syzbot

 sign-in | mailing list | source | docs
🐞 Open [10]
🐞 Fixed [25]
🐞 Invalid [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel panic: Proc-ful Page Fault in the Kernel at ADDR!P

Status: closed as invalid on 2018/07/19 20:25
Reported-by: syzbot+fa66287dd2d09cb5b288@syzkaller.appspotmail.com
First crash: 2318d, last: 2318d

Sample crash report:
kernel panic at kern/arch/x86/trap.c:309, from core 1: Proc-ful Page Fault in the Kernel at 0x000000000000001b!P
rHW TRAP frame at 0xfffffff0000f4d30 on core 1
 ax  0x0000000000000000
0000f4d30 on core 1
00000001b!nbuf 69,  STAT_FIX_LEN_9P 49 ST16SZ 2, GBIT16(buf) 0 
B rbx  0xffff800004890520 his is bad!
800004890520
T rcx  0xffff  rcx  0xfffffff0000f4ea0
n rdx  0xfffffff0000f4d6c
9  IT16SZ 2, GBIT16(buf) 0 
B rbp  0xfffffff0000f4e38 his is bad!
This is bad!
fff0000f4e38
23:12:36 executing program 0:
r0 = openat$proc_self_user(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/user\x00', 0x10, 0x1, 0x0)
read(r0, &(0x7f0000002200)=""/4096, 0xfffffffffffffd53)
openat$net_ether0_0_data(0xffffffffffffff9c, &(0x7f0000000080)='/net/ether0/0/data\x00', 0x13, 0x3, 0x0)
openat$proc_self_user(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/user\x00', 0x10, 0x1, 0x0)
  rsi  0x0000000000000000
  rdi  0xfffffff0000f4ea0
  r8   0x0000000000000001
  r9   0xffffffffc8790880
  r10  0x0000000000000030
  r11  0xffff8000142261a0
  r12  0xffff80000217cf40
  r13  0x0000000020000580
  r14  0x0000000000000073
  r15  0x0000000000000077
  trap 0x0000000e Page Fault
  gsbs 0xffffffffc8667c40
  fsbs 0x0000000000000000
  err  0x--------00000000
  rip  0xffffffffc20583b4
  cs   0x------------0008
  flag 0x0000000000010246
  rsp  0xfffffff0000f4df8
  ss   0x------------0010
Backtrace of kernel context on Core 1:
#01 [<0xffffffffc20583b4>] in sys_readlink at src/syscall.c:2037
#02 [<0xffffffffc20593c9>] in syscall at src/syscall.c:2528
#03 [<0xffffffffc2059584>] in run_local_syscall at src/syscall.c:2563
#04 [<0xffffffffc2059ab9>] in prep_syscalls at src/syscall.c:2583
#05 [<0xffffffffc20ab29a>] in sysenter_callwrapper at arch/x86/trap.c:851
23:12:41 executing program 3:
r0 = openat$net_icmpv6_stats(0xffffffffffffff9c, &(0x7f0000000100)='/net/icmpv6/stats\x00', 0x12, 0x1, 0x0)
openat$net_ipifc_0_err(0xffffffffffffff9c, &(0x7f0000000000)='/net/ipifc/0/err\x00', 0x11, 0x3, 0x0)
fstat(r0, &(0x7f0000000140))
23:12:41 executing program 7:
r0 = openat$proc_self_segment(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/segment\x00', 0x13, 0x1, 0x0)
openat$net_tcp_1_data(0xffffffffffffff9c, &(0x7f0000000040)='/net/tcp/1/data\x00', 0x10, 0x3, 0x0)
fcntl$F_GETFL(r0, 0x3)
openat$net_cs(0xffffffffffffff9c, &(0x7f0000000000)='/net/cs\x00', 0x8, 0x3, 0x0)
openat$net_ipifc_1_status(0xffffffffffffff9c, &(0x7f0000000080)='/net/ipifc/1/status\x00', 0x14, 0x1, 0x0)
23:12:41 executing program 4:
openat$net_ipifc_1_err(0xffffffffffffff9c, &(0x7f0000000140)='/net/ipifc/1/err\x00', 0xd182648867fed60c, 0x3, 0x0)
openat$net_ether0_stats(0xffffffffffffff9c, &(0x7f0000000000)='/net/ether0/stats\x00', 0x12, 0x1, 0x0)
openat$net_tcp_1_status(0xffffffffffffff9c, &(0x7f0000000040)='/net/tcp/1/status\x00', 0x12, 0x1, 0x0)
23:12:41 executing program 2:
openat$proc_self_noteid(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/noteid\x00', 0xf11931e4d16883b2, 0x3, 0x0)
23:12:41 executing program 6:
openat$net_tcp_2_data(0xffffffffffffff9c, &(0x7f0000000040)='/net/tcp/2/data\x00', 0x10, 0x3, 0x0)
openat$proc_self_user(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/user\x00', 0x10, 0x1, 0x0)
r0 = openat$net_ether0_2_data(0xffffffffffffff9c, &(0x7f0000000080)='/net/ether0/2/data\x00', 0x21e, 0x3, 0x0)
openat$net_ether0_2_ifstats(0xffffffffffffff9c, &(0x7f0000000000)='/net/ether0/2/ifstats\x00', 0x16, 0x1, 0x0)
fcntl$F_GETFL(r0, 0x3)
23:12:41 executing program 5:
openat$proc_self_profile(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/profile\x00', 0x13, 0x1, 0x0)
openat$net_ether0_0_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/net/ether0/0/ctl\x00', 0x12, 0x3, 0x0)
openat$proc_self_wait(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/wait\x00', 0xffffffffffffff94, 0x1, 0x0)
openat$net_ether0_0_stats(0xffffffffffffff9c, &(0x7f0000000080)='/net/ether0/0/stats\x00', 0x3, 0x1, 0x0)
openat$net_ipifc_1_snoop(0xffffffffffffff9c, &(0x7f00000000c0)='/net/ipifc/1/snoop\x00', 0x13, 0x1, 0x0)
23:12:41 executing program 1:
r0 = openat$prof_mpstat_raw(0xffffffffffffff9c, &(0x7f0000000000)='/prof/mpstat-raw\x00', 0x11, 0x3, 0x0)
openat$dev_kmesg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kmesg\x00', 0xb, 0x1, 0x0)
close(r0)
openat$dev_zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0xa, 0x1, 0x0)
23:12:42 executing program 0:
mmap(&(0x7f0000469000/0x3000)=nil, 0x3000, 0x0, 0xcfa152f92a177136, 0xffffffffffffff9c, 0x0)
r0 = openat$net_log(0xffffffffffffff9c, &(0x7f0000000000)='/net/log\x00', 0x9, 0x3, 0x0)
r1 = openat$net_tcp_1_data(0xffffffffffffff9c, &(0x7f0000000100)='/net/tcp/1/data\x00', 0x10, 0x3, 0x0)
tap_fds(&(0x7f0000000200)=[{r0, 0x2, 0x0, 0x1, &(0x7f00000000c0)={&(0x7f0000000040)="90285b1d74ddbfe3daef3ffc374ccc585d72c8796e53483bf9a590308145e908625de2725bb02a89a78de3db986d7e88de44452aca29be14f65cf8e66fa9adbe673384048f88918e3404de56951d1dfd", 0x7fff, 0x1, 0x8, 0x8, 0x5}}, {r1, 0x3, 0x200, 0x4, &(0x7f00000001c0)={&(0x7f0000000140)="2b2977f97d81868b28ae515f7cc11988252188bb50b8cc54636af11262adb1116e4e5aada3c2ae2c9d8d047a0f631bedf141c3c378ada10020925cf7c36b8b86ac583f9921398d7c0cd75def16fd9a6a", 0x6, 0x0, 0x80000000, 0x9}}], 0x2)

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/18 23:12 akaros bf9a9ba0d6af 49f35839 .config console log report ci-akaros-main
2018/07/18 18:43 akaros bf9a9ba0d6af 49f35839 .config console log report ci-akaros-main
* Struck through repros no longer work on HEAD.