uvm_fault: ffs_fragextend (3)
0 views
Skip to first unread message
syzbot
Apr 3, 2026, 5:43:24 AM (3 days ago) Apr 3
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: de6be2070bf6 rpki-client: const correct cert extension han..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=119f1d02580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=6f27cb4c13d33a9fdb4a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7f8e9070eeed/disk-de6be207.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/b4883cbb4d15/bsd-de6be207.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/25e762707c72/kernel-de6be207.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6f27cb...@syzkaller.appspotmail.com
uvm_fault(0xffffffff83ac4c10, 0xffff800013c42004, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at ffs_fragextend+0x1c8: movl 0x4(%rbx),%r14d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
154816 73832 77 0x100012 0x1 1 dhcpleased
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 sys/ufs/ffs/ffs_alloc.c:890
ffs_realloccg(fffffd806ea3a890,0,336e5,3800,4000,fffffd80097fd410,c399a9b1803f6987,fffffd806c72a270) at ffs_realloccg+0x53a sys/ufs/ffs/ffs_alloc.c:225
ffs2_balloc(fffffd806ea3a890,3800,40,fffffd80097fd410,1,ffff80002a2e65b8) at ffs2_balloc+0x54d sys/ufs/ffs/ffs_balloc.c:516
ffs_write(ffff80002a2e6640) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd807a8e4d88,ffff80002a2e66d8,23,fffffd80097fd410) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_rdwr(1,fffffd807a8e4d88,ffff80002a2e6810,40,0,1,b0907df4045ecbca,0,a,1840) at vn_rdwr+0x12d sys/kern/vfs_vnops.c:324
acct_process(ffff8000ffffd760) at acct_process+0x7a2 sys/kern/kern_acct.c:245
exit1(ffff8000ffffd760,1,0,1) at exit1+0x5c4 sys/kern/kern_exit.c:228
sys_exit(ffff8000ffffd760,ffff80002a2e6a50,ffff80002a2e69a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a2e6a50) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2e6a50) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x739299f31b40, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xffffffff83ac4c10, 0xffff800013c42004, 0, 1) -> d
ddb{0}> trace
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 sys/ufs/ffs/ffs_alloc.c:890
ffs_realloccg(fffffd806ea3a890,0,336e5,3800,4000,fffffd80097fd410,c399a9b1803f6987,fffffd806c72a270) at ffs_realloccg+0x53a sys/ufs/ffs/ffs_alloc.c:225
ffs2_balloc(fffffd806ea3a890,3800,40,fffffd80097fd410,1,ffff80002a2e65b8) at ffs2_balloc+0x54d sys/ufs/ffs/ffs_balloc.c:516
ffs_write(ffff80002a2e6640) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd807a8e4d88,ffff80002a2e66d8,23,fffffd80097fd410) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_rdwr(1,fffffd807a8e4d88,ffff80002a2e6810,40,0,1,b0907df4045ecbca,0,a,1840) at vn_rdwr+0x12d sys/kern/vfs_vnops.c:324
acct_process(ffff8000ffffd760) at acct_process+0x7a2 sys/kern/kern_acct.c:245
exit1(ffff8000ffffd760,1,0,1) at exit1+0x5c4 sys/kern/kern_exit.c:228
sys_exit(ffff8000ffffd760,ffff80002a2e6a50,ffff80002a2e69a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a2e6a50) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2e6a50) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x739299f31b40, count: -11
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a2e62e0
rbx 0xffff800013c42000
rdx 0
rcx 0xffff8000ffffd760
rax 0xfffffd806f3339e8
r8 0xffffffffffffffff
r9 0x3c150 acpi_pdirpa+0x27fc1
r10 0xffff80002a2e64b8
r11 0x8baca5c2cbacfc79
r12 0x8
r13 0xffff800000c31800
r14 0
r15 0xffff800000c31800
rip 0xffffffff814549f8 ffs_fragextend+0x1c8
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a2e6210
ss 0x10
ffs_fragextend+0x1c8: movl 0x4(%rbx),%r14d
ddb{0}> show proc
PROC (syz-executor) tid=310278 pid=57063 tcnt=0 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
runpri=32, usrpri=81, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=1
forw=0xffffffffffffffff, list=0xffff80002a2422a8,0xffff80003c3dfcc0
process=0xffff8000ffff39d0 user=0xffff80002a2e1000, vmspace=0xfffffd800b063988
estcpu=31, cpticks=9, pctcpu=0.0, user=0, sys=2, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
12351 482161 1 0 3 0x100083 ttyin getty
99724 284204 0 0 3 0x14200 acct acct
11034 256372 33859 0 3 0x82 wait syz-executor
33859 231675 81330 0 3 0x10008a sigsusp ksh
81330 254148 35202 0 3 0x98 kqread sshd-session
35202 87843 62584 0 3 0x92 kqread sshd-session
62584 479398 1 0 3 0x88 kqread sshd
1658 494940 65826 74 3 0x1100092 bpf pflogd
65826 281365 1 0 3 0x80 sbwait pflogd
70971 263466 99805 73 3 0x1100090 kqread syslogd
99805 312286 1 0 3 0x100082 sbwait syslogd
62450 265601 1 0 3 0x100080 kqread resolvd
73832 154816 81883 77 7 0x100013 dhcpleased
73457 22592 81883 77 3 0x100092 kqread dhcpleased
81883 275341 1 0 3 0x80 kqread dhcpleased
50383 65661 0 0 3 0x14200 bored smr
11079 294507 0 0 2 0x14200 zerothread
62759 373538 0 0 3 0x14200 aiodoned aiodoned
57407 323736 0 0 3 0x14200 syncer update
59017 224641 0 0 3 0x14200 cleaner cleaner
78682 398821 0 0 3 0x14200 reaper reaper
37602 232710 0 0 3 0x14200 pgdaemon pagedaemon
61259 376033 0 0 3 0x14200 bored viomb
58718 181568 0 0 3 0x40014200 acpi0 acpi0
13711 373534 0 0 3 0x40014200 idle1
49716 430624 0 0 3 0x14200 bored softnet1
22631 177033 0 0 2 0x14200 softnet0
18934 329898 0 0 3 0x14200 smrbar systqmp
66512 233780 0 0 3 0x14200 bored systq
80882 232674 0 0 3 0x14200 tmoslp softclockmp
21987 263680 0 0 3 0x40014200 tmoslp softclock
56324 239880 0 0 3 0x40014200 idle0
1 255984 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
Process 22631 (softnet0) thread 0xffff8000ffffe7c8 (177033)
shared rwlock softnet0 r = 0 (0xffff80000002c078)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 taskq_thread+0x12a sys/kern/kern_task.c:442
#2 proc_trampoline+0x10
Process 18934 (systqmp) thread 0xffff8000ffffea60 (329898)
shared rwlock systqmp r = 0 (0xffffffff83878428)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 taskq_thread+0x12a sys/kern/kern_task.c:442
#2 proc_trampoline+0x10
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11042 12136K 12478K 166960K 12710 0
pcb 17 14K 16K 166960K 158 0
rtable 64 4K 9K 166960K 504 0
pf 23 16K 23K 166960K 120 0
ifaddr 12 1K 8K 166960K 81 0
ifgroup 22 1K 2K 166960K 121 0
sysctl 3 1K 9K 166960K 10 0
counters 54 35K 38K 166960K 128 0
ioctlops 0 0K 4K 166960K 1652 0
iov 0 0K 16K 166960K 18 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1386 87K 88K 166960K 1907 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 6 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 48 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 2 1K 93K 166960K 567 0
sigio 0 0K 0K 166960K 8 0
proc 72 115K 180K 166960K 681 0
subproc 0 0K 4K 166960K 99 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 69 0
in_multi 11 0K 7K 166960K 145 0
ether_multi 1 0K 0K 166960K 2 0
mrt 0 0K 0K 166960K 23 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 477 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 128 99K 185K 166960K 6822 0
UVM aobj 14 2K 2K 166960K 14 0
pinsyscall 28 56K 106K 166960K 1820 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 30 0
NDP 4 0K 1K 166960K 53 0
temp 22 9079K 9151K 166960K 19881 0
kqueue 13 20K 32K 166960K 113 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 59 0 56 1 0 1 1 0 8 0
rtentry 176 157 0 142 6 1 5 6 0 8 1
unpcb 144 396 0 379 6 0 6 6 0 8 5
syncache 336 6 0 6 1 0 1 1 0 8 1
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 736 87 0 82 1 0 1 1 0 8 0
arp 136 24 0 22 1 0 1 1 0 8 0
inpcb 328 418 0 410 7 2 5 7 0 8 4
nd6 152 35 0 35 1 0 1 1 0 8 1
pkpcb 40 2 0 2 1 0 1 1 0 8 1
kcovpl 48 11 0 11 1 0 1 1 0 8 1
ppxss 1192 18 0 18 1 0 1 1 0 8 1
pppxif 1576 5 0 5 1 0 1 1 0 8 1
pfstscr 40 3 0 3 1 0 1 1 0 8 1
pffrag 232 9 0 3 1 0 1 1 0 482 0
pffrnode 88 9 0 3 1 0 1 1 0 8 0
pffrent 40 16 0 9 1 0 1 1 0 8 0
pfosfp 40 1429 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1429 0 714 21 0 21 21 0 8 0
pfrktable 1344 3 0 1 1 0 1 1 0 8 0
pfanchor 1288 1 0 0 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 320 1 0 1 1 0 1 1 0 8 1
pfstitem 24 64 0 0 1 0 1 1 0 8 0
pfstkey 128 71 0 8 3 0 3 3 0 8 0
pfstate 448 66 0 4 7 0 7 7 0 8 0
pfrule 1360 28 0 21 2 1 1 2 0 8 0
rttmr 136 3 0 3 1 0 1 1 0 8 1
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 640 0 506 29 3 26 29 0 8 12
art_table 40 642 0 506 5 0 5 5 0 8 0
art_node 32 157 0 126 1 0 1 1 0 8 0
sysvmsgpl 40 68 0 66 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 46 0 36 1 0 1 1 0 8 0
shmpl 112 11 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2292 0 828 93 0 93 93 0 8 0
ffsino 296 2300 0 836 114 0 114 114 0 8 0
nchpl 144 3044 0 1337 64 0 64 64 0 8 0
rtmask 32 4 0 4 1 0 1 1 0 8 1
vnodes 216 2798 0 0 156 0 156 156 0 8 0
namei 1024 10370 0 10370 1 0 1 1 0 8 1
percpumem 16 79 0 37 1 0 1 1 0 8 0
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
kstatmem 264 64 0 54 4 1 3 3 0 8 2
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 3 0 3 1 0 1 1 0 8 1
scxspl 216 20780 0 20780 11 3 8 8 1 8 8
plimitpl 152 146 0 129 1 0 1 1 0 8 0
sigapl 424 882 0 841 7 1 6 7 0 8 0
knotepl 120 354 0 0 11 0 11 11 0 8 0
kqueuepl 224 281 0 272 5 0 5 5 0 8 4
pipepl 344 198 0 171 6 0 6 6 0 8 3
fdescpl 528 864 0 848 3 0 3 3 0 8 0
filepl 160 4685 0 4581 19 0 19 19 0 8 7
lockfpl 104 342 0 340 2 1 1 2 0 8 0
lockfspl 48 163 0 161 1 0 1 1 0 8 0
sessionpl 144 43 0 34 1 0 1 1 0 8 0
pgrppl 48 57 0 40 1 0 1 1 0 8 0
ucredpl 104 486 0 473 1 0 1 1 0 8 0
zombiepl 144 849 0 841 1 0 1 1 0 8 0
processpl 1232 882 0 841 5 1 4 5 0 8 0
procpl 664 1547 0 1506 6 0 6 6 0 8 0
sosppl 176 4 0 4 1 0 1 1 0 8 1
sockpl 752 879 0 851 17 6 11 17 0 8 8
mcl64k 65536 8 0 0 1 0 1 1 0 8 0
mcl16k 16384 4 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 116 0 0 15 0 15 15 0 8 0
mcl2k 2048 49 0 0 7 0 7 7 0 8 0
mtagpl 96 10 0 0 1 0 1 1 0 8 0
mbufpl 256 259 0 0 17 0 17 17 0 8 0
bufpl 280 11134 0 3372 555 0 555 555 0 8 0
anonpl 32 13487 0 0 109 0 109 109 0 246 0
amapchunkpl 152 21863 0 21678 32 0 32 32 0 158 17
amappl16 200 3508 0 3499 38 14 24 33 0 8 21
amappl15 192 4 0 4 1 1 0 1 0 8 0
amappl14 184 466 0 465 1 0 1 1 0 8 0
amappl13 176 140 0 127 1 0 1 1 0 8 0
amappl12 168 1145 0 1129 2 0 2 2 0 8 0
amappl11 160 9 0 9 1 1 0 1 0 8 0
amappl10 152 66 0 51 1 0 1 1 0 8 0
amappl9 144 267 0 267 1 1 0 1 0 8 0
amappl8 136 118 0 115 1 0 1 1 0 8 0
amappl7 128 196 0 183 1 0 1 1 0 8 0
amappl6 120 194 0 192 1 0 1 1 0 8 0
amappl5 112 102 0 91 1 0 1 1 0 8 0
amappl4 104 350 0 329 1 0 1 1 0 8 0
amappl3 96 4180 0 4135 4 0 4 4 0 8 1
amappl2 88 594 0 532 2 0 2 2 0 8 0
amappl1 80 12722 0 12187 17 1 16 17 0 8 2
amappl 88 5969 0 5905 5 0 5 5 0 92 0
uvmvnodes 80 112 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 2 1 1 1 0 8 1
dma128 128 256 0 256 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 13 0 0 1 0 1 1 0 8 0
uaddrrnd 24 864 0 847 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 864 0 847 1 0 1 1 0 8 0
vmmpekpl 168 9362 0 9321 3 0 3 3 0 8 0
vmmpepl 168 64770 0 63514 113 0 113 113 0 357 29
vmsppl 488 863 0 847 5 0 5 5 0 8 1
rwobjpl 80 21316 0 20474 36 1 35 35 0 8 6
pdppl 4096 1735 0 1694 109 44 65 85 0 8 24
pvpl 32 20174 0 0 163 0 163 163 0 265 0
pmappl 256 863 0 847 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 297 0 50 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 sys/ufs/ffs/ffs_alloc.c:890
ffs_realloccg(fffffd806ea3a890,0,336e5,3800,4000,fffffd80097fd410,c399a9b1803f6987,fffffd806c72a270) at ffs_realloccg+0x53a sys/ufs/ffs/ffs_alloc.c:225
ffs2_balloc(fffffd806ea3a890,3800,40,fffffd80097fd410,1,ffff80002a2e65b8) at ffs2_balloc+0x54d sys/ufs/ffs/ffs_balloc.c:516
ffs_write(ffff80002a2e6640) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd807a8e4d88,ffff80002a2e66d8,23,fffffd80097fd410) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_rdwr(1,fffffd807a8e4d88,ffff80002a2e6810,40,0,1,b0907df4045ecbca,0,a,1840) at vn_rdwr+0x12d sys/kern/vfs_vnops.c:324
acct_process(ffff8000ffffd760) at acct_process+0x7a2 sys/kern/kern_acct.c:245
exit1(ffff8000ffffd760,1,0,1) at exit1+0x5c4 sys/kern/kern_exit.c:228
sys_exit(ffff8000ffffd760,ffff80002a2e6a50,ffff80002a2e69a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a2e6a50) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2e6a50) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x739299f31b40, count: -11
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299bdff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83aabd00) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83aabd00) at __mp_lock+0x192 sys/kern/kern_lock.c:173
ktrsyscall(ffff80002a2427d8,79,18,ffff80002a27a3c0) at ktrsyscall+0x2c7 ktrwrite sys/kern/kern_ktrace.c:-1 [inline]
ktrsyscall(ffff80002a2427d8,79,18,ffff80002a27a3c0) at ktrsyscall+0x2c7 sys/kern/kern_ktrace.c:183
syscall(ffff80002a27a3c0) at syscall+0x305 mi_syscall sys/sys/syscall_mi.h:154 [inline]
syscall(ffff80002a27a3c0) at syscall+0x305 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7ac9b45e10f0, count: 8
ddb{1}> trace
x86_ipi_db(ffff8000299bdff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83aabd00) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83aabd00) at __mp_lock+0x192 sys/kern/kern_lock.c:173
ktrsyscall(ffff80002a2427d8,79,18,ffff80002a27a3c0) at ktrsyscall+0x2c7 ktrwrite sys/kern/kern_ktrace.c:-1 [inline]
ktrsyscall(ffff80002a2427d8,79,18,ffff80002a27a3c0) at ktrsyscall+0x2c7 sys/kern/kern_ktrace.c:183
syscall(ffff80002a27a3c0) at syscall+0x305 mi_syscall sys/sys/syscall_mi.h:154 [inline]
syscall(ffff80002a27a3c0) at syscall+0x305 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7ac9b45e10f0, count: -7
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: de6be2070bf6 rpki-client: const correct cert extension han..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=119f1d02580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=6f27cb4c13d33a9fdb4a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7f8e9070eeed/disk-de6be207.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/b4883cbb4d15/bsd-de6be207.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/25e762707c72/kernel-de6be207.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6f27cb...@syzkaller.appspotmail.com
uvm_fault(0xffffffff83ac4c10, 0xffff800013c42004, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at ffs_fragextend+0x1c8: movl 0x4(%rbx),%r14d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
154816 73832 77 0x100012 0x1 1 dhcpleased
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 sys/ufs/ffs/ffs_alloc.c:890
ffs_realloccg(fffffd806ea3a890,0,336e5,3800,4000,fffffd80097fd410,c399a9b1803f6987,fffffd806c72a270) at ffs_realloccg+0x53a sys/ufs/ffs/ffs_alloc.c:225
ffs2_balloc(fffffd806ea3a890,3800,40,fffffd80097fd410,1,ffff80002a2e65b8) at ffs2_balloc+0x54d sys/ufs/ffs/ffs_balloc.c:516
ffs_write(ffff80002a2e6640) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd807a8e4d88,ffff80002a2e66d8,23,fffffd80097fd410) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_rdwr(1,fffffd807a8e4d88,ffff80002a2e6810,40,0,1,b0907df4045ecbca,0,a,1840) at vn_rdwr+0x12d sys/kern/vfs_vnops.c:324
acct_process(ffff8000ffffd760) at acct_process+0x7a2 sys/kern/kern_acct.c:245
exit1(ffff8000ffffd760,1,0,1) at exit1+0x5c4 sys/kern/kern_exit.c:228
sys_exit(ffff8000ffffd760,ffff80002a2e6a50,ffff80002a2e69a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a2e6a50) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2e6a50) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x739299f31b40, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xffffffff83ac4c10, 0xffff800013c42004, 0, 1) -> d
ddb{0}> trace
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 sys/ufs/ffs/ffs_alloc.c:890
ffs_realloccg(fffffd806ea3a890,0,336e5,3800,4000,fffffd80097fd410,c399a9b1803f6987,fffffd806c72a270) at ffs_realloccg+0x53a sys/ufs/ffs/ffs_alloc.c:225
ffs2_balloc(fffffd806ea3a890,3800,40,fffffd80097fd410,1,ffff80002a2e65b8) at ffs2_balloc+0x54d sys/ufs/ffs/ffs_balloc.c:516
ffs_write(ffff80002a2e6640) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd807a8e4d88,ffff80002a2e66d8,23,fffffd80097fd410) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_rdwr(1,fffffd807a8e4d88,ffff80002a2e6810,40,0,1,b0907df4045ecbca,0,a,1840) at vn_rdwr+0x12d sys/kern/vfs_vnops.c:324
acct_process(ffff8000ffffd760) at acct_process+0x7a2 sys/kern/kern_acct.c:245
exit1(ffff8000ffffd760,1,0,1) at exit1+0x5c4 sys/kern/kern_exit.c:228
sys_exit(ffff8000ffffd760,ffff80002a2e6a50,ffff80002a2e69a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a2e6a50) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2e6a50) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x739299f31b40, count: -11
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a2e62e0
rbx 0xffff800013c42000
rdx 0
rcx 0xffff8000ffffd760
rax 0xfffffd806f3339e8
r8 0xffffffffffffffff
r9 0x3c150 acpi_pdirpa+0x27fc1
r10 0xffff80002a2e64b8
r11 0x8baca5c2cbacfc79
r12 0x8
r13 0xffff800000c31800
r14 0
r15 0xffff800000c31800
rip 0xffffffff814549f8 ffs_fragextend+0x1c8
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a2e6210
ss 0x10
ffs_fragextend+0x1c8: movl 0x4(%rbx),%r14d
ddb{0}> show proc
PROC (syz-executor) tid=310278 pid=57063 tcnt=0 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
runpri=32, usrpri=81, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=1
forw=0xffffffffffffffff, list=0xffff80002a2422a8,0xffff80003c3dfcc0
process=0xffff8000ffff39d0 user=0xffff80002a2e1000, vmspace=0xfffffd800b063988
estcpu=31, cpticks=9, pctcpu=0.0, user=0, sys=2, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
12351 482161 1 0 3 0x100083 ttyin getty
99724 284204 0 0 3 0x14200 acct acct
11034 256372 33859 0 3 0x82 wait syz-executor
33859 231675 81330 0 3 0x10008a sigsusp ksh
81330 254148 35202 0 3 0x98 kqread sshd-session
35202 87843 62584 0 3 0x92 kqread sshd-session
62584 479398 1 0 3 0x88 kqread sshd
1658 494940 65826 74 3 0x1100092 bpf pflogd
65826 281365 1 0 3 0x80 sbwait pflogd
70971 263466 99805 73 3 0x1100090 kqread syslogd
99805 312286 1 0 3 0x100082 sbwait syslogd
62450 265601 1 0 3 0x100080 kqread resolvd
73832 154816 81883 77 7 0x100013 dhcpleased
73457 22592 81883 77 3 0x100092 kqread dhcpleased
81883 275341 1 0 3 0x80 kqread dhcpleased
50383 65661 0 0 3 0x14200 bored smr
11079 294507 0 0 2 0x14200 zerothread
62759 373538 0 0 3 0x14200 aiodoned aiodoned
57407 323736 0 0 3 0x14200 syncer update
59017 224641 0 0 3 0x14200 cleaner cleaner
78682 398821 0 0 3 0x14200 reaper reaper
37602 232710 0 0 3 0x14200 pgdaemon pagedaemon
61259 376033 0 0 3 0x14200 bored viomb
58718 181568 0 0 3 0x40014200 acpi0 acpi0
13711 373534 0 0 3 0x40014200 idle1
49716 430624 0 0 3 0x14200 bored softnet1
22631 177033 0 0 2 0x14200 softnet0
18934 329898 0 0 3 0x14200 smrbar systqmp
66512 233780 0 0 3 0x14200 bored systq
80882 232674 0 0 3 0x14200 tmoslp softclockmp
21987 263680 0 0 3 0x40014200 tmoslp softclock
56324 239880 0 0 3 0x40014200 idle0
1 255984 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
Process 22631 (softnet0) thread 0xffff8000ffffe7c8 (177033)
shared rwlock softnet0 r = 0 (0xffff80000002c078)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 taskq_thread+0x12a sys/kern/kern_task.c:442
#2 proc_trampoline+0x10
Process 18934 (systqmp) thread 0xffff8000ffffea60 (329898)
shared rwlock systqmp r = 0 (0xffffffff83878428)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 taskq_thread+0x12a sys/kern/kern_task.c:442
#2 proc_trampoline+0x10
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11042 12136K 12478K 166960K 12710 0
pcb 17 14K 16K 166960K 158 0
rtable 64 4K 9K 166960K 504 0
pf 23 16K 23K 166960K 120 0
ifaddr 12 1K 8K 166960K 81 0
ifgroup 22 1K 2K 166960K 121 0
sysctl 3 1K 9K 166960K 10 0
counters 54 35K 38K 166960K 128 0
ioctlops 0 0K 4K 166960K 1652 0
iov 0 0K 16K 166960K 18 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1386 87K 88K 166960K 1907 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 6 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 48 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 2 1K 93K 166960K 567 0
sigio 0 0K 0K 166960K 8 0
proc 72 115K 180K 166960K 681 0
subproc 0 0K 4K 166960K 99 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 69 0
in_multi 11 0K 7K 166960K 145 0
ether_multi 1 0K 0K 166960K 2 0
mrt 0 0K 0K 166960K 23 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 477 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 128 99K 185K 166960K 6822 0
UVM aobj 14 2K 2K 166960K 14 0
pinsyscall 28 56K 106K 166960K 1820 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 30 0
NDP 4 0K 1K 166960K 53 0
temp 22 9079K 9151K 166960K 19881 0
kqueue 13 20K 32K 166960K 113 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 59 0 56 1 0 1 1 0 8 0
rtentry 176 157 0 142 6 1 5 6 0 8 1
unpcb 144 396 0 379 6 0 6 6 0 8 5
syncache 336 6 0 6 1 0 1 1 0 8 1
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 736 87 0 82 1 0 1 1 0 8 0
arp 136 24 0 22 1 0 1 1 0 8 0
inpcb 328 418 0 410 7 2 5 7 0 8 4
nd6 152 35 0 35 1 0 1 1 0 8 1
pkpcb 40 2 0 2 1 0 1 1 0 8 1
kcovpl 48 11 0 11 1 0 1 1 0 8 1
ppxss 1192 18 0 18 1 0 1 1 0 8 1
pppxif 1576 5 0 5 1 0 1 1 0 8 1
pfstscr 40 3 0 3 1 0 1 1 0 8 1
pffrag 232 9 0 3 1 0 1 1 0 482 0
pffrnode 88 9 0 3 1 0 1 1 0 8 0
pffrent 40 16 0 9 1 0 1 1 0 8 0
pfosfp 40 1429 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1429 0 714 21 0 21 21 0 8 0
pfrktable 1344 3 0 1 1 0 1 1 0 8 0
pfanchor 1288 1 0 0 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 320 1 0 1 1 0 1 1 0 8 1
pfstitem 24 64 0 0 1 0 1 1 0 8 0
pfstkey 128 71 0 8 3 0 3 3 0 8 0
pfstate 448 66 0 4 7 0 7 7 0 8 0
pfrule 1360 28 0 21 2 1 1 2 0 8 0
rttmr 136 3 0 3 1 0 1 1 0 8 1
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 640 0 506 29 3 26 29 0 8 12
art_table 40 642 0 506 5 0 5 5 0 8 0
art_node 32 157 0 126 1 0 1 1 0 8 0
sysvmsgpl 40 68 0 66 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 46 0 36 1 0 1 1 0 8 0
shmpl 112 11 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2292 0 828 93 0 93 93 0 8 0
ffsino 296 2300 0 836 114 0 114 114 0 8 0
nchpl 144 3044 0 1337 64 0 64 64 0 8 0
rtmask 32 4 0 4 1 0 1 1 0 8 1
vnodes 216 2798 0 0 156 0 156 156 0 8 0
namei 1024 10370 0 10370 1 0 1 1 0 8 1
percpumem 16 79 0 37 1 0 1 1 0 8 0
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
kstatmem 264 64 0 54 4 1 3 3 0 8 2
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 3 0 3 1 0 1 1 0 8 1
scxspl 216 20780 0 20780 11 3 8 8 1 8 8
plimitpl 152 146 0 129 1 0 1 1 0 8 0
sigapl 424 882 0 841 7 1 6 7 0 8 0
knotepl 120 354 0 0 11 0 11 11 0 8 0
kqueuepl 224 281 0 272 5 0 5 5 0 8 4
pipepl 344 198 0 171 6 0 6 6 0 8 3
fdescpl 528 864 0 848 3 0 3 3 0 8 0
filepl 160 4685 0 4581 19 0 19 19 0 8 7
lockfpl 104 342 0 340 2 1 1 2 0 8 0
lockfspl 48 163 0 161 1 0 1 1 0 8 0
sessionpl 144 43 0 34 1 0 1 1 0 8 0
pgrppl 48 57 0 40 1 0 1 1 0 8 0
ucredpl 104 486 0 473 1 0 1 1 0 8 0
zombiepl 144 849 0 841 1 0 1 1 0 8 0
processpl 1232 882 0 841 5 1 4 5 0 8 0
procpl 664 1547 0 1506 6 0 6 6 0 8 0
sosppl 176 4 0 4 1 0 1 1 0 8 1
sockpl 752 879 0 851 17 6 11 17 0 8 8
mcl64k 65536 8 0 0 1 0 1 1 0 8 0
mcl16k 16384 4 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 116 0 0 15 0 15 15 0 8 0
mcl2k 2048 49 0 0 7 0 7 7 0 8 0
mtagpl 96 10 0 0 1 0 1 1 0 8 0
mbufpl 256 259 0 0 17 0 17 17 0 8 0
bufpl 280 11134 0 3372 555 0 555 555 0 8 0
anonpl 32 13487 0 0 109 0 109 109 0 246 0
amapchunkpl 152 21863 0 21678 32 0 32 32 0 158 17
amappl16 200 3508 0 3499 38 14 24 33 0 8 21
amappl15 192 4 0 4 1 1 0 1 0 8 0
amappl14 184 466 0 465 1 0 1 1 0 8 0
amappl13 176 140 0 127 1 0 1 1 0 8 0
amappl12 168 1145 0 1129 2 0 2 2 0 8 0
amappl11 160 9 0 9 1 1 0 1 0 8 0
amappl10 152 66 0 51 1 0 1 1 0 8 0
amappl9 144 267 0 267 1 1 0 1 0 8 0
amappl8 136 118 0 115 1 0 1 1 0 8 0
amappl7 128 196 0 183 1 0 1 1 0 8 0
amappl6 120 194 0 192 1 0 1 1 0 8 0
amappl5 112 102 0 91 1 0 1 1 0 8 0
amappl4 104 350 0 329 1 0 1 1 0 8 0
amappl3 96 4180 0 4135 4 0 4 4 0 8 1
amappl2 88 594 0 532 2 0 2 2 0 8 0
amappl1 80 12722 0 12187 17 1 16 17 0 8 2
amappl 88 5969 0 5905 5 0 5 5 0 92 0
uvmvnodes 80 112 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 2 1 1 1 0 8 1
dma128 128 256 0 256 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 13 0 0 1 0 1 1 0 8 0
uaddrrnd 24 864 0 847 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 864 0 847 1 0 1 1 0 8 0
vmmpekpl 168 9362 0 9321 3 0 3 3 0 8 0
vmmpepl 168 64770 0 63514 113 0 113 113 0 357 29
vmsppl 488 863 0 847 5 0 5 5 0 8 1
rwobjpl 80 21316 0 20474 36 1 35 35 0 8 6
pdppl 4096 1735 0 1694 109 44 65 85 0 8 24
pvpl 32 20174 0 0 163 0 163 163 0 265 0
pmappl 256 863 0 847 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 297 0 50 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_fragextend(fffffd806ea3a890,2,3c150,3800,4000) at ffs_fragextend+0x1c8 sys/ufs/ffs/ffs_alloc.c:890
ffs_realloccg(fffffd806ea3a890,0,336e5,3800,4000,fffffd80097fd410,c399a9b1803f6987,fffffd806c72a270) at ffs_realloccg+0x53a sys/ufs/ffs/ffs_alloc.c:225
ffs2_balloc(fffffd806ea3a890,3800,40,fffffd80097fd410,1,ffff80002a2e65b8) at ffs2_balloc+0x54d sys/ufs/ffs/ffs_balloc.c:516
ffs_write(ffff80002a2e6640) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd807a8e4d88,ffff80002a2e66d8,23,fffffd80097fd410) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_rdwr(1,fffffd807a8e4d88,ffff80002a2e6810,40,0,1,b0907df4045ecbca,0,a,1840) at vn_rdwr+0x12d sys/kern/vfs_vnops.c:324
acct_process(ffff8000ffffd760) at acct_process+0x7a2 sys/kern/kern_acct.c:245
exit1(ffff8000ffffd760,1,0,1) at exit1+0x5c4 sys/kern/kern_exit.c:228
sys_exit(ffff8000ffffd760,ffff80002a2e6a50,ffff80002a2e69a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a2e6a50) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2e6a50) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x739299f31b40, count: -11
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299bdff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83aabd00) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83aabd00) at __mp_lock+0x192 sys/kern/kern_lock.c:173
ktrsyscall(ffff80002a2427d8,79,18,ffff80002a27a3c0) at ktrsyscall+0x2c7 ktrwrite sys/kern/kern_ktrace.c:-1 [inline]
ktrsyscall(ffff80002a2427d8,79,18,ffff80002a27a3c0) at ktrsyscall+0x2c7 sys/kern/kern_ktrace.c:183
syscall(ffff80002a27a3c0) at syscall+0x305 mi_syscall sys/sys/syscall_mi.h:154 [inline]
syscall(ffff80002a27a3c0) at syscall+0x305 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7ac9b45e10f0, count: 8
ddb{1}> trace
x86_ipi_db(ffff8000299bdff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83aabd00) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83aabd00) at __mp_lock+0x192 sys/kern/kern_lock.c:173
ktrsyscall(ffff80002a2427d8,79,18,ffff80002a27a3c0) at ktrsyscall+0x2c7 ktrwrite sys/kern/kern_ktrace.c:-1 [inline]
ktrsyscall(ffff80002a2427d8,79,18,ffff80002a27a3c0) at ktrsyscall+0x2c7 sys/kern/kern_ktrace.c:183
syscall(ffff80002a27a3c0) at syscall+0x305 mi_syscall sys/sys/syscall_mi.h:154 [inline]
syscall(ffff80002a27a3c0) at syscall+0x305 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7ac9b45e10f0, count: -7
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages