0 8 0
pfiaddrpl 120 14 0 12 1 0 1 1 0 8 0
scxspl 192 6155 0 6155 1 0 1 1 0 8 1
plimitpl 152 26 0 19 1 0 1 1 0 8 0
sigapl 424 368 0 319 6 0 6 6 0 8 0
futexpl 56 2798 0 2797 1 0 1 1 0 8 0
knotepl 112 69 0 50 1 0 1 1 0 8 0
kqueuepl 144 18 0 16 1 0 1 1 0 8 0
pipelkpl 16 84 0 74 1 0 1 1 0 8 0
pipepl 120 168 0 149 1 0 1 1 0 8 0
fdescpl 432 333 0 319 2 0 2 2 0 8 0
filepl 120 1907 0 1806 4 0 4 4 0 8 0
lockfpl 104 43 0 42 1 0 1 1 0 8 0
lockfspl 48 15 0 14 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 173 0 166 1 0 1 1 0 8 0
zombiepl 144 319 0 318 1 0 1 1 0 8 0
processpl 920 368 0 318 7 0 7 7 0 8 0
procpl 624 531 0 473 5 0 5 5 0 8 0
sosppl 128 4 0 4 2 1 1 1 0 8 1
sockpl 400 244 0 227 5 2 3 4 0 8 1
mcl64k 65536 11 0 11 2 1 1 1 0 8 1
mcl12k 12288 3 0 3 2 2 0 1 0 8 0
mcl8k 8192 2 0 2 1 1 0 1 0 8 0
mcl4k 4096 16 0 16 3 2 1 1 0 8 1
mcl2k2 2112 1 0 1 1 1 0 1 0 8 0
mcl2k 2048 73825 0 73771 20 12 8 17 0 8 1
mtagpl 80 100 0 34 3 1 2 2 0 8 0
mbufpl 256 117892 0 117680 18 1 17 17 0 8 0
bufpl 280 5128 0 126 358 0 358 358 0 8 0
anonpl 16 53634 0 38209 81 2 79 79 0 107 16
amapchunkpl 152 1780 0 1634 17 1 16 16 0 158 9
amappl16 192 1752 0 916 54 8 46 54 0 8 4
amappl15 184 71 0 68 1 0 1 1 0 8 0
amappl14 176 24 0 19 1 0 1 1 0 8 0
amappl13 168 26 0 23 1 0 1 1 0 8 0
amappl12 160 15 0 11 1 0 1 1 0 8 0
amappl11 152 174 0 161 1 0 1 1 0 8 0
amappl10 144 16 0 10 1 0 1 1 0 8 0
amappl9 136 286 0 284 1 0 1 1 0 8 0
amappl8 128 314 0 279 2 0 2 2 0 8 0
amappl7 120 107 0 95 1 0 1 1 0 8 0
amappl6 112 86 0 80 1 0 1 1 0 8 0
amappl5 104 442 0 431 1 0 1 1 0 8 0
amappl4 96 414 0 390 1 0 1 1 0 8 0
amappl3 88 109 0 101 1 0 1 1 0 8 0
amappl2 80 1897 0 1829 2 0 2 2 0 8 0
amappl1 72 15651 0 15232 23 14 9 17 0 8 0
amappl 80 738 0 693 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 12 0 0 1 0 1 1 0 8 0
uaddrrnd 24 335 0 319 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 335 0 319 1 0 1 1 0 8 0
vmmpekpl 168 6252 0 6223 2 0 2 2 0 8 0
vmmpepl 168 46698 0 44770 118 23 95 112 0 357 10
vmsppl 272 334 0 319 3 1 2 2 0 8 0
pdppl 4096 676 0 640 6 1 5 6 0 8 0
pvpl 32 190056 0 171539 255 0 255 255 0 265 101
pmappl 200 334 0 319 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 257 0 24 7 0 7 7 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pfsync_state_import(ffff800000aab400,1) at pfsync_state_import+0x110 sys/net/if_pfsync.c:518
pfioctl(4900,c1084425,ffff800000aab400,3,ffff80001d709020) at pfioctl+0x284a sys/net/pf_ioctl.c:1686
VOP_IOCTL(fffffd805d8411a0,c1084425,ffff800000aab400,3,fffffd806c3bfae0,ffff80001d709020) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd80578d1720,c1084425,ffff800000aab400,ffff80001d709020) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d709020,ffff8000207a2b28,ffff8000207a2b70) at sys_ioctl+0x4a1
syscall(ffff8000207a2bf0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb35f401a30, count: -7
ddb> machine ddbcpu 1
No such command
ddb> trace
pfsync_state_import(ffff800000aab400,1) at pfsync_state_import+0x110 sys/net/if_pfsync.c:518
pfioctl(4900,c1084425,ffff800000aab400,3,ffff80001d709020) at pfioctl+0x284a sys/net/pf_ioctl.c:1686
VOP_IOCTL(fffffd805d8411a0,c1084425,ffff800000aab400,3,fffffd806c3bfae0,ffff80001d709020) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd80578d1720,c1084425,ffff800000aab400,ffff80001d709020) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d709020,ffff8000207a2b28,ffff8000207a2b70) at sys_ioctl+0x4a1
syscall(ffff8000207a2bf0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb35f401a30, count: -7
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 2ed200e5 Load CTF section to enable DDB's "show struct"
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=125a2551100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=7de8d8aecb6de84a0bc9
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7de8d8...@syzkaller.appspotmail.com
uvm_fault(0xfffffd8006023bc0, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pfsync_state_import+0x110: movq 0(%r14,%rbx,8),%r12
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd8006023bc0, 0x0, 0, 1) -> e
pfsync_state_import(ffff800000aab400,1) at pfsync_state_import+0x110 sys/net/if_pfsync.c:518
end trace frame: 0xffff8000207a2840, count: 0
ddb> trace
pfsync_state_import(ffff800000aab400,1) at pfsync_state_import+0x110 sys/net/if_pfsync.c:518
pfioctl(4900,c1084425,ffff800000aab400,3,ffff80001d709020) at pfioctl+0x284a sys/net/pf_ioctl.c:1686
VOP_IOCTL(fffffd805d8411a0,c1084425,ffff800000aab400,3,fffffd806c3bfae0,ffff80001d709020) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd80578d1720,c1084425,ffff800000aab400,ffff80001d709020) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d709020,ffff8000207a2b28,ffff8000207a2b70) at sys_ioctl+0x4a1
syscall(ffff8000207a2bf0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb35f401a30, count: -7
ddb> show registers
rdi 0xffffffff8155ce30 pfsync_state_import+0x110
rsi 0x172
rbp 0xffff8000207a26e0
rbx 0
rdx 0x173
rcx 0xffff80001e779000
rax 0xffff80001e779000
r8 0xffffffff815d4ade pfioctl+0x16e
r9 0x7
r10 0xff419b300ece3dfc
r11 0x32e64b339d6946b7
r12 0
r13 0xffff800000aab400
r14 0
r15 0x1
rip 0xffffffff8155ce30 pfsync_state_import+0x110
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000207a2660
ss 0x10
pfsync_state_import+0x110: movq 0(%r14,%rbx,8),%r12
ddb> show proc
PROC (syz-executor.1) pid=352307 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=76, nice=20
forw=0xffffffffffffffff, list=0xffff80001d709500,0xffff80001d7099f0
process=0xffff8000207b4030 user=0xffff80002079d000, vmspace=0xfffffd8006023bc0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
42437 247729 57231 0 2 0 syz-executor.1
*42437 352307 57231 0 7 0x4000000 syz-executor.1
42437 54287 57231 0 3 0x4000080 fsleep syz-executor.1
69848 222504 0 0 3 0x14280 nfsidl nfsio
91074 467066 0 0 3 0x14280 nfsidl nfsio
14663 383579 0 0 3 0x14280 nfsidl nfsio
64523 322424 0 0 3 0x14280 nfsidl nfsio
21461 418202 0 0 3 0x14280 nfsidl nfsio
60229 398229 0 0 3 0x14280 nfsidl nfsio
91082 47794 0 0 3 0x14280 nfsidl nfsio
23701 405180 0 0 3 0x14280 nfsidl nfsio
49846 386029 0 0 3 0x14280 nfsidl nfsio
25864 327456 0 0 3 0x14280 nfsidl nfsio
93138 71854 0 0 3 0x14280 nfsidl nfsio
23352 140259 0 0 3 0x14280 nfsidl nfsio
9305 390276 0 0 3 0x14280 nfsidl nfsio
68485 477446 0 0 3 0x14280 nfsidl nfsio
53545 304196 0 0 3 0x14280 nfsidl nfsio
36458 382247 0 0 3 0x14280 nfsidl nfsio
90429 393350 0 0 3 0x14280 nfsidl nfsio
10065 404567 0 0 3 0x14280 nfsidl nfsio
99163 214669 0 0 3 0x14280 nfsidl nfsio
32994 127673 0 0 3 0x14280 nfsidl nfsio
17915 486558 0 0 3 0x14200 bored sosplice
57231 255832 84408 0 3 0x82 nanosleep syz-executor.1
48066 90752 84408 0 3 0x82 nanosleep syz-executor.0
84408 213043 20880 0 3 0x82 kqread syz-fuzzer
84408 38382 20880 0 3 0x4000082 thrsleep syz-fuzzer
84408 157350 20880 0 3 0x4000082 thrsleep syz-fuzzer
84408 420124 20880 0 3 0x4000082 thrsleep syz-fuzzer
84408 436680 20880 0 3 0x4000082 thrsleep syz-fuzzer
84408 22256 20880 0 3 0x4000082 thrsleep syz-fuzzer
84408 83305 20880 0 3 0x4000082 thrsleep syz-fuzzer
20880 144310 33726 0 3 0x10008a pause ksh
33726 91707 98237 0 3 0x92 select sshd
18170 443278 1 0 3 0x100083 ttyin getty
98237 477008 1 0 3 0x80 select sshd
14253 97175 81106 73 3 0x100090 kqread syslogd
81106 423826 1 0 3 0x100082 netio syslogd
23188 96068 1 77 3 0x100090 poll dhclient
15961 263256 1 0 3 0x80 poll dhclient
39658 245026 0 0 3 0x14200 bored smr
84506 293331 0 0 2 0x14200 zerothread
32528 76896 0 0 3 0x14200 aiodoned aiodoned
43750 23991 0 0 3 0x14200 syncer update
22354 36897 0 0 3 0x14200 cleaner cleaner
1516 69930 0 0 3 0x14200 reaper reaper
5807 111166 0 0 3 0x14200 pgdaemon pagedaemon
2108 33330 0 0 3 0x14200 bored crynlk
27608 324471 0 0 3 0x14200 bored crypto
16439 412316 0 0 3 0x40014200 acpi0 acpi0
93727 493855 0 0 3 0x14200 bored softnet
49594 276613 0 0 3 0x14200 bored systqmp
74181 357485 0 0 3 0x14200 bored systq
97026 448808 0 0 3 0x40014200 bored softclock
59654 502947 0 0 3 0x40014200 idle0
1 489355 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9490 6464K 7235K 78643K 11287 0
pcb 13 8K 8K 78643K 41 0
rtable 96 4K 8K 78643K 351 0
ifaddr 58 13K 14K 78643K 109 0
counters 20 16K 17K 78643K 26 0
ioctlops 1 0K 4K 78643K 37 0
iov 0 0K 24K 78643K 30 0
mount 1 1K 1K 78643K 1 0
vnodes 1224 77K 77K 78643K 1396 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 4 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 26 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 5 13K 25K 78643K 161 0
proc 49 38K 54K 78643K 363 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 2 0
in_multi 47 2K 3K 78643K 61 0
ether_multi 1 0K 0K 78643K 2 0
mrt 0 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 43 201K 201K 78643K 43 0
exec 0 0K 1K 78643K 185 0
pfkey data 0 0K 0K 78643K 2 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 121 38K 40K 78643K 1207 0
UVM aobj 13 4K 4K 78643K 13 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 4 0
NDP 8 0K 0K 78643K 18 0
temp 74 3841K 3906K 78643K 16908 0
kqueue 3 4K 10K 78643K 9 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 2 1 0 1 1 0 8 0
rtpcb 80 31 0 29 1 0 1 1 0 8 0
rtentry 112 47 0 13 2 0 2 2 0 8 0
unpcb 120 99 0 91 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 290 0 290 1 1 0 1 0 8 0
tcpcb 544 36 0 32 1 0 1 1 0 8 0
inpcb 280 110 0 103 2 0 2 2 0 8 1
nd6 48 7 0 4 1 0 1 1 0 8 0
pkpcb 40 4 0 4 1 0 1 1 0 8 1
pfrktable 1344 46 0 43 1 0 1 1 0 8 0
pftag 88 4 0 4 2 1 1 1 0 8 1
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 112 2 0 0 1 0 1 1 0 8 0
pfstate 328 1 0 0 1 0 1 1 0 8 0
pfrule 1360 11 0 4 1 0 1 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 197 0 46 13 1 12 13 0 8 0
art_table 32 199 0 46 2 0 2 2 0 8 0
art_node 16 46 0 15 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 24 0 14 1 0 1 1 0 8 0
shmpl 112 11 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1609 0 210 88 0 88 88 0 8 0
ffsino 240 1609 0 210 83 0 83 83 0 8 0
nchpl 144 2065 0 460 60 0 60 60 0 8 0
uvmvnodes 72 1803 0 0 33 0 33 33 0 8 0
vnodes 208 1803 0 0 95 0 95 95 0 8 0
namei 1024 5324 0 5324 1 0 1 1 0 8 1
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 528 2 0 0 1 0 1 1 0 8 0
pfiaddrpl 120 14 0 12 1 0 1 1 0 8 0
scxspl 192 6155 0 6155 1 0 1 1 0 8 1
plimitpl 152 26 0 19 1 0 1 1 0 8 0
sigapl 424 368 0 319 6 0 6 6 0 8 0
futexpl 56 2798 0 2797 1 0 1 1 0 8 0
knotepl 112 69 0 50 1 0 1 1 0 8 0
kqueuepl 144 18 0 16 1 0 1 1 0 8 0
pipelkpl 16 84 0 74 1 0 1 1 0 8 0
pipepl 120 168 0 149 1 0 1 1 0 8 0
fdescpl 432 333 0 319 2 0 2 2 0 8 0
filepl 120 1907 0 1806 4 0 4 4 0 8 0
lockfpl 104 43 0 42 1 0 1 1 0 8 0
lockfspl 48 15 0 14 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 173 0 166 1 0 1 1 0 8 0
zombiepl 144 319 0 318 1 0 1 1 0 8 0
processpl 920 368 0 318 7 0 7 7 0 8 0
procpl 624 531 0 473 5 0 5 5 0 8 0
sosppl 128 4 0 4 2 1 1 1 0 8 1
sockpl 400 244 0 227 5 2 3 4 0 8 1
mcl64k 65536 11 0 11 2 1 1 1 0 8 1
mcl12k 12288 3 0 3 2 2 0 1 0 8 0
mcl8k 8192 2 0 2 1 1 0 1 0 8 0
mcl4k 4096 16 0 16 3 2 1 1 0 8 1
mcl2k2 2112 1 0 1 1 1 0 1 0 8 0
mcl2k 2048 73825 0 73771 20 12 8 17 0 8 1
mtagpl 80 100 0 34 3 1 2 2 0 8 0
mbufpl 256 117892 0 117680 18 1 17 17 0 8 0
bufpl 280 5128 0 126 358 0 358 358 0 8 0
anonpl 16 53634 0 38209 81 2 79 79 0 107 16
amapchunkpl 152 1780 0 1634 17 1 16 16 0 158 9
amappl16 192 1752 0 916 54 8 46 54 0 8 4
amappl15 184 71 0 68 1 0 1 1 0 8 0
amappl14 176 24 0 19 1 0 1 1 0 8 0
amappl13 168 26 0 23 1 0 1 1 0 8 0
amappl12 160 15 0 11 1 0 1 1 0 8 0
amappl11 152 174 0 161 1 0 1 1 0 8 0
amappl10 144 16 0 10 1 0 1 1 0 8 0
amappl9 136 286 0 284 1 0 1 1 0 8 0
amappl8 128 314 0 279 2 0 2 2 0 8 0
amappl7 120 107 0 95 1 0 1 1 0 8 0
amappl6 112 86 0 80 1 0 1 1 0 8 0
amappl5 104 442 0 431 1 0 1 1 0 8 0
amappl4 96 414 0 390 1 0 1 1 0 8 0
amappl3 88 109 0 101 1 0 1 1 0 8 0
amappl2 80 1897 0 1829 2 0 2 2 0 8 0
amappl1 72 15651 0 15232 23 14 9 17 0 8 0
amappl 80 738 0 693 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 12 0 0 1 0 1 1 0 8 0
uaddrrnd 24 335 0 319 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 335 0 319 1 0 1 1 0 8 0
vmmpekpl 168 6252 0 6223 2 0 2 2 0 8 0
vmmpepl 168 46698 0 44770 118 23 95 112 0 357 10
vmsppl 272 334 0 319 3 1 2 2 0 8 0
pdppl 4096 676 0 640 6 1 5 6 0 8 0
pvpl 32 190056 0 171539 255 0 255 255 0 265 101
pmappl 200 334 0 319 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 257 0 24 7 0 7 7 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pfsync_state_import(ffff800000aab400,1) at pfsync_state_import+0x110 sys/net/if_pfsync.c:518
pfioctl(4900,c1084425,ffff800000aab400,3,ffff80001d709020) at pfioctl+0x284a sys/net/pf_ioctl.c:1686
VOP_IOCTL(fffffd805d8411a0,c1084425,ffff800000aab400,3,fffffd806c3bfae0,ffff80001d709020) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd80578d1720,c1084425,ffff800000aab400,ffff80001d709020) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d709020,ffff8000207a2b28,ffff8000207a2b70) at sys_ioctl+0x4a1
syscall(ffff8000207a2bf0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb35f401a30, count: -7
ddb> machine ddbcpu 1
No such command
ddb> trace
pfsync_state_import(ffff800000aab400,1) at pfsync_state_import+0x110 sys/net/if_pfsync.c:518
pfioctl(4900,c1084425,ffff800000aab400,3,ffff80001d709020) at pfioctl+0x284a sys/net/pf_ioctl.c:1686
VOP_IOCTL(fffffd805d8411a0,c1084425,ffff800000aab400,3,fffffd806c3bfae0,ffff80001d709020) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd80578d1720,c1084425,ffff800000aab400,ffff80001d709020) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d709020,ffff8000207a2b28,ffff8000207a2b70) at sys_ioctl+0x4a1
syscall(ffff8000207a2bf0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb35f401a30, count: -7
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Aug 19, 2020, 11:10:24 AM8/19/20
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 7a3e72b5 Respond to colour requests if a colour is availab..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14efec5a900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104c5636900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7de8d8...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806bc09220, 0x0, 0, 1) -> e
pfsync_state_import(ffff800000ac6400,1) at pfsync_state_import+0x108 sys/net/if_pfsync.c:529
end trace frame: 0xffff80001d735590, count: 0
ddb> trace
pfsync_state_import(ffff800000ac6400,1) at pfsync_state_import+0x108 sys/net/if_pfsync.c:529
pfioctl(4900,c1084425,ffff800000ac6400,3,ffff80001d702778) at pfioctl+0x2764 sys/net/pf_ioctl.c:1688
VOP_IOCTL(fffffd805e06c270,c1084425,ffff800000ac6400,3,fffffd806c3bfc00,ffff80001d702778) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd805d7f9710,c1084425,ffff800000ac6400,ffff80001d702778) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d702778,ffff80001d735878,ffff80001d7358c0) at sys_ioctl+0x4ac
syscall(ffff80001d735940) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
rbp 0xffff80001d735430
rbx 0
rdx 0x10
rcx 0
rax 0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8045b81d9660cc30
r11 0xe287f92add5b6a42
r12 0xffff8000006b5f00
r13 0xffff800000ac6400
r14 0x1
r15 0x1
rip 0xffffffff82330928 pfsync_state_import+0x108
ss 0x10
pfsync_state_import+0x108: movq 0(%rax,%rbx,8),%r15
ddb> show proc
PROC (syz-executor6259) pid=255530 stat=onproc
flags process=2<EXEC,8ORPHAN> proc=0
pri=53, usrpri=53, nice=20
forw=0xffffffffffffffff, list=0xffff80001d702010,0xffffffff827ac148
process=0xffff80001d704778 user=0xffff80001d730000, vmspace=0xfffffd806bc09220
estcpu=3, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
577 23040 25054 0 3 0x10008a pause ksh
25054 117155 69479 0 3 0x92 select sshd
22974 73219 1 0 3 0x100083 ttyin getty
69479 450583 1 0 3 0x80 select sshd
75573 432745 37897 73 3 0x100090 kqread syslogd
37897 312517 1 0 3 0x100082 netio syslogd
43284 12971 1 77 3 0x100090 poll dhclient
73477 185321 1 0 3 0x80 poll dhclient
64502 136354 0 0 3 0x14200 bored smr
15097 269284 0 0 2 0x14200 zerothread
62256 327951 0 0 3 0x14200 aiodoned aiodoned
3754 365547 0 0 3 0x14200 syncer update
78062 26911 0 0 3 0x14200 cleaner cleaner
75362 406900 0 0 3 0x14200 reaper reaper
9290 129517 0 0 3 0x14200 pgdaemon pagedaemon
80579 490807 0 0 3 0x14200 bored crynlk
62347 328871 0 0 3 0x14200 bored crypto
25957 300227 0 0 3 0x40014200 acpi0 acpi0
86713 452054 0 0 3 0x14200 bored softnet
85572 38095 0 0 3 0x14200 bored systqmp
22906 162641 0 0 3 0x14200 bored systq
21634 447379 0 0 3 0x40014200 bored softclock
20253 457117 0 0 3 0x40014200 idle0
1 469393 0 0 3 0x82 wait init
pcb 13 8K 8K 78643K 13 0
rtable 61 1K 2K 78643K 117 0
ifaddr 25 7K 7K 78643K 25 0
counters 19 16K 16K 78643K 19 0
ioctlops 1 0K 4K 78643K 15 0
proc 47 38K 46K 78643K 278 0
ether_multi 1 0K 0K 78643K 1 0
exec 0 0K 2K 78643K 261 0
UVM aobj 3 2K 2K 78643K 3 0
temp 18 3941K 4005K 78643K 1436 0
kqueue 2 2K 2K 78643K 2 0
rtpcb 96 15 0 13 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 120 27 0 19 1 0 1 1 0 8 0
syncache 272 5 0 5 2 1 1 1 0 8 1
tcpcb 592 8 0 5 1 0 1 1 0 8 0
inpcb 296 22 0 16 1 0 1 1 0 8 0
pfrule 1360 1 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
ffsino 240 1389 0 15 81 0 81 81 0 8 0
nchpl 144 1563 0 30 57 0 57 57 0 8 0
uvmvnodes 72 1398 0 0 26 0 26 26 0 8 0
vnodes 208 1398 0 0 74 0 74 74 0 8 0
namei 1024 3487 0 3487 2 1 1 1 0 8 1
scxspl 200 3351 0 3351 2 1 1 1 0 8 1
plimitpl 152 13 0 8 1 0 1 1 0 8 0
sigapl 424 191 0 166 4 0 4 4 0 8 0
knotepl 112 5 0 0 1 0 1 1 0 8 0
kqueuepl 152 1 0 0 1 0 1 1 0 8 0
pipepl 272 57 0 53 2 1 1 1 0 8 0
fdescpl 432 177 0 166 2 0 2 2 0 8 0
filepl 120 824 0 779 2 0 2 2 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 120 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 96 57 0 50 1 0 1 1 0 8 0
zombiepl 144 166 0 166 2 1 1 1 0 8 1
processpl 944 191 0 166 4 0 4 4 0 8 0
procpl 632 191 0 166 3 0 3 3 0 8 0
sockpl 400 64 0 48 2 0 2 2 0 8 0
mcl4k 4096 10 0 10 2 1 1 1 0 8 1
mcl2k 2048 5400 0 5372 8 2 6 6 0 8 2
mtagpl 96 2 0 2 1 1 0 1 0 8 0
mbufpl 256 9393 0 9355 5 1 4 4 0 8 0
bufpl 280 1837 0 100 125 0 125 125 0 8 0
anonpl 16 20822 0 19700 7 2 5 7 0 107 0
amapchunkpl 152 676 0 641 3 0 3 3 0 158 0
amappl16 192 75 0 70 1 0 1 1 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 22 0 19 1 0 1 1 0 8 0
amappl13 168 12 0 11 2 1 1 1 0 8 0
amappl12 160 5 0 5 1 1 0 1 0 8 0
amappl11 152 39 0 30 1 0 1 1 0 8 0
amappl10 144 4 0 2 1 0 1 1 0 8 0
amappl9 136 175 0 175 1 1 0 1 0 8 0
amappl8 128 40 0 39 1 0 1 1 0 8 0
amappl7 120 193 0 192 1 0 1 1 0 8 0
amappl6 112 89 0 79 1 0 1 1 0 8 0
amappl5 104 293 0 284 1 0 1 1 0 8 0
amappl4 96 241 0 216 1 0 1 1 0 8 0
amappl3 88 74 0 65 1 0 1 1 0 8 0
amappl2 80 786 0 740 3 1 2 2 0 8 1
amappl1 72 12197 0 11813 16 6 10 16 0 8 0
amappl 80 395 0 377 1 0 1 1 0 84 0
uaddrrnd 24 177 0 166 1 0 1 1 0 8 0
vmmpekpl 168 5189 0 5173 1 0 1 1 0 8 0
vmmpepl 168 26302 0 25560 55 19 36 48 0 357 1
vmsppl 272 176 0 166 1 0 1 1 0 8 0
pdppl 4096 360 0 332 5 0 5 5 0 8 0
pvpl 32 75385 0 72592 33 6 27 27 0 265 3
pmappl 200 176 0 166 1 0 1 1 0 8 0
pfioctl(4900,c1084425,ffff800000ac6400,3,ffff80001d702778) at pfioctl+0x2764 sys/net/pf_ioctl.c:1688
VOP_IOCTL(fffffd805e06c270,c1084425,ffff800000ac6400,3,fffffd806c3bfc00,ffff80001d702778) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd805d7f9710,c1084425,ffff800000ac6400,ffff80001d702778) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d702778,ffff80001d735878,ffff80001d7358c0) at sys_ioctl+0x4ac
syscall(ffff80001d735940) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
pfioctl(4900,c1084425,ffff800000ac6400,3,ffff80001d702778) at pfioctl+0x2764 sys/net/pf_ioctl.c:1688
VOP_IOCTL(fffffd805e06c270,c1084425,ffff800000ac6400,3,fffffd806c3bfc00,ffff80001d702778) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd805d7f9710,c1084425,ffff800000ac6400,ffff80001d702778) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d702778,ffff80001d735878,ffff80001d7358c0) at sys_ioctl+0x4ac
syscall(ffff80001d735940) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
HEAD commit: 7a3e72b5 Respond to colour requests if a colour is availab..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14efec5a900000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=7de8d8aecb6de84a0bc9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d51289900000
dashboard link: https://syzkaller.appspot.com/bug?extid=7de8d8aecb6de84a0bc9
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104c5636900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7de8d8...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806bc09220, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pfsync_state_import+0x108: movq 0(%rax,%rbx,8),%r15
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd806bc09220, 0x0, 0, 1) -> e
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
pfsync_state_import(ffff800000ac6400,1) at pfsync_state_import+0x108 sys/net/if_pfsync.c:529
end trace frame: 0xffff80001d735590, count: 0
ddb> trace
pfsync_state_import(ffff800000ac6400,1) at pfsync_state_import+0x108 sys/net/if_pfsync.c:529
pfioctl(4900,c1084425,ffff800000ac6400,3,ffff80001d702778) at pfioctl+0x2764 sys/net/pf_ioctl.c:1688
VOP_IOCTL(fffffd805e06c270,c1084425,ffff800000ac6400,3,fffffd806c3bfc00,ffff80001d702778) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd805d7f9710,c1084425,ffff800000ac6400,ffff80001d702778) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d702778,ffff80001d735878,ffff80001d7358c0) at sys_ioctl+0x4ac
syscall(ffff80001d735940) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc0dc0, count: -7
end of kernel
ddb> show registers
rdi 0
rsi 0x1
rdi 0
rbp 0xffff80001d735430
rbx 0
rdx 0x10
rcx 0
rax 0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8045b81d9660cc30
r11 0xe287f92add5b6a42
r12 0xffff8000006b5f00
r13 0xffff800000ac6400
r14 0x1
r15 0x1
rip 0xffffffff82330928 pfsync_state_import+0x108
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001d7353b0
rflags 0x10246 __ALIGN_SIZE+0xf246
ss 0x10
pfsync_state_import+0x108: movq 0(%rax,%rbx,8),%r15
ddb> show proc
PROC (syz-executor6259) pid=255530 stat=onproc
flags process=2<EXEC,8ORPHAN> proc=0
pri=53, usrpri=53, nice=20
forw=0xffffffffffffffff, list=0xffff80001d702010,0xffffffff827ac148
process=0xffff80001d704778 user=0xffff80001d730000, vmspace=0xfffffd806bc09220
estcpu=3, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*69313 255530 577 0 7 0x2 syz-executor6259
PID TID PPID UID S FLAGS WAIT COMMAND
577 23040 25054 0 3 0x10008a pause ksh
25054 117155 69479 0 3 0x92 select sshd
22974 73219 1 0 3 0x100083 ttyin getty
69479 450583 1 0 3 0x80 select sshd
75573 432745 37897 73 3 0x100090 kqread syslogd
37897 312517 1 0 3 0x100082 netio syslogd
43284 12971 1 77 3 0x100090 poll dhclient
73477 185321 1 0 3 0x80 poll dhclient
64502 136354 0 0 3 0x14200 bored smr
15097 269284 0 0 2 0x14200 zerothread
62256 327951 0 0 3 0x14200 aiodoned aiodoned
3754 365547 0 0 3 0x14200 syncer update
78062 26911 0 0 3 0x14200 cleaner cleaner
75362 406900 0 0 3 0x14200 reaper reaper
9290 129517 0 0 3 0x14200 pgdaemon pagedaemon
80579 490807 0 0 3 0x14200 bored crynlk
62347 328871 0 0 3 0x14200 bored crypto
25957 300227 0 0 3 0x40014200 acpi0 acpi0
86713 452054 0 0 3 0x14200 bored softnet
85572 38095 0 0 3 0x14200 bored systqmp
22906 162641 0 0 3 0x14200 bored systq
21634 447379 0 0 3 0x40014200 bored softclock
20253 457117 0 0 3 0x40014200 idle0
1 469393 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9438 6318K 6319K 78643K 10537 0
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
pcb 13 8K 8K 78643K 13 0
rtable 61 1K 2K 78643K 117 0
ifaddr 25 7K 7K 78643K 25 0
counters 19 16K 16K 78643K 19 0
ioctlops 1 0K 4K 78643K 15 0
mount 1 1K 1K 78643K 1 0
vnodes 1182 74K 74K 78643K 1187 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
VM map 2 0K 0K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 1 0K 0K 78643K 1 0
ACPI 1809 195K 288K 78643K 12938 0
proc 47 38K 46K 78643K 278 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 19 95K 95K 78643K 19 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 2K 78643K 261 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 32 1K 2K 78643K 558 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 3 0K 0K 78643K 3 0
crypto data 1 1K 1K 78643K 1 0
temp 18 3941K 4005K 78643K 1436 0
kqueue 2 2K 2K 78643K 2 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 2 0 0 1 0 1 1 0 8 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 96 15 0 13 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 120 27 0 19 1 0 1 1 0 8 0
syncache 272 5 0 5 2 1 1 1 0 8 1
tcpcb 592 8 0 5 1 0 1 1 0 8 0
inpcb 296 22 0 16 1 0 1 1 0 8 0
pfrule 1360 1 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1389 0 15 86 0 86 86 0 8 0
ffsino 240 1389 0 15 81 0 81 81 0 8 0
nchpl 144 1563 0 30 57 0 57 57 0 8 0
uvmvnodes 72 1398 0 0 26 0 26 26 0 8 0
vnodes 208 1398 0 0 74 0 74 74 0 8 0
namei 1024 3487 0 3487 2 1 1 1 0 8 1
scxspl 200 3351 0 3351 2 1 1 1 0 8 1
plimitpl 152 13 0 8 1 0 1 1 0 8 0
sigapl 424 191 0 166 4 0 4 4 0 8 0
knotepl 112 5 0 0 1 0 1 1 0 8 0
kqueuepl 152 1 0 0 1 0 1 1 0 8 0
pipepl 272 57 0 53 2 1 1 1 0 8 0
fdescpl 432 177 0 166 2 0 2 2 0 8 0
filepl 120 824 0 779 2 0 2 2 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 120 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 96 57 0 50 1 0 1 1 0 8 0
zombiepl 144 166 0 166 2 1 1 1 0 8 1
processpl 944 191 0 166 4 0 4 4 0 8 0
procpl 632 191 0 166 3 0 3 3 0 8 0
sockpl 400 64 0 48 2 0 2 2 0 8 0
mcl4k 4096 10 0 10 2 1 1 1 0 8 1
mcl2k 2048 5400 0 5372 8 2 6 6 0 8 2
mtagpl 96 2 0 2 1 1 0 1 0 8 0
mbufpl 256 9393 0 9355 5 1 4 4 0 8 0
bufpl 280 1837 0 100 125 0 125 125 0 8 0
anonpl 16 20822 0 19700 7 2 5 7 0 107 0
amapchunkpl 152 676 0 641 3 0 3 3 0 158 0
amappl16 192 75 0 70 1 0 1 1 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 22 0 19 1 0 1 1 0 8 0
amappl13 168 12 0 11 2 1 1 1 0 8 0
amappl12 160 5 0 5 1 1 0 1 0 8 0
amappl11 152 39 0 30 1 0 1 1 0 8 0
amappl10 144 4 0 2 1 0 1 1 0 8 0
amappl9 136 175 0 175 1 1 0 1 0 8 0
amappl8 128 40 0 39 1 0 1 1 0 8 0
amappl7 120 193 0 192 1 0 1 1 0 8 0
amappl6 112 89 0 79 1 0 1 1 0 8 0
amappl5 104 293 0 284 1 0 1 1 0 8 0
amappl4 96 241 0 216 1 0 1 1 0 8 0
amappl3 88 74 0 65 1 0 1 1 0 8 0
amappl2 80 786 0 740 3 1 2 2 0 8 1
amappl1 72 12197 0 11813 16 6 10 16 0 8 0
amappl 80 395 0 377 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 2 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 177 0 166 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 177 0 166 1 0 1 1 0 8 0
vmmpekpl 168 5189 0 5173 1 0 1 1 0 8 0
vmmpepl 168 26302 0 25560 55 19 36 48 0 357 1
vmsppl 272 176 0 166 1 0 1 1 0 8 0
pdppl 4096 360 0 332 5 0 5 5 0 8 0
pvpl 32 75385 0 72592 33 6 27 27 0 265 3
pmappl 200 176 0 166 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 209 0 9 6 0 6 6 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pfsync_state_import(ffff800000ac6400,1) at pfsync_state_import+0x108 sys/net/if_pfsync.c:529
No such command
ddb> trace
pfioctl(4900,c1084425,ffff800000ac6400,3,ffff80001d702778) at pfioctl+0x2764 sys/net/pf_ioctl.c:1688
VOP_IOCTL(fffffd805e06c270,c1084425,ffff800000ac6400,3,fffffd806c3bfc00,ffff80001d702778) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd805d7f9710,c1084425,ffff800000ac6400,ffff80001d702778) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d702778,ffff80001d735878,ffff80001d7358c0) at sys_ioctl+0x4ac
syscall(ffff80001d735940) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc0dc0, count: -7
end of kernel
ddb> machine ddbcpu 1
No such command
ddb> trace
pfsync_state_import(ffff800000ac6400,1) at pfsync_state_import+0x108 sys/net/if_pfsync.c:529
No such command
ddb> trace
pfioctl(4900,c1084425,ffff800000ac6400,3,ffff80001d702778) at pfioctl+0x2764 sys/net/pf_ioctl.c:1688
VOP_IOCTL(fffffd805e06c270,c1084425,ffff800000ac6400,3,fffffd806c3bfc00,ffff80001d702778) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd805d7f9710,c1084425,ffff800000ac6400,ffff80001d702778) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80001d702778,ffff80001d735878,ffff80001d7358c0) at sys_ioctl+0x4ac
syscall(ffff80001d735940) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc0dc0, count: -7
end of kernel
Anton Lindqvist
Dec 22, 2021, 1:46:55 AM12/22/21
to syzbot, syzkaller-o...@googlegroups.com
#syz fix: Remove ptr_array from struct pf_ruleset
Reply all
Reply to author
Forward
0 new messages