panic: kmsan_intr_enter: lwp->ctx = 16
2 views
Skip to first unread message
syzbot
Aug 7, 2020, 12:09:24 AM8/7/20
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f0cc7819 make(1): use consistent name for result of Cmd_Exec
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16e2df32900000
kernel config: https://syzkaller.appspot.com/x/.config?x=739e57438eb9ed9e
dashboard link: https://syzkaller.appspot.com/bug?extid=79318f2b7314493f9122
compiler: clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1564f11a900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=108c5a94900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+79318f...@syzkaller.appspotmail.com
[ 92.8711123] panic: kmsan_intr_enter: lwp->ctx = 16
[ 92.8711123] cpu1: Begin traceback...
[ 92.8711123] fatal double fault in supervisor mode
[ 92.8711123] trap type 13 code 0 rip 0xffffffff8020100b cs 0x8 rflags 0x10086 cr2 0xffffe6808289ef98 ilevel 0 rsp 0xffffe6808289efa0
[ 92.8711123] curlwp 0xffffe68011c66040 pid 1079.1079 lowest kstack 0xffffe6808289d2c0
kernel: double fault trap, code=0
Stopped in pid 1079.1079 (syz-executor8094) atvpanic() at netbsd:Xintr_legacy9+0xb: movq %rdi,netbsd:vpanic+0x91a
0(%rsp)
?
Xintr_legacy9() at netbsd:Xintr_legacy9+0xb
--- interrupt ---
[ 92.8711123] panic() at netbsd:panic+0x1ad sys/kern/subr_prf.c:209
?() at 0
Bad frame pointer: 0xffffe6807a1b9001
Panic string: kmsan_intr_enter: lwp->ctx = 16
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
1102 1102 2 0 0 ffffe680123bd0c0 syz-executor8094
1084 1084 2 0 0 ffffe680123a1900 syz-executor8094
1077 >1077 7 1 40000km sa fnf_iffnet6r8_0e1nt2e3ar1(4) ca0 t syz-executor8094
416 416 2 1 40000 ffffe680123a1080 syz-executor8094
1085 1085 2 0 40000 ffffe68011c668c0 n etsybsz-de:xkemcsuanto_rin8t0r9_4
e
[ 92.8711123] nter+0x74
1082 1082 2 0 40000 ffffe68011c66480 syz-executor8094
1079 >1079 7 0 40000 ffffe68011c66040 syz-executor8094
1073 1073 3 1 40080 ffffe6801156fb40 syz-executor8094 nanoslp
1071 1071 2 0 40000 ffffe68011b7abc0 syz-executor8094
1075 1075 3 1 80 ffffe68011b7a780 syz-executor8094 nanoslp
[ 92.8711123] DDB lost frame for 952 952 3 0 40080 ffffe6801134a680 syz-executor8094 nanoslp
1078 1078 3 1 80 ffffe6801124aa80 sshd select
1108 1108 3 1 80 nefftfbfsde:68X0i1nt1r34_lae24ga0c y 9 + 0x ae , t r y ignget t0yxf nffanfoes6l8p0
8
[ 92.8711123] 2a18a60
1122 1122 3 1 80 ffffe6801124a640 getty nanoslp
1091 1091 3 1 80 ffffe6801124a200 getty nanoslp
1096 1096 3 1 c0 ffffe680112135c0 getty ttyraw
948 948 3 1 80 ffffe68011b7a340 sshd select
972 972 3 0 80 ffffe680114Xibn26tcr_0 l e g ac y 9 () a t powerd kqueue
553 553 3 0 80 ffffe68011b4bb80 syslogd kqueue
597 597 3 0 80 ffffe68011b4b74ne0t bs d : X in t r _ l egdhaccpy9c+d 0pxoael
l
[
92.8711123] --- interrupt ---
595 595 3 1 80 ffffe6801156f2c0 dhcpcd poll
592 592 3 1 80 ffffe6801156f700 dhcpcd poll
577 577 3 1 80 ef:f
f
fcpe6u18:01 1Ebn4d b3t0r0ac e ba ck . ..
dhcpcd poll
34SeaBIOS (version 1.8.2-20200613_054352-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
Comparing RSDP and RSDP
Comparing RSDT and RSDT
Comparing FACP and FACP
Comparing FACS and FACS
return 0 for FACS vs FACS: SUCCESS
Comparing DSDT and DSDT
return 0 for DSDT vs DSDT: SUCCESS
return 0 for FACP vs FACP: SUCCESS
Comparing SRAT and SRAT
Diff at 8: 3, 1
Sending ACPI diff VM event for SRAT at 8. 0x3 vs 0x1
Diff at 9: 7d, 7f
Sending ACPI diff VM event for SRAT at 9. 0x7d vs 0x7f
return 1 for SRAT vs SRAT: MEM_CMP FAILURE
Comparing APIC and APIC
Diff at 8: 5, 1
Sending ACPI diff VM event for APIC at 8. 0x5 vs 0x1
Diff at 9: 22, 26
Sending ACPI diff VM event for APIC at 9. 0x22 vs 0x26
return 1 for APIC vs APIC: MEM_CMP FAILURE
Comparing SSDT and SSDT
return 0 for SSDT vs SSDT: SUCCESS
Comparing WAET and WAET
return 0 for WAET vs WAET: SUCCESS
return 1 for RSDT vs RSDT: RSDT FAILURE
return 1 for RSDP vs RSDP: RSDP FAILURE
Sending ACPI diff VM event for ERR1 at 0. 0x0 vs 0x0
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f20b0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.11 (Thu Jun 11 19:20:47 UTC 2020) (from NetBSD 9.99.65)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Drop to boot prompt
Choose an option; RETURN for default; SPACE to stop countdown.
Option 1 will be chosen in 5 seconds. 4 seconds. 3 seconds. 2 seconds. 1 seconds. 0 seconds. 0 seconds.
command(s): rndseed /var/db/entropy-file;boot
default boot twice, skipping...
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: f0cc7819 make(1): use consistent name for result of Cmd_Exec
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16e2df32900000
kernel config: https://syzkaller.appspot.com/x/.config?x=739e57438eb9ed9e
dashboard link: https://syzkaller.appspot.com/bug?extid=79318f2b7314493f9122
compiler: clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1564f11a900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=108c5a94900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+79318f...@syzkaller.appspotmail.com
[ 92.8711123] panic: kmsan_intr_enter: lwp->ctx = 16
[ 92.8711123] cpu1: Begin traceback...
[ 92.8711123] fatal double fault in supervisor mode
[ 92.8711123] trap type 13 code 0 rip 0xffffffff8020100b cs 0x8 rflags 0x10086 cr2 0xffffe6808289ef98 ilevel 0 rsp 0xffffe6808289efa0
[ 92.8711123] curlwp 0xffffe68011c66040 pid 1079.1079 lowest kstack 0xffffe6808289d2c0
kernel: double fault trap, code=0
Stopped in pid 1079.1079 (syz-executor8094) atvpanic() at netbsd:Xintr_legacy9+0xb: movq %rdi,netbsd:vpanic+0x91a
0(%rsp)
?
Xintr_legacy9() at netbsd:Xintr_legacy9+0xb
--- interrupt ---
[ 92.8711123] panic() at netbsd:panic+0x1ad sys/kern/subr_prf.c:209
?() at 0
Bad frame pointer: 0xffffe6807a1b9001
Panic string: kmsan_intr_enter: lwp->ctx = 16
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
1102 1102 2 0 0 ffffe680123bd0c0 syz-executor8094
1084 1084 2 0 0 ffffe680123a1900 syz-executor8094
1077 >1077 7 1 40000km sa fnf_iffnet6r8_0e1nt2e3ar1(4) ca0 t syz-executor8094
416 416 2 1 40000 ffffe680123a1080 syz-executor8094
1085 1085 2 0 40000 ffffe68011c668c0 n etsybsz-de:xkemcsuanto_rin8t0r9_4
e
[ 92.8711123] nter+0x74
1082 1082 2 0 40000 ffffe68011c66480 syz-executor8094
1079 >1079 7 0 40000 ffffe68011c66040 syz-executor8094
1073 1073 3 1 40080 ffffe6801156fb40 syz-executor8094 nanoslp
1071 1071 2 0 40000 ffffe68011b7abc0 syz-executor8094
1075 1075 3 1 80 ffffe68011b7a780 syz-executor8094 nanoslp
[ 92.8711123] DDB lost frame for 952 952 3 0 40080 ffffe6801134a680 syz-executor8094 nanoslp
1078 1078 3 1 80 ffffe6801124aa80 sshd select
1108 1108 3 1 80 nefftfbfsde:68X0i1nt1r34_lae24ga0c y 9 + 0x ae , t r y ignget t0yxf nffanfoes6l8p0
8
[ 92.8711123] 2a18a60
1122 1122 3 1 80 ffffe6801124a640 getty nanoslp
1091 1091 3 1 80 ffffe6801124a200 getty nanoslp
1096 1096 3 1 c0 ffffe680112135c0 getty ttyraw
948 948 3 1 80 ffffe68011b7a340 sshd select
972 972 3 0 80 ffffe680114Xibn26tcr_0 l e g ac y 9 () a t powerd kqueue
553 553 3 0 80 ffffe68011b4bb80 syslogd kqueue
597 597 3 0 80 ffffe68011b4b74ne0t bs d : X in t r _ l egdhaccpy9c+d 0pxoael
l
[
92.8711123] --- interrupt ---
595 595 3 1 80 ffffe6801156f2c0 dhcpcd poll
592 592 3 1 80 ffffe6801156f700 dhcpcd poll
577 577 3 1 80 ef:f
f
fcpe6u18:01 1Ebn4d b3t0r0ac e ba ck . ..
dhcpcd poll
34SeaBIOS (version 1.8.2-20200613_054352-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
Comparing RSDP and RSDP
Comparing RSDT and RSDT
Comparing FACP and FACP
Comparing FACS and FACS
return 0 for FACS vs FACS: SUCCESS
Comparing DSDT and DSDT
return 0 for DSDT vs DSDT: SUCCESS
return 0 for FACP vs FACP: SUCCESS
Comparing SRAT and SRAT
Diff at 8: 3, 1
Sending ACPI diff VM event for SRAT at 8. 0x3 vs 0x1
Diff at 9: 7d, 7f
Sending ACPI diff VM event for SRAT at 9. 0x7d vs 0x7f
return 1 for SRAT vs SRAT: MEM_CMP FAILURE
Comparing APIC and APIC
Diff at 8: 5, 1
Sending ACPI diff VM event for APIC at 8. 0x5 vs 0x1
Diff at 9: 22, 26
Sending ACPI diff VM event for APIC at 9. 0x22 vs 0x26
return 1 for APIC vs APIC: MEM_CMP FAILURE
Comparing SSDT and SSDT
return 0 for SSDT vs SSDT: SUCCESS
Comparing WAET and WAET
return 0 for WAET vs WAET: SUCCESS
return 1 for RSDT vs RSDT: RSDT FAILURE
return 1 for RSDP vs RSDP: RSDP FAILURE
Sending ACPI diff VM event for ERR1 at 0. 0x0 vs 0x0
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f20b0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.11 (Thu Jun 11 19:20:47 UTC 2020) (from NetBSD 9.99.65)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Drop to boot prompt
Choose an option; RETURN for default; SPACE to stop countdown.
Option 1 will be chosen in 5 seconds. 4 seconds. 3 seconds. 2 seconds. 1 seconds. 0 seconds. 0 seconds.
command(s): rndseed /var/db/entropy-file;boot
default boot twice, skipping...
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages