uvm_fault(ADDR, ADDR, 0, 1) -> e (2)
0 views
Skip to first unread message
syzbot
May 28, 2020, 12:55:14 PM5/28/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: d2236770 fix Include before Match in sshd_config; bz#3122 ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12529d26100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=98f565059131c6e3e360
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+98f565...@syzkaller.appspotmail.com
uvm_fault(0xfffffd80542ce9a0, 0x8000000b, 0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff8138f33d cs 8 rflags 10246 cr2 8000000b cpl 7 rsp ffff80001d81fcb0
gsbase 0xffffffff824c4ff0 kgsbase 0x0
panic: trap type 6, code=0, pc=ffffffff8138f33d
Starting stack trace...
panic(ffffffff821d4b5b) at panic+0x14a sys/kern/subr_prf.c:207
kerntrap(ffff80001d81fc00) at kerntrap+0x1ad sys/arch/amd64/amd64/trap.c:297
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
in_delmulti(7fffffff) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff800000a3d000) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ff
ff800000a2e000) at in_ifdetach+0x74 sys/netinet/in.c:971
if_setrdomain(ffff800000a2e000,2) at if_setrdomain+0x19a sys/net/if.c:1887
ifioctl(fffffd80542d1c98,8020699f,ffff80001d81fef0,ffff80001d77d770) at ifioctl+0x169d sys/net/if.c:2147
sys_ioctl(ffff80001d77d770,ffff80001d820008,ffff80001d820050) at sys_ioctl+0x4a1
syscall(ffff80001d8200d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xdb6c93671b0, count: 246
End of stack trace.
syncing disks...9 9 9 9 9 9 9 9 set $lines = 0
9 9 9 set $maxwidth = 0
9 9 show panic
9 9 trace
9 9 show registers
9 show proc
9 9 ps
giving up
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-20200506_125016-google)
Total RAM Size = 0x000000006cc00000 = 1740 MiB
CPUs found: 1 Max CPUs supported: 1
Comparing RSDP and RSDP
Comparing RSDT and RSDT
Comparing FACP and FACP
Comparing FACS and FACS
return 0 for FACS vs FACS: SUCCESS
Comparing DSDT and DSDT
return 0 for DSDT vs DSDT: SUCCESS
return 0 for FACP vs FACP: SUCCESS
Comparing SRAT and SRAT
Diff at 8: 3, 1
Sending ACPI diff VM event for SRAT at 8. 0x3 vs 0x1
Diff at 9: 55, 57
Sending ACPI diff VM event for SRAT at 9. 0x55 vs 0x57
return 1 for SRAT vs SRAT: MEM_CMP FAILURE
Comparing APIC and APIC
Diff at 8: 5, 1
Sending ACPI diff VM event for APIC at 8. 0x5 vs 0x1
Diff at 9: 35, 39
Sending ACPI diff VM event for APIC at 9. 0x35 vs 0x39
return 1 for APIC vs APIC: MEM_CMP FAILURE
Comparing SSDT and SSDT
return 0 for SSDT vs SSDT: SUCCESS
Comparing WAET and WAET
return 0 for WAET vs WAET: SUCCESS
return 1 for RSDT vs RSDT: RSDT FAILURE
return 1 for RSDP vs RSDP: RSDP FAILURE
Sending ACPI diff VM event for ERR1 at 0. 0x0 vs 0x0
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=2097152 = 1024 MiB
drive 0x000f2130: PCHS=0/0/0 translation=lba LCHS=1024/32/63 s=2097152
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.47
boot> show malloc
boot: illegal argument malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: d2236770 fix Include before Match in sshd_config; bz#3122 ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12529d26100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=98f565059131c6e3e360
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+98f565...@syzkaller.appspotmail.com
uvm_fault(0xfffffd80542ce9a0, 0x8000000b, 0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff8138f33d cs 8 rflags 10246 cr2 8000000b cpl 7 rsp ffff80001d81fcb0
gsbase 0xffffffff824c4ff0 kgsbase 0x0
panic: trap type 6, code=0, pc=ffffffff8138f33d
Starting stack trace...
panic(ffffffff821d4b5b) at panic+0x14a sys/kern/subr_prf.c:207
kerntrap(ffff80001d81fc00) at kerntrap+0x1ad sys/arch/amd64/amd64/trap.c:297
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
in_delmulti(7fffffff) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff800000a3d000) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ff
ff800000a2e000) at in_ifdetach+0x74 sys/netinet/in.c:971
if_setrdomain(ffff800000a2e000,2) at if_setrdomain+0x19a sys/net/if.c:1887
ifioctl(fffffd80542d1c98,8020699f,ffff80001d81fef0,ffff80001d77d770) at ifioctl+0x169d sys/net/if.c:2147
sys_ioctl(ffff80001d77d770,ffff80001d820008,ffff80001d820050) at sys_ioctl+0x4a1
syscall(ffff80001d8200d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xdb6c93671b0, count: 246
End of stack trace.
syncing disks...9 9 9 9 9 9 9 9 set $lines = 0
9 9 9 set $maxwidth = 0
9 9 show panic
9 9 trace
9 9 show registers
9 show proc
9 9 ps
giving up
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-20200506_125016-google)
Total RAM Size = 0x000000006cc00000 = 1740 MiB
CPUs found: 1 Max CPUs supported: 1
Comparing RSDP and RSDP
Comparing RSDT and RSDT
Comparing FACP and FACP
Comparing FACS and FACS
return 0 for FACS vs FACS: SUCCESS
Comparing DSDT and DSDT
return 0 for DSDT vs DSDT: SUCCESS
return 0 for FACP vs FACP: SUCCESS
Comparing SRAT and SRAT
Diff at 8: 3, 1
Sending ACPI diff VM event for SRAT at 8. 0x3 vs 0x1
Diff at 9: 55, 57
Sending ACPI diff VM event for SRAT at 9. 0x55 vs 0x57
return 1 for SRAT vs SRAT: MEM_CMP FAILURE
Comparing APIC and APIC
Diff at 8: 5, 1
Sending ACPI diff VM event for APIC at 8. 0x5 vs 0x1
Diff at 9: 35, 39
Sending ACPI diff VM event for APIC at 9. 0x35 vs 0x39
return 1 for APIC vs APIC: MEM_CMP FAILURE
Comparing SSDT and SSDT
return 0 for SSDT vs SSDT: SUCCESS
Comparing WAET and WAET
return 0 for WAET vs WAET: SUCCESS
return 1 for RSDT vs RSDT: RSDT FAILURE
return 1 for RSDP vs RSDP: RSDP FAILURE
Sending ACPI diff VM event for ERR1 at 0. 0x0 vs 0x0
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=2097152 = 1024 MiB
drive 0x000f2130: PCHS=0/0/0 translation=lba LCHS=1024/32/63 s=2097152
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.47
boot> show malloc
boot: illegal argument malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
May 29, 2020, 2:34:05 AM5/29/20
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: uvm_fault: in_delmulti
Reply all
Reply to author
Forward
0 new messages