kernel: double fault trap, code=0 (3)
8 views
Skip to first unread message
syzbot
Mar 3, 2020, 6:22:14 AM3/3/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 23a32f86 Allow armv7 efiboot(8) to read from an ffs2 files..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=163894f9e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=2f9616f39d3f3b281cfb
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2f9616...@syzkaller.appspotmail.com
kernel: double fault trap, code=0
Stopped at pool_lock_mtx_assert_locked+0x19: pushq %r12
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
pool_lock_mtx_assert_locked(ffffffff82569f10) at pool_lock_mtx_assert_locked+0x19 sys/kern/subr_pool.c:2210
pool_do_get(ffffffff82569f10,2,ffff80001d3ff118) at pool_do_get+0x40 sys/kern/subr_pool.c:694
pool_get(ffffffff82569f10,2) at pool_get+0xb5 sys/kern/subr_pool.c:581
m_get(2,3) at m_get+0x4c sys/kern/uipc_mbuf.c:250
sbappendaddr(fffffd8052cfc338,fffffd8052cfc3c0,ffff80001d3ff338,fffffd80587f9f00,0) at sbappendaddr+0x20d sys/kern/uipc_socket2.c:801
udp_sbappend(fffffd805e569c08,fffffd80587f9f00,fffffd80587f9fb0,0,14,fffffd80587f9fc4) at udp_sbappend+0x344 sys/netinet/udp_usrreq.c:629
udp_input(ffff80001d3ff5b8,ffff80001d3ff5c4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d3ff5b8,ffff80001d3ff5c4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d3ff5b8,ffff80001d3ff5c4,d33,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d3ff5b8,ffff80001d3ff5c4,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd80587f9f00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd80587f9f00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805a2eb800,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805a2eb800,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805a2eb800,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd80587f9800,fffffd80587f98b0,0,14,fffffd80587f98c4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d3ffc98,ffff80001d3ffca4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d3ffc98,ffff80001d3ffca4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d3ffc98,ffff80001d3ffca4,b45,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d3ffc98,ffff80001d3ffca4,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd80587f9800) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd80587f9800,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805e2f8c00,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805e2f8c00,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805e2f8c00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd805a2eb800,fffffd805a2eb8b0,0,14,fffffd805a2eb8c4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d400378,ffff80001d400384,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d400378,ffff80001d400384,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d400378,ffff80001d400384,951,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d400378,ffff80001d400384,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd805a2eb800) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd805a2eb800,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805e10b800,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805e10b800,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805e10b800,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd805e2f8c00,fffffd805e2f8cb0,0,14,fffffd805e2f8cc4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d400a58,ffff80001d400a64,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d400a58,ffff80001d400a64,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d400a58,ffff80001d400a64,763,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d400a58,ffff80001d400a64,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd805e2f8c00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd805e2f8c00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805a2ebb00,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805a2ebb00,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805a2ebb00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd805e10b800,fffffd805e10b8b0,0,14,fffffd805e10b8c4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d401138,ffff80001d401144,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d401138,ffff80001d401144,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d401138,ffff80001d401144,575,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d401138,ffff80001d401144,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd805e10b800) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd805e10b800,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805a2eb100,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805a2eb100,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805a2eb100,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd805a2ebb00,fffffd805a2ebbb0,0,14,fffffd805a2ebbc4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d401818,ffff80001d401824,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d401818,ffff80001d401824,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d401818,ffff80001d401824,387,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d401818,ffff80001d401824,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd805a2ebb00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd805a2ebb00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805e2f8900,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805e2f8900,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805e2f8900,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd805a2eb100,fffffd805a2eb1b0,0,14,fffffd805a2eb1c4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d401ef8,ffff80001d401f04,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d401ef8,ffff80001d401f04,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d401ef8,ffff80001d401f04,193,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d401ef8,ffff80001d401f04,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd805a2eb100) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd805a2eb100,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805a2eb500,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805a2eb500,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805a2eb500,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
sosend(fffffd8052cfc338,0,ffff80001d402270,0,0,2) at sosend+0x669 sys/kern/uipc_socket.c:549
sendit(ffff80001d35dc48,0,ffff80001d4023d0,2,ffff80001d4024c0) at sendit+0x52b sys/kern/uipc_syscalls.c:657
sys_sendmsg(ffff80001d35dc48,ffff80001d402478,ffff80001d4024c0) at sys_sendmsg+0x1a4 sys/kern/uipc_syscalls.c:562
syscall(ffff80001d402540) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa831defe3a0, count: -85
ddb> show registers
rdi 0xffffffff82569f10 mbpool
rsi 0xd7f
rbp 0xffff80001d3ff030
rbx 0xffffffff82569f10 mbpool
rdx 0xd80
rcx 0xffff80001f611000
rax 0xffffffff823973c8 pool_lock_ops_mtx
r8 0
r9 0x5
r10 0x26e0b13c29d23e7e
r11 0x9efa2539c0c301db
r12 0x2
r13 0x8a
r14 0xffffffff82569f10 mbpool
r15 0xffff80001d3ff118
rip 0xffffffff818104a9 pool_lock_mtx_assert_locked+0x19
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff80001d3ff000
ss 0x10
pool_lock_mtx_assert_locked+0x19: pushq %r12
ddb> show proc
PROC (syz-executor.0) pid=312982 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=57, nice=20
forw=0xffffffffffffffff, list=0xffff80001d35eae8,0xffffffff82588bd0
process=0xffff8000ffffae10 user=0xffff80001d3fd000, vmspace=0xfffffd8068ac7228
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
28556 183911 96284 0 2 0 syz-executor.0
*28556 312982 96284 0 7 0x4000000 syz-executor.0
32045 35595 61053 0 3 0x2 biowait syz-executor.1
64305 249596 0 0 3 0x14200 bored sosplice
96284 374706 61053 0 3 0x82 nanosleep syz-executor.0
61053 79799 29622 0 3 0x82 thrsleep syz-fuzzer
61053 335506 29622 0 3 0x4000082 nanosleep syz-fuzzer
61053 230392 29622 0 3 0x4000082 thrsleep syz-fuzzer
61053 456439 29622 0 3 0x4000082 thrsleep syz-fuzzer
61053 492130 29622 0 3 0x4000082 thrsleep syz-fuzzer
61053 93418 29622 0 3 0x4000082 thrsleep syz-fuzzer
61053 153919 29622 0 3 0x4000082 thrsleep syz-fuzzer
61053 460478 29622 0 3 0x4000082 kqread syz-fuzzer
29622 86739 23380 0 3 0x10008a pause ksh
23380 243216 65924 0 3 0x92 select sshd
89378 212406 1 0 3 0x100083 ttyin getty
65924 102234 1 0 3 0x80 select sshd
80575 47428 15244 73 3 0x100090 kqread syslogd
15244 37136 1 0 3 0x100082 netio syslogd
40328 56012 1 77 3 0x100090 poll dhclient
67643 41700 1 0 3 0x80 poll dhclient
46107 432287 0 0 3 0x14200 bored smr
64842 8753 0 0 2 0x14200 zerothread
14520 316999 0 0 3 0x14200 aiodoned aiodoned
68345 488871 0 0 3 0x14200 syncer update
87526 397006 0 0 3 0x14200 cleaner cleaner
93127 150108 0 0 3 0x14200 reaper reaper
390 356996 0 0 3 0x14200 pgdaemon pagedaemon
76671 224651 0 0 3 0x14200 bored crynlk
50451 514534 0 0 3 0x14200 bored crypto
839 230744 0 0 3 0x40014200 acpi0 acpi0
25390 421850 0 0 3 0x14200 bored softnet
31311 430606 0 0 3 0x14200 bored systqmp
78315 200302 0 0 3 0x14200 bored systq
51485 88172 0 0 3 0x40014200 bored softclock
55279 426336 0 0 3 0x40014200 idle0
1 80263 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9490 6346K 6986K 78643K 11136 0
pcb 13 8K 8K 78643K 85 0
rtable 105 4K 4K 78643K 342 0
ifaddr 61 12K 13K 78643K 135 0
counters 21 16K 16K 78643K 35 0
ioctlops 0 0K 2K 78643K 36 0
iov 0 0K 14K 78643K 52 0
mount 1 1K 1K 78643K 1 0
vnodes 1223 77K 77K 78643K 1404 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 8 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 44 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1794 195K 288K 78643K 12646 0
file desc 5 13K 25K 78643K 426 0
sigio 1 0K 0K 78643K 15 0
proc 50 38K 55K 78643K 417 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 355 0
in_multi 39 2K 2K 78643K 84 0
ether_multi 1 0K 0K 78643K 11 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 55 254K 254K 78643K 55 0
exec 0 0K 1K 78643K 206 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 118 87K 91K 78643K 1831 0
UVM aobj 15 2K 2K 78643K 20 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 52 0
NDP 10 0K 0K 78643K 31 0
temp 121 3018K 3094K 78643K 6077 0
kqueue 3 4K 10K 78643K 13 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 8 0 4 1 0 1 1 0 8 0
rtpcb 80 29 0 27 1 0 1 1 0 8 0
rtentry 112 61 0 20 2 0 2 2 0 8 0
unpcb 120 282 0 273 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 334 0 334 1 1 0 1 0 8 0
tcpcb 544 192 0 188 2 1 1 2 0 8 0
ipq 40 3 0 3 1 0 1 1 0 8 1
ipqe 40 135 0 135 1 0 1 1 0 8 1
inpcb 280 784 0 774 3 1 2 2 0 8 1
nd6 48 10 0 4 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 0 1 1 0 8 1
ppxss 1128 3 0 3 2 1 1 1 0 8 1
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 269 0 76 13 0 13 13 0 8 0
art_table 32 271 0 76 2 0 2 2 0 8 0
art_node 16 60 0 23 1 0 1 1 0 8 0
sysvmsgpl 40 64 0 45 1 0 1 1 0 8 0
semupl 112 5 0 5 1 1 0 1 0 8 0
semapl 112 42 0 32 1 0 1 1 0 8 0
shmpl 112 18 0 6 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1952 0 552 46 0 46 46 0 8 0
ffsino 240 1952 0 552 83 0 83 83 0 8 0
nchpl 144 2687 0 1092 60 0 60 60 0 8 0
uvmvnodes 72 2132 0 0 39 0 39 39 0 8 0
vnodes 208 2132 0 0 113 0 113 113 0 8 0
namei 1024 7421 0 7421 1 0 1 1 0 8 1
vcpupl 1984 7 0 0 1 0 1 1 0 8 0
vmpool 528 10 0 3 1 0 1 1 0 8 0
scxspl 192 8272 0 8271 1 0 1 1 0 8 0
plimitpl 152 45 0 38 1 0 1 1 0 8 0
sigapl 424 610 0 581 4 0 4 4 0 8 0
futexpl 56 9540 0 9540 1 0 1 1 0 8 1
knotepl 112 84 0 65 1 0 1 1 0 8 0
kqueuepl 144 228 0 224 1 0 1 1 0 8 0
pipelkpl 16 125 0 115 1 0 1 1 0 8 0
pipepl 120 250 0 231 1 0 1 1 0 8 0
fdescpl 432 595 0 581 2 0 2 2 0 8 0
filepl 120 4069 0 3969 5 1 4 5 0 8 0
lockfpl 104 159 0 158 1 0 1 1 0 8 0
lockfspl 48 53 0 52 1 0 1 1 0 8 0
sessionpl 112 18 0 8 1 0 1 1 0 8 0
pgrppl 48 20 0 10 1 0 1 1 0 8 0
ucredpl 96 390 0 383 1 0 1 1 0 8 0
zombiepl 144 581 0 581 1 0 1 1 0 8 1
processpl 896 610 0 581 4 0 4 4 0 8 0
procpl 624 1050 0 1013 4 0 4 4 0 8 0
sosppl 128 128 0 127 1 0 1 1 0 8 0
sockpl 400 1101 0 1080 6 2 4 5 0 8 1
mcl64k 65536 33 0 33 1 0 1 1 0 8 1
mcl16k 16384 5 0 5 1 0 1 1 0 8 1
mcl12k 12288 6 0 6 3 2 1 1 0 8 1
mcl9k 9216 4 0 4 2 1 1 1 0 8 1
mcl8k 8192 13 0 13 1 0 1 1 0 8 1
mcl4k 4096 35 0 35 2 1 1 1 0 8 1
mcl2k2 2112 3 0 3 1 0 1 1 0 8 1
mcl2k 2048 65212 0 65155 17 9 8 15 0 8 0
mtagpl 80 21 0 10 2 1 1 1 0 8 0
mbufpl 256 106426 0 106288 24 1 23 23 0 8 10
bufpl 280 4904 0 162 339 0 339 339 0 8 0
anonpl 16 70378 0 54400 78 10 68 78 0 107 1
amapchunkpl 152 2554 0 2422 8 1 7 8 0 158 1
amappl16 192 2794 0 1888 54 7 47 53 0 8 1
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 10 0 8 2 1 1 1 0 8 0
amappl13 168 139 0 138 1 0 1 1 0 8 0
amappl12 160 203 0 199 1 0 1 1 0 8 0
amappl11 152 72 0 58 1 0 1 1 0 8 0
amappl10 144 18 0 15 1 0 1 1 0 8 0
amappl9 136 128 0 124 1 0 1 1 0 8 0
amappl8 128 365 0 342 1 0 1 1 0 8 0
amappl7 120 115 0 102 1 0 1 1 0 8 0
amappl6 112 27 0 22 1 0 1 1 0 8 0
amappl5 104 1253 0 1241 1 0 1 1 0 8 0
amappl4 96 568 0 538 1 0 1 1 0 8 0
amappl3 88 210 0 204 1 0 1 1 0 8 0
amappl2 80 3786 0 3722 3 1 2 3 0 8 0
amappl1 72 19504 0 19090 25 15 10 20 0 8 0
amappl 80 1329 0 1284 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 19 0 5 1 0 1 1 0 8 0
uaddrrnd 24 605 0 584 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 605 0 584 1 0 1 1 0 8 0
vmmpekpl 168 7366 0 7340 2 0 2 2 0 8 0
vmmpepl 168 76787 0 74796 132 11 121 121 0 357 31
vmsppl 272 604 0 584 2 0 2 2 0 8 0
pdppl 4096 1216 0 1175 6 0 6 6 0 8 0
pvpl 32 207693 0 188727 184 10 174 184 0 265 17
pmappl 200 604 0 584 2 0 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 170 0 16 5 0 5 5 0 8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 23a32f86 Allow armv7 efiboot(8) to read from an ffs2 files..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=163894f9e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=2f9616f39d3f3b281cfb
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2f9616...@syzkaller.appspotmail.com
kernel: double fault trap, code=0
Stopped at pool_lock_mtx_assert_locked+0x19: pushq %r12
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
pool_lock_mtx_assert_locked(ffffffff82569f10) at pool_lock_mtx_assert_locked+0x19 sys/kern/subr_pool.c:2210
pool_do_get(ffffffff82569f10,2,ffff80001d3ff118) at pool_do_get+0x40 sys/kern/subr_pool.c:694
pool_get(ffffffff82569f10,2) at pool_get+0xb5 sys/kern/subr_pool.c:581
m_get(2,3) at m_get+0x4c sys/kern/uipc_mbuf.c:250
sbappendaddr(fffffd8052cfc338,fffffd8052cfc3c0,ffff80001d3ff338,fffffd80587f9f00,0) at sbappendaddr+0x20d sys/kern/uipc_socket2.c:801
udp_sbappend(fffffd805e569c08,fffffd80587f9f00,fffffd80587f9fb0,0,14,fffffd80587f9fc4) at udp_sbappend+0x344 sys/netinet/udp_usrreq.c:629
udp_input(ffff80001d3ff5b8,ffff80001d3ff5c4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d3ff5b8,ffff80001d3ff5c4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d3ff5b8,ffff80001d3ff5c4,d33,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d3ff5b8,ffff80001d3ff5c4,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd80587f9f00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd80587f9f00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805a2eb800,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805a2eb800,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805a2eb800,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd80587f9800,fffffd80587f98b0,0,14,fffffd80587f98c4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d3ffc98,ffff80001d3ffca4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d3ffc98,ffff80001d3ffca4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d3ffc98,ffff80001d3ffca4,b45,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d3ffc98,ffff80001d3ffca4,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd80587f9800) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd80587f9800,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805e2f8c00,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805e2f8c00,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805e2f8c00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd805a2eb800,fffffd805a2eb8b0,0,14,fffffd805a2eb8c4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d400378,ffff80001d400384,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d400378,ffff80001d400384,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d400378,ffff80001d400384,951,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d400378,ffff80001d400384,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd805a2eb800) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd805a2eb800,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805e10b800,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805e10b800,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805e10b800,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd805e2f8c00,fffffd805e2f8cb0,0,14,fffffd805e2f8cc4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d400a58,ffff80001d400a64,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d400a58,ffff80001d400a64,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d400a58,ffff80001d400a64,763,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d400a58,ffff80001d400a64,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd805e2f8c00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd805e2f8c00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805a2ebb00,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805a2ebb00,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805a2ebb00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd805e10b800,fffffd805e10b8b0,0,14,fffffd805e10b8c4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d401138,ffff80001d401144,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d401138,ffff80001d401144,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d401138,ffff80001d401144,575,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d401138,ffff80001d401144,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd805e10b800) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd805e10b800,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805a2eb100,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805a2eb100,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805a2eb100,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd805a2ebb00,fffffd805a2ebbb0,0,14,fffffd805a2ebbc4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d401818,ffff80001d401824,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d401818,ffff80001d401824,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d401818,ffff80001d401824,387,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d401818,ffff80001d401824,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd805a2ebb00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd805a2ebb00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805e2f8900,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805e2f8900,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805e2f8900,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd8052cfc338,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd8052cfc338) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd805e569c08,fffffd805a2eb100,fffffd805a2eb1b0,0,14,fffffd805a2eb1c4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d401ef8,ffff80001d401f04,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d401ef8,ffff80001d401f04,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d401ef8,ffff80001d401f04,193,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d401ef8,ffff80001d401f04,4,0,ffff800000677800) at ip_input_if+0x571
ipv4_input(ffff800000677800,fffffd805a2eb100) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000677800,fffffd805a2eb100,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd805a2eb500,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd805a2eb500,0,fffffd805e569c78,0,0,fffffd805e569c08) at ip_output+0xac5 sys/netinet/ip_output.c:329
udp_output(fffffd805e569c08,fffffd805a2eb500,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
sosend(fffffd8052cfc338,0,ffff80001d402270,0,0,2) at sosend+0x669 sys/kern/uipc_socket.c:549
sendit(ffff80001d35dc48,0,ffff80001d4023d0,2,ffff80001d4024c0) at sendit+0x52b sys/kern/uipc_syscalls.c:657
sys_sendmsg(ffff80001d35dc48,ffff80001d402478,ffff80001d4024c0) at sys_sendmsg+0x1a4 sys/kern/uipc_syscalls.c:562
syscall(ffff80001d402540) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa831defe3a0, count: -85
ddb> show registers
rdi 0xffffffff82569f10 mbpool
rsi 0xd7f
rbp 0xffff80001d3ff030
rbx 0xffffffff82569f10 mbpool
rdx 0xd80
rcx 0xffff80001f611000
rax 0xffffffff823973c8 pool_lock_ops_mtx
r8 0
r9 0x5
r10 0x26e0b13c29d23e7e
r11 0x9efa2539c0c301db
r12 0x2
r13 0x8a
r14 0xffffffff82569f10 mbpool
r15 0xffff80001d3ff118
rip 0xffffffff818104a9 pool_lock_mtx_assert_locked+0x19
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff80001d3ff000
ss 0x10
pool_lock_mtx_assert_locked+0x19: pushq %r12
ddb> show proc
PROC (syz-executor.0) pid=312982 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=57, nice=20
forw=0xffffffffffffffff, list=0xffff80001d35eae8,0xffffffff82588bd0
process=0xffff8000ffffae10 user=0xffff80001d3fd000, vmspace=0xfffffd8068ac7228
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
28556 183911 96284 0 2 0 syz-executor.0
*28556 312982 96284 0 7 0x4000000 syz-executor.0
32045 35595 61053 0 3 0x2 biowait syz-executor.1
64305 249596 0 0 3 0x14200 bored sosplice
96284 374706 61053 0 3 0x82 nanosleep syz-executor.0
61053 79799 29622 0 3 0x82 thrsleep syz-fuzzer
61053 335506 29622 0 3 0x4000082 nanosleep syz-fuzzer
61053 230392 29622 0 3 0x4000082 thrsleep syz-fuzzer
61053 456439 29622 0 3 0x4000082 thrsleep syz-fuzzer
61053 492130 29622 0 3 0x4000082 thrsleep syz-fuzzer
61053 93418 29622 0 3 0x4000082 thrsleep syz-fuzzer
61053 153919 29622 0 3 0x4000082 thrsleep syz-fuzzer
61053 460478 29622 0 3 0x4000082 kqread syz-fuzzer
29622 86739 23380 0 3 0x10008a pause ksh
23380 243216 65924 0 3 0x92 select sshd
89378 212406 1 0 3 0x100083 ttyin getty
65924 102234 1 0 3 0x80 select sshd
80575 47428 15244 73 3 0x100090 kqread syslogd
15244 37136 1 0 3 0x100082 netio syslogd
40328 56012 1 77 3 0x100090 poll dhclient
67643 41700 1 0 3 0x80 poll dhclient
46107 432287 0 0 3 0x14200 bored smr
64842 8753 0 0 2 0x14200 zerothread
14520 316999 0 0 3 0x14200 aiodoned aiodoned
68345 488871 0 0 3 0x14200 syncer update
87526 397006 0 0 3 0x14200 cleaner cleaner
93127 150108 0 0 3 0x14200 reaper reaper
390 356996 0 0 3 0x14200 pgdaemon pagedaemon
76671 224651 0 0 3 0x14200 bored crynlk
50451 514534 0 0 3 0x14200 bored crypto
839 230744 0 0 3 0x40014200 acpi0 acpi0
25390 421850 0 0 3 0x14200 bored softnet
31311 430606 0 0 3 0x14200 bored systqmp
78315 200302 0 0 3 0x14200 bored systq
51485 88172 0 0 3 0x40014200 bored softclock
55279 426336 0 0 3 0x40014200 idle0
1 80263 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9490 6346K 6986K 78643K 11136 0
pcb 13 8K 8K 78643K 85 0
rtable 105 4K 4K 78643K 342 0
ifaddr 61 12K 13K 78643K 135 0
counters 21 16K 16K 78643K 35 0
ioctlops 0 0K 2K 78643K 36 0
iov 0 0K 14K 78643K 52 0
mount 1 1K 1K 78643K 1 0
vnodes 1223 77K 77K 78643K 1404 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 8 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 44 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1794 195K 288K 78643K 12646 0
file desc 5 13K 25K 78643K 426 0
sigio 1 0K 0K 78643K 15 0
proc 50 38K 55K 78643K 417 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 355 0
in_multi 39 2K 2K 78643K 84 0
ether_multi 1 0K 0K 78643K 11 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 55 254K 254K 78643K 55 0
exec 0 0K 1K 78643K 206 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 118 87K 91K 78643K 1831 0
UVM aobj 15 2K 2K 78643K 20 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 52 0
NDP 10 0K 0K 78643K 31 0
temp 121 3018K 3094K 78643K 6077 0
kqueue 3 4K 10K 78643K 13 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 8 0 4 1 0 1 1 0 8 0
rtpcb 80 29 0 27 1 0 1 1 0 8 0
rtentry 112 61 0 20 2 0 2 2 0 8 0
unpcb 120 282 0 273 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 334 0 334 1 1 0 1 0 8 0
tcpcb 544 192 0 188 2 1 1 2 0 8 0
ipq 40 3 0 3 1 0 1 1 0 8 1
ipqe 40 135 0 135 1 0 1 1 0 8 1
inpcb 280 784 0 774 3 1 2 2 0 8 1
nd6 48 10 0 4 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 0 1 1 0 8 1
ppxss 1128 3 0 3 2 1 1 1 0 8 1
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 269 0 76 13 0 13 13 0 8 0
art_table 32 271 0 76 2 0 2 2 0 8 0
art_node 16 60 0 23 1 0 1 1 0 8 0
sysvmsgpl 40 64 0 45 1 0 1 1 0 8 0
semupl 112 5 0 5 1 1 0 1 0 8 0
semapl 112 42 0 32 1 0 1 1 0 8 0
shmpl 112 18 0 6 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1952 0 552 46 0 46 46 0 8 0
ffsino 240 1952 0 552 83 0 83 83 0 8 0
nchpl 144 2687 0 1092 60 0 60 60 0 8 0
uvmvnodes 72 2132 0 0 39 0 39 39 0 8 0
vnodes 208 2132 0 0 113 0 113 113 0 8 0
namei 1024 7421 0 7421 1 0 1 1 0 8 1
vcpupl 1984 7 0 0 1 0 1 1 0 8 0
vmpool 528 10 0 3 1 0 1 1 0 8 0
scxspl 192 8272 0 8271 1 0 1 1 0 8 0
plimitpl 152 45 0 38 1 0 1 1 0 8 0
sigapl 424 610 0 581 4 0 4 4 0 8 0
futexpl 56 9540 0 9540 1 0 1 1 0 8 1
knotepl 112 84 0 65 1 0 1 1 0 8 0
kqueuepl 144 228 0 224 1 0 1 1 0 8 0
pipelkpl 16 125 0 115 1 0 1 1 0 8 0
pipepl 120 250 0 231 1 0 1 1 0 8 0
fdescpl 432 595 0 581 2 0 2 2 0 8 0
filepl 120 4069 0 3969 5 1 4 5 0 8 0
lockfpl 104 159 0 158 1 0 1 1 0 8 0
lockfspl 48 53 0 52 1 0 1 1 0 8 0
sessionpl 112 18 0 8 1 0 1 1 0 8 0
pgrppl 48 20 0 10 1 0 1 1 0 8 0
ucredpl 96 390 0 383 1 0 1 1 0 8 0
zombiepl 144 581 0 581 1 0 1 1 0 8 1
processpl 896 610 0 581 4 0 4 4 0 8 0
procpl 624 1050 0 1013 4 0 4 4 0 8 0
sosppl 128 128 0 127 1 0 1 1 0 8 0
sockpl 400 1101 0 1080 6 2 4 5 0 8 1
mcl64k 65536 33 0 33 1 0 1 1 0 8 1
mcl16k 16384 5 0 5 1 0 1 1 0 8 1
mcl12k 12288 6 0 6 3 2 1 1 0 8 1
mcl9k 9216 4 0 4 2 1 1 1 0 8 1
mcl8k 8192 13 0 13 1 0 1 1 0 8 1
mcl4k 4096 35 0 35 2 1 1 1 0 8 1
mcl2k2 2112 3 0 3 1 0 1 1 0 8 1
mcl2k 2048 65212 0 65155 17 9 8 15 0 8 0
mtagpl 80 21 0 10 2 1 1 1 0 8 0
mbufpl 256 106426 0 106288 24 1 23 23 0 8 10
bufpl 280 4904 0 162 339 0 339 339 0 8 0
anonpl 16 70378 0 54400 78 10 68 78 0 107 1
amapchunkpl 152 2554 0 2422 8 1 7 8 0 158 1
amappl16 192 2794 0 1888 54 7 47 53 0 8 1
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 10 0 8 2 1 1 1 0 8 0
amappl13 168 139 0 138 1 0 1 1 0 8 0
amappl12 160 203 0 199 1 0 1 1 0 8 0
amappl11 152 72 0 58 1 0 1 1 0 8 0
amappl10 144 18 0 15 1 0 1 1 0 8 0
amappl9 136 128 0 124 1 0 1 1 0 8 0
amappl8 128 365 0 342 1 0 1 1 0 8 0
amappl7 120 115 0 102 1 0 1 1 0 8 0
amappl6 112 27 0 22 1 0 1 1 0 8 0
amappl5 104 1253 0 1241 1 0 1 1 0 8 0
amappl4 96 568 0 538 1 0 1 1 0 8 0
amappl3 88 210 0 204 1 0 1 1 0 8 0
amappl2 80 3786 0 3722 3 1 2 3 0 8 0
amappl1 72 19504 0 19090 25 15 10 20 0 8 0
amappl 80 1329 0 1284 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 19 0 5 1 0 1 1 0 8 0
uaddrrnd 24 605 0 584 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 605 0 584 1 0 1 1 0 8 0
vmmpekpl 168 7366 0 7340 2 0 2 2 0 8 0
vmmpepl 168 76787 0 74796 132 11 121 121 0 357 31
vmsppl 272 604 0 584 2 0 2 2 0 8 0
pdppl 4096 1216 0 1175 6 0 6 6 0 8 0
pvpl 32 207693 0 188727 184 10 174 184 0 265 17
pmappl 200 604 0 584 2 0 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 170 0 16 5 0 5 5 0 8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 3, 2020, 6:55:10 PM3/3/20
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: b244f117 Fix base64 processing of long lines
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14becfe9e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=2f9616f39d3f3b281cfb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10282329e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2f9616...@syzkaller.appspotmail.com
login: kernel: double fault trap, code=0
Stopped at pool_get+0x19: pushq %r12
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
pool_get(ffffffff82673638,2) at pool_get+0x19 sys/kern/subr_pool.c:561
udp_sbappend(fffffd806f6ef7a8,fffffd807e600d00,fffffd807e600db0,0,14,fffffd807e600dc4) at udp_sbappend+0x314 sys/netinet/udp_usrreq.c:629
udp_input(ffff800020b74498,ffff800020b744a4,11,2) at udp_input+0x1320
ip_deliver(ffff800020b74498,ffff800020b744a4,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b74498,ffff800020b744a4,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b74498,ffff800020b744a4,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd807e600d00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd807e600d00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd8074a64600,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd8074a64600,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd8074a64600,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd8074a64700,fffffd8074a647b0,0,14,fffffd8074a647c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b74b88,ffff800020b74b94,11,2) at udp_input+0x1320
ip_deliver(ffff800020b74b88,ffff800020b74b94,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b74b88,ffff800020b74b94,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b74b88,ffff800020b74b94,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd8074a64700) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd8074a64700,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806f17b600,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806f17b600,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd806f17b600,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd8074a64600,fffffd8074a646b0,0,14,fffffd8074a646c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b75278,ffff800020b75284,11,2) at udp_input+0x1320
ip_deliver(ffff800020b75278,ffff800020b75284,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b75278,ffff800020b75284,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b75278,ffff800020b75284,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd8074a64600) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd8074a64600,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806dd27000,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806dd27000,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd806dd27000,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd806f17b600,fffffd806f17b6b0,0,14,fffffd806f17b6c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b75968,ffff800020b75974,11,2) at udp_input+0x1320
ip_deliver(ffff800020b75968,ffff800020b75974,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b75968,ffff800020b75974,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b75968,ffff800020b75974,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806f17b600) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806f17b600,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806dd27900,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806dd27900,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd806dd27900,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd806dd27000,fffffd806dd270b0,0,14,fffffd806dd270c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b76058,ffff800020b76064,11,2) at udp_input+0x1320
ip_deliver(ffff800020b76058,ffff800020b76064,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b76058,ffff800020b76064,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b76058,ffff800020b76064,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806dd27000) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806dd27000,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd807f01e200,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd807f01e200,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd807f01e200,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd806dd27900,fffffd806dd279b0,0,14,fffffd806dd279c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b76748,ffff800020b76754,11,2) at udp_input+0x1320
ip_deliver(ffff800020b76748,ffff800020b76754,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b76748,ffff800020b76754,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b76748,ffff800020b76754,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806dd27900) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806dd27900,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806f17b900,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806f17b900,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd806f17b900,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd807f01e200,fffffd807f01e2b0,0,14,fffffd807f01e2c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b76e38,ffff800020b76e44,11,2) at udp_input+0x1320
ip_deliver(ffff800020b76e38,ffff800020b76e44,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b76e38,ffff800020b76e44,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b76e38,ffff800020b76e44,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd807f01e200) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd807f01e200,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806d8a3d00,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806d8a3d00,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd806d8a3d00,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd806f17b900,fffffd806f17b9b0,0,14,fffffd806f17b9c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b77528,ffff800020b77534,11,2) at udp_input+0x1320
ip_deliver(ffff800020b77528,ffff800020b77534,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b77528,ffff800020b77534,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b77528,ffff800020b77534,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806f17b900) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806f17b900,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd8074a64b00,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd8074a64b00,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd8074a64b00,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
sosend(fffffd806eb64e18,0,ffff800020b778a0,0,0,0) at sosend+0x671 sys/kern/uipc_socket.c:549
sendit(ffff800020ac6eb8,4,ffff800020b77980,0,ffff800020b77a60) at sendit+0x52b sys/kern/uipc_syscalls.c:657
sys_sendto(ffff800020ac6eb8,ffff800020b77a18,ffff800020b77a60) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:522
syscall(ffff800020b77ae0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020b77ae0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
ddb{0}> show registers
rdi 0xffffffff82673638 mbpool
rsi 0x2
rbp 0xffff800020b74030
rbx 0x10
rdx 0x8b
rcx 0x1
rax 0
r8 0xffffffff812d70c8 sbappendaddr+0xf8
r9 0x5
r10 0x20c0310e48cd8a78
r11 0x73512a83c3dfb9b1
r12 0x10
r13 0xa270 __ALIGN_SIZE+0x9270
r14 0x3
r15 0x2
rip 0xffffffff817929a9 pool_get+0x19
cs 0x8
rflags 0x10206 __ALIGN_SIZE+0xf206
rsp 0xffff800020b74000
ss 0x10
pool_get+0x19: pushq %r12
ddb{0}> show proc
PROC (syz-executor.0) pid=114141 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020ac69d8,0xffff800020ac7618
process=0xffff800020ac8f18 user=0xffff800020b72000, vmspace=0xfffffd807efff5c0
estcpu=0, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
40706 393577 34460 0 2 0x4000000 syz-executor.0
*40706 114141 34460 0 7 0x4000000 syz-executor.0
40706 56410 34460 0 2 0x4000080 syz-executor.0
38237 513017 0 0 3 0x14200 bored sosplice
34460 51299 58297 0 3 0x82 nanosleep syz-executor.0
58297 125763 22361 0 3 0x82 thrsleep syz-execprog
58297 423776 22361 0 3 0x4000082 nanosleep syz-execprog
58297 204046 22361 0 3 0x4000082 thrsleep syz-execprog
58297 134659 22361 0 3 0x4000082 nanosleep syz-execprog
58297 305620 22361 0 3 0x4000082 thrsleep syz-execprog
58297 287895 22361 0 3 0x4000082 thrsleep syz-execprog
58297 399404 22361 0 3 0x4000082 thrsleep syz-execprog
58297 486715 22361 0 3 0x4000082 thrsleep syz-execprog
58297 330969 22361 0 3 0x4000082 kqread syz-execprog
22361 50307 13943 0 3 0x10008a pause ksh
13943 78161 47268 0 3 0x92 select sshd
75380 398917 1 0 3 0x100083 ttyin getty
47268 278096 1 0 3 0x80 select sshd
2390 47274 43479 74 3 0x100092 bpf pflogd
43479 74418 1 0 3 0x80 netio pflogd
59747 517226 60434 73 3 0x100090 kqread syslogd
60434 230394 1 0 3 0x100082 netio syslogd
6803 336033 1 77 3 0x100090 poll dhclient
39429 482982 1 0 3 0x80 poll dhclient
76985 141338 0 0 3 0x14200 bored smr
45451 8427 0 0 3 0x14200 pgzero zerothread
1062 480985 0 0 3 0x14200 aiodoned aiodoned
89263 256444 0 0 3 0x14200 syncer update
68061 167925 0 0 3 0x14200 cleaner cleaner
69545 78689 0 0 3 0x14200 reaper reaper
72613 101355 0 0 3 0x14200 pgdaemon pagedaemon
59746 435138 0 0 3 0x14200 bored crynlk
28793 335005 0 0 3 0x14200 bored crypto
42114 290118 0 0 3 0x40014200 acpi0 acpi0
91266 320293 0 0 3 0x40014200 idle1
12145 225766 0 0 3 0x14200 bored softnet
15689 374334 0 0 3 0x14200 bored systqmp
47668 272595 0 0 3 0x14200 bored systq
71383 160962 0 0 3 0x40014200 bored softclock
62421 39492 0 0 3 0x40014200 idle0
1 499276 0 0 3 0x82 wait init
Process 40706 (syz-executor.0) thread 0xffff800020ac6eb8 (114141)
exclusive rwlock netlock r = 0 (0xffffffff824a5b48)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1164
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x559 sys/kern/uipc_socket.c:537
#3 sendit+0x52b sys/kern/uipc_syscalls.c:657
#4 sys_sendto+0x80 sys/kern/uipc_syscalls.c:522
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#6 Xsyscall+0x128
ddb{0}> show malloc
pcb 13 8K 8K 78643K 13 0
rtable 83 2K 2K 78643K 163 0
ifaddr 37 9K 9K 78643K 38 0
counters 41 33K 33K 78643K 41 0
ioctlops 0 0K 4K 78643K 1468 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
file desc 3 8K 12K 78643K 23 0
proc 59 63K 83K 78643K 398 0
ether_multi 1 0K 0K 78643K 1 0
exec 0 0K 1K 78643K 197 0
UVM aobj 2 2K 2K 78643K 2 0
temp 29 3013K 3077K 78643K 1921 0
kqueue 3 4K 4K 78643K 3 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 17 0 15 1 0 1 1 0 8 0
rtentry 112 34 0 1 1 0 1 1 0 8 0
unpcb 120 29 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 280 57 0 48 1 0 1 1 0 8 0
nd6 48 3 0 0 1 0 1 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 11 0 0 1 0 1 1 0 8 0
pfstkey 112 11 0 0 1 0 1 1 0 8 0
pfstate 328 11 0 0 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 143 0 0 9 0 9 9 0 8 0
art_table 32 144 0 0 2 0 2 2 0 8 0
art_node 16 33 0 3 1 0 1 1 0 8 0
ffsino 272 1428 0 25 94 0 94 94 0 8 0
nchpl 144 1659 0 49 60 0 60 60 0 8 0
uvmvnodes 72 1438 0 0 27 0 27 27 0 8 0
vnodes 208 1438 0 0 76 0 76 76 0 8 0
namei 1024 4157 0 4157 1 0 1 1 0 8 1
percpumem 16 31 0 0 1 0 1 1 0 8 0
scxspl 192 4554 0 4554 2 1 1 2 0 8 1
plimitpl 152 15 0 8 1 0 1 1 0 8 0
sigapl 424 247 0 216 4 0 4 4 0 8 0
futexpl 56 87 0 87 1 0 1 1 0 8 1
knotepl 112 39 0 28 1 0 1 1 0 8 0
kqueuepl 144 14 0 10 1 0 1 1 0 8 0
pipelkpl 48 74 0 67 1 0 1 1 0 8 0
pipepl 120 148 0 135 1 0 1 1 0 8 0
fdescpl 496 231 0 216 3 0 3 3 0 8 0
filepl 152 1154 0 1091 3 0 3 3 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 52 0 43 1 0 1 1 0 8 0
zombiepl 144 216 0 216 1 0 1 1 0 8 1
processpl 960 247 0 216 5 0 5 5 0 8 1
procpl 624 273 0 231 4 0 4 4 0 8 0
sosppl 128 11 0 10 1 0 1 1 0 8 0
sockpl 400 103 0 82 3 0 3 3 0 8 0
mcl4k 4096 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 76 0 0 10 0 10 10 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 114 0 0 7 0 7 7 0 8 0
bufpl 280 3750 0 174 256 0 256 256 0 8 0
anonpl 16 22678 0 21028 14 1 13 13 0 124 5
amapchunkpl 152 912 0 838 5 0 5 5 0 158 1
amappl16 192 166 0 130 2 0 2 2 0 8 0
amappl13 168 21 0 20 1 0 1 1 0 8 0
amappl12 160 8 0 7 2 1 1 1 0 8 0
amappl11 152 70 0 52 1 0 1 1 0 8 0
amappl10 144 14 0 12 1 0 1 1 0 8 0
amappl9 136 236 0 232 1 0 1 1 0 8 0
amappl8 128 270 0 261 1 0 1 1 0 8 0
amappl7 120 122 0 110 1 0 1 1 0 8 0
amappl6 112 20 0 18 1 0 1 1 0 8 0
amappl5 104 133 0 118 1 0 1 1 0 8 0
amappl4 96 509 0 481 1 0 1 1 0 8 0
amappl3 88 111 0 106 1 0 1 1 0 8 0
amappl2 80 981 0 912 3 0 3 3 0 8 1
amappl1 72 15560 0 15125 26 8 18 20 0 8 8
amappl 80 499 0 467 1 0 1 1 0 84 0
uaddrrnd 24 231 0 216 1 0 1 1 0 8 0
vmmpekpl 168 6279 0 6257 2 0 2 2 0 8 0
vmmpepl 168 33399 0 32398 86 6 80 80 0 357 36
vmsppl 368 230 0 216 2 0 2 2 0 8 0
pdppl 4096 470 0 432 6 0 6 6 0 8 0
pvpl 32 113211 0 109098 115 0 115 115 0 265 81
pmappl 232 230 0 216 1 0 1 1 0 8 0
ddb{0}>
HEAD commit: b244f117 Fix base64 processing of long lines
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14becfe9e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=2f9616f39d3f3b281cfb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10282329e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2f9616...@syzkaller.appspotmail.com
Stopped at pool_get+0x19: pushq %r12
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
pool_get(ffffffff82673638,2) at pool_get+0x19 sys/kern/subr_pool.c:561
m_get(2,3) at m_get+0x4c sys/kern/uipc_mbuf.c:250
sbappendaddr(fffffd806eb64e18,fffffd806eb64ea0,ffff800020b74218,fffffd807e600d00,0) at sbappendaddr+0x223 sys/kern/uipc_socket2.c:801
udp_sbappend(fffffd806f6ef7a8,fffffd807e600d00,fffffd807e600db0,0,14,fffffd807e600dc4) at udp_sbappend+0x314 sys/netinet/udp_usrreq.c:629
udp_input(ffff800020b74498,ffff800020b744a4,11,2) at udp_input+0x1320
ip_deliver(ffff800020b74498,ffff800020b744a4,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b74498,ffff800020b744a4,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b74498,ffff800020b744a4,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd807e600d00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd807e600d00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd8074a64600,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd8074a64600,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd8074a64600,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd8074a64700,fffffd8074a647b0,0,14,fffffd8074a647c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b74b88,ffff800020b74b94,11,2) at udp_input+0x1320
ip_deliver(ffff800020b74b88,ffff800020b74b94,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b74b88,ffff800020b74b94,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b74b88,ffff800020b74b94,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd8074a64700) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd8074a64700,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806f17b600,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806f17b600,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd806f17b600,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd8074a64600,fffffd8074a646b0,0,14,fffffd8074a646c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b75278,ffff800020b75284,11,2) at udp_input+0x1320
ip_deliver(ffff800020b75278,ffff800020b75284,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b75278,ffff800020b75284,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b75278,ffff800020b75284,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd8074a64600) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd8074a64600,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806dd27000,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806dd27000,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd806dd27000,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd806f17b600,fffffd806f17b6b0,0,14,fffffd806f17b6c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b75968,ffff800020b75974,11,2) at udp_input+0x1320
ip_deliver(ffff800020b75968,ffff800020b75974,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b75968,ffff800020b75974,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b75968,ffff800020b75974,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806f17b600) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806f17b600,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806dd27900,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806dd27900,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd806dd27900,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd806dd27000,fffffd806dd270b0,0,14,fffffd806dd270c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b76058,ffff800020b76064,11,2) at udp_input+0x1320
ip_deliver(ffff800020b76058,ffff800020b76064,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b76058,ffff800020b76064,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b76058,ffff800020b76064,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806dd27000) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806dd27000,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd807f01e200,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd807f01e200,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd807f01e200,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd806dd27900,fffffd806dd279b0,0,14,fffffd806dd279c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b76748,ffff800020b76754,11,2) at udp_input+0x1320
ip_deliver(ffff800020b76748,ffff800020b76754,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b76748,ffff800020b76754,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b76748,ffff800020b76754,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806dd27900) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806dd27900,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806f17b900,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806f17b900,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd806f17b900,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd807f01e200,fffffd807f01e2b0,0,14,fffffd807f01e2c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b76e38,ffff800020b76e44,11,2) at udp_input+0x1320
ip_deliver(ffff800020b76e38,ffff800020b76e44,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b76e38,ffff800020b76e44,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b76e38,ffff800020b76e44,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd807f01e200) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd807f01e200,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806d8a3d00,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806d8a3d00,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd806d8a3d00,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806eb64e18,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806eb64e18) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6ef7a8,fffffd806f17b900,fffffd806f17b9b0,0,14,fffffd806f17b9c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020b77528,ffff800020b77534,11,2) at udp_input+0x1320
ip_deliver(ffff800020b77528,ffff800020b77534,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020b77528,ffff800020b77534,8b,0) at ip_ours+0x412
ip_input_if(ffff800020b77528,ffff800020b77534,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806f17b900) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806f17b900,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd8074a64b00,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd8074a64b00,0,fffffd806f6ef818,0,0,fffffd806f6ef7a8) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6ef7a8,fffffd8074a64b00,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
sosend(fffffd806eb64e18,0,ffff800020b778a0,0,0,0) at sosend+0x671 sys/kern/uipc_socket.c:549
sendit(ffff800020ac6eb8,4,ffff800020b77980,0,ffff800020b77a60) at sendit+0x52b sys/kern/uipc_syscalls.c:657
sys_sendto(ffff800020ac6eb8,ffff800020b77a18,ffff800020b77a60) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:522
syscall(ffff800020b77ae0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020b77ae0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5db96e410f0, count: -94
end of kernel
ddb{0}> show registers
rdi 0xffffffff82673638 mbpool
rsi 0x2
rbp 0xffff800020b74030
rbx 0x10
rdx 0x8b
rcx 0x1
rax 0
r8 0xffffffff812d70c8 sbappendaddr+0xf8
r9 0x5
r10 0x20c0310e48cd8a78
r11 0x73512a83c3dfb9b1
r12 0x10
r13 0xa270 __ALIGN_SIZE+0x9270
r14 0x3
r15 0x2
rip 0xffffffff817929a9 pool_get+0x19
cs 0x8
rflags 0x10206 __ALIGN_SIZE+0xf206
rsp 0xffff800020b74000
ss 0x10
pool_get+0x19: pushq %r12
ddb{0}> show proc
PROC (syz-executor.0) pid=114141 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020ac69d8,0xffff800020ac7618
process=0xffff800020ac8f18 user=0xffff800020b72000, vmspace=0xfffffd807efff5c0
estcpu=0, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
40706 94521 34460 0 7 0 syz-executor.0
40706 393577 34460 0 2 0x4000000 syz-executor.0
*40706 114141 34460 0 7 0x4000000 syz-executor.0
40706 56410 34460 0 2 0x4000080 syz-executor.0
38237 513017 0 0 3 0x14200 bored sosplice
34460 51299 58297 0 3 0x82 nanosleep syz-executor.0
58297 125763 22361 0 3 0x82 thrsleep syz-execprog
58297 423776 22361 0 3 0x4000082 nanosleep syz-execprog
58297 204046 22361 0 3 0x4000082 thrsleep syz-execprog
58297 134659 22361 0 3 0x4000082 nanosleep syz-execprog
58297 305620 22361 0 3 0x4000082 thrsleep syz-execprog
58297 287895 22361 0 3 0x4000082 thrsleep syz-execprog
58297 399404 22361 0 3 0x4000082 thrsleep syz-execprog
58297 486715 22361 0 3 0x4000082 thrsleep syz-execprog
58297 330969 22361 0 3 0x4000082 kqread syz-execprog
22361 50307 13943 0 3 0x10008a pause ksh
13943 78161 47268 0 3 0x92 select sshd
75380 398917 1 0 3 0x100083 ttyin getty
47268 278096 1 0 3 0x80 select sshd
2390 47274 43479 74 3 0x100092 bpf pflogd
43479 74418 1 0 3 0x80 netio pflogd
59747 517226 60434 73 3 0x100090 kqread syslogd
60434 230394 1 0 3 0x100082 netio syslogd
6803 336033 1 77 3 0x100090 poll dhclient
39429 482982 1 0 3 0x80 poll dhclient
76985 141338 0 0 3 0x14200 bored smr
45451 8427 0 0 3 0x14200 pgzero zerothread
1062 480985 0 0 3 0x14200 aiodoned aiodoned
89263 256444 0 0 3 0x14200 syncer update
68061 167925 0 0 3 0x14200 cleaner cleaner
69545 78689 0 0 3 0x14200 reaper reaper
72613 101355 0 0 3 0x14200 pgdaemon pagedaemon
59746 435138 0 0 3 0x14200 bored crynlk
28793 335005 0 0 3 0x14200 bored crypto
42114 290118 0 0 3 0x40014200 acpi0 acpi0
91266 320293 0 0 3 0x40014200 idle1
12145 225766 0 0 3 0x14200 bored softnet
15689 374334 0 0 3 0x14200 bored systqmp
47668 272595 0 0 3 0x14200 bored systq
71383 160962 0 0 3 0x40014200 bored softclock
62421 39492 0 0 3 0x40014200 idle0
1 499276 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 40706 (syz-executor.0) thread 0xffff800020ac6eb8 (114141)
exclusive rwlock netlock r = 0 (0xffffffff824a5b48)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1164
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x559 sys/kern/uipc_socket.c:537
#3 sendit+0x52b sys/kern/uipc_syscalls.c:657
#4 sys_sendto+0x80 sys/kern/uipc_syscalls.c:522
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#6 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9467 6396K 6396K 78643K 10558 0
pcb 13 8K 8K 78643K 13 0
rtable 83 2K 2K 78643K 163 0
ifaddr 37 9K 9K 78643K 38 0
counters 41 33K 33K 78643K 41 0
ioctlops 0 0K 4K 78643K 1468 0
mount 1 1K 1K 78643K 1 0
vnodes 1183 74K 75K 78643K 1188 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 196K 290K 78643K 12766 0
file desc 3 8K 12K 78643K 23 0
proc 59 63K 83K 78643K 398 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 22 1K 1K 78643K 22 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 19 95K 95K 78643K 19 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 1K 78643K 197 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 77 12K 12K 78643K 973 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM aobj 2 2K 2K 78643K 2 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 7 0K 0K 78643K 7 0
crypto data 1 1K 1K 78643K 1 0
temp 29 3013K 3077K 78643K 1921 0
kqueue 3 4K 4K 78643K 3 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 4 0 0 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 17 0 15 1 0 1 1 0 8 0
rtentry 112 34 0 1 1 0 1 1 0 8 0
unpcb 120 29 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 280 57 0 48 1 0 1 1 0 8 0
nd6 48 3 0 0 1 0 1 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 11 0 0 1 0 1 1 0 8 0
pfstkey 112 11 0 0 1 0 1 1 0 8 0
pfstate 328 11 0 0 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 143 0 0 9 0 9 9 0 8 0
art_table 32 144 0 0 2 0 2 2 0 8 0
art_node 16 33 0 3 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1428 0 25 46 0 46 46 0 8 0
ffsino 272 1428 0 25 94 0 94 94 0 8 0
nchpl 144 1659 0 49 60 0 60 60 0 8 0
uvmvnodes 72 1438 0 0 27 0 27 27 0 8 0
vnodes 208 1438 0 0 76 0 76 76 0 8 0
namei 1024 4157 0 4157 1 0 1 1 0 8 1
percpumem 16 31 0 0 1 0 1 1 0 8 0
scxspl 192 4554 0 4554 2 1 1 2 0 8 1
plimitpl 152 15 0 8 1 0 1 1 0 8 0
sigapl 424 247 0 216 4 0 4 4 0 8 0
futexpl 56 87 0 87 1 0 1 1 0 8 1
knotepl 112 39 0 28 1 0 1 1 0 8 0
kqueuepl 144 14 0 10 1 0 1 1 0 8 0
pipelkpl 48 74 0 67 1 0 1 1 0 8 0
pipepl 120 148 0 135 1 0 1 1 0 8 0
fdescpl 496 231 0 216 3 0 3 3 0 8 0
filepl 152 1154 0 1091 3 0 3 3 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 52 0 43 1 0 1 1 0 8 0
zombiepl 144 216 0 216 1 0 1 1 0 8 1
processpl 960 247 0 216 5 0 5 5 0 8 1
procpl 624 273 0 231 4 0 4 4 0 8 0
sosppl 128 11 0 10 1 0 1 1 0 8 0
sockpl 400 103 0 82 3 0 3 3 0 8 0
mcl4k 4096 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 76 0 0 10 0 10 10 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 114 0 0 7 0 7 7 0 8 0
bufpl 280 3750 0 174 256 0 256 256 0 8 0
anonpl 16 22678 0 21028 14 1 13 13 0 124 5
amapchunkpl 152 912 0 838 5 0 5 5 0 158 1
amappl16 192 166 0 130 2 0 2 2 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 5 0 4 2 1 1 1 0 8 0
amappl13 168 21 0 20 1 0 1 1 0 8 0
amappl12 160 8 0 7 2 1 1 1 0 8 0
amappl11 152 70 0 52 1 0 1 1 0 8 0
amappl10 144 14 0 12 1 0 1 1 0 8 0
amappl9 136 236 0 232 1 0 1 1 0 8 0
amappl8 128 270 0 261 1 0 1 1 0 8 0
amappl7 120 122 0 110 1 0 1 1 0 8 0
amappl6 112 20 0 18 1 0 1 1 0 8 0
amappl5 104 133 0 118 1 0 1 1 0 8 0
amappl4 96 509 0 481 1 0 1 1 0 8 0
amappl3 88 111 0 106 1 0 1 1 0 8 0
amappl2 80 981 0 912 3 0 3 3 0 8 1
amappl1 72 15560 0 15125 26 8 18 20 0 8 8
amappl 80 499 0 467 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 231 0 216 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 231 0 216 1 0 1 1 0 8 0
vmmpekpl 168 6279 0 6257 2 0 2 2 0 8 0
vmmpepl 168 33399 0 32398 86 6 80 80 0 357 36
vmsppl 368 230 0 216 2 0 2 2 0 8 0
pdppl 4096 470 0 432 6 0 6 6 0 8 0
pvpl 32 113211 0 109098 115 0 115 115 0 265 81
pmappl 232 230 0 216 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 146 0 3 5 0 5 5 0 8 0
ddb{0}>
syzbot
Mar 5, 2020, 12:49:22 AM3/5/20
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 094ed2c3 sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13a2a181e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10c8aa2de00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2f9616...@syzkaller.appspotmail.com
login: kernel: double fault trap, code=0
Stopped at __sanitizer_cov_trace_switch+0x15: pushq %r14
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
__sanitizer_cov_trace_switch(2,ffffffff8247dcf0) at __sanitizer_cov_trace_switch+0x15 sys/dev/kcov.c:211
sbappendaddr(fffffd806ec74648,fffffd806ec746d0,ffff800020afc1c8,fffffd806f3e3600,0) at sbappendaddr+0xf8 soassertlocked sys/kern/uipc_socket2.c:320 [inline]
sbappendaddr(fffffd806ec74648,fffffd806ec746d0,ffff800020afc1c8,fffffd806f3e3600,0) at sbappendaddr+0xf8 sbspace sys/sys/socketvar.h:197 [inline]
sbappendaddr(fffffd806ec74648,fffffd806ec746d0,ffff800020afc1c8,fffffd806f3e3600,0) at sbappendaddr+0xf8 sys/kern/uipc_socket2.c:796
udp_sbappend(fffffd806f6e7118,fffffd806f3e3600,fffffd806f3e36b0,0,14,fffffd806f3e36c4) at udp_sbappend+0x314 sys/netinet/udp_usrreq.c:629
udp_input(ffff800020afc448,ffff800020afc454,11,2) at udp_input+0x1320
ip_deliver(ffff800020afc448,ffff800020afc454,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afc448,ffff800020afc454,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afc448,ffff800020afc454,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806f3e3600) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806f3e3600,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806f435d00,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806f435d00,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd806f435d00,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd806f435d00,fffffd806f435db0,0,14,fffffd806f435dc4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afcb38,ffff800020afcb44,11,2) at udp_input+0x1320
ip_deliver(ffff800020afcb38,ffff800020afcb44,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afcb38,ffff800020afcb44,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afcb38,ffff800020afcb44,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806f435d00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806f435d00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806dcdc300,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806dcdc300,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd806dcdc300,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd806dcdc300,fffffd806dcdc3b0,0,14,fffffd806dcdc3c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afd228,ffff800020afd234,11,2) at udp_input+0x1320
ip_deliver(ffff800020afd228,ffff800020afd234,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afd228,ffff800020afd234,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afd228,ffff800020afd234,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806dcdc300) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806dcdc300,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806dcdc900,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806dcdc900,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd806dcdc900,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd806dcdc900,fffffd806dcdc9b0,0,14,fffffd806dcdc9c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afd918,ffff800020afd924,11,2) at udp_input+0x1320
ip_deliver(ffff800020afd918,ffff800020afd924,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afd918,ffff800020afd924,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afd918,ffff800020afd924,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806dcdc900) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806dcdc900,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806dcdc100,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806dcdc100,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd806dcdc100,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd806dcdc100,fffffd806dcdc1b0,0,14,fffffd806dcdc1c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afe008,ffff800020afe014,11,2) at udp_input+0x1320
ip_deliver(ffff800020afe008,ffff800020afe014,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afe008,ffff800020afe014,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afe008,ffff800020afe014,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806dcdc100) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806dcdc100,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd807f01e200,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd807f01e200,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd807f01e200,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd807f01e200,fffffd807f01e2b0,0,14,fffffd807f01e2c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afe6f8,ffff800020afe704,11,2) at udp_input+0x1320
ip_deliver(ffff800020afe6f8,ffff800020afe704,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afe6f8,ffff800020afe704,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afe6f8,ffff800020afe704,4,0,ffff800000679800) at ip_input_if+0x6ce
ip_output(fffffd806f3cec00,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd806f3cec00,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd806f3cec00,fffffd806f3cecb0,0,14,fffffd806f3cecc4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afede8,ffff800020afedf4,11,2) at udp_input+0x1320
ip_deliver(ffff800020afede8,ffff800020afedf4,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afede8,ffff800020afedf4,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afede8,ffff800020afedf4,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806f3cec00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806f3cec00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd807f01e700,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd807f01e700,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd807f01e700,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
sosend(fffffd806ec74648,0,ffff800020aff160,0,0,4) at sosend+0x671 sys/kern/uipc_socket.c:549
sendit(ffff800020ade9d0,4,ffff800020aff2c0,4,ffff800020aff3b0) at sendit+0x52b sys/kern/uipc_syscalls.c:657
sys_sendmsg(ffff800020ade9d0,ffff800020aff368,ffff800020aff3b0) at sys_sendmsg+0x1a4 sys/kern/uipc_syscalls.c:562
syscall(ffff800020aff430) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020aff430) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
ddb{0}> show registers
rdi 0x2
rsi 0xffffffff8247dcf0 __sancov_gen_cov_switch_values.49
rbp 0xffff800020afc020
rbx 0x2
rdx 0xffff800020afc1c8
rcx 0xfffffd806f3e3600
rax 0xffffffff824fc5a8 inetdomain
r8 0
r9 0xfffffd806f3e36c4
r10 0x61f76e0e26bb26aa
r11 0x24e3da83fe72faa7
r12 0xfffffd806ec74648
r13 0xfffffd806ec746d0
r14 0x10
r15 0
rip 0xffffffff81dd53c5 __sanitizer_cov_trace_switch+0x15
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff800020afc000
ss 0x10
__sanitizer_cov_trace_switch+0x15: pushq %r14
ddb{0}> show proc
PROC (syz-executor0508) pid=499840 stat=onproc
flags process=2<EXEC> proc=0
pri=51, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff800020ade010,0xffff800020adec50
process=0xffff800020ac8018 user=0xffff800020afa000, vmspace=0xfffffd806eab6b88
estcpu=1, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
* 1691 499840 4905 0 7 0x2 syz-executor0508
4905 174296 40550 0 3 0x10008a pause ksh
40550 409806 1285 0 3 0x92 select sshd
3765 324520 1 0 3 0x100083 ttyin getty
1285 391735 1 0 3 0x80 select sshd
15676 378061 59930 73 3 0x100090 kqread syslogd
59930 190516 1 0 3 0x100082 netio syslogd
77351 58457 1 77 3 0x100090 poll dhclient
55252 438807 1 0 3 0x80 poll dhclient
83843 217506 0 0 3 0x14200 bored smr
51716 282936 0 0 3 0x14200 pgzero zerothread
92252 505552 0 0 3 0x14200 aiodoned aiodoned
86844 101580 0 0 3 0x14200 syncer update
43755 370577 0 0 3 0x14200 cleaner cleaner
10959 291226 0 0 3 0x14200 reaper reaper
40030 29467 0 0 3 0x14200 pgdaemon pagedaemon
66864 238911 0 0 3 0x14200 bored crynlk
82997 161702 0 0 3 0x14200 bored crypto
50075 24246 0 0 3 0x40014200 acpi0 acpi0
1700 83287 0 0 7 0x40014200 idle1
51183 375318 0 0 3 0x14200 bored softnet
21063 274856 0 0 3 0x14200 bored systqmp
65024 234200 0 0 3 0x14200 bored systq
70690 149393 0 0 3 0x40014200 bored softclock
81377 472294 0 0 3 0x40014200 idle0
1 121496 0 0 3 0x82 wait init
exclusive rwlock netlock r = 0 (0xffffffff824f1378)
pcb 13 8K 8K 78643K 13 0
rtable 61 2K 2K 78643K 117 0
ifaddr 24 7K 7K 78643K 24 0
counters 39 33K 33K 78643K 39 0
ioctlops 0 0K 2K 78643K 13 0
proc 47 50K 58K 78643K 278 0
ether_multi 1 0K 0K 78643K 1 0
exec 0 0K 1K 78643K 151 0
UVM aobj 2 2K 2K 78643K 2 0
temp 18 3013K 3077K 78643K 1418 0
kqueue 2 2K 2K 78643K 2 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 15 0 13 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 120 27 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 280 24 0 17 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
ffsino 272 1391 0 15 92 0 92 92 0 8 0
nchpl 144 1566 0 31 57 0 57 57 0 8 0
uvmvnodes 72 1400 0 0 26 0 26 26 0 8 0
vnodes 208 1400 0 0 74 0 74 74 0 8 0
namei 1024 3447 0 3447 1 0 1 1 0 8 1
percpumem 16 30 0 0 1 0 1 1 0 8 0
scxspl 192 2660 0 2660 2 1 1 2 0 8 1
plimitpl 152 13 0 8 1 0 1 1 0 8 0
sigapl 424 193 0 166 4 0 4 4 0 8 0
knotepl 112 5 0 0 1 0 1 1 0 8 0
kqueuepl 144 2 0 0 1 0 1 1 0 8 0
pipelkpl 48 57 0 53 1 0 1 1 0 8 0
pipepl 120 114 0 107 1 0 1 1 0 8 0
fdescpl 496 177 0 166 2 0 2 2 0 8 0
filepl 152 826 0 781 2 0 2 2 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 96 47 0 40 1 0 1 1 0 8 0
zombiepl 144 166 0 166 1 0 1 1 0 8 1
processpl 960 193 0 166 4 0 4 4 0 8 0
procpl 624 193 0 166 3 0 3 3 0 8 0
sosppl 128 1 0 0 1 0 1 1 0 8 0
sockpl 400 66 0 49 2 0 2 2 0 8 0
mcl4k 4096 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 56 0 0 7 0 7 7 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 78 0 0 5 0 5 5 0 8 0
bufpl 280 1765 0 70 122 0 122 122 0 8 0
anonpl 16 17360 0 16226 6 1 5 6 0 124 0
amapchunkpl 152 466 0 430 2 0 2 2 0 158 0
amappl16 192 68 0 64 1 0 1 1 0 8 0
amappl13 168 12 0 11 1 0 1 1 0 8 0
amappl12 160 14 0 14 1 0 1 1 0 8 1
amappl11 152 57 0 45 1 0 1 1 0 8 0
amappl10 144 5 0 3 1 0 1 1 0 8 0
amappl9 136 205 0 204 1 0 1 1 0 8 0
amappl8 128 203 0 202 1 0 1 1 0 8 0
amappl7 120 76 0 68 1 0 1 1 0 8 0
amappl6 112 12 0 10 1 0 1 1 0 8 0
amappl5 104 171 0 162 1 0 1 1 0 8 0
amappl4 96 419 0 393 1 0 1 1 0 8 0
amappl3 88 99 0 93 1 0 1 1 0 8 0
amappl2 80 714 0 663 2 0 2 2 0 8 0
amappl1 72 12078 0 11690 14 4 10 14 0 8 0
amappl 80 354 0 335 1 0 1 1 0 84 0
uaddrrnd 24 177 0 166 1 0 1 1 0 8 0
vmmpekpl 168 5106 0 5085 1 0 1 1 0 8 0
vmmpepl 168 25623 0 24866 44 8 36 44 0 357 3
vmsppl 368 176 0 166 2 0 2 2 0 8 0
pdppl 4096 362 0 332 5 0 5 5 0 8 0
pvpl 32 70333 0 67589 26 0 26 26 0 265 3
pmappl 232 176 0 166 1 0 1 1 0 8 0
HEAD commit: 094ed2c3 sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13a2a181e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=2f9616f39d3f3b281cfb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c6d6c3e00000
dashboard link: https://syzkaller.appspot.com/bug?extid=2f9616f39d3f3b281cfb
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10c8aa2de00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2f9616...@syzkaller.appspotmail.com
Stopped at __sanitizer_cov_trace_switch+0x15: pushq %r14
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
__sanitizer_cov_trace_switch(2,ffffffff8247dcf0) at __sanitizer_cov_trace_switch+0x15 sys/dev/kcov.c:211
sbappendaddr(fffffd806ec74648,fffffd806ec746d0,ffff800020afc1c8,fffffd806f3e3600,0) at sbappendaddr+0xf8 soassertlocked sys/kern/uipc_socket2.c:320 [inline]
sbappendaddr(fffffd806ec74648,fffffd806ec746d0,ffff800020afc1c8,fffffd806f3e3600,0) at sbappendaddr+0xf8 sbspace sys/sys/socketvar.h:197 [inline]
sbappendaddr(fffffd806ec74648,fffffd806ec746d0,ffff800020afc1c8,fffffd806f3e3600,0) at sbappendaddr+0xf8 sys/kern/uipc_socket2.c:796
udp_sbappend(fffffd806f6e7118,fffffd806f3e3600,fffffd806f3e36b0,0,14,fffffd806f3e36c4) at udp_sbappend+0x314 sys/netinet/udp_usrreq.c:629
udp_input(ffff800020afc448,ffff800020afc454,11,2) at udp_input+0x1320
ip_deliver(ffff800020afc448,ffff800020afc454,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afc448,ffff800020afc454,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afc448,ffff800020afc454,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806f3e3600) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806f3e3600,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806f435d00,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806f435d00,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd806f435d00,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd806f435d00,fffffd806f435db0,0,14,fffffd806f435dc4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afcb38,ffff800020afcb44,11,2) at udp_input+0x1320
ip_deliver(ffff800020afcb38,ffff800020afcb44,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afcb38,ffff800020afcb44,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afcb38,ffff800020afcb44,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806f435d00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806f435d00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806dcdc300,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806dcdc300,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd806dcdc300,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd806dcdc300,fffffd806dcdc3b0,0,14,fffffd806dcdc3c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afd228,ffff800020afd234,11,2) at udp_input+0x1320
ip_deliver(ffff800020afd228,ffff800020afd234,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afd228,ffff800020afd234,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afd228,ffff800020afd234,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806dcdc300) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806dcdc300,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806dcdc900,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806dcdc900,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd806dcdc900,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd806dcdc900,fffffd806dcdc9b0,0,14,fffffd806dcdc9c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afd918,ffff800020afd924,11,2) at udp_input+0x1320
ip_deliver(ffff800020afd918,ffff800020afd924,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afd918,ffff800020afd924,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afd918,ffff800020afd924,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806dcdc900) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806dcdc900,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806dcdc100,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd806dcdc100,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd806dcdc100,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd806dcdc100,fffffd806dcdc1b0,0,14,fffffd806dcdc1c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afe008,ffff800020afe014,11,2) at udp_input+0x1320
ip_deliver(ffff800020afe008,ffff800020afe014,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afe008,ffff800020afe014,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afe008,ffff800020afe014,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806dcdc100) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806dcdc100,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd807f01e200,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd807f01e200,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd807f01e200,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd807f01e200,fffffd807f01e2b0,0,14,fffffd807f01e2c4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afe6f8,ffff800020afe704,11,2) at udp_input+0x1320
ip_deliver(ffff800020afe6f8,ffff800020afe704,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afe6f8,ffff800020afe704,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afe6f8,ffff800020afe704,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd807f01e200) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd807f01e200,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806f3cec00,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
if_input_local(ffff800000679800,fffffd807f01e200,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd806f3cec00,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd806f3cec00,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
somove(fffffd806ec74648,2) at somove+0xf2f sys/kern/uipc_socket.c:1596
sorwakeup(fffffd806ec74648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1645
udp_sbappend(fffffd806f6e7118,fffffd806f3cec00,fffffd806f3cecb0,0,14,fffffd806f3cecc4) at udp_sbappend+0x336 sys/netinet/udp_usrreq.c:635
udp_input(ffff800020afede8,ffff800020afedf4,11,2) at udp_input+0x1320
ip_deliver(ffff800020afede8,ffff800020afedf4,11,2) at ip_deliver+0x353 sys/netinet/ip_input.c:668
ip_ours(ffff800020afede8,ffff800020afedf4,8b,0) at ip_ours+0x412
ip_input_if(ffff800020afede8,ffff800020afedf4,4,0,ffff800000679800) at ip_input_if+0x6ce
ipv4_input(ffff800000679800,fffffd806f3cec00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff800000679800,fffffd806f3cec00,2) at if_input_local+0xf9 sys/net/if.c:776
ip_output(fffffd807f01e700,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 ip_mloopback sys/netinet/ip_output.c:1715 [inline]
ip_output(fffffd807f01e700,0,fffffd806f6e7188,0,0,fffffd806f6e7118) at ip_output+0xae5 sys/netinet/ip_output.c:329
udp_output(fffffd806f6e7118,fffffd807f01e700,0,0) at udp_output+0x5af sys/netinet/udp_usrreq.c:1008
sosend(fffffd806ec74648,0,ffff800020aff160,0,0,4) at sosend+0x671 sys/kern/uipc_socket.c:549
sendit(ffff800020ade9d0,4,ffff800020aff2c0,4,ffff800020aff3b0) at sendit+0x52b sys/kern/uipc_syscalls.c:657
sys_sendmsg(ffff800020ade9d0,ffff800020aff368,ffff800020aff3b0) at sys_sendmsg+0x1a4 sys/kern/uipc_syscalls.c:562
syscall(ffff800020aff430) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020aff430) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc3360, count: -82
end of kernel
ddb{0}> show registers
rdi 0x2
rsi 0xffffffff8247dcf0 __sancov_gen_cov_switch_values.49
rbp 0xffff800020afc020
rbx 0x2
rdx 0xffff800020afc1c8
rcx 0xfffffd806f3e3600
rax 0xffffffff824fc5a8 inetdomain
r8 0
r9 0xfffffd806f3e36c4
r10 0x61f76e0e26bb26aa
r11 0x24e3da83fe72faa7
r12 0xfffffd806ec74648
r13 0xfffffd806ec746d0
r14 0x10
r15 0
rip 0xffffffff81dd53c5 __sanitizer_cov_trace_switch+0x15
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff800020afc000
ss 0x10
__sanitizer_cov_trace_switch+0x15: pushq %r14
ddb{0}> show proc
PROC (syz-executor0508) pid=499840 stat=onproc
flags process=2<EXEC> proc=0
pri=51, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff800020ade010,0xffff800020adec50
process=0xffff800020ac8018 user=0xffff800020afa000, vmspace=0xfffffd806eab6b88
estcpu=1, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
9143 522310 0 0 3 0x14200 bored sosplice
* 1691 499840 4905 0 7 0x2 syz-executor0508
4905 174296 40550 0 3 0x10008a pause ksh
40550 409806 1285 0 3 0x92 select sshd
3765 324520 1 0 3 0x100083 ttyin getty
1285 391735 1 0 3 0x80 select sshd
15676 378061 59930 73 3 0x100090 kqread syslogd
59930 190516 1 0 3 0x100082 netio syslogd
77351 58457 1 77 3 0x100090 poll dhclient
55252 438807 1 0 3 0x80 poll dhclient
83843 217506 0 0 3 0x14200 bored smr
51716 282936 0 0 3 0x14200 pgzero zerothread
92252 505552 0 0 3 0x14200 aiodoned aiodoned
86844 101580 0 0 3 0x14200 syncer update
43755 370577 0 0 3 0x14200 cleaner cleaner
10959 291226 0 0 3 0x14200 reaper reaper
40030 29467 0 0 3 0x14200 pgdaemon pagedaemon
66864 238911 0 0 3 0x14200 bored crynlk
82997 161702 0 0 3 0x14200 bored crypto
50075 24246 0 0 3 0x40014200 acpi0 acpi0
1700 83287 0 0 7 0x40014200 idle1
51183 375318 0 0 3 0x14200 bored softnet
21063 274856 0 0 3 0x14200 bored systqmp
65024 234200 0 0 3 0x14200 bored systq
70690 149393 0 0 3 0x40014200 bored softclock
81377 472294 0 0 3 0x40014200 idle0
1 121496 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 1691 (syz-executor0508) thread 0xffff800020ade9d0 (499840)
exclusive rwlock netlock r = 0 (0xffffffff824f1378)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1164
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x559 sys/kern/uipc_socket.c:537
#3 sendit+0x52b sys/kern/uipc_syscalls.c:657
#4 sys_sendmsg+0x1a4 sys/kern/uipc_syscalls.c:562
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x559 sys/kern/uipc_socket.c:537
#3 sendit+0x52b sys/kern/uipc_syscalls.c:657
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#6 Xsyscall+0x128
ddb{0}> show malloc
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#6 Xsyscall+0x128
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9456 6326K 6327K 78643K 10547 0
pcb 13 8K 8K 78643K 13 0
rtable 61 2K 2K 78643K 117 0
ifaddr 24 7K 7K 78643K 24 0
counters 39 33K 33K 78643K 39 0
ioctlops 0 0K 2K 78643K 13 0
mount 1 1K 1K 78643K 1 0
vnodes 1182 74K 74K 78643K 1187 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 196K 290K 78643K 12766 0
file desc 1 0K 0K 78643K 1 0
proc 47 50K 58K 78643K 278 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 19 95K 95K 78643K 19 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 1K 78643K 151 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 54 2K 3K 78643K 688 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM aobj 2 2K 2K 78643K 2 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 3 0K 0K 78643K 3 0
crypto data 1 1K 1K 78643K 1 0
temp 18 3013K 3077K 78643K 1418 0
kqueue 2 2K 2K 78643K 2 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 2 0 0 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 15 0 13 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 120 27 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 280 24 0 17 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1391 0 15 45 0 45 45 0 8 0
ffsino 272 1391 0 15 92 0 92 92 0 8 0
nchpl 144 1566 0 31 57 0 57 57 0 8 0
uvmvnodes 72 1400 0 0 26 0 26 26 0 8 0
vnodes 208 1400 0 0 74 0 74 74 0 8 0
namei 1024 3447 0 3447 1 0 1 1 0 8 1
percpumem 16 30 0 0 1 0 1 1 0 8 0
scxspl 192 2660 0 2660 2 1 1 2 0 8 1
plimitpl 152 13 0 8 1 0 1 1 0 8 0
sigapl 424 193 0 166 4 0 4 4 0 8 0
knotepl 112 5 0 0 1 0 1 1 0 8 0
kqueuepl 144 2 0 0 1 0 1 1 0 8 0
pipelkpl 48 57 0 53 1 0 1 1 0 8 0
pipepl 120 114 0 107 1 0 1 1 0 8 0
fdescpl 496 177 0 166 2 0 2 2 0 8 0
filepl 152 826 0 781 2 0 2 2 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 96 47 0 40 1 0 1 1 0 8 0
zombiepl 144 166 0 166 1 0 1 1 0 8 1
processpl 960 193 0 166 4 0 4 4 0 8 0
procpl 624 193 0 166 3 0 3 3 0 8 0
sosppl 128 1 0 0 1 0 1 1 0 8 0
sockpl 400 66 0 49 2 0 2 2 0 8 0
mcl4k 4096 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 56 0 0 7 0 7 7 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 78 0 0 5 0 5 5 0 8 0
bufpl 280 1765 0 70 122 0 122 122 0 8 0
anonpl 16 17360 0 16226 6 1 5 6 0 124 0
amapchunkpl 152 466 0 430 2 0 2 2 0 158 0
amappl16 192 68 0 64 1 0 1 1 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 1 0 1 1 1 0 1 0 8 0
amappl13 168 12 0 11 1 0 1 1 0 8 0
amappl12 160 14 0 14 1 0 1 1 0 8 1
amappl11 152 57 0 45 1 0 1 1 0 8 0
amappl10 144 5 0 3 1 0 1 1 0 8 0
amappl9 136 205 0 204 1 0 1 1 0 8 0
amappl8 128 203 0 202 1 0 1 1 0 8 0
amappl7 120 76 0 68 1 0 1 1 0 8 0
amappl6 112 12 0 10 1 0 1 1 0 8 0
amappl5 104 171 0 162 1 0 1 1 0 8 0
amappl4 96 419 0 393 1 0 1 1 0 8 0
amappl3 88 99 0 93 1 0 1 1 0 8 0
amappl2 80 714 0 663 2 0 2 2 0 8 0
amappl1 72 12078 0 11690 14 4 10 14 0 8 0
amappl 80 354 0 335 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 177 0 166 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 177 0 166 1 0 1 1 0 8 0
vmmpekpl 168 5106 0 5085 1 0 1 1 0 8 0
vmmpepl 168 25623 0 24866 44 8 36 44 0 357 3
vmsppl 368 176 0 166 2 0 2 2 0 8 0
pdppl 4096 362 0 332 5 0 5 5 0 8 0
pvpl 32 70333 0 67589 26 0 26 26 0 265 3
pmappl 232 176 0 166 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 131 0 2 4 0 4 4 0 8 0
Reply all
Reply to author
Forward
0 new messages