syzbot

 sign-in | mailing list | source | docs
🐞 Open [10] 🐞 Fixed [25] 🐞 Invalid [75] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel panic: Core 00, prov: 0(ADDR) alloc: 0(ADDR)

Status: closed as invalid on 2018/07/18 15:22
Reported-by: syzbot+8a6ed3c204997fe974e9@syzkaller.appspotmail.com
First crash: 2121d, last: 2121d

Sample crash report:
kernel panic at kern/src/mm.c:737, from core 3: Core 00, prov: 0(0x0000000000000000) alloc: 0(0x0000000000000000)
assertion failed: !pte_is_mapped(pte)Core 01, prov: 0(0x0000000000000000) alloc: 0(0x0000000000000000)
Core 02, prov: 0(0x0000000000000000) alloc: 44(0xffff80000218aac0)
Stack Backtrace on Core 3:
Core 03, prov: 0(0x0000000000000000) alloc: 43(0xffff800002186dc0)
#01 [<0xffffffffc200a3b7>] in backtrace at src/kdebug.c:219
08:43:35 executing program 0:
r0 = openat$net_tcp_1_status(0xffffffffffffff9c, &(0x7f0000000000)='/net/tcp/1/status\x00', 0x12, 0x1, 0x0)
fcntl$F_SYNC(r0, 0x65)
r1 = openat$prof_empty(0xffffffffffffff9c, &(0x7f0000000040)='/prof/.empty\x00', 0xd, 0x3, 0x0)
openat$dev_kmesg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kmesg\x00', 0xb, 0x1, 0x0)
r2 = proc_create(&(0x7f00000000c0)='./file0\x00', 0x8, &(0x7f0000000100)='/net/tcp/1/status\x00', 0x12, 0x1f)
provision(r2, 0x0, 0x45b0)
r3 = openat$dev_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sysctl\x00', 0xc, 0x3, 0x0)
openat$proc_self_fd(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/fd\x00', 0xe, 0x1, 0x0)
openat$net_ether0_1_type(0xffffffffffffff9c, &(0x7f00000001c0)='/net/ether0/1/type\x00', 0x13, 0x1, 0x0)
proc_run(r2)
waitpid(r2, &(0x7f0000000200), 0x3)
dup_fds_to(r2, &(0x7f0000000240)=[{r0}], 0x1)
tcgetattr(r3, &(0x7f0000000280))
fd2path(r1, &(0x7f00000002c0)=""/135, 0x87)
proc_create(&(0x7f0000000380)='./file0/file0\x00', 0xe, &(0x7f00000003c0)='/dev/sysctl\x00', 0xc, 0x0)
openat$net_ether0_stats(0xffffffffffffff9c, &(0x7f0000000400)='/net/ether0/stats\x00', 0x12, 0x1, 0x0)
openat$dev_kmesg(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kmesg\x00', 0xb, 0x1, 0x0)
openat$proc_self_ns(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/ns\x00', 0xe, 0x1, 0x0)
openat$proc_self_vmstatus(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/self/vmstatus\x00', 0x14, 0x1, 0x0)
openat$net_ether0_stats(0xffffffffffffff9c, &(0x7f0000000500)='/net/ether0/stats\x00', 0x12, 0x1, 0x0)
openat$net_arp(0xffffffffffffff9c, &(0x7f0000000540)='/net/arp\x00', 0x9, 0x3, 0x0)
poke_ksched(r2, 0x0)
openat$dev_urandom(0xffffffffffffff9c, &(0x7f0000000580)='/dev/urandom\x00', 0xd, 0x1, 0x0)
openat$net_ether0_stats(0xffffffffffffff9c, &(0x7f00000005c0)='/net/ether0/stats\x00', 0x12, 0x1, 0x0)
openat$proc_self_syscall(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/syscall\x00', 0x13, 0x1, 0x0)
proc_create(&(0x7f0000000640)='./file0/file0\x00', 0xe, &(0x7f0000000680)='\x00', 0x1, 0x1)
openat$net_ipifc_0_snoop(0xffffffffffffff9c, &(0x7f00000006c0)='/net/ipifc/0/snoop\x00', 0x13, 0x1, 0x0)
openat$net_ether0_2_ifstats(0xffffffffffffff9c, &(0x7f0000000700)='/net/ether0/2/ifstats\x00', 0x16, 0x1, 0x0)
openat$net_ipifc_clone(0xffffffffffffff9c, &(0x7f0000000740)='/net/ipifc/clone\x00', 0x11, 0x3, 0x0)
#02 [<0xffffffffc2009b7c>] in _panic at src/init.c:266
#03 [<0xffffffffc200db41>] in map_page_at_addr at src/mm.c:737
#04 [<0xffffffffc200db92>] in populate_anon_va at src/mm.c:770
#05 [<0xffffffffc200fbf2>] in populate_va at src/mm.c:1333
#06 [<0xffffffffc2056110>] in sys_populate_va at src/syscall.c:1773
#07 [<0xffffffffc2059149>] in syscall at src/syscall.c:2528
#08 [<0xffffffffc2059304>] in run_local_syscall at src/syscall.c:2563
#09 [<0xffffffffc2059839>] in prep_syscalls at src/syscall.c:2583
#10 [<0xffffffffc20aaf1a>] in sysenter_callwrapper at arch/x86/trap.c:859
08:43:40 executing program 1:
r0 = openat$net_ether0_1_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/net/ether0/1/ctl\x00', 0x12, 0x3, 0x0)
r1 = openat$dev_klog(0xffffffffffffff9c, &(0x7f0000000040)='/dev/klog\x00', 0xa, 0x1, 0x0)
fwstat(r1, &(0x7f00000000c0)=""/189, 0xbd, 0x0)
openat$proc_self_strace(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/strace\x00', 0x12, 0x1, 0x0)
openat$proc_self_args(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/args\x00', 0x10, 0x3, 0x0)
fcntl$F_GETFL(r0, 0x3)
08:43:41 executing program 0:
r0 = openat$net_tcp_1_status(0xffffffffffffff9c, &(0x7f0000000000)='/net/tcp/1/status\x00', 0x12, 0x1, 0x0)
fcntl$F_SYNC(r0, 0x65)
r1 = openat$prof_empty(0xffffffffffffff9c, &(0x7f0000000040)='/prof/.empty\x00', 0xd, 0x3, 0x0)
openat$dev_kmesg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kmesg\x00', 0xb, 0x1, 0x0)
r2 = proc_create(&(0x7f00000000c0)='./file0\x00', 0x8, &(0x7f0000000100)='/net/tcp/1/status\x00', 0x12, 0x1f)
provision(r2, 0x0, 0x45b0)
r3 = openat$dev_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sysctl\x00', 0xc, 0x3, 0x0)
openat$proc_self_fd(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/fd\x00', 0xe, 0x1, 0x0)
openat$net_ether0_1_type(0xffffffffffffff9c, &(0x7f00000001c0)='/net/ether0/1/type\x00', 0x13, 0x1, 0x0)
proc_run(r2)
waitpid(r2, &(0x7f0000000200), 0x3)
dup_fds_to(r2, &(0x7f0000000240)=[{r0}], 0x1)
tcgetattr(r3, &(0x7f0000000280))
fd2path(r1, &(0x7f00000002c0)=""/135, 0x87)
proc_create(&(0x7f0000000380)='./file0/file0\x00', 0xe, &(0x7f00000003c0)='/dev/sysctl\x00', 0xc, 0x0)
openat$net_ether0_stats(0xffffffffffffff9c, &(0x7f0000000400)='/net/ether0/stats\x00', 0x12, 0x1, 0x0)
openat$dev_kmesg(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kmesg\x00', 0xb, 0x1, 0x0)
openat$proc_self_ns(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/ns\x00', 0xe, 0x1, 0x0)
openat$proc_self_vmstatus(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/self/vmstatus\x00', 0x14, 0x1, 0x0)
openat$net_ether0_stats(0xffffffffffffff9c, &(0x7f0000000500)='/net/ether0/stats\x00', 0x12, 0x1, 0x0)
openat$net_arp(0xffffffffffffff9c, &(0x7f0000000540)='/net/arp\x00', 0x9, 0x3, 0x0)
poke_ksched(r2, 0x0)
openat$dev_urandom(0xffffffffffffff9c, &(0x7f0000000580)='/dev/urandom\x00', 0xd, 0x1, 0x0)
openat$net_ether0_stats(0xffffffffffffff9c, &(0x7f00000005c0)='/net/ether0/stats\x00', 0x12, 0x1, 0x0)
openat$proc_self_syscall(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/syscall\x00', 0x13, 0x1, 0x0)
proc_create(&(0x7f0000000640)='./file0/file0\x00', 0xe, &(0x7f0000000680)='\x00', 0x1, 0x1)
openat$net_ipifc_0_snoop(0xffffffffffffff9c, &(0x7f00000006c0)='/net/ipifc/0/snoop\x00', 0x13, 0x1, 0x0)
openat$net_ether0_2_ifstats(0xffffffffffffff9c, &(0x7f0000000700)='/net/ether0/2/ifstats\x00', 0x16, 0x1, 0x0)
openat$net_ipifc_clone(0xffffffffffffff9c, &(0x7f0000000740)='/net/ipifc/clone\x00', 0x11, 0x3, 0x0)

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/17 08:43 akaros 93b9607ebeff 570df9b2 .config console log report ci-akaros-main
2018/07/17 08:42 akaros 93b9607ebeff 570df9b2 .config console log report ci-akaros-main
* Struck through repros no longer work on HEAD.