freebsd boot error: Fatal trap NUM: page fault while in kernel mode (2)
0 views
Skip to first unread message
syzbot
Aug 3, 2023, 9:41:55 PM8/3/23
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 21d6c29f344d opensm libopensm: remove non-existent symbols..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=172f9829a80000
dashboard link: https://syzkaller.appspot.com/bug?extid=287a99dc3e232aac3889
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+287a99...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0xfffff7800067ddcc
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff81590e52
stack pointer = 0x28:0xffffffff849787f0
frame pointer = 0x28:0xffffffff849787f0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = resume, IOPL = 0
current process = 0 ()
rdi: fffffe00033eee60 rsi: 0000000000000000 rdx: ffffffff83898400
rcx: fffff78000000000 r8: 0000000000000000 r9: 0000000000000000
rax: 000000000067ddcc rbx: fffffe00033eee30 rbp: ffffffff849787f0
r10: 0000000000000000 r11: 0000000000000002 r12: fffffe00033eee25
r13: 0000000000000000 r14: 0000000000000000 r15: 0000000000000001
trap number = 12
panic: page fault
cpuid = 0
time = 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff84977f10
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff84978070
vpanic() at vpanic+0x271/frame 0xffffffff84978210
panic() at panic+0xb5/frame 0xffffffff849782d0
trap_fatal() at trap_fatal+0x7ee/frame 0xffffffff849783f0
trap_pfault() at trap_pfault+0x17b/frame 0xffffffff84978530
trap() at trap+0x5f3/frame 0xffffffff84978720
calltrap() at calltrap+0x8/frame 0xffffffff84978720
--- trap 0xc, rip = 0xffffffff81590e52, rsp = 0xffffffff849787f0, rbp = 0xffffffff849787f0 ---
__asan_load8_noabort() at __asan_load8_noabort+0x82/frame 0xffffffff849787f0
vm_phys_enq_range() at vm_phys_enq_range+0x2c/frame 0xffffffff84978840
vm_phys_alloc_contig() at vm_phys_alloc_contig+0xd18/frame 0xffffffff84978920
vm_page_find_contig_domain() at vm_page_find_contig_domain+0xfa/frame 0xffffffff84978990
vm_page_alloc_noobj_contig_domain() at vm_page_alloc_noobj_contig_domain+0x178/frame 0xffffffff84978a90
startup_alloc() at startup_alloc+0xe7/frame 0xffffffff84978b10
uma_startup1() at uma_startup1+0x1b5/frame 0xffffffff84978e90
vm_mem_init() at vm_mem_init+0x60/frame 0xffffffff84978eb0
mi_startup() at mi_startup+0x4b7/frame 0xffffffff84978ff0
btext() at btext+0x3d
KDB: enter: panic
[ thread pid 0 tid 0 ]
Stopped at kdb_enter+0x6e: movq $0,0x217c2a7(%rip)
db>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 21d6c29f344d opensm libopensm: remove non-existent symbols..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=172f9829a80000
dashboard link: https://syzkaller.appspot.com/bug?extid=287a99dc3e232aac3889
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+287a99...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0xfffff7800067ddcc
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff81590e52
stack pointer = 0x28:0xffffffff849787f0
frame pointer = 0x28:0xffffffff849787f0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = resume, IOPL = 0
current process = 0 ()
rdi: fffffe00033eee60 rsi: 0000000000000000 rdx: ffffffff83898400
rcx: fffff78000000000 r8: 0000000000000000 r9: 0000000000000000
rax: 000000000067ddcc rbx: fffffe00033eee30 rbp: ffffffff849787f0
r10: 0000000000000000 r11: 0000000000000002 r12: fffffe00033eee25
r13: 0000000000000000 r14: 0000000000000000 r15: 0000000000000001
trap number = 12
panic: page fault
cpuid = 0
time = 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff84977f10
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff84978070
vpanic() at vpanic+0x271/frame 0xffffffff84978210
panic() at panic+0xb5/frame 0xffffffff849782d0
trap_fatal() at trap_fatal+0x7ee/frame 0xffffffff849783f0
trap_pfault() at trap_pfault+0x17b/frame 0xffffffff84978530
trap() at trap+0x5f3/frame 0xffffffff84978720
calltrap() at calltrap+0x8/frame 0xffffffff84978720
--- trap 0xc, rip = 0xffffffff81590e52, rsp = 0xffffffff849787f0, rbp = 0xffffffff849787f0 ---
__asan_load8_noabort() at __asan_load8_noabort+0x82/frame 0xffffffff849787f0
vm_phys_enq_range() at vm_phys_enq_range+0x2c/frame 0xffffffff84978840
vm_phys_alloc_contig() at vm_phys_alloc_contig+0xd18/frame 0xffffffff84978920
vm_page_find_contig_domain() at vm_page_find_contig_domain+0xfa/frame 0xffffffff84978990
vm_page_alloc_noobj_contig_domain() at vm_page_alloc_noobj_contig_domain+0x178/frame 0xffffffff84978a90
startup_alloc() at startup_alloc+0xe7/frame 0xffffffff84978b10
uma_startup1() at uma_startup1+0x1b5/frame 0xffffffff84978e90
vm_mem_init() at vm_mem_init+0x60/frame 0xffffffff84978eb0
mi_startup() at mi_startup+0x4b7/frame 0xffffffff84978ff0
btext() at btext+0x3d
KDB: enter: panic
[ thread pid 0 tid 0 ]
Stopped at kdb_enter+0x6e: movq $0,0x217c2a7(%rip)
db>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Mark Johnston
Aug 9, 2023, 5:17:22 PM8/9/23
to syzbot, syzkaller-f...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages