protection_fault: malloc (2)
0 views
Skip to first unread message
syzbot
12:56 AM (15 hours ago) 12:56 AM
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 532f6034b8b3 Register the thermal sensor with the thermal ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11fd0534580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=875ffed6954c2291966a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0c04dad355a5/disk-532f6034.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/b58a603b1e36/bsd-532f6034.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/38e6cac3e693/kernel-532f6034.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+875ffe...@syzkaller.appspotmail.com
kernel: protection fault trap, code=0
Stopped at malloc+0x7cf: movq 0x8(%rbx),%r15
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
malloc(10,62,2) at malloc+0x7cf sys/kern/kern_malloc.c:290
amap_alloc1(20,2,0) at amap_alloc1+0x291 sys/uvm/uvm_amap.c:353
amap_alloc(20000,2,0) at amap_alloc+0xad sys/uvm/uvm_amap.c:-1
amap_copy(fffffd80635d1e78,fffffd805dc27c30,2,0,5222a7d0000,5222a7d0001) at amap_copy+0x6ac sys/uvm/uvm_amap.c:569
uvm_fault_check(ffff80003118f5f0,ffff80003118f628,ffff80003118f660,0) at uvm_fault_check+0x457 sys/uvm/uvm_fault.c:753
uvm_fault(fffffd80635d1e78,5222a7d0000,0,2) at uvm_fault+0xe6 sys/uvm/uvm_fault.c:633
upageflttrap(ffff80003118f780,5222a7d0088) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80003118f780) at usertrap+0x3aa sys/arch/amd64/amd64/trap.c:603
recall_trap() at recall_trap+0x8
end trace frame: 0x0, count: -9
ddb> show registers
rdi 0x2f07708c43f35167
rsi 0
rbp 0xffff80003118f290
rbx 0x2f07708c43f35167
rdx 0
rcx 0x4
rax 0xffff80002a832038
r8 0x5222a7d0000
r9 0x5222a7d0001
r10 0xcb9f4d47c8e7e9f3
r11 0x52f8c7568776cc6f
r12 0x10
r13 0xffffffff83890f10 kmemstats+0x1880
r14 0x2f07708c43f35167
r15 0
rip 0xffffffff8178f7af malloc+0x7cf
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff80003118f1e0
ss 0
malloc+0x7cf: movq 0x8(%rbx),%r15
ddb> show proc
PROC (syz-executor) tid=58572 pid=97531 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=36, usrpri=86, slppri=36, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a832568,0xffffffff838a8258
process=0xffff8000ffff8498 user=0xffff80003118a000, vmspace=0xfffffd80635d1e78
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
97531 518791 56599 0 2 0 syz-executor
97531 69003 56599 0 2 0x4000000 syz-executor
*97531 58572 56599 0 7 0x4000000 syz-executor
65897 73582 23254 0 2 0 syz-executor
65897 188957 23254 0 3 0x4000080 fsleep syz-executor
58635 383485 83112 0 3 0x3000 suspend syz-executor
58635 207498 83112 0 2 0x4081000 syz-executor
13202 173511 41099 0 2 0x1000000 syz-executor
13202 61994 41099 0 3 0x5000080 fsleep syz-executor
20588 407513 58653 0 2 0 syz-executor
20588 101543 58653 0 3 0x4000080 ttyin syz-executor
20588 362507 58653 0 3 0x4000080 fsleep syz-executor
20588 499658 58653 0 2 0x4000000 syz-executor
75798 38369 62162 0 2 0 syz-executor
75798 405666 62162 0 3 0x4000080 fsleep syz-executor
51948 388382 42337 0 2 0 syz-executor
51948 269831 42337 0 2 0x4000000 syz-executor
51948 479296 42337 0 2 0x4000000 syz-executor
33892 205805 59828 0 2 0x10 syz-executor
33892 409371 59828 0 3 0x4000090 fifor syz-executor
33892 185996 59828 0 3 0x4000090 fifor syz-executor
33892 146239 59828 0 3 0x4000090 fsleep syz-executor
50186 91287 0 0 3 0x14280 nfsidl nfsio
57588 379466 0 0 3 0x14280 nfsidl nfsio
86651 343284 0 0 3 0x14280 nfsidl nfsio
84903 459756 0 0 3 0x14280 nfsidl nfsio
51254 461122 0 0 3 0x14280 nfsidl nfsio
8543 473226 0 0 3 0x14280 nfsidl nfsio
4341 93276 0 0 3 0x14280 nfsidl nfsio
52637 466622 0 0 3 0x14280 nfsidl nfsio
63297 17671 0 0 3 0x14280 nfsidl nfsio
45130 7659 0 0 3 0x14280 nfsidl nfsio
50303 84922 0 0 3 0x14280 nfsidl nfsio
31437 374012 0 0 3 0x14280 nfsidl nfsio
41644 438613 0 0 3 0x14280 nfsidl nfsio
31124 481208 0 0 3 0x14280 nfsidl nfsio
73192 281406 0 0 3 0x14280 nfsidl nfsio
19679 517386 0 0 3 0x14280 nfsidl nfsio
67319 119122 0 0 3 0x14280 nfsidl nfsio
81891 60685 0 0 3 0x14280 nfsidl nfsio
20528 220789 0 0 3 0x14280 nfsidl nfsio
73355 385088 0 0 3 0x14280 nfsidl nfsio
62162 382773 65199 0 3 0x82 nanoslp syz-executor
42337 317881 65199 0 3 0x82 nanoslp syz-executor
24498 326589 0 0 3 0x14200 bored sosplice
56599 282166 65199 0 3 0x82 nanoslp syz-executor
58653 328410 65199 0 3 0x82 nanoslp syz-executor
23254 19219 65199 0 3 0x82 nanoslp syz-executor
59828 497734 65199 0 3 0x82 nanoslp syz-executor
83112 332822 65199 0 3 0x82 nanoslp syz-executor
41099 161130 65199 0 3 0x82 nanoslp syz-executor
65199 371879 66447 0 3 0x82 kqread syz-executor
66447 425967 32412 0 3 0x10008a sigsusp ksh
32412 153185 1785 0 3 0x98 kqread sshd-session
1785 287106 47383 0 3 0x92 kqread sshd-session
56172 260728 1 0 3 0x100083 ttyin getty
47383 252982 1 0 3 0x88 kqread sshd
39997 105532 56274 73 3 0x1100090 kqread syslogd
56274 136280 1 0 3 0x100082 sbwait syslogd
88244 179622 1 0 3 0x100080 kqread resolvd
97031 247941 75184 77 3 0x100092 kqread dhcpleased
8559 96310 75184 77 3 0x100092 kqread dhcpleased
75184 129583 1 0 3 0x80 kqread dhcpleased
49063 374511 0 0 3 0x14200 bored smr
7599 453691 0 0 2 0x14200 zerothread
17253 2328 0 0 3 0x14200 aiodoned aiodoned
91778 321929 0 0 3 0x14200 syncer update
61011 108588 0 0 3 0x14200 cleaner cleaner
67082 392768 0 0 3 0x14200 reaper reaper
36326 205812 0 0 3 0x14200 pgdaemon pagedaemon
4828 99941 0 0 3 0x14200 bored viomb
23512 72422 0 0 3 0x40014200 acpi0 acpi0
19973 58358 0 0 3 0x14200 bored softnet0
21036 293501 0 0 3 0x14200 bored systqmp
56291 482380 0 0 3 0x14200 bored systq
51992 11150 0 0 3 0x40014200 tmoslp softclock
51342 123639 0 0 3 0x40014200 idle0
1 480504 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10186 11133K 11409K 166960K 12113 0
pcb 18 15K 16K 166960K 183 0
rtable 177 7K 7K 166960K 385 0
pf 31 13K 14K 166960K 101 0
ifaddr 38 6K 8K 166960K 90 0
ifgroup 50 2K 2K 166960K 131 0
sysctl 3 1K 9K 166960K 13 0
counters 32 17K 18K 166960K 76 0
ioctlops 0 0K 4K 166960K 127 0
iov 0 0K 12K 166960K 141 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1402 88K 89K 166960K 2078 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 15 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 99 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 106K 166960K 824 0
sigio 0 0K 0K 166960K 11 0
proc 63 67K 124K 166960K 576 0
subproc 72 4K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 103 0
in_multi 77 5K 7K 166960K 155 0
ether_multi 1 0K 0K 166960K 9 0
mrt 0 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 476 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 234 151K 170K 166960K 8978 0
UVM aobj 23 6K 6K 166960K 25 0
pinsyscall 39 78K 96K 166960K 1906 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 45 0
NDP 11 0K 1K 166960K 59 0
temp 75 8648K 8712K 166960K 33959 0
kqueue 14 22K 33K 166960K 180 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 79 0 76 1 0 1 1 0 8 0
rtentry 136 135 0 65 4 0 4 4 0 8 0
unpcb 144 358 0 339 3 1 2 2 0 8 1
syncache 336 4 0 4 1 1 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 736 235 0 227 4 0 4 4 0 8 3
arp 96 16 0 5 1 0 1 1 0 8 0
ipq 40 3 0 0 1 0 1 1 0 8 0
ipqe 40 36 0 33 1 0 1 1 0 8 0
inpcb 328 681 0 666 13 6 7 7 0 8 5
ip6q 72 1 0 0 1 0 1 1 0 8 0
ip6af 40 1 0 0 1 0 1 1 0 8 0
nd6 112 23 0 10 1 0 1 1 0 8 0
pkpcb 40 7 0 7 2 1 1 1 0 8 1
kcovpl 48 10 0 2 1 0 1 1 0 8 0
mppekey 1024 3 0 3 1 1 0 1 0 8 0
ppxss 1072 34 0 34 2 1 1 1 0 8 1
pppxif 1384 4 0 4 2 1 1 1 0 8 1
pfrule 1344 2 0 2 1 1 0 1 0 8 0
rttmr 136 2 0 2 2 1 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 611 0 284 30 0 30 30 0 8 7
art_table 40 612 0 284 5 0 5 5 0 8 0
art_node 32 134 0 76 1 0 1 1 0 8 0
sysvmsgpl 40 13 0 9 2 1 1 1 0 8 0
semupl 112 2 0 2 1 0 1 1 0 8 1
semapl 112 30 0 20 1 0 1 1 0 8 0
shmpl 112 22 0 2 1 0 1 1 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 2899 0 1394 95 0 95 95 0 8 0
ffsino 256 2900 0 1394 95 0 95 95 0 8 0
nchpl 144 4055 0 2362 63 0 63 63 0 8 0
rtmask 32 6 0 6 2 1 1 1 0 8 1
uvmvnodes 80 3378 0 0 69 0 69 69 0 8 0
vnodes 216 3378 0 0 188 0 188 188 0 8 0
namei 1024 13712 0 13710 3 2 1 2 0 8 0
kstatmem 264 78 0 56 2 0 2 2 0 8 0
scsiplug 72 5 0 5 2 1 1 1 0 8 1
scxspl 216 17482 0 17482 15 7 8 8 1 8 8
plimitpl 152 294 0 277 1 0 1 1 0 8 0
sigapl 424 1115 0 1051 8 0 8 8 0 8 0
knotepl 120 45814 0 45763 25 15 10 17 0 8 8
kqueuepl 184 266 0 254 2 0 2 2 0 8 1
pipepl 304 227 0 200 3 0 3 3 0 8 0
fdescpl 448 1078 0 1048 5 1 4 5 0 8 0
filepl 120 6248 0 6019 13 2 11 11 0 8 2
lockfpl 104 455 0 449 2 0 2 2 0 8 1
lockfspl 48 198 0 192 1 0 1 1 0 8 0
sessionpl 144 24 0 16 1 0 1 1 0 8 0
pgrppl 48 41 0 25 1 0 1 1 0 8 0
ucredpl 104 1227 0 1214 1 0 1 1 0 8 0
zombiepl 144 1371 0 1368 2 1 1 1 0 8 0
processpl 1152 1115 0 1051 5 0 5 5 0 8 0
procpl 664 2245 0 2164 8 1 7 7 0 8 0
sosppl 168 1 0 1 1 1 0 1 0 8 0
sockpl 552 1146 0 1109 12 4 8 8 0 8 5
mcl64k 65536 58 0 58 3 2 1 1 0 8 1
mcl16k 16384 1 0 1 1 0 1 1 0 8 1
mcl12k 12288 1 0 1 1 0 1 1 0 8 1
mcl9k 9216 2 0 2 1 1 0 1 0 8 0
mcl8k 8192 19 0 19 3 2 1 1 0 8 1
mcl4k 4096 3358 0 3306 15 7 8 13 0 8 1
mcl2k2 2112 1 0 1 1 0 1 1 0 8 1
mcl2k 2048 1083 0 1078 9 1 8 9 0 8 7
mtagpl 96 10 0 7 1 0 1 1 0 8 0
mbufpl 256 11360 0 11192 45 22 23 40 0 8 7
bufpl 280 7669 0 1441 446 0 446 446 0 8 0
anonpl 24 185585 0 181884 70 22 48 48 0 187 15
amapchunkpl 152 30503 0 29987 51 14 37 37 0 158 14
amappl16 200 3872 0 3837 41 30 11 15 0 8 8
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 113 0 103 1 0 1 1 0 8 0
amappl13 176 2 0 2 1 1 0 1 0 8 0
amappl12 168 1722 0 1692 3 1 2 3 0 8 0
amappl11 160 45 0 35 1 0 1 1 0 8 0
amappl10 152 9 0 9 1 1 0 1 0 8 0
amappl9 144 248 0 248 1 1 0 1 0 8 0
amappl8 136 20 0 18 1 0 1 1 0 8 0
amappl7 128 105 0 95 1 0 1 1 0 8 0
amappl6 120 199 0 195 1 0 1 1 0 8 0
amappl5 112 117 0 110 1 0 1 1 0 8 0
amappl4 104 272 0 255 1 0 1 1 0 8 0
amappl3 96 5083 0 4989 3 0 3 3 0 8 0
amappl2 88 1318 0 1246 2 0 2 2 0 8 0
amappl1 80 11078 0 10516 14 0 14 14 0 8 0
amappl 88 8171 0 7999 6 1 5 5 0 92 0
dma4096 4096 2 0 2 2 1 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 256 0 256 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 24 0 2 1 0 1 1 0 8 0
uaddrrnd 24 1078 0 1048 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1078 0 1048 1 0 1 1 0 8 0
vmmpekpl 168 9851 0 9798 3 0 3 3 0 8 0
vmmpepl 168 73137 0 71205 106 10 96 96 0 357 10
vmsppl 368 1077 0 1048 4 1 3 4 0 8 0
rwobjpl 40 24979 0 20715 45 1 44 44 0 8 0
pdppl 4096 2162 0 2096 114 48 66 82 0 8 0
pvpl 32 490283 0 481204 152 37 115 119 0 265 26
pmappl 216 1077 0 1048 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 436 0 90 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
malloc(10,62,2) at malloc+0x7cf sys/kern/kern_malloc.c:290
amap_alloc1(20,2,0) at amap_alloc1+0x291 sys/uvm/uvm_amap.c:353
amap_alloc(20000,2,0) at amap_alloc+0xad sys/uvm/uvm_amap.c:-1
amap_copy(fffffd80635d1e78,fffffd805dc27c30,2,0,5222a7d0000,5222a7d0001) at amap_copy+0x6ac sys/uvm/uvm_amap.c:569
uvm_fault_check(ffff80003118f5f0,ffff80003118f628,ffff80003118f660,0) at uvm_fault_check+0x457 sys/uvm/uvm_fault.c:753
uvm_fault(fffffd80635d1e78,5222a7d0000,0,2) at uvm_fault+0xe6 sys/uvm/uvm_fault.c:633
upageflttrap(ffff80003118f780,5222a7d0088) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80003118f780) at usertrap+0x3aa sys/arch/amd64/amd64/trap.c:603
recall_trap() at recall_trap+0x8
end trace frame: 0x0, count: -9
ddb> machine ddbcpu 1
No such command
ddb> trace
malloc(10,62,2) at malloc+0x7cf sys/kern/kern_malloc.c:290
amap_alloc1(20,2,0) at amap_alloc1+0x291 sys/uvm/uvm_amap.c:353
amap_alloc(20000,2,0) at amap_alloc+0xad sys/uvm/uvm_amap.c:-1
amap_copy(fffffd80635d1e78,fffffd805dc27c30,2,0,5222a7d0000,5222a7d0001) at amap_copy+0x6ac sys/uvm/uvm_amap.c:569
uvm_fault_check(ffff80003118f5f0,ffff80003118f628,ffff80003118f660,0) at uvm_fault_check+0x457 sys/uvm/uvm_fault.c:753
uvm_fault(fffffd80635d1e78,5222a7d0000,0,2) at uvm_fault+0xe6 sys/uvm/uvm_fault.c:633
upageflttrap(ffff80003118f780,5222a7d0088) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80003118f780) at usertrap+0x3aa sys/arch/amd64/amd64/trap.c:603
recall_trap() at recall_trap+0x8
end trace frame: 0x0, count: -9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 532f6034b8b3 Register the thermal sensor with the thermal ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11fd0534580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=875ffed6954c2291966a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0c04dad355a5/disk-532f6034.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/b58a603b1e36/bsd-532f6034.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/38e6cac3e693/kernel-532f6034.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+875ffe...@syzkaller.appspotmail.com
kernel: protection fault trap, code=0
Stopped at malloc+0x7cf: movq 0x8(%rbx),%r15
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
malloc(10,62,2) at malloc+0x7cf sys/kern/kern_malloc.c:290
amap_alloc1(20,2,0) at amap_alloc1+0x291 sys/uvm/uvm_amap.c:353
amap_alloc(20000,2,0) at amap_alloc+0xad sys/uvm/uvm_amap.c:-1
amap_copy(fffffd80635d1e78,fffffd805dc27c30,2,0,5222a7d0000,5222a7d0001) at amap_copy+0x6ac sys/uvm/uvm_amap.c:569
uvm_fault_check(ffff80003118f5f0,ffff80003118f628,ffff80003118f660,0) at uvm_fault_check+0x457 sys/uvm/uvm_fault.c:753
uvm_fault(fffffd80635d1e78,5222a7d0000,0,2) at uvm_fault+0xe6 sys/uvm/uvm_fault.c:633
upageflttrap(ffff80003118f780,5222a7d0088) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80003118f780) at usertrap+0x3aa sys/arch/amd64/amd64/trap.c:603
recall_trap() at recall_trap+0x8
end trace frame: 0x0, count: -9
ddb> show registers
rdi 0x2f07708c43f35167
rsi 0
rbp 0xffff80003118f290
rbx 0x2f07708c43f35167
rdx 0
rcx 0x4
rax 0xffff80002a832038
r8 0x5222a7d0000
r9 0x5222a7d0001
r10 0xcb9f4d47c8e7e9f3
r11 0x52f8c7568776cc6f
r12 0x10
r13 0xffffffff83890f10 kmemstats+0x1880
r14 0x2f07708c43f35167
r15 0
rip 0xffffffff8178f7af malloc+0x7cf
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff80003118f1e0
ss 0
malloc+0x7cf: movq 0x8(%rbx),%r15
ddb> show proc
PROC (syz-executor) tid=58572 pid=97531 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=36, usrpri=86, slppri=36, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a832568,0xffffffff838a8258
process=0xffff8000ffff8498 user=0xffff80003118a000, vmspace=0xfffffd80635d1e78
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
97531 518791 56599 0 2 0 syz-executor
97531 69003 56599 0 2 0x4000000 syz-executor
*97531 58572 56599 0 7 0x4000000 syz-executor
65897 73582 23254 0 2 0 syz-executor
65897 188957 23254 0 3 0x4000080 fsleep syz-executor
58635 383485 83112 0 3 0x3000 suspend syz-executor
58635 207498 83112 0 2 0x4081000 syz-executor
13202 173511 41099 0 2 0x1000000 syz-executor
13202 61994 41099 0 3 0x5000080 fsleep syz-executor
20588 407513 58653 0 2 0 syz-executor
20588 101543 58653 0 3 0x4000080 ttyin syz-executor
20588 362507 58653 0 3 0x4000080 fsleep syz-executor
20588 499658 58653 0 2 0x4000000 syz-executor
75798 38369 62162 0 2 0 syz-executor
75798 405666 62162 0 3 0x4000080 fsleep syz-executor
51948 388382 42337 0 2 0 syz-executor
51948 269831 42337 0 2 0x4000000 syz-executor
51948 479296 42337 0 2 0x4000000 syz-executor
33892 205805 59828 0 2 0x10 syz-executor
33892 409371 59828 0 3 0x4000090 fifor syz-executor
33892 185996 59828 0 3 0x4000090 fifor syz-executor
33892 146239 59828 0 3 0x4000090 fsleep syz-executor
50186 91287 0 0 3 0x14280 nfsidl nfsio
57588 379466 0 0 3 0x14280 nfsidl nfsio
86651 343284 0 0 3 0x14280 nfsidl nfsio
84903 459756 0 0 3 0x14280 nfsidl nfsio
51254 461122 0 0 3 0x14280 nfsidl nfsio
8543 473226 0 0 3 0x14280 nfsidl nfsio
4341 93276 0 0 3 0x14280 nfsidl nfsio
52637 466622 0 0 3 0x14280 nfsidl nfsio
63297 17671 0 0 3 0x14280 nfsidl nfsio
45130 7659 0 0 3 0x14280 nfsidl nfsio
50303 84922 0 0 3 0x14280 nfsidl nfsio
31437 374012 0 0 3 0x14280 nfsidl nfsio
41644 438613 0 0 3 0x14280 nfsidl nfsio
31124 481208 0 0 3 0x14280 nfsidl nfsio
73192 281406 0 0 3 0x14280 nfsidl nfsio
19679 517386 0 0 3 0x14280 nfsidl nfsio
67319 119122 0 0 3 0x14280 nfsidl nfsio
81891 60685 0 0 3 0x14280 nfsidl nfsio
20528 220789 0 0 3 0x14280 nfsidl nfsio
73355 385088 0 0 3 0x14280 nfsidl nfsio
62162 382773 65199 0 3 0x82 nanoslp syz-executor
42337 317881 65199 0 3 0x82 nanoslp syz-executor
24498 326589 0 0 3 0x14200 bored sosplice
56599 282166 65199 0 3 0x82 nanoslp syz-executor
58653 328410 65199 0 3 0x82 nanoslp syz-executor
23254 19219 65199 0 3 0x82 nanoslp syz-executor
59828 497734 65199 0 3 0x82 nanoslp syz-executor
83112 332822 65199 0 3 0x82 nanoslp syz-executor
41099 161130 65199 0 3 0x82 nanoslp syz-executor
65199 371879 66447 0 3 0x82 kqread syz-executor
66447 425967 32412 0 3 0x10008a sigsusp ksh
32412 153185 1785 0 3 0x98 kqread sshd-session
1785 287106 47383 0 3 0x92 kqread sshd-session
56172 260728 1 0 3 0x100083 ttyin getty
47383 252982 1 0 3 0x88 kqread sshd
39997 105532 56274 73 3 0x1100090 kqread syslogd
56274 136280 1 0 3 0x100082 sbwait syslogd
88244 179622 1 0 3 0x100080 kqread resolvd
97031 247941 75184 77 3 0x100092 kqread dhcpleased
8559 96310 75184 77 3 0x100092 kqread dhcpleased
75184 129583 1 0 3 0x80 kqread dhcpleased
49063 374511 0 0 3 0x14200 bored smr
7599 453691 0 0 2 0x14200 zerothread
17253 2328 0 0 3 0x14200 aiodoned aiodoned
91778 321929 0 0 3 0x14200 syncer update
61011 108588 0 0 3 0x14200 cleaner cleaner
67082 392768 0 0 3 0x14200 reaper reaper
36326 205812 0 0 3 0x14200 pgdaemon pagedaemon
4828 99941 0 0 3 0x14200 bored viomb
23512 72422 0 0 3 0x40014200 acpi0 acpi0
19973 58358 0 0 3 0x14200 bored softnet0
21036 293501 0 0 3 0x14200 bored systqmp
56291 482380 0 0 3 0x14200 bored systq
51992 11150 0 0 3 0x40014200 tmoslp softclock
51342 123639 0 0 3 0x40014200 idle0
1 480504 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10186 11133K 11409K 166960K 12113 0
pcb 18 15K 16K 166960K 183 0
rtable 177 7K 7K 166960K 385 0
pf 31 13K 14K 166960K 101 0
ifaddr 38 6K 8K 166960K 90 0
ifgroup 50 2K 2K 166960K 131 0
sysctl 3 1K 9K 166960K 13 0
counters 32 17K 18K 166960K 76 0
ioctlops 0 0K 4K 166960K 127 0
iov 0 0K 12K 166960K 141 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1402 88K 89K 166960K 2078 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 15 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 99 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 106K 166960K 824 0
sigio 0 0K 0K 166960K 11 0
proc 63 67K 124K 166960K 576 0
subproc 72 4K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 103 0
in_multi 77 5K 7K 166960K 155 0
ether_multi 1 0K 0K 166960K 9 0
mrt 0 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 476 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 234 151K 170K 166960K 8978 0
UVM aobj 23 6K 6K 166960K 25 0
pinsyscall 39 78K 96K 166960K 1906 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 45 0
NDP 11 0K 1K 166960K 59 0
temp 75 8648K 8712K 166960K 33959 0
kqueue 14 22K 33K 166960K 180 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 79 0 76 1 0 1 1 0 8 0
rtentry 136 135 0 65 4 0 4 4 0 8 0
unpcb 144 358 0 339 3 1 2 2 0 8 1
syncache 336 4 0 4 1 1 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 736 235 0 227 4 0 4 4 0 8 3
arp 96 16 0 5 1 0 1 1 0 8 0
ipq 40 3 0 0 1 0 1 1 0 8 0
ipqe 40 36 0 33 1 0 1 1 0 8 0
inpcb 328 681 0 666 13 6 7 7 0 8 5
ip6q 72 1 0 0 1 0 1 1 0 8 0
ip6af 40 1 0 0 1 0 1 1 0 8 0
nd6 112 23 0 10 1 0 1 1 0 8 0
pkpcb 40 7 0 7 2 1 1 1 0 8 1
kcovpl 48 10 0 2 1 0 1 1 0 8 0
mppekey 1024 3 0 3 1 1 0 1 0 8 0
ppxss 1072 34 0 34 2 1 1 1 0 8 1
pppxif 1384 4 0 4 2 1 1 1 0 8 1
pfrule 1344 2 0 2 1 1 0 1 0 8 0
rttmr 136 2 0 2 2 1 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 611 0 284 30 0 30 30 0 8 7
art_table 40 612 0 284 5 0 5 5 0 8 0
art_node 32 134 0 76 1 0 1 1 0 8 0
sysvmsgpl 40 13 0 9 2 1 1 1 0 8 0
semupl 112 2 0 2 1 0 1 1 0 8 1
semapl 112 30 0 20 1 0 1 1 0 8 0
shmpl 112 22 0 2 1 0 1 1 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 2899 0 1394 95 0 95 95 0 8 0
ffsino 256 2900 0 1394 95 0 95 95 0 8 0
nchpl 144 4055 0 2362 63 0 63 63 0 8 0
rtmask 32 6 0 6 2 1 1 1 0 8 1
uvmvnodes 80 3378 0 0 69 0 69 69 0 8 0
vnodes 216 3378 0 0 188 0 188 188 0 8 0
namei 1024 13712 0 13710 3 2 1 2 0 8 0
kstatmem 264 78 0 56 2 0 2 2 0 8 0
scsiplug 72 5 0 5 2 1 1 1 0 8 1
scxspl 216 17482 0 17482 15 7 8 8 1 8 8
plimitpl 152 294 0 277 1 0 1 1 0 8 0
sigapl 424 1115 0 1051 8 0 8 8 0 8 0
knotepl 120 45814 0 45763 25 15 10 17 0 8 8
kqueuepl 184 266 0 254 2 0 2 2 0 8 1
pipepl 304 227 0 200 3 0 3 3 0 8 0
fdescpl 448 1078 0 1048 5 1 4 5 0 8 0
filepl 120 6248 0 6019 13 2 11 11 0 8 2
lockfpl 104 455 0 449 2 0 2 2 0 8 1
lockfspl 48 198 0 192 1 0 1 1 0 8 0
sessionpl 144 24 0 16 1 0 1 1 0 8 0
pgrppl 48 41 0 25 1 0 1 1 0 8 0
ucredpl 104 1227 0 1214 1 0 1 1 0 8 0
zombiepl 144 1371 0 1368 2 1 1 1 0 8 0
processpl 1152 1115 0 1051 5 0 5 5 0 8 0
procpl 664 2245 0 2164 8 1 7 7 0 8 0
sosppl 168 1 0 1 1 1 0 1 0 8 0
sockpl 552 1146 0 1109 12 4 8 8 0 8 5
mcl64k 65536 58 0 58 3 2 1 1 0 8 1
mcl16k 16384 1 0 1 1 0 1 1 0 8 1
mcl12k 12288 1 0 1 1 0 1 1 0 8 1
mcl9k 9216 2 0 2 1 1 0 1 0 8 0
mcl8k 8192 19 0 19 3 2 1 1 0 8 1
mcl4k 4096 3358 0 3306 15 7 8 13 0 8 1
mcl2k2 2112 1 0 1 1 0 1 1 0 8 1
mcl2k 2048 1083 0 1078 9 1 8 9 0 8 7
mtagpl 96 10 0 7 1 0 1 1 0 8 0
mbufpl 256 11360 0 11192 45 22 23 40 0 8 7
bufpl 280 7669 0 1441 446 0 446 446 0 8 0
anonpl 24 185585 0 181884 70 22 48 48 0 187 15
amapchunkpl 152 30503 0 29987 51 14 37 37 0 158 14
amappl16 200 3872 0 3837 41 30 11 15 0 8 8
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 113 0 103 1 0 1 1 0 8 0
amappl13 176 2 0 2 1 1 0 1 0 8 0
amappl12 168 1722 0 1692 3 1 2 3 0 8 0
amappl11 160 45 0 35 1 0 1 1 0 8 0
amappl10 152 9 0 9 1 1 0 1 0 8 0
amappl9 144 248 0 248 1 1 0 1 0 8 0
amappl8 136 20 0 18 1 0 1 1 0 8 0
amappl7 128 105 0 95 1 0 1 1 0 8 0
amappl6 120 199 0 195 1 0 1 1 0 8 0
amappl5 112 117 0 110 1 0 1 1 0 8 0
amappl4 104 272 0 255 1 0 1 1 0 8 0
amappl3 96 5083 0 4989 3 0 3 3 0 8 0
amappl2 88 1318 0 1246 2 0 2 2 0 8 0
amappl1 80 11078 0 10516 14 0 14 14 0 8 0
amappl 88 8171 0 7999 6 1 5 5 0 92 0
dma4096 4096 2 0 2 2 1 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 256 0 256 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 24 0 2 1 0 1 1 0 8 0
uaddrrnd 24 1078 0 1048 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1078 0 1048 1 0 1 1 0 8 0
vmmpekpl 168 9851 0 9798 3 0 3 3 0 8 0
vmmpepl 168 73137 0 71205 106 10 96 96 0 357 10
vmsppl 368 1077 0 1048 4 1 3 4 0 8 0
rwobjpl 40 24979 0 20715 45 1 44 44 0 8 0
pdppl 4096 2162 0 2096 114 48 66 82 0 8 0
pvpl 32 490283 0 481204 152 37 115 119 0 265 26
pmappl 216 1077 0 1048 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 436 0 90 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
malloc(10,62,2) at malloc+0x7cf sys/kern/kern_malloc.c:290
amap_alloc1(20,2,0) at amap_alloc1+0x291 sys/uvm/uvm_amap.c:353
amap_alloc(20000,2,0) at amap_alloc+0xad sys/uvm/uvm_amap.c:-1
amap_copy(fffffd80635d1e78,fffffd805dc27c30,2,0,5222a7d0000,5222a7d0001) at amap_copy+0x6ac sys/uvm/uvm_amap.c:569
uvm_fault_check(ffff80003118f5f0,ffff80003118f628,ffff80003118f660,0) at uvm_fault_check+0x457 sys/uvm/uvm_fault.c:753
uvm_fault(fffffd80635d1e78,5222a7d0000,0,2) at uvm_fault+0xe6 sys/uvm/uvm_fault.c:633
upageflttrap(ffff80003118f780,5222a7d0088) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80003118f780) at usertrap+0x3aa sys/arch/amd64/amd64/trap.c:603
recall_trap() at recall_trap+0x8
end trace frame: 0x0, count: -9
ddb> machine ddbcpu 1
No such command
ddb> trace
malloc(10,62,2) at malloc+0x7cf sys/kern/kern_malloc.c:290
amap_alloc1(20,2,0) at amap_alloc1+0x291 sys/uvm/uvm_amap.c:353
amap_alloc(20000,2,0) at amap_alloc+0xad sys/uvm/uvm_amap.c:-1
amap_copy(fffffd80635d1e78,fffffd805dc27c30,2,0,5222a7d0000,5222a7d0001) at amap_copy+0x6ac sys/uvm/uvm_amap.c:569
uvm_fault_check(ffff80003118f5f0,ffff80003118f628,ffff80003118f660,0) at uvm_fault_check+0x457 sys/uvm/uvm_fault.c:753
uvm_fault(fffffd80635d1e78,5222a7d0000,0,2) at uvm_fault+0xe6 sys/uvm/uvm_fault.c:633
upageflttrap(ffff80003118f780,5222a7d0088) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80003118f780) at usertrap+0x3aa sys/arch/amd64/amd64/trap.c:603
recall_trap() at recall_trap+0x8
end trace frame: 0x0, count: -9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages