panic() at panic+0x154
5 views
Skip to first unread message
syzbot
Jan 23, 2019, 9:10:03 PM1/23/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 5c077b0f7c9a import unwindctl "toss it in man" deraadt@
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16bcf8c0c00000
kernel config: https://syzkaller.appspot.com/x/.config?x=ffa1da4399f74b2b
dashboard link: https://syzkaller.appspot.com/bug?extid=8352da5c61ebe2584112
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8352da...@syzkaller.appspotmail.com
panic() at panic+0x154 sys/kern/subr_prf.c:208
fifo_badop(ffffffff817a7612) at fifo_badop+0x12
sys/miscfs/fifofs/fifo_vnops.c:491
VOP_STRATEGY(810e5c952a53c4fb) at VOP_STRATEGY+0xa3 sys/kern/vfs_vops.c:715
bwrite(a60dd8767663f925) at bwrite+0x1f5 sys/kern/vfs_bio.c:742
VOP_BWRITE(ffa5c0c6e4a5f991) at VOP_BWRITE+0x54 sys/kern/vfs_vops.c:727
ufs_mkdir(bc324a8a4faa440d) at ufs_mkdir+0x73f sys/ufs/ufs/ufs_vnops.c:1250
VOP_MKDIR(b8f92dc3e873fbc,ffff8000ffff8260,1ed,ffffff9c) at VOP_MKDIR+0x72
sys/kern/vfs_vops.c:445
domkdirat(56bf7eda61b586b6,2,ffff8000ffff8260,ffff800014a1a2d0) at
domkdirat+0x12a sys/kern/vfs_syscalls.c:2881
syscall(c549e9ca5338300e) at syscall+0x528
Xsyscall(6,88,7f7ffffd5580,88,0,7f7ffffd55c0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd55f0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> show panic
fifo_badop called
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x154 sys/kern/subr_prf.c:208
fifo_badop(ffffffff817a7612) at fifo_badop+0x12
sys/miscfs/fifofs/fifo_vnops.c:491
VOP_STRATEGY(810e5c952a53c4fb) at VOP_STRATEGY+0xa3 sys/kern/vfs_vops.c:715
bwrite(a60dd8767663f925) at bwrite+0x1f5 sys/kern/vfs_bio.c:742
VOP_BWRITE(ffa5c0c6e4a5f991) at VOP_BWRITE+0x54 sys/kern/vfs_vops.c:727
ufs_mkdir(bc324a8a4faa440d) at ufs_mkdir+0x73f sys/ufs/ufs/ufs_vnops.c:1250
VOP_MKDIR(b8f92dc3e873fbc,ffff8000ffff8260,1ed,ffffff9c) at VOP_MKDIR+0x72
sys/kern/vfs_vops.c:445
domkdirat(56bf7eda61b586b6,2,ffff8000ffff8260,ffff800014a1a2d0) at
domkdirat+0x12a sys/kern/vfs_syscalls.c:2881
syscall(c549e9ca5338300e) at syscall+0x528
Xsyscall(6,88,7f7ffffd5580,88,0,7f7ffffd55c0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd55f0, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800014a19cd0
rbx 0xffff800014a19d70
rdx 0xffff8000ffff8260
rcx 0
rax 0
r8 0xffffffff819f77b4 kprintf+0x184
r9 0x1
r10 0xffff800014a19ad0
r11 0x9a697b2b21fba4fc
r12 0x3000000008
r13 0xffff800014a19ce0
r14 0x100
r15 0x1
rip 0xffffffff81369b08 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800014a19cc0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor0) pid=162947 stat=onproc
flags process=2<EXEC> proc=0
pri=17, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff9520,0xffff80001496d2e0
process=0xffff8000ffffa350 user=0xffff800014a15000,
vmspace=0xfffffd803f015210
estcpu=36, cpticks=5, pctcpu=0.3
user=0, sys=4, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
80629 180382 1 0 3 0x100083 ttyin getty
44782 358773 0 0 3 0x14200 bored sosplice
*37336 162947 72659 0 7 0x2 syz-executor0
48774 39123 72659 0 2 0x2 syz-executor1
72659 495850 70571 0 3 0x82 thrsleep syz-fuzzer
72659 470002 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 234349 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 94414 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 86434 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 46365 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 266305 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 341206 70571 0 3 0x4000082 kqread syz-fuzzer
72659 310298 70571 0 3 0x4000082 thrsleep syz-fuzzer
70571 86521 67164 0 3 0x10008a pause ksh
67164 30169 51052 0 3 0x92 select sshd
51052 265611 1 0 3 0x80 select sshd
71200 25543 95720 73 3 0x100090 kqread syslogd
95720 387245 1 0 3 0x100082 netio syslogd
59246 366719 1 77 3 0x100090 poll dhclient
21883 337429 1 0 3 0x80 poll dhclient
52481 196910 0 0 3 0x14200 pgzero zerothread
43867 254143 0 0 3 0x14200 aiodoned aiodoned
84455 339724 0 0 3 0x14200 syncer update
30410 322840 0 0 3 0x14200 cleaner cleaner
33743 142444 0 0 3 0x14200 reaper reaper
5747 459846 0 0 3 0x14200 pgdaemon pagedaemon
27444 520516 0 0 3 0x14200 bored crynlk
96133 63752 0 0 3 0x14200 bored crypto
66894 409101 0 0 3 0x40014200 acpi0 acpi0
74842 189754 0 0 3 0x14200 bored softnet
69548 142662 0 0 3 0x14200 bored systqmp
65738 9941 0 0 3 0x14200 bored systq
73538 505715 0 0 3 0x40014200 bored softclock
90320 349901 0 0 3 0x40014200 idle0
1 159367 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 5c077b0f7c9a import unwindctl "toss it in man" deraadt@
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16bcf8c0c00000
kernel config: https://syzkaller.appspot.com/x/.config?x=ffa1da4399f74b2b
dashboard link: https://syzkaller.appspot.com/bug?extid=8352da5c61ebe2584112
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8352da...@syzkaller.appspotmail.com
panic() at panic+0x154 sys/kern/subr_prf.c:208
fifo_badop(ffffffff817a7612) at fifo_badop+0x12
sys/miscfs/fifofs/fifo_vnops.c:491
VOP_STRATEGY(810e5c952a53c4fb) at VOP_STRATEGY+0xa3 sys/kern/vfs_vops.c:715
bwrite(a60dd8767663f925) at bwrite+0x1f5 sys/kern/vfs_bio.c:742
VOP_BWRITE(ffa5c0c6e4a5f991) at VOP_BWRITE+0x54 sys/kern/vfs_vops.c:727
ufs_mkdir(bc324a8a4faa440d) at ufs_mkdir+0x73f sys/ufs/ufs/ufs_vnops.c:1250
VOP_MKDIR(b8f92dc3e873fbc,ffff8000ffff8260,1ed,ffffff9c) at VOP_MKDIR+0x72
sys/kern/vfs_vops.c:445
domkdirat(56bf7eda61b586b6,2,ffff8000ffff8260,ffff800014a1a2d0) at
domkdirat+0x12a sys/kern/vfs_syscalls.c:2881
syscall(c549e9ca5338300e) at syscall+0x528
Xsyscall(6,88,7f7ffffd5580,88,0,7f7ffffd55c0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd55f0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> show panic
fifo_badop called
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x154 sys/kern/subr_prf.c:208
fifo_badop(ffffffff817a7612) at fifo_badop+0x12
sys/miscfs/fifofs/fifo_vnops.c:491
VOP_STRATEGY(810e5c952a53c4fb) at VOP_STRATEGY+0xa3 sys/kern/vfs_vops.c:715
bwrite(a60dd8767663f925) at bwrite+0x1f5 sys/kern/vfs_bio.c:742
VOP_BWRITE(ffa5c0c6e4a5f991) at VOP_BWRITE+0x54 sys/kern/vfs_vops.c:727
ufs_mkdir(bc324a8a4faa440d) at ufs_mkdir+0x73f sys/ufs/ufs/ufs_vnops.c:1250
VOP_MKDIR(b8f92dc3e873fbc,ffff8000ffff8260,1ed,ffffff9c) at VOP_MKDIR+0x72
sys/kern/vfs_vops.c:445
domkdirat(56bf7eda61b586b6,2,ffff8000ffff8260,ffff800014a1a2d0) at
domkdirat+0x12a sys/kern/vfs_syscalls.c:2881
syscall(c549e9ca5338300e) at syscall+0x528
Xsyscall(6,88,7f7ffffd5580,88,0,7f7ffffd55c0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd55f0, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800014a19cd0
rbx 0xffff800014a19d70
rdx 0xffff8000ffff8260
rcx 0
rax 0
r8 0xffffffff819f77b4 kprintf+0x184
r9 0x1
r10 0xffff800014a19ad0
r11 0x9a697b2b21fba4fc
r12 0x3000000008
r13 0xffff800014a19ce0
r14 0x100
r15 0x1
rip 0xffffffff81369b08 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800014a19cc0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor0) pid=162947 stat=onproc
flags process=2<EXEC> proc=0
pri=17, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff9520,0xffff80001496d2e0
process=0xffff8000ffffa350 user=0xffff800014a15000,
vmspace=0xfffffd803f015210
estcpu=36, cpticks=5, pctcpu=0.3
user=0, sys=4, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
80629 180382 1 0 3 0x100083 ttyin getty
44782 358773 0 0 3 0x14200 bored sosplice
*37336 162947 72659 0 7 0x2 syz-executor0
48774 39123 72659 0 2 0x2 syz-executor1
72659 495850 70571 0 3 0x82 thrsleep syz-fuzzer
72659 470002 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 234349 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 94414 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 86434 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 46365 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 266305 70571 0 3 0x4000082 thrsleep syz-fuzzer
72659 341206 70571 0 3 0x4000082 kqread syz-fuzzer
72659 310298 70571 0 3 0x4000082 thrsleep syz-fuzzer
70571 86521 67164 0 3 0x10008a pause ksh
67164 30169 51052 0 3 0x92 select sshd
51052 265611 1 0 3 0x80 select sshd
71200 25543 95720 73 3 0x100090 kqread syslogd
95720 387245 1 0 3 0x100082 netio syslogd
59246 366719 1 77 3 0x100090 poll dhclient
21883 337429 1 0 3 0x80 poll dhclient
52481 196910 0 0 3 0x14200 pgzero zerothread
43867 254143 0 0 3 0x14200 aiodoned aiodoned
84455 339724 0 0 3 0x14200 syncer update
30410 322840 0 0 3 0x14200 cleaner cleaner
33743 142444 0 0 3 0x14200 reaper reaper
5747 459846 0 0 3 0x14200 pgdaemon pagedaemon
27444 520516 0 0 3 0x14200 bored crynlk
96133 63752 0 0 3 0x14200 bored crypto
66894 409101 0 0 3 0x40014200 acpi0 acpi0
74842 189754 0 0 3 0x14200 bored softnet
69548 142662 0 0 3 0x14200 bored systqmp
65738 9941 0 0 3 0x14200 bored systq
73538 505715 0 0 3 0x40014200 bored softclock
90320 349901 0 0 3 0x40014200 idle0
1 159367 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Greg Steuck
Jan 23, 2019, 10:40:02 PM1/23/19
to syzbot, syzkaller-o...@googlegroups.com
#syz_dup: panic: fifo_badop called
Anton Lindqvist
Jan 25, 2019, 2:05:25 AM1/25/19
to syzbot, syzkaller-o...@googlegroups.com
#syz_dup: panic: fifo_badop called
Reply all
Reply to author
Forward
0 new messages