syzbot


uvm_faulta(ADDRg518, ADDR, 0, 1) - > e

Status: closed as dup on 2019/10/09 07:02
Reported-by: syzbot+9faa31af19fd0b170e7b@syzkaller.appspotmail.com
First crash: 1633d, last: 1633d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
uvm_fault: uvm_unmap_remove (2) C 7836 1576d 1660d

Sample crash report:
uvm_faulta(0xffffffff824ffg518, 0xffff80000e0b1a000, 0, 1) - > e
fault trap, code=0
Stopped at      uvm_unmap_remove+0x3eb: movq    0x100(%r15),%r15
ddb> 
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffffff824ff518, 0xffff800000b1a000, 0, 1) -> e
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline]
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217
end trace frame: 0xffff80001491e7c0, count: 0
ddb> trace
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline]
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217
uvm_map_deallocate(ffff800000b19f00) at uvm_map_deallocate+0x6e sys/uvm/uvm_map.c:4233
vm_impl_init_vmx(ffff800016b54208,ffff8000ffff3b40) at vm_impl_init_vmx+0x1e0
vm_create(ffff800000a62800,ffff8000ffff3b40) at vm_create+0x193 vm_impl_init sys/arch/amd64/amd64/vmm.c:1385 [inline]
vm_create(ffff800000a62800,ffff8000ffff3b40) at vm_create+0x193 sys/arch/amd64/amd64/vmm.c:1174
VOP_IOCTL(fffffd803acb48f0,c5005601,ffff800000a62800,1,fffffd803f7c6c00,ffff8000ffff3b40) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd803aaab348,c5005601,ffff800000a62800,ffff8000ffff3b40) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:536
sys_ioctl(ffff8000ffff3b40,ffff80001491eb68,ffff80001491ebb0) at sys_ioctl+0x5b9
syscall(ffff80001491ec30) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff59,0,3,4a33f4b010) at Xsyscall+0x128
end of kernel
end trace frame: 0x4ceb0a8b40, count: -9
ddb> show registers
rdi                                0
rsi                                0
rbp               0xffff80001491e770
rbx                                0
rdx                            0x8ac
rcx               0xffff800014931000
rax               0xffff800000b19f00
r8                               0x1
r9                                 0
r10               0xe9257e0220c6a976
r11               0x8a3ad8ed12f7da9f
r12                                0
r13               0xfffffd80387d18c0
r14                                0
r15               0xffff800000b19f00
rip               0xffffffff81559f4b    uvm_unmap_remove+0x3eb
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff80001491e6c0
ss                              0x10
uvm_unmap_remove+0x3eb: movq    0x100(%r15),%r15
ddb> show proc
PROC (syz-executor.1) pid=455850 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=83, usrpri=83, nice=20
    forw=0xffffffffffffffff, list=0xffff8000ffff3650,0xffffffff8259ac98
    process=0xffff8000148a2a38 user=0xffff800014919000, vmspace=0xfffffd803f013dd0
    estcpu=33, cpticks=2, pctcpu=0.0
    user=0, sys=2, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 58920  300070  54360      0  2           0                syz-executor.1
*58920  455850  54360      0  7   0x4000000                syz-executor.1
 57605   68210  40057      0  2         0x2                syz-executor.0
 54360  444400  40057      0  2       0x482                syz-executor.1
 20716   46803      0      0  3     0x14200  bored         sosplice
 40057   61394  25167      0  3        0x82  thrsleep      syz-fuzzer
 40057   85539  25167      0  2   0x4000482                syz-fuzzer
 40057  509325  25167      0  3   0x4000082  thrsleep      syz-fuzzer
 40057  479910  25167      0  3   0x4000082  thrsleep      syz-fuzzer
 40057  502119  25167      0  3   0x4000082  thrsleep      syz-fuzzer
 40057  417699  25167      0  3   0x4000082  kqread        syz-fuzzer
 40057   92579  25167      0  3   0x4000082  thrsleep      syz-fuzzer
 25167  448432  70715      0  3    0x10008a  pause         ksh
 70715  211960  92367      0  3        0x92  select        sshd
 67347  492449      1      0  3    0x100083  ttyin         getty
 92367  470353      1      0  3        0x80  select        sshd
 58186   73022  16409     73  2    0x100090                syslogd
 16409  512635      1      0  3    0x100082  netio         syslogd
 22273  474662      1     77  3    0x100090  poll          dhclient
 29387   95024      1      0  3        0x80  poll          dhclient
  1618  239627      0      0  2     0x14200                zerothread
 58386   70380      0      0  3     0x14200  aiodoned      aiodoned
 67804  130583      0      0  3     0x14200  syncer        update
  7005  346082      0      0  3     0x14200  cleaner       cleaner
 56339   85762      0      0  3     0x14200  reaper        reaper
  1041  327847      0      0  3     0x14200  pgdaemon      pagedaemon
 94912  302666      0      0  3     0x14200  bored         crynlk
  7374   35287      0      0  3     0x14200  bored         crypto
 44866  455292      0      0  3  0x40014200  acpi0         acpi0
 43156  179193      0      0  3     0x14200  bored         softnet
 94423  492482      0      0  3     0x14200  bored         systqmp
 55959  372229      0      0  3     0x14200  bored         systq
 17586   10424      0      0  3  0x40014200  bored         softclock
 47650  188635      0      0  3  0x40014200                idle0
 90471  302993      0      0  3     0x14200  bored         smr
     1  145611      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb> show all locks
No such command
ddb> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim Kern Lim
         devbuf  9549   6353K    7376K  78643K     15620        0        0
            pcb    13     10K      12K  78643K       298        0        0
         rtable    98      4K       5K  78643K      2709        0        0
         ifaddr    75     15K      16K  78643K       263        0        0
       counters    19     16K      16K  78643K        19        0        0
       ioctlops     1      2K       2K  78643K       978        0        0
            iov     0      0K      16K  78643K       303        0        0
          mount     1      1K       1K  78643K         1        0        0
         vnodes  1221     77K      77K  78643K      3195        0        0
      UFS quota     1     32K      32K  78643K         1        0        0
      UFS mount     5     36K      36K  78643K         5        0        0
            shm     2      1K       5K  78643K        34        0        0
         VM map    12      3K       3K  78643K        16        0        0
            sem    12      0K       0K  78643K       225        0        0
        dirhash    12      2K       2K  78643K        12        0        0
           ACPI  1793    195K     288K  78643K     12645        0        0
      file desc     5     13K      25K  78643K      2386        0        0
          sigio     0      0K       0K  78643K        14        0        0
           proc    48     38K      63K  78643K       911        0        0
        subproc    32      2K       2K  78643K       238        0        0
    NFS srvsock     1      0K       0K  78643K         1        0        0
     NFS daemon     1     16K      16K  78643K         1        0        0
    ip_moptions     0      0K       0K  78643K       432        0        0
       in_multi    23      1K       2K  78643K       191        0        0
    ether_multi     1      0K       0K  78643K         8        0        0
            mrt     0      0K       0K  78643K         6        0        0
    ISOFS mount     1     32K      32K  78643K         1        0        0
  MSDOSFS mount     1     16K      16K  78643K         1        0        0
           ttys    60    265K     265K  78643K        60        0        0
           exec     0      0K       1K  78643K       505        0        0
        pagedep     1      8K       8K  78643K         1        0        0
       inodedep     1     32K      32K  78643K         1        0        0
         newblk     1      0K       0K  78643K         1        0        0
        VM swap     7     26K      26K  78643K         7        0        0
       UVM amap   121    103K     119K  78643K      6396        0        0
       UVM aobj   109      3K       3K  78643K       118        0        0
        memdesc     1      4K       4K  78643K         1        0        0
    crypto data     1      1K       1K  78643K         1        0        0
    ip6_options     0      0K       0K  78643K       224        0        0
            NDP    18      0K       0K  78643K        86        0        0
           temp   212   3540K    4180K  78643K     62505        0        0
         kqueue     0      0K       0K  78643K        11        0        0
      SYN cache     2     16K      16K  78643K         2        0        0
ddb> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64      208    0      202     1     0     1     1     0     8    0
rtpcb       80      147    0      145     1     0     1     1     0     8    0
rtentry    112      702    0      666     2     0     2     2     0     8    0
unpcb      120      599    0      587     3     1     2     2     0     8    1
syncache   264       11    0       11     5     4     1     1     0     8    1
sackhl      24        1    0        1     1     1     0     1     0     8    0
tcpqe       32       77    0       77     3     3     0     1     0     8    0
tcpcb      544     1081    0     1077    18    12     6    15     0     8    5
ipq         40        1    0        1     1     1     0     1     0     8    0
ipqe        40        2    0        2     1     1     0     1     0     8    0
inpcb      280     2314    0     2305    14     8     6     9     0     8    5
rttmr       72        2    0        2     1     1     0     1     0     8    0
ip6q        72        1    0        0     1     0     1     1     0     8    0
nd6         48       29    0       27     1     0     1     1     0     8    0
pkpcb       40        8    0        8     3     2     1     1     0     8    1
ppxss      1128      21    0       21     8     7     1     1     0     8    1
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256     2018    0     1843    20     6    14    16     0     8    3
art_table   32     2019    0     1843     3     1     2     3     0     8    0
art_node    16      694    0      661     1     0     1     1     0     8    0
sysvmsgpl   40       48    0       35     1     0     1     1     0     8    0
semapl     112      223    0      213     1     0     1     1     0     8    0
shmpl      112      116    0        9     4     0     4     4     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino1pl    128     4843    0     3449    46     0    46    46     0     8    0
ffsino     240     4843    0     3449    83     0    83    83     0     8    0
nchpl      144     8478    0     6878    60     0    60    60     0     8    0
uvmvnodes   72     6373    0        0   116     0   116   116     0     8    0
vnodes     208     6373    0        0   336     0   336   336     0     8    0
namei      1024   27188    0    27188     4     3     1     1     0     8    1
vcpupl     1984       9    0        0     2     0     2     2     0     8    0
vmpool     520       14    0        4     1     0     1     1     0     8    0
scsiplug    64        3    0        3     1     1     0     1     0     8    0
scxspl     192    27658    0    27658    15    13     2     7     0     8    2
plimitpl   152      136    0      129     1     0     1     1     0     8    0
sigapl     432     2521    0     2508     2     0     2     2     0     8    0
futexpl     56    63965    0    63965     3     2     1     1     0     8    1
knotepl    112      447    0      428     1     0     1     1     0     8    0
kqueuepl   104      468    0      466     4     3     1     4     0     8    0
pipepl     112     1798    0     1779     5     4     1     2     0     8    0
fdescpl    424     2522    0     2508     2     0     2     2     0     8    0
filepl     120    17316    0    17218    16     8     8    11     0     8    5
lockfpl    104      380    0      379     1     0     1     1     0     8    0
lockfspl    48      141    0      140     1     0     1     1     0     8    0
sessionpl  112       29    0       19     1     0     1     1     0     8    0
pgrppl      48       45    0       35     1     0     1     1     0     8    0
ucredpl     96     1724    0     1717     1     0     1     1     0     8    0
zombiepl   144     2509    0     2509     3     2     1     1     0     8    1
processpl  864     2538    0     2509     4     0     4     4     0     8    0
procpl     632     5077    0     5041     4     0     4     4     0     8    0
sosppl     128       15    0       15     6     6     0     1     0     8    0
sockpl     384     3081    0     3060    21    13     8    14     0     8    5
mcl64k     65536    112    0      112     4     3     1     1     0     8    1
mcl16k     16384     24    0       24     6     5     1     1     0     8    1
mcl12k     12288     47    0       47     6     5     1     1     0     8    1
mcl9k      9216      18    0       18     7     6     1     1     0     8    1
mcl8k      8192      96    0       96     4     3     1     1     0     8    1
mcl4k      4096     905    0      905     4     3     1     1     0     8    1
mcl2k2     2112      10    0       10     7     6     1     1     0     8    1
mcl2k      2048   67559    0    67518    23    16     7    14     0     8    1
mtagpl      80       47    0       47     3     2     1     1     0     8    1
mbufpl     256   129449    0   129371    55    41    14    44     0     8    4
bufpl      256    12277    0     5900   399     0   399   399     0     8    0
anonpl      16   276180    0   262103   106    28    78    88     0    62    6
amapchunkpl 152   12748    0    12615    56    42    14    20     0   158    7
amappl16   192    13117    0    12127   122    62    60    72     0     8    8
amappl15   184      191    0      190     1     0     1     1     0     8    0
amappl14   176      907    0      902     2     1     1     1     0     8    0
amappl13   168      394    0      394     2     1     1     1     0     8    1
amappl12   160      158    0      154     2     1     1     1     0     8    0
amappl11   152       79    0       68     1     0     1     1     0     8    0
amappl10   144      213    0      212     3     2     1     1     0     8    0
amappl9    136     1078    0     1072     1     0     1     1     0     8    0
amappl8    128      622    0      592     2     0     2     2     0     8    1
amappl7    120      282    0      276     1     0     1     1     0     8    0
amappl6    112      100    0       91     1     0     1     1     0     8    0
amappl5    104      417    0      404     1     0     1     1     0     8    0
amappl4     96     2870    0     2846     1     0     1     1     0     8    0
amappl3     88      293    0      286     1     0     1     1     0     8    0
amappl2     80    18826    0    18754     4     2     2     3     0     8    0
amappl1     72    53741    0    53335    27    18     9    20     0     8    0
amappl      80     5516    0     5466     2     0     2     2     0    84    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       17    0       17     1     1     0     1     0     8    0
aobjpl      64      117    0        9     2     0     2     2     0     8    0
uaddrrnd    24     2536    0     2508     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     2536    0     2508     1     0     1     1     0     8    0
vmmpekpl   168    18972    0    18945     2     0     2     2     0     8    0
vmmpepl    168   304471    0   302407   219    77   142   142     0   357   44
vmsppl     272     2521    0     2508     4     2     2     2     0     8    1
pdppl      4096    5078    0     5033     7     1     6     6     0     8    0
pvpl        32   762389    0   745433   317    92   225   303     0   265   57
pmappl     200     2535    0     2512     2     0     2     2     0     8    0
extentpl    40       41    0       26     1     0     1     1     0     8    0
phpool     112      637    0       97    16     0    16    16     0     8    0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/08 23:46 openbsd 70f1de17401b b1ebbfef .config console log report ci-openbsd-main
* Struck through repros no longer work on HEAD.