panic.go:LINE +0x72 fp=ADDR sp=ADDR pc=ADDR (6)
0 views
Skip to first unread message
syzbot
Feb 7, 2020, 5:27:14 PM2/7/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 5185a700 Move dig(1) and needed DNS libraries into it's ow..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15f39431e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=c046beaa6e22b56a8c0f
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c046be...@syzkaller.appspotmail.com
/usr/local/go/src/runtime/panic.go:774 +0x72 fp=0xc003191560 sp=0xc003191530 pc=0x42e9e2
runtime.sigpanic()
/usr/local/go/src/runtime/signal_unix.go:401 +0x3de fp=0xc003191590 sp=0xc003191560 pc=0x443ece
compress/flate.(*compressor).deflate(0xc0001b6000)
/usr/local/go/src/compress/flate/deflate.go:428 +0x22d fp=0xc003191600 sp=0xc003191590 pc=0x65cacd
compress/flate.(*compressor).syncFlush(0xc0001b6000, 0xc000283000, 0xbd)
/usr/local/go/src/compress/flate/deflate.go:565 +0x50 fp=0xc003191628 sp=0xc003191600 pc=0x65d700
compress/flate.(*Writer).Flush(...)
/usr/local/go/src/compress/flate/deflate.go:724
github.com/google/syzkaller/pkg/rpctype.(*flateConn).Write(0xc0000f8510, 0xc000283000, 0xbd, 0x1000, 0xc002a90550, 0x16, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:139 +0x80 fp=0xc003191678 sp=0xc003191628 pc=0x7e71f0
bufio.(*Writer).Flush(0xc0000f4480, 0x827ae0, 0xc002a90550)
/usr/local/go/src/bufio/bufio.go:593 +0x75 fp=0xc0031916d8 sp=0xc003191678 pc=0x557165
net/rpc.(*gobClientCodec).WriteRequest(0xc0000f8600, 0xc00005f818, 0x827ae0, 0xc002a90550, 0xc0002a1180, 0xc0002a1180)
/usr/local/go/src/net/rpc/client.go:224 +0xb3 fp=0xc003191710 sp=0xc0031916d8 pc=0x7e04f3
net/rpc.(*Client).send(0xc00005f800, 0xc002a905a0)
/usr/local/go/src/net/rpc/client.go:91 +0x1e3 fp=0xc0031917b0 sp=0xc003191710 pc=0x7df5b3
net/rpc.(*Client).Go(0xc00005f800, 0x8f9671, 0xc, 0x827ae0, 0xc002a90550, 0x827b20, 0xc002c9a300, 0xc002c9a360, 0xc001fbefc0)
/usr/local/go/src/net/rpc/client.go:316 +0xcc fp=0xc0031917f0 sp=0xc0031917b0 pc=0x7e084c
net/rpc.(*Client).Call(...)
/usr/local/go/src/net/rpc/client.go:322
github.com/google/syzkaller/pkg/rpctype.(*RPCClient).Call(0xc00000d160, 0x8f9671, 0xc, 0x827ae0, 0xc002a90550, 0x827b20, 0xc002c9a300, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:90 +0x174 fp=0xc0031918b8 sp=0xc0031917f0 pc=0x7e6dd4
main.(*Fuzzer).poll(0xc0000d0b00, 0xc002aa5b01, 0xc002aa5b60, 0xa)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:360 +0x174 fp=0xc003191b38 sp=0xc0031918b8 pc=0x7eaa84
main.(*Fuzzer).pollLoop(0xc0000d0b00)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:345 +0x3c8 fp=0xc003191c68 sp=0xc003191b38 pc=0x7ea758
main.main()
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:262 +0x12bd fp=0xc003191f60 sp=0xc003191c68 pc=0x7e975d
runtime.main()
/usr/local/go/src/runtime/proc.go:203 +0x21e fp=0xc003191fe0 sp=0xc003191f60 pc=0x43037e
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:1357 +0x1 fp=0xc003191fe8 sp=0xc003191fe0 pc=0x45d471
goroutine 14 [chan receive]:
main.main.func1(0xc00006a540)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:137 +0x34
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:135 +0x5b0
goroutine 7 [syscall]:
os/signal.signal_recv(0x0)
/usr/local/go/src/runtime/sigqueue.go:147 +0x9c
os/signal.loop()
/usr/local/go/src/os/signal/signal_unix.go:23 +0x22
created by os/signal.init.0
/usr/local/go/src/os/signal/signal_unix.go:29 +0x41
goroutine 13 [chan receive]:
github.com/google/syzkaller/pkg/osutil.HandleInterrupts.func1(0xc00006a540)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:74 +0xb6
created by github.com/google/syzkaller/pkg/osutil.HandleInterrupts
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:71 +0x3f
goroutine 20 [IO wait]:
internal/poll.runtime_pollWait(0x26dfa6d98, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc00133e6d8, 0x72, 0x10001, 0x10000, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc00133e6c0, 0xc003400000, 0x10000, 0x10000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc000120d90, 0xc003400000, 0x10000, 0x10000, 0x10000, 0x0, 0x0)
/usr/local/go/src/os/file.go:116 +0x71
github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc000120d90, 0xc001696000)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:594 +0xaf
created by github.com/google/syzkaller/pkg/ipc.makeCommand
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:588 +0x89f
goroutine 33 [IO wait]:
internal/poll.runtime_pollWait(0x26dfa6cc8, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc0000c4618, 0x72, 0x1000, 0x1000, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc0000c4600, 0xc000282000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
net.(*netFD).Read(0xc0000c4600, 0xc000282000, 0x1000, 0x1000, 0xc000297a60, 0xc000297b40, 0x7c388d)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc00000e650, 0xc000282000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:184 +0x68
bufio.(*Reader).fill(0xc00005f6e0)
/usr/local/go/src/bufio/bufio.go:100 +0x103
bufio.(*Reader).ReadByte(0xc00005f6e0, 0xc000297c00, 0xc0000c4680, 0xc00000d5e0)
/usr/local/go/src/bufio/bufio.go:252 +0x39
compress/flate.(*decompressor).moreBits(0xc00027c000, 0x91cc30, 0xc000297b88)
/usr/local/go/src/compress/flate/inflate.go:696 +0x37
compress/flate.(*decompressor).nextBlock(0xc00027c000)
/usr/local/go/src/compress/flate/inflate.go:303 +0x36
compress/flate.(*decompressor).Read(0xc00027c000, 0xc00028e000, 0x1000, 0x1000, 0x892e40, 0xc000e1fa10, 0x199)
/usr/local/go/src/compress/flate/inflate.go:347 +0x77
github.com/google/syzkaller/pkg/rpctype.(*flateConn).Read(0xc0000f8510, 0xc00028e000, 0x1000, 0x1000, 0x10, 0xc000297b88, 0x7c36ed)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:131 +0x51
bufio.(*Reader).Read(0xc00005f740, 0xc000020730, 0x1, 0x9, 0x0, 0x0, 0xc000297d70)
/usr/local/go/src/bufio/bufio.go:226 +0x26a
io.ReadAtLeast(0x99dcc0, 0xc00005f740, 0xc000020730, 0x1, 0x9, 0x1, 0x1, 0x0, 0x0)
/usr/local/go/src/io/io.go:310 +0x87
io.ReadFull(...)
/usr/local/go/src/io/io.go:329
encoding/gob.decodeUintReader(0x99dcc0, 0xc00005f740, 0xc000020730, 0x9, 0x9, 0x4050d5, 0x43080c, 0xc000297d48, 0x45a320)
/usr/local/go/src/encoding/gob/decode.go:120 +0x6f
encoding/gob.(*Decoder).recvMessage(0xc0000c4680, 0x404fbc)
/usr/local/go/src/encoding/gob/decoder.go:81 +0x57
encoding/gob.(*Decoder).decodeTypeSequence(0xc0000c4680, 0xc000000100, 0xc000297e10)
/usr/local/go/src/encoding/gob/decoder.go:143 +0x10c
encoding/gob.(*Decoder).DecodeValue(0xc0000c4680, 0x82da20, 0xc0000f89f0, 0x16, 0x0, 0x0)
/usr/local/go/src/encoding/gob/decoder.go:211 +0x10b
encoding/gob.(*Decoder).Decode(0xc0000c4680, 0x82da20, 0xc0000f89f0, 0x0, 0x0)
/usr/local/go/src/encoding/gob/decoder.go:188 +0x16d
net/rpc.(*gobClientCodec).ReadResponseHeader(0xc0000f8600, 0xc0000f89f0, 0xc000e1f9e0, 0x0)
/usr/local/go/src/net/rpc/client.go:228 +0x45
net/rpc.(*Client).input(0xc00005f800)
/usr/local/go/src/net/rpc/client.go:109 +0xa5
created by net/rpc.NewClientWithCodec
/usr/local/go/src/net/rpc/client.go:206 +0x89
goroutine 38 [runnable]:
syscall.Syscall(0x3, 0xb, 0xc002863650, 0xc, 0xc, 0xc, 0x0)
/usr/local/go/src/syscall/asm_unix_amd64.s:19 +0x5
syscall.read(0xb, 0xc002863650, 0xc, 0xc, 0x0, 0x99f120, 0xc5a4d0)
/usr/local/go/src/syscall/zsyscall_openbsd_amd64.go:870 +0x5a
syscall.Read(...)
/usr/local/go/src/syscall/syscall_unix.go:183
internal/poll.(*FD).Read(0xc00133e780, 0xc002863650, 0xc, 0xc, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:165 +0x164
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc000120da0, 0xc002863650, 0xc, 0xc, 0xc001cc19d8, 0x40c698, 0x10)
/usr/local/go/src/os/file.go:116 +0x71
io.ReadAtLeast(0x99e460, 0xc000120da0, 0xc002863650, 0xc, 0xc, 0xc, 0x0, 0x3ffc18, 0x3ffc18)
/usr/local/go/src/io/io.go:310 +0x87
io.ReadFull(...)
/usr/local/go/src/io/io.go:329
github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc001696000, 0xc0000225c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000fbb0, 0x203000, 0x203000, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:748 +0x282
github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc000092000, 0xc0000225c0, 0xc002ca3080, 0xc001cc1ce8, 0x7b0fc4, 0xc001cc1d40, 0x44500e, 0x413b6a, 0xc002cb48f8, 0xc00000fbb0)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:280 +0x108
main.(*Proc).executeRaw(0xc002e74480, 0xc0000225c0, 0xc002ca3080, 0x1, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:292 +0x20c
main.(*Proc).execute(0xc002e74480, 0xc0000225c0, 0xc002ca3080, 0x0, 0x1, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x6a
main.(*Proc).loop(0xc002e74480)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:101 +0x4de
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
goroutine 39 [IO wait]:
internal/poll.runtime_pollWait(0x26dfa6988, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc00176c198, 0x72, 0x1, 0xc, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc00176c180, 0xc0028633b0, 0xc, 0xc, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc00000f1d8, 0xc0028633b0, 0xc, 0xc, 0xc00318f9d8, 0x40c698, 0x10)
/usr/local/go/src/os/file.go:116 +0x71
io.ReadAtLeast(0x99e460, 0xc00000f1d8, 0xc0028633b0, 0xc, 0xc, 0xc, 0x0, 0x3fd838, 0x3fd838)
/usr/local/go/src/io/io.go:310 +0x87
io.ReadFull(...)
/usr/local/go/src/io/io.go:329
github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc0023ea850, 0xc0000225c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4eeea3, 0xc00128ea00, 0x6d1a19df3730658f, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:748 +0x282
github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc000092090, 0xc0000225c0, 0xc002c2aa00, 0xc00318fd40, 0x787a61, 0xc002c35d70, 0x3, 0x0, 0x9adf40, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:280 +0x108
main.(*Proc).executeRaw(0xc002e745c0, 0xc0000225c0, 0xc002c2aa00, 0x1, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:292 +0x20c
main.(*Proc).execute(0xc002e745c0, 0xc0000225c0, 0xc002c2aa00, 0x0, 0x1, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x6a
main.(*Proc).loop(0xc002e745c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:101 +0x4de
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
goroutine 40 [IO wait]:
internal/poll.runtime_pollWait(0x26dfa6bf8, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc00176c0d8, 0x72, 0x1ff01, 0x1ffd6, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc00176c0c0, 0xc00341002a, 0x1ffd6, 0x1ffd6, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc00000f1c0, 0xc00341002a, 0x1ffd6, 0x1ffd6, 0x2a, 0x0, 0x0)
/usr/local/go/src/os/file.go:116 +0x71
github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc00000f1c0, 0xc0023ea850)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:594 +0xaf
created by github.com/google/syzkaller/pkg/ipc.makeCommand
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:588 +0x89f
goroutine 183 [select]:
github.com/google/syzkaller/pkg/ipc.(*command).exec.func1(0xc001696000, 0xc001e19aa0, 0xc001e19a40)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:733 +0xba
created by github.com/google/syzkaller/pkg/ipc.(*command).exec
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:731 +0x19c
goroutine 182 [select]:
github.com/google/syzkaller/pkg/ipc.(*command).exec.func1(0xc0023ea850, 0xc001e199e0, 0xc001e19980)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:733 +0xba
created by github.com/google/syzkaller/pkg/ipc.(*command).exec
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:731 +0x19c
OpenBSD/amd64 (ci-openbsd-multicore-5.c.syzkaller.internal) (tty00)
login: panic: amap_wipeout: corrupt amap
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
490731 56195 0 0x14000 0x200 0 zerothread
*496902 27711 0 0x14000 0x200 1 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff822014dd) at panic+0x15c sys/kern/subr_prf.c:207
amap_wipeout(fffffd8067c0c078) at amap_wipeout+0x208 sys/uvm/uvm_amap.c:447
uvm_unmap_detach(ffff800020a75590,1) at uvm_unmap_detach+0x163 sys/uvm/uvm_map.c:1582
uvm_map_teardown(fffffd806e917a18) at uvm_map_teardown+0x25c sys/uvm/uvm_map.c:2755
uvmspace_free(fffffd806e917a18) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3611
uvm_exit(ffff800020ad92d8) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297
reaper(ffff800020a29d40) at reaper+0x189 sys/kern/kern_exit.c:443
end trace frame: 0x0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
amap_wipeout: corrupt amap
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff822014dd) at panic+0x15c sys/kern/subr_prf.c:207
amap_wipeout(fffffd8067c0c078) at amap_wipeout+0x208 sys/uvm/uvm_amap.c:447
uvm_unmap_detach(ffff800020a75590,1) at uvm_unmap_detach+0x163 sys/uvm/uvm_map.c:1582
uvm_map_teardown(fffffd806e917a18) at uvm_map_teardown+0x25c sys/uvm/uvm_map.c:2755
uvmspace_free(fffffd806e917a18) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3611
uvm_exit(ffff800020ad92d8) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297
reaper(ffff800020a29d40) at reaper+0x189 sys/kern/kern_exit.c:443
end trace frame: 0x0, count: -8
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020a75410
rbx 0xffff800020a754c0
rdx 0xffff800020a29d40
rcx 0
rax 0
r8 0xffffffff81f53faf kprintf+0x16f
r9 0x1
r10 0x25
r11 0x10a22a54f15a928
r12 0x3000000008
r13 0xffff800020a75420
r14 0x100
r15 0x1
rip 0xffffffff81e05b48 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020a75400
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (reaper) pid=496902 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=4, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff800020a29ad0,0xffff800020a7dd58
process=0xffff800020a5c788 user=0xffff800020a70000, vmspace=0xffffffff8263d340
estcpu=1, cpticks=8, pctcpu=0.20
user=0, sys=7, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
66224 98424 0 0 3 0x14200 bored sosplice
41466 471160 24210 0 3 0x10008a pause ksh
24210 456187 58377 0 3 0x92 select sshd
16277 114857 1 0 3 0x100083 ttyin getty
58377 401360 1 0 3 0x80 select sshd
25452 274340 6228 74 3 0x100092 bpf pflogd
6228 223422 1 0 3 0x80 netio pflogd
71575 211508 1564 73 3 0x100090 kqread syslogd
1564 384885 1 0 3 0x100082 netio syslogd
41941 56287 1 77 3 0x100090 poll dhclient
53552 511977 1 0 3 0x80 poll dhclient
56195 490731 0 0 7 0x14200 zerothread
40142 405684 0 0 3 0x14200 aiodoned aiodoned
38995 102673 0 0 3 0x14200 syncer update
35851 342807 0 0 3 0x14200 cleaner cleaner
*27711 496902 0 0 7 0x14200 reaper
90195 260725 0 0 3 0x14200 pgdaemon pagedaemon
73205 409749 0 0 3 0x14200 bored crynlk
37429 365429 0 0 3 0x14200 bored crypto
58541 256553 0 0 3 0x40014200 acpi0 acpi0
13026 251454 0 0 3 0x40014200 idle1
63883 220238 0 0 3 0x14200 bored softnet
42475 281929 0 0 3 0x14200 bored systqmp
7060 335383 0 0 3 0x14200 bored systq
4258 313999 0 0 3 0x40014200 bored softclock
14870 91068 0 0 3 0x40014200 idle0
46195 387838 0 0 3 0x14200 bored smr
1 41984 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 27711 (reaper) thread 0xffff800020a29d40 (496902)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8262c6a0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1164
#1 uvm_pause+0x5b sys/uvm/uvm_glue.c:438
#2 uvm_unmap_detach+0x13a sys/uvm/uvm_map.c:1581
#3 uvm_map_teardown+0x25c sys/uvm/uvm_map.c:2755
#4 uvmspace_free+0x86 sys/uvm/uvm_map.c:3611
#5 uvm_exit+0x29 sys/uvm/uvm_glue.c:297
#6 reaper+0x189 sys/kern/kern_exit.c:443
#7 proc_trampoline+0x1c
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9513 6421K 6861K 78643K 10942 0
pcb 13 8K 8K 78643K 77 0
rtable 115 4K 4K 78643K 301 0
ifaddr 70 14K 14K 78643K 109 0
counters 43 33K 34K 78643K 55 0
ioctlops 0 0K 4K 78643K 1473 0
iov 0 0K 16K 78643K 31 0
mount 1 1K 1K 78643K 1 0
vnodes 1224 77K 77K 78643K 1325 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 30 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 196K 290K 78643K 12766 0
file desc 3 8K 25K 78643K 194 0
proc 62 63K 83K 78643K 463 0
subproc 14 0K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 12 0
in_multi 46 2K 2K 78643K 67 0
ether_multi 1 0K 0K 78643K 4 0
mrt 0 0K 0K 78643K 6 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 61 281K 281K 78643K 61 0
exec 0 0K 1K 78643K 219 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 119 38K 39K 78643K 1615 0
UVM aobj 22 2K 2K 78643K 24 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 36 0
NDP 11 0K 0K 78643K 22 0
temp 99 3011K 3605K 78643K 8876 0
kqueue 2 2K 14K 78643K 23 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 7 0 0 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 81 0 79 1 0 1 1 0 8 0
rtentry 112 58 0 12 2 0 2 2 0 8 0
unpcb 120 437 0 427 2 0 2 2 0 8 1
syncache 264 6 0 6 2 1 1 1 0 8 1
sackhl 24 1 0 1 1 0 1 1 0 8 1
tcpqe 32 1 0 1 1 0 1 1 0 8 1
tcpcb 544 114 0 111 2 0 2 2 0 8 1
inpcb 280 351 0 345 2 0 2 2 0 8 1
rttmr 72 3 0 3 1 0 1 1 0 8 1
nd6 48 5 0 2 1 0 1 1 0 8 0
swfcl 56 2 0 0 1 0 1 1 0 8 0
ppxss 1128 2 0 2 1 0 1 1 0 8 1
pffrag 232 6 0 6 1 0 1 1 0 482 1
pffrnode 88 6 0 6 1 0 1 1 0 8 1
pffrent 40 144 0 144 1 0 1 1 0 8 1
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 37 0 1 1 0 1 1 0 8 0
pfstkey 112 37 0 1 2 0 2 2 0 8 0
pfstate 328 37 0 1 3 0 3 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 253 0 39 14 0 14 14 0 8 0
art_table 32 255 0 39 2 0 2 2 0 8 0
art_node 16 55 0 12 1 0 1 1 0 8 0
sysvmsgpl 40 3 0 2 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 28 0 18 1 0 1 1 0 8 0
shmpl 112 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1669 0 258 46 0 46 46 0 8 0
ffsino 272 1669 0 258 95 0 95 95 0 8 0
nchpl 144 2142 0 524 61 0 61 61 0 8 0
uvmvnodes 72 1790 0 0 33 0 33 33 0 8 0
vnodes 208 1790 0 0 95 0 95 95 0 8 0
namei 1024 5839 0 5839 1 0 1 1 0 8 1
percpumem 16 38 0 6 1 0 1 1 0 8 0
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 560 2 0 0 1 0 1 1 0 8 0
scxspl 192 6679 0 6679 8 1 7 7 0 8 7
plimitpl 152 31 0 23 1 0 1 1 0 8 0
sigapl 432 393 0 380 3 1 2 3 0 8 0
futexpl 56 3951 0 3951 1 0 1 1 0 8 1
knotepl 112 79 0 74 1 0 1 1 0 8 0
kqueuepl 104 58 0 57 1 0 1 1 0 8 0
pipelkpl 48 111 0 103 1 0 1 1 0 8 0
pipepl 120 222 0 211 1 0 1 1 0 8 0
fdescpl 496 394 0 380 3 0 3 3 0 8 0
filepl 152 2853 0 2785 6 0 6 6 0 8 2
lockfpl 104 56 0 55 1 0 1 1 0 8 0
lockfspl 48 21 0 20 1 0 1 1 0 8 0
sessionpl 112 18 0 7 1 0 1 1 0 8 0
pgrppl 48 24 0 13 1 0 1 1 0 8 0
ucredpl 96 213 0 204 1 0 1 1 0 8 0
zombiepl 144 382 0 379 1 0 1 1 0 8 0
processpl 960 410 0 379 5 0 5 5 0 8 0
procpl 624 817 0 786 4 0 4 4 0 8 0
sosppl 128 4 0 4 1 0 1 1 0 8 1
sockpl 400 871 0 853 8 0 8 8 0 8 6
mcl64k 65536 11 0 0 2 0 2 2 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 3 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 11 0 0 2 0 2 2 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 173 0 0 21 0 21 21 0 8 0
mtagpl 80 22 0 0 1 0 1 1 0 8 0
mbufpl 256 257 0 0 16 0 16 16 0 8 0
bufpl 280 4656 0 192 319 0 319 319 0 8 0
anonpl 16 55567 0 40724 86 1 85 85 0 125 16
amapchunkpl 152 2252 0 2134 13 4 9 13 0 158 2
amappl16 192 1971 0 1160 59 3 56 59 0 8 8
amappl15 184 58 0 54 1 0 1 1 0 8 0
amappl14 176 36 0 31 1 0 1 1 0 8 0
amappl13 168 86 0 84 1 0 1 1 0 8 0
amappl12 160 7 0 6 1 0 1 1 0 8 0
amappl11 152 52 0 37 1 0 1 1 0 8 0
amappl10 144 15 0 8 1 0 1 1 0 8 0
amappl9 136 685 0 681 1 0 1 1 0 8 0
amappl8 128 213 0 187 2 0 2 2 0 8 0
amappl7 120 104 0 92 1 0 1 1 0 8 0
amappl6 112 62 0 53 1 0 1 1 0 8 0
amappl5 104 131 0 117 1 0 1 1 0 8 0
amappl4 96 648 0 615 2 1 1 2 0 8 0
amappl3 88 123 0 114 1 0 1 1 0 8 0
amappl2 80 2330 0 2263 3 1 2 3 0 8 0
amappl1 72 18749 0 18309 25 15 10 20 0 8 0
amappl 80 1076 0 1036 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 23 0 2 1 0 1 1 0 8 0
uaddrrnd 24 396 0 380 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 396 0 380 1 0 1 1 0 8 0
vmmpekpl 168 7004 0 6969 2 0 2 2 0 8 0
vmmpepl 168 55896 0 54015 126 9 117 121 0 357 21
vmsppl 368 395 0 379 2 0 2 2 0 8 0
pdppl 4096 799 0 760 6 0 6 6 0 8 0
pvpl 32 179196 0 175987 198 0 198 198 0 265 134
pmappl 232 395 0 379 2 0 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 184 0 3 6 0 6 6 0 8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 5185a700 Move dig(1) and needed DNS libraries into it's ow..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15f39431e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=c046beaa6e22b56a8c0f
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c046be...@syzkaller.appspotmail.com
/usr/local/go/src/runtime/panic.go:774 +0x72 fp=0xc003191560 sp=0xc003191530 pc=0x42e9e2
runtime.sigpanic()
/usr/local/go/src/runtime/signal_unix.go:401 +0x3de fp=0xc003191590 sp=0xc003191560 pc=0x443ece
compress/flate.(*compressor).deflate(0xc0001b6000)
/usr/local/go/src/compress/flate/deflate.go:428 +0x22d fp=0xc003191600 sp=0xc003191590 pc=0x65cacd
compress/flate.(*compressor).syncFlush(0xc0001b6000, 0xc000283000, 0xbd)
/usr/local/go/src/compress/flate/deflate.go:565 +0x50 fp=0xc003191628 sp=0xc003191600 pc=0x65d700
compress/flate.(*Writer).Flush(...)
/usr/local/go/src/compress/flate/deflate.go:724
github.com/google/syzkaller/pkg/rpctype.(*flateConn).Write(0xc0000f8510, 0xc000283000, 0xbd, 0x1000, 0xc002a90550, 0x16, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:139 +0x80 fp=0xc003191678 sp=0xc003191628 pc=0x7e71f0
bufio.(*Writer).Flush(0xc0000f4480, 0x827ae0, 0xc002a90550)
/usr/local/go/src/bufio/bufio.go:593 +0x75 fp=0xc0031916d8 sp=0xc003191678 pc=0x557165
net/rpc.(*gobClientCodec).WriteRequest(0xc0000f8600, 0xc00005f818, 0x827ae0, 0xc002a90550, 0xc0002a1180, 0xc0002a1180)
/usr/local/go/src/net/rpc/client.go:224 +0xb3 fp=0xc003191710 sp=0xc0031916d8 pc=0x7e04f3
net/rpc.(*Client).send(0xc00005f800, 0xc002a905a0)
/usr/local/go/src/net/rpc/client.go:91 +0x1e3 fp=0xc0031917b0 sp=0xc003191710 pc=0x7df5b3
net/rpc.(*Client).Go(0xc00005f800, 0x8f9671, 0xc, 0x827ae0, 0xc002a90550, 0x827b20, 0xc002c9a300, 0xc002c9a360, 0xc001fbefc0)
/usr/local/go/src/net/rpc/client.go:316 +0xcc fp=0xc0031917f0 sp=0xc0031917b0 pc=0x7e084c
net/rpc.(*Client).Call(...)
/usr/local/go/src/net/rpc/client.go:322
github.com/google/syzkaller/pkg/rpctype.(*RPCClient).Call(0xc00000d160, 0x8f9671, 0xc, 0x827ae0, 0xc002a90550, 0x827b20, 0xc002c9a300, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:90 +0x174 fp=0xc0031918b8 sp=0xc0031917f0 pc=0x7e6dd4
main.(*Fuzzer).poll(0xc0000d0b00, 0xc002aa5b01, 0xc002aa5b60, 0xa)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:360 +0x174 fp=0xc003191b38 sp=0xc0031918b8 pc=0x7eaa84
main.(*Fuzzer).pollLoop(0xc0000d0b00)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:345 +0x3c8 fp=0xc003191c68 sp=0xc003191b38 pc=0x7ea758
main.main()
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:262 +0x12bd fp=0xc003191f60 sp=0xc003191c68 pc=0x7e975d
runtime.main()
/usr/local/go/src/runtime/proc.go:203 +0x21e fp=0xc003191fe0 sp=0xc003191f60 pc=0x43037e
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:1357 +0x1 fp=0xc003191fe8 sp=0xc003191fe0 pc=0x45d471
goroutine 14 [chan receive]:
main.main.func1(0xc00006a540)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:137 +0x34
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:135 +0x5b0
goroutine 7 [syscall]:
os/signal.signal_recv(0x0)
/usr/local/go/src/runtime/sigqueue.go:147 +0x9c
os/signal.loop()
/usr/local/go/src/os/signal/signal_unix.go:23 +0x22
created by os/signal.init.0
/usr/local/go/src/os/signal/signal_unix.go:29 +0x41
goroutine 13 [chan receive]:
github.com/google/syzkaller/pkg/osutil.HandleInterrupts.func1(0xc00006a540)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:74 +0xb6
created by github.com/google/syzkaller/pkg/osutil.HandleInterrupts
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:71 +0x3f
goroutine 20 [IO wait]:
internal/poll.runtime_pollWait(0x26dfa6d98, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc00133e6d8, 0x72, 0x10001, 0x10000, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc00133e6c0, 0xc003400000, 0x10000, 0x10000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc000120d90, 0xc003400000, 0x10000, 0x10000, 0x10000, 0x0, 0x0)
/usr/local/go/src/os/file.go:116 +0x71
github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc000120d90, 0xc001696000)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:594 +0xaf
created by github.com/google/syzkaller/pkg/ipc.makeCommand
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:588 +0x89f
goroutine 33 [IO wait]:
internal/poll.runtime_pollWait(0x26dfa6cc8, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc0000c4618, 0x72, 0x1000, 0x1000, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc0000c4600, 0xc000282000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
net.(*netFD).Read(0xc0000c4600, 0xc000282000, 0x1000, 0x1000, 0xc000297a60, 0xc000297b40, 0x7c388d)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc00000e650, 0xc000282000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:184 +0x68
bufio.(*Reader).fill(0xc00005f6e0)
/usr/local/go/src/bufio/bufio.go:100 +0x103
bufio.(*Reader).ReadByte(0xc00005f6e0, 0xc000297c00, 0xc0000c4680, 0xc00000d5e0)
/usr/local/go/src/bufio/bufio.go:252 +0x39
compress/flate.(*decompressor).moreBits(0xc00027c000, 0x91cc30, 0xc000297b88)
/usr/local/go/src/compress/flate/inflate.go:696 +0x37
compress/flate.(*decompressor).nextBlock(0xc00027c000)
/usr/local/go/src/compress/flate/inflate.go:303 +0x36
compress/flate.(*decompressor).Read(0xc00027c000, 0xc00028e000, 0x1000, 0x1000, 0x892e40, 0xc000e1fa10, 0x199)
/usr/local/go/src/compress/flate/inflate.go:347 +0x77
github.com/google/syzkaller/pkg/rpctype.(*flateConn).Read(0xc0000f8510, 0xc00028e000, 0x1000, 0x1000, 0x10, 0xc000297b88, 0x7c36ed)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:131 +0x51
bufio.(*Reader).Read(0xc00005f740, 0xc000020730, 0x1, 0x9, 0x0, 0x0, 0xc000297d70)
/usr/local/go/src/bufio/bufio.go:226 +0x26a
io.ReadAtLeast(0x99dcc0, 0xc00005f740, 0xc000020730, 0x1, 0x9, 0x1, 0x1, 0x0, 0x0)
/usr/local/go/src/io/io.go:310 +0x87
io.ReadFull(...)
/usr/local/go/src/io/io.go:329
encoding/gob.decodeUintReader(0x99dcc0, 0xc00005f740, 0xc000020730, 0x9, 0x9, 0x4050d5, 0x43080c, 0xc000297d48, 0x45a320)
/usr/local/go/src/encoding/gob/decode.go:120 +0x6f
encoding/gob.(*Decoder).recvMessage(0xc0000c4680, 0x404fbc)
/usr/local/go/src/encoding/gob/decoder.go:81 +0x57
encoding/gob.(*Decoder).decodeTypeSequence(0xc0000c4680, 0xc000000100, 0xc000297e10)
/usr/local/go/src/encoding/gob/decoder.go:143 +0x10c
encoding/gob.(*Decoder).DecodeValue(0xc0000c4680, 0x82da20, 0xc0000f89f0, 0x16, 0x0, 0x0)
/usr/local/go/src/encoding/gob/decoder.go:211 +0x10b
encoding/gob.(*Decoder).Decode(0xc0000c4680, 0x82da20, 0xc0000f89f0, 0x0, 0x0)
/usr/local/go/src/encoding/gob/decoder.go:188 +0x16d
net/rpc.(*gobClientCodec).ReadResponseHeader(0xc0000f8600, 0xc0000f89f0, 0xc000e1f9e0, 0x0)
/usr/local/go/src/net/rpc/client.go:228 +0x45
net/rpc.(*Client).input(0xc00005f800)
/usr/local/go/src/net/rpc/client.go:109 +0xa5
created by net/rpc.NewClientWithCodec
/usr/local/go/src/net/rpc/client.go:206 +0x89
goroutine 38 [runnable]:
syscall.Syscall(0x3, 0xb, 0xc002863650, 0xc, 0xc, 0xc, 0x0)
/usr/local/go/src/syscall/asm_unix_amd64.s:19 +0x5
syscall.read(0xb, 0xc002863650, 0xc, 0xc, 0x0, 0x99f120, 0xc5a4d0)
/usr/local/go/src/syscall/zsyscall_openbsd_amd64.go:870 +0x5a
syscall.Read(...)
/usr/local/go/src/syscall/syscall_unix.go:183
internal/poll.(*FD).Read(0xc00133e780, 0xc002863650, 0xc, 0xc, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:165 +0x164
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc000120da0, 0xc002863650, 0xc, 0xc, 0xc001cc19d8, 0x40c698, 0x10)
/usr/local/go/src/os/file.go:116 +0x71
io.ReadAtLeast(0x99e460, 0xc000120da0, 0xc002863650, 0xc, 0xc, 0xc, 0x0, 0x3ffc18, 0x3ffc18)
/usr/local/go/src/io/io.go:310 +0x87
io.ReadFull(...)
/usr/local/go/src/io/io.go:329
github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc001696000, 0xc0000225c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000fbb0, 0x203000, 0x203000, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:748 +0x282
github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc000092000, 0xc0000225c0, 0xc002ca3080, 0xc001cc1ce8, 0x7b0fc4, 0xc001cc1d40, 0x44500e, 0x413b6a, 0xc002cb48f8, 0xc00000fbb0)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:280 +0x108
main.(*Proc).executeRaw(0xc002e74480, 0xc0000225c0, 0xc002ca3080, 0x1, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:292 +0x20c
main.(*Proc).execute(0xc002e74480, 0xc0000225c0, 0xc002ca3080, 0x0, 0x1, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x6a
main.(*Proc).loop(0xc002e74480)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:101 +0x4de
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
goroutine 39 [IO wait]:
internal/poll.runtime_pollWait(0x26dfa6988, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc00176c198, 0x72, 0x1, 0xc, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc00176c180, 0xc0028633b0, 0xc, 0xc, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc00000f1d8, 0xc0028633b0, 0xc, 0xc, 0xc00318f9d8, 0x40c698, 0x10)
/usr/local/go/src/os/file.go:116 +0x71
io.ReadAtLeast(0x99e460, 0xc00000f1d8, 0xc0028633b0, 0xc, 0xc, 0xc, 0x0, 0x3fd838, 0x3fd838)
/usr/local/go/src/io/io.go:310 +0x87
io.ReadFull(...)
/usr/local/go/src/io/io.go:329
github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc0023ea850, 0xc0000225c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4eeea3, 0xc00128ea00, 0x6d1a19df3730658f, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:748 +0x282
github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc000092090, 0xc0000225c0, 0xc002c2aa00, 0xc00318fd40, 0x787a61, 0xc002c35d70, 0x3, 0x0, 0x9adf40, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:280 +0x108
main.(*Proc).executeRaw(0xc002e745c0, 0xc0000225c0, 0xc002c2aa00, 0x1, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:292 +0x20c
main.(*Proc).execute(0xc002e745c0, 0xc0000225c0, 0xc002c2aa00, 0x0, 0x1, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x6a
main.(*Proc).loop(0xc002e745c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:101 +0x4de
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
goroutine 40 [IO wait]:
internal/poll.runtime_pollWait(0x26dfa6bf8, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc00176c0d8, 0x72, 0x1ff01, 0x1ffd6, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc00176c0c0, 0xc00341002a, 0x1ffd6, 0x1ffd6, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc00000f1c0, 0xc00341002a, 0x1ffd6, 0x1ffd6, 0x2a, 0x0, 0x0)
/usr/local/go/src/os/file.go:116 +0x71
github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc00000f1c0, 0xc0023ea850)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:594 +0xaf
created by github.com/google/syzkaller/pkg/ipc.makeCommand
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:588 +0x89f
goroutine 183 [select]:
github.com/google/syzkaller/pkg/ipc.(*command).exec.func1(0xc001696000, 0xc001e19aa0, 0xc001e19a40)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:733 +0xba
created by github.com/google/syzkaller/pkg/ipc.(*command).exec
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:731 +0x19c
goroutine 182 [select]:
github.com/google/syzkaller/pkg/ipc.(*command).exec.func1(0xc0023ea850, 0xc001e199e0, 0xc001e19980)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:733 +0xba
created by github.com/google/syzkaller/pkg/ipc.(*command).exec
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:731 +0x19c
OpenBSD/amd64 (ci-openbsd-multicore-5.c.syzkaller.internal) (tty00)
login: panic: amap_wipeout: corrupt amap
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
490731 56195 0 0x14000 0x200 0 zerothread
*496902 27711 0 0x14000 0x200 1 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff822014dd) at panic+0x15c sys/kern/subr_prf.c:207
amap_wipeout(fffffd8067c0c078) at amap_wipeout+0x208 sys/uvm/uvm_amap.c:447
uvm_unmap_detach(ffff800020a75590,1) at uvm_unmap_detach+0x163 sys/uvm/uvm_map.c:1582
uvm_map_teardown(fffffd806e917a18) at uvm_map_teardown+0x25c sys/uvm/uvm_map.c:2755
uvmspace_free(fffffd806e917a18) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3611
uvm_exit(ffff800020ad92d8) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297
reaper(ffff800020a29d40) at reaper+0x189 sys/kern/kern_exit.c:443
end trace frame: 0x0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
amap_wipeout: corrupt amap
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff822014dd) at panic+0x15c sys/kern/subr_prf.c:207
amap_wipeout(fffffd8067c0c078) at amap_wipeout+0x208 sys/uvm/uvm_amap.c:447
uvm_unmap_detach(ffff800020a75590,1) at uvm_unmap_detach+0x163 sys/uvm/uvm_map.c:1582
uvm_map_teardown(fffffd806e917a18) at uvm_map_teardown+0x25c sys/uvm/uvm_map.c:2755
uvmspace_free(fffffd806e917a18) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3611
uvm_exit(ffff800020ad92d8) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297
reaper(ffff800020a29d40) at reaper+0x189 sys/kern/kern_exit.c:443
end trace frame: 0x0, count: -8
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020a75410
rbx 0xffff800020a754c0
rdx 0xffff800020a29d40
rcx 0
rax 0
r8 0xffffffff81f53faf kprintf+0x16f
r9 0x1
r10 0x25
r11 0x10a22a54f15a928
r12 0x3000000008
r13 0xffff800020a75420
r14 0x100
r15 0x1
rip 0xffffffff81e05b48 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020a75400
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (reaper) pid=496902 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=4, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff800020a29ad0,0xffff800020a7dd58
process=0xffff800020a5c788 user=0xffff800020a70000, vmspace=0xffffffff8263d340
estcpu=1, cpticks=8, pctcpu=0.20
user=0, sys=7, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
66224 98424 0 0 3 0x14200 bored sosplice
41466 471160 24210 0 3 0x10008a pause ksh
24210 456187 58377 0 3 0x92 select sshd
16277 114857 1 0 3 0x100083 ttyin getty
58377 401360 1 0 3 0x80 select sshd
25452 274340 6228 74 3 0x100092 bpf pflogd
6228 223422 1 0 3 0x80 netio pflogd
71575 211508 1564 73 3 0x100090 kqread syslogd
1564 384885 1 0 3 0x100082 netio syslogd
41941 56287 1 77 3 0x100090 poll dhclient
53552 511977 1 0 3 0x80 poll dhclient
56195 490731 0 0 7 0x14200 zerothread
40142 405684 0 0 3 0x14200 aiodoned aiodoned
38995 102673 0 0 3 0x14200 syncer update
35851 342807 0 0 3 0x14200 cleaner cleaner
*27711 496902 0 0 7 0x14200 reaper
90195 260725 0 0 3 0x14200 pgdaemon pagedaemon
73205 409749 0 0 3 0x14200 bored crynlk
37429 365429 0 0 3 0x14200 bored crypto
58541 256553 0 0 3 0x40014200 acpi0 acpi0
13026 251454 0 0 3 0x40014200 idle1
63883 220238 0 0 3 0x14200 bored softnet
42475 281929 0 0 3 0x14200 bored systqmp
7060 335383 0 0 3 0x14200 bored systq
4258 313999 0 0 3 0x40014200 bored softclock
14870 91068 0 0 3 0x40014200 idle0
46195 387838 0 0 3 0x14200 bored smr
1 41984 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 27711 (reaper) thread 0xffff800020a29d40 (496902)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8262c6a0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1164
#1 uvm_pause+0x5b sys/uvm/uvm_glue.c:438
#2 uvm_unmap_detach+0x13a sys/uvm/uvm_map.c:1581
#3 uvm_map_teardown+0x25c sys/uvm/uvm_map.c:2755
#4 uvmspace_free+0x86 sys/uvm/uvm_map.c:3611
#5 uvm_exit+0x29 sys/uvm/uvm_glue.c:297
#6 reaper+0x189 sys/kern/kern_exit.c:443
#7 proc_trampoline+0x1c
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9513 6421K 6861K 78643K 10942 0
pcb 13 8K 8K 78643K 77 0
rtable 115 4K 4K 78643K 301 0
ifaddr 70 14K 14K 78643K 109 0
counters 43 33K 34K 78643K 55 0
ioctlops 0 0K 4K 78643K 1473 0
iov 0 0K 16K 78643K 31 0
mount 1 1K 1K 78643K 1 0
vnodes 1224 77K 77K 78643K 1325 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 30 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 196K 290K 78643K 12766 0
file desc 3 8K 25K 78643K 194 0
proc 62 63K 83K 78643K 463 0
subproc 14 0K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 12 0
in_multi 46 2K 2K 78643K 67 0
ether_multi 1 0K 0K 78643K 4 0
mrt 0 0K 0K 78643K 6 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 61 281K 281K 78643K 61 0
exec 0 0K 1K 78643K 219 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 119 38K 39K 78643K 1615 0
UVM aobj 22 2K 2K 78643K 24 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 36 0
NDP 11 0K 0K 78643K 22 0
temp 99 3011K 3605K 78643K 8876 0
kqueue 2 2K 14K 78643K 23 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 7 0 0 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 81 0 79 1 0 1 1 0 8 0
rtentry 112 58 0 12 2 0 2 2 0 8 0
unpcb 120 437 0 427 2 0 2 2 0 8 1
syncache 264 6 0 6 2 1 1 1 0 8 1
sackhl 24 1 0 1 1 0 1 1 0 8 1
tcpqe 32 1 0 1 1 0 1 1 0 8 1
tcpcb 544 114 0 111 2 0 2 2 0 8 1
inpcb 280 351 0 345 2 0 2 2 0 8 1
rttmr 72 3 0 3 1 0 1 1 0 8 1
nd6 48 5 0 2 1 0 1 1 0 8 0
swfcl 56 2 0 0 1 0 1 1 0 8 0
ppxss 1128 2 0 2 1 0 1 1 0 8 1
pffrag 232 6 0 6 1 0 1 1 0 482 1
pffrnode 88 6 0 6 1 0 1 1 0 8 1
pffrent 40 144 0 144 1 0 1 1 0 8 1
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 37 0 1 1 0 1 1 0 8 0
pfstkey 112 37 0 1 2 0 2 2 0 8 0
pfstate 328 37 0 1 3 0 3 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 253 0 39 14 0 14 14 0 8 0
art_table 32 255 0 39 2 0 2 2 0 8 0
art_node 16 55 0 12 1 0 1 1 0 8 0
sysvmsgpl 40 3 0 2 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 28 0 18 1 0 1 1 0 8 0
shmpl 112 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1669 0 258 46 0 46 46 0 8 0
ffsino 272 1669 0 258 95 0 95 95 0 8 0
nchpl 144 2142 0 524 61 0 61 61 0 8 0
uvmvnodes 72 1790 0 0 33 0 33 33 0 8 0
vnodes 208 1790 0 0 95 0 95 95 0 8 0
namei 1024 5839 0 5839 1 0 1 1 0 8 1
percpumem 16 38 0 6 1 0 1 1 0 8 0
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 560 2 0 0 1 0 1 1 0 8 0
scxspl 192 6679 0 6679 8 1 7 7 0 8 7
plimitpl 152 31 0 23 1 0 1 1 0 8 0
sigapl 432 393 0 380 3 1 2 3 0 8 0
futexpl 56 3951 0 3951 1 0 1 1 0 8 1
knotepl 112 79 0 74 1 0 1 1 0 8 0
kqueuepl 104 58 0 57 1 0 1 1 0 8 0
pipelkpl 48 111 0 103 1 0 1 1 0 8 0
pipepl 120 222 0 211 1 0 1 1 0 8 0
fdescpl 496 394 0 380 3 0 3 3 0 8 0
filepl 152 2853 0 2785 6 0 6 6 0 8 2
lockfpl 104 56 0 55 1 0 1 1 0 8 0
lockfspl 48 21 0 20 1 0 1 1 0 8 0
sessionpl 112 18 0 7 1 0 1 1 0 8 0
pgrppl 48 24 0 13 1 0 1 1 0 8 0
ucredpl 96 213 0 204 1 0 1 1 0 8 0
zombiepl 144 382 0 379 1 0 1 1 0 8 0
processpl 960 410 0 379 5 0 5 5 0 8 0
procpl 624 817 0 786 4 0 4 4 0 8 0
sosppl 128 4 0 4 1 0 1 1 0 8 1
sockpl 400 871 0 853 8 0 8 8 0 8 6
mcl64k 65536 11 0 0 2 0 2 2 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 3 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 11 0 0 2 0 2 2 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 173 0 0 21 0 21 21 0 8 0
mtagpl 80 22 0 0 1 0 1 1 0 8 0
mbufpl 256 257 0 0 16 0 16 16 0 8 0
bufpl 280 4656 0 192 319 0 319 319 0 8 0
anonpl 16 55567 0 40724 86 1 85 85 0 125 16
amapchunkpl 152 2252 0 2134 13 4 9 13 0 158 2
amappl16 192 1971 0 1160 59 3 56 59 0 8 8
amappl15 184 58 0 54 1 0 1 1 0 8 0
amappl14 176 36 0 31 1 0 1 1 0 8 0
amappl13 168 86 0 84 1 0 1 1 0 8 0
amappl12 160 7 0 6 1 0 1 1 0 8 0
amappl11 152 52 0 37 1 0 1 1 0 8 0
amappl10 144 15 0 8 1 0 1 1 0 8 0
amappl9 136 685 0 681 1 0 1 1 0 8 0
amappl8 128 213 0 187 2 0 2 2 0 8 0
amappl7 120 104 0 92 1 0 1 1 0 8 0
amappl6 112 62 0 53 1 0 1 1 0 8 0
amappl5 104 131 0 117 1 0 1 1 0 8 0
amappl4 96 648 0 615 2 1 1 2 0 8 0
amappl3 88 123 0 114 1 0 1 1 0 8 0
amappl2 80 2330 0 2263 3 1 2 3 0 8 0
amappl1 72 18749 0 18309 25 15 10 20 0 8 0
amappl 80 1076 0 1036 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 23 0 2 1 0 1 1 0 8 0
uaddrrnd 24 396 0 380 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 396 0 380 1 0 1 1 0 8 0
vmmpekpl 168 7004 0 6969 2 0 2 2 0 8 0
vmmpepl 168 55896 0 54015 126 9 117 121 0 357 21
vmsppl 368 395 0 379 2 0 2 2 0 8 0
pdppl 4096 799 0 760 6 0 6 6 0 8 0
pvpl 32 179196 0 175987 198 0 198 198 0 265 134
pmappl 232 395 0 379 2 0 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 184 0 3 6 0 6 6 0 8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Feb 9, 2020, 4:06:01 AM2/9/20
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages