assert failed: pmap->pm_obj[i].uo_npages == 0
2 views
Skip to first unread message
syzbot
Mar 1, 2019, 1:14:07 PM3/1/19
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 46b12d457099 fix typo. pointed out by pgoyette@n.o.
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=103527a4c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=e2729c9f8c2922897057
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e2729c...@syzkaller.appspotmail.com
login: [ 267.8852424] panic: kernel diagnostic
assertion "pmap->pm_obj[i].uo_npages == 0" failed:
file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 2464
[ 267.8852424] cpu0: Begin traceback...
[ 267.8966872] vpanic() at netbsd:vpanic+0x214
[ 267.8966872] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 267.9102077] pmap_destroy() at netbsd:pmap_destroy+0x40d
[ 267.9211926] pmap_pp_remove() at netbsd:pmap_pp_remove+0x876
[ 267.9424601] uvm_anon_dispose() at netbsd:uvm_anon_dispose+0x179
[ 267.9539043] uvm_anon_freelst() at netbsd:uvm_anon_freelst+0x48
[ 267.9653477] amap_wipeout() at netbsd:amap_wipeout+0x237
[ 267.9767934] uvm_unmap_detach() at netbsd:uvm_unmap_detach+0x8b
[ 267.9882354] uvmspace_free() at netbsd:uvmspace_free+0x200
[ 267.9999776] exit1() at netbsd:exit1+0x39d
[ 268.0111239] sys_exit() at netbsd:sys_exit+0x6c
[ 268.0225687] syscall() at netbsd:syscall+0x32e
[ 268.0341439] --- syscall (number 1) ---
[ 268.0341439] 717055efe47a:
[ 268.0341439] cpu0: End traceback...
[ 268.0483542] dumping to dev 4,1 (offset=0, size=0): not possible
[ 268.0483542] rebooting...
SeaBIOS (version 1.8.2-20190204_181744-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2a00: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
| / - \ | / - 39066448\ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - +2876592\ | / - [1062569\ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / +1362192- \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / +1043671- \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - ]=0x2b4f688
\ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - WARNING: couldn't
open /var/db/entropy-file
WARNING: 1 module failed to load
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 46b12d457099 fix typo. pointed out by pgoyette@n.o.
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=103527a4c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=e2729c9f8c2922897057
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e2729c...@syzkaller.appspotmail.com
login: [ 267.8852424] panic: kernel diagnostic
assertion "pmap->pm_obj[i].uo_npages == 0" failed:
file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 2464
[ 267.8852424] cpu0: Begin traceback...
[ 267.8966872] vpanic() at netbsd:vpanic+0x214
[ 267.8966872] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 267.9102077] pmap_destroy() at netbsd:pmap_destroy+0x40d
[ 267.9211926] pmap_pp_remove() at netbsd:pmap_pp_remove+0x876
[ 267.9424601] uvm_anon_dispose() at netbsd:uvm_anon_dispose+0x179
[ 267.9539043] uvm_anon_freelst() at netbsd:uvm_anon_freelst+0x48
[ 267.9653477] amap_wipeout() at netbsd:amap_wipeout+0x237
[ 267.9767934] uvm_unmap_detach() at netbsd:uvm_unmap_detach+0x8b
[ 267.9882354] uvmspace_free() at netbsd:uvmspace_free+0x200
[ 267.9999776] exit1() at netbsd:exit1+0x39d
[ 268.0111239] sys_exit() at netbsd:sys_exit+0x6c
[ 268.0225687] syscall() at netbsd:syscall+0x32e
[ 268.0341439] --- syscall (number 1) ---
[ 268.0341439] 717055efe47a:
[ 268.0341439] cpu0: End traceback...
[ 268.0483542] dumping to dev 4,1 (offset=0, size=0): not possible
[ 268.0483542] rebooting...
SeaBIOS (version 1.8.2-20190204_181744-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2a00: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
| / - \ | / - 39066448\ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - +2876592\ | / - [1062569\ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / +1362192- \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / +1043671- \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - ]=0x2b4f688
\ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - WARNING: couldn't
open /var/db/entropy-file
WARNING: 1 module failed to load
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Mar 1, 2019, 1:46:06 PM3/1/19
to syzkaller-...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 46b12d457099 fix typo. pointed out by pgoyette@n.o.
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14f7755cc00000
dashboard link: https://syzkaller.appspot.com/bug?extid=e2729c9f8c2922897057
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e257d0c00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10411e62c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e2729c...@syzkaller.appspotmail.com
[ 33.7236060] panic: kernel diagnostic
[ 33.7236060] vpanic() at netbsd:vpanic+0x214
[ 33.7350488] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 33.7350488] pmap_destroy() at netbsd:pmap_destroy+0x40d
[ 33.7463794] pmap_pp_remove() at netbsd:pmap_pp_remove+0x876
[ 33.7463794] uvm_anon_dispose() at netbsd:uvm_anon_dispose+0x179
[ 33.7605841] uvm_anon_freelst() at netbsd:uvm_anon_freelst+0x48
[ 33.7709199] amap_wipeout() at netbsd:amap_wipeout+0x237
[ 33.7806778] uvm_unmap_detach() at netbsd:uvm_unmap_detach+0x8b
[ 33.7934585] uvmspace_free() at netbsd:uvmspace_free+0x200
[ 33.8032364] exit1() at netbsd:exit1+0x39d
[ 33.8032364] sys_exit() at netbsd:sys_exit+0x6c
[ 33.8162077] syscall() at netbsd:syscall+0x32e
[ 33.8259746] --- syscall (number 1) ---
[ 33.8259746] 7d493e6fe47a:
[ 33.8259746] cpu0: End traceback...
[ 33.8406363] dumping to dev 4,1 (offset=0, size=0): not possible
[ 33.8406363] rebooting...
HEAD commit: 46b12d457099 fix typo. pointed out by pgoyette@n.o.
git tree: netbsd
dashboard link: https://syzkaller.appspot.com/bug?extid=e2729c9f8c2922897057
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e257d0c00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10411e62c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e2729c...@syzkaller.appspotmail.com
assertion "pmap->pm_obj[i].uo_npages == 0" failed:
file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 2464
[ 33.7236060] cpu0: Begin traceback...
file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 2464
[ 33.7236060] vpanic() at netbsd:vpanic+0x214
[ 33.7350488] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 33.7350488] pmap_destroy() at netbsd:pmap_destroy+0x40d
[ 33.7463794] pmap_pp_remove() at netbsd:pmap_pp_remove+0x876
[ 33.7463794] uvm_anon_dispose() at netbsd:uvm_anon_dispose+0x179
[ 33.7605841] uvm_anon_freelst() at netbsd:uvm_anon_freelst+0x48
[ 33.7709199] amap_wipeout() at netbsd:amap_wipeout+0x237
[ 33.7806778] uvm_unmap_detach() at netbsd:uvm_unmap_detach+0x8b
[ 33.7934585] uvmspace_free() at netbsd:uvmspace_free+0x200
[ 33.8032364] exit1() at netbsd:exit1+0x39d
[ 33.8032364] sys_exit() at netbsd:sys_exit+0x6c
[ 33.8162077] syscall() at netbsd:syscall+0x32e
[ 33.8259746] --- syscall (number 1) ---
[ 33.8259746] 7d493e6fe47a:
[ 33.8259746] cpu0: End traceback...
[ 33.8406363] dumping to dev 4,1 (offset=0, size=0): not possible
[ 33.8406363] rebooting...
Maxime Villard
Jun 9, 2019, 2:15:17 AM6/9/19
to syzbot, syzkaller-...@googlegroups.com
#syz fix: in uvm_map_protect(), do a pmap_update() before possibly switching from removing pmap entries to creating them. this fixes the problem reported in https://syzkaller.appspot.com/bug?id=cc89e47f05e4eea2fd69bcccb5e837f8d1ab4d60
Kamil Rytarowski
Jun 9, 2019, 5:57:54 PM6/9/19
to Maxime Villard, syzbot, syzkaller-...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages