A syzkaller regression test triggered a panic

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Peter Holm <pho_at_FreeBSD.org>
Date: Sat, 09 Sep 2023 16:45:45 UTC
Fatal trap 9: general protection fault while in kernel mode
cpuid = 1; apic id = 01
instruction pointer     = 0x20:0xffffffff80d21330
stack pointer           = 0x28:0xfffffe01d39b9b20
frame pointer           = 0x28:0xfffffe01d39b9b40
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 30447 (syzkaller24)
rdi: deadc0dedeadc0de rsi: fffff80070830800 rdx: 0000000000000000
rcx: fffff807ecfcd660  r8: 00000000000000fe  r9: fffffe0037804218
rax: fffff807ecfcd600 rbx: fffff8039ed87c40 rbp: fffffe01d39b9b40
r10: fffff80070830800 r11: fffff8082001a800 r12: fffff807ecfcd600
r13: fffff8015bf5f8c0 r14: 0000000000000000 r15: 0000000000000000
trap number             = 9
panic: general protection fault
cpuid = 1
time = 1694207336
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01d39b9860
vpanic() at vpanic+0x132/frame 0xfffffe01d39b9990
panic() at panic+0x43/frame 0xfffffe01d39b99f0
trap_fatal() at trap_fatal+0x40c/frame 0xfffffe01d39b9a50
calltrap() at calltrap+0x8/frame 0xfffffe01d39b9a50
--- trap 0x9, rip = 0xffffffff80d21330, rsp = 0xfffffe01d39b9b20, rbp = 0xfffffe01d39b9b40 ---
ip_mfilter_free() at ip_mfilter_free+0x1a0/frame 0xfffffe01d39b9b40
inp_freemoptions() at inp_freemoptions+0x85/frame 0xfffffe01d39b9b80
sorele_locked() at sorele_locked+0xf7/frame 0xfffffe01d39b9bb0
soclose() at soclose+0x17d/frame 0xfffffe01d39b9c10
_fdrop() at _fdrop+0x1b/frame 0xfffffe01d39b9c30
closef() at closef+0x1e3/frame 0xfffffe01d39b9cc0
fdescfree() at fdescfree+0x41a/frame 0xfffffe01d39b9d80
exit1() at exit1+0x4a1/frame 0xfffffe01d39b9df0
sys_exit() at sys_exit+0xd/frame 0xfffffe01d39b9e00
amd64_syscall() at amd64_syscall+0x14f/frame 0xfffffe01d39b9f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01d39b9f30
--- syscall (1, FreeBSD ELF64, exit), rip = 0x822150e6a, rsp = 0x820d6b1f8, rbp = 0x820d6b210 ---
KDB: enter: panic
[ thread pid 30447 tid 131724 ]
Stopped at      kdb_enter+0x32: movq    $0,0xe275d3(%rip)
db>

Details @ https://people.freebsd.org/~pho/stress/log/log0487.txt

-Peter