uvm_fault_unwire_locked: address not in map
Visto 4 veces
Saltar al primer mensaje no leído
syzbot
11 oct 2018, 6:17:0411/10/18
a syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 93e79386f776 remove unused files
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=17cc5e3a400000
dashboard link: https://syzkaller.appspot.com/bug?extid=aba4d0fdd09b1ca404d0
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+aba4d0...@syzkaller.appspotmail.com
.@�Gt�5cE��� >� !%Ji
���%����Y� ��#��h0LsW�҃ ɭ�s �z=� 2�h3<pqN�A��c)��p� � XA�3V�?I ���h5K�� r.@�Gt�5cE��� >� !%Ji
���%����Y� ��#��h0LsW�҃ ɭ�s �z=� 2�h3<pqN�A��c)��p� � XA�3V�?I ���h5K�� rpanic:
uvm_fault_unwire_locked:
address not in map
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*223229 81679 0 0 0x4000000 0 syz-executor0
db_enter() at db_enter+0xa
panic() at panic+0x147
uvm_fault_unwire_locked(ffffff001f717108,5,ffffff00125d64d8) at
uvm_fault_unwir
e_locked+0x270
uvm_map_pageable_wire(4000,ffffff001f717108,0,ffff80000e383a48,1,ffffff00125d64
d8) at uvm_map_pageable_wire+0x475
uvm_mmaplock(ffffff001f717108,ffffff001e6d4ab0,ffffff0015a156a0,1,12) at
uvm_mm
aplock+0x103
sys_mmap(ffff80000e383b60,ffff80000e2e70c0,ffff80000e27cc88) at
sys_mmap+0x89b
syscall(0) at syscall+0x3e4
Xsyscall(6,0,77,0,7,13aa0010) at Xsyscall+0x128
end of kernel
end trace frame: 0x22c285100, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb> trace
db_enter() at db_enter+0xa
panic() at panic+0x147
uvm_fault_unwire_locked(ffffff001f717108,5,ffffff00125d64d8) at
uvm_fault_unwir
e_locked+0x270
uvm_map_pageable_wire(4000,ffffff001f717108,0,ffff80000e383a48,1,ffffff00125d64
d8) at uvm_map_pageable_wire+0x475
uvm_mmaplock(ffffff001f717108,ffffff001e6d4ab0,ffffff0015a156a0,1,12) at
uvm_mm
aplock+0x103
sys_mmap(ffff80000e383b60,ffff80000e2e70c0,ffff80000e27cc88) at
sys_mmap+0x89b
syscall(0) at syscall+0x3e4
Xsyscall(6,0,77,0,7,13aa0010) at Xsyscall+0x128
end of kernel
end trace frame: 0x22c285100, count: -8
ddb> show registers
rdi 0xffffffff81e04658 kprintf_mutex
rsi 0xffffffff816aa789 db_enter+0x9
rbp 0xffff80000e3837a0
rbx 0xffff80000e383840
rdx 0xffff8000008d9000
rcx 0xde0
rax 0xffff8000008d9000
r8 0xffff80000e383770
r9 0
r10 0xffff80000e3835d8
r11 0x8
r12 0x3000000008
r13 0xffff80000e3837b0
r14 0x100
r15 0xffffffff81c05d61 pgt_cardbus_devices+0x25f
rip 0xffffffff816aa78a db_enter+0xa
cs 0x8
rflags 0x212
rsp 0xffff80000e3837a0
ss 0x10
db_enter+0xa: popq %rbp
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 93e79386f776 remove unused files
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=17cc5e3a400000
dashboard link: https://syzkaller.appspot.com/bug?extid=aba4d0fdd09b1ca404d0
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+aba4d0...@syzkaller.appspotmail.com
.@�Gt�5cE��� >� !%Ji
���%����Y� ��#��h0LsW�҃ ɭ�s �z=� 2�h3<pqN�A��c)��p� � XA�3V�?I ���h5K�� r.@�Gt�5cE��� >� !%Ji
���%����Y� ��#��h0LsW�҃ ɭ�s �z=� 2�h3<pqN�A��c)��p� � XA�3V�?I ���h5K�� rpanic:
uvm_fault_unwire_locked:
address not in map
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*223229 81679 0 0 0x4000000 0 syz-executor0
db_enter() at db_enter+0xa
panic() at panic+0x147
uvm_fault_unwire_locked(ffffff001f717108,5,ffffff00125d64d8) at
uvm_fault_unwir
e_locked+0x270
uvm_map_pageable_wire(4000,ffffff001f717108,0,ffff80000e383a48,1,ffffff00125d64
d8) at uvm_map_pageable_wire+0x475
uvm_mmaplock(ffffff001f717108,ffffff001e6d4ab0,ffffff0015a156a0,1,12) at
uvm_mm
aplock+0x103
sys_mmap(ffff80000e383b60,ffff80000e2e70c0,ffff80000e27cc88) at
sys_mmap+0x89b
syscall(0) at syscall+0x3e4
Xsyscall(6,0,77,0,7,13aa0010) at Xsyscall+0x128
end of kernel
end trace frame: 0x22c285100, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb> trace
db_enter() at db_enter+0xa
panic() at panic+0x147
uvm_fault_unwire_locked(ffffff001f717108,5,ffffff00125d64d8) at
uvm_fault_unwir
e_locked+0x270
uvm_map_pageable_wire(4000,ffffff001f717108,0,ffff80000e383a48,1,ffffff00125d64
d8) at uvm_map_pageable_wire+0x475
uvm_mmaplock(ffffff001f717108,ffffff001e6d4ab0,ffffff0015a156a0,1,12) at
uvm_mm
aplock+0x103
sys_mmap(ffff80000e383b60,ffff80000e2e70c0,ffff80000e27cc88) at
sys_mmap+0x89b
syscall(0) at syscall+0x3e4
Xsyscall(6,0,77,0,7,13aa0010) at Xsyscall+0x128
end of kernel
end trace frame: 0x22c285100, count: -8
ddb> show registers
rdi 0xffffffff81e04658 kprintf_mutex
rsi 0xffffffff816aa789 db_enter+0x9
rbp 0xffff80000e3837a0
rbx 0xffff80000e383840
rdx 0xffff8000008d9000
rcx 0xde0
rax 0xffff8000008d9000
r8 0xffff80000e383770
r9 0
r10 0xffff80000e3835d8
r11 0x8
r12 0x3000000008
r13 0xffff80000e3837b0
r14 0x100
r15 0xffffffff81c05d61 pgt_cardbus_devices+0x25f
rip 0xffffffff816aa78a db_enter+0xa
cs 0x8
rflags 0x212
rsp 0xffff80000e3837a0
ss 0x10
db_enter+0xa: popq %rbp
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
9 dic 2018, 11:27:049/12/18
a syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 737f2a163501 anton@: Do not trace before kcovopen() has be..
git tree: https://github.com/blackgnezdo/src.git anton-kcov-dec8
console output: https://syzkaller.appspot.com/x/log.txt?x=11c093d5400000
kernel config: https://syzkaller.appspot.com/x/.config?x=f2ee3db928411249
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13259da3400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+aba4d0...@syzkaller.appspotmail.com
login: panic: uvm_fault_unwire_locked: address not in map
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
uvm_fault_unwire_locked(20001000,20003000,0) at
uvm_fault_unwire_locked+0x270
uvm_fault_unwire(1000,ffffff006a688900,1000) at uvm_fault_unwire+0x3b
sys/uvm/uvm_fault.c:1314
physio(ffff800021191638,ffffff006a6cd5b8,ffffff006a6cd5b8,ffff800021191638,ffff800021191508)
at
physio+0x2ba sys/kern/kern_physio.c:183
spec_read(0) at spec_read+0xa5 sys/kern/spec_vnops.c:223
VOP_READ(ffff800021191638,ffffff006a6cd5b8,ffffff006fa5f4b0,0) at
VOP_READ+0x5e sys/kern/vfs_vops.c:247
vn_read(ffffff006fa5f4b0,ffff800021084260,1000) at vn_read+0x130
sys/kern/vfs_vnops.c:365
dofilereadv(0,1,ffff800021084260,ffff800021191760,ffff800021191778) at
dofilereadv+0x14f sys/kern/sys_generic.c:235
sys_readv(780,ffff800021084260,0) at sys_readv+0xce
sys/kern/sys_generic.c:182
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,0,ffffffffffffffbc,0,3,5c4958e5010) at Xsyscall+0x128
end of kernel
end trace frame: 0x5c699718940, count: 3
ddb{0}> set $lines = 0
ddb{0}> show panic
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
uvm_fault_unwire_locked(20001000,20003000,0) at
uvm_fault_unwire_locked+0x270
uvm_fault_unwire(1000,ffffff006a688900,1000) at uvm_fault_unwire+0x3b
sys/uvm/uvm_fault.c:1314
physio(ffff800021191638,ffffff006a6cd5b8,ffffff006a6cd5b8,ffff800021191638,ffff800021191508)
at
physio+0x2ba sys/kern/kern_physio.c:183
spec_read(0) at spec_read+0xa5 sys/kern/spec_vnops.c:223
VOP_READ(ffff800021191638,ffffff006a6cd5b8,ffffff006fa5f4b0,0) at
VOP_READ+0x5e
sys/kern/vfs_vops.c:247vn_read(ffffff006fa5f4b0,ffff800021084260,1000) at
vn_read+0x130
dofilereadv(0,1,ffff800021084260,ffff800021191760,ffff800021191778) at
dofilereadv+0x14f sys/kern/sys_generic.c:235
sys_readv(780,ffff800021084260,0) at sys_readv+0xce
sys/kern/sys_generic.c:182
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,0,ffffffffffffffbc,0,3,5c4958e5010) at Xsyscall+0x128
end of kernel
end trace frame: 0x5c699718940, count: -12
ddb{0}> show registers
rdi 0xffffffff81e3e438 kprintf_mutex
rsi 0x5
rbp 0xffff8000211912b0
rbx 0xffff800021191350
rdx 0x3fd
rcx 0
rax 0x1
r8 0xffff800021191280
r9 0
r10 0
r11 0xffffffff81780d60 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff8000211912c0
r14 0x100
r15 0xffffffff81c66154 cy_pio_rec+0x167f5
rip 0xffffffff817b958a db_enter+0xa
cs 0x8
rflags 0x202
rsp 0xffff8000211912b0
PROC (syz-executor1) pid=215679 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=17, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000210852c8,0xffff8000210b7c48
process=0xffff8000210a6cb0 user=0xffff80002118c000,
vmspace=0xffffff007f124420
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
16065 316279 36651 0 3 0x80 nanosleep syz-executor1
*16065 215679 36651 0 7 0x4000000 syz-executor1
16065 319175 36651 0 3 0x4000080 fsleep syz-executor1
36651 429425 52945 0 3 0x82 nanosleep syz-executor1
26907 463433 52945 0 3 0x82 nanosleep syz-executor0
52945 418017 29652 0 3 0x82 thrsleep syz-execprog
52945 297157 29652 0 3 0x4000082 thrsleep syz-execprog
52945 292148 29652 0 3 0x4000082 thrsleep syz-execprog
52945 271022 29652 0 3 0x4000082 thrsleep syz-execprog
52945 505037 29652 0 3 0x4000082 thrsleep syz-execprog
52945 159637 29652 0 3 0x4000082 thrsleep syz-execprog
52945 371510 29652 0 3 0x4000082 kqread syz-execprog
52945 239637 29652 0 3 0x4000082 thrsleep syz-execprog
52945 35817 29652 0 3 0x4000082 thrsleep syz-execprog
52945 13254 29652 0 3 0x4000082 thrsleep syz-execprog
29652 180741 10594 0 3 0x10008a pause ksh
10594 287218 82329 0 3 0x92 select sshd
35256 258254 1 0 3 0x100083 ttyin getty
82329 187950 1 0 3 0x80 select sshd
57439 112731 27159 73 3 0x100090 kqread syslogd
27159 495786 1 0 3 0x100082 netio syslogd
64929 217547 1 77 3 0x100090 poll dhclient
88053 442660 1 0 3 0x80 poll dhclient
42082 226338 0 0 3 0x14200 pgzero zerothread
7375 363170 0 0 3 0x14200 aiodoned aiodoned
66817 307780 0 0 3 0x14200 syncer update
7148 441387 0 0 3 0x14200 cleaner cleaner
45512 317540 0 0 3 0x14200 reaper reaper
8627 38972 0 0 3 0x14200 pgdaemon pagedaemon
36049 467061 0 0 3 0x14200 bored crynlk
46942 221470 0 0 3 0x14200 bored crypto
63244 461347 0 0 3 0x40014200 acpi0 acpi0
13540 152251 0 0 7 0x40014200 idle1
929 350321 0 0 3 0x14200 bored softnet
7746 140460 0 0 3 0x14200 bored systqmp
83199 464848 0 0 3 0x14200 bored systq
30836 36388 0 0 3 0x40014200 bored softclock
13219 452434 0 0 3 0x40014200 idle0
1 75885 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
HEAD commit: 737f2a163501 anton@: Do not trace before kcovopen() has be..
git tree: https://github.com/blackgnezdo/src.git anton-kcov-dec8
console output: https://syzkaller.appspot.com/x/log.txt?x=11c093d5400000
kernel config: https://syzkaller.appspot.com/x/.config?x=f2ee3db928411249
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13259da3400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+aba4d0...@syzkaller.appspotmail.com
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*215679 16065 0 0 0x4000000 0K syz-executor1
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
uvm_fault_unwire_locked(20001000,20003000,0) at
uvm_fault_unwire_locked+0x270
uvm_fault_unwire(1000,ffffff006a688900,1000) at uvm_fault_unwire+0x3b
sys/uvm/uvm_fault.c:1314
physio(ffff800021191638,ffffff006a6cd5b8,ffffff006a6cd5b8,ffff800021191638,ffff800021191508)
at
physio+0x2ba sys/kern/kern_physio.c:183
spec_read(0) at spec_read+0xa5 sys/kern/spec_vnops.c:223
VOP_READ(ffff800021191638,ffffff006a6cd5b8,ffffff006fa5f4b0,0) at
VOP_READ+0x5e sys/kern/vfs_vops.c:247
vn_read(ffffff006fa5f4b0,ffff800021084260,1000) at vn_read+0x130
sys/kern/vfs_vnops.c:365
dofilereadv(0,1,ffff800021084260,ffff800021191760,ffff800021191778) at
dofilereadv+0x14f sys/kern/sys_generic.c:235
sys_readv(780,ffff800021084260,0) at sys_readv+0xce
sys/kern/sys_generic.c:182
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,0,ffffffffffffffbc,0,3,5c4958e5010) at Xsyscall+0x128
end of kernel
end trace frame: 0x5c699718940, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}> set $lines = 0
ddb{0}> show panic
uvm_fault_unwire_locked: address not in map
ddb{0}> trace
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
uvm_fault_unwire_locked(20001000,20003000,0) at
uvm_fault_unwire_locked+0x270
uvm_fault_unwire(1000,ffffff006a688900,1000) at uvm_fault_unwire+0x3b
sys/uvm/uvm_fault.c:1314
physio(ffff800021191638,ffffff006a6cd5b8,ffffff006a6cd5b8,ffff800021191638,ffff800021191508)
at
physio+0x2ba sys/kern/kern_physio.c:183
spec_read(0) at spec_read+0xa5 sys/kern/spec_vnops.c:223
VOP_READ(ffff800021191638,ffffff006a6cd5b8,ffffff006fa5f4b0,0) at
VOP_READ+0x5e
sys/kern/vfs_vops.c:247vn_read(ffffff006fa5f4b0,ffff800021084260,1000) at
vn_read+0x130
dofilereadv(0,1,ffff800021084260,ffff800021191760,ffff800021191778) at
dofilereadv+0x14f sys/kern/sys_generic.c:235
sys_readv(780,ffff800021084260,0) at sys_readv+0xce
sys/kern/sys_generic.c:182
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,0,ffffffffffffffbc,0,3,5c4958e5010) at Xsyscall+0x128
end of kernel
end trace frame: 0x5c699718940, count: -12
ddb{0}> show registers
rdi 0xffffffff81e3e438 kprintf_mutex
rsi 0x5
rbp 0xffff8000211912b0
rbx 0xffff800021191350
rdx 0x3fd
rcx 0
rax 0x1
r8 0xffff800021191280
r9 0
r10 0
r11 0xffffffff81780d60 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff8000211912c0
r14 0x100
r15 0xffffffff81c66154 cy_pio_rec+0x167f5
rip 0xffffffff817b958a db_enter+0xa
cs 0x8
rflags 0x202
rsp 0xffff8000211912b0
ss 0x10
db_enter+0xa: popq %rbp
ddb{0}> show proc
db_enter+0xa: popq %rbp
PROC (syz-executor1) pid=215679 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=17, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000210852c8,0xffff8000210b7c48
process=0xffff8000210a6cb0 user=0xffff80002118c000,
vmspace=0xffffff007f124420
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
16065 316279 36651 0 3 0x80 nanosleep syz-executor1
*16065 215679 36651 0 7 0x4000000 syz-executor1
16065 319175 36651 0 3 0x4000080 fsleep syz-executor1
36651 429425 52945 0 3 0x82 nanosleep syz-executor1
26907 463433 52945 0 3 0x82 nanosleep syz-executor0
52945 418017 29652 0 3 0x82 thrsleep syz-execprog
52945 297157 29652 0 3 0x4000082 thrsleep syz-execprog
52945 292148 29652 0 3 0x4000082 thrsleep syz-execprog
52945 271022 29652 0 3 0x4000082 thrsleep syz-execprog
52945 505037 29652 0 3 0x4000082 thrsleep syz-execprog
52945 159637 29652 0 3 0x4000082 thrsleep syz-execprog
52945 371510 29652 0 3 0x4000082 kqread syz-execprog
52945 239637 29652 0 3 0x4000082 thrsleep syz-execprog
52945 35817 29652 0 3 0x4000082 thrsleep syz-execprog
52945 13254 29652 0 3 0x4000082 thrsleep syz-execprog
29652 180741 10594 0 3 0x10008a pause ksh
10594 287218 82329 0 3 0x92 select sshd
35256 258254 1 0 3 0x100083 ttyin getty
82329 187950 1 0 3 0x80 select sshd
57439 112731 27159 73 3 0x100090 kqread syslogd
27159 495786 1 0 3 0x100082 netio syslogd
64929 217547 1 77 3 0x100090 poll dhclient
88053 442660 1 0 3 0x80 poll dhclient
42082 226338 0 0 3 0x14200 pgzero zerothread
7375 363170 0 0 3 0x14200 aiodoned aiodoned
66817 307780 0 0 3 0x14200 syncer update
7148 441387 0 0 3 0x14200 cleaner cleaner
45512 317540 0 0 3 0x14200 reaper reaper
8627 38972 0 0 3 0x14200 pgdaemon pagedaemon
36049 467061 0 0 3 0x14200 bored crynlk
46942 221470 0 0 3 0x14200 bored crypto
63244 461347 0 0 3 0x40014200 acpi0 acpi0
13540 152251 0 0 7 0x40014200 idle1
929 350321 0 0 3 0x14200 bored softnet
7746 140460 0 0 3 0x14200 bored systqmp
83199 464848 0 0 3 0x14200 bored systq
30836 36388 0 0 3 0x40014200 bored softclock
13219 452434 0 0 3 0x40014200 idle0
1 75885 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
syzbot
22 dic 2018, 23:51:0322/12/18
a syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 907eae9ac960 sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1414d4c3400000
kernel config: https://syzkaller.appspot.com/x/.config?x=f2ee3db928411249
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=170a75cd400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11281dcd400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+aba4d0...@syzkaller.appspotmail.com
sys/uvm/uvm_fault.c:1314
physio(ffff80002112b868,ffffff006d119ae0,ffffff006d119ae0,ffff80002112b868,ffff80002112b738)
VOP_READ+0x5e sys/kern/vfs_vops.c:247
vn_read(ffffff006e4905a8,ffff800021084710,1000) at vn_read+0x130
sys/kern/vfs_vnops.c:365
dofilereadv(0,1,ffff800021084710,ffff80002112b990,ffff80002112b9a8) at
dofilereadv+0x14f sys/kern/sys_generic.c:235
sys_readv(780,ffff800021084710,0) at sys_readv+0xce
end of kernel
end trace frame: 0xc585d4b0a30, count: 3
sys/uvm/uvm_fault.c:1314
physio(ffff80002112b868,ffffff006d119ae0,ffffff006d119ae0,ffff80002112b868,ffff80002112b738)
VOP_READ+0x5e
sys/kern/vfs_vops.c:247vn_read(ffffff006e4905a8,ffff800021084710,1000) at
vn_read+0x130
dofilereadv(0,1,ffff800021084710,ffff80002112b990,ffff80002112b9a8) at
dofilereadv+0x14f sys/kern/sys_generic.c:235
sys_readv(780,ffff800021084710,0) at sys_readv+0xce
end of kernel
end trace frame: 0xc585d4b0a30, count: -12
ddb{0}> show registers
rdi 0xffffffff81e20110 kprintf_mutex
rsi 0x5
rbp 0xffff80002112b4e0
rbx 0xffff80002112b580
r9 0
r10 0
r11 0xffffffff8197d380 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff80002112b4f0
r14 0x100
r15 0xffffffff81c64515 cy_pio_rec+0x10dfa
rip 0xffffffff8182d81a db_enter+0xa
cs 0x8
rflags 0x202
rsp 0xffff80002112b4e0
PROC (syz-executor8783) pid=116599 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=17, usrpri=72, nice=20
forw=0xffffffffffffffff, list=0xffff800021084008,0xffff8000210852d8
process=0xffff800021070ca8 user=0xffff800021126000,
*56190 116599 89960 0 7 0x4000000 syz-executor8783
56190 2668 89960 0 3 0x4000080 fsleep syz-executor8783
89960 233048 98433 0 3 0x80 nanosleep syz-executor8783
51302 400320 98433 0 3 0x80 nanosleep syz-executor8783
98433 448484 73670 0 3 0x82 nanosleep syz-executor8783
73670 391063 13489 0 3 0x10008a pause ksh
13489 180989 69079 0 3 0x92 select sshd
34280 272430 1 0 3 0x100083 ttyin getty
69079 214264 1 0 3 0x80 select sshd
14516 401541 34680 73 3 0x100090 kqread syslogd
34680 129302 1 0 3 0x100082 netio syslogd
98833 220905 1 77 3 0x100090 poll dhclient
92523 53992 1 0 3 0x80 poll dhclient
19296 57917 0 0 3 0x14200 pgzero zerothread
55778 84655 0 0 3 0x14200 aiodoned aiodoned
56102 424379 0 0 3 0x14200 syncer update
57562 136865 0 0 3 0x14200 cleaner cleaner
91419 373635 0 0 3 0x14200 reaper reaper
48262 501715 0 0 3 0x14200 pgdaemon pagedaemon
21730 320485 0 0 3 0x14200 bored crynlk
65963 476355 0 0 3 0x14200 bored crypto
31733 400906 0 0 3 0x40014200 acpi0 acpi0
41000 13681 0 0 7 0x40014200 idle1
43578 74494 0 0 3 0x14200 bored softnet
32914 50734 0 0 3 0x14200 bored systqmp
19023 68977 0 0 3 0x14200 bored systq
66780 392577 0 0 3 0x40014200 bored softclock
70297 227767 0 0 3 0x40014200 idle0
1 314882 0 0 3 0x82 wait init
HEAD commit: 907eae9ac960 sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1414d4c3400000
kernel config: https://syzkaller.appspot.com/x/.config?x=f2ee3db928411249
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=170a75cd400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11281dcd400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+aba4d0...@syzkaller.appspotmail.com
panic: uvm_fault_unwire_locked: address not in map
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*116599 56190 0 0 0x4000000 0K syz-executor8783
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
uvm_fault_unwire_locked(20001000,20003000,0) at
uvm_fault_unwire_locked+0x270
uvm_fault_unwire(1000,ffffff006d062100,1000) at uvm_fault_unwire+0x3b
panic() at panic+0x147 sys/kern/subr_prf.c:208
uvm_fault_unwire_locked(20001000,20003000,0) at
uvm_fault_unwire_locked+0x270
sys/uvm/uvm_fault.c:1314
physio(ffff80002112b868,ffffff006d119ae0,ffffff006d119ae0,ffff80002112b868,ffff80002112b738)
at
physio+0x2ba sys/kern/kern_physio.c:183
spec_read(0) at spec_read+0xa5 sys/kern/spec_vnops.c:223
VOP_READ(ffff80002112b868,ffffff006d119ae0,ffffff006e4905a8,0) at
physio+0x2ba sys/kern/kern_physio.c:183
spec_read(0) at spec_read+0xa5 sys/kern/spec_vnops.c:223
VOP_READ+0x5e sys/kern/vfs_vops.c:247
vn_read(ffffff006e4905a8,ffff800021084710,1000) at vn_read+0x130
sys/kern/vfs_vnops.c:365
dofilereadv(0,1,ffff800021084710,ffff80002112b990,ffff80002112b9a8) at
dofilereadv+0x14f sys/kern/sys_generic.c:235
sys_readv(780,ffff800021084710,0) at sys_readv+0xce
sys/kern/sys_generic.c:182
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,0,c58629d2aa0,0,c55ff38c0a8,c55ff38c0a0) at Xsyscall+0x128
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
end of kernel
end trace frame: 0xc585d4b0a30, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> show panic
ddb{0}> set $lines = 0
ddb{0}> show panic
uvm_fault_unwire_locked: address not in map
ddb{0}> trace
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
uvm_fault_unwire_locked(20001000,20003000,0) at
uvm_fault_unwire_locked+0x270
uvm_fault_unwire(1000,ffffff006d062100,1000) at uvm_fault_unwire+0x3b
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
uvm_fault_unwire_locked(20001000,20003000,0) at
uvm_fault_unwire_locked+0x270
sys/uvm/uvm_fault.c:1314
physio(ffff80002112b868,ffffff006d119ae0,ffffff006d119ae0,ffff80002112b868,ffff80002112b738)
at
physio+0x2ba sys/kern/kern_physio.c:183
spec_read(0) at spec_read+0xa5 sys/kern/spec_vnops.c:223
VOP_READ(ffff80002112b868,ffffff006d119ae0,ffffff006e4905a8,0) at
physio+0x2ba sys/kern/kern_physio.c:183
spec_read(0) at spec_read+0xa5 sys/kern/spec_vnops.c:223
VOP_READ+0x5e
sys/kern/vfs_vops.c:247vn_read(ffffff006e4905a8,ffff800021084710,1000) at
vn_read+0x130
dofilereadv(0,1,ffff800021084710,ffff80002112b990,ffff80002112b9a8) at
dofilereadv+0x14f sys/kern/sys_generic.c:235
sys_readv(780,ffff800021084710,0) at sys_readv+0xce
sys/kern/sys_generic.c:182
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,0,c58629d2aa0,0,c55ff38c0a8,c55ff38c0a0) at Xsyscall+0x128
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
end of kernel
end trace frame: 0xc585d4b0a30, count: -12
ddb{0}> show registers
rdi 0xffffffff81e20110 kprintf_mutex
rsi 0x5
rbp 0xffff80002112b4e0
rbx 0xffff80002112b580
rdx 0x3fd
rcx 0
rax 0x1
r8 0xffff80002112b4b0
rcx 0
rax 0x1
r9 0
r10 0
r11 0xffffffff8197d380 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff80002112b4f0
r14 0x100
r15 0xffffffff81c64515 cy_pio_rec+0x10dfa
rip 0xffffffff8182d81a db_enter+0xa
cs 0x8
rflags 0x202
rsp 0xffff80002112b4e0
ss 0x10
db_enter+0xa: popq %rbp
ddb{0}> show proc
db_enter+0xa: popq %rbp
PROC (syz-executor8783) pid=116599 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=17, usrpri=72, nice=20
forw=0xffffffffffffffff, list=0xffff800021084008,0xffff8000210852d8
process=0xffff800021070ca8 user=0xffff800021126000,
vmspace=0xffffff007f124420
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
56190 70238 89960 0 3 0x80 nanosleep syz-executor8783
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*56190 116599 89960 0 7 0x4000000 syz-executor8783
56190 2668 89960 0 3 0x4000080 fsleep syz-executor8783
89960 233048 98433 0 3 0x80 nanosleep syz-executor8783
51302 400320 98433 0 3 0x80 nanosleep syz-executor8783
98433 448484 73670 0 3 0x82 nanosleep syz-executor8783
73670 391063 13489 0 3 0x10008a pause ksh
13489 180989 69079 0 3 0x92 select sshd
34280 272430 1 0 3 0x100083 ttyin getty
69079 214264 1 0 3 0x80 select sshd
14516 401541 34680 73 3 0x100090 kqread syslogd
34680 129302 1 0 3 0x100082 netio syslogd
98833 220905 1 77 3 0x100090 poll dhclient
92523 53992 1 0 3 0x80 poll dhclient
19296 57917 0 0 3 0x14200 pgzero zerothread
55778 84655 0 0 3 0x14200 aiodoned aiodoned
56102 424379 0 0 3 0x14200 syncer update
57562 136865 0 0 3 0x14200 cleaner cleaner
91419 373635 0 0 3 0x14200 reaper reaper
48262 501715 0 0 3 0x14200 pgdaemon pagedaemon
21730 320485 0 0 3 0x14200 bored crynlk
65963 476355 0 0 3 0x14200 bored crypto
31733 400906 0 0 3 0x40014200 acpi0 acpi0
41000 13681 0 0 7 0x40014200 idle1
43578 74494 0 0 3 0x14200 bored softnet
32914 50734 0 0 3 0x14200 bored systqmp
19023 68977 0 0 3 0x14200 bored systq
66780 392577 0 0 3 0x40014200 bored softclock
70297 227767 0 0 3 0x40014200 idle0
1 314882 0 0 3 0x82 wait init
Greg Steuck
25 dic 2018, 19:05:2225/12/18
a syzbot,syzkaller-o...@googlegroups.com
#syz dup: panic: uvm_fault_unwire_locked: address not in map
Responder a todos
Responder al autor
Reenviar
0 mensajes nuevos