uvm_fault: NUM TID PID UID PRFLAGS PFLAGS CPU COMMANDNUM(NUM,NUM,NUM,NUM,59d,ADDR) at NUMtimeout_ru

1 view
Skip to first unread message

syzbot

unread,
Apr 3, 2023, 9:38:45 AM4/3/23
to syzkaller-o...@googlegroups.com
Hello,

syzbot found the following issue on:

HEAD commit: 1e5b016c5082 sync for __syscall removal
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1638595dc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=b5fb0d303a68bdfbf33f

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/452af0b271ef/disk-1e5b016c.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/5145fa4f4c7c/bsd-1e5b016c.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/992507fc6105/kernel-1e5b016c.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b5fb0d...@syzkaller.appspotmail.com

kernel: page fault trap, code=0
Stopped at 0 TID PID UID PRFLAGS PFLAGS CPU COMMAND
0(0,0,0,0,59d,fffffd8073c92f10) at 0
timeout_run(fffffd8073c92f10) at timeout_run+0x8b sys/kern/kern_timeout.c:641
softclock_process_kclock_timeout(fffffd8073c92f10,0) at softclock_process_kclock_timeout+0x1c6 sys/kern/kern_timeout.c:666
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:717
softintr_dispatch(0) at softintr_dispatch+0xd1 sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x1f
acpicpu_idle() at acpicpu_idle+0x2ee sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82b9dff0) at sched_idle+0x2ea sys/kern/kern_sched.c:175
end trace frame: 0x0, count: 8
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: attempt to execute user address 0x0 in supervisor mode
ddb> trace
0(0,0,0,0,59d,fffffd8073c92f10) at 0
timeout_run(fffffd8073c92f10) at timeout_run+0x8b sys/kern/kern_timeout.c:641
softclock_process_kclock_timeout(fffffd8073c92f10,0) at softclock_process_kclock_timeout+0x1c6 sys/kern/kern_timeout.c:666
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:717
softintr_dispatch(0) at softintr_dispatch+0xd1 sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x1f
acpicpu_idle() at acpicpu_idle+0x2ee sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82b9dff0) at sched_idle+0x2ea sys/kern/kern_sched.c:175
end trace frame: 0x0, count: -7
ddb> show registers
rdi 0
rsi 0
rbp 0xffff8000215fe3b0
rbx 0
rdx 0
rcx 0xffffffff82c10a70 timeout_todo
rax 0x9
r8 0x2b
r9 0x2b
r10 0x355cee77429f1b96
r11 0
r12 0
r13 0xffffffff82b9dff0 cpu_info_full_primary+0x1ff0
r14 0
r15 0
rip 0
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000215fe378
ss 0x10
0
ddb> show proc
PROC (idle0) pid=77926 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
pri=0, usrpri=50, nice=20
forw=0x39b41856cc1cdfa2, list=0xffff8000fffff5c0,0xffff8000ffffeaf0
process=0xffff8000ffffcbd0 user=0xffff8000215f9000, vmspace=0xffffffff82c0a9b0
estcpu=0, cpticks=108269, pctcpu=0.0
user=0, sys=0, intr=1
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
50861 468093 46645 0 3 0x80 nanoslp syz-executor.2
50861 33950 46645 0 3 0x4000080 ttyin syz-executor.2
50861 78017 46645 0 3 0x4000080 ttyout syz-executor.2
50861 105770 46645 0 3 0x4000080 fsleep syz-executor.2
27278 118740 41733 0 2 0x480 syz-executor.3
27278 56190 41733 0 3 0x4000080 netio syz-executor.3
27278 345889 41733 0 3 0x4000080 fsleep syz-executor.3
27278 33143 41733 0 3 0x4000080 fsleep syz-executor.3
29996 42126 31768 0 3 0x82 piperd syz-executor.1
41733 340930 31768 0 3 0x82 nanoslp syz-executor.3
37061 351514 1 0 3 0x100083 ttyin getty
92770 378688 31768 0 3 0x82 piperd syz-executor.6
94189 29587 31768 0 3 0x82 piperd syz-executor.7
46645 520995 31768 0 2 0x482 syz-executor.2
35100 136922 31768 0 3 0x82 piperd syz-executor.0
79409 458558 31768 0 3 0x82 piperd syz-executor.5
48670 325597 31768 0 3 0x82 piperd syz-executor.4
34327 438821 0 0 3 0x14200 bored sosplice
31768 412919 34247 0 3 0x82 wait syz-fuzzer
31768 257218 34247 0 3 0x4000082 thrsleep syz-fuzzer
31768 11107 34247 0 3 0x4000082 thrsleep syz-fuzzer
31768 101948 34247 0 3 0x4000082 thrsleep syz-fuzzer
31768 257572 34247 0 3 0x4000082 thrsleep syz-fuzzer
31768 8066 34247 0 3 0x4000082 wait syz-fuzzer
31768 331849 34247 0 3 0x4000082 wait syz-fuzzer
31768 70668 34247 0 3 0x4000082 wait syz-fuzzer
31768 306475 34247 0 3 0x4000082 wait syz-fuzzer
31768 344056 34247 0 3 0x4000082 thrsleep syz-fuzzer
31768 405910 34247 0 3 0x4000082 wait syz-fuzzer
31768 365568 34247 0 3 0x4000082 wait syz-fuzzer
31768 148596 34247 0 3 0x4000082 kqread syz-fuzzer
31768 356356 34247 0 3 0x4000082 wait syz-fuzzer
34247 331216 29464 0 3 0x10008a sigsusp ksh
29464 303052 99429 0 3 0x9a kqread sshd
99429 50151 1 0 3 0x88 kqread sshd
44310 232956 57844 73 3 0x1100090 kqread syslogd
57844 70350 1 0 3 0x100082 netio syslogd
63765 417536 1 0 3 0x100080 kqread resolvd
60472 20424 0 0 3 0x14200 bored smr
80461 225008 0 0 3 0x14200 pgzero zerothread
32089 456043 0 0 3 0x14200 aiodoned aiodoned
47960 345002 0 0 3 0x14200 syncer update
91139 160810 0 0 3 0x14200 cleaner cleaner
98303 270367 0 0 3 0x14200 reaper reaper
1979 277254 0 0 3 0x14200 pgdaemon pagedaemon
42419 263802 0 0 3 0x14200 bored viomb
12523 381017 0 0 3 0x40014200 acpi0 acpi0
80705 8146 0 0 3 0x14200 bored softnet
95209 199876 0 0 3 0x14200 bored softnet
27973 254012 0 0 3 0x14200 bored softnet
63529 259210 0 0 3 0x14200 bored softnet
14648 298985 0 0 3 0x14200 bored systqmp
57941 47639 0 0 3 0x14200 bored systq
49599 242569 0 0 3 0x40014200 bored softclock
*55289 77926 0 0 7 0x40014200 idle0
1 502494 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10218 6425K 7323K 78643K 39468 0
pcb 13 20K 24K 78643K 2860 0
rtable 137 14K 16K 78643K 4131 0
ifaddr 76 25K 30K 78643K 1286 0
sysctl 2 0K 0K 78643K 4 0
counters 26 17K 17K 78643K 548 0
ioctlops 0 0K 4K 78643K 1594 0
iov 0 0K 32K 78643K 1815 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1605 100K 101K 78643K 21218 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 129 0
VM map 2 1K 1K 78643K 2 0
sem 21 5K 10K 78643K 261 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 12 41K 73K 78643K 12931 0
sigio 1 0K 0K 78643K 147 0
proc 59 43K 75K 78643K 2990 0
subproc 104 6K 7K 78643K 1092 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 603 0
in_multi 55 3K 6K 78643K 1197 0
ether_multi 1 0K 0K 78643K 80 0
mrt 1 0K 0K 78643K 48 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 259 1155K 1155K 78643K 259 0
exec 0 0K 1K 78643K 3714 0
pfkey data 0 0K 0K 78643K 47 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 303 92K 109K 78643K 88152 0
UVM aobj 131 4K 4K 78643K 133 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 473 0
NDP 11 0K 1K 78643K 458 0
temp 125 5770K 71434K 78643K 180668 0
kqueue 6 10K 28K 78643K 954 0
SYN cache 2 2352K 2360K 78643K 3 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 2579 0 2578 31 29 2 3 0 8 1
rtentry 112 1265 0 1214 5 2 3 4 0 8 0
unpcb 144 11758 0 11752 150 149 1 12 0 8 0
syncache 296 29 0 29 10 10 0 1 0 8 0
tcpqe 32 691 0 691 7 7 0 2 0 8 0
tcpcb 776 4738 0 4734 159 158 1 8 0 8 0
arp 88 187 0 179 1 0 1 1 0 8 0
ipq 40 9 0 9 4 4 0 1 0 8 0
ipqe 40 26 0 26 4 4 0 1 0 8 0
inpcb 336 13905 0 13900 287 286 1 21 0 8 0
nd6 48 267 0 257 1 0 1 1 0 8 0
pkpcb 40 66 0 66 10 10 0 1 0 8 0
kcovpl 48 84 0 76 1 0 1 1 0 8 0
mppekey 1024 4 0 4 1 1 0 1 0 8 0
ppxss 1160 365 0 365 35 35 0 1 0 8 0
pppxif 1360 106 0 106 13 13 0 1 0 8 0
pfstscr 40 85 0 75 3 2 1 1 0 8 0
pfanchor 1280 644 0 329 32 5 27 27 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 264 2 0 2 1 1 0 1 0 8 0
pfstitem 24 20 0 0 1 0 1 1 0 8 0
pfstkey 128 170 0 165 3 2 1 1 0 8 0
pfstate 352 85 0 75 4 3 1 2 0 8 0
rttmr 136 12 0 12 3 3 0 1 0 8 0
art_heap8 4096 6 0 4 5 3 2 3 0 8 0
art_heap4 256 5055 0 4773 65 39 26 29 0 8 0
art_table 32 5061 0 4777 5 1 4 4 0 8 0
art_node 16 1139 0 1095 1 0 1 1 0 8 0
semupl 112 6 0 6 2 2 0 1 0 8 0
semapl 112 251 0 232 1 0 1 1 0 8 0
shmpl 112 130 0 2 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 24786 0 23310 93 0 93 93 0 8 0
ffsino 240 24786 0 23310 88 0 88 88 0 8 0
nchpl 144 41627 0 39990 63 1 62 63 0 8 0
rtmask 32 9 0 9 3 3 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 174770 0 174770 5 4 1 3 0 8 1
vmpool 664 53 0 53 8 8 0 1 0 8 0
kstatmem 264 558 0 536 3 1 2 3 0 8 0
scsiplug 72 15 0 15 5 5 0 1 0 8 0
scxspl 216 104042 0 104042 43 42 1 8 0 8 1
plimitpl 152 2491 0 2477 1 0 1 1 0 8 0
sigapl 424 13196 0 13159 8 1 7 8 0 8 0
futexpl 64 149159 0 149156 3 2 1 1 0 8 0
knotepl 120 204032 0 203967 110 107 3 12 0 8 0
kqueuepl 184 2645 0 2640 44 43 1 4 0 8 0
pipepl 288 3073 0 3045 56 53 3 7 0 8 0
fdescpl 432 13057 0 13037 4 0 4 4 0 8 0
filepl 120 130108 0 129884 215 206 9 21 0 8 0
lockfpl 104 3210 0 3209 7 6 1 2 0 8 0
lockfspl 48 983 0 982 1 0 1 1 0 8 0
sessionpl 144 103 0 88 1 0 1 1 0 8 0
pgrppl 48 587 0 572 1 0 1 1 0 8 0
ucredpl 104 39153 0 39145 1 0 1 1 0 8 0
zombiepl 144 13159 0 13159 2 1 1 1 0 8 1
processpl 1008 13196 0 13159 10 3 7 9 0 8 0
procpl 696 36186 0 36130 50 43 7 11 0 8 0
sosppl 168 140 0 140 30 30 0 1 0 8 0
sockpl 456 28355 0 28343 824 818 6 42 0 8 4
mcl64k 65536 804 0 804 41 40 1 2 0 8 1
mcl16k 16384 468 0 468 49 48 1 1 0 8 1
mcl12k 12288 525 0 525 39 39 0 1 0 8 0
mcl9k 9216 195 0 195 50 49 1 1 0 8 1
mcl8k 8192 1048 0 1048 33 32 1 1 0 8 1
mcl4k 4096 1452 0 1452 14 13 1 1 0 8 1
mcl2k2 2112 84 0 84 46 46 0 1 0 8 0
mcl2k 2048 112789 0 112718 94 83 11 31 0 8 0
mtagpl 96 2411 0 2247 28 19 9 14 0 8 0
mbufpl 256 350419 0 350155 1107 1071 36 298 0 8 0
bufpl 288 26497 0 20103 458 0 458 458 0 8 0
anonpl 24 2634435 0 2618878 323 201 122 166 0 188 4
amapchunkpl 152 255066 0 254438 179 145 34 58 0 158 3
amappl16 200 19727 0 19101 122 87 35 50 0 8 0
amappl15 192 25 0 24 1 0 1 1 0 8 0
amappl14 184 414 0 406 2 1 1 2 0 8 0
amappl13 176 14 0 14 3 3 0 1 0 8 0
amappl12 168 1286 0 1283 1 0 1 1 0 8 0
amappl11 160 55 0 51 1 0 1 1 0 8 0
amappl10 152 120 0 109 1 0 1 1 0 8 0
amappl9 144 1119 0 1118 1 0 1 1 0 8 0
amappl8 136 638 0 543 4 0 4 4 0 8 0
amappl7 128 388 0 367 2 0 2 2 0 8 0
amappl6 120 679 0 666 2 1 1 2 0 8 0
amappl5 112 599 0 594 1 0 1 1 0 8 0
amappl4 104 1697 0 1673 2 1 1 2 0 8 0
amappl3 96 38022 0 37987 2 0 2 2 0 8 0
amappl2 88 14321 0 14271 3 1 2 3 0 8 0
amappl1 80 298175 0 297648 41 25 16 26 0 8 0
amappl 88 86649 0 86492 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 132 0 2 3 0 3 3 0 8 0
uaddrrnd 24 13110 0 13090 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 13110 0 13090 1 0 1 1 0 8 0
vmmpekpl 168 107785 0 107732 4 0 4 4 0 8 0
vmmpepl 168 1224674 0 1222458 489 354 135 161 0 357 0
vmsppl 344 13109 0 13090 3 0 3 3 0 8 0
rwobjpl 24 317639 0 310049 54 5 49 50 0 8 0
pdppl 4096 26226 0 26180 1228 1170 58 68 0 8 12
pvpl 32 5241368 0 5221143 621 411 210 333 0 265 12
pmappl 216 13109 0 13090 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 3643 0 2858 31 6 25 31 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
0(0,0,0,0,59d,fffffd8073c92f10) at 0
timeout_run(fffffd8073c92f10) at timeout_run+0x8b sys/kern/kern_timeout.c:641
softclock_process_kclock_timeout(fffffd8073c92f10,0) at softclock_process_kclock_timeout+0x1c6 sys/kern/kern_timeout.c:666
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:717
softintr_dispatch(0) at softintr_dispatch+0xd1 sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x1f
acpicpu_idle() at acpicpu_idle+0x2ee sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82b9dff0) at sched_idle+0x2ea sys/kern/kern_sched.c:175
end trace frame: 0x0, count: -7
ddb> machine ddbcpu 1
No such command
ddb> trace
0(0,0,0,0,59d,fffffd8073c92f10) at 0
timeout_run(fffffd8073c92f10) at timeout_run+0x8b sys/kern/kern_timeout.c:641
softclock_process_kclock_timeout(fffffd8073c92f10,0) at softclock_process_kclock_timeout+0x1c6 sys/kern/kern_timeout.c:666
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:717
softintr_dispatch(0) at softintr_dispatch+0xd1 sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x1f
acpicpu_idle() at acpicpu_idle+0x2ee sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82b9dff0) at sched_idle+0x2ea sys/kern/kern_sched.c:175
end trace frame: 0x0, count: -7


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,
Jul 2, 2023, 9:38:38 AM7/2/23
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages