uvm_fault: refcnt_rele
3 views
Skip to first unread message
syzbot
Apr 6, 2025, 2:56:34 AM4/6/25
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c16771e8b440 repeat less and distinguish beteen format and..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=175847e4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=be9fede29e7b9e3a6d29
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/da9683821bab/disk-c16771e8.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/c0af71b09469/bsd-c16771e8.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4f65547f8837/kernel-c16771e8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+be9fed...@syzkaller.appspotmail.com
uvm_fault(0xffffffff83985b50, 0x588fe028, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at refcnt_rele+0x158: movq 0(%rax,%r12,8),%r12
TID PID UID PRFLAGS PFLAGS CPU COMMAND
509585 13229 0 0x2 0x1 1 syz-executor
*473449 16638 0 0x14000 0x200 0 reaper
refcnt_rele(fffffd807f7d2340) at refcnt_rele+0x158 sys/kern/kern_synch.c:935
crfree(fffffd807f7d2340) at crfree+0x35 sys/kern/kern_prot.c:971
reaper(ffff80002a2f8f68) at reaper+0xba proc_free sys/kern/kern_exit.c:431 [inline]
reaper(ffff80002a2f8f68) at reaper+0xba sys/kern/kern_exit.c:471
end trace frame: 0x0, count: 12
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c16771e8b440 repeat less and distinguish beteen format and..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=175847e4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=be9fede29e7b9e3a6d29
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/da9683821bab/disk-c16771e8.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/c0af71b09469/bsd-c16771e8.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4f65547f8837/kernel-c16771e8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+be9fed...@syzkaller.appspotmail.com
uvm_fault(0xffffffff83985b50, 0x588fe028, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at refcnt_rele+0x158: movq 0(%rax,%r12,8),%r12
TID PID UID PRFLAGS PFLAGS CPU COMMAND
509585 13229 0 0x2 0x1 1 syz-executor
*473449 16638 0 0x14000 0x200 0 reaper
refcnt_rele(fffffd807f7d2340) at refcnt_rele+0x158 sys/kern/kern_synch.c:935
crfree(fffffd807f7d2340) at crfree+0x35 sys/kern/kern_prot.c:971
reaper(ffff80002a2f8f68) at reaper+0xba proc_free sys/kern/kern_exit.c:431 [inline]
reaper(ffff80002a2f8f68) at reaper+0xba sys/kern/kern_exit.c:471
end trace frame: 0x0, count: 12
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 7, 2025, 3:33:20 PM8/7/25
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages