uvm_fault: _copyin
1 view
Skip to first unread message
syzbot
Jun 25, 2025, 5:01:30 AM6/25/25
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 31f40ba00147 Make "tr /t" start backtraces from the switch..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=103f5182580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=a54d8c37b02b8e595535
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e19c45a8beeb/disk-31f40ba0.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/e69e45f66c30/bsd-31f40ba0.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/967b3f6a4936/kernel-31f40ba0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a54d8c...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806c1e1978, 0xc, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at _copyin+0x62: repe movsl (%rsi),%es:(%rdi)
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*309217 10418 0 0 0x4000000 0 syz-executor
_copyin() at _copyin+0x62
syscall(ffff80002a272020) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a272020) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x68cc2c2a7d0, count: 12
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xfffffd806c1e1978, 0xc, 0, 1) -> e
ddb{0}> trace
_copyin() at _copyin+0x62
syscall(ffff80002a272020) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a272020) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x68cc2c2a7d0, count: -3
ddb{0}> show registers
rdi 0xffff80002a271eec
rsi 0xc
rbp 0xffff80002a271f40
rbx 0xffff80002a272020
rdx 0x10
rcx 0x1
rax 0x4
r8 0x7f7fffffc000
r9 0
r10 0x651ad6a5a447f84f
r11 0xffffffff828edd10 copy_fault
r12 0xffff80002a272020
r13 0
r14 0xffff80002a3d79d0
r15 0xfffffd806c1e65d8
rip 0xffffffff828edcd2 _copyin+0x62
cs 0x8
rflags 0x50202 acpi_pdirpa+0x3c073
rsp 0xffff80002a271ec0
ss 0x10
_copyin+0x62: repe movsl (%rsi),%es:(%rdi)
ddb{0}> show proc
PROC (syz-executor) tid=309217 pid=10418 tcnt=4 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a3d6550,0xffff80002a3d6d10
process=0xffff80002a7d4028 user=0xffff80002a26d000, vmspace=0xfffffd806c1e1978
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
10418 342373 16761 0 2 0 syz-executor
*10418 309217 16761 0 7 0x4000000 syz-executor
10418 434566 16761 0 3 0x4000080 fsleep syz-executor
10418 460205 16761 0 3 0x4000080 fsleep syz-executor
32196 96446 70754 0 2 0 syz-executor
32196 511202 70754 0 3 0x4000080 fsleep syz-executor
32196 294735 70754 0 3 0x4000080 fsleep syz-executor
63994 458606 52524 0 2 0 syz-executor
63994 471353 52524 0 3 0x4000080 fsleep syz-executor
80781 421449 89643 0 3 0x80 nanoslp syz-executor
80781 182697 89643 0 3 0x4000080 lockf syz-executor
80781 247784 89643 0 3 0x4000080 fsleep syz-executor
83566 165989 0 0 3 0x14200 acct acct
16761 45343 59389 0 2 0xc82 syz-executor
57767 110453 59389 0 2 0x2 syz-executor
89643 256427 59389 0 3 0x82 nanoslp syz-executor
52524 197815 59389 0 2 0xc82 syz-executor
81707 253930 1 0 3 0x100083 ttyin getty
46879 413614 59389 0 3 0x82 nanoslp syz-executor
70754 296835 59389 0 3 0x82 nanoslp syz-executor
89895 171885 59389 0 2 0x2 syz-executor
59358 482857 59389 0 2 0xc82 syz-executor
61818 471099 0 0 3 0x14200 bored sosplice
94665 150478 90304 0 3 0x100082 sbwait ndp
90304 186995 1 0 3 0x10008a sigsusp sh
57964 140909 27557 0 3 0x100082 sbwait arp
27557 85969 1 0 3 0x10008a sigsusp sh
59389 241062 54886 0 2 0x2 syz-executor
54886 358977 399 0 3 0x10008a sigsusp ksh
399 239650 68162 0 3 0x98 kqread sshd-session
68162 478631 27301 0 3 0x92 kqread sshd-session
27301 517711 1 0 3 0x88 kqread sshd
50518 482174 97414 74 3 0x1100092 bpf pflogd
97414 327610 1 0 3 0x80 sbwait pflogd
82 116861 75402 73 3 0x1100090 kqread syslogd
75402 315669 1 0 3 0x100082 sbwait syslogd
83765 194316 1 0 3 0x100080 kqread resolvd
18803 288913 0 0 3 0x14200 bored smr
9827 311734 0 0 2 0x14200 zerothread
32496 379371 0 0 3 0x14200 aiodoned aiodoned
6799 179478 0 0 3 0x14200 syncer update
21425 155114 0 0 3 0x14200 cleaner cleaner
62349 50730 0 0 3 0x14200 reaper reaper
19354 248547 0 0 3 0x14200 pgdaemon pagedaemon
49251 329635 0 0 3 0x14200 bored viomb
78423 29382 0 0 3 0x40014200 acpi0 acpi0
21116 173164 0 0 7 0x40014200 idle1
57991 191377 0 0 3 0x14200 bored softnet3
94832 132249 0 0 3 0x14200 bored softnet2
7527 118331 0 0 3 0x14200 bored softnet1
89827 147315 0 0 3 0x14200 bored softnet0
98292 169989 0 0 3 0x14200 bored systqmp
35450 264361 0 0 3 0x14200 syncxs systq
16602 468013 0 0 3 0x14200 tmoslp softclockmp
46215 69289 0 0 3 0x40014200 tmoslp softclock
21032 446119 0 0 3 0x40014200 idle0
1 149720 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
Process 57767 (syz-executor) thread 0xffff80002a3b8558 (110453)
Process 89895 (syz-executor) thread 0xffff80002a3d74b0 (171885)
Process 35450 (systq) thread 0xffff8000ffffea40 (264361)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10238 11085K 13652K 166960K 21730 0
pcb 17 22K 24K 166960K 2737 0
rtable 294 17K 18K 166960K 2929 0
pf 34 17K 67486K 166960K 819 0
ifaddr 37 10K 11K 166960K 550 0
ifgroup 51 2K 2K 166960K 1022 0
sysctl 4 1K 9K 166960K 103 0
counters 66 36K 37K 166960K 1350 0
ioctlops 0 0K 4K 166960K 3955 0
iov 0 0K 32K 166960K 1007 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1660 104K 104K 166960K 9078 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 76K 128K 166960K 140 0
VM map 2 1K 1K 166960K 2 0
sem 24 61K 61K 166960K 339 0
dirhash 12 2K 2K 166960K 273 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 20 73K 256K 166960K 9726 0
sigio 1 0K 0K 166960K 130 0
proc 72 79K 140K 166960K 2841 0
subproc 90 5K 5K 166960K 487 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 1551 0
in_multi 75 5K 7K 166960K 869 0
ether_multi 1 0K 0K 166960K 107 0
mrt 3 0K 0K 166960K 82 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 247 1102K 1102K 166960K 247 0
exec 0 0K 1K 166960K 2471 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 21 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 250 149K 197K 166960K 82081 0
UVM aobj 93 9K 9K 166960K 100 0
pinsyscall 41 82K 110K 166960K 11886 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 578 0
NDP 11 0K 1K 166960K 410 0
temp 89 8696K 8952K 166960K 468466 0
kqueue 8 14K 38K 166960K 1857 0
SYN cache 2 10K 18K 166960K 3 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
vscsiccb 40 1 0 0 1 0 1 1 0 8 0
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 1017 0 1014 11 9 2 3 0 8 1
rtentry 176 992 0 875 8 1 7 8 0 8 0
unpcb 144 7518 0 7501 43 41 2 7 0 8 1
syncache 336 13 0 13 6 6 0 1 0 8 0
tcpqe 32 10 0 10 4 4 0 1 0 8 0
tcpcb 736 3604 0 3599 60 58 2 13 0 8 1
arp 128 209 0 157 3 0 3 3 0 8 0
inpcb 328 12698 0 12692 75 70 5 15 0 8 4
nd6 144 174 0 155 1 0 1 1 0 8 0
pkpcb 40 310 0 310 8 7 1 1 0 8 1
kcovpl 48 53 0 43 1 0 1 1 0 8 0
mppekey 1024 14 0 14 6 5 1 1 0 8 1
ppxss 1192 498 0 498 4 3 1 1 0 8 1
pppxif 1504 48 0 48 12 11 1 1 0 8 1
pffrag 232 60 0 52 1 0 1 1 0 482 0
pffrnode 88 54 0 46 1 0 1 1 0 8 0
pffrent 40 134 0 126 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 5 0 2 1 0 1 1 0 8 0
pfanchor 1288 1 0 0 1 0 1 1 0 8 0
pftag 88 2 0 0 1 0 1 1 0 8 0
pfstitem 24 590 0 435 1 0 1 1 0 8 0
pfstkey 128 590 0 435 6 0 6 6 0 8 0
pfstate 384 590 0 435 20 2 18 20 0 8 0
pfrule 1344 25 0 19 2 1 1 2 0 8 0
rttmr 136 19 0 19 7 7 0 1 0 8 0
art_heap8 4096 5 0 1 5 1 4 5 0 8 0
art_heap4 256 3831 0 3489 46 21 25 33 0 8 2
art_table 32 3836 0 3490 6 2 4 5 0 8 0
art_node 16 966 0 893 1 0 1 1 0 8 0
sysvmsgpl 40 23 0 17 2 1 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 324 0 302 1 0 1 1 0 8 0
shmpl 112 97 0 7 3 0 3 3 0 8 0
dirhash 1024 195 0 178 3 0 3 3 0 8 0
dino2pl 256 19396 0 17788 102 1 101 101 0 8 0
ffsino 288 19396 0 17788 117 1 116 116 0 8 0
nchpl 144 32720 0 32013 65 38 27 65 0 8 0
rtmask 32 52 0 52 12 11 1 1 0 8 1
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 126484 0 126483 9 8 1 2 0 8 0
percpumem 16 690 0 642 1 0 1 1 0 8 0
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
kstatmem 264 626 0 602 7 5 2 3 0 8 0
acpiwqpl 32 7 0 7 1 0 1 1 1 8 1
scsiplug 72 34 0 34 11 11 0 1 0 8 0
scxspl 216 178970 0 178969 24 22 2 8 1 8 1
plimitpl 152 2440 0 2421 1 0 1 1 0 8 0
sigapl 424 9929 0 9878 9 1 8 9 0 8 0
knotepl 120 812 0 0 24 0 24 24 0 8 0
kqueuepl 224 4432 0 4424 56 54 2 9 0 8 1
pipepl 336 1368 0 1333 22 18 4 9 0 8 0
fdescpl 520 9868 0 9837 3 0 3 3 0 8 0
filepl 160 77767 0 77483 69 53 16 24 0 8 1
lockfpl 104 5086 0 5082 9 8 1 2 0 8 0
lockfspl 48 1629 0 1626 1 0 1 1 0 8 0
sessionpl 144 77 0 69 1 0 1 1 0 8 0
pgrppl 48 367 0 348 1 0 1 1 0 8 0
ucredpl 104 11856 0 11845 1 0 1 1 0 8 0
zombiepl 144 9880 0 9878 2 1 1 1 0 8 0
processpl 1240 9929 0 9878 6 0 6 6 0 8 0
procpl 656 23916 0 23857 8 0 8 8 0 8 0
srpgc 96 87 0 87 17 16 1 1 0 8 1
sosppl 168 80 0 80 12 12 0 1 0 8 0
sockpl 728 21890 0 21864 136 128 8 24 0 8 5
mcl64k 65536 10 0 0 2 0 2 2 0 8 0
mcl16k 16384 5 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 143 0 0 15 0 15 15 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 143 0 0 9 2 7 9 0 8 0
mtagpl 96 28 0 0 1 0 1 1 0 8 0
mbufpl 256 6729 0 0 419 0 419 419 0 8 0
bufpl 280 65557 0 59415 440 0 440 440 0 8 0
anonpl 32 20360 0 0 164 1 163 163 0 246 0
amapchunkpl 152 299657 0 298952 108 72 36 44 0 158 0
amappl16 200 31437 0 31056 213 176 37 40 0 8 7
amappl15 192 7 0 7 3 3 0 1 0 8 0
amappl14 184 218 0 207 1 0 1 1 0 8 0
amappl13 176 30 0 30 4 4 0 1 0 8 0
amappl12 168 11180 0 11147 4 1 3 3 0 8 0
amappl11 160 52 0 43 1 0 1 1 0 8 0
amappl10 152 38 0 38 1 1 0 1 0 8 0
amappl9 144 271 0 270 2 1 1 1 0 8 0
amappl8 136 52 0 49 1 0 1 1 0 8 0
amappl7 128 226 0 214 1 0 1 1 0 8 0
amappl6 120 602 0 596 1 0 1 1 0 8 0
amappl5 112 299 0 292 1 0 1 1 0 8 0
amappl4 104 559 0 537 1 0 1 1 0 8 0
amappl3 96 62619 0 62509 4 0 4 4 0 8 0
amappl2 88 1386 0 1332 2 0 2 2 0 8 0
amappl1 80 51522 0 50962 17 2 15 16 0 8 0
amappl 88 78985 0 78802 5 0 5 5 0 92 0
dma65536 65536 1 0 1 1 1 0 1 0 8 0
dma32768 32768 4 0 4 4 4 0 1 0 8 0
dma8192 8192 2 0 2 2 2 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma2048 2048 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma512 512 2 0 2 2 2 0 1 0 8 0
dma256 256 9 0 9 4 4 0 1 0 8 0
dma128 128 270 0 270 10 10 0 1 0 8 0
dma64 64 9 0 9 4 4 0 1 0 8 0
dma32 32 8 0 8 2 2 0 1 0 8 0
dma16 16 27 0 26 1 0 1 1 0 8 0
aobjpl 72 99 0 7 2 0 2 2 0 8 0
uaddrrnd 24 9868 0 9837 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9868 0 9837 1 0 1 1 0 8 0
vmmpekpl 168 64143 0 64082 4 0 4 4 0 8 0
vmmpepl 168 621954 0 619762 196 73 123 125 0 357 9
vmsppl 480 9867 0 9837 5 0 5 5 0 8 0
rwobjpl 72 148332 0 141055 146 6 140 141 0 8 0
pdppl 4096 19743 0 19674 175 102 73 85 0 8 4
pvpl 32 27949 0 0 226 2 224 224 0 265 0
pmappl 256 9867 0 9837 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 1017 0 238 23 0 23 23 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
_copyin() at _copyin+0x62
syscall(ffff80002a272020) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a272020) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x68cc2c2a7d0, count: -3
ddb{0}> machine ddbcpu 1
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 31f40ba00147 Make "tr /t" start backtraces from the switch..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=103f5182580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=a54d8c37b02b8e595535
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e19c45a8beeb/disk-31f40ba0.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/e69e45f66c30/bsd-31f40ba0.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/967b3f6a4936/kernel-31f40ba0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a54d8c...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806c1e1978, 0xc, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at _copyin+0x62: repe movsl (%rsi),%es:(%rdi)
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*309217 10418 0 0 0x4000000 0 syz-executor
_copyin() at _copyin+0x62
syscall(ffff80002a272020) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a272020) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x68cc2c2a7d0, count: 12
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xfffffd806c1e1978, 0xc, 0, 1) -> e
ddb{0}> trace
_copyin() at _copyin+0x62
syscall(ffff80002a272020) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a272020) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x68cc2c2a7d0, count: -3
ddb{0}> show registers
rdi 0xffff80002a271eec
rsi 0xc
rbp 0xffff80002a271f40
rbx 0xffff80002a272020
rdx 0x10
rcx 0x1
rax 0x4
r8 0x7f7fffffc000
r9 0
r10 0x651ad6a5a447f84f
r11 0xffffffff828edd10 copy_fault
r12 0xffff80002a272020
r13 0
r14 0xffff80002a3d79d0
r15 0xfffffd806c1e65d8
rip 0xffffffff828edcd2 _copyin+0x62
cs 0x8
rflags 0x50202 acpi_pdirpa+0x3c073
rsp 0xffff80002a271ec0
ss 0x10
_copyin+0x62: repe movsl (%rsi),%es:(%rdi)
ddb{0}> show proc
PROC (syz-executor) tid=309217 pid=10418 tcnt=4 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a3d6550,0xffff80002a3d6d10
process=0xffff80002a7d4028 user=0xffff80002a26d000, vmspace=0xfffffd806c1e1978
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
10418 342373 16761 0 2 0 syz-executor
*10418 309217 16761 0 7 0x4000000 syz-executor
10418 434566 16761 0 3 0x4000080 fsleep syz-executor
10418 460205 16761 0 3 0x4000080 fsleep syz-executor
32196 96446 70754 0 2 0 syz-executor
32196 511202 70754 0 3 0x4000080 fsleep syz-executor
32196 294735 70754 0 3 0x4000080 fsleep syz-executor
63994 458606 52524 0 2 0 syz-executor
63994 471353 52524 0 3 0x4000080 fsleep syz-executor
80781 421449 89643 0 3 0x80 nanoslp syz-executor
80781 182697 89643 0 3 0x4000080 lockf syz-executor
80781 247784 89643 0 3 0x4000080 fsleep syz-executor
83566 165989 0 0 3 0x14200 acct acct
16761 45343 59389 0 2 0xc82 syz-executor
57767 110453 59389 0 2 0x2 syz-executor
89643 256427 59389 0 3 0x82 nanoslp syz-executor
52524 197815 59389 0 2 0xc82 syz-executor
81707 253930 1 0 3 0x100083 ttyin getty
46879 413614 59389 0 3 0x82 nanoslp syz-executor
70754 296835 59389 0 3 0x82 nanoslp syz-executor
89895 171885 59389 0 2 0x2 syz-executor
59358 482857 59389 0 2 0xc82 syz-executor
61818 471099 0 0 3 0x14200 bored sosplice
94665 150478 90304 0 3 0x100082 sbwait ndp
90304 186995 1 0 3 0x10008a sigsusp sh
57964 140909 27557 0 3 0x100082 sbwait arp
27557 85969 1 0 3 0x10008a sigsusp sh
59389 241062 54886 0 2 0x2 syz-executor
54886 358977 399 0 3 0x10008a sigsusp ksh
399 239650 68162 0 3 0x98 kqread sshd-session
68162 478631 27301 0 3 0x92 kqread sshd-session
27301 517711 1 0 3 0x88 kqread sshd
50518 482174 97414 74 3 0x1100092 bpf pflogd
97414 327610 1 0 3 0x80 sbwait pflogd
82 116861 75402 73 3 0x1100090 kqread syslogd
75402 315669 1 0 3 0x100082 sbwait syslogd
83765 194316 1 0 3 0x100080 kqread resolvd
18803 288913 0 0 3 0x14200 bored smr
9827 311734 0 0 2 0x14200 zerothread
32496 379371 0 0 3 0x14200 aiodoned aiodoned
6799 179478 0 0 3 0x14200 syncer update
21425 155114 0 0 3 0x14200 cleaner cleaner
62349 50730 0 0 3 0x14200 reaper reaper
19354 248547 0 0 3 0x14200 pgdaemon pagedaemon
49251 329635 0 0 3 0x14200 bored viomb
78423 29382 0 0 3 0x40014200 acpi0 acpi0
21116 173164 0 0 7 0x40014200 idle1
57991 191377 0 0 3 0x14200 bored softnet3
94832 132249 0 0 3 0x14200 bored softnet2
7527 118331 0 0 3 0x14200 bored softnet1
89827 147315 0 0 3 0x14200 bored softnet0
98292 169989 0 0 3 0x14200 bored systqmp
35450 264361 0 0 3 0x14200 syncxs systq
16602 468013 0 0 3 0x14200 tmoslp softclockmp
46215 69289 0 0 3 0x40014200 tmoslp softclock
21032 446119 0 0 3 0x40014200 idle0
1 149720 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
Process 57767 (syz-executor) thread 0xffff80002a3b8558 (110453)
Process 89895 (syz-executor) thread 0xffff80002a3d74b0 (171885)
Process 35450 (systq) thread 0xffff8000ffffea40 (264361)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10238 11085K 13652K 166960K 21730 0
pcb 17 22K 24K 166960K 2737 0
rtable 294 17K 18K 166960K 2929 0
pf 34 17K 67486K 166960K 819 0
ifaddr 37 10K 11K 166960K 550 0
ifgroup 51 2K 2K 166960K 1022 0
sysctl 4 1K 9K 166960K 103 0
counters 66 36K 37K 166960K 1350 0
ioctlops 0 0K 4K 166960K 3955 0
iov 0 0K 32K 166960K 1007 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1660 104K 104K 166960K 9078 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 76K 128K 166960K 140 0
VM map 2 1K 1K 166960K 2 0
sem 24 61K 61K 166960K 339 0
dirhash 12 2K 2K 166960K 273 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 20 73K 256K 166960K 9726 0
sigio 1 0K 0K 166960K 130 0
proc 72 79K 140K 166960K 2841 0
subproc 90 5K 5K 166960K 487 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 1551 0
in_multi 75 5K 7K 166960K 869 0
ether_multi 1 0K 0K 166960K 107 0
mrt 3 0K 0K 166960K 82 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 247 1102K 1102K 166960K 247 0
exec 0 0K 1K 166960K 2471 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 21 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 250 149K 197K 166960K 82081 0
UVM aobj 93 9K 9K 166960K 100 0
pinsyscall 41 82K 110K 166960K 11886 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 578 0
NDP 11 0K 1K 166960K 410 0
temp 89 8696K 8952K 166960K 468466 0
kqueue 8 14K 38K 166960K 1857 0
SYN cache 2 10K 18K 166960K 3 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
vscsiccb 40 1 0 0 1 0 1 1 0 8 0
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 1017 0 1014 11 9 2 3 0 8 1
rtentry 176 992 0 875 8 1 7 8 0 8 0
unpcb 144 7518 0 7501 43 41 2 7 0 8 1
syncache 336 13 0 13 6 6 0 1 0 8 0
tcpqe 32 10 0 10 4 4 0 1 0 8 0
tcpcb 736 3604 0 3599 60 58 2 13 0 8 1
arp 128 209 0 157 3 0 3 3 0 8 0
inpcb 328 12698 0 12692 75 70 5 15 0 8 4
nd6 144 174 0 155 1 0 1 1 0 8 0
pkpcb 40 310 0 310 8 7 1 1 0 8 1
kcovpl 48 53 0 43 1 0 1 1 0 8 0
mppekey 1024 14 0 14 6 5 1 1 0 8 1
ppxss 1192 498 0 498 4 3 1 1 0 8 1
pppxif 1504 48 0 48 12 11 1 1 0 8 1
pffrag 232 60 0 52 1 0 1 1 0 482 0
pffrnode 88 54 0 46 1 0 1 1 0 8 0
pffrent 40 134 0 126 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 5 0 2 1 0 1 1 0 8 0
pfanchor 1288 1 0 0 1 0 1 1 0 8 0
pftag 88 2 0 0 1 0 1 1 0 8 0
pfstitem 24 590 0 435 1 0 1 1 0 8 0
pfstkey 128 590 0 435 6 0 6 6 0 8 0
pfstate 384 590 0 435 20 2 18 20 0 8 0
pfrule 1344 25 0 19 2 1 1 2 0 8 0
rttmr 136 19 0 19 7 7 0 1 0 8 0
art_heap8 4096 5 0 1 5 1 4 5 0 8 0
art_heap4 256 3831 0 3489 46 21 25 33 0 8 2
art_table 32 3836 0 3490 6 2 4 5 0 8 0
art_node 16 966 0 893 1 0 1 1 0 8 0
sysvmsgpl 40 23 0 17 2 1 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 324 0 302 1 0 1 1 0 8 0
shmpl 112 97 0 7 3 0 3 3 0 8 0
dirhash 1024 195 0 178 3 0 3 3 0 8 0
dino2pl 256 19396 0 17788 102 1 101 101 0 8 0
ffsino 288 19396 0 17788 117 1 116 116 0 8 0
nchpl 144 32720 0 32013 65 38 27 65 0 8 0
rtmask 32 52 0 52 12 11 1 1 0 8 1
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 126484 0 126483 9 8 1 2 0 8 0
percpumem 16 690 0 642 1 0 1 1 0 8 0
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
kstatmem 264 626 0 602 7 5 2 3 0 8 0
acpiwqpl 32 7 0 7 1 0 1 1 1 8 1
scsiplug 72 34 0 34 11 11 0 1 0 8 0
scxspl 216 178970 0 178969 24 22 2 8 1 8 1
plimitpl 152 2440 0 2421 1 0 1 1 0 8 0
sigapl 424 9929 0 9878 9 1 8 9 0 8 0
knotepl 120 812 0 0 24 0 24 24 0 8 0
kqueuepl 224 4432 0 4424 56 54 2 9 0 8 1
pipepl 336 1368 0 1333 22 18 4 9 0 8 0
fdescpl 520 9868 0 9837 3 0 3 3 0 8 0
filepl 160 77767 0 77483 69 53 16 24 0 8 1
lockfpl 104 5086 0 5082 9 8 1 2 0 8 0
lockfspl 48 1629 0 1626 1 0 1 1 0 8 0
sessionpl 144 77 0 69 1 0 1 1 0 8 0
pgrppl 48 367 0 348 1 0 1 1 0 8 0
ucredpl 104 11856 0 11845 1 0 1 1 0 8 0
zombiepl 144 9880 0 9878 2 1 1 1 0 8 0
processpl 1240 9929 0 9878 6 0 6 6 0 8 0
procpl 656 23916 0 23857 8 0 8 8 0 8 0
srpgc 96 87 0 87 17 16 1 1 0 8 1
sosppl 168 80 0 80 12 12 0 1 0 8 0
sockpl 728 21890 0 21864 136 128 8 24 0 8 5
mcl64k 65536 10 0 0 2 0 2 2 0 8 0
mcl16k 16384 5 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 143 0 0 15 0 15 15 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 143 0 0 9 2 7 9 0 8 0
mtagpl 96 28 0 0 1 0 1 1 0 8 0
mbufpl 256 6729 0 0 419 0 419 419 0 8 0
bufpl 280 65557 0 59415 440 0 440 440 0 8 0
anonpl 32 20360 0 0 164 1 163 163 0 246 0
amapchunkpl 152 299657 0 298952 108 72 36 44 0 158 0
amappl16 200 31437 0 31056 213 176 37 40 0 8 7
amappl15 192 7 0 7 3 3 0 1 0 8 0
amappl14 184 218 0 207 1 0 1 1 0 8 0
amappl13 176 30 0 30 4 4 0 1 0 8 0
amappl12 168 11180 0 11147 4 1 3 3 0 8 0
amappl11 160 52 0 43 1 0 1 1 0 8 0
amappl10 152 38 0 38 1 1 0 1 0 8 0
amappl9 144 271 0 270 2 1 1 1 0 8 0
amappl8 136 52 0 49 1 0 1 1 0 8 0
amappl7 128 226 0 214 1 0 1 1 0 8 0
amappl6 120 602 0 596 1 0 1 1 0 8 0
amappl5 112 299 0 292 1 0 1 1 0 8 0
amappl4 104 559 0 537 1 0 1 1 0 8 0
amappl3 96 62619 0 62509 4 0 4 4 0 8 0
amappl2 88 1386 0 1332 2 0 2 2 0 8 0
amappl1 80 51522 0 50962 17 2 15 16 0 8 0
amappl 88 78985 0 78802 5 0 5 5 0 92 0
dma65536 65536 1 0 1 1 1 0 1 0 8 0
dma32768 32768 4 0 4 4 4 0 1 0 8 0
dma8192 8192 2 0 2 2 2 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma2048 2048 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma512 512 2 0 2 2 2 0 1 0 8 0
dma256 256 9 0 9 4 4 0 1 0 8 0
dma128 128 270 0 270 10 10 0 1 0 8 0
dma64 64 9 0 9 4 4 0 1 0 8 0
dma32 32 8 0 8 2 2 0 1 0 8 0
dma16 16 27 0 26 1 0 1 1 0 8 0
aobjpl 72 99 0 7 2 0 2 2 0 8 0
uaddrrnd 24 9868 0 9837 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9868 0 9837 1 0 1 1 0 8 0
vmmpekpl 168 64143 0 64082 4 0 4 4 0 8 0
vmmpepl 168 621954 0 619762 196 73 123 125 0 357 9
vmsppl 480 9867 0 9837 5 0 5 5 0 8 0
rwobjpl 72 148332 0 141055 146 6 140 141 0 8 0
pdppl 4096 19743 0 19674 175 102 73 85 0 8 4
pvpl 32 27949 0 0 226 2 224 224 0 265 0
pmappl 256 9867 0 9837 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 1017 0 238 23 0 23 23 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
_copyin() at _copyin+0x62
syscall(ffff80002a272020) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a272020) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x68cc2c2a7d0, count: -3
ddb{0}> machine ddbcpu 1
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Nov 6, 2025, 1:09:20 PM11/6/25
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages