Fatal trap 12: page fault in __mtx_lock_sleep
8 views
Skip to first unread message
syzbot
Sep 26, 2019, 9:07:08 AM9/26/19
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4b17c313 Fix some broken relocation handling
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10d584a3600000
dashboard link: https://syzkaller.appspot.com/bug?extid=ca1c9e2a14b08b88944c
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=127338a3600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ca1c9e...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x418
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff8102d9db
stack pointer = 0x0:0xfffffe00246c7680
frame pointer = 0x0:0xfffffe00246c7710
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 1144 (syz-executor.0)
trap number = 12
panic: page fault
cpuid = 1
time = 1569502964
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
0xfffffe00246c72e0
vpanic() at vpanic+0x1e0/frame 0xfffffe00246c7340
panic() at panic+0x43/frame 0xfffffe00246c73a0
trap_fatal() at trap_fatal+0x4de/frame 0xfffffe00246c7420
trap_pfault() at trap_pfault+0x9f/frame 0xfffffe00246c7490
trap() at trap+0x44b/frame 0xfffffe00246c75b0
calltrap() at calltrap+0x8/frame 0xfffffe00246c75b0
--- trap 0xc, rip = 0xffffffff8102d9db, rsp = 0xfffffe00246c7680, rbp =
0xfffffe00246c7710 ---
__mtx_lock_sleep() at __mtx_lock_sleep+0x17b/frame 0xfffffe00246c7710
__mtx_lock_flags() at __mtx_lock_flags+0x157/frame 0xfffffe00246c7770
sctp_setopt() at sctp_setopt+0x128f/frame 0xfffffe00246c7800
sctp_ctloutput() at sctp_ctloutput+0x214/frame 0xfffffe00246c7840
sosetopt() at sosetopt+0x101/frame 0xfffffe00246c78c0
kern_setsockopt() at kern_setsockopt+0x14f/frame 0xfffffe00246c7940
sys_setsockopt() at sys_setsockopt+0x33/frame 0xfffffe00246c7970
ia32_syscall() at ia32_syscall+0x46a/frame 0xfffffe00246c7ab0
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x814121c
KDB: enter: panic
[ thread pid 1144 tid 100829 ]
Stopped at kdb_enter+0x6a: movq $0,kdb_why
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 4b17c313 Fix some broken relocation handling
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10d584a3600000
dashboard link: https://syzkaller.appspot.com/bug?extid=ca1c9e2a14b08b88944c
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=127338a3600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ca1c9e...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x418
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff8102d9db
stack pointer = 0x0:0xfffffe00246c7680
frame pointer = 0x0:0xfffffe00246c7710
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 1144 (syz-executor.0)
trap number = 12
panic: page fault
cpuid = 1
time = 1569502964
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
0xfffffe00246c72e0
vpanic() at vpanic+0x1e0/frame 0xfffffe00246c7340
panic() at panic+0x43/frame 0xfffffe00246c73a0
trap_fatal() at trap_fatal+0x4de/frame 0xfffffe00246c7420
trap_pfault() at trap_pfault+0x9f/frame 0xfffffe00246c7490
trap() at trap+0x44b/frame 0xfffffe00246c75b0
calltrap() at calltrap+0x8/frame 0xfffffe00246c75b0
--- trap 0xc, rip = 0xffffffff8102d9db, rsp = 0xfffffe00246c7680, rbp =
0xfffffe00246c7710 ---
__mtx_lock_sleep() at __mtx_lock_sleep+0x17b/frame 0xfffffe00246c7710
__mtx_lock_flags() at __mtx_lock_flags+0x157/frame 0xfffffe00246c7770
sctp_setopt() at sctp_setopt+0x128f/frame 0xfffffe00246c7800
sctp_ctloutput() at sctp_ctloutput+0x214/frame 0xfffffe00246c7840
sosetopt() at sosetopt+0x101/frame 0xfffffe00246c78c0
kern_setsockopt() at kern_setsockopt+0x14f/frame 0xfffffe00246c7940
sys_setsockopt() at sys_setsockopt+0x33/frame 0xfffffe00246c7970
ia32_syscall() at ia32_syscall+0x46a/frame 0xfffffe00246c7ab0
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x814121c
KDB: enter: panic
[ thread pid 1144 tid 100829 ]
Stopped at kdb_enter+0x6a: movq $0,kdb_why
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages