syzbot

 sign-in | mailing list | source | docs
🐞 Open [10]
🐞 Fixed [25]
🐞 Invalid [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel panic: n-ful Page Fault in theP rbp ADDR

Status: closed as invalid on 2018/07/18 15:49
Reported-by: syzbot+1bb748fc12a00849a2be@syzkaller.appspotmail.com
First crash: 2320d, last: 2320d

Sample crash report:
 erkernel panic at kern/arch/x86/trap.c:311, from core 2: n-ful Page Fault in theP  rbp  0xfffffff0000a9e38
   rsi  0x0000000000000000
rdi  0xfffffff00 00a9ea0
 Kernel at 0x000000000000001b! 
rStack Backtrace on Core 2:
c#01 [<0xffffffffc200a3b7>] in backtrace
#02 [<0xffffffffc2009b[7c>] in _panic
<0xffffffffc20aa649>]# r8   0x0000002f92d964a0
  r8   0x0000002f92d964a0
 in trap
 
 r9   0xffffffffc8790880
  r10  0x0000000000000030
  r11  0xffff800004984420
  r12  0xffff800002177d00
  r13  0x0000000020000540
  r14  0x0000000000000073
  r15  0x0000000000000077
  trap 0x0000000e Page Fault
   gsbs 0xffffffffc8667c40
   fsbs 0x0000000000000000
frr  0x--------00000000
lt
eROS(Core 2)> Core 2)> or a list of   rip  0xffffffffc2058134
  cs   0x------------0008
  flag 0x0000000000010246
  rsp  0xfffffff0000a9df8
  ss   0x------------0010
Backtrace of kernel context on Core 1:
#01 [<0xffffffffc201 [<0xffffffffc2058134>] in sys_readlink
0TRAP frame at 0xfffff53
f34>] in sys_readlink
f#02 [<0xffffffffc2059149>] in syscall
2#03 [<0xffffffffc2059304>] in run_lo [<0xffffffffc20593cal_syscall
 #04 [<0xffffffffc2059839>] in prep_syscalls
0#05 [<0xffffffffc20aaf1a>] in sysenter_callwrapper
5kernel panic at kern/arch/x86/trap.c:311, from core n1: eful Page Fault in theP rbx  0x000000000069f2c0
  Kernel at 0x000000000000001b! rbx  0x000000000069f2c0
S rcx  0xffff8000049802d0
 #01 [<0xffffffff01 [<0xffffffffc200a3b7>]c0009adf0
  in backtrace
 #02 [<0xffffffffc2009b7c>] in _panic
2#03 [<0xffffffffc20aa649>] in trap
 
[<0xffffffffc20aa649>]  rbp  0xfffffff00009ad88
  rsi  0x00007f80000a1140
18:02:43 executing program 2:
r0 = fcntl$F_DUPFD(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0)
r1 = proc_create(&(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000040)=';\x00', 0x2, 0x1)
waitpid(r1, &(0x7f0000000080), 0x3)
fcntl$F_GETFL(r0, 0x3)
vmm_ctl$VMM_CTL_SET_EXITS(0x2, 0x1)
18:02:43 executing program 0:
proc_create(&(0x7f0000000000)='./file0\x00', 0x8, &(0x7f00000000c0), 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3, 0xe01d, 0xffffffffffffff9c, 0x0)
18:02:43 executing program 5:
vmm_ctl$VMM_CTL_SET_FLAGS(0x4, 0x4)
vmm_ctl$VMM_CTL_SET_FLAGS(0x4, 0x6)
vmm_ctl$VMM_CTL_SET_FLAGS(0x4, 0x3)
  rdi  0xffff800002176dc0
18:02:43 executing program 1:
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x200, 0x43, 0x0)
rmdir(&(0x7f0000000100)='./file0\x00', 0x6d36ec5)
fcntl$F_DUPFD(r0, 0x0, r0, 0x1)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x400, 0x1d0, 0x0)
  r8   0x0000000000000000
18:02:43 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8, 0x80, 0xb4)
readlink(&(0x7f0000000100)='./file0\x00', 0x8, &(0x7f0000000140)=""/180, 0xb4)
r1 = fcntl$F_DUPFD(r0, 0x0, r0, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xfffffffffffffffd, r1, 0x0)
exec(&(0x7f0000000040)='./file0\x00', 0x8, &(0x7f00000000c0)='@\x00', 0x2)
  r9   0x0000000000000000
  r10  0x000010000000a4c0
  r11  0x0000000000000206
  r12  0xffff800002176dc0
   r13  0xffff800002176dc0
   r14  0xfffffff00009adf0
r15  0x0000000000000000
pe 'help' for a list of   trap 0x0000000e Page Fault
  gsbs 0xffffffffc8668140
  fsbs 0x0000000000000000
  err  0x--------00000000
  rip  0xffffffffc2006fb9
  cs   0x------------0008
  flag 0x0000000000010286
  rsp  0xfffffff00009ad88
  ss   0x------------0010
Backtrace of kernel context on Core 3:
#01 [<0xffffffffc2006fb9>] in post_ev_msg.isra.1 at src/event.c:82
#02 [<     [inline]     >] in post_vc_msg at src/event.c:106
#02 [<0xffffffffc2007836>] in post_vcore_event at src/event.c:489
#03 [<0xffffffffc2056f42>] in sys_self_notify at src/syscall.c:1506
#04 [<0xffffffffc2059149>] in syscall at src/syscall.c:2528
#05 [<0xffffffffc2059304>] in run_local_syscall at src/syscall.c:2563
#06 [<0xffffffffc2059839>] in prep_syscalls at src/syscall.c:2583
#07 [<0xffffffffc20aaf1a>] in sysenter_callwrapper at arch/x86/trap.c:859
kernel panic at kern/arch/x86/trap.c:311, from core 3: Proc-ful Page Fault in the Kernel at 0x00007f80000a1140!
Stack Backtrace on Core 3:
#01 [<0xffffffffc200a3b7>] in backtrace at src/kdebug.c:219
#02 [<0xffffffffc2009b7c>] in _panic at src/init.c:266
#03 [<     [inline]     >] in __handler_kernel_page_fault at arch/x86/trap.c:311
#03 [<     [inline]     >] in __handle_page_fault at arch/x86/trap.c:327
#03 [<     [inline]     >] in trap_dispatch at arch/x86/trap.c:589
#03 [<0xffffffffc20aa649>] in trap at arch/x86/trap.c:674
18:02:49 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x800, 0xc1, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x8011, r0, 0x0)
mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000000)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/16 18:02 akaros 93b9607ebeff 40cb0c9a .config console log report ci-akaros-main
* Struck through repros no longer work on HEAD.