page fault in shm_delete_mapping
3 views
Skip to first unread message
syzbot
May 7, 2019, 7:58:08 PM5/7/19
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 014f8a6c revert most of:
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14e08120a00000
dashboard link: https://syzkaller.appspot.com/bug?extid=8f470a1bf36b47ae0040
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8f470a...@syzkaller.appspotmail.com
[ 95.2110291] fatal page fault in supervisor mode
[ 95.2242980] trap type 6 code 0 rip 0xffffffff80fe92cc cs 0x8 rflags
0x10287 cr2 0xffff900000000000 ilevel 0 rsp 0xffffb9816eb07c88
[ 95.2393385] curlwp 0xffffb98011f41680 pid 4185.2 lowest kstack
0xffffb9816eb002c0
[ 95.2476256] panic: trap
[ 95.2476256] cpu0: Begin traceback...
[ 95.2555810] vpanic() at netbsd:vpanic+0x214
[ 95.2555810] snprintf() at netbsd:snprintf
23:36:59 executing program 4:
r0 = open$dir(&(0x7f00000003c0)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
readlink(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)=""/161, 0xa1)
faccessat(r0, &(0x7f0000000040)='./file0\x00', 0x2, 0x100)
[ 95.2671853] startlwp() at netbsd:startlwp
[ 95.2782142] alltraps() at netbsd:alltraps+0xb2
[ 95.2890002] shm_delete_mapping() at netbsd:shm_delete_mapping+0x7f
[ 95.3001421] sys_shmat() at netbsd:sys_shmat+0x4cd
[ 95.3001421] sys___syscall() at netbsd:sys___syscall+0xe2
[ 95.3136814] syscall() at netbsd:syscall+0x348
[ 95.3235213] --- syscall (number 198) ---
[ 95.3235213] 731f9903f4aa:
[ 95.3358110] cpu0: End traceback...
[ 95.3358110] dumping to dev 4,1 (offset=0, size=0): not possible
[ 95.3358110] rebooting...
SeaBIOS (version 1.8.2-20190308_060531-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f29d0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 014f8a6c revert most of:
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14e08120a00000
dashboard link: https://syzkaller.appspot.com/bug?extid=8f470a1bf36b47ae0040
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8f470a...@syzkaller.appspotmail.com
[ 95.2110291] fatal page fault in supervisor mode
[ 95.2242980] trap type 6 code 0 rip 0xffffffff80fe92cc cs 0x8 rflags
0x10287 cr2 0xffff900000000000 ilevel 0 rsp 0xffffb9816eb07c88
[ 95.2393385] curlwp 0xffffb98011f41680 pid 4185.2 lowest kstack
0xffffb9816eb002c0
[ 95.2476256] panic: trap
[ 95.2476256] cpu0: Begin traceback...
[ 95.2555810] vpanic() at netbsd:vpanic+0x214
[ 95.2555810] snprintf() at netbsd:snprintf
23:36:59 executing program 4:
r0 = open$dir(&(0x7f00000003c0)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
readlink(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)=""/161, 0xa1)
faccessat(r0, &(0x7f0000000040)='./file0\x00', 0x2, 0x100)
[ 95.2671853] startlwp() at netbsd:startlwp
[ 95.2782142] alltraps() at netbsd:alltraps+0xb2
[ 95.2890002] shm_delete_mapping() at netbsd:shm_delete_mapping+0x7f
[ 95.3001421] sys_shmat() at netbsd:sys_shmat+0x4cd
[ 95.3001421] sys___syscall() at netbsd:sys___syscall+0xe2
[ 95.3136814] syscall() at netbsd:syscall+0x348
[ 95.3235213] --- syscall (number 198) ---
[ 95.3235213] 731f9903f4aa:
[ 95.3358110] cpu0: End traceback...
[ 95.3358110] dumping to dev 4,1 (offset=0, size=0): not possible
[ 95.3358110] rebooting...
SeaBIOS (version 1.8.2-20190308_060531-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f29d0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 7, 2019, 8:44:07 PM5/7/19
to syzkaller-...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 014f8a6c revert most of:
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14767378a00000
dashboard link: https://syzkaller.appspot.com/bug?extid=8f470a1bf36b47ae0040
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1725008ca00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8f470a...@syzkaller.appspotmail.com
[ 35.2211678] fatal page fault in supervisor mode
[ 35.2322669] trap type 6 code 0 rip 0xffffffff80fe92cc cs 0x8 rflags
0x10287 cr2 0xffff900000000000 ilevel 0 rsp 0xffffa0016eef8c88
[ 35.2433679] curlwp 0xffffa00012ef70c0 pid 846.2 lowest kstack
0xffffa0016eef12c0
[ 35.2544650] panic: trap
[ 35.2544650] cpu1: Begin traceback...
[ 35.2544650] vpanic() at netbsd:vpanic+0x214
[ 35.2655624] snprintf() at netbsd:snprintf
[ 35.2766640] startlwp() at netbsd:startlwp
[ 35.2877674] alltraps() at netbsd:alltraps+0xb2
[ 35.2988634] shm_delete_mapping() at netbsd:shm_delete_mapping+0x7f
[ 35.3099637] sys_shmat() at netbsd:sys_shmat+0x4cd
[ 35.3210624] sys___syscall() at netbsd:sys___syscall+0xe2
[ 35.3432612] syscall() at netbsd:syscall+0x348
[ 35.3432612] --- syscall (number 198) ---
[ 35.3543619] 7709d703f4aa:
[ 35.3543619] cpu1: End traceback...
[ 35.3543619] dumping to dev 4,1 (offset=0, size=0): not possible
[ 35.3654585] rebooting...
HEAD commit: 014f8a6c revert most of:
git tree: netbsd
dashboard link: https://syzkaller.appspot.com/bug?extid=8f470a1bf36b47ae0040
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1725008ca00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8f470a...@syzkaller.appspotmail.com
[ 35.2322669] trap type 6 code 0 rip 0xffffffff80fe92cc cs 0x8 rflags
0x10287 cr2 0xffff900000000000 ilevel 0 rsp 0xffffa0016eef8c88
[ 35.2433679] curlwp 0xffffa00012ef70c0 pid 846.2 lowest kstack
0xffffa0016eef12c0
[ 35.2544650] panic: trap
[ 35.2544650] cpu1: Begin traceback...
[ 35.2544650] vpanic() at netbsd:vpanic+0x214
[ 35.2655624] snprintf() at netbsd:snprintf
[ 35.2766640] startlwp() at netbsd:startlwp
[ 35.2877674] alltraps() at netbsd:alltraps+0xb2
[ 35.2988634] shm_delete_mapping() at netbsd:shm_delete_mapping+0x7f
[ 35.3099637] sys_shmat() at netbsd:sys_shmat+0x4cd
[ 35.3210624] sys___syscall() at netbsd:sys___syscall+0xe2
[ 35.3432612] syscall() at netbsd:syscall+0x348
[ 35.3432612] --- syscall (number 198) ---
[ 35.3543619] 7709d703f4aa:
[ 35.3543619] cpu1: End traceback...
[ 35.3543619] dumping to dev 4,1 (offset=0, size=0): not possible
[ 35.3654585] rebooting...
Reply all
Reply to author
Forward
0 new messages