uvm_fault: ip_pcbopts
6 views
Skip to first unread message
syzbot
Nov 30, 2018, 4:18:03 PM11/30/18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: d93678d71f23 in getopts, when a option is followed by a co..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=103e79f5400000
dashboard link: https://syzkaller.appspot.com/bug?extid=139ac2d7d3d60162334b
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+139ac2...@syzkaller.appspotmail.com
uvm_fault(0xffffff007f12b528, 0xd0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at ip_pcbopts+0x19: movq 0(%r14),%rdi
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: d93678d71f23 in getopts, when a option is followed by a co..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=103e79f5400000
dashboard link: https://syzkaller.appspot.com/bug?extid=139ac2d7d3d60162334b
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+139ac2...@syzkaller.appspotmail.com
uvm_fault(0xffffff007f12b528, 0xd0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at ip_pcbopts+0x19: movq 0(%r14),%rdi
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Dec 2, 2018, 12:25:04 PM12/2/18
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: cedc02c7d74b update currency exchange rates;
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1224934d400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1442816d400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+139ac2...@syzkaller.appspotmail.com
login: uvm_fault(0xffffff007f12b948, 0xd0, 0, 1) -> e
ddb> set $lines = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffff007f12b948, 0xd0, 0, 1) -> e
ip_pcbopts(ffffff006e6fb488,0) at ip_pcbopts+0x19
end trace frame: 0xffff8000210fade0, count: 0
ddb> trace
ip_pcbopts(ffffff006e6fb488,0) at ip_pcbopts+0x19
sosetopt(ffffff006e4851e8,ffff8000210c2010,0,ffffff006e6fb488) at
sosetopt+0xbfsys_setsockopt(ffff8000210faf00,ffff8000210c2010,ffff8000210a5fd8)
at sys_setsockopt+0x1aa
syscall(0) at syscall+0x3e4
Xsyscall(6,0,0,0,1,7f7ffffd86c8) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd8680, count: -5
ddb> show registers
rdi 0xd0
rsi 0
rbp 0xffff8000210fad90
rbx 0xffffffff81041fb0 rip_ctloutput
rdx 0
rcx 0x1
rax 0
r8 0
r9 0
r10 0
r11 0xffffffff81041fb0 rip_ctloutput
r12 0x1
r13 0
r14 0xd0
r15 0
rip 0xffffffff81410a79 ip_pcbopts+0x19
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000210fad60
ss 0x10
ip_pcbopts+0x19: movq 0(%r14),%rdi
ddb> show proc
PROC (syz-executor0982) pid=246218 stat=onproc
flags process=2<EXEC> proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000210c2268,0xffffffff81eafff0
process=0xffff8000210a5fd8 user=0xffff8000210f5000,
vmspace=0xffffff007f12b948
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*93869 246218 74417 0 7 0x2 syz-executor0982
74417 221300 53905 0 3 0x10008a pause ksh
53905 62215 57600 0 3 0x92 select sshd
39356 508814 1 0 3 0x100083 ttyin getty
57600 169773 1 0 3 0x80 select sshd
676 299003 55282 73 2 0x100090 syslogd
55282 197277 1 0 3 0x100082 netio syslogd
76968 157695 1 77 3 0x100090 poll dhclient
36313 372561 1 0 3 0x80 poll dhclient
87206 31724 0 0 2 0x14200 zerothread
42189 155538 0 0 3 0x14200 aiodoned aiodoned
54161 202547 0 0 3 0x14200 syncer update
86651 322640 0 0 3 0x14200 cleaner cleaner
76129 74362 0 0 3 0x14200 reaper reaper
55072 169182 0 0 3 0x14200 pgdaemon pagedaemon
57347 22759 0 0 3 0x14200 bored crynlk
6643 440773 0 0 3 0x14200 bored crypto
78910 118818 0 0 3 0x40014200 acpi0 acpi0
6554 67769 0 0 3 0x14200 bored softnet
9 362753 0 0 3 0x14200 bored systqmp
16896 126092 0 0 3 0x14200 bored systq
20463 97100 0 0 3 0x40014200 bored softclock
1010 377392 0 0 3 0x40014200 idle0
1 38535 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb>
HEAD commit: cedc02c7d74b update currency exchange rates;
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=11f774db400000
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1224934d400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1442816d400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+139ac2...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Stopped at ip_pcbopts+0x19: movq 0(%r14),%rdi
ddb>
Stopped at ip_pcbopts+0x19: movq 0(%r14),%rdi
ddb> set $lines = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffff007f12b948, 0xd0, 0, 1) -> e
ip_pcbopts(ffffff006e6fb488,0) at ip_pcbopts+0x19
end trace frame: 0xffff8000210fade0, count: 0
ddb> trace
ip_pcbopts(ffffff006e6fb488,0) at ip_pcbopts+0x19
sosetopt(ffffff006e4851e8,ffff8000210c2010,0,ffffff006e6fb488) at
sosetopt+0xbfsys_setsockopt(ffff8000210faf00,ffff8000210c2010,ffff8000210a5fd8)
at sys_setsockopt+0x1aa
syscall(0) at syscall+0x3e4
Xsyscall(6,0,0,0,1,7f7ffffd86c8) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd8680, count: -5
ddb> show registers
rdi 0xd0
rsi 0
rbp 0xffff8000210fad90
rbx 0xffffffff81041fb0 rip_ctloutput
rdx 0
rcx 0x1
rax 0
r8 0
r9 0
r10 0
r11 0xffffffff81041fb0 rip_ctloutput
r12 0x1
r13 0
r14 0xd0
r15 0
rip 0xffffffff81410a79 ip_pcbopts+0x19
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000210fad60
ss 0x10
ip_pcbopts+0x19: movq 0(%r14),%rdi
ddb> show proc
PROC (syz-executor0982) pid=246218 stat=onproc
flags process=2<EXEC> proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000210c2268,0xffffffff81eafff0
process=0xffff8000210a5fd8 user=0xffff8000210f5000,
vmspace=0xffffff007f12b948
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*93869 246218 74417 0 7 0x2 syz-executor0982
74417 221300 53905 0 3 0x10008a pause ksh
53905 62215 57600 0 3 0x92 select sshd
39356 508814 1 0 3 0x100083 ttyin getty
57600 169773 1 0 3 0x80 select sshd
676 299003 55282 73 2 0x100090 syslogd
55282 197277 1 0 3 0x100082 netio syslogd
76968 157695 1 77 3 0x100090 poll dhclient
36313 372561 1 0 3 0x80 poll dhclient
87206 31724 0 0 2 0x14200 zerothread
42189 155538 0 0 3 0x14200 aiodoned aiodoned
54161 202547 0 0 3 0x14200 syncer update
86651 322640 0 0 3 0x14200 cleaner cleaner
76129 74362 0 0 3 0x14200 reaper reaper
55072 169182 0 0 3 0x14200 pgdaemon pagedaemon
57347 22759 0 0 3 0x14200 bored crynlk
6643 440773 0 0 3 0x14200 bored crypto
78910 118818 0 0 3 0x40014200 acpi0 acpi0
6554 67769 0 0 3 0x14200 bored softnet
9 362753 0 0 3 0x14200 bored systqmp
16896 126092 0 0 3 0x14200 bored systq
20463 97100 0 0 3 0x40014200 bored softclock
1010 377392 0 0 3 0x40014200 idle0
1 38535 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb>
Reply all
Reply to author
Forward
0 new messages