protection_fault: in_pcb_iterator
1 view
Skip to first unread message
syzbot
Jun 12, 2025, 12:39:24 AM6/12/25
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 2de8940ea18f fpurge() first appeared in 4.3BSD-Reno ok der..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13613682580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=42a7b662604561ceb05b
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f380569e7f87/disk-2de8940e.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/5842a28abfb0/bsd-2de8940e.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a8a2528ab6c1/kernel-2de8940e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42a7b6...@syzkaller.appspotmail.com
kernel: protection fault trap, code=0
Stopped at in_pcb_iterator+0x12b: movq %rcx,0x8(%rdx)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
in_pcb_iterator(ffffffff8396b598,fffffd807818d148,ffff80003c9e5838) at in_pcb_iterator+0x12b sys/netinet/in_pcb.c:699
sysctl_file(ffff80003c9e5b38,4,200000000100,ffff80003c9e5b68,ffff80002a848d00) at sysctl_file+0xc57 sys/kern/kern_sysctl.c:-1
kern_sysctl(ffff80003c9e5b34,5,200000000100,ffff80003c9e5b68,0,37,9da5c9272c5fd11d) at kern_sysctl+0x167 sys/kern/kern_sysctl.c:526
sys_sysctl(ffff80002a848d00,ffff80003c9e5ca0,ffff80003c9e5bf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1
syscall(ffff80003c9e5ca0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9e5ca0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xbeea7321530, count: -6
ddb> show registers
rdi 0xffff800033926000
rsi 0x1e3
rbp 0xffff80003c9e5810
rbx 0
rdx 0x3f7ae8c55fc97732
rcx 0xffff80003c9e5840
rax 0xfffffd807818d008
r8 0x1c8
r9 0
r10 0x999ae9aab8bba9d0
r11 0xb574cb6c32751b6f
r12 0xfffffd807818d148
r13 0xfffffd807818d000
r14 0xffffffff8396b5a8 tcbtable+0x10
r15 0xffff80003c9e5838
rip 0xffffffff830ab85b in_pcb_iterator+0x12b
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff80003c9e57b0
ss 0x10
in_pcb_iterator+0x12b: movq %rcx,0x8(%rdx)
ddb> show proc
PROC (syz-executor) tid=69273 pid=32556 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=82, usrpri=82, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a8482c0,0xffff80002a8494c0
process=0xffff80002a7856b0 user=0xffff80003c9e0000, vmspace=0xfffffd807ace25a8
estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
65061 106368 38469 0 2 0x10 syz-executor
65061 286470 38469 0 3 0x4000090 fsleep syz-executor
32556 272788 22116 0 2 0 syz-executor
*32556 69273 22116 0 7 0x4000000 syz-executor
32556 291980 22116 0 3 0x4000080 fsleep syz-executor
49415 370519 49154 0 2 0 syz-executor
49415 283087 49154 0 3 0x4000080 fsleep syz-executor
49415 126021 49154 0 3 0x4000080 fsleep syz-executor
29570 111682 99572 0 2 0x10 syz-executor
29570 517144 99572 0 3 0x4000090 fsleep syz-executor
2859 237204 96463 0 2 0 syz-executor
2859 160169 96463 0 3 0x4000080 fsleep syz-executor
2859 476009 96463 0 2 0x4000000 syz-executor
28644 331439 91118 0 2 0 syz-executor
28644 381823 91118 0 2 0x4000000 syz-executor
92237 456252 0 0 3 0x14200 bored sosplice
65386 300061 0 0 3 0x14280 nfsidl nfsio
64601 400038 0 0 3 0x14280 nfsidl nfsio
49119 454022 0 0 3 0x14280 nfsidl nfsio
93693 169557 0 0 3 0x14280 nfsidl nfsio
37146 28078 0 0 3 0x14280 nfsidl nfsio
79040 258056 0 0 3 0x14280 nfsidl nfsio
73773 165146 0 0 3 0x14280 nfsidl nfsio
75241 391408 0 0 3 0x14280 nfsidl nfsio
50728 233896 0 0 3 0x14280 nfsidl nfsio
61453 415615 0 0 3 0x14280 nfsidl nfsio
11799 456717 0 0 3 0x14280 nfsidl nfsio
95944 186113 0 0 3 0x14280 nfsidl nfsio
99922 439860 0 0 3 0x14280 nfsidl nfsio
78408 135075 0 0 3 0x14280 nfsidl nfsio
43724 138161 0 0 3 0x14280 nfsidl nfsio
33780 379320 0 0 3 0x14280 nfsidl nfsio
7844 171615 0 0 3 0x14280 nfsidl nfsio
36718 60575 0 0 3 0x14280 nfsidl nfsio
17020 100578 0 0 3 0x14280 nfsidl nfsio
31395 57134 0 0 3 0x14280 nfsidl nfsio
49154 439718 53022 0 3 0x82 nanoslp syz-executor
8936 301832 53022 0 2 0x2 syz-executor
96463 164523 53022 0 3 0x82 nanoslp syz-executor
99572 506148 53022 0 3 0x82 nanoslp syz-executor
38469 170889 53022 0 3 0x82 nanoslp syz-executor
22116 125035 53022 0 3 0x82 nanoslp syz-executor
91118 276450 53022 0 3 0x82 nanoslp syz-executor
26189 55971 53022 0 3 0x82 nanoslp syz-executor
53022 193320 65430 0 3 0x82 kqread syz-executor
65430 251407 54419 0 3 0x10008a sigsusp ksh
54419 179545 83887 0 3 0x98 kqread sshd-session
83887 102677 11134 0 3 0x92 kqread sshd-session
31375 52368 1 0 3 0x100083 ttyin getty
11134 451847 1 0 3 0x88 kqread sshd
64768 515794 41476 73 3 0x1100090 kqread syslogd
41476 343891 1 0 3 0x100082 sbwait syslogd
76287 46199 1 0 3 0x100080 kqread resolvd
50279 115877 49627 77 3 0x100092 kqread dhcpleased
85954 118089 49627 77 3 0x100092 kqread dhcpleased
49627 32174 1 0 3 0x80 kqread dhcpleased
87840 357079 0 0 3 0x14200 bored smr
77582 209398 0 0 2 0x14200 zerothread
21773 35958 0 0 3 0x14200 aiodoned aiodoned
42433 159894 0 0 3 0x14200 syncer update
85297 27450 0 0 3 0x14200 cleaner cleaner
57708 302654 0 0 3 0x14200 reaper reaper
97371 453548 0 0 3 0x14200 pgdaemon pagedaemon
31611 453545 0 0 3 0x14200 bored viomb
46700 179229 0 0 3 0x40014200 acpi0 acpi0
6245 90158 0 0 3 0x14200 bored softnet3
10679 230886 0 0 3 0x14200 bored softnet2
25771 251787 0 0 3 0x14200 bored softnet1
86719 57916 0 0 3 0x14200 bored softnet0
12555 135944 0 0 3 0x14200 bored systqmp
53575 493150 0 0 3 0x14200 bored systq
52935 27538 0 0 3 0x40014200 tmoslp softclock
73645 77351 0 0 3 0x40014200 idle0
1 283915 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10203 11117K 11261K 166960K 11876 0
pcb 17 12K 12K 166960K 109 0
rtable 225 18K 18K 166960K 494 0
pf 33 13K 20K 166960K 94 0
ifaddr 41 7K 7K 166960K 82 0
ifgroup 52 2K 2K 166960K 130 0
sysctl 4 1K 9K 166960K 19 0
counters 35 18K 18K 166960K 76 0
ioctlops 0 0K 4K 166960K 103 0
iov 0 0K 16K 166960K 26 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1342 84K 84K 166960K 1841 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 10 68K 68K 166960K 14 0
dirhash 9 1K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 93K 166960K 2113 0
sigio 0 0K 0K 166960K 7 0
proc 62 59K 91K 166960K 551 0
subproc 72 4K 4K 166960K 102 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 76 0
in_multi 92 6K 7K 166960K 147 0
ether_multi 1 0K 0K 166960K 11 0
mrt 0 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 79 360K 360K 166960K 79 0
exec 0 0K 1K 166960K 430 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 220 143K 158K 166960K 18532 0
UVM aobj 12 4K 4K 166960K 13 0
pinsyscall 39 78K 94K 166960K 3171 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 26 0
NDP 12 0K 1K 166960K 54 0
temp 47 8681K 8792K 166960K 30519 0
kqueue 13 20K 26K 166960K 135 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 80 0 77 1 0 1 1 0 8 0
rtentry 136 140 0 47 4 0 4 4 0 8 0
unpcb 144 250 0 235 1 0 1 1 0 8 0
syncache 336 4 0 4 2 1 1 1 0 8 1
tcpcb 736 113 0 108 1 0 1 1 0 8 0
arp 88 22 0 5 1 0 1 1 0 8 0
ipq 40 4 0 4 1 0 1 1 0 8 1
ipqe 40 4 0 4 1 0 1 1 0 8 1
inpcb 328 461 0 451 2 0 2 2 0 8 0
pool(inpcb): free list modified: page 0xfffffd807818d000; item ordinal 0; addr 0xfffffd807818d000 (p 0xfffffd807818d000); offset 0x0=0x7818d150
ip6q 72 3 0 3 1 0 1 1 0 8 1
ip6af 40 3 0 3 1 0 1 1 0 8 1
nd6 104 31 0 9 1 0 1 1 0 8 0
pkpcb 40 5 0 5 1 0 1 1 0 8 1
kcovpl 48 12 0 4 1 0 1 1 0 8 0
ppxss 1072 33 0 30 1 0 1 1 0 8 0
pppxif 1384 4 0 4 1 0 1 1 0 8 1
pfstscr 40 1 0 1 1 0 1 1 0 8 1
pfrktable 1344 1 0 0 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstkey 128 1 0 1 1 0 1 1 0 8 1
pfstate 384 1 0 1 1 0 1 1 0 8 1
pfrule 1344 1 0 0 1 0 1 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 576 0 165 29 0 29 29 0 8 3
art_table 32 578 0 165 4 0 4 4 0 8 0
art_node 16 136 0 52 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 2 1 0 1 1 0 8 0
semupl 112 2 0 2 1 0 1 1 0 8 1
semapl 112 10 0 2 1 0 1 1 0 8 0
shmpl 112 10 0 1 1 0 1 1 0 8 0
dirhash 1024 17 0 10 3 0 3 3 0 8 1
dino2pl 256 4030 0 2491 97 0 97 97 0 8 0
ffsino 248 4030 0 2491 97 0 97 97 0 8 0
nchpl 144 6290 0 5734 64 34 30 64 0 8 8
rtmask 32 9 0 7 1 0 1 1 0 8 0
uvmvnodes 80 4371 0 0 90 0 90 90 0 8 0
vnodes 216 4371 0 0 243 0 243 243 0 8 0
namei 1024 15534 0 15534 6 3 3 3 0 8 3
kstatmem 264 72 0 48 2 0 2 2 0 8 0
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 5 0 5 1 0 1 1 0 8 1
scxspl 216 19637 0 19637 10 2 8 8 1 8 8
plimitpl 152 114 0 97 1 0 1 1 0 8 0
sigapl 424 2368 0 2301 8 0 8 8 0 8 0
knotepl 120 65941 0 65894 17 7 10 17 0 8 8
kqueuepl 184 164 0 155 1 0 1 1 0 8 0
pipepl 296 185 0 158 3 0 3 3 0 8 0
fdescpl 440 2331 0 2301 5 1 4 5 0 8 0
filepl 120 5324 0 5112 7 0 7 7 0 8 0
lockfpl 104 175 0 173 1 0 1 1 0 8 0
lockfspl 48 79 0 77 1 0 1 1 0 8 0
sessionpl 144 42 0 34 1 0 1 1 0 8 0
pgrppl 48 74 0 58 1 0 1 1 0 8 0
ucredpl 104 659 0 644 1 0 1 1 0 8 0
zombiepl 144 2727 0 2726 3 2 1 1 0 8 0
processpl 1160 2368 0 2301 5 0 5 5 0 8 0
procpl 656 4684 0 4608 7 0 7 7 0 8 0
sosppl 168 1 0 1 1 0 1 1 0 8 1
sockpl 528 805 0 776 3 0 3 3 0 8 0
mcl64k 65536 361 0 361 3 2 1 1 0 8 1
mcl16k 16384 352 0 352 2 1 1 1 0 8 1
mcl12k 12288 335 0 335 2 1 1 1 0 8 1
mcl9k 9216 100 0 100 3 2 1 1 0 8 1
mcl8k 8192 571 0 571 4 3 1 1 0 8 1
mcl4k 4096 6646 0 6597 17 10 7 16 0 8 0
mcl2k2 2112 6 0 6 3 2 1 1 0 8 1
mcl2k 2048 447 0 444 2 1 1 1 0 8 0
mtagpl 96 21 0 7 3 2 1 1 0 8 0
mbufpl 256 26494 0 26283 17 1 16 16 0 8 1
bufpl 280 4926 0 120 344 0 344 344 0 8 0
anonpl 24 238325 0 235329 45 2 43 43 0 187 20
amapchunkpl 152 62103 0 61655 38 7 31 31 0 158 13
amappl16 200 2830 0 2798 18 8 10 14 0 8 8
amappl15 192 4 0 4 1 1 0 1 0 8 0
amappl14 184 106 0 96 1 0 1 1 0 8 0
amappl13 176 11 0 11 2 1 1 1 0 8 1
amappl12 168 3042 0 3013 2 0 2 2 0 8 0
amappl11 160 65 0 55 1 0 1 1 0 8 0
amappl10 152 6 0 6 1 1 0 1 0 8 0
amappl9 144 256 0 256 1 1 0 1 0 8 0
amappl8 136 18 0 17 1 0 1 1 0 8 0
amappl7 128 104 0 94 1 0 1 1 0 8 0
amappl6 120 178 0 173 1 0 1 1 0 8 0
amappl5 112 171 0 165 1 0 1 1 0 8 0
amappl4 104 287 0 273 1 0 1 1 0 8 0
amappl3 96 13494 0 13391 3 0 3 3 0 8 0
amappl2 88 626 0 572 2 0 2 2 0 8 0
amappl1 80 15902 0 15360 13 1 12 13 0 8 0
amappl 88 17682 0 17524 5 1 4 4 0 92 0
dma16384 16384 1 0 1 1 0 1 1 0 8 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma2048 2048 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 255 0 255 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 12 0 1 1 0 1 1 0 8 0
uaddrrnd 24 2331 0 2301 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2331 0 2301 1 0 1 1 0 8 0
vmmpekpl 168 15820 0 15778 3 0 3 3 0 8 0
vmmpepl 168 137063 0 135191 99 7 92 92 0 357 10
vmsppl 360 2330 0 2301 4 1 3 4 0 8 0
rwobjpl 32 34973 0 29758 43 0 43 43 0 8 0
pdppl 4096 4668 0 4602 107 41 66 80 0 8 0
pvpl 32 873189 0 864362 115 1 114 114 0 265 36
pmappl 216 2330 0 2301 3 1 2 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 297 0 65 7 0 7 7 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
in_pcb_iterator(ffffffff8396b598,fffffd807818d148,ffff80003c9e5838) at in_pcb_iterator+0x12b sys/netinet/in_pcb.c:699
sysctl_file(ffff80003c9e5b38,4,200000000100,ffff80003c9e5b68,ffff80002a848d00) at sysctl_file+0xc57 sys/kern/kern_sysctl.c:-1
kern_sysctl(ffff80003c9e5b34,5,200000000100,ffff80003c9e5b68,0,37,9da5c9272c5fd11d) at kern_sysctl+0x167 sys/kern/kern_sysctl.c:526
sys_sysctl(ffff80002a848d00,ffff80003c9e5ca0,ffff80003c9e5bf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1
syscall(ffff80003c9e5ca0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9e5ca0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xbeea7321530, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
in_pcb_iterator(ffffffff8396b598,fffffd807818d148,ffff80003c9e5838) at in_pcb_iterator+0x12b sys/netinet/in_pcb.c:699
sysctl_file(ffff80003c9e5b38,4,200000000100,ffff80003c9e5b68,ffff80002a848d00) at sysctl_file+0xc57 sys/kern/kern_sysctl.c:-1
kern_sysctl(ffff80003c9e5b34,5,200000000100,ffff80003c9e5b68,0,37,9da5c9272c5fd11d) at kern_sysctl+0x167 sys/kern/kern_sysctl.c:526
sys_sysctl(ffff80002a848d00,ffff80003c9e5ca0,ffff80003c9e5bf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1
syscall(ffff80003c9e5ca0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9e5ca0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xbeea7321530, count: -6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 2de8940ea18f fpurge() first appeared in 4.3BSD-Reno ok der..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13613682580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=42a7b662604561ceb05b
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f380569e7f87/disk-2de8940e.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/5842a28abfb0/bsd-2de8940e.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a8a2528ab6c1/kernel-2de8940e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42a7b6...@syzkaller.appspotmail.com
kernel: protection fault trap, code=0
Stopped at in_pcb_iterator+0x12b: movq %rcx,0x8(%rdx)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
in_pcb_iterator(ffffffff8396b598,fffffd807818d148,ffff80003c9e5838) at in_pcb_iterator+0x12b sys/netinet/in_pcb.c:699
sysctl_file(ffff80003c9e5b38,4,200000000100,ffff80003c9e5b68,ffff80002a848d00) at sysctl_file+0xc57 sys/kern/kern_sysctl.c:-1
kern_sysctl(ffff80003c9e5b34,5,200000000100,ffff80003c9e5b68,0,37,9da5c9272c5fd11d) at kern_sysctl+0x167 sys/kern/kern_sysctl.c:526
sys_sysctl(ffff80002a848d00,ffff80003c9e5ca0,ffff80003c9e5bf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1
syscall(ffff80003c9e5ca0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9e5ca0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xbeea7321530, count: -6
ddb> show registers
rdi 0xffff800033926000
rsi 0x1e3
rbp 0xffff80003c9e5810
rbx 0
rdx 0x3f7ae8c55fc97732
rcx 0xffff80003c9e5840
rax 0xfffffd807818d008
r8 0x1c8
r9 0
r10 0x999ae9aab8bba9d0
r11 0xb574cb6c32751b6f
r12 0xfffffd807818d148
r13 0xfffffd807818d000
r14 0xffffffff8396b5a8 tcbtable+0x10
r15 0xffff80003c9e5838
rip 0xffffffff830ab85b in_pcb_iterator+0x12b
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff80003c9e57b0
ss 0x10
in_pcb_iterator+0x12b: movq %rcx,0x8(%rdx)
ddb> show proc
PROC (syz-executor) tid=69273 pid=32556 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=82, usrpri=82, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a8482c0,0xffff80002a8494c0
process=0xffff80002a7856b0 user=0xffff80003c9e0000, vmspace=0xfffffd807ace25a8
estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
65061 106368 38469 0 2 0x10 syz-executor
65061 286470 38469 0 3 0x4000090 fsleep syz-executor
32556 272788 22116 0 2 0 syz-executor
*32556 69273 22116 0 7 0x4000000 syz-executor
32556 291980 22116 0 3 0x4000080 fsleep syz-executor
49415 370519 49154 0 2 0 syz-executor
49415 283087 49154 0 3 0x4000080 fsleep syz-executor
49415 126021 49154 0 3 0x4000080 fsleep syz-executor
29570 111682 99572 0 2 0x10 syz-executor
29570 517144 99572 0 3 0x4000090 fsleep syz-executor
2859 237204 96463 0 2 0 syz-executor
2859 160169 96463 0 3 0x4000080 fsleep syz-executor
2859 476009 96463 0 2 0x4000000 syz-executor
28644 331439 91118 0 2 0 syz-executor
28644 381823 91118 0 2 0x4000000 syz-executor
92237 456252 0 0 3 0x14200 bored sosplice
65386 300061 0 0 3 0x14280 nfsidl nfsio
64601 400038 0 0 3 0x14280 nfsidl nfsio
49119 454022 0 0 3 0x14280 nfsidl nfsio
93693 169557 0 0 3 0x14280 nfsidl nfsio
37146 28078 0 0 3 0x14280 nfsidl nfsio
79040 258056 0 0 3 0x14280 nfsidl nfsio
73773 165146 0 0 3 0x14280 nfsidl nfsio
75241 391408 0 0 3 0x14280 nfsidl nfsio
50728 233896 0 0 3 0x14280 nfsidl nfsio
61453 415615 0 0 3 0x14280 nfsidl nfsio
11799 456717 0 0 3 0x14280 nfsidl nfsio
95944 186113 0 0 3 0x14280 nfsidl nfsio
99922 439860 0 0 3 0x14280 nfsidl nfsio
78408 135075 0 0 3 0x14280 nfsidl nfsio
43724 138161 0 0 3 0x14280 nfsidl nfsio
33780 379320 0 0 3 0x14280 nfsidl nfsio
7844 171615 0 0 3 0x14280 nfsidl nfsio
36718 60575 0 0 3 0x14280 nfsidl nfsio
17020 100578 0 0 3 0x14280 nfsidl nfsio
31395 57134 0 0 3 0x14280 nfsidl nfsio
49154 439718 53022 0 3 0x82 nanoslp syz-executor
8936 301832 53022 0 2 0x2 syz-executor
96463 164523 53022 0 3 0x82 nanoslp syz-executor
99572 506148 53022 0 3 0x82 nanoslp syz-executor
38469 170889 53022 0 3 0x82 nanoslp syz-executor
22116 125035 53022 0 3 0x82 nanoslp syz-executor
91118 276450 53022 0 3 0x82 nanoslp syz-executor
26189 55971 53022 0 3 0x82 nanoslp syz-executor
53022 193320 65430 0 3 0x82 kqread syz-executor
65430 251407 54419 0 3 0x10008a sigsusp ksh
54419 179545 83887 0 3 0x98 kqread sshd-session
83887 102677 11134 0 3 0x92 kqread sshd-session
31375 52368 1 0 3 0x100083 ttyin getty
11134 451847 1 0 3 0x88 kqread sshd
64768 515794 41476 73 3 0x1100090 kqread syslogd
41476 343891 1 0 3 0x100082 sbwait syslogd
76287 46199 1 0 3 0x100080 kqread resolvd
50279 115877 49627 77 3 0x100092 kqread dhcpleased
85954 118089 49627 77 3 0x100092 kqread dhcpleased
49627 32174 1 0 3 0x80 kqread dhcpleased
87840 357079 0 0 3 0x14200 bored smr
77582 209398 0 0 2 0x14200 zerothread
21773 35958 0 0 3 0x14200 aiodoned aiodoned
42433 159894 0 0 3 0x14200 syncer update
85297 27450 0 0 3 0x14200 cleaner cleaner
57708 302654 0 0 3 0x14200 reaper reaper
97371 453548 0 0 3 0x14200 pgdaemon pagedaemon
31611 453545 0 0 3 0x14200 bored viomb
46700 179229 0 0 3 0x40014200 acpi0 acpi0
6245 90158 0 0 3 0x14200 bored softnet3
10679 230886 0 0 3 0x14200 bored softnet2
25771 251787 0 0 3 0x14200 bored softnet1
86719 57916 0 0 3 0x14200 bored softnet0
12555 135944 0 0 3 0x14200 bored systqmp
53575 493150 0 0 3 0x14200 bored systq
52935 27538 0 0 3 0x40014200 tmoslp softclock
73645 77351 0 0 3 0x40014200 idle0
1 283915 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10203 11117K 11261K 166960K 11876 0
pcb 17 12K 12K 166960K 109 0
rtable 225 18K 18K 166960K 494 0
pf 33 13K 20K 166960K 94 0
ifaddr 41 7K 7K 166960K 82 0
ifgroup 52 2K 2K 166960K 130 0
sysctl 4 1K 9K 166960K 19 0
counters 35 18K 18K 166960K 76 0
ioctlops 0 0K 4K 166960K 103 0
iov 0 0K 16K 166960K 26 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1342 84K 84K 166960K 1841 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 10 68K 68K 166960K 14 0
dirhash 9 1K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 93K 166960K 2113 0
sigio 0 0K 0K 166960K 7 0
proc 62 59K 91K 166960K 551 0
subproc 72 4K 4K 166960K 102 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 76 0
in_multi 92 6K 7K 166960K 147 0
ether_multi 1 0K 0K 166960K 11 0
mrt 0 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 79 360K 360K 166960K 79 0
exec 0 0K 1K 166960K 430 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 220 143K 158K 166960K 18532 0
UVM aobj 12 4K 4K 166960K 13 0
pinsyscall 39 78K 94K 166960K 3171 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 26 0
NDP 12 0K 1K 166960K 54 0
temp 47 8681K 8792K 166960K 30519 0
kqueue 13 20K 26K 166960K 135 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 80 0 77 1 0 1 1 0 8 0
rtentry 136 140 0 47 4 0 4 4 0 8 0
unpcb 144 250 0 235 1 0 1 1 0 8 0
syncache 336 4 0 4 2 1 1 1 0 8 1
tcpcb 736 113 0 108 1 0 1 1 0 8 0
arp 88 22 0 5 1 0 1 1 0 8 0
ipq 40 4 0 4 1 0 1 1 0 8 1
ipqe 40 4 0 4 1 0 1 1 0 8 1
inpcb 328 461 0 451 2 0 2 2 0 8 0
pool(inpcb): free list modified: page 0xfffffd807818d000; item ordinal 0; addr 0xfffffd807818d000 (p 0xfffffd807818d000); offset 0x0=0x7818d150
ip6q 72 3 0 3 1 0 1 1 0 8 1
ip6af 40 3 0 3 1 0 1 1 0 8 1
nd6 104 31 0 9 1 0 1 1 0 8 0
pkpcb 40 5 0 5 1 0 1 1 0 8 1
kcovpl 48 12 0 4 1 0 1 1 0 8 0
ppxss 1072 33 0 30 1 0 1 1 0 8 0
pppxif 1384 4 0 4 1 0 1 1 0 8 1
pfstscr 40 1 0 1 1 0 1 1 0 8 1
pfrktable 1344 1 0 0 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstkey 128 1 0 1 1 0 1 1 0 8 1
pfstate 384 1 0 1 1 0 1 1 0 8 1
pfrule 1344 1 0 0 1 0 1 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 576 0 165 29 0 29 29 0 8 3
art_table 32 578 0 165 4 0 4 4 0 8 0
art_node 16 136 0 52 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 2 1 0 1 1 0 8 0
semupl 112 2 0 2 1 0 1 1 0 8 1
semapl 112 10 0 2 1 0 1 1 0 8 0
shmpl 112 10 0 1 1 0 1 1 0 8 0
dirhash 1024 17 0 10 3 0 3 3 0 8 1
dino2pl 256 4030 0 2491 97 0 97 97 0 8 0
ffsino 248 4030 0 2491 97 0 97 97 0 8 0
nchpl 144 6290 0 5734 64 34 30 64 0 8 8
rtmask 32 9 0 7 1 0 1 1 0 8 0
uvmvnodes 80 4371 0 0 90 0 90 90 0 8 0
vnodes 216 4371 0 0 243 0 243 243 0 8 0
namei 1024 15534 0 15534 6 3 3 3 0 8 3
kstatmem 264 72 0 48 2 0 2 2 0 8 0
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 5 0 5 1 0 1 1 0 8 1
scxspl 216 19637 0 19637 10 2 8 8 1 8 8
plimitpl 152 114 0 97 1 0 1 1 0 8 0
sigapl 424 2368 0 2301 8 0 8 8 0 8 0
knotepl 120 65941 0 65894 17 7 10 17 0 8 8
kqueuepl 184 164 0 155 1 0 1 1 0 8 0
pipepl 296 185 0 158 3 0 3 3 0 8 0
fdescpl 440 2331 0 2301 5 1 4 5 0 8 0
filepl 120 5324 0 5112 7 0 7 7 0 8 0
lockfpl 104 175 0 173 1 0 1 1 0 8 0
lockfspl 48 79 0 77 1 0 1 1 0 8 0
sessionpl 144 42 0 34 1 0 1 1 0 8 0
pgrppl 48 74 0 58 1 0 1 1 0 8 0
ucredpl 104 659 0 644 1 0 1 1 0 8 0
zombiepl 144 2727 0 2726 3 2 1 1 0 8 0
processpl 1160 2368 0 2301 5 0 5 5 0 8 0
procpl 656 4684 0 4608 7 0 7 7 0 8 0
sosppl 168 1 0 1 1 0 1 1 0 8 1
sockpl 528 805 0 776 3 0 3 3 0 8 0
mcl64k 65536 361 0 361 3 2 1 1 0 8 1
mcl16k 16384 352 0 352 2 1 1 1 0 8 1
mcl12k 12288 335 0 335 2 1 1 1 0 8 1
mcl9k 9216 100 0 100 3 2 1 1 0 8 1
mcl8k 8192 571 0 571 4 3 1 1 0 8 1
mcl4k 4096 6646 0 6597 17 10 7 16 0 8 0
mcl2k2 2112 6 0 6 3 2 1 1 0 8 1
mcl2k 2048 447 0 444 2 1 1 1 0 8 0
mtagpl 96 21 0 7 3 2 1 1 0 8 0
mbufpl 256 26494 0 26283 17 1 16 16 0 8 1
bufpl 280 4926 0 120 344 0 344 344 0 8 0
anonpl 24 238325 0 235329 45 2 43 43 0 187 20
amapchunkpl 152 62103 0 61655 38 7 31 31 0 158 13
amappl16 200 2830 0 2798 18 8 10 14 0 8 8
amappl15 192 4 0 4 1 1 0 1 0 8 0
amappl14 184 106 0 96 1 0 1 1 0 8 0
amappl13 176 11 0 11 2 1 1 1 0 8 1
amappl12 168 3042 0 3013 2 0 2 2 0 8 0
amappl11 160 65 0 55 1 0 1 1 0 8 0
amappl10 152 6 0 6 1 1 0 1 0 8 0
amappl9 144 256 0 256 1 1 0 1 0 8 0
amappl8 136 18 0 17 1 0 1 1 0 8 0
amappl7 128 104 0 94 1 0 1 1 0 8 0
amappl6 120 178 0 173 1 0 1 1 0 8 0
amappl5 112 171 0 165 1 0 1 1 0 8 0
amappl4 104 287 0 273 1 0 1 1 0 8 0
amappl3 96 13494 0 13391 3 0 3 3 0 8 0
amappl2 88 626 0 572 2 0 2 2 0 8 0
amappl1 80 15902 0 15360 13 1 12 13 0 8 0
amappl 88 17682 0 17524 5 1 4 4 0 92 0
dma16384 16384 1 0 1 1 0 1 1 0 8 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma2048 2048 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 255 0 255 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 12 0 1 1 0 1 1 0 8 0
uaddrrnd 24 2331 0 2301 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2331 0 2301 1 0 1 1 0 8 0
vmmpekpl 168 15820 0 15778 3 0 3 3 0 8 0
vmmpepl 168 137063 0 135191 99 7 92 92 0 357 10
vmsppl 360 2330 0 2301 4 1 3 4 0 8 0
rwobjpl 32 34973 0 29758 43 0 43 43 0 8 0
pdppl 4096 4668 0 4602 107 41 66 80 0 8 0
pvpl 32 873189 0 864362 115 1 114 114 0 265 36
pmappl 216 2330 0 2301 3 1 2 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 297 0 65 7 0 7 7 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
in_pcb_iterator(ffffffff8396b598,fffffd807818d148,ffff80003c9e5838) at in_pcb_iterator+0x12b sys/netinet/in_pcb.c:699
sysctl_file(ffff80003c9e5b38,4,200000000100,ffff80003c9e5b68,ffff80002a848d00) at sysctl_file+0xc57 sys/kern/kern_sysctl.c:-1
kern_sysctl(ffff80003c9e5b34,5,200000000100,ffff80003c9e5b68,0,37,9da5c9272c5fd11d) at kern_sysctl+0x167 sys/kern/kern_sysctl.c:526
sys_sysctl(ffff80002a848d00,ffff80003c9e5ca0,ffff80003c9e5bf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1
syscall(ffff80003c9e5ca0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9e5ca0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xbeea7321530, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
in_pcb_iterator(ffffffff8396b598,fffffd807818d148,ffff80003c9e5838) at in_pcb_iterator+0x12b sys/netinet/in_pcb.c:699
sysctl_file(ffff80003c9e5b38,4,200000000100,ffff80003c9e5b68,ffff80002a848d00) at sysctl_file+0xc57 sys/kern/kern_sysctl.c:-1
kern_sysctl(ffff80003c9e5b34,5,200000000100,ffff80003c9e5b68,0,37,9da5c9272c5fd11d) at kern_sysctl+0x167 sys/kern/kern_sysctl.c:526
sys_sysctl(ffff80002a848d00,ffff80003c9e5ca0,ffff80003c9e5bf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1
syscall(ffff80003c9e5ca0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9e5ca0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xbeea7321530, count: -6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages