[Bug 293898] panic: AUX register unsupported

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293898

            Bug ID: 293898
           Summary: panic: AUX register unsupported
           Product: Base System
           Version: 15.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: r772577952@gmail.com

Hi FreeBSD maintainers,

When fuzzing freebsd kernel with syzkaller and our generated syscall
descriptions, an issue is discovered in the CAM subsystem, specifically in the
XPT layer. This issue is reproducible on the latest release (release/15.0.0-p4,
commit 8ef0ed690df2dca0cc22b827819d112f868470bb).

The kernel console output, kernel config, and C/syz reproducers can be found at
https://drive.google.com/drive/folders/160iX0ECP0sJG6jZUj8OAidcQLNrG5BAA?usp=sharing.
The issue report is also listed below (symbolized by our modified
syz-symbolize) to assist with the analysis:

```
TITLE: panic: AUX register unsupported
CORRUPTED: false ()
SUPPRESSED: false
MAINTAINERS (TO): []
MAINTAINERS (CC): []

login: panic: AUX register unsupported
cpuid = 2
time = 1773838793
KDB: stack backtrace:
#0 0xffffffff81608a59 at kdb_backtrace+0x119
/usr/obj/usr/src/kern/subr_kdb.c:452
#1 0xffffffff81537d67 at vpanic+0x257 /usr/obj/usr/src/kern/kern_shutdown.c:960
#2 0xffffffff81537b05 at panic+0xb5 /usr/obj/usr/src/kern/kern_shutdown.c:887
#3 0xffffffff80732bce at ataaction+0x1f7e /usr/obj/usr/src/dev/ata/ata-all.c:0
#4 0xffffffff8039465d at xpt_run_devq+0x81d /usr/obj/usr/src/cam/cam_xpt.c:3387
#5 0xffffffff8039351f at xpt_action_default+0x14cf
/usr/obj/usr/src/cam/cam_xpt.c:2599
#6 0xffffffff80389f28 at cam_periph_runccb+0x2b8
/usr/obj/usr/src/cam/cam_periph.c:0
#7 0xffffffff8040f159 at passsendccb+0x339
/usr/obj/usr/src/cam/scsi/scsi_pass.c:0
#8 0xffffffff8040db09 at passdoioctl+0x179
/usr/obj/usr/src/cam/scsi/scsi_pass.c:1830
#9 0xffffffff8040d243 at passioctl+0x33
/usr/obj/usr/src/cam/scsi/scsi_pass.c:1750
#10 0xffffffff811cb236 at devfs_ioctl+0x266
/usr/obj/usr/src/fs/devfs/devfs_vnops.c:0
#11 0xffffffff822b9ad7 at VOP_IOCTL_APV+0x87
/usr/obj/usr/src/amd64.amd64/sys/CLOUD/vnode_if.c:1154
#12 0xffffffff817bd187 at vn_ioctl+0x3c7
/usr/obj/usr/src/amd64.amd64/sys/CLOUD/vnode_if.h:639
#13 0xffffffff811cc0f9 at devfs_ioctl_f+0x69
/usr/obj/usr/src/fs/devfs/devfs_vnops.c:881
#14 0xffffffff81666cfa at kern_ioctl+0x4ca /usr/obj/usr/src/sys/file.h:378
#15 0xffffffff8166673e at sys_ioctl+0x36e
/usr/obj/usr/src/kern/sys_generic.c:716
#16 0xffffffff820f9372 at amd64_syscall+0x4e2
/usr/obj/usr/src/kern/subr_syscall.c:193
#17 0xffffffff8209ffab at fast_syscall_common+0xf8
/usr/obj/usr/src/amd64/amd64/exception.S:571
Uptime: 5m0s
Automatic reboot in 15 seconds - press a key on the console to abort
```

-- 
You are receiving this mail because:
You are the assignee for the bug.