syzbot

 sign-in | mailing list | source | docs
🐞 Open [144]
🐞 Fixed [274]
🐞 Invalid [739]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

protection_fault: reaper

Status: upstream: reported on 2024/08/13 05:13
Reported-by: syzbot+1be774028d4a6ca2c5c7@syzkaller.appspotmail.com
First crash: 100d, last: 46d

Sample crash report:
kernel: protection fault trap, code=0
Stopped at      reaper+0x322:   movq    0x8(%rax),%rdi
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
reaper(ffff800029fd9448) at reaper+0x322 sys/kern/kern_exit.c:491
end trace frame: 0x0, count: -1
ddb{0}> show registers
rdi                                0
rsi                          0x40000    acpi_pdirpa+0x2be71
rbp               0xffff800029fe5800
rbx                                0
rdx                                0
rcx               0xffff800029fd9448
rax               0xdead4110dead4110
r8                                 0
r9                                 0
r10               0xf4dcd863ae26f875
r11               0xd92ca458c66a2e47
r12                          0x40000    acpi_pdirpa+0x2be71
r13               0xffffffff834edff0    cpu_info_full_primary+0x1ff0
r14               0xffff8000371d2460
r15                          0x41018    acpi_pdirpa+0x2ce89
rip               0xffffffff826b1292    reaper+0x322
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff800029fe57d0
ss                              0x10
reaper+0x322:   movq    0x8(%rax),%rdi
ddb{0}> show proc
PROC (reaper) tid=63949 pid=61929 tcnt=1 stat=onproc
    flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
    runpri=32, usrpri=64, slppri=32, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff800029fd96d0,0xffff800029fd91d0
    process=0xffff800029febaf0 user=0xffff800029fe0000, vmspace=0xffffffff83546a08
    estcpu=14, cpticks=4, pctcpu=2.31, user=0, sys=78512, intr=1496
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 61656  212336  69361  32767  2        0x10                syz-executor
 61656  359113  69361  32767  3   0x4000090  piperd        syz-executor
 61656  283640  69361  32767  3   0x4000090  fsleep        syz-executor
 26944  499825   3729  32767  3        0x90  nanoslp       syz-executor
 26944  307162   3729  32767  3   0x4000090  kqsel         syz-executor
 26944  339836   3729  32767  3   0x4000090  fsleep        syz-executor
 61979  503068  65206  32767  3        0x90  nanoslp       syz-executor
 61979  232218  65206  32767  3   0x4000090  kqread        syz-executor
 61979  460096  65206  32767  3   0x4000090  fsleep        syz-executor
 80645  297178  77421  32767  3        0x90  nanoslp       syz-executor
 77421  108900   6964      0  3        0x82  wait          syz-executor
  3729  514970  89221  32767  3        0x90  nanoslp       syz-executor
 89221  174619   6964      0  3        0x82  wait          syz-executor
  7093  272997  71112  32767  3        0x90  wait          syz-executor
 71112  110421   6964      0  3        0x82  wait          syz-executor
 14843  106704  44432  32767  3        0x90  nanoslp       syz-executor
 44432  181116   6964      0  3        0x82  wait          syz-executor
 55004   97615  48999  32767  7        0x10                syz-executor
 48999  330748   6964      0  3        0x82  wait          syz-executor
 96190  498174  49753  32767  3        0x90  wait          syz-executor
 49753   45445   6964      0  3        0x82  wait          syz-executor
 69361  162035   2513  32767  3        0x90  nanoslp       syz-executor
  2513  132163   6964      0  3        0x82  wait          syz-executor
 65206  229950  41448  32767  3        0x90  nanoslp       syz-executor
 41448  454287   6964      0  3        0x82  wait          syz-executor
 67484  268262  91171  32767  4     0x82010                syz-executor
 67484   94555  91171  32767  4   0x4082010                syz-executor
 67484  391814  91171  32767  4   0x4082010                syz-executor
 67484   16119  91171  32767  3   0x4002010  suspend       syz-executor
 91171   33480      1  32767  3        0x90  wait          syz-executor
 29165  514618  57433  32767  3      0x3810  suspend       syz-executor
 29165  148673  57433  32767  4   0x4081810                syz-executor
 57433  231791      1  32767  3        0x90  wait          syz-executor
 35249   12415  37048      0  3    0x100082  sbwait        ndp
 37048  472119  65901      0  3    0x10008a  sigsusp       sh
 65901  365822      1      0  3        0x80  wait          syz-executor
 62881  519914      0      0  3     0x14200  bored         sosplice
  6964  301329  65450      0  3        0x82  kqread        syz-executor
 65450   13120   2239      0  3    0x10008a  sigsusp       ksh
  2239   13101  22279      0  3        0x98  kqread        sshd-session
 22279   17735   7930      0  3        0x92  kqread        sshd-session
 33356  246034      1      0  3    0x100083  ttyin         getty
  7930  161989      1      0  3        0x88  kqread        sshd
 78669  245012  32761     73  3   0x1100090  kqread        syslogd
 32761  151445      1      0  3    0x100082  sbwait        syslogd
 73780  459752      1      0  3    0x100080  kqread        resolvd
 55091  277440  30675     77  3    0x100092  kqread        dhcpleased
 39709  338503  30675     77  3    0x100092  kqread        dhcpleased
 30675  158631      1      0  3        0x80  kqread        dhcpleased
 10603  153055      0      0  3     0x14200  bored         smr
 88160  328039      0      0  3     0x14200  pgzero        zerothread
 76017  173110      0      0  3     0x14200  aiodoned      aiodoned
  5806   71914      0      0  3     0x14200  syncer        update
 18349  409360      0      0  3     0x14200  cleaner       cleaner
*61929   63949      0      0  7     0x14200                reaper
 15479  313356      0      0  3     0x14200  pgdaemon      pagedaemon
 22014   56774      0      0  3     0x14200  bored         viomb
 28731  104782      0      0  3  0x40014200  acpi0         acpi0
 78957  197923      0      0  3  0x40014200                idle1
 21509  403214      0      0  3     0x14200  bored         softnet3
 24878  205462      0      0  3     0x14200  bored         softnet2
 41507   64539      0      0  3     0x14200  bored         softnet1
 17648  283191      0      0  2     0x14200                softnet0
 39148  145541      0      0  3     0x14200  bored         systqmp
 33402  371911      0      0  3     0x14200  bored         systq
 18732  416887      0      0  3     0x14200  tmoslp        softclockmp
  2919  126627      0      0  3  0x40014200  tmoslp        softclock
 71994  208709      0      0  3  0x40014200                idle0
     1  104864      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}> show all locks
Process 61929 (reaper) thread 0xffff800029fd9448 (63949)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8361ffd0)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1  __mp_acquire_count+0x58
#2  mi_switch+0x658 sys/kern/sched_bsd.c:460
#3  sleep_finish+0x219 sys/kern/kern_synch.c:416
#4  rw_enter+0x348 sys/kern/kern_rwlock.c:285
#5  knote_processexit+0x2b sys/kern/kern_event.c:2063
#6  reaper+0x2ad sys/kern/kern_exit.c:489
#7  proc_trampoline+0x10
ddb{0}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10234  11054K   11059K 166960K     13567        0
            pcb    17     24K      26K 166960K        27        0
         rtable   236      6K       7K 166960K     26869        0
             pf    31     16K      16K 166960K      1549        0
         ifaddr    42     15K      19K 166960K      3051        0
        ifgroup    50      2K       2K 166960K      3070        0
         sysctl     4      1K       5K 166960K        38        0
       counters    64     36K      36K 166960K      1566        0
       ioctlops     0      0K       2K 166960K      1581        0
            iov     0      0K      32K 166960K      3968        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1469     92K      92K 166960K     21847        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K      13K 166960K       800        0
         VM map     2      1K       1K 166960K         2        0
            sem    12      0K       0K 166960K      1650        0
        dirhash    18      3K       4K 166960K      1143        0
           ACPI  1690    195K     286K 166960K     12418        0
      file desc    31    117K     169K 166960K     48103        0
          sigio     0      0K       0K 166960K      1818        0
           proc    58     79K     176K 166960K     25641        0
        subproc   143      8K      13K 166960K     12649        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     1      0K       0K 166960K     10441        0
       in_multi    99      7K       8K 166960K     10136        0
    ether_multi     1      0K       0K 166960K       218        0
            mrt     1      0K       0K 166960K         9        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys   343   1526K    1526K 166960K       343        0
           exec     0      0K       1K 166960K     18416        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   348    102K     140K 166960K    410882        0
       UVM aobj   131      4K       8K 166960K       159        0
     pinsyscall    53    106K     138K 166960K     70346        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       1K 166960K      3316        0
            NDP    11      0K       2K 166960K      2271        0
           temp    87   6824K    6952K 166960K    393492        0
         kqueue    14     20K      36K 166960K      7708        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{0}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       24    0        0     1     0     1     1     0     8    0
rtpcb      120     7394    0     7389    53    51     2     5     0     8    1
rtentry    112     8857    0     8746    17    13     4     4     0     8    0
unpcb      144    45306    0    45289   210   204     6     8     0     8    5
syncache   336      800    0      800    33    32     1     1     0     8    1
tcpqe       32      313    0      313    55    54     1     1     0     8    1
tcpcb      808    31246    0    31162   335   319    16    20     0     8    4
arp        120     1545    0     1527     1     0     1     1     0     8    0
ipq         40      227    0      224     2     1     1     1     0     8    0
ipqe        40     3273    0     3270     2     1     1     1     0     8    0
inpcb      336    71387    0    71294   347   333    14    24     0     8    0
ip6q        72       43    0       43    10    10     0     1     0     8    0
ip6af       40       86    0       86    10    10     0     1     0     8    0
nd6        136     2755    0     2730    11     9     2     2     0     8    1
kcovpl      48      973    0      962     1     0     1     1     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256    36457    0    35986   231   201    30    33     0     8    0
art_table   32    36458    0    35986    14    10     4     5     0     8    0
art_node    16     8856    0     8755     1     0     1     1     0     8    0
sysvmsgpl   40       28    0       18     1     0     1     1     0     8    0
semapl     112     1641    0     1631     1     0     1     1     0     8    0
shmpl      112      156    0       28     4     0     4     4     0     8    0
dirhash    1024     786    0      757    12     8     4     4     0     8    0
dino2pl    256    61705    0    57315   277     2   275   275     0     8    0
ffsino     272    61705    0    57315   294     1   293   293     0     8    0
nchpl      144   113102    0   109918   119     0   119   119     0     8    0
uvmvnodes   80    11286    0        0   231     0   231   231     0     8    0
vnodes     216    11286    0        0   627     0   627   627     0     8    0
namei      1024  492439    0   492439    62    61     1     2     0     8    1
percpumem   16      797    0      751     1     0     1     1     0     8    0
kstatmem   264     1524    0     1502     2     0     2     2     0     8    0
scxspl     216   484312    0   484312   103   100     3     8     1     8    3
plimitpl   152    16223    0    16195     2     0     2     2     0     8    0
sigapl     424    46808    0    46745    17     9     8     9     0     8    0
futexpl     64   553668    0   553665    30    29     1     1     0     8    0
knotepl    120     1944    0        0    19     0    19    19     0     8    0
kqueuepl   216    17047    0    17031   142   140     2     8     0     8    1
pipepl     320    10807    0    10770   132   128     4    11     0     8    0
fdescpl    496    46789    0    46746    21    14     7     8     0     8    0
filepl     152   343945    0   343626   237   219    18    23     0     8    2
lockfpl    104    13496    0    13493     7     6     1     2     0     8    0
lockfspl    48     3897    0     3894     1     0     1     1     0     8    0
sessionpl  144     1129    0     1110     1     0     1     1     0     8    0
pgrppl      48     3007    0     2980     1     0     1     1     0     8    0
ucredpl    104    67593    0    67572     1     0     1     1     0     8    0
zombiepl   144    46749    0    46745     1     0     1     1     0     8    0
processpl  1160   46808    0    46745     9     3     6     6     0     8    0
procpl     648   109468    0   109391    22    14     8     8     0     8    0
srpgc       96       32    0       32    15    15     0     1     0     8    0
sosppl     168      561    0      559     8     7     1     1     0     8    0
sockpl     664   124998    0   124881   551   529    22    29     0     8    5
mcl64k     65536     52    0        0     5     0     5     5     0     8    0
mcl16k     16384     11    0        0     2     0     2     2     0     8    0
mcl12k     12288      3    0        0     1     0     1     1     0     8    0
mcl9k      9216       4    0        0     1     0     1     1     0     8    0
mcl8k      8192      17    0        0     3     1     2     3     0     8    0
mcl4k      4096     298    0        0    19     5    14    19     0     8    0
mcl2k2     2112       4    0        0     1     0     1     1     0     8    0
mcl2k      2048     666    0        0    16     9     7    11     0     8    0
mtagpl      96       18    0        0     1     0     1     1     0     8    0
mbufpl     256     9576    0        0   575     0   575   575     0     8    0
bufpl      280    79877    0    68583   808     0   808   808     0     8    0
anonpl      24  5957489    0  5941861   688   549   139   146     0   185   16
amapchunkpl 152 1346514    0  1345482   417   373    44    55     0   158    0
amappl16   200   147530    0   147027   660   612    48    52     0     8    8
amappl15   192       20    0       20     7     7     0     1     0     8    0
amappl14   184     2390    0     2379     1     0     1     1     0     8    0
amappl13   176       41    0       40     1     0     1     1     0     8    0
amappl12   168    59836    0    59790    10     7     3     3     0     8    0
amappl11   160       49    0       38     1     0     1     1     0     8    0
amappl10   152       43    0       42     2     1     1     1     0     8    0
amappl9    144      152    0      151     3     2     1     1     0     8    0
amappl8    136       26    0       23     1     0     1     1     0     8    0
amappl7    128     1993    0     1981     1     0     1     1     0     8    0
amappl6    120     7644    0     7641     1     0     1     1     0     8    0
amappl5    112     3489    0     3478     1     0     1     1     0     8    0
amappl4    104     3997    0     3977     1     0     1     1     0     8    0
amappl3     96   274538    0   274359     7     2     5     5     0     8    0
amappl2     88    15432    0    15364     3     0     3     3     0     8    0
amappl1     80   288260    0   287675    34    13    21    21     0     8    0
amappl      88   399660    0   399373     8     1     7     7     0    92    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      72      158    0       28     4     1     3     3     0     8    0
uaddrrnd    24    46789    0    46745     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24    46789    0    46745     1     0     1     1     0     8    0
vmmpekpl   168   427115    0   427055     8     3     5     5     0     8    0
vmmpepl    168  3095212    0  3092361   565   410   155   170     0   357    9
vmsppl     440    46788    0    46745    15     9     6     7     0     8    0
rwobjpl     56   788642    0   775697   275    86   189   189     0     8    3
pdppl      4096   93585    0    93490  1802  1703    99   121     0     8    4
pvpl        32    48958    0        0   386     1   385   385     0   265    0
pmappl     248    46788    0    46745     8     4     4     4     0     8    0
extentpl    40       56    0       38     1     0     1     1     0     8    0
phpool     112     4017    0     2677    39     0    39    39     0     8    0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
reaper(ffff800029fd9448) at reaper+0x322 sys/kern/kern_exit.c:491
end trace frame: 0x0, count: -1
ddb{0}> machine ddbcpu 1
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff8361fdc8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8361fdc8) at __mp_lock+0x192 sys/kern/kern_lock.c:144
vn_closefile(fffffd807562f7c0,ffff800036198fc8) at vn_closefile+0x41 sys/kern/vfs_vnops.c:602
fdrop(fffffd807562f7c0,ffff800036198fc8) at fdrop+0x126 sys/kern/kern_descrip.c:1274
closef(fffffd807562f7c0,ffff800036198fc8) at closef+0x192 sys/kern/kern_descrip.c:1258
syscall(ffff80003ac093a0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80003ac093a0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x71151610ac30, count: -9

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/06 06:42 openbsd 3a81c204e44c d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid protection_fault: reaper
2024/10/05 07:02 openbsd 5d74ee2ca1b8 d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid protection_fault: reaper
2024/10/03 18:28 openbsd 770bc2e5805f d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid protection_fault: reaper
2024/09/05 05:16 openbsd ebe65f64a6a1 dfbe2ed4 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid protection_fault: reaper
2024/09/04 08:15 openbsd be4dcae9074d 9d47f20a .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid protection_fault: reaper
2024/08/17 22:39 openbsd ef61d0404a18 dbc93b08 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid protection_fault: reaper
2024/08/13 05:12 openbsd 6fd6d0214b92 7b0f4b46 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore protection_fault: reaper
* Struck through repros no longer work on HEAD.