syzbot

 sign-in | mailing list | source | docs
🐞 Open [10]
🐞 Fixed [25]
🐞 Invalid [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel panic: kProc-ful Page Faurlt in the Kernel at ADDR!oc-

Status: closed as invalid on 2018/07/19 20:25
Reported-by: syzbot+f3e75e5b172aa25f0e21@syzkaller.appspotmail.com
First crash: 2318d, last: 2318d

Sample crash report:
kernel panic at kern/arch/x86/trap.c:309, from core 3: kProc-ful Page Faurlt in the Kernel at 0x000000000000001b!oc-
fP frame at 0xfffffff0000e2d30 on core 3
H00000001b!kernel] Wd user addr 0x0000000020001840 (+0xfffffffffb  r rax  0ax  0x0000000000000000
x  rbx  0xffff800015aa0860
f  ffffff0000e2ea0
001840 (+0xffffffffffffff59) in sys_frdch (user bug)
000e2ea0
2  rdx  rdx  0xfffffff0 0xfffffff0000e2d6c
  rbp  0xfffffff0000e2e38
  rsi  0x0000000000000000
  rdi  0xfffffff0000e2ea0
  r8   0x0000000000000001
  r9   0xffffffffc8790880
  r10  0x0000000000000030
  r11  0xffff800014bdfc20
  r12  0xffff800002175e80
  r13  0x0000000020000480
  r14  0x0000000000000073
  r15  0x0000000000000020
  trap 0x0000000e Page Fault
  gsbs 0xffffffffc8668140
  fsbs 0x0000000000000000
  err  0x--------00000000
  rip  0xffffffffc20583b4
  cs   0x------------0008
  flag 0x0000000000010246
  rsp  0xfffffff0000e2df8
  ss   0x------------0010
Backtrace of kernel context on Core 3:
#01 [<0xffffffffc20583b4>] in sys_readlink at src/syscall.c:2037
#02 [<0xffffffffc20593c9>] in syscall at src/syscall.c:2528
#03 [<0xffffffffc2059584>] in run_local_syscall at src/syscall.c:2563
#04 [<0xffffffffc2059ab9>] in prep_syscalls at src/syscall.c:2583
#05 [<0xffffffffc20ab29a>] in sysenter_callwrapper at arch/x86/trap.c:851
19:12:55 executing program 0:
r0 = openat$dev_user(0xffffffffffffff9c, &(0x7f0000000000)='/dev/user\x00', 0x1, 0x3, 0x0)
openat$net_ipifc_0_snoop(0xffffffffffffff9c, &(0x7f0000000100)='/net/ipifc/0/snoop\x00', 0xfffffffffffffd17, 0x1, 0x0)
openat$net_ether0_2_ifstats(0xffffffffffffff9c, &(0x7f00000000c0)='/net/ether0/2/ifstats\x00', 0x16, 0x1, 0x0)
openat(r0, &(0x7f0000000040)='./file0\x00', 0x8, 0x1040, 0x9)
19:12:55 executing program 1:
r0 = openat$net_udp_0_err(0xffffffffffffff9c, &(0x7f00000000c0)='/net/udp/0/err\x00', 0xf, 0x3, 0x0)
fcntl$F_GETFL(r0, 0x3)
read(r0, &(0x7f0000000100)=""/241, 0xf1)
19:12:55 executing program 3:
r0 = openat$net_udp_0_status(0xffffffffffffff9c, &(0x7f0000000000)='/net/udp/0/status\x00', 0x12, 0x1, 0x0)
openat$net_tcp_0_local(0xffffffffffffff9c, &(0x7f0000000080)='/net/tcp/0/local\x00', 0x11, 0x1, 0x0)
openat(r0, &(0x7f0000000040)='./file0\x00', 0x8, 0x157, 0x0)
19:12:55 executing program 2:
r0 = openat$net_ether0_2_ifstats(0xffffffffffffff9c, &(0x7f0000000080)='/net/ether0/2/ifstats\x00', 0x16, 0x1, 0x0)
fd2path(r0, &(0x7f0000000100)=""/104, 0x68)
openat$net_tcp_2_data(0xffffffffffffff9c, &(0x7f00000000c0)='/net/tcp/2/data\x00', 0x10, 0x3, 0x0)
fd2path(r0, &(0x7f0000000040)=""/35, 0x23)
openat$net_ether0_1_ifstats(0xffffffffffffff9c, &(0x7f0000000000)='/net/ether0/1/ifstats\x00', 0x16, 0x1, 0x0)
19:12:55 executing program 7:
r0 = openat$dev_kmesg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kmesg\x00', 0xb, 0x1, 0x0)
fcntl$F_SETFL(r0, 0x4, 0x8400)
read(r0, &(0x7f0000000040)=""/96, 0x60)
llseek(r0, 0x67f, 0x6, &(0x7f00000000c0), 0x0)
openat$net_icmpv6_stats(0xffffffffffffff9c, &(0x7f0000000100)='/net/icmpv6/stats\x00', 0x12, 0x1, 0x0)
openat$net_udp_0_status(0xffffffffffffff9c, &(0x7f0000000140)='/net/udp/0/status\x00', 0x12, 0x1, 0x0)
openat$net_tcp_2_listen(0xffffffffffffff9c, &(0x7f0000000180)='/net/tcp/2/listen\x00', 0x12, 0x3, 0x0)
openat$net_ether0_0_data(0xffffffffffffff9c, &(0x7f00000001c0)='/net/ether0/0/data\x00', 0x13, 0x3, 0x0)
r1 = openat$net_iproute(0xffffffffffffff9c, &(0x7f0000000200)='/net/iproute\x00', 0xd, 0x3, 0x0)
r2 = openat$net_tcp_1_err(0xffffffffffffff9c, &(0x7f0000000240)='/net/tcp/1/err\x00', 0xf, 0x3, 0x0)
openat$dev_zero(0xffffffffffffff9c, &(0x7f0000000280)='/dev/zero\x00', 0xa, 0x1, 0x0)
openat$proc_self_fpregs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/fpregs\x00', 0x12, 0x1, 0x0)
fcntl$F_GETFL(r1, 0x3)
openat$dev_zero(0xffffffffffffff9c, &(0x7f0000000300)='/dev/zero\x00', 0xa, 0x1, 0x0)
openat$dev_zero(0xffffffffffffff9c, &(0x7f0000000340)='/dev/zero\x00', 0xa, 0x1, 0x0)
r3 = openat$prof_kpdata(0xffffffffffffff9c, &(0x7f0000000380)='/prof/kpdata\x00', 0xd, 0x3, 0x0)
openat$dev_sysstat(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sysstat\x00', 0xd, 0x3, 0x0)
openat$prof_empty(0xffffffffffffff9c, &(0x7f0000000400)='/prof/.empty\x00', 0xd, 0x3, 0x0)
openat$net_tcp_1_err(0xffffffffffffff9c, &(0x7f0000000440)='/net/tcp/1/err\x00', 0xf, 0x3, 0x0)
openat$dev_user(0xffffffffffffff9c, &(0x7f0000000480)='/dev/user\x00', 0xa, 0x3, 0x0)
read(r2, &(0x7f00000004c0)=""/246, 0xf6)
openat$net_tcp_1_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/net/tcp/1/ctl\x00', 0xf, 0x3, 0x0)
openat$prof_kptrace_ctl(0xffffffffffffff9c, &(0x7f0000000640)='/prof/kptrace_ctl\x00', 0x12, 0x3, 0x0)
openat$net_icmp_stats(0xffffffffffffff9c, &(0x7f0000000680)='/net/icmp/stats\x00', 0x10, 0x1, 0x0)
openat$net_icmp_clone(0xffffffffffffff9c, &(0x7f00000006c0)='/net/icmp/clone\x00', 0x10, 0x3, 0x0)
openat$net_ether0_1_ctl(0xffffffffffffff9c, &(0x7f0000000700)='/net/ether0/1/ctl\x00', 0x12, 0x3, 0x0)
openat$proc_self_ns(0xffffffffffffff9c, &(0x7f0000000740)='/proc/self/ns\x00', 0xe, 0x1, 0x0)
llseek(r3, 0x20, 0x2, &(0x7f0000000780), 0x3)
openat$prof_kpctl(0xffffffffffffff9c, &(0x7f00000007c0)='/prof/kpctl\x00', 0xc, 0x3, 0x0)
19:12:55 executing program 6:
openat$net_tcp_0_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/net/tcp/0/ctl\x00', 0xfffffffffffffec7, 0x3, 0x0)
19:12:55 executing program 4:
openat$dev_user(0xffffffffffffff9c, &(0x7f0000000000)='/dev/user\x00', 0xa, 0x3, 0x0)
r0 = openat$net_tcp_1_data(0xffffffffffffff9c, &(0x7f0000000040)='/net/tcp/1/data\x00', 0xffffff9f, 0x3, 0x0)
close(r0)
19:12:55 executing program 5:
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x12032, 0xffffffffffffffff, 0x0)
19:12:55 executing program 0:
openat$dev_hostowner(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hostowner\x00', 0xf, 0x3, 0x0)
openat$dev_user(0xffffffffffffff9c, &(0x7f0000000000)='/dev/user\x00', 0x1, 0x3, 0x0)
19:12:55 executing program 1:
r0 = openat$net_udp_0_err(0xffffffffffffff9c, &(0x7f00000000c0)='/net/udp/0/err\x00', 0xf, 0x3, 0x0)
fcntl$F_GETFL(r0, 0x3)
read(r0, &(0x7f0000000100)=""/241, 0xf1)
19:12:56 executing program 2:
openat$net_ether0_0_type(0xffffffffffffff9c, &(0x7f0000000040)='/net/ether0/0/type\x00', 0x211, 0x1, 0x0)
openat$proc_self_proc(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/proc\x00', 0xffffff05, 0x1, 0x0)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/18 19:12 akaros bf9a9ba0d6af 49f35839 .config console log report ci-akaros-main
* Struck through repros no longer work on HEAD.