syzbot


uvm_fault: m_copyback

Status: fixed on 2021/01/20 22:02
Reported-by: syzbot+947e89e06ac3fec187d0@syzkaller.appspotmail.com
Fix commit: 2cbebc019f52 pflog(4) tried to log the translated packet with rdr-to, nat-to, and af-to addresses and ports applied. Therefore it created a mbuf chain on the stack with a partial copy. This is too complicated for IP options, extension header, NAT46 af-to, and fragmented mbuf chains. It even caused a crash in syzkaller. Usually the length checks in pf_setup_pdesc() rejected the faked mbuf and the goto copy logged the packet unmodified. Remove the pflog_mtap() function and call bpf_mtap_hdr() directly. As the old buggy code was bypassed in most cases, tcpdump(8) output of pflog does not change. Uncondionally log the unmodified packet. Reported-by: syzbot+947e89e06ac3fec187d0@syzkaller.appspotmail.com OK sashan@
First crash: 849d, last: 701d

Sample crash report:
uvm_fault(0xffffffff828acf98, 0xffffffff8267b2b8, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at      m_copyback+0x119:       addq    $0x1,0x8(%rcx,%rbx,8)
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xffffffff828acf98, 0xffffffff8267b2b8, 0, 2) -> e
m_copyback(ffff80002129c6e0,138,0,ffff80002129c8a4,2) at m_copyback+0x119 m_get sys/sys/percpu.h:125 [inline]
m_copyback(ffff80002129c6e0,138,0,ffff80002129c8a4,2) at m_copyback+0x119 sys/kern/uipc_mbuf.c:756
end trace frame: 0xffff80002129c960, count: 0
ddb{0}> trace
m_copyback(ffff80002129c6e0,138,0,ffff80002129c8a4,2) at m_copyback+0x119 m_get sys/sys/percpu.h:125 [inline]
m_copyback(ffff80002129c6e0,138,0,ffff80002129c8a4,2) at m_copyback+0x119 sys/kern/uipc_mbuf.c:756
pflog_mtap(ffff8000000449c0,ffff80002129c988,fffffd806506df00) at pflog_mtap+0x446 sys/net/if_pflog.c:390
pflog_packet(ffff80002129ca88,0,ffff800000ac9fe8,0,ffffffff828c8308,0) at pflog_packet+0x3a4
pf_test(18,1,ffff800000b1f800,ffff80002129cd58) at pf_test+0xfd2 sys/net/pf.c:7228
ip6_input_if(ffff80002129cd58,ffff80002129cd64,29,0,ffff800000b1f800) at ip6_input_if+0x945 sys/netinet6/ip6_input.c:300
ipv6_input(ffff800000b1f800,fffffd806506df00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171
tun_dev_write(5d00,ffff80002129d048,ffff8000244d4000,2) at tun_dev_write+0x204 sys/net/if_tun.c:867
spec_write(ffff80002129cea0) at spec_write+0xd4 sys/kern/spec_vnops.c:309
VOP_WRITE(fffffd806e881088,ffff80002129d048,11,fffffd807f7b77e0) at VOP_WRITE+0xc6 sys/kern/vfs_vops.c:274
vn_write(fffffd8067eb6868,ffff80002129d048,0) at vn_write+0x14e sys/kern/vfs_vnops.c:414
dofilewritev(ffff80002123c540,f0,ffff80002129d048,0,ffff80002129d130) at dofilewritev+0x1ab sys/kern/sys_generic.c:379
sys_write(ffff80002123c540,ffff80002129d0e0,ffff80002129d130) at sys_write+0x83 sys/kern/sys_generic.c:299
syscall(ffff80002129d1b0) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002129d1b0) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:590
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x50736c8ebe0, count: -14
ddb{0}> show registers
rdi                                0
rsi                          0xa2b65    acpi_pdirpa+0x8e9cd
rbp               0xffff80002129c6c0
rbx               0xffffffffffff8d2e
rdx                          0xa2b64    acpi_pdirpa+0x8e9cc
rcx               0xffffffff826b4940    mbstat_boot_boot_cpumem
rax                                0
r8                               0x2
r9                               0x1
r10               0x47b47a339f5e9526
r11               0xfd07d05b59bc5376
r12               0xfffffd8065074600
r13                            0x108
r14                             0x30
r15               0xffff80002129c8c0
rip               0xffffffff81139559    m_copyback+0x119
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff80002129c600
ss                              0x10
m_copyback+0x119:       addq    $0x1,0x8(%rcx,%rbx,8)
ddb{0}> show proc
PROC (syz-executor.0) pid=61557 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=86, usrpri=86, nice=20
    forw=0xffffffffffffffff, list=0xffff80002123cd20,0xffffffff828e9f48
    process=0xffff800021237680 user=0xffff800021298000, vmspace=0xfffffd807effaa10
    estcpu=36, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 25794  281687  59516      0  7           0                syz-executor.0
*25794   61557  59516      0  7   0x4000000                syz-executor.0
 59516  495967  76757      0  3        0x82  nanoslp       syz-executor.0
 46610  309914      0      0  3     0x14200  bored         sosplice
 64159  102695      1      0  3    0x100083  ttyin         getty
 36241  110484  76757      0  3         0x2  biowait       syz-executor.1
 76757  405995   2059      0  3        0x82  thrsleep      syz-fuzzer
 76757  205592   2059      0  3   0x4000082  nanoslp       syz-fuzzer
 76757  180503   2059      0  3   0x4000082  thrsleep      syz-fuzzer
 76757   26568   2059      0  3   0x4000082  thrsleep      syz-fuzzer
 76757   71748   2059      0  3   0x4000082  thrsleep      syz-fuzzer
 76757  336590   2059      0  3   0x4000082  kqread        syz-fuzzer
 76757  397790   2059      0  3   0x4000082  thrsleep      syz-fuzzer
 76757  486642   2059      0  3   0x4000082  nanoslp       syz-fuzzer
  2059  175739  68586      0  3    0x10008a  sigsusp       ksh
 68586   96200  23957      0  3        0x92  kqread        sshd
 23957  435963      1      0  3        0x80  kqread        sshd
 48219   63461   7378     74  3    0x100092  bpf           pflogd
  7378  478214      1      0  3        0x80  netio         pflogd
 65535  106722  50733     73  3    0x100090  kqread        syslogd
 50733  204032      1      0  3    0x100082  netio         syslogd
 53407   21578      1     77  3    0x100090  poll          dhclient
 17295  149699      1      0  3        0x80  poll          dhclient
 54656   23536      0      0  3     0x14200  bored         smr
 72692  343142      0      0  2     0x14200                zerothread
 89321  106736      0      0  3     0x14200  aiodoned      aiodoned
 48815   95790      0      0  3     0x14200  syncer        update
 48085  222734      0      0  3     0x14200  cleaner       cleaner
 18539  102045      0      0  3     0x14200  reaper        reaper
 18628   51984      0      0  3     0x14200  pgdaemon      pagedaemon
   171  432494      0      0  3     0x14200  bored         crynlk
 69145     957      0      0  3     0x14200  bored         crypto
 13777  111999      0      0  3     0x14200  bored         viomb
  9820   81815      0      0  3  0x40014200  acpi0         acpi0
 38147  264793      0      0  3  0x40014200                idle1
 78623  258988      0      0  3     0x14200  bored         softnet
 74224  324480      0      0  3     0x14200  bored         systqmp
 44672  163541      0      0  3     0x14200  bored         systq
 98093  508259      0      0  3  0x40014200  bored         softclock
  6187   68140      0      0  3  0x40014200                idle0
     1  403265      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}> show all locks
Process 25794 (syz-executor.0) thread 0xffff80002123c540 (61557)
exclusive rwlock netlock r = 0 (0xffffffff827347f0)
#0  witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0  witness_lock+0x4b0 sys/kern/subr_witness.c:1176
#1  tun_dev_write+0x1f9 sys/net/if_tun.c:866
#2  spec_write+0xd4 sys/kern/spec_vnops.c:309
#3  VOP_WRITE+0xc6 sys/kern/vfs_vops.c:274
#4  vn_write+0x14e sys/kern/vfs_vnops.c:414
#5  dofilewritev+0x1ab sys/kern/sys_generic.c:379
#6  sys_write+0x83 sys/kern/sys_generic.c:299
#7  syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#7  syscall+0x4a1 sys/arch/amd64/amd64/trap.c:590
#8  Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828ba938)
#0  witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0  witness_lock+0x4b0 sys/kern/subr_witness.c:1176
#1  vn_write+0x42 sys/kern/vfs_vnops.c:399
#2  dofilewritev+0x1ab sys/kern/sys_generic.c:379
#3  sys_write+0x83 sys/kern/sys_generic.c:299
#4  syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4  syscall+0x4a1 sys/arch/amd64/amd64/trap.c:590
#5  Xsyscall+0x128
Process 36241 (syz-executor.1) thread 0xffff80002123dce0 (110484)
exclusive rrwlock inode r = 0 (0xfffffd806638e4e0)
#0  witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0  witness_lock+0x4b0 sys/kern/subr_witness.c:1176
#1  rw_enter+0x446 sys/kern/kern_rwlock.c:311
#2  rrw_enter+0x88 sys/kern/kern_rwlock.c:462
#3  ufs_ihashins+0x45 sys/ufs/ufs/ufs_ihash.c:140
#4  ffs_vget+0x135 sys/ufs/ffs/ffs_vfsops.c:1350
#5  ffs_inode_alloc+0x1e1 sys/ufs/ffs/ffs_alloc.c:394
#6  ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#7  VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:459
#8  domkdirat+0x121 sys/kern/vfs_syscalls.c:3064
#9  syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#9  syscall+0x4a1 sys/arch/amd64/amd64/trap.c:590
#10 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd807bbc2098)
#0  witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0  witness_lock+0x4b0 sys/kern/subr_witness.c:1176
#1  rw_enter+0x446 sys/kern/kern_rwlock.c:311
#2  rrw_enter+0x88 sys/kern/kern_rwlock.c:462
#3  VOP_LOCK+0x4b sys/kern/vfs_vops.c:614
#4  vn_lock+0x6c sys/kern/vfs_vnops.c:575
#5  vfs_lookup+0xe6 sys/kern/vfs_lookup.c:419
#6  namei+0x5f7 sys/kern/vfs_lookup.c:249
#7  domkdirat+0x75 sys/kern/vfs_syscalls.c:3049
#8  syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8  syscall+0x4a1 sys/arch/amd64/amd64/trap.c:590
#9  Xsyscall+0x128
ddb{0}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf  9510   6426K    7331K  78643K     13165        0
            pcb    13      8K       8K  78643K        93        0
         rtable   110      3K       4K  78643K       418        0
         ifaddr    58     12K      13K  78643K       137        0
         sysctl     2      0K       0K  78643K         2        0
       counters    44     34K      34K  78643K        76        0
       ioctlops     0      0K       4K  78643K      1525        0
            iov     0      0K      16K  78643K        69        0
          mount     1      1K       1K  78643K         1        0
         vnodes  1224     77K      77K  78643K      2104        0
      UFS quota     1     32K      32K  78643K         1        0
      UFS mount     5     36K      36K  78643K         5        0
            shm     2      1K       5K  78643K         9        0
         VM map     2      1K       1K  78643K         2        0
            sem    12      0K       1K  78643K        92        0
        dirhash    12      2K       2K  78643K        12        0
           ACPI  1697    195K     286K  78643K     12598        0
      file desc     5     13K      25K  78643K      2350        0
           proc    62     63K      95K  78643K       583        0
        subproc    32      2K       2K  78643K        51        0
    NFS srvsock     1      0K       0K  78643K         1        0
     NFS daemon     1     16K      16K  78643K         1        0
    ip_moptions     0      0K       0K  78643K        88        0
       in_multi    33      2K       2K  78643K        96        0
    ether_multi     1      0K       0K  78643K        31        0
            mrt     0      0K       0K  78643K        42        0
    ISOFS mount     1     32K      32K  78643K         1        0
  MSDOSFS mount     1     16K      16K  78643K         1        0
           ttys    55    254K     254K  78643K        55        0
           exec     0      0K       2K  78643K       445        0
        pagedep     1      8K       8K  78643K         1        0
       inodedep     1     32K      32K  78643K         1        0
         newblk     1      0K       0K  78643K         1        0
        VM swap     7     26K      26K  78643K         7        0
       UVM amap   164     63K      63K  78643K      6467        0
       UVM aobj    30      2K       2K  78643K        30        0
        memdesc     1      4K       4K  78643K         1        0
    crypto data     1      1K       1K  78643K         1        0
    ip6_options     0      0K       0K  78643K       104        0
            NDP     9      0K       0K  78643K        31        0
           temp   120   3982K    4046K  78643K     18010        0
         kqueue     5      8K      16K  78643K        96        0
      SYN cache     2     16K      16K  78643K         2        0
ddb{0}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64        8    0        2     1     0     1     1     0     8    0
plcache    128       20    0        0     1     0     1     1     0     8    0
rtpcb      120       78    0       76     1     0     1     1     0     8    0
rtentry    112       68    0       23     2     0     2     2     0     8    0
unpcb      120      438    0      428     2     1     1     2     0     8    0
syncache   296       10    0       10     2     2     0     1     0     8    0
tcpqe       32       83    0       83     2     2     0     1     0     8    0
tcpcb      736      243    0      236     6     3     3     3     0     8    0
inpcb      296      728    0      718     4     2     2     2     0     8    1
rttmr       72       11    0       11     2     2     0     1     0     8    0
nd6         48       10    0        3     1     0     1     1     0     8    0
kcovpl      48        3    0        1     1     0     1     1     0     8    0
ppxss      1128       6    0        6     2     1     1     1     0     8    1
pfstscr     40        2    0        2     1     1     0     1     0     8    0
pffrag     232        1    0        0     1     0     1     1     0   482    0
pffrnode    88        1    0        0     1     0     1     1     0     8    0
pffrent     40        2    0        1     1     0     1     1     0     8    0
pfosfp      40     1428    0     1005     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfstitem    24       42    0       17     1     0     1     1     0     8    0
pfstkey    112       42    0       17     1     0     1     1     0     8    0
pfstate    328       41    0       16     4     1     3     3     0     8    0
pfrule     1360      28    0       21     2     1     1     2     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      238    0       44    13     0    13    13     0     8    0
art_table   32      239    0       44     2     0     2     2     0     8    0
art_node    16       67    0       26     1     0     1     1     0     8    0
sysvmsgpl   40       28    0        2     1     0     1     1     0     8    0
semapl     112       89    0       79     1     0     1     1     0     8    0
shmpl      112       27    0        0     1     0     1     1     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino2pl    256     4132    0     2735    90     2    88    89     0     8    0
ffsino     272     4132    0     2735    95     0    95    95     0     8    0
nchpl      144     6897    0     5305    60     0    60    60     0     8    0
uvmvnodes   72     4913    0        0    90     0    90    90     0     8    0
vnodes     224     4913    0        0   289     0   289   289     0     8    0
namei      1024   17295    0    17294     1     0     1     1     0     8    0
percpumem   16       49    0       16     1     0     1     1     0     8    0
vcpupl     1984       4    0        0     1     0     1     1     0     8    0
vmpool     560        4    0        0     1     0     1     1     0     8    0
scsiplug    72       11    0       11     1     1     0     1     0     8    0
scxspl     216    20625    0    20624    12    11     1     8     0     8    0
plimitpl   152      132    0      124     1     0     1     1     0     8    0
sigapl     424     2567    0     2534     4     0     4     4     0     8    0
futexpl     56    14099    0    14099     1     0     1     1     0     8    1
knotepl    112    26187    0    26161     2     1     1     2     0     8    0
kqueuepl   168     1200    0     1196     1     0     1     1     0     8    0
pipepl     336      149    0      138     5     3     2     2     0     8    1
fdescpl    496     2548    0     2532     3     0     3     3     0     8    0
filepl     152     8181    0     8079     6     1     5     6     0     8    1
lockfpl    104      180    0      179     1     0     1     1     0     8    0
lockfspl    48       73    0       72     1     0     1     1     0     8    0
sessionpl  144       20    0        9     1     0     1     1     0     8    0
pgrppl      48       22    0       11     1     0     1     1     0     8    0
ucredpl     96      903    0      894     1     0     1     1     0     8    0
zombiepl   144     2534    0     2534     1     0     1     1     0     8    1
processpl  1072    2567    0     2534     3     0     3     3     0     8    0
procpl     672     5610    0     5569     4     0     4     4     0     8    0
sosppl     168       29    0       26     2     1     1     1     0     8    0
sockpl     432     1246    0     1224     9     5     4     6     0     8    1
mcl64k     65536     11    0        0     2     0     2     2     0     8    0
mcl12k     12288      3    0        0     1     0     1     1     0     8    0
mcl9k      9216       4    0        0     1     0     1     1     0     8    0
mcl8k      8192      11    0        0     2     0     2     2     0     8    0
mcl4k      4096       7    0        0     1     0     1     1     0     8    0
mcl2k2     2112       1    0        0     1     0     1     1     0     8    0
mcl2k      2048     180    0        0    19     0    19    19     0     8    0
mtagpl      96      166    0        0     5     0     5     5     0     8    0
mbufpl     256      958    0        0    58     0    58    58     0     8    0
bufpl      280     6340    0      183   440     0   440   440     0     8    0
anonpl      16   262150    0   247402   104    41    63    91     0   124    0
amapchunkpl 152   11302    0    10936    32    17    15    28     0   158    0
amappl16   192    11644    0    11073    79    50    29    53     0     8    0
amappl15   184        4    0        2     1     0     1     1     0     8    0
amappl14   176       23    0       19     1     0     1     1     0     8    0
amappl13   168       34    0       32     1     0     1     1     0     8    0
amappl12   160       12    0        7     1     0     1     1     0     8    0
amappl11   152      329    0      310     1     0     1     1     0     8    0
amappl10   144     2066    0     2060     1     0     1     1     0     8    0
amappl9    136      285    0      285     1     1     0     1     0     8    0
amappl8    128      183    0      129     2     0     2     2     0     8    0
amappl7    120      259    0      251     1     0     1     1     0     8    0
amappl6    112     2123    0     2108     1     0     1     1     0     8    0
amappl5    104     2707    0     2687     1     0     1     1     0     8    0
amappl4     96      559    0      530     1     0     1     1     0     8    0
amappl3     88      170    0      162     1     0     1     1     0     8    0
amappl2     80    19518    0    19449     2     0     2     2     0     8    0
amappl1     72    79894    0    79424    24    14    10    19     0     8    0
amappl      80     5941    0     5853     2     0     2     2     0    84    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      64       29    0        0     1     0     1     1     0     8    0
uaddrrnd    24     2552    0     2532     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     2552    0     2532     1     0     1     1     0     8    0
vmmpekpl   168    16730    0    16701     2     0     2     2     0     8    0
vmmpepl    168   328403    0   326571   137    43    94   105     0   357    7
vmsppl     368     2551    0     2532     2     0     2     2     0     8    0
pdppl      4096    5111    0     5068    62    17    45    46     0     8    2
pvpl        32  1021068    0  1003579   223    55   168   211     0   265   19
pmappl     232     2551    0     2532     3     1     2     2     0     8    0
extentpl    40       58    0       40     1     0     1     1     0     8    0
phpool     112      365    0       28    10     0    10    10     0     8    0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
m_copyback(ffff80002129c6e0,138,0,ffff80002129c8a4,2) at m_copyback+0x119 m_get sys/sys/percpu.h:125 [inline]
m_copyback(ffff80002129c6e0,138,0,ffff80002129c8a4,2) at m_copyback+0x119 sys/kern/uipc_mbuf.c:756
pflog_mtap(ffff8000000449c0,ffff80002129c988,fffffd806506df00) at pflog_mtap+0x446 sys/net/if_pflog.c:390
pflog_packet(ffff80002129ca88,0,ffff800000ac9fe8,0,ffffffff828c8308,0) at pflog_packet+0x3a4
pf_test(18,1,ffff800000b1f800,ffff80002129cd58) at pf_test+0xfd2 sys/net/pf.c:7228
ip6_input_if(ffff80002129cd58,ffff80002129cd64,29,0,ffff800000b1f800) at ip6_input_if+0x945 sys/netinet6/ip6_input.c:300
ipv6_input(ffff800000b1f800,fffffd806506df00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171
tun_dev_write(5d00,ffff80002129d048,ffff8000244d4000,2) at tun_dev_write+0x204 sys/net/if_tun.c:867
spec_write(ffff80002129cea0) at spec_write+0xd4 sys/kern/spec_vnops.c:309
VOP_WRITE(fffffd806e881088,ffff80002129d048,11,fffffd807f7b77e0) at VOP_WRITE+0xc6 sys/kern/vfs_vops.c:274
vn_write(fffffd8067eb6868,ffff80002129d048,0) at vn_write+0x14e sys/kern/vfs_vnops.c:414
dofilewritev(ffff80002123c540,f0,ffff80002129d048,0,ffff80002129d130) at dofilewritev+0x1ab sys/kern/sys_generic.c:379
sys_write(ffff80002123c540,ffff80002129d0e0,ffff80002129d130) at sys_write+0x83 sys/kern/sys_generic.c:299
syscall(ffff80002129d1b0) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002129d1b0) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:590
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x50736c8ebe0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at      x86_ipi_db+0x1a:        addq    $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
end of kernel
end trace frame: 0x7f7ffffeab30, count: -3

Crashes (69):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-openbsd-multicore 2021/01/03 04:50 openbsd e8326ca2c688 79264ae3 .config log report
ci-openbsd-multicore 2020/12/21 04:36 openbsd f0738f1860da 04201c06 .config log report
ci-openbsd-multicore 2020/12/11 22:43 openbsd 109c71d4397c bca53db9 .config log report
ci-openbsd-multicore 2020/11/23 14:46 openbsd d176a5c81a04 878fb17a .config log report
ci-openbsd-multicore 2020/11/18 10:59 openbsd 471d5e8a0b05 09323409 .config log report
ci-openbsd-multicore 2020/11/15 14:49 openbsd c63cca64c969 1bf9a662 .config log report
ci-openbsd-multicore 2020/11/11 12:10 openbsd f791c386a5be cca87986 .config log report
ci-openbsd-multicore 2020/10/23 09:52 openbsd a80e5d367a75 4e740c00 .config log report
ci-openbsd-multicore 2020/10/14 07:02 openbsd 05e0a99435b4 fc7735a2 .config log report
ci-openbsd-multicore 2020/10/12 15:33 openbsd 0d27d3d93b84 d32b0bbf .config log report
ci-openbsd-multicore 2020/10/12 13:37 openbsd 0d27d3d93b84 4a77ae0b .config log report
ci-openbsd-multicore 2020/10/09 21:22 openbsd 2769981bcf36 93817d89 .config log report
ci-openbsd-multicore 2020/10/07 05:37 openbsd 7392f8b916e4 1880b4a9 .config log report
ci-openbsd-multicore 2020/09/17 22:13 openbsd 222ffc23a7c7 8247808b .config log report
ci-openbsd-multicore 2020/09/17 17:02 openbsd 222ffc23a7c7 8247808b .config log report
ci-openbsd-multicore 2020/09/17 14:31 openbsd 222ffc23a7c7 8247808b .config log report
ci-openbsd-multicore 2020/09/12 10:21 openbsd c38ae11dbcbd 21d289c2 .config log report
ci-openbsd-multicore 2020/09/07 05:55 openbsd 1235808c95d2 abf9ba4f .config log report
ci-openbsd-multicore 2020/09/02 20:32 openbsd 42522c3881a4 abf9ba4f .config log report
ci-openbsd-multicore 2020/09/01 02:13 openbsd e3132ea9152e d5a3ae1f .config log report
ci-openbsd-multicore 2020/08/23 21:26 openbsd 7e57f0c193e5 1da71ab0 .config log report
ci-openbsd-multicore 2020/08/18 21:57 openbsd 0b50a22dd240 e1c29030 .config log report
ci-openbsd-multicore 2020/08/15 14:05 openbsd cc37c486677e c2707aa5 .config log report
ci-openbsd-multicore 2020/08/10 21:26 openbsd 3c86a58ec715 7adc7b65 .config log report
ci-openbsd-multicore 2020/08/09 10:39 openbsd 97da2ad2205f f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 07:20 openbsd 97da2ad2205f f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 06:19 openbsd 97da2ad2205f f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 06:08 openbsd 97da2ad2205f f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 05:37 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 05:30 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 04:50 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 04:49 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 04:25 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 04:13 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 04:08 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 03:50 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 03:11 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 02:21 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 02:17 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 02:15 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 01:57 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 01:55 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 01:48 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 01:46 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 01:26 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 00:45 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 00:42 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 00:28 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 00:25 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 23:50 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 23:21 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 23:19 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 23:14 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 22:35 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 22:34 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 22:28 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 22:02 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 22:02 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 21:59 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 21:57 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 21:32 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 21:18 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 19:29 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 18:42 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 18:03 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 16:48 openbsd a395eaf7c290 f721e4a0 .config log report
* Struck through repros no longer work on HEAD.