syzbot

 sign-in | mailing list | source | docs
🐞 Open [88]
🐞 Fixed [373]
🐞 Invalid [417]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

Fatal trap NUM: page fault in in_pcbremhash_locked (2)

Status: upstream: reported on 2025/07/04 10:09
Reported-by: syzbot+32345032523536c88642@syzkaller.appspotmail.com
First crash: 148d, last: 44d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
freebsd Fatal trap NUM: page fault in in_pcbremhash_locked -1 C 219 165d 281d 2/2 fixed on 2025/06/17 18:38

Sample crash report:
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0xffffffffffffffff
fault code		= supervisor write data, page not present
instruction pointer	= 0x20:0xffffffff819ca1b0
stack pointer	        = 0x28:0xfffffe0056e58540
frame pointer	        = 0x28:0xfffffe0056e58570
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1062 (syz-executor)
rdi: fffffe00778d6000 rsi: 0000000000000000 rdx: 0000000000000000
rcx: 000000000ef1ac00  r8: 0000000000000000  r9: 0000000000000001
rax: ffffffffffffffff rbx: fffffe00778d6044 rbp: fffffe0056e58570
r10: 0000000000000000 r11: 0000000000000000 r12: ffffffffffffffff
r13: fffffe00778d6250 r14: fffffe00778d6000 r15: fffffe00778d6008
trap number		= 12
panic: page fault
cpuid = 1
time = 11
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056e57d70
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056e57ed0
vpanic() at vpanic+0x257/frame 0xfffffe0056e58090
panic() at panic+0xb5/frame 0xfffffe0056e58150
trap_pfault() at trap_pfault+0xaf2/frame 0xfffffe0056e58290
trap() at trap+0x78e/frame 0xfffffe0056e58470
calltrap() at calltrap+0x8/frame 0xfffffe0056e58470
--- trap 0xc, rip = 0xffffffff819ca1b0, rsp = 0xfffffe0056e58540, rbp = 0xfffffe0056e58570 ---
in_pcbremhash_locked() at in_pcbremhash_locked+0x110/frame 0xfffffe0056e58570
in_pcbdrop() at in_pcbdrop+0x98/frame 0xfffffe0056e58590
tcp_close() at tcp_close+0x177/frame 0xfffffe0056e58660
tcp_disconnect() at tcp_disconnect+0x1ef/frame 0xfffffe0056e58690
tcp_usr_close() at tcp_usr_close+0x189/frame 0xfffffe0056e58770
soclose() at soclose+0x3d0/frame 0xfffffe0056e58860
_fdrop() at _fdrop+0x5c/frame 0xfffffe0056e58890
closef() at closef+0x655/frame 0xfffffe0056e58a70
fdescfree() at fdescfree+0xa5e/frame 0xfffffe0056e58c50
exit1() at exit1+0x887/frame 0xfffffe0056e58cf0
sys__exit() at sys__exit+0x28/frame 0xfffffe0056e58d10
amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056e58f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056e58f30
--- syscall (1, FreeBSD ELF64, _exit), rip = 0x3a723a, rsp = 0x820b8ee08, rbp = 0x820b8ee10 ---
KDB: enter: panic
[ thread pid 1062 tid 100240 ]
Stopped at      kdb_enter+0x6e: movq    $0,0x259df67(%rip)
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs                        0x20
ds                        0x3b
es                        0x3b
fs                        0x13
gs                        0x1b
ss                        0x28
rax                       0x12
rcx         0xfffffe0002bf1850
rdx                          0
rbx         0xffffffff8280e800  .str.27
rsp         0xfffffe0056e57eb0
rbp         0xfffffe0056e57ed0
rsi                          0
rdi         0xffffffff81646849  printf+0x149
r8                           0
r9                  0xffffffff
r10                          0
r11                       0x17
r12         0xfffffe005411c000
r13         0xfffffffffffffffd
r14         0xffffffff8280e800  .str.27
r15                          0
rip         0xffffffff8162fc2e  kdb_enter+0x6e
rflags                    0x46
kdb_enter+0x6e: movq    $0,0x259df67(%rip)
db> show proc
Process 1062 (syz-executor) at 0xfffffe0054121000:
 state: NORMAL
 uid: 0 gid: 0 supp gids: 0, 5
 parent: pid 768 at 0xfffffe00540f9ab0
 ABI: FreeBSD ELF64
 flag: 0x10002000  flag2: 0x40000
 arguments: ./syz-executor exec
 reaper: 0xfffffe0007809010 reapsubtree: 1
 sigparent: 20
 vmspace: 0xfffffe000780fdb0
   (map 0xfffffe000780fdb0)
   (map.pmap 0xfffffe000780fe50)
   (pmap 0xfffffe000780fec0)
 threads: 1
100240                   Run     CPU 1                       syz-executor
db>

Crashes (45):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/16 12:40 freebsd-src 79e57ea662d9 19568248 console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/09/25 05:03 freebsd-src 57d5a8feda3f 770ff59f console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/09/22 05:33 freebsd-src 2b8bfdcad1f4 67c37560 console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/09/08 15:13 freebsd-src c04fe26aa2f7 d291dd2d console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/09/06 14:55 freebsd-src c04fe26aa2f7 d291dd2d console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/09/01 04:06 freebsd-src c04fe26aa2f7 807a3b61 console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/28 20:11 freebsd-src c04fe26aa2f7 bee60a83 console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/25 03:36 freebsd-src c04fe26aa2f7 bf27483f console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/23 20:02 freebsd-src c04fe26aa2f7 bf27483f console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/22 12:00 freebsd-src c04fe26aa2f7 bf27483f console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/31 23:57 freebsd-src 3a686b851f8f 8e9d1dc1 console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/30 09:52 freebsd-src 507f8523f5f6 8e9d1dc1 console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/07 05:30 freebsd-src 3ba480f41801 4f67c4ae console log report ci-freebsd-main Fatal trap NUM: page fault in in_pcbremhash_locked
2025/10/05 14:19 freebsd-src a22f8bd45701 770ff59f console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/09/08 11:43 freebsd-src c04fe26aa2f7 d291dd2d console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/09/07 12:16 freebsd-src c04fe26aa2f7 d291dd2d console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/09/03 06:04 freebsd-src c04fe26aa2f7 96a211bc console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/09/02 21:47 freebsd-src c04fe26aa2f7 96a211bc console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/30 15:49 freebsd-src c04fe26aa2f7 807a3b61 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/29 16:20 freebsd-src c04fe26aa2f7 3e1beec6 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/25 10:46 freebsd-src c04fe26aa2f7 bf27483f console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/25 10:36 freebsd-src c04fe26aa2f7 bf27483f console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/24 04:25 freebsd-src c04fe26aa2f7 bf27483f console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/18 15:10 freebsd-src c04fe26aa2f7 1804e95e console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/03 23:20 freebsd-src 877e70e6087f 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/01 23:38 freebsd-src 011efaa5cd24 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/08/01 03:54 freebsd-src ada5bba476bf 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/30 19:52 freebsd-src 14598537acec 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/29 03:40 freebsd-src 9f0f30bc1f5f 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/27 08:31 freebsd-src 92dfc3fbcd79 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/27 01:43 freebsd-src 23401aeb15ce 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/26 10:25 freebsd-src 9ec37e8ff49c 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/25 08:35 freebsd-src 110111a6cca1 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/25 04:03 freebsd-src 110111a6cca1 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/24 22:43 freebsd-src 110111a6cca1 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/24 05:37 freebsd-src 4b5ed4ef606b 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/22 18:47 freebsd-src 0fbe9f8ef94d 8e9d1dc1 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/19 18:03 freebsd-src 4be9c6f38e78 7117feec console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/17 08:09 freebsd-src 55f80afa17e8 44f8051e console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/13 11:24 freebsd-src bf4d2a45b991 3cda49cf console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/10 03:20 freebsd-src 21876224361a 956bd956 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/09 12:57 freebsd-src 0849d876b1ac f4e5e155 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/05 13:44 freebsd-src 9c2509f831e8 4f67c4ae console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
2025/07/04 10:08 freebsd-src 1c1acaf6858b a3c808e4 console log report ci-freebsd-i386 Fatal trap NUM: page fault in in_pcbremhash_locked
* Struck through repros no longer work on HEAD.