panic: ffs_read: type 0
6 views
Skip to first unread message
syzbot
Nov 17, 2018, 6:31:03 PM11/17/18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: df0bbf748a07 tcpdump(8) monitor process privdrop
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=165246a3400000
dashboard link: https://syzkaller.appspot.com/bug?extid=16562c83562dde1af9b3
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+16562c...@syzkaller.appspotmail.com
login: panic: ffs_read: type 0
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*126903 41537 0 0x2 0 0 dhclient
db_enter() at db_enter+0xa
panic() at panic+0x147
ffs_read(0) at ffs_read+0x382
VOP_READ(ffff80000e2bd498,ffffff0016c351e0,ffffff001f3fc4b0,0) at
VOP_READ+0x5e
vn_read(ffffff001f3fc4b0,ffff80000e290bc0,a1e8) at vn_read+0x130
dofilereadv(ffff80000e290bc0,ffff80000e2bd540,a1e8,ffff80000e2bd550,7f7ffffcc908)
at
dofilereadv+0x14f
sys_read(ffff80000e2bd5e0,ffff80000e290bc0,ffff80000e27cfd0) at
sys_read+0x6e
syscall(0) at syscall+0x3e4
Xsyscall(6,3,9,3,1b3d32cca000,1b3d284e3000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc920, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> show panic
ffs_read: type 0
ddb> trace
db_enter() at db_enter+0xa
panic() at panic+0x147
ffs_read(0) at ffs_read+0x382
VOP_READ(ffff80000e2bd498,ffffff0016c351e0,ffffff001f3fc4b0,0) at
VOP_READ+0x5evn_read(ffffff001f3fc4b0,ffff80000e290bc0,a1e8) at
vn_read+0x130
dofilereadv(ffff80000e290bc0,ffff80000e2bd540,a1e8,ffff80000e2bd550,7f7ffffcc908)
at
dofilereadv+0x14f
sys_read(ffff80000e2bd5e0,ffff80000e290bc0,ffff80000e27cfd0) at
sys_read+0x6e
syscall(0) at syscall+0x3e4
Xsyscall(6,3,9,3,1b3d32cca000,1b3d284e3000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc920, count: -9
ddb> show registers
rdi 0xffffffff81e17b60 kprintf_mutex
rsi 0x5
rbp 0xffff80000e2bd250
rbx 0xffff80000e2bd2f0
rdx 0x3fd
rcx 0
rax 0
r8 0xffff80000e2bd220
r9 0
r10 0
r11 0xffffffff8168bd40 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff80000e2bd260
r14 0x100
r15 0xffffffff81c5971a apollo_udma133_tim+0x2b40
rip 0xffffffff8150bbba db_enter+0xa
cs 0x8
rflags 0x246
rsp 0xffff80000e2bd250
ss 0x10
db_enter+0xa: popq %rbp
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: df0bbf748a07 tcpdump(8) monitor process privdrop
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=165246a3400000
dashboard link: https://syzkaller.appspot.com/bug?extid=16562c83562dde1af9b3
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+16562c...@syzkaller.appspotmail.com
login: panic: ffs_read: type 0
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*126903 41537 0 0x2 0 0 dhclient
db_enter() at db_enter+0xa
panic() at panic+0x147
ffs_read(0) at ffs_read+0x382
VOP_READ(ffff80000e2bd498,ffffff0016c351e0,ffffff001f3fc4b0,0) at
VOP_READ+0x5e
vn_read(ffffff001f3fc4b0,ffff80000e290bc0,a1e8) at vn_read+0x130
dofilereadv(ffff80000e290bc0,ffff80000e2bd540,a1e8,ffff80000e2bd550,7f7ffffcc908)
at
dofilereadv+0x14f
sys_read(ffff80000e2bd5e0,ffff80000e290bc0,ffff80000e27cfd0) at
sys_read+0x6e
syscall(0) at syscall+0x3e4
Xsyscall(6,3,9,3,1b3d32cca000,1b3d284e3000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc920, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> show panic
ffs_read: type 0
ddb> trace
db_enter() at db_enter+0xa
panic() at panic+0x147
ffs_read(0) at ffs_read+0x382
VOP_READ(ffff80000e2bd498,ffffff0016c351e0,ffffff001f3fc4b0,0) at
VOP_READ+0x5evn_read(ffffff001f3fc4b0,ffff80000e290bc0,a1e8) at
vn_read+0x130
dofilereadv(ffff80000e290bc0,ffff80000e2bd540,a1e8,ffff80000e2bd550,7f7ffffcc908)
at
dofilereadv+0x14f
sys_read(ffff80000e2bd5e0,ffff80000e290bc0,ffff80000e27cfd0) at
sys_read+0x6e
syscall(0) at syscall+0x3e4
Xsyscall(6,3,9,3,1b3d32cca000,1b3d284e3000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc920, count: -9
ddb> show registers
rdi 0xffffffff81e17b60 kprintf_mutex
rsi 0x5
rbp 0xffff80000e2bd250
rbx 0xffff80000e2bd2f0
rdx 0x3fd
rcx 0
rax 0
r8 0xffff80000e2bd220
r9 0
r10 0
r11 0xffffffff8168bd40 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff80000e2bd260
r14 0x100
r15 0xffffffff81c5971a apollo_udma133_tim+0x2b40
rip 0xffffffff8150bbba db_enter+0xa
cs 0x8
rflags 0x246
rsp 0xffff80000e2bd250
ss 0x10
db_enter+0xa: popq %rbp
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Reply all
Reply to author
Forward
0 new messages