uvm_fault: db_enter
2 views
Skip to first unread message
syzbot
May 28, 2020, 10:36:13 PM5/28/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 0a71812f When calling rasops_init() in efifb_cnremap() and..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11c4cfa1100000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=4f6916a50f456a177aee
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4f6916...@syzkaller.appspotmail.com
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e uvmfault_amapcopy sys/uvm/uvm_fault.c:242 [inline]
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e sys/uvm/uvm_fault.c:559
pageflttrap(ffff800020f67b40,0) at pageflttrap+0x1b8 sys/arch/amd64/amd64/trap.c:221
kerntrap(ffff800020f67b40) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:302
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyin() at copyin+0x4b
sys_connect(ffff800020ed9608,ffff800020f67d08,ffff800020f67d50) at sys_connect+0x9b sys/kern/uipc_syscalls.c:360
syscall(ffff800020f67dd0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020f67dd0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x29ab724c0e0, count: 243
End of stack trace.
Stopped at db_enter+0x18: addq $0x8,%rsp
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
yield() at yield+0x77 sys/kern/sched_bsd.c:304
pool_get(ffffffff826baad8,1) at pool_get+0x19c sys/kern/subr_pool.c:588
uvm_mapent_alloc(fffffd807efff2e0,0) at uvm_mapent_alloc+0x2d2 sys/uvm/uvm_map.c:1751
uvm_map_clip_end(fffffd807efff2e0,fffffd806cc62ec0,20010000) at uvm_map_clip_end+0x5d sys/uvm/uvm_map.c:4769
amap_copy(fffffd807efff2e0,fffffd806cc62ec0,2,1,20000000,20000001) at amap_copy+0x53b sys/uvm/uvm_amap.c:530
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e uvmfault_amapcopy sys/uvm/uvm_fault.c:242 [inline]
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e sys/uvm/uvm_fault.c:559
pageflttrap(ffff800020f67b40,0) at pageflttrap+0x1b8 sys/arch/amd64/amd64/trap.c:221
kerntrap(ffff800020f67b40) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:302
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyin() at copyin+0x4b
sys_connect(ffff800020ed9608,ffff800020f67d08,ffff800020f67d50) at sys_connect+0x9b sys/kern/uipc_syscalls.c:360
syscall(ffff800020f67dd0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020f67dd0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x29ab724c0e0, count: -14
ddb{0}> show registers
rdi 0
rsi 0x3ffff acpi_pdirpa+0x2be67
rbp 0xffff800020f675c0
rbx 0x2
rdx 0x40000 acpi_pdirpa+0x2be68
rcx 0xffff800022f96000
rax 0xffff8000009d73c0
r8 0xffffffff8168b22f kprintf+0x16f
r9 0x1
r10 0x2
r11 0xb2e98d1f1c9110c1
r12 0x1
r13 0xfffffd806b2c9420
r14 0xffff800020ed9608
r15 0x3
rip 0xffffffff8150f128 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020f675b0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.1) pid=355211 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800021fdfd60,0xffffffff82684480
process=0xffff80002200a7e0 user=0xffff800020f62000, vmspace=0xfffffd807efff2e0
estcpu=36, cpticks=16, pctcpu=0.0
user=0, sys=16, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
90674 426522 11803 0 2 0 syz-executor.1
*90674 355211 11803 0 7 0x4000000 syz-executor.1
63555 363750 94188 0 2 0x2 syz-executor.0
29975 356337 0 0 3 0x14280 nfsidl nfsio
44948 326757 0 0 3 0x14280 nfsidl nfsio
89196 391396 0 0 3 0x14280 nfsidl nfsio
72467 427548 0 0 3 0x14280 nfsidl nfsio
30745 378596 0 0 3 0x14280 nfsidl nfsio
91045 395930 0 0 3 0x14280 nfsidl nfsio
95130 179638 0 0 3 0x14280 nfsidl nfsio
51485 274128 0 0 3 0x14280 nfsidl nfsio
95246 65772 0 0 3 0x14280 nfsidl nfsio
89649 195469 0 0 3 0x14280 nfsidl nfsio
84034 132209 0 0 3 0x14280 nfsidl nfsio
32186 399718 0 0 3 0x14280 nfsidl nfsio
23634 247817 0 0 3 0x14280 nfsidl nfsio
40331 97932 0 0 3 0x14280 nfsidl nfsio
11961 311102 0 0 3 0x14280 nfsidl nfsio
19452 200007 0 0 3 0x14280 nfsidl nfsio
63642 219254 0 0 3 0x14280 nfsidl nfsio
97820 340021 0 0 3 0x14280 nfsidl nfsio
89437 254730 0 0 3 0x14280 nfsidl nfsio
42728 354273 0 0 3 0x14280 nfsidl nfsio
47210 308530 0 0 3 0x14200 bored sosplice
11803 24650 94188 0 2 0x482 syz-executor.1
94188 486112 56427 0 3 0x82 thrsleep syz-fuzzer
94188 507968 56427 0 7 0x4000482 syz-fuzzer
94188 474148 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 107712 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 518866 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 336136 56427 0 3 0x4000082 kqread syz-fuzzer
94188 440393 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 387316 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 235595 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 278045 56427 0 3 0x4000082 thrsleep syz-fuzzer
56427 348720 70011 0 3 0x10008a pause ksh
70011 472086 93862 0 3 0x92 select sshd
71295 496940 1 0 2 0x100083 getty
93862 171016 1 0 3 0x80 select sshd
99354 162492 73703 74 2 0x100492 pflogd
73703 240521 1 0 3 0x80 netio pflogd
39388 135416 35844 73 2 0x100090 syslogd
35844 187404 1 0 3 0x100082 netio syslogd
73846 101525 1 77 3 0x100090 poll dhclient
99859 118029 1 0 3 0x80 poll dhclient
51686 363718 0 0 3 0x14200 bored smr
28689 294350 0 0 2 0x14200 zerothread
83080 273283 0 0 3 0x14200 aiodoned aiodoned
38814 188914 0 0 3 0x14200 syncer update
59156 466998 0 0 3 0x14200 cleaner cleaner
18402 240426 0 0 3 0x14200 reaper reaper
2531 290083 0 0 3 0x14200 pgdaemon pagedaemon
14760 284065 0 0 3 0x14200 bored crynlk
72050 49528 0 0 3 0x14200 bored crypto
10678 430891 0 0 3 0x40014200 acpi0 acpi0
42570 88567 0 0 3 0x40014200 idle1
57017 463904 0 0 3 0x14200 bored softnet
89882 90873 0 0 3 0x14200 bored systqmp
82829 158782 0 0 3 0x14200 bored systq
60875 503087 0 0 2 0x40014200 softclock
7031 225970 0 0 3 0x40014200 idle0
1 194000 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 90674 (syz-executor.1) thread 0xffff800020ed9608 (355211)
exclusive rwlock vmmaplk r = 0 (0xfffffd807efff2f8)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 rw_enter+0x453 sys/kern/kern_rwlock.c:311
#2 vm_map_lock_ln+0x111 sys/uvm/uvm_map.c:5445
#3 uvmfault_lookup+0xbe sys/uvm/uvm_fault.c:1442
#4 uvm_fault+0xbbd uvmfault_amapcopy sys/uvm/uvm_fault.c:232 [inline]
#4 uvm_fault+0xbbd sys/uvm/uvm_fault.c:559
#5 pageflttrap+0x1b8 sys/arch/amd64/amd64/trap.c:221
#6 kerntrap+0xec sys/arch/amd64/amd64/trap.c:302
#7 alltraps_kern_meltdown+0x7b
#8 copyin+0x4b
#9 sys_connect+0x9b sys/kern/uipc_syscalls.c:360
#10 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#11 Xsyscall+0x128
exclusive rwlock netlock r = 0 (0xffffffff824cda98)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sys_connect+0x6a sys/kern/uipc_syscalls.c:355
#3 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#3 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#4 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82658948)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:93 [inline]
#1 syscall+0x400 sys/arch/amd64/amd64/trap.c:570
#2 Xsyscall+0x128
Process 63555 (syz-executor.0) thread 0xffff800020e6dad8 (363750)
exclusive rwlock fdlock r = 0 (0xfffffd8078ede828)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 fdcopy+0x131 sys/kern/kern_descrip.c:1111
#2 process_new+0x12c sys/kern/kern_fork.c:253
#3 fork1+0x31b sys/kern/kern_fork.c:377
#4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#5 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9505 6410K 6663K 78643K 10840 0
pcb 13 8K 8K 78643K 47 0
rtable 110 4K 4K 78643K 273 0
ifaddr 65 13K 13K 78643K 87 0
sysctl 2 0K 0K 78643K 2 0
counters 43 33K 34K 78643K 51 0
ioctlops 0 0K 4K 78643K 1486 0
iov 0 0K 16K 78643K 309 0
mount 1 1K 1K 78643K 1 0
vnodes 1216 76K 77K 78643K 1346 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 9 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 43 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1824 197K 290K 78643K 13058 0
file desc 5 13K 25K 78643K 252 0
proc 62 63K 83K 78643K 504 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 8 0
in_multi 46 2K 2K 78643K 67 0
ether_multi 1 0K 0K 78643K 5 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 240 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 124 23K 39K 78643K 1766 0
UVM aobj 11 2K 2K 78643K 22 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 1K 78643K 33 0
NDP 10 0K 0K 78643K 20 0
temp 91 3034K 3108K 78643K 7861 0
kqueue 3 4K 9K 78643K 11 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 9 0 3 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 28 0 26 1 0 1 1 0 8 0
rtentry 112 58 0 13 2 0 2 2 0 8 0
unpcb 120 165 0 155 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 70 0 70 1 1 0 1 0 8 0
tcpcb 544 83 0 79 1 0 1 1 0 8 0
inpcb 280 249 0 241 2 1 1 2 0 8 0
nd6 48 10 0 3 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 1 0 1 0 8 0
ppxss 1128 1 0 1 1 1 0 1 0 8 0
pffrag 232 2 0 2 2 2 0 1 0 482 0
pffrnode 88 2 0 2 2 2 0 1 0 8 0
pffrent 40 47 0 47 2 2 0 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 27 0 3 1 0 1 1 0 8 0
pfstkey 112 27 0 3 1 0 1 1 0 8 0
pfstate 328 27 0 3 3 0 3 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 234 0 44 12 0 12 12 0 8 0
art_table 32 235 0 44 2 0 2 2 0 8 0
art_node 16 57 0 16 1 0 1 1 0 8 0
sysvmsgpl 40 4 0 2 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 39 0 29 1 0 1 1 0 8 0
shmpl 112 20 0 11 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1730 0 331 89 0 89 89 0 8 0
ffsino 272 1730 0 331 94 0 94 94 0 8 0
nchpl 144 2389 0 795 60 0 60 60 0 8 0
uvmvnodes 72 1854 0 0 34 0 34 34 0 8 0
vnodes 208 1854 0 0 98 0 98 98 0 8 0
namei 1024 6495 0 6495 2 1 1 1 0 8 1
percpumem 16 36 0 4 1 0 1 1 0 8 0
vmpool 560 2 0 2 1 1 0 1 0 8 0
scxspl 192 6085 0 6085 9 8 1 7 0 8 1
plimitpl 152 36 0 28 1 0 1 1 0 8 0
sigapl 424 485 0 433 6 0 6 6 0 8 0
futexpl 56 3354 0 3354 2 1 1 1 0 8 1
knotepl 112 82 0 63 1 0 1 1 0 8 0
kqueuepl 144 30 0 26 1 0 1 1 0 8 0
pipelkpl 48 109 0 99 1 0 1 1 0 8 0
pipepl 120 218 0 199 1 0 1 1 0 8 0
fdescpl 496 450 0 433 3 0 3 3 0 8 0
filepl 152 2674 0 2572 5 0 5 5 0 8 1
lockfpl 104 59 0 58 1 0 1 1 0 8 0
lockfspl 48 20 0 19 1 0 1 1 0 8 0
sessionpl 112 19 0 8 1 0 1 1 0 8 0
pgrppl 48 25 0 14 1 0 1 1 0 8 0
ucredpl 96 312 0 303 1 0 1 1 0 8 0
zombiepl 144 434 0 434 2 1 1 1 0 8 1
processpl 984 486 0 433 7 0 7 7 0 8 0
procpl 624 953 0 890 6 0 6 6 0 8 1
sosppl 128 4 0 4 1 1 0 1 0 8 0
sockpl 400 446 0 426 4 1 3 4 0 8 0
mcl64k 65536 9 0 0 2 0 2 2 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 6 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 8 0 0 1 0 1 1 0 8 0
mcl2k2 2112 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 177 0 0 22 0 22 22 0 8 0
mtagpl 80 13 0 0 1 0 1 1 0 8 0
mbufpl 256 258 0 0 15 0 15 15 0 8 0
bufpl 280 3733 0 138 257 0 257 257 0 8 0
anonpl 16 62545 0 48457 78 11 67 72 0 124 0
amapchunkpl 152 2760 0 2628 20 13 7 20 0 158 0
amappl16 192 2183 0 1424 58 19 39 51 0 8 0
amappl15 184 116 0 113 2 1 1 1 0 8 0
amappl14 176 22 0 19 1 0 1 1 0 8 0
amappl13 168 100 0 97 1 0 1 1 0 8 0
amappl12 160 12 0 8 1 0 1 1 0 8 0
amappl11 152 167 0 150 1 0 1 1 0 8 0
amappl10 144 28 0 23 1 0 1 1 0 8 0
amappl9 136 406 0 404 1 0 1 1 0 8 0
amappl8 128 401 0 367 2 0 2 2 0 8 0
amappl7 120 128 0 115 1 0 1 1 0 8 0
amappl6 112 24 0 21 1 0 1 1 0 8 0
amappl5 104 365 0 346 1 0 1 1 0 8 0
amappl4 96 566 0 534 1 0 1 1 0 8 0
amappl3 88 109 0 103 1 0 1 1 0 8 0
amappl2 80 2676 0 2604 2 0 2 2 0 8 0
amappl1 72 19693 0 19245 24 14 10 18 0 8 0
amappl 80 1206 0 1163 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 21 0 11 1 0 1 1 0 8 0
uaddrrnd 24 451 0 435 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 451 0 435 1 0 1 1 0 8 0
vmmpekpl 168 7576 0 7536 2 0 2 2 0 8 0
vmmpepl 168 61849 0 59926 126 37 89 113 0 357 2
vmsppl 368 450 0 435 2 0 2 2 0 8 0
pdppl 4096 910 0 870 6 0 6 6 0 8 0
pvpl 32 193347 0 175996 181 22 159 176 0 265 0
pmappl 232 450 0 435 3 2 1 2 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 266 0 5 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
yield() at yield+0x77 sys/kern/sched_bsd.c:304
pool_get(ffffffff826baad8,1) at pool_get+0x19c sys/kern/subr_pool.c:588
uvm_mapent_alloc(fffffd807efff2e0,0) at uvm_mapent_alloc+0x2d2 sys/uvm/uvm_map.c:1751
uvm_map_clip_end(fffffd807efff2e0,fffffd806cc62ec0,20010000) at uvm_map_clip_end+0x5d sys/uvm/uvm_map.c:4769
amap_copy(fffffd807efff2e0,fffffd806cc62ec0,2,1,20000000,20000001) at amap_copy+0x53b sys/uvm/uvm_amap.c:530
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e uvmfault_amapcopy sys/uvm/uvm_fault.c:242 [inline]
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e sys/uvm/uvm_fault.c:559
pageflttrap(ffff800020f67b40,0) at pageflttrap+0x1b8 sys/arch/amd64/amd64/trap.c:221
kerntrap(ffff800020f67b40) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:302
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyin() at copyin+0x4b
sys_connect(ffff800020ed9608,ffff800020f67d08,ffff800020f67d50) at sys_connect+0x9b sys/kern/uipc_syscalls.c:360
syscall(ffff800020f67dd0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020f67dd0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x29ab724c0e0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82658740) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82658740) at __mp_lock+0x127 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82658740,1) at __mp_acquire_count+0x51 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x392 sys/kern/sched_bsd.c:435
sleep_finish(ffff800020f18da0,1) at sleep_finish+0x113 sys/kern/kern_synch.c:418
sleep_finish_all(ffff800020f18da0,1) at sleep_finish_all+0x32 sleep_finish_timeout sys/kern/kern_synch.c:447 [inline]
sleep_finish_all(ffff800020f18da0,1) at sleep_finish_all+0x32 sys/kern/kern_synch.c:393
tsleep(ffffffff825456dc,120,ffffffff821f0a5e,2) at tsleep+0x1cc sys/kern/kern_synch.c:155
sys_nanosleep(ffff800020ed0280,ffff800020f18ed0,ffff800020f18f20) at sys_nanosleep+0x205 sys/kern/kern_time.c:297
syscall(ffff800020f18fa0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020f18fa0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc00004ff38, count: -12
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 0a71812f When calling rasops_init() in efifb_cnremap() and..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11c4cfa1100000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=4f6916a50f456a177aee
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4f6916...@syzkaller.appspotmail.com
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e uvmfault_amapcopy sys/uvm/uvm_fault.c:242 [inline]
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e sys/uvm/uvm_fault.c:559
pageflttrap(ffff800020f67b40,0) at pageflttrap+0x1b8 sys/arch/amd64/amd64/trap.c:221
kerntrap(ffff800020f67b40) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:302
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyin() at copyin+0x4b
sys_connect(ffff800020ed9608,ffff800020f67d08,ffff800020f67d50) at sys_connect+0x9b sys/kern/uipc_syscalls.c:360
syscall(ffff800020f67dd0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020f67dd0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x29ab724c0e0, count: 243
End of stack trace.
Stopped at db_enter+0x18: addq $0x8,%rsp
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
yield() at yield+0x77 sys/kern/sched_bsd.c:304
pool_get(ffffffff826baad8,1) at pool_get+0x19c sys/kern/subr_pool.c:588
uvm_mapent_alloc(fffffd807efff2e0,0) at uvm_mapent_alloc+0x2d2 sys/uvm/uvm_map.c:1751
uvm_map_clip_end(fffffd807efff2e0,fffffd806cc62ec0,20010000) at uvm_map_clip_end+0x5d sys/uvm/uvm_map.c:4769
amap_copy(fffffd807efff2e0,fffffd806cc62ec0,2,1,20000000,20000001) at amap_copy+0x53b sys/uvm/uvm_amap.c:530
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e uvmfault_amapcopy sys/uvm/uvm_fault.c:242 [inline]
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e sys/uvm/uvm_fault.c:559
pageflttrap(ffff800020f67b40,0) at pageflttrap+0x1b8 sys/arch/amd64/amd64/trap.c:221
kerntrap(ffff800020f67b40) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:302
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyin() at copyin+0x4b
sys_connect(ffff800020ed9608,ffff800020f67d08,ffff800020f67d50) at sys_connect+0x9b sys/kern/uipc_syscalls.c:360
syscall(ffff800020f67dd0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020f67dd0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x29ab724c0e0, count: -14
ddb{0}> show registers
rdi 0
rsi 0x3ffff acpi_pdirpa+0x2be67
rbp 0xffff800020f675c0
rbx 0x2
rdx 0x40000 acpi_pdirpa+0x2be68
rcx 0xffff800022f96000
rax 0xffff8000009d73c0
r8 0xffffffff8168b22f kprintf+0x16f
r9 0x1
r10 0x2
r11 0xb2e98d1f1c9110c1
r12 0x1
r13 0xfffffd806b2c9420
r14 0xffff800020ed9608
r15 0x3
rip 0xffffffff8150f128 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020f675b0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.1) pid=355211 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800021fdfd60,0xffffffff82684480
process=0xffff80002200a7e0 user=0xffff800020f62000, vmspace=0xfffffd807efff2e0
estcpu=36, cpticks=16, pctcpu=0.0
user=0, sys=16, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
90674 426522 11803 0 2 0 syz-executor.1
*90674 355211 11803 0 7 0x4000000 syz-executor.1
63555 363750 94188 0 2 0x2 syz-executor.0
29975 356337 0 0 3 0x14280 nfsidl nfsio
44948 326757 0 0 3 0x14280 nfsidl nfsio
89196 391396 0 0 3 0x14280 nfsidl nfsio
72467 427548 0 0 3 0x14280 nfsidl nfsio
30745 378596 0 0 3 0x14280 nfsidl nfsio
91045 395930 0 0 3 0x14280 nfsidl nfsio
95130 179638 0 0 3 0x14280 nfsidl nfsio
51485 274128 0 0 3 0x14280 nfsidl nfsio
95246 65772 0 0 3 0x14280 nfsidl nfsio
89649 195469 0 0 3 0x14280 nfsidl nfsio
84034 132209 0 0 3 0x14280 nfsidl nfsio
32186 399718 0 0 3 0x14280 nfsidl nfsio
23634 247817 0 0 3 0x14280 nfsidl nfsio
40331 97932 0 0 3 0x14280 nfsidl nfsio
11961 311102 0 0 3 0x14280 nfsidl nfsio
19452 200007 0 0 3 0x14280 nfsidl nfsio
63642 219254 0 0 3 0x14280 nfsidl nfsio
97820 340021 0 0 3 0x14280 nfsidl nfsio
89437 254730 0 0 3 0x14280 nfsidl nfsio
42728 354273 0 0 3 0x14280 nfsidl nfsio
47210 308530 0 0 3 0x14200 bored sosplice
11803 24650 94188 0 2 0x482 syz-executor.1
94188 486112 56427 0 3 0x82 thrsleep syz-fuzzer
94188 507968 56427 0 7 0x4000482 syz-fuzzer
94188 474148 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 107712 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 518866 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 336136 56427 0 3 0x4000082 kqread syz-fuzzer
94188 440393 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 387316 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 235595 56427 0 3 0x4000082 thrsleep syz-fuzzer
94188 278045 56427 0 3 0x4000082 thrsleep syz-fuzzer
56427 348720 70011 0 3 0x10008a pause ksh
70011 472086 93862 0 3 0x92 select sshd
71295 496940 1 0 2 0x100083 getty
93862 171016 1 0 3 0x80 select sshd
99354 162492 73703 74 2 0x100492 pflogd
73703 240521 1 0 3 0x80 netio pflogd
39388 135416 35844 73 2 0x100090 syslogd
35844 187404 1 0 3 0x100082 netio syslogd
73846 101525 1 77 3 0x100090 poll dhclient
99859 118029 1 0 3 0x80 poll dhclient
51686 363718 0 0 3 0x14200 bored smr
28689 294350 0 0 2 0x14200 zerothread
83080 273283 0 0 3 0x14200 aiodoned aiodoned
38814 188914 0 0 3 0x14200 syncer update
59156 466998 0 0 3 0x14200 cleaner cleaner
18402 240426 0 0 3 0x14200 reaper reaper
2531 290083 0 0 3 0x14200 pgdaemon pagedaemon
14760 284065 0 0 3 0x14200 bored crynlk
72050 49528 0 0 3 0x14200 bored crypto
10678 430891 0 0 3 0x40014200 acpi0 acpi0
42570 88567 0 0 3 0x40014200 idle1
57017 463904 0 0 3 0x14200 bored softnet
89882 90873 0 0 3 0x14200 bored systqmp
82829 158782 0 0 3 0x14200 bored systq
60875 503087 0 0 2 0x40014200 softclock
7031 225970 0 0 3 0x40014200 idle0
1 194000 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 90674 (syz-executor.1) thread 0xffff800020ed9608 (355211)
exclusive rwlock vmmaplk r = 0 (0xfffffd807efff2f8)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 rw_enter+0x453 sys/kern/kern_rwlock.c:311
#2 vm_map_lock_ln+0x111 sys/uvm/uvm_map.c:5445
#3 uvmfault_lookup+0xbe sys/uvm/uvm_fault.c:1442
#4 uvm_fault+0xbbd uvmfault_amapcopy sys/uvm/uvm_fault.c:232 [inline]
#4 uvm_fault+0xbbd sys/uvm/uvm_fault.c:559
#5 pageflttrap+0x1b8 sys/arch/amd64/amd64/trap.c:221
#6 kerntrap+0xec sys/arch/amd64/amd64/trap.c:302
#7 alltraps_kern_meltdown+0x7b
#8 copyin+0x4b
#9 sys_connect+0x9b sys/kern/uipc_syscalls.c:360
#10 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#11 Xsyscall+0x128
exclusive rwlock netlock r = 0 (0xffffffff824cda98)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sys_connect+0x6a sys/kern/uipc_syscalls.c:355
#3 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#3 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#4 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82658948)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:93 [inline]
#1 syscall+0x400 sys/arch/amd64/amd64/trap.c:570
#2 Xsyscall+0x128
Process 63555 (syz-executor.0) thread 0xffff800020e6dad8 (363750)
exclusive rwlock fdlock r = 0 (0xfffffd8078ede828)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 fdcopy+0x131 sys/kern/kern_descrip.c:1111
#2 process_new+0x12c sys/kern/kern_fork.c:253
#3 fork1+0x31b sys/kern/kern_fork.c:377
#4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#5 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9505 6410K 6663K 78643K 10840 0
pcb 13 8K 8K 78643K 47 0
rtable 110 4K 4K 78643K 273 0
ifaddr 65 13K 13K 78643K 87 0
sysctl 2 0K 0K 78643K 2 0
counters 43 33K 34K 78643K 51 0
ioctlops 0 0K 4K 78643K 1486 0
iov 0 0K 16K 78643K 309 0
mount 1 1K 1K 78643K 1 0
vnodes 1216 76K 77K 78643K 1346 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 9 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 43 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1824 197K 290K 78643K 13058 0
file desc 5 13K 25K 78643K 252 0
proc 62 63K 83K 78643K 504 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 8 0
in_multi 46 2K 2K 78643K 67 0
ether_multi 1 0K 0K 78643K 5 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 240 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 124 23K 39K 78643K 1766 0
UVM aobj 11 2K 2K 78643K 22 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 1K 78643K 33 0
NDP 10 0K 0K 78643K 20 0
temp 91 3034K 3108K 78643K 7861 0
kqueue 3 4K 9K 78643K 11 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 9 0 3 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 28 0 26 1 0 1 1 0 8 0
rtentry 112 58 0 13 2 0 2 2 0 8 0
unpcb 120 165 0 155 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 70 0 70 1 1 0 1 0 8 0
tcpcb 544 83 0 79 1 0 1 1 0 8 0
inpcb 280 249 0 241 2 1 1 2 0 8 0
nd6 48 10 0 3 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 1 0 1 0 8 0
ppxss 1128 1 0 1 1 1 0 1 0 8 0
pffrag 232 2 0 2 2 2 0 1 0 482 0
pffrnode 88 2 0 2 2 2 0 1 0 8 0
pffrent 40 47 0 47 2 2 0 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 27 0 3 1 0 1 1 0 8 0
pfstkey 112 27 0 3 1 0 1 1 0 8 0
pfstate 328 27 0 3 3 0 3 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 234 0 44 12 0 12 12 0 8 0
art_table 32 235 0 44 2 0 2 2 0 8 0
art_node 16 57 0 16 1 0 1 1 0 8 0
sysvmsgpl 40 4 0 2 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 39 0 29 1 0 1 1 0 8 0
shmpl 112 20 0 11 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1730 0 331 89 0 89 89 0 8 0
ffsino 272 1730 0 331 94 0 94 94 0 8 0
nchpl 144 2389 0 795 60 0 60 60 0 8 0
uvmvnodes 72 1854 0 0 34 0 34 34 0 8 0
vnodes 208 1854 0 0 98 0 98 98 0 8 0
namei 1024 6495 0 6495 2 1 1 1 0 8 1
percpumem 16 36 0 4 1 0 1 1 0 8 0
vmpool 560 2 0 2 1 1 0 1 0 8 0
scxspl 192 6085 0 6085 9 8 1 7 0 8 1
plimitpl 152 36 0 28 1 0 1 1 0 8 0
sigapl 424 485 0 433 6 0 6 6 0 8 0
futexpl 56 3354 0 3354 2 1 1 1 0 8 1
knotepl 112 82 0 63 1 0 1 1 0 8 0
kqueuepl 144 30 0 26 1 0 1 1 0 8 0
pipelkpl 48 109 0 99 1 0 1 1 0 8 0
pipepl 120 218 0 199 1 0 1 1 0 8 0
fdescpl 496 450 0 433 3 0 3 3 0 8 0
filepl 152 2674 0 2572 5 0 5 5 0 8 1
lockfpl 104 59 0 58 1 0 1 1 0 8 0
lockfspl 48 20 0 19 1 0 1 1 0 8 0
sessionpl 112 19 0 8 1 0 1 1 0 8 0
pgrppl 48 25 0 14 1 0 1 1 0 8 0
ucredpl 96 312 0 303 1 0 1 1 0 8 0
zombiepl 144 434 0 434 2 1 1 1 0 8 1
processpl 984 486 0 433 7 0 7 7 0 8 0
procpl 624 953 0 890 6 0 6 6 0 8 1
sosppl 128 4 0 4 1 1 0 1 0 8 0
sockpl 400 446 0 426 4 1 3 4 0 8 0
mcl64k 65536 9 0 0 2 0 2 2 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 6 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 8 0 0 1 0 1 1 0 8 0
mcl2k2 2112 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 177 0 0 22 0 22 22 0 8 0
mtagpl 80 13 0 0 1 0 1 1 0 8 0
mbufpl 256 258 0 0 15 0 15 15 0 8 0
bufpl 280 3733 0 138 257 0 257 257 0 8 0
anonpl 16 62545 0 48457 78 11 67 72 0 124 0
amapchunkpl 152 2760 0 2628 20 13 7 20 0 158 0
amappl16 192 2183 0 1424 58 19 39 51 0 8 0
amappl15 184 116 0 113 2 1 1 1 0 8 0
amappl14 176 22 0 19 1 0 1 1 0 8 0
amappl13 168 100 0 97 1 0 1 1 0 8 0
amappl12 160 12 0 8 1 0 1 1 0 8 0
amappl11 152 167 0 150 1 0 1 1 0 8 0
amappl10 144 28 0 23 1 0 1 1 0 8 0
amappl9 136 406 0 404 1 0 1 1 0 8 0
amappl8 128 401 0 367 2 0 2 2 0 8 0
amappl7 120 128 0 115 1 0 1 1 0 8 0
amappl6 112 24 0 21 1 0 1 1 0 8 0
amappl5 104 365 0 346 1 0 1 1 0 8 0
amappl4 96 566 0 534 1 0 1 1 0 8 0
amappl3 88 109 0 103 1 0 1 1 0 8 0
amappl2 80 2676 0 2604 2 0 2 2 0 8 0
amappl1 72 19693 0 19245 24 14 10 18 0 8 0
amappl 80 1206 0 1163 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 21 0 11 1 0 1 1 0 8 0
uaddrrnd 24 451 0 435 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 451 0 435 1 0 1 1 0 8 0
vmmpekpl 168 7576 0 7536 2 0 2 2 0 8 0
vmmpepl 168 61849 0 59926 126 37 89 113 0 357 2
vmsppl 368 450 0 435 2 0 2 2 0 8 0
pdppl 4096 910 0 870 6 0 6 6 0 8 0
pvpl 32 193347 0 175996 181 22 159 176 0 265 0
pmappl 232 450 0 435 3 2 1 2 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 266 0 5 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
yield() at yield+0x77 sys/kern/sched_bsd.c:304
pool_get(ffffffff826baad8,1) at pool_get+0x19c sys/kern/subr_pool.c:588
uvm_mapent_alloc(fffffd807efff2e0,0) at uvm_mapent_alloc+0x2d2 sys/uvm/uvm_map.c:1751
uvm_map_clip_end(fffffd807efff2e0,fffffd806cc62ec0,20010000) at uvm_map_clip_end+0x5d sys/uvm/uvm_map.c:4769
amap_copy(fffffd807efff2e0,fffffd806cc62ec0,2,1,20000000,20000001) at amap_copy+0x53b sys/uvm/uvm_amap.c:530
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e uvmfault_amapcopy sys/uvm/uvm_fault.c:242 [inline]
uvm_fault(fffffd807efff2e0,20000000,0,1) at uvm_fault+0xc3e sys/uvm/uvm_fault.c:559
pageflttrap(ffff800020f67b40,0) at pageflttrap+0x1b8 sys/arch/amd64/amd64/trap.c:221
kerntrap(ffff800020f67b40) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:302
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyin() at copyin+0x4b
sys_connect(ffff800020ed9608,ffff800020f67d08,ffff800020f67d50) at sys_connect+0x9b sys/kern/uipc_syscalls.c:360
syscall(ffff800020f67dd0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020f67dd0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x29ab724c0e0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82658740) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82658740) at __mp_lock+0x127 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82658740,1) at __mp_acquire_count+0x51 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x392 sys/kern/sched_bsd.c:435
sleep_finish(ffff800020f18da0,1) at sleep_finish+0x113 sys/kern/kern_synch.c:418
sleep_finish_all(ffff800020f18da0,1) at sleep_finish_all+0x32 sleep_finish_timeout sys/kern/kern_synch.c:447 [inline]
sleep_finish_all(ffff800020f18da0,1) at sleep_finish_all+0x32 sys/kern/kern_synch.c:393
tsleep(ffffffff825456dc,120,ffffffff821f0a5e,2) at tsleep+0x1cc sys/kern/kern_synch.c:155
sys_nanosleep(ffff800020ed0280,ffff800020f18ed0,ffff800020f18f20) at sys_nanosleep+0x205 sys/kern/kern_time.c:297
syscall(ffff800020f18fa0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020f18fa0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc00004ff38, count: -12
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
May 30, 2020, 3:36:15 AM5/30/20
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: panic: spl assertion failure in yield
Reply all
Reply to author
Forward
0 new messages