uvm_fault: wsmux_do_ioctl
13 views
Skip to first unread message
syzbot
Oct 11, 2018, 6:17:04 AM10/11/18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 52b89152be51 RT_TABLEID_MAX is 255, fix places that assume..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=16cea37e400000
dashboard link: https://syzkaller.appspot.com/bug?extid=e07caaf3659f6caa6900
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e07caa...@syzkaller.appspotmail.com
.@�Gt�5cE��� >� !%Ji
���%����Y� ��#��h0LsW�҃ ɭ�s �z=� 2�h3<pqN�A��c)��p� � XA�3V�?I ���h5K�� .@�Gt�5cE��� >� !%Ji
���%����Y� ��#��h0LsW�҃ ɭ�s �z=� 2�h3<pqN�A��c)��p� � XA�3V�?I ���h5K�� uvm_fault(0xffffff001f716420,
0x20,
0, 1) -> e
kernel: page fault trap, code=0
Stopped at wsmux_do_ioctl+0x281: cmpl 0x20(%rcx),%eax
ddb> trace
wsmux_do_ioctl(80047476,ffffff0016925038,2,ffffff001f7cbc00,ffffffff81e025c8)
a
t wsmux_do_ioctl+0x281
VOP_IOCTL(ffff80000e3910c0,ffff80000e2a6988,ffffff0015a1fe20,ffffff0016925038,8
0047476,5e7efaff42607ee8) at VOP_IOCTL+0x73
vn_ioctl(ffffff0015a1fe20,ffffff001d6fb050,ffff80000e2a6988,ffffff001d6fb050)
a
t vn_ioctl+0xcd
sys_fcntl(ffff80000e3911f0,ffff80000e2a6988,ffff80000e2a9910) at
sys_fcntl+0x74
e
syscall(0) at syscall+0x3e4
Xsyscall(6,0,23,0,3,11ff055a0010) at Xsyscall+0x128
end of kernel
end trace frame: 0x120164d2a670, count: -6
ddb> show registers
rdi 0xffff8000044f9d00
rsi 0xffffffff816dfde0 wsmux_do_ioctl+0x270
rbp 0xffff80000e390f20
rbx 0xffff8000044f9d50
rdx 0xffff8000004d9000
rcx 0
rax 0
r8 0xffff80000e2a6988
r9 0xffff80000e2a6988
r10 0
r11 0xffffffff816e10d0 wsmuxioctl
r12 0
r13 0x2
r14 0xffff80000e3910c0
r15 0xffff8000044f9d00
rip 0xffffffff816dfdf1 wsmux_do_ioctl+0x281
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80000e390ee0
ss 0x10
wsmux_do_ioctl+0x281: cmpl 0x20(%rcx),%eax
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 52b89152be51 RT_TABLEID_MAX is 255, fix places that assume..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=16cea37e400000
dashboard link: https://syzkaller.appspot.com/bug?extid=e07caaf3659f6caa6900
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e07caa...@syzkaller.appspotmail.com
.@�Gt�5cE��� >� !%Ji
���%����Y� ��#��h0LsW�҃ ɭ�s �z=� 2�h3<pqN�A��c)��p� � XA�3V�?I ���h5K�� .@�Gt�5cE��� >� !%Ji
���%����Y� ��#��h0LsW�҃ ɭ�s �z=� 2�h3<pqN�A��c)��p� � XA�3V�?I ���h5K�� uvm_fault(0xffffff001f716420,
0x20,
0, 1) -> e
kernel: page fault trap, code=0
Stopped at wsmux_do_ioctl+0x281: cmpl 0x20(%rcx),%eax
ddb> trace
wsmux_do_ioctl(80047476,ffffff0016925038,2,ffffff001f7cbc00,ffffffff81e025c8)
a
t wsmux_do_ioctl+0x281
VOP_IOCTL(ffff80000e3910c0,ffff80000e2a6988,ffffff0015a1fe20,ffffff0016925038,8
0047476,5e7efaff42607ee8) at VOP_IOCTL+0x73
vn_ioctl(ffffff0015a1fe20,ffffff001d6fb050,ffff80000e2a6988,ffffff001d6fb050)
a
t vn_ioctl+0xcd
sys_fcntl(ffff80000e3911f0,ffff80000e2a6988,ffff80000e2a9910) at
sys_fcntl+0x74
e
syscall(0) at syscall+0x3e4
Xsyscall(6,0,23,0,3,11ff055a0010) at Xsyscall+0x128
end of kernel
end trace frame: 0x120164d2a670, count: -6
ddb> show registers
rdi 0xffff8000044f9d00
rsi 0xffffffff816dfde0 wsmux_do_ioctl+0x270
rbp 0xffff80000e390f20
rbx 0xffff8000044f9d50
rdx 0xffff8000004d9000
rcx 0
rax 0
r8 0xffff80000e2a6988
r9 0xffff80000e2a6988
r10 0
r11 0xffffffff816e10d0 wsmuxioctl
r12 0
r13 0x2
r14 0xffff80000e3910c0
r15 0xffff8000044f9d00
rip 0xffffffff816dfdf1 wsmux_do_ioctl+0x281
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80000e390ee0
ss 0x10
wsmux_do_ioctl+0x281: cmpl 0x20(%rcx),%eax
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Reply all
Reply to author
Forward
0 new messages