syzbot

 sign-in | mailing list | source | docs
🐞 Open [144]
🐞 Fixed [274]
🐞 Invalid [739]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

uvm_fault: pmap_enter

Status: closed as invalid on 2019/09/09 13:32
Reported-by: syzbot+58c727024b6b39df2b34@syzkaller.appspotmail.com
First crash: 2138d, last: 2132d

Sample crash report:
login: uvm_fault(0xffffff007f00ca50, 0x7f8000100008, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at      pmap_enter+0x22a:       movq    __ALIGN_SIZE+0x3000(%rcx,%rsi,8),%rdx
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xffffff007f00ca50, 0x7f8000100008, 0, 1) -> e
pmap_enter(41340e6f448a20c1,0,20,3,2) at pmap_enter+0x22a sys/arch/amd64/amd64/pmap.c:2543
end trace frame: 0xffff800021159610, count: 0
ddb{0}> trace
pmap_enter(41340e6f448a20c1,0,20,3,2) at pmap_enter+0x22a sys/arch/amd64/amd64/pmap.c:2543
uvm_fault(eb6423ca37aa4fa7,ffff80002108b9e0,ffff800021154000,20000000) at uvm_fault+0x934 sys/uvm/uvm_fault.c:803
pageflttrap() at pageflttrap+0x18d sys/arch/amd64/amd64/trap.c:200
kerntrap(cc2edd6a6bf8bdb8) at kerntrap+0x9b sys/arch/amd64/amd64/trap.c:294
alltraps_kern(6,8,ffffff007f7c6b98,2,ffff80002108b9e0,0) at alltraps_kern+0x7b
copyout(eb6423ca37aa527c,650,ffff80002108b9e0,0,ffff8000211598e0,7f898b44f48) at copyout+0x53
syscall(f67bcd662abc987c) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(f67bcd662abc987c) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,0,ffffffffffffffb4,0,2,7f6908140d8) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f898b44fd0, count: -8
ddb{0}> show registers
rdi               0xffffff000547ad80
rsi                          0x20001    acpi_pdirpa+0xbe69
rbp               0xffff800021159400
rbx                                0
rdx               0xffffff000547ad80
rcx                   0x7f7fffffc000
rax                          0x20001    acpi_pdirpa+0xbe69
r8                               0x1
r9                                 0
r10               0xbe80f92f0322753a
r11               0x33d12295ea3fbc03
r12                       0x20001000
r13                                0
r14                       0x6c59b000
r15               0xffffff007f00b300
rip               0xffffffff81678ada    pmap_enter+0x22a
cs                               0x8
rflags                       0x10202    __ALIGN_SIZE+0xf202
rsp               0xffff800021159340
ss                              0x10
pmap_enter+0x22a:       movq    __ALIGN_SIZE+0x3000(%rcx,%rsi,8),%rdx
ddb{0}> show proc
PROC (syz-executor1) pid=41415 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=86, usrpri=86, nice=20
    forw=0xffffffffffffffff, list=0xffff80002108a720,0xffffffff81fc4b08
    process=0xffff8000210653c0 user=0xffff800021154000, vmspace=0xffffff007f00ca50
    estcpu=36, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 25913  265263  22843      0  2           0                syz-executor1
 25913   52373  22843      0  3   0x4000080  fsleep        syz-executor1
*25913   41415  22843      0  7   0x4000000                syz-executor1
 22843  343296  32918      0  3        0x82  nanosleep     syz-executor1
 97170   47843  32918      0  3         0x2  biowait       syz-executor0
 32918  107499   1441      0  3        0x82  thrsleep      syz-execprog
 32918  160672   1441      0  3   0x4000082  nanosleep     syz-execprog
 32918   56716   1441      0  3   0x4000082  thrsleep      syz-execprog
 32918   22994   1441      0  3   0x4000082  thrsleep      syz-execprog
 32918  355784   1441      0  3   0x4000082  kqread        syz-execprog
 32918  279570   1441      0  3   0x4000082  thrsleep      syz-execprog
 32918  370236   1441      0  3   0x4000082  thrsleep      syz-execprog
 32918  359027   1441      0  3   0x4000082  thrsleep      syz-execprog
 32918  205356   1441      0  3   0x4000082  thrsleep      syz-execprog
 32918  510660   1441      0  3   0x4000082  thrsleep      syz-execprog
  1441  347584  40115      0  3    0x10008a  pause         ksh
 40115  438325  21606      0  3        0x92  select        sshd
 79104  205590      1      0  3    0x100083  ttyin         getty
 21606  467297      1      0  3        0x80  select        sshd
 18043  462490   6970     73  7    0x100090                syslogd
  6970  130257      1      0  3    0x100082  netio         syslogd
 57084   25996      1     77  3    0x100090  poll          dhclient
  3125  430622      1      0  3        0x80  poll          dhclient
 13448  367124      0      0  3     0x14200  pgzero        zerothread
 92776  404929      0      0  3     0x14200  aiodoned      aiodoned
 92067  431196      0      0  3     0x14200  syncer        update
 31242  421451      0      0  3     0x14200  cleaner       cleaner
 37090  135377      0      0  3     0x14200  reaper        reaper
 82251  361919      0      0  3     0x14200  pgdaemon      pagedaemon
 65670  357986      0      0  3     0x14200  bored         crynlk
 21583  238358      0      0  3     0x14200  bored         crypto
 51532  160930      0      0  3  0x40014200  acpi0         acpi0
 87215  361595      0      0  3  0x40014200                idle1
 17217  384068      0      0  3     0x14200  bored         softnet
 46272   25150      0      0  3     0x14200  bored         systqmp
 88996  393598      0      0  3     0x14200  bored         systq
 81067     554      0      0  3  0x40014200  bored         softclock
 19729  331686      0      0  3  0x40014200                idle0
     1  128335      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/01/20 14:08 openbsd 3d8e9378a5b1 353f32ea .config console log report syz ci-openbsd-multicore
2019/01/20 11:53 openbsd 3d8e9378a5b1 353f32ea .config console log report ci-openbsd-multicore
2019/01/14 12:51 openbsd a30f5dcbf70f 2f3438a8 .config console log report ci-openbsd-multicore
* Struck through repros no longer work on HEAD.