Fatal trap 12: page fault in fifo_close
瀏覽次數:7 次
跳到第一則未讀訊息
syzbot
2019年5月11日 下午4:18:072019/5/11
收件者:syzkaller-f...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 24c307c3 A new parameter to blist_alloc specifies an upper..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15cfb0f8a00000
dashboard link: https://syzkaller.appspot.com/bug?extid=ddccc06b4bc1c9a3947e
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ddccc0...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read data , page not present
instruction pointer = 0x20:0xffffffff80e8ad6f
stack pointer = 0x28:0xfffffe0027376400
frame pointer = 0x28:0xfffffe0027376430
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 7578 (syz-executor.2)
trap number = 12
panic: page fault
cpuid = 0
time = 64
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
0xfffffe0027376060
vpanic() at vpanic+0x1e0/frame 0xfffffe00273760c0
panic() at panic+0x43/frame 0xfffffe0027376120
trap_fatal() at trap_fatal+0x4c6/frame 0xfffffe00273761a0
trap_pfault() at trap_pfault+0x9f/frame 0xfffffe0027376210
trap() at trap+0x44d/frame 0xfffffe0027376330
calltrap() at calltrap+0x8/frame 0xfffffe0027376330
--- trap 0xc, rip = 0xffffffff80e8ad6f, rsp = 0xfffffe0027376400, rbp =
0xfffffe0027376430 ---
fifo_close() at fifo_close+0x1f/frame 0xfffffe0027376430
VOP_CLOSE_APV() at VOP_CLOSE_APV+0xc2/frame 0xfffffe0027376460
vgonel() at vgonel+0xdc/frame 0xfffffe00273764e0
vflush() at vflush+0x3df/frame 0xfffffe0027376630
ffs_flushfiles() at ffs_flushfiles+0x1eb/frame 0xfffffe00273766a0
softdep_flushfiles() at softdep_flushfiles+0x105/frame 0xfffffe0027376740
ffs_unmount() at ffs_unmount+0xc1/frame 0xfffffe00273767d0
dounmount() at dounmount+0x6e8/frame 0xfffffe0027376850
vfs_unmountall() at vfs_unmountall+0x6b/frame 0xfffffe0027376880
bufshutdown() at bufshutdown+0x4d1/frame 0xfffffe00273768d0
kern_reboot() at kern_reboot+0x31e/frame 0xfffffe0027376920
sys_reboot() at sys_reboot+0x467/frame 0xfffffe0027376980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe0027376ab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0027376ab0
--- syscall (55, FreeBSD ELF64, sys_reboot), rip = 0x20000189, rsp =
0x7fffdfffdee0, rbp = 0xa ---
KDB: enter: panic
[ thread pid 7578 tid 100289 ]
Stopped at kdb_enter+0x6a: movq $0,kdb_why
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 24c307c3 A new parameter to blist_alloc specifies an upper..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15cfb0f8a00000
dashboard link: https://syzkaller.appspot.com/bug?extid=ddccc06b4bc1c9a3947e
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ddccc0...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read data , page not present
instruction pointer = 0x20:0xffffffff80e8ad6f
stack pointer = 0x28:0xfffffe0027376400
frame pointer = 0x28:0xfffffe0027376430
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 7578 (syz-executor.2)
trap number = 12
panic: page fault
cpuid = 0
time = 64
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
0xfffffe0027376060
vpanic() at vpanic+0x1e0/frame 0xfffffe00273760c0
panic() at panic+0x43/frame 0xfffffe0027376120
trap_fatal() at trap_fatal+0x4c6/frame 0xfffffe00273761a0
trap_pfault() at trap_pfault+0x9f/frame 0xfffffe0027376210
trap() at trap+0x44d/frame 0xfffffe0027376330
calltrap() at calltrap+0x8/frame 0xfffffe0027376330
--- trap 0xc, rip = 0xffffffff80e8ad6f, rsp = 0xfffffe0027376400, rbp =
0xfffffe0027376430 ---
fifo_close() at fifo_close+0x1f/frame 0xfffffe0027376430
VOP_CLOSE_APV() at VOP_CLOSE_APV+0xc2/frame 0xfffffe0027376460
vgonel() at vgonel+0xdc/frame 0xfffffe00273764e0
vflush() at vflush+0x3df/frame 0xfffffe0027376630
ffs_flushfiles() at ffs_flushfiles+0x1eb/frame 0xfffffe00273766a0
softdep_flushfiles() at softdep_flushfiles+0x105/frame 0xfffffe0027376740
ffs_unmount() at ffs_unmount+0xc1/frame 0xfffffe00273767d0
dounmount() at dounmount+0x6e8/frame 0xfffffe0027376850
vfs_unmountall() at vfs_unmountall+0x6b/frame 0xfffffe0027376880
bufshutdown() at bufshutdown+0x4d1/frame 0xfffffe00273768d0
kern_reboot() at kern_reboot+0x31e/frame 0xfffffe0027376920
sys_reboot() at sys_reboot+0x467/frame 0xfffffe0027376980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe0027376ab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0027376ab0
--- syscall (55, FreeBSD ELF64, sys_reboot), rip = 0x20000189, rsp =
0x7fffdfffdee0, rbp = 0xa ---
KDB: enter: panic
[ thread pid 7578 tid 100289 ]
Stopped at kdb_enter+0x6a: movq $0,kdb_why
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
2019年10月25日 凌晨4:48:062019/10/25
收件者:syzkaller-f...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
回覆所有人
回覆作者
轉寄
0 則新訊息