Fatal trap NUM: page fault while in kernel mode (5)
2 views
Skip to first unread message
syzbot
Jan 23, 2024, 1:25:24 PMJan 23
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a8b2189c90c5 arm/mpic: remove empty pic_init_secondary() h..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=16f8b99be80000
dashboard link: https://syzkaller.appspot.com/bug?extid=cea601f0624cc2e6f864
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cea601...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff81a38032
stack pointer = 0x28:0xfffffe0053fc11c0
frame pointer = 0x28:0xfffffe0053fc16f0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 2 (clock (0))
rdi: 0000000000000000 rsi: 0000000000000000 rdx: 0000000000000000
rcx: fffffe00033eee30 r8: 0000000000000000 r9: 00000000040080fe
rax: fffffe00033eee30 rbx: fffff7800a7f8268 rbp: fffffe0053fc16f0
r10: aa00000000000000 r11: 0000000000000000 r12: fffffe0053fc1620
r13: fffffe0053fc14c0 r14: 0000000000000000 r15: fffffe008307c358
FreeBSD/amd64trap number = 12
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: a8b2189c90c5 arm/mpic: remove empty pic_init_secondary() h..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=16f8b99be80000
dashboard link: https://syzkaller.appspot.com/bug?extid=cea601f0624cc2e6f864
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cea601...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff81a38032
stack pointer = 0x28:0xfffffe0053fc11c0
frame pointer = 0x28:0xfffffe0053fc16f0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 2 (clock (0))
rdi: 0000000000000000 rsi: 0000000000000000 rdx: 0000000000000000
rcx: fffffe00033eee30 r8: 0000000000000000 r9: 00000000040080fe
rax: fffffe00033eee30 rbx: fffff7800a7f8268 rbp: fffffe0053fc16f0
r10: aa00000000000000 r11: 0000000000000000 r12: fffffe0053fc1620
r13: fffffe0053fc14c0 r14: 0000000000000000 r15: fffffe008307c358
FreeBSD/amd64trap number = 12
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Gleb Smirnoff
Jan 23, 2024, 2:06:34 PMJan 23
to syzkaller-freebsd-bugs
The console output has a mix of kernel and syzbot messages. This truncated the backtrace. It is:
Kernel page fault with the following non-sleepable locks held:
shared rw sctpinp (sctpinp) r = 0 (0xfffffe0071f8b4b8) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:4552
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe00733ba320) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctputil.c:1776
stack backtrace:
#0 0xffffffff8161e7a6 at witness_debugger+0x156
#1 0xffffffff81620c37 at witness_warn+0x867
#2 0xffffffff82079037 at trap_pfault+0x157
#2 0xffffffff82079037 at trap_pfault+0x157
#3 0xffffffff82077793 at trap+0x5f3
#4 0xffffffff82020328 at calltrap+0x8
#5 0xffffffff8442485a at sctp_lowlevel_chunk_output+0x20ea
#6 0xffffffff84422615 at sctp_send_initiate+0x1555
#7 0xffffffff84486e36 at sctp_t1init_timer+0x66
#8 0xffffffff844b4ee4 at sctp_timeout_handler+0x6b4
getpeername$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c, 0xffffffffffffffff, 0x0, @local}, &(0x7f00000000c0)=0x1c)
sendmsg(r0, &(0x7f0000000580)={&(0x7f0000000040)=@in6={0x1c, 0x1c, 0x3, 0x0, @mcast2, 0xfffffffc}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0], 0x10}, 0x0)
#9 0xffffffff8153fb09 at softclock_call_cc+0x409
#10 0xffffffff81543000 at softclock_thread+0x200
#11 0xffffffff8145a1ec at fork_exit+0xcc
#12 0xffffffff8202138e at fork_trampoline+0xe
вторник, 23 января 2024 г. в 10:25:24 UTC-8, syzbot:
Reply all
Reply to author
Forward
0 new messages