On Wed, Oct 03, 2018 at 10:56:28AM -0700, Greg Steuck wrote:
> Hi Mike,
>
> I'm getting core files from vmds. Here's the most recent one. Should I
> start collecting more stack traces and sending them to you?
>
> ci-openbsd$ doas /usr/local/bin/egdb /syzkaller/src/usr.sbin/vmd/obj/vmd
> /var/crash/vmd/89501.core
> Reading symbols from /syzkaller/src/usr.sbin/vmd/obj/vmd...done.
> [New process 178128]
> [New process 294426]
> [New process 350865]
> Core was generated by `vmd'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 0x00000c07a64148bd in virtio_shutdown (vm=0xc09e1418000) at
> /syzkaller/src/usr.sbin/vmd/virtio.c:2018
> 2018 vioscsi->file.close(vioscsi->file.p, 0);
Greg,
Can you test out the patch attached?
+--+
Carlos
> [Current thread is 1 (process 178128)]
> (gdb) where
> #0 0x00000c07a64148bd in virtio_shutdown (vm=0xc09e1418000) at
> /syzkaller/src/usr.sbin/vmd/virtio.c:2018
> #1 0x00000c07a640cb0a in start_vm (vm=0xc09e1418000, fd=<optimized out>)
> at /syzkaller/src/usr.sbin/vmd/vm.c:376
> #2 0x00000c07a640c09e in vmm_start_vm (imsg=<optimized out>,
> id=0x7f7ffffe75e4, pid=0x7f7ffffe75e0) at
> /syzkaller/src/usr.sbin/vmd/vmm.c:686
> #3 0x00000c07a640b7eb in vmm_dispatch_parent (fd=<optimized out>,
> p=<optimized out>, imsg=0x7f7ffffe7d58) at
> /syzkaller/src/usr.sbin/vmd/vmm.c:299
> #4 0x00000c07a6408b2f in proc_dispatch (fd=3, event=<optimized out>,
> arg=0xc09d0d61000) at /syzkaller/src/usr.sbin/vmd/proc.c:660
> #5 0x00000c09f915c64d in event_process_active (base=<optimized out>) at
> /usr/src/lib/libevent/event.c:350
> #6 event_base_loop (base=0xc0a4b11e800, flags=0) at
> /usr/src/lib/libevent/event.c:502
> #7 0x00000c07a6409538 in proc_run (ps=0xc0a4b11a000, p=0xc07a6633080
> <procs+128>, procs=0xc07a6633160 <procs>, nproc=1,
> run=0xc07a640af80 <vmm_run>, arg=0x0) at
> /syzkaller/src/usr.sbin/vmd/proc.c:602
> #8 0x00000c07a640850b in proc_init (ps=0xc09e1418000, procs=0xc07a6633000
> <procs>, nproc=3, debug=-538846004, argc=1258557984, argv=0x0,
> proc_id=PROC_VMM) at /syzkaller/src/usr.sbin/vmd/proc.c:260
> #9 0x00000c07a6403a1d in main (argc=<optimized out>, argv=0x7f7ffffe8008)
> at /syzkaller/src/usr.sbin/vmd/vmd.c:812
>
> Thanks
> Greg
> --
> nest.cx is Gmail hosted, use PGP for anything private. Key:
> http://goo.gl/6dMsr
> Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Index: virtio.c
===================================================================
RCS file: /home/los/cvs/src/usr.sbin/vmd/virtio.c,v
retrieving revision 1.70
diff -u -p -r1.70 virtio.c
--- virtio.c 28 Sep 2018 12:35:32 -0000 1.70
+++ virtio.c 3 Oct 2018 18:28:05 -0000
@@ -2015,7 +2015,9 @@ virtio_shutdown(struct vmd_vm *vm)
int i;
/* ensure that our disks are synced */
- vioscsi->file.close(vioscsi->file.p, 0);
+ if (vioscsi != NULL)
+ vioscsi->file.close(vioscsi->file.p, 0);
+
for (i = 0; i < nr_vioblk; i++)
vioblk[i].file.close(vioblk[i].file.p, 0);
}
