uvm_fault: killjobc
2 views
Skip to first unread message
syzbot
Dec 14, 2018, 6:47:04 AM12/14/18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b8bc906ae908 Fold mparse_parse_buffer() into mparse_readfd..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=1236b28b400000
kernel config: https://syzkaller.appspot.com/x/.config?x=906264fb5874384d
dashboard link: https://syzkaller.appspot.com/bug?extid=44bab40fc5a11357d774
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+44bab4...@syzkaller.appspotmail.com
uvm_fault(0xffffff003f12c840, 0xd8, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at killjobc+0x39: cmpq %r13,0xd8(%r12)
ddb>
ddb> set $lines = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffff003f12c840, 0xd8, 0, 1) -> e
killjobc(ffff8000149d02f8) at killjobc+0x39 sys/kern/kern_proc.c:410
end trace frame: 0xffff800014ace9e0, count: 0
ddb> trace
killjobc(ffff8000149d02f8) at killjobc+0x39 sys/kern/kern_proc.c:410
exit1(ffff800014a33c30,9,0) at exit1+0x24b sys/kern/kern_exit.c:200
postsig(100,ffff800014a33c30) at postsig+0x3cc sigexit
sys/kern/kern_sig.c:1500 [inline]
postsig(100,ffff800014a33c30) at postsig+0x3cc sys/kern/kern_sig.c:1432
userret(ffff800014acebd0) at userret+0xff sys/kern/kern_sig.c:1882
syscall(0) at syscall+0x45f mi_syscall_return sys/sys/syscall_mi.h:122
[inline]
syscall(0) at syscall+0x45f sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,b,9,b,12e17d,8e89f970000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff4090, count: -6
ddb> show registers
rdi 0xffff8000149d02f8
rsi 0x198
rbp 0xffff800014ace980
rbx 0xffffff0035f7de18
rdx 0
rcx 0xffffff002d157110
rax 0
r8 0
r9 0
r10 0
r11 0xffffffff813e6600 pool_lock_mtx_leave
r12 0
r13 0xffffff00376888c0
r14 0xffff8000149d02f8
r15 0xffffff002cfab1b0
rip 0xffffffff813ca7d9 killjobc+0x39
cs 0x8
rflags 0x10282 __ALIGN_SIZE+0xf282
rsp 0xffff800014ace960
ss 0x10
killjobc+0x39: cmpq %r13,0xd8(%r12)
ddb> show proc
PROC (syz-executor0) pid=389689 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
pri=32, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800014a339d8,0xffff8000ffffcbd0
process=0xffff8000149d02f8 user=0xffff800014ac9000,
vmspace=0xffffff003f12c840
estcpu=0, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
72054 90422 47561 0 4 0x82010 syz-executor0
72054 478036 47561 0 2 0x4082010 syz-executor0
72054 57742 47561 0 3 0x4082010 inode syz-executor0
72054 55370 47561 0 3 0x4082010 inode syz-executor0
72054 195698 47561 0 3 0x4002010 suspend syz-executor0
73375 4565 1 0 3 0x100083 ttyin getty
9857 521346 0 0 3 0x14200 bored sosplice
42102 193871 68623 0 3 0x82 piperd syz-executor1
68623 190627 24196 0 3 0x82 thrsleep syz-fuzzer
68623 385594 24196 0 3 0x4000082 nanosleep syz-fuzzer
68623 302991 24196 0 3 0x4000082 thrsleep syz-fuzzer
68623 394775 24196 0 2 0x4000082 syz-fuzzer
68623 427046 24196 0 2 0x4000002 syz-fuzzer
68623 16683 24196 0 3 0x4000082 thrsleep syz-fuzzer
68623 208500 24196 0 3 0x4000082 thrsleep syz-fuzzer
24196 46828 59855 0 3 0x10008a pause ksh
59855 171795 91914 0 3 0x92 select sshd
91914 330944 1 0 3 0x80 select sshd
14528 371606 50435 73 2 0x100010 syslogd
50435 88159 1 0 3 0x100082 netio syslogd
53097 48074 1 77 3 0x100090 poll dhclient
60566 153483 1 0 3 0x80 poll dhclient
38416 505064 0 0 3 0x14200 pgzero zerothread
34178 209095 0 0 3 0x14200 aiodoned aiodoned
62317 102611 0 0 3 0x14200 syncer update
74567 436645 0 0 3 0x14200 cleaner cleaner
69828 403084 0 0 3 0x14200 reaper reaper
56801 352078 0 0 3 0x14200 pgdaemon pagedaemon
99456 123136 0 0 3 0x14200 bored crynlk
76353 241709 0 0 3 0x14200 bored crypto
59210 383566 0 0 3 0x40014200 acpi0 acpi0
68431 11315 0 0 3 0x14200 bored softnet
1212 308051 0 0 3 0x14200 bored systqmp
41116 81364 0 0 3 0x14200 bored systq
86977 243047 0 0 3 0x40014200 bored softclock
25294 199213 0 0 3 0x40014200 idle0
1 440949 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: b8bc906ae908 Fold mparse_parse_buffer() into mparse_readfd..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=1236b28b400000
kernel config: https://syzkaller.appspot.com/x/.config?x=906264fb5874384d
dashboard link: https://syzkaller.appspot.com/bug?extid=44bab40fc5a11357d774
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+44bab4...@syzkaller.appspotmail.com
uvm_fault(0xffffff003f12c840, 0xd8, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at killjobc+0x39: cmpq %r13,0xd8(%r12)
ddb>
ddb> set $lines = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffff003f12c840, 0xd8, 0, 1) -> e
killjobc(ffff8000149d02f8) at killjobc+0x39 sys/kern/kern_proc.c:410
end trace frame: 0xffff800014ace9e0, count: 0
ddb> trace
killjobc(ffff8000149d02f8) at killjobc+0x39 sys/kern/kern_proc.c:410
exit1(ffff800014a33c30,9,0) at exit1+0x24b sys/kern/kern_exit.c:200
postsig(100,ffff800014a33c30) at postsig+0x3cc sigexit
sys/kern/kern_sig.c:1500 [inline]
postsig(100,ffff800014a33c30) at postsig+0x3cc sys/kern/kern_sig.c:1432
userret(ffff800014acebd0) at userret+0xff sys/kern/kern_sig.c:1882
syscall(0) at syscall+0x45f mi_syscall_return sys/sys/syscall_mi.h:122
[inline]
syscall(0) at syscall+0x45f sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,b,9,b,12e17d,8e89f970000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff4090, count: -6
ddb> show registers
rdi 0xffff8000149d02f8
rsi 0x198
rbp 0xffff800014ace980
rbx 0xffffff0035f7de18
rdx 0
rcx 0xffffff002d157110
rax 0
r8 0
r9 0
r10 0
r11 0xffffffff813e6600 pool_lock_mtx_leave
r12 0
r13 0xffffff00376888c0
r14 0xffff8000149d02f8
r15 0xffffff002cfab1b0
rip 0xffffffff813ca7d9 killjobc+0x39
cs 0x8
rflags 0x10282 __ALIGN_SIZE+0xf282
rsp 0xffff800014ace960
ss 0x10
killjobc+0x39: cmpq %r13,0xd8(%r12)
ddb> show proc
PROC (syz-executor0) pid=389689 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
pri=32, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800014a339d8,0xffff8000ffffcbd0
process=0xffff8000149d02f8 user=0xffff800014ac9000,
vmspace=0xffffff003f12c840
estcpu=0, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
72054 90422 47561 0 4 0x82010 syz-executor0
72054 478036 47561 0 2 0x4082010 syz-executor0
72054 57742 47561 0 3 0x4082010 inode syz-executor0
72054 55370 47561 0 3 0x4082010 inode syz-executor0
72054 195698 47561 0 3 0x4002010 suspend syz-executor0
73375 4565 1 0 3 0x100083 ttyin getty
9857 521346 0 0 3 0x14200 bored sosplice
42102 193871 68623 0 3 0x82 piperd syz-executor1
68623 190627 24196 0 3 0x82 thrsleep syz-fuzzer
68623 385594 24196 0 3 0x4000082 nanosleep syz-fuzzer
68623 302991 24196 0 3 0x4000082 thrsleep syz-fuzzer
68623 394775 24196 0 2 0x4000082 syz-fuzzer
68623 427046 24196 0 2 0x4000002 syz-fuzzer
68623 16683 24196 0 3 0x4000082 thrsleep syz-fuzzer
68623 208500 24196 0 3 0x4000082 thrsleep syz-fuzzer
24196 46828 59855 0 3 0x10008a pause ksh
59855 171795 91914 0 3 0x92 select sshd
91914 330944 1 0 3 0x80 select sshd
14528 371606 50435 73 2 0x100010 syslogd
50435 88159 1 0 3 0x100082 netio syslogd
53097 48074 1 77 3 0x100090 poll dhclient
60566 153483 1 0 3 0x80 poll dhclient
38416 505064 0 0 3 0x14200 pgzero zerothread
34178 209095 0 0 3 0x14200 aiodoned aiodoned
62317 102611 0 0 3 0x14200 syncer update
74567 436645 0 0 3 0x14200 cleaner cleaner
69828 403084 0 0 3 0x14200 reaper reaper
56801 352078 0 0 3 0x14200 pgdaemon pagedaemon
99456 123136 0 0 3 0x14200 bored crynlk
76353 241709 0 0 3 0x14200 bored crypto
59210 383566 0 0 3 0x40014200 acpi0 acpi0
68431 11315 0 0 3 0x14200 bored softnet
1212 308051 0 0 3 0x14200 bored systqmp
41116 81364 0 0 3 0x14200 bored systq
86977 243047 0 0 3 0x40014200 bored softclock
25294 199213 0 0 3 0x40014200 idle0
1 440949 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Anton Lindqvist
Dec 18, 2018, 1:54:40 PM12/18/18
to syzbot, syzkaller-o...@googlegroups.com
#syz fix: When no child devices are attached to a wsmux device, make sure to return an
Reply all
Reply to author
Forward
0 new messages