Hello,
syzbot found the following crash on:
HEAD commit: 6e31582a5a78 _dl_cerror is trivial on powerpc; just inline..
git tree: openbsd
console output:
https://syzkaller.appspot.com/x/log.txt?x=16bd7273400000
kernel config:
https://syzkaller.appspot.com/x/.config?x=3303344588104330
dashboard link:
https://syzkaller.appspot.com/bug?extid=03f7377a9848d7d008c9
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+03f737...@syzkaller.appspotmail.com
login: uvm_fault(0xfffffd807f00d9d8, 0x9f, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at wsmux_detach_sc+0xca: movq %rcx,0(%rax)
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xfffffd807f00d9d8, 0x9f, 0, 2) -> e
wsmux_detach_sc(3f2a36016d71fe5) at wsmux_detach_sc+0xca
sys/dev/wscons/wsmux.c:696
end trace frame: 0xffff800020ca2fb0, count: 0
ddb{1}> trace
wsmux_detach_sc(3f2a36016d71fe5) at wsmux_detach_sc+0xca
sys/dev/wscons/wsmux.c:696
wsmouseopen(6e873d895302cf10,ffff800020bbae28,ffff800020ca3020,1760) at
wsmouseopen+0xe5 sys/dev/wscons/wsmouse.c:325
spec_open(b59153f4a0f4384c) at spec_open+0x215 sys/kern/spec_vnops.c:158
VOP_OPEN(65ea782ac68aaa9e,ffff800020ca31d0,1,fffffd80701e53d0) at
VOP_OPEN+0x72 sys/kern/vfs_vops.c:153vn_open(704d6d45eaaabc49,1,1) at
vn_open+0x4c2
doopenat(f525f95fd7dd27c3,0,ffff800020bbae28,49ff0310218,0,50) at
doopenat+0x2b9 sys/kern/vfs_syscalls.c:1045
syscall(a6c67ce5500b32ed) at syscall+0x5a0 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(a6c67ce5500b32ed) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,ffffffffffffffa8,0,3,49dce636010) at Xsyscall+0x128
end of kernel
end trace frame: 0x49ff03102a0, count: -8
ddb{1}> show registers
rdi 0xffffffff8196b497 spllower+0x77
rsi 0x49a
rbp 0xffff800020ca2f70
rbx 0
rdx 0x49b
rcx 0xffffffffffffffff
rax 0x9f
r8 0xffffffff816da4a4 setrunnable+0x94
r9 0x5
r10 0x5939831ad1e193d9
r11 0x92fd97a6b86a473a
r12 0xffff800000026db8
r13 0x1760 __ALIGN_SIZE+0x760
r14 0xffff80000064dc00
r15 0x1
rip 0xffffffff816175fa wsmux_detach_sc+0xca
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff800020ca2f50
ss 0x10
wsmux_detach_sc+0xca: movq %rcx,0(%rax)
ddb{1}> show proc
PROC (syz-executor0) pid=54542 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=0, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020bbb788,0xffff800020bba988
process=0xffff800020b949e8 user=0xffff800020c9e000,
vmspace=0xfffffd807f00d9d8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
11912 87841 39629 0 7 0 syz-executor0
*11912 54542 39629 0 7 0x4000000 syz-executor0
11912 466219 39629 0 2 0x4000000 syz-executor0
88892 492482 1 0 3 0x100083 ttyin getty
67701 289219 0 0 3 0x14200 bored sosplice
64309 319622 18461 0 3 0x82 nanosleep syz-executor1
39629 476468 18461 0 3 0x82 nanosleep syz-executor0
18461 239031 26372 0 3 0x82 thrsleep syz-fuzzer
18461 111322 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 495282 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 511133 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 168426 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 521906 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 233989 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 477529 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 266092 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 160738 26372 0 3 0x4000082 kqread syz-fuzzer
26372 303931 64221 0 3 0x10008a pause ksh
64221 416112 55158 0 3 0x92 select sshd
55158 368058 1 0 3 0x80 select sshd
43769 71476 94456 73 2 0x100090 syslogd
94456 229086 1 0 3 0x100082 netio syslogd
11447 342876 1 77 3 0x100090 poll dhclient
27864 182249 1 0 3 0x80 poll dhclient
76302 35595 0 0 3 0x14200 pgzero zerothread
41768 42713 0 0 3 0x14200 aiodoned aiodoned
82146 440932 0 0 3 0x14200 syncer update
1446 103967 0 0 3 0x14200 cleaner cleaner
20092 76442 0 0 3 0x14200 reaper reaper
95173 227554 0 0 3 0x14200 pgdaemon pagedaemon
82630 332778 0 0 3 0x14200 bored crynlk
9656 239682 0 0 3 0x14200 bored crypto
77813 193064 0 0 3 0x40014200 acpi0 acpi0
93193 449702 0 0 3 0x40014200 idle1
47110 463150 0 0 3 0x14200 bored softnet
78680 27569 0 0 3 0x14200 bored systqmp
55030 221962 0 0 3 0x14200 bored systq
82454 403128 0 0 3 0x40014200 bored softclock
26311 510566 0 0 3 0x40014200 idle0
1 396845 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 11912 (syz-executor0) thread 0xffff800020bbae28 (54542)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822d6828) locked @
/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9524 6373K 6375K 78643K 11250 0 0
pcb 23 9K 10K 78643K 1112 0 0
rtable 100 3K 4K 78643K 372 0 0
ifaddr 54 13K 13K 78643K 175 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 2K 78643K 34 0 0
iov 0 0K 32K 78643K 240 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1196 75K 76K 78643K 2616 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 29 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 12 0K 0K 78643K 262 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1792 194K 288K 78643K 12592 0 0
file desc 5 13K 25K 78643K 2223 0 0
sigio 0 0K 0K 78643K 48 0 0
proc 42 38K 58K 78643K 634 0 0
subproc 64 65538K 67586K 78643K 85 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 301 0 0
in_multi 33 2K 2K 78643K 153 0 0
ether_multi 1 0K 0K 78643K 18 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 90 397K 397K 78643K 90 0 0
exec 0 0K 1K 78643K 351 0 0
pfkey data 0 0K 4K 78643K 3 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 100 21K 30K 78643K 7913 0 0
UVM aobj 101 3K 3K 78643K 118 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 54 0 0
NDP 11 0K 0K 78643K 47 0 0
temp 163 2367K 2435K 78643K 8593 0 0
kqueue 0 0K 0K 78643K 27 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 4 0 0 1 0 1 1 0
8 0
inpcbpl 280 959 0 952 1 0 1 1 0
8 0
plimitpl 152 47 0 40 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 41 0 1 2 0 2 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 359 0 355 1 0 1 1 0
8 0
nd6 48 4 0 0 1 0 1 1 0
8 0
ppxss 1128 27 0 27 8 7 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 185 0 0 12 0 12 12 0
8 0
art_table 32 186 0 0 2 0 2 2 0
8 0
art_node 16 40 0 6 1 0 1 1 0
8 0
sysvmsgpl 40 26 0 10 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 260 0 250 1 0 1 1 0
8 0
shmpl 112 116 0 17 3 0 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 5739 0 4320 46 0 46 46 0
8 0
ffsino 272 5739 0 4320 95 0 95 95 0
8 0
nchpl 144 9143 0 7567 60 1 59 60 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 200 5926 0 0 312 0 312 312 0
8 0
namei 1024 27745 0 27745 1 0 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
scsiplug 64 8 0 8 5 5 0 1 0
8 0
scxspl 192 25229 0 25229 14 11 3 6 0
8 3
sigapl 432 2395 0 2382 2 0 2 2 0
8 0
futexpl 56 26822 0 26822 1 0 1 1 0
8 1
knotepl 112 658 0 631 6 5 1 2 0
8 0
kqueuepl 104 720 0 718 1 0 1 1 0
8 0
pipepl 112 1570 0 1551 5 4 1 2 0
8 0
fdescpl 488 2396 0 2382 3 1 2 3 0
8 0
filepl 152 14974 0 14877 5 0 5 5 0
8 1
lockfpl 104 738 0 738 3 2 1 1 0
8 1
lockfspl 32 1039 0 1039 3 2 1 1 0
8 1
sessionpl 112 22 0 12 1 0 1 1 0
8 0
pgrppl 48 46 0 36 1 0 1 1 0
8 0
ucredpl 96 4592 0 4585 1 0 1 1 0
8 0
zombiepl 144 2382 0 2381 2 1 1 1 0
8 0
processpl 840 2411 0 2381 4 0 4 4 0
8 0
procpl 600 7216 0 7175 4 0 4 4 0
8 0
sosppl 128 45 0 45 10 9 1 1 0
8 1
sockpl 384 2013 0 1996 4 1 3 3 0
8 1
mcl64k 65536 525 0 0 65 17 48 65 0
8 0
mcl16k 16384 2 0 0 1 0 1 1 0
8 0
mcl12k 12288 17 0 0 2 0 2 2 0
8 0
mcl9k 9216 8 0 0 1 0 1 1 0
8 0
mcl8k 8192 11 0 0 2 0 2 2 0
8 0
mcl4k 4096 17 0 0 3 0 3 3 0
8 0
mcl2k2 2112 3 0 0 1 0 1 1 0
8 0
mcl2k 2048 127 0 0 15 2 13 15 0
8 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
mbufpl 256 644 0 0 37 0 37 37 0
8 0
bufpl 256 8510 0 1541 436 0 436 436 0
8 0
anonpl 16 249336 0 241619 107 59 48 48 0 125
12
amapchunkpl 152 14129 0 14041 28 17 11 11 0
158 6
amappl16 192 13146 0 12737 116 87 29 33 0
8 8
amappl15 184 1 0 0 1 0 1 1 0
8 0
amappl14 176 1106 0 1103 2 1 1 1 0
8 0
amappl13 168 24 0 20 1 0 1 1 0
8 0
amappl12 160 19 0 17 1 0 1 1 0
8 0
amappl11 152 186 0 176 1 0 1 1 0
8 0
amappl10 144 2275 0 2271 2 1 1 1 0
8 0
amappl9 136 349 0 347 1 0 1 1 0
8 0
amappl8 128 164 0 134 1 0 1 1 0
8 0
amappl7 120 32 0 27 1 0 1 1 0
8 0
amappl6 112 1139 0 1134 1 0 1 1 0
8 0
amappl5 104 142 0 130 1 0 1 1 0
8 0
amappl4 96 321 0 298 2 1 1 2 0
8 0
amappl3 88 223 0 218 1 0 1 1 0
8 0
amappl2 80 22729 0 22672 2 0 2 2 0
8 0
amappl1 72 59738 0 59320 22 12 10 18 0
8 0
amappl 72 7463 0 7429 1 0 1 1 0
75 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 117 0 17 2 0 2 2 0
8 0
uaddrrnd 24 2396 0 2382 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2396 0 2382 1 0 1 1 0
8 0
vmmpekpl 168 25442 0 25420 2 0 2 2 0
8 0
vmmpepl 168 261109 0 259740 139 65 74 75 0 357
10
vmsppl 360 2395 0 2382 2 0 2 2 0
8 0
pdppl 4096 4799 0 4764 6 1 5 6 0
8 0
pvpl 32 689218 0 678501 218 92 126 132 0 265
34
pmappl 224 2395 0 2382 1 0 1 1 0
8 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
phpool 112 680 0 22 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.