uvm_fault: statclock
0 views
Skip to first unread message
syzbot
Dec 9, 2025, 8:12:25 AM (2 days ago) Dec 9
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: bf8f637750de sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1541aec2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=7bbd903ddba8bcfd576d
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ed8ba5807488/disk-bf8f6377.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/86d04e4de645/bsd-bf8f6377.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f8df0913ed04/kernel-bf8f6377.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7bbd90...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Stopped at statclock+0x2cf: movl 0x140(%rbx),%eax
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
statclock(ffffffff837f9c20,ffff80003c9272c0,0) at statclock+0x2cf sys/kern/kern_clock.c:334
clockintr_dispatch(ffff80003c9272c0) at clockintr_dispatch+0x339 sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:482
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
__x86_indirect_thunk_r11() at __x86_indirect_thunk_r11+0x10
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 uvm_objtree_RBT_FIND sys/uvm/uvm_object.h:93 [inline]
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 sys/uvm/uvm_page.c:1214
buf_map(fffffd806c745588) at buf_map+0x2a6 sys/kern/vfs_biomem.c:-1
buf_get(0,0,c450000) at buf_get+0x5be sys/kern/vfs_bio.c:1163
geteblk(c450000) at geteblk+0x3c sys/kern/vfs_bio.c:-1
writedisklabel(d02,ffffffff817f2320,ffff800000039000) at writedisklabel+0x4b sys/arch/amd64/amd64/disksubr.c:133
sdioctl(d02,84946467,ffff80000146c000,6,ffff80002a7bd4d8) at sdioctl+0x959 sys/scsi/sd.c:921
VOP_IOCTL(fffffd806c5dd7b0,84946467,ffff80000146c000,6,fffffd8007bfd9c0,ffff80002a7bd4d8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806bfc70f8,84946467,ffff80000146c000,ffff80002a7bd4d8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80002a7bd4d8,ffff80003c927b40,ffff80003c927a90) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c927b40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c927b40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf8f5ad99600, count: -16
ddb> show registers
rdi 0x2
rsi 0x1
rbp 0xffff80003c927210
rbx 0
rdx 0
rcx 0x15da __ALIGN_SIZE+0x5da
rax 0xffff80002a7bd4d8
r8 0
r9 0
r10 0
r11 0xd1fd9d4ba801a4f5
r12 0x1
r13 0xffff80002a7bd660
r14 0xffff80002a7bd4d8
r15 0x1
rip 0xffffffff82d592ff statclock+0x2cf
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80003c9271b0
ss 0x10
statclock+0x2cf: movl 0x140(%rbx),%eax
ddb> show proc
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
28867 119022 0 0 3 0x80 fsleep syz-executor
28867 513008 0 0 3 0x4000080 fifor syz-executor
46580 88461 0 0 3 0x82 nanoslp syz-executor
20435 73676 1 0 3 0x80 nanoslp init
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10196 11209K 11568K 166960K 12170 0
pcb 18 16K 18K 166960K 244 0
rtable 269 11K 11K 166960K 618 0
pf 32 13K 17K 166960K 91 0
ifaddr 43 8K 8K 166960K 84 0
ifgroup 50 2K 2K 166960K 119 0
sysctl 4 1K 9K 166960K 13 0
counters 33 17K 18K 166960K 76 0
ioctlops 1 2K 4K 166960K 158 0
iov 0 0K 28K 166960K 25 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1475 93K 93K 166960K 2061 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 9 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 88 0
dirhash 72 12K 12K 166960K 612 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 667 0
sigio 0 0K 0K 166960K 9 0
proc 51 50K 91K 166960K 590 0
subproc 72 4K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 134 0
in_multi 99 7K 7K 166960K 145 0
ether_multi 1 0K 0K 166960K 4 0
mrt 1 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 109 493K 493K 166960K 109 0
exec 0 0K 1K 166960K 530 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 231 161K 165K 166960K 7348 0
UVM aobj 15 4K 4K 166960K 15 0
pinsyscall 37 74K 93K 166960K 1789 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 45 0
NDP 11 0K 2K 166960K 55 0
temp 54 8666K 8731K 166960K 28873 0
kqueue 13 20K 32K 166960K 119 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 72 0 69 1 0 1 1 0 8 0
rtentry 136 144 0 30 4 0 4 4 0 8 0
unpcb 144 324 0 306 2 0 2 2 0 8 1
syncache 336 5 0 5 1 0 1 1 0 8 1
tcpcb 736 149 0 144 2 0 2 2 0 8 1
arp 96 23 0 4 1 0 1 1 0 8 0
ipq 40 1 0 0 1 0 1 1 0 8 0
ipqe 40 1 0 0 1 0 1 1 0 8 0
inpcb 328 815 0 804 7 0 7 7 0 8 5
ip6q 72 7 0 4 1 0 1 1 0 8 0
ip6af 40 11 0 8 1 0 1 1 0 8 0
nd6 112 31 0 6 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 0 1 1 0 8 1
kcovpl 48 10 0 2 1 0 1 1 0 8 0
ppxss 1072 34 0 34 1 0 1 1 0 8 1
pppxif 1384 6 0 6 1 0 1 1 0 8 1
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 128 2 0 0 1 0 1 1 0 8 0
pfstate 384 1 0 0 1 0 1 1 0 8 0
pfrule 1344 2 0 2 1 0 1 1 0 8 1
rttmr 136 1 0 1 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 581 0 121 29 0 29 29 0 8 0
art_table 40 582 0 121 5 0 5 5 0 8 0
art_node 32 144 0 41 1 0 1 1 0 8 0
sysvmsgpl 40 43 0 41 1 0 1 1 0 8 0
semapl 112 82 0 72 1 0 1 1 0 8 0
shmpl 112 11 0 0 1 0 1 1 0 8 0
dirhash 1024 218 0 181 5 0 5 5 0 8 0
dirhash: pool(0xffffffff838a2548:dirhash): free list modified: page 0xffff80002a7ba000; item ordinal 0; addr 0xffff80002a7bb000 (p 0xfffffd806fa74000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff80002a7ba000; item ordinal 0; addr 0xffff80002a7bb000 (p 0xfffffd806fa74000); offset 0x0=0x0
dirhash: pool(0xffffffff838a2548:dirhash): page inconsistency: page 0xffff80002a7ba000; item ordinal 1; addr 0x1e06198b0a06cabc
dirhash: pool(0xffffffff838a2548:dirhash): free list modified: page 0xffff80002a8aa000; item ordinal 0; addr 0xffff80002a8ab000 (p 0xfffffd806c9de000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff80002a8aa000; item ordinal 0; addr 0xffff80002a8ab000 (p 0xfffffd806c9de000); offset 0x0=0x0
dirhash: pool(0xffffffff838a2548:dirhash): page inconsistency: page 0xffff80002a8aa000; item ordinal 1; addr 0x235c2b3588e2abab
dirhash: pool(0xffffffff838a2548:dirhash): free list modified: page 0xffff80002a8c6000; item ordinal 0; addr 0xffff80002a8c7000 (p 0xfffffd806c9de000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff80002a8c6000; item ordinal 0; addr 0xffff80002a8c7000 (p 0xfffffd806c9de000); offset 0x0=0x0
dirhash: pool(0xffffffff838a2548:dirhash): page inconsistency: page 0xffff80002a8c6000; item ordinal 1; addr 0x17d2ed7053be1664
dino2pl 256 2630 0 1120 95 0 95 95 0 8 0
ffsino 256 2630 0 1120 95 0 95 95 0 8 0
nchpl 144 3519 0 1815 64 0 64 64 0 8 0
rtmask 32 9 0 9 1 0 1 1 0 8 1
vnodes 216 3109 0 0 173 0 173 173 0 8 0
namei 1024 11698 0 11697 1 0 1 1 0 8 0
namei: pool(0xffffffff8388aa28:namei): free list modified: page 0xffff80002a788000; item ordinal 0; addr 0xffff80002a789c00 (p 0xfffffd807f7e2000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002a788000; item ordinal 0; addr 0xffff80002a789c00 (p 0xfffffd807f7e2000); offset 0x0=0x0
namei: pool(0xffffffff8388aa28:namei): page inconsistency: page 0xffff80002a788000; item ordinal 1; addr 0xe122b10d6e1e3a
vcpupl 3904 1 0 0 1 0 1 1 0 8 0
vcpupl: pool(0xffffffff8388a840:vcpupl): page inconsistency: page 0x0; at page head addr 0xffff80002a8bff90 (p 0xffff80002a8b8000)
vmpool 800 1 0 0 1 0 1 1 0 8 0
kstatmem 264 68 0 46 2 0 2 2 0 8 0
scsiplug 72 2 0 2 1 0 1 1 0 8 1
scxspl 216 12063 0 12061 8 0 8 8 1 8 7
plimitpl 152 128 0 110 1 0 1 1 0 8 0
sigapl 424 946 0 904 6 0 6 6 0 8 0
knotepl 120 21196 0 21149 10 0 10 10 0 8 7
kqueuepl 184 324 0 313 7 0 7 7 0 8 6
pipepl 304 182 0 155 5 0 5 5 0 8 2
fdescpl 448 928 0 899 5 0 5 5 0 8 1
filepl 120 5424 0 5178 14 0 14 14 0 8 4
lockfpl 104 170 0 167 1 0 1 1 0 8 0
lockfspl 48 81 0 78 1 0 1 1 0 8 0
sessionpl 144 24 0 17 1 0 1 1 0 8 0
pgrppl 48 36 0 21 1 0 1 1 0 8 0
ucredpl 104 852 0 839 1 0 1 1 0 8 0
zombiepl 144 908 0 904 1 0 1 1 0 8 0
processpl 1152 946 0 904 4 0 4 4 0 8 0
processpl: pool(0xffffffff8395f958:processpl): page inconsistency: page 0x0; at page head addr 0xffff80002a787f90 (p 0xffff80002a784000)
procpl 664 1659 0 1614 6 0 6 6 0 8 1
procpl: pool(0xffffffff8395f7a0:procpl): page inconsistency: page 0x0; at page head addr 0xffff80002a72df90 (p 0xffff80002a72c000)
procpl: pool(0xffffffff8395f7a0:procpl): page inconsistency: page 0x0; at page head addr 0xffff80002a777f90 (p 0xffff80002a776000)
sosppl 176 3 0 3 1 0 1 1 0 8 1
sockpl 552 1234 0 1202 8 0 8 8 0 8 5
mcl64k 65536 26 0 26 1 0 1 1 0 8 1
mcl16k 16384 1 0 1 1 0 1 1 0 8 1
mcl12k 12288 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 6 0 6 1 0 1 1 0 8 1
mcl4k 4096 3114 0 3058 16 1 15 16 0 8 7
mcl2k2 2112 2 0 2 1 0 1 1 0 8 1
mcl2k 2048 923 0 916 5 0 5 5 0 8 3
mtagpl 96 60 0 10 2 0 2 2 0 8 0
mbufpl 256 9947 0 9714 19 0 19 19 0 8 2
bufpl 280 4566 0 121 318 0 318 318 0 8 0
anonpl 24 144914 0 141840 50 0 50 50 0 187 23
amapchunkpl 152 23436 0 22766 28 0 28 28 0 158 1
amappl16 200 2405 0 2370 19 6 13 17 0 8 8
amappl15 192 3 0 3 1 0 1 1 0 8 1
amappl14 184 3 0 2 1 0 1 1 0 8 0
amappl13 176 439 0 438 1 0 1 1 0 8 0
amappl12 168 1285 0 1249 2 0 2 2 0 8 0
amappl11 160 8 0 8 1 0 1 1 0 8 1
amappl10 152 42 0 32 1 0 1 1 0 8 0
amappl9 144 258 0 258 1 0 1 1 0 8 1
amappl8 136 34 0 33 1 0 1 1 0 8 0
amappl7 128 85 0 84 1 0 1 1 0 8 0
amappl6 120 297 0 286 1 0 1 1 0 8 0
amappl5 112 69 0 61 1 0 1 1 0 8 0
amappl4 104 389 0 367 1 0 1 1 0 8 0
amappl3 96 4543 0 4438 3 0 3 3 0 8 0
amappl2 88 528 0 477 2 0 2 2 0 8 0
amappl1 80 11025 0 10514 13 0 13 13 0 8 1
amappl 88 6524 0 6358 5 0 5 5 0 92 1
uvmvnodes 80 110 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 1 0 1 1 0 8 1
dma128 128 254 0 254 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 14 0 0 1 0 1 1 0 8 0
uaddrrnd 24 928 0 899 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 928 0 899 1 0 1 1 0 8 0
vmmpekpl 168 8480 0 8449 2 0 2 2 0 8 0
vmmpepl 168 63690 0 61942 93 0 93 93 0 357 12
vmsppl 368 927 0 899 4 0 4 4 0 8 1
rwobjpl 40 18755 0 17828 13 0 13 13 0 8 1
pdppl 4096 1865 0 1799 98 30 68 79 0 8 2
pvpl 32 401654 0 393157 130 0 130 130 0 265 41
pmappl 216 928 0 899 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 382 0 31 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
statclock(ffffffff837f9c20,ffff80003c9272c0,0) at statclock+0x2cf sys/kern/kern_clock.c:334
clockintr_dispatch(ffff80003c9272c0) at clockintr_dispatch+0x339 sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:482
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
__x86_indirect_thunk_r11() at __x86_indirect_thunk_r11+0x10
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 uvm_objtree_RBT_FIND sys/uvm/uvm_object.h:93 [inline]
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 sys/uvm/uvm_page.c:1214
buf_map(fffffd806c745588) at buf_map+0x2a6 sys/kern/vfs_biomem.c:-1
buf_get(0,0,c450000) at buf_get+0x5be sys/kern/vfs_bio.c:1163
geteblk(c450000) at geteblk+0x3c sys/kern/vfs_bio.c:-1
writedisklabel(d02,ffffffff817f2320,ffff800000039000) at writedisklabel+0x4b sys/arch/amd64/amd64/disksubr.c:133
sdioctl(d02,84946467,ffff80000146c000,6,ffff80002a7bd4d8) at sdioctl+0x959 sys/scsi/sd.c:921
VOP_IOCTL(fffffd806c5dd7b0,84946467,ffff80000146c000,6,fffffd8007bfd9c0,ffff80002a7bd4d8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806bfc70f8,84946467,ffff80000146c000,ffff80002a7bd4d8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80002a7bd4d8,ffff80003c927b40,ffff80003c927a90) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c927b40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c927b40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf8f5ad99600, count: -16
ddb> machine ddbcpu 1
No such command
ddb> trace
statclock(ffffffff837f9c20,ffff80003c9272c0,0) at statclock+0x2cf sys/kern/kern_clock.c:334
clockintr_dispatch(ffff80003c9272c0) at clockintr_dispatch+0x339 sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:482
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
__x86_indirect_thunk_r11() at __x86_indirect_thunk_r11+0x10
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 uvm_objtree_RBT_FIND sys/uvm/uvm_object.h:93 [inline]
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 sys/uvm/uvm_page.c:1214
buf_map(fffffd806c745588) at buf_map+0x2a6 sys/kern/vfs_biomem.c:-1
buf_get(0,0,c450000) at buf_get+0x5be sys/kern/vfs_bio.c:1163
geteblk(c450000) at geteblk+0x3c sys/kern/vfs_bio.c:-1
writedisklabel(d02,ffffffff817f2320,ffff800000039000) at writedisklabel+0x4b sys/arch/amd64/amd64/disksubr.c:133
sdioctl(d02,84946467,ffff80000146c000,6,ffff80002a7bd4d8) at sdioctl+0x959 sys/scsi/sd.c:921
VOP_IOCTL(fffffd806c5dd7b0,84946467,ffff80000146c000,6,fffffd8007bfd9c0,ffff80002a7bd4d8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806bfc70f8,84946467,ffff80000146c000,ffff80002a7bd4d8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80002a7bd4d8,ffff80003c927b40,ffff80003c927a90) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c927b40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c927b40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf8f5ad99600, count: -16
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: bf8f637750de sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1541aec2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=7bbd903ddba8bcfd576d
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ed8ba5807488/disk-bf8f6377.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/86d04e4de645/bsd-bf8f6377.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f8df0913ed04/kernel-bf8f6377.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7bbd90...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Stopped at statclock+0x2cf: movl 0x140(%rbx),%eax
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
statclock(ffffffff837f9c20,ffff80003c9272c0,0) at statclock+0x2cf sys/kern/kern_clock.c:334
clockintr_dispatch(ffff80003c9272c0) at clockintr_dispatch+0x339 sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:482
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
__x86_indirect_thunk_r11() at __x86_indirect_thunk_r11+0x10
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 uvm_objtree_RBT_FIND sys/uvm/uvm_object.h:93 [inline]
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 sys/uvm/uvm_page.c:1214
buf_map(fffffd806c745588) at buf_map+0x2a6 sys/kern/vfs_biomem.c:-1
buf_get(0,0,c450000) at buf_get+0x5be sys/kern/vfs_bio.c:1163
geteblk(c450000) at geteblk+0x3c sys/kern/vfs_bio.c:-1
writedisklabel(d02,ffffffff817f2320,ffff800000039000) at writedisklabel+0x4b sys/arch/amd64/amd64/disksubr.c:133
sdioctl(d02,84946467,ffff80000146c000,6,ffff80002a7bd4d8) at sdioctl+0x959 sys/scsi/sd.c:921
VOP_IOCTL(fffffd806c5dd7b0,84946467,ffff80000146c000,6,fffffd8007bfd9c0,ffff80002a7bd4d8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806bfc70f8,84946467,ffff80000146c000,ffff80002a7bd4d8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80002a7bd4d8,ffff80003c927b40,ffff80003c927a90) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c927b40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c927b40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf8f5ad99600, count: -16
ddb> show registers
rdi 0x2
rsi 0x1
rbp 0xffff80003c927210
rbx 0
rdx 0
rcx 0x15da __ALIGN_SIZE+0x5da
rax 0xffff80002a7bd4d8
r8 0
r9 0
r10 0
r11 0xd1fd9d4ba801a4f5
r12 0x1
r13 0xffff80002a7bd660
r14 0xffff80002a7bd4d8
r15 0x1
rip 0xffffffff82d592ff statclock+0x2cf
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80003c9271b0
ss 0x10
statclock+0x2cf: movl 0x140(%rbx),%eax
ddb> show proc
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
28867 119022 0 0 3 0x80 fsleep syz-executor
28867 513008 0 0 3 0x4000080 fifor syz-executor
46580 88461 0 0 3 0x82 nanoslp syz-executor
20435 73676 1 0 3 0x80 nanoslp init
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10196 11209K 11568K 166960K 12170 0
pcb 18 16K 18K 166960K 244 0
rtable 269 11K 11K 166960K 618 0
pf 32 13K 17K 166960K 91 0
ifaddr 43 8K 8K 166960K 84 0
ifgroup 50 2K 2K 166960K 119 0
sysctl 4 1K 9K 166960K 13 0
counters 33 17K 18K 166960K 76 0
ioctlops 1 2K 4K 166960K 158 0
iov 0 0K 28K 166960K 25 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1475 93K 93K 166960K 2061 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 9 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 88 0
dirhash 72 12K 12K 166960K 612 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 667 0
sigio 0 0K 0K 166960K 9 0
proc 51 50K 91K 166960K 590 0
subproc 72 4K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 134 0
in_multi 99 7K 7K 166960K 145 0
ether_multi 1 0K 0K 166960K 4 0
mrt 1 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 109 493K 493K 166960K 109 0
exec 0 0K 1K 166960K 530 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 231 161K 165K 166960K 7348 0
UVM aobj 15 4K 4K 166960K 15 0
pinsyscall 37 74K 93K 166960K 1789 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 45 0
NDP 11 0K 2K 166960K 55 0
temp 54 8666K 8731K 166960K 28873 0
kqueue 13 20K 32K 166960K 119 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 72 0 69 1 0 1 1 0 8 0
rtentry 136 144 0 30 4 0 4 4 0 8 0
unpcb 144 324 0 306 2 0 2 2 0 8 1
syncache 336 5 0 5 1 0 1 1 0 8 1
tcpcb 736 149 0 144 2 0 2 2 0 8 1
arp 96 23 0 4 1 0 1 1 0 8 0
ipq 40 1 0 0 1 0 1 1 0 8 0
ipqe 40 1 0 0 1 0 1 1 0 8 0
inpcb 328 815 0 804 7 0 7 7 0 8 5
ip6q 72 7 0 4 1 0 1 1 0 8 0
ip6af 40 11 0 8 1 0 1 1 0 8 0
nd6 112 31 0 6 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 0 1 1 0 8 1
kcovpl 48 10 0 2 1 0 1 1 0 8 0
ppxss 1072 34 0 34 1 0 1 1 0 8 1
pppxif 1384 6 0 6 1 0 1 1 0 8 1
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 128 2 0 0 1 0 1 1 0 8 0
pfstate 384 1 0 0 1 0 1 1 0 8 0
pfrule 1344 2 0 2 1 0 1 1 0 8 1
rttmr 136 1 0 1 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 581 0 121 29 0 29 29 0 8 0
art_table 40 582 0 121 5 0 5 5 0 8 0
art_node 32 144 0 41 1 0 1 1 0 8 0
sysvmsgpl 40 43 0 41 1 0 1 1 0 8 0
semapl 112 82 0 72 1 0 1 1 0 8 0
shmpl 112 11 0 0 1 0 1 1 0 8 0
dirhash 1024 218 0 181 5 0 5 5 0 8 0
dirhash: pool(0xffffffff838a2548:dirhash): free list modified: page 0xffff80002a7ba000; item ordinal 0; addr 0xffff80002a7bb000 (p 0xfffffd806fa74000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff80002a7ba000; item ordinal 0; addr 0xffff80002a7bb000 (p 0xfffffd806fa74000); offset 0x0=0x0
dirhash: pool(0xffffffff838a2548:dirhash): page inconsistency: page 0xffff80002a7ba000; item ordinal 1; addr 0x1e06198b0a06cabc
dirhash: pool(0xffffffff838a2548:dirhash): free list modified: page 0xffff80002a8aa000; item ordinal 0; addr 0xffff80002a8ab000 (p 0xfffffd806c9de000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff80002a8aa000; item ordinal 0; addr 0xffff80002a8ab000 (p 0xfffffd806c9de000); offset 0x0=0x0
dirhash: pool(0xffffffff838a2548:dirhash): page inconsistency: page 0xffff80002a8aa000; item ordinal 1; addr 0x235c2b3588e2abab
dirhash: pool(0xffffffff838a2548:dirhash): free list modified: page 0xffff80002a8c6000; item ordinal 0; addr 0xffff80002a8c7000 (p 0xfffffd806c9de000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff80002a8c6000; item ordinal 0; addr 0xffff80002a8c7000 (p 0xfffffd806c9de000); offset 0x0=0x0
dirhash: pool(0xffffffff838a2548:dirhash): page inconsistency: page 0xffff80002a8c6000; item ordinal 1; addr 0x17d2ed7053be1664
dino2pl 256 2630 0 1120 95 0 95 95 0 8 0
ffsino 256 2630 0 1120 95 0 95 95 0 8 0
nchpl 144 3519 0 1815 64 0 64 64 0 8 0
rtmask 32 9 0 9 1 0 1 1 0 8 1
vnodes 216 3109 0 0 173 0 173 173 0 8 0
namei 1024 11698 0 11697 1 0 1 1 0 8 0
namei: pool(0xffffffff8388aa28:namei): free list modified: page 0xffff80002a788000; item ordinal 0; addr 0xffff80002a789c00 (p 0xfffffd807f7e2000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002a788000; item ordinal 0; addr 0xffff80002a789c00 (p 0xfffffd807f7e2000); offset 0x0=0x0
namei: pool(0xffffffff8388aa28:namei): page inconsistency: page 0xffff80002a788000; item ordinal 1; addr 0xe122b10d6e1e3a
vcpupl 3904 1 0 0 1 0 1 1 0 8 0
vcpupl: pool(0xffffffff8388a840:vcpupl): page inconsistency: page 0x0; at page head addr 0xffff80002a8bff90 (p 0xffff80002a8b8000)
vmpool 800 1 0 0 1 0 1 1 0 8 0
kstatmem 264 68 0 46 2 0 2 2 0 8 0
scsiplug 72 2 0 2 1 0 1 1 0 8 1
scxspl 216 12063 0 12061 8 0 8 8 1 8 7
plimitpl 152 128 0 110 1 0 1 1 0 8 0
sigapl 424 946 0 904 6 0 6 6 0 8 0
knotepl 120 21196 0 21149 10 0 10 10 0 8 7
kqueuepl 184 324 0 313 7 0 7 7 0 8 6
pipepl 304 182 0 155 5 0 5 5 0 8 2
fdescpl 448 928 0 899 5 0 5 5 0 8 1
filepl 120 5424 0 5178 14 0 14 14 0 8 4
lockfpl 104 170 0 167 1 0 1 1 0 8 0
lockfspl 48 81 0 78 1 0 1 1 0 8 0
sessionpl 144 24 0 17 1 0 1 1 0 8 0
pgrppl 48 36 0 21 1 0 1 1 0 8 0
ucredpl 104 852 0 839 1 0 1 1 0 8 0
zombiepl 144 908 0 904 1 0 1 1 0 8 0
processpl 1152 946 0 904 4 0 4 4 0 8 0
processpl: pool(0xffffffff8395f958:processpl): page inconsistency: page 0x0; at page head addr 0xffff80002a787f90 (p 0xffff80002a784000)
procpl 664 1659 0 1614 6 0 6 6 0 8 1
procpl: pool(0xffffffff8395f7a0:procpl): page inconsistency: page 0x0; at page head addr 0xffff80002a72df90 (p 0xffff80002a72c000)
procpl: pool(0xffffffff8395f7a0:procpl): page inconsistency: page 0x0; at page head addr 0xffff80002a777f90 (p 0xffff80002a776000)
sosppl 176 3 0 3 1 0 1 1 0 8 1
sockpl 552 1234 0 1202 8 0 8 8 0 8 5
mcl64k 65536 26 0 26 1 0 1 1 0 8 1
mcl16k 16384 1 0 1 1 0 1 1 0 8 1
mcl12k 12288 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 6 0 6 1 0 1 1 0 8 1
mcl4k 4096 3114 0 3058 16 1 15 16 0 8 7
mcl2k2 2112 2 0 2 1 0 1 1 0 8 1
mcl2k 2048 923 0 916 5 0 5 5 0 8 3
mtagpl 96 60 0 10 2 0 2 2 0 8 0
mbufpl 256 9947 0 9714 19 0 19 19 0 8 2
bufpl 280 4566 0 121 318 0 318 318 0 8 0
anonpl 24 144914 0 141840 50 0 50 50 0 187 23
amapchunkpl 152 23436 0 22766 28 0 28 28 0 158 1
amappl16 200 2405 0 2370 19 6 13 17 0 8 8
amappl15 192 3 0 3 1 0 1 1 0 8 1
amappl14 184 3 0 2 1 0 1 1 0 8 0
amappl13 176 439 0 438 1 0 1 1 0 8 0
amappl12 168 1285 0 1249 2 0 2 2 0 8 0
amappl11 160 8 0 8 1 0 1 1 0 8 1
amappl10 152 42 0 32 1 0 1 1 0 8 0
amappl9 144 258 0 258 1 0 1 1 0 8 1
amappl8 136 34 0 33 1 0 1 1 0 8 0
amappl7 128 85 0 84 1 0 1 1 0 8 0
amappl6 120 297 0 286 1 0 1 1 0 8 0
amappl5 112 69 0 61 1 0 1 1 0 8 0
amappl4 104 389 0 367 1 0 1 1 0 8 0
amappl3 96 4543 0 4438 3 0 3 3 0 8 0
amappl2 88 528 0 477 2 0 2 2 0 8 0
amappl1 80 11025 0 10514 13 0 13 13 0 8 1
amappl 88 6524 0 6358 5 0 5 5 0 92 1
uvmvnodes 80 110 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 1 0 1 1 0 8 1
dma128 128 254 0 254 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 14 0 0 1 0 1 1 0 8 0
uaddrrnd 24 928 0 899 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 928 0 899 1 0 1 1 0 8 0
vmmpekpl 168 8480 0 8449 2 0 2 2 0 8 0
vmmpepl 168 63690 0 61942 93 0 93 93 0 357 12
vmsppl 368 927 0 899 4 0 4 4 0 8 1
rwobjpl 40 18755 0 17828 13 0 13 13 0 8 1
pdppl 4096 1865 0 1799 98 30 68 79 0 8 2
pvpl 32 401654 0 393157 130 0 130 130 0 265 41
pmappl 216 928 0 899 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 382 0 31 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
statclock(ffffffff837f9c20,ffff80003c9272c0,0) at statclock+0x2cf sys/kern/kern_clock.c:334
clockintr_dispatch(ffff80003c9272c0) at clockintr_dispatch+0x339 sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:482
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
__x86_indirect_thunk_r11() at __x86_indirect_thunk_r11+0x10
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 uvm_objtree_RBT_FIND sys/uvm/uvm_object.h:93 [inline]
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 sys/uvm/uvm_page.c:1214
buf_map(fffffd806c745588) at buf_map+0x2a6 sys/kern/vfs_biomem.c:-1
buf_get(0,0,c450000) at buf_get+0x5be sys/kern/vfs_bio.c:1163
geteblk(c450000) at geteblk+0x3c sys/kern/vfs_bio.c:-1
writedisklabel(d02,ffffffff817f2320,ffff800000039000) at writedisklabel+0x4b sys/arch/amd64/amd64/disksubr.c:133
sdioctl(d02,84946467,ffff80000146c000,6,ffff80002a7bd4d8) at sdioctl+0x959 sys/scsi/sd.c:921
VOP_IOCTL(fffffd806c5dd7b0,84946467,ffff80000146c000,6,fffffd8007bfd9c0,ffff80002a7bd4d8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806bfc70f8,84946467,ffff80000146c000,ffff80002a7bd4d8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80002a7bd4d8,ffff80003c927b40,ffff80003c927a90) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c927b40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c927b40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf8f5ad99600, count: -16
ddb> machine ddbcpu 1
No such command
ddb> trace
statclock(ffffffff837f9c20,ffff80003c9272c0,0) at statclock+0x2cf sys/kern/kern_clock.c:334
clockintr_dispatch(ffff80003c9272c0) at clockintr_dispatch+0x339 sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:482
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
__x86_indirect_thunk_r11() at __x86_indirect_thunk_r11+0x10
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 uvm_objtree_RBT_FIND sys/uvm/uvm_object.h:93 [inline]
uvm_pagelookup(fffffd806c745648,915e000) at uvm_pagelookup+0x51 sys/uvm/uvm_page.c:1214
buf_map(fffffd806c745588) at buf_map+0x2a6 sys/kern/vfs_biomem.c:-1
buf_get(0,0,c450000) at buf_get+0x5be sys/kern/vfs_bio.c:1163
geteblk(c450000) at geteblk+0x3c sys/kern/vfs_bio.c:-1
writedisklabel(d02,ffffffff817f2320,ffff800000039000) at writedisklabel+0x4b sys/arch/amd64/amd64/disksubr.c:133
sdioctl(d02,84946467,ffff80000146c000,6,ffff80002a7bd4d8) at sdioctl+0x959 sys/scsi/sd.c:921
VOP_IOCTL(fffffd806c5dd7b0,84946467,ffff80000146c000,6,fffffd8007bfd9c0,ffff80002a7bd4d8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806bfc70f8,84946467,ffff80000146c000,ffff80002a7bd4d8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80002a7bd4d8,ffff80003c927b40,ffff80003c927a90) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c927b40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c927b40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf8f5ad99600, count: -16
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages