kernel panic: Arena kpages, request for zero
5 views
Skip to first unread message
syzbot
Jul 18, 2018, 2:00:04 PM7/18/18
to aka...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: bf9a9ba0d6af Add panic_hwtf() for kernel faults
git tree: https://github.com/akaros/akaros.git/master
console output: https://syzkaller.appspot.com/x/log.txt?x=11af25d0400000
kernel config: https://syzkaller.appspot.com/x/.config?x=efef8cf2939304d3
dashboard link: https://syzkaller.appspot.com/bug?extid=b5a16fa99d82f1e94650
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b5a16f...@syzkaller.appspotmail.com
kernel panic at kern/src/arena.c:707, from core 3: Arena kpages, request
for zero
Stack Backtrace on Core 3:
#01 [<0xffffffffc200a3e7>] in backtrace at src/kdebug.c:219
#02 [<0xffffffffc2009bb2>] in _panic at src/init.c:273
#03 [<0xffffffffc200251f>] in arena_alloc at src/arena.c:707
#04 [<0xffffffffc2046215>] in kpages_alloc at src/page_alloc.c:80
#05 [<0xffffffffc200a8ee>] in kmalloc at src/kmalloc.c:62
#06 [<0xffffffffc200a9af>] in kzmalloc at src/kmalloc.c:88
#07 [<0xffffffffc20394c1>] in parsecmd at src/ns/parse.c:78
#08 [<0xffffffffc2021bbc>] in routewrite at src/net/iproute.c:829
#09 [<0xffffffffc2016cf8>] in ipwrite at src/net/devip.c:1432
#10 [<0xffffffffc2040421>] in rwrite at src/ns/sysfile.c:1123
#11 [<0xffffffffc204063b>] in syswrite at src/ns/sysfile.c:1141
#12 [<0xffffffffc2055ef1>] in sys_write at src/syscall.c:1785
#13 [<0xffffffffc20593c9>] in syscall at src/syscall.c:2528
#14 [<0xffffffffc2059584>] in run_local_syscall at src/syscall.c:2563
#15 [<0xffffffffc2059ab9>] in prep_syscalls at src/syscall.c:2583
#16 [<0xffffffffc20ab29a>] in sysenter_callwrapper at arch/x86/trap.c:851
17:11:40 executing program 4:
r0 = openat$net_iproute(0xffffffffffffff9c,
&(0x7f00000002c0)='/net/iproute\x00', 0xd, 0x3, 0x0)
write(r0, &(0x7f0000000040)="ad", 0x1)
openat$dev_random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/random\x00',
0xc, 0x1, 0x0)
openat$dev_random(0xffffffffffffff9c, &(0x7f0000000080)='/dev/random\x00',
0xc, 0x1, 0x0)
17:11:40 executing program 6:
r0 = openat$proc_self_user(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/user\x00', 0x10, 0x1, 0x0)
abort_sysc_fd(r0)
fchdir(0x0, r0)
mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0)
openat$net_ipifc_0_listen(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ipifc/0/listen\x00', 0x14, 0x3, 0x0)
mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4)
openat$net_ipifc_0_remote(0xffffffffffffff9c,
&(0x7f0000000080)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0)
openat$net_tcp_0_ctl(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/tcp/0/ctl\x00', 0xf, 0x3, 0x0)
r1 = openat$net_udp_0_status(0xffffffffffffff9c,
&(0x7f0000000140)='/net/udp/0/status\x00', 0x12, 0x1, 0x0)
abort_sysc_fd(r1)
17:11:40 executing program 0:
openat$net_ipifc_0_remote(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0)
17:11:40 executing program 3:
openat$net_tcp_2_status(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/2/status\x00', 0x12, 0x1, 0x0)
r0 = openat$dev_cputime(0xffffffffffffff9c,
&(0x7f0000000280)='/dev/cputime\x00', 0xd, 0x1, 0x0)
fcntl$F_GETFL(r0, 0x3)
17:11:40 executing program 5:
r0 = openat$proc_self_fpregs(0xffffffffffffff9c,
&(0x7f00000000c0)='/proc/self/fpregs\x00', 0x12, 0x1, 0x0)
fstat(r0, &(0x7f0000000440))
openat$proc_self_fpregs(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/fpregs\x00', 0xffffffffffffffe4, 0x1, 0x0)
17:11:40 executing program 7:
r0 = openat$net_ipselftab(0xffffffffffffff9c,
&(0x7f0000000180)='/net/ipselftab\x00', 0xf, 0x1, 0x0)
llseek(r0, 0x0, 0x0, &(0x7f0000000000), 0x0)
openat$net_tcp_2_ctl(0xffffffffffffff9c,
&(0x7f0000000040)='/net/tcp/2/ctl\x00', 0xf, 0x3, 0x0)
17:11:40 executing program 2:
fcntl$F_GETFL(0xffffffffffffffff, 0x3)
17:11:40 executing program 1:
r0 = openat$dev_bintime(0xffffffffffffff9c,
&(0x7f0000000040)='/dev/bintime\x00', 0xd, 0x3, 0x0)
openat$net_tcp_2_err(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/2/err\x00', 0xf, 0x3, 0x0)
openat$net_ipifc_1_err(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/ipifc/1/err\x00', 0x2d3, 0x3, 0x0)
close(r0)
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: bf9a9ba0d6af Add panic_hwtf() for kernel faults
git tree: https://github.com/akaros/akaros.git/master
console output: https://syzkaller.appspot.com/x/log.txt?x=11af25d0400000
kernel config: https://syzkaller.appspot.com/x/.config?x=efef8cf2939304d3
dashboard link: https://syzkaller.appspot.com/bug?extid=b5a16fa99d82f1e94650
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b5a16f...@syzkaller.appspotmail.com
kernel panic at kern/src/arena.c:707, from core 3: Arena kpages, request
for zero
Stack Backtrace on Core 3:
#01 [<0xffffffffc200a3e7>] in backtrace at src/kdebug.c:219
#02 [<0xffffffffc2009bb2>] in _panic at src/init.c:273
#03 [<0xffffffffc200251f>] in arena_alloc at src/arena.c:707
#04 [<0xffffffffc2046215>] in kpages_alloc at src/page_alloc.c:80
#05 [<0xffffffffc200a8ee>] in kmalloc at src/kmalloc.c:62
#06 [<0xffffffffc200a9af>] in kzmalloc at src/kmalloc.c:88
#07 [<0xffffffffc20394c1>] in parsecmd at src/ns/parse.c:78
#08 [<0xffffffffc2021bbc>] in routewrite at src/net/iproute.c:829
#09 [<0xffffffffc2016cf8>] in ipwrite at src/net/devip.c:1432
#10 [<0xffffffffc2040421>] in rwrite at src/ns/sysfile.c:1123
#11 [<0xffffffffc204063b>] in syswrite at src/ns/sysfile.c:1141
#12 [<0xffffffffc2055ef1>] in sys_write at src/syscall.c:1785
#13 [<0xffffffffc20593c9>] in syscall at src/syscall.c:2528
#14 [<0xffffffffc2059584>] in run_local_syscall at src/syscall.c:2563
#15 [<0xffffffffc2059ab9>] in prep_syscalls at src/syscall.c:2583
#16 [<0xffffffffc20ab29a>] in sysenter_callwrapper at arch/x86/trap.c:851
17:11:40 executing program 4:
r0 = openat$net_iproute(0xffffffffffffff9c,
&(0x7f00000002c0)='/net/iproute\x00', 0xd, 0x3, 0x0)
write(r0, &(0x7f0000000040)="ad", 0x1)
openat$dev_random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/random\x00',
0xc, 0x1, 0x0)
openat$dev_random(0xffffffffffffff9c, &(0x7f0000000080)='/dev/random\x00',
0xc, 0x1, 0x0)
17:11:40 executing program 6:
r0 = openat$proc_self_user(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/user\x00', 0x10, 0x1, 0x0)
abort_sysc_fd(r0)
fchdir(0x0, r0)
mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0)
openat$net_ipifc_0_listen(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ipifc/0/listen\x00', 0x14, 0x3, 0x0)
mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4)
openat$net_ipifc_0_remote(0xffffffffffffff9c,
&(0x7f0000000080)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0)
openat$net_tcp_0_ctl(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/tcp/0/ctl\x00', 0xf, 0x3, 0x0)
r1 = openat$net_udp_0_status(0xffffffffffffff9c,
&(0x7f0000000140)='/net/udp/0/status\x00', 0x12, 0x1, 0x0)
abort_sysc_fd(r1)
17:11:40 executing program 0:
openat$net_ipifc_0_remote(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0)
17:11:40 executing program 3:
openat$net_tcp_2_status(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/2/status\x00', 0x12, 0x1, 0x0)
r0 = openat$dev_cputime(0xffffffffffffff9c,
&(0x7f0000000280)='/dev/cputime\x00', 0xd, 0x1, 0x0)
fcntl$F_GETFL(r0, 0x3)
17:11:40 executing program 5:
r0 = openat$proc_self_fpregs(0xffffffffffffff9c,
&(0x7f00000000c0)='/proc/self/fpregs\x00', 0x12, 0x1, 0x0)
fstat(r0, &(0x7f0000000440))
openat$proc_self_fpregs(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/fpregs\x00', 0xffffffffffffffe4, 0x1, 0x0)
17:11:40 executing program 7:
r0 = openat$net_ipselftab(0xffffffffffffff9c,
&(0x7f0000000180)='/net/ipselftab\x00', 0xf, 0x1, 0x0)
llseek(r0, 0x0, 0x0, &(0x7f0000000000), 0x0)
openat$net_tcp_2_ctl(0xffffffffffffff9c,
&(0x7f0000000040)='/net/tcp/2/ctl\x00', 0xf, 0x3, 0x0)
17:11:40 executing program 2:
fcntl$F_GETFL(0xffffffffffffffff, 0x3)
17:11:40 executing program 1:
r0 = openat$dev_bintime(0xffffffffffffff9c,
&(0x7f0000000040)='/dev/bintime\x00', 0xd, 0x3, 0x0)
openat$net_tcp_2_err(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/2/err\x00', 0xf, 0x3, 0x0)
openat$net_ipifc_1_err(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/ipifc/1/err\x00', 0x2d3, 0x3, 0x0)
close(r0)
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Jul 18, 2018, 9:59:02 PM7/18/18
to aka...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: bf9a9ba0d6af Add panic_hwtf() for kernel faults
git tree: https://github.com/akaros/akaros.git/master
console output: https://syzkaller.appspot.com/x/log.txt?x=17f03b68400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=138341c2400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b5a16f...@syzkaller.appspotmail.com
bash-4.3$ kernel panic at kern/src/arena.c:707, from core 0: Arena kpages,
request for zero
Stack Backtrace on Core 0:
#09 [<0xffffffffc2040421>] in rwrite at src/ns/sysfile.c:1123
#10 [<0xffffffffc204063b>] in syswrite at src/ns/sysfile.c:1141
#11 [<0xffffffffc2055ef1>] in sys_write at src/syscall.c:1785
#12 [<0xffffffffc20593c9>] in syscall at src/syscall.c:2528
#13 [<0xffffffffc2059584>] in run_local_syscall at src/syscall.c:2563
#14 [<0xffffffffc2059ab9>] in prep_syscalls at src/syscall.c:2583
#15 [<0xffffffffc20ab29a>] in sysenter_callwrapper at arch/x86/trap.c:851
HEAD commit: bf9a9ba0d6af Add panic_hwtf() for kernel faults
git tree: https://github.com/akaros/akaros.git/master
kernel config: https://syzkaller.appspot.com/x/.config?x=efef8cf2939304d3
dashboard link: https://syzkaller.appspot.com/bug?extid=b5a16fa99d82f1e94650
compiler:
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=1762c252400000
dashboard link: https://syzkaller.appspot.com/bug?extid=b5a16fa99d82f1e94650
compiler:
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=138341c2400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b5a16f...@syzkaller.appspotmail.com
request for zero
Stack Backtrace on Core 0:
#01 [<0xffffffffc200a3e7>] in backtrace at src/kdebug.c:219
#02 [<0xffffffffc2009bb2>] in _panic at src/init.c:273
#03 [<0xffffffffc200251f>] in arena_alloc at src/arena.c:707
#04 [<0xffffffffc2046215>] in kpages_alloc at src/page_alloc.c:80
#05 [<0xffffffffc200a8ee>] in kmalloc at src/kmalloc.c:62
#06 [<0xffffffffc200a9af>] in kzmalloc at src/kmalloc.c:88
#07 [<0xffffffffc20394c1>] in parsecmd at src/ns/parse.c:78
#08 [<0xffffffffc2016d5e>] in ipwrite at src/net/devip.c:1441
#02 [<0xffffffffc2009bb2>] in _panic at src/init.c:273
#03 [<0xffffffffc200251f>] in arena_alloc at src/arena.c:707
#04 [<0xffffffffc2046215>] in kpages_alloc at src/page_alloc.c:80
#05 [<0xffffffffc200a8ee>] in kmalloc at src/kmalloc.c:62
#06 [<0xffffffffc200a9af>] in kzmalloc at src/kmalloc.c:88
#07 [<0xffffffffc20394c1>] in parsecmd at src/ns/parse.c:78
#09 [<0xffffffffc2040421>] in rwrite at src/ns/sysfile.c:1123
#10 [<0xffffffffc204063b>] in syswrite at src/ns/sysfile.c:1141
#11 [<0xffffffffc2055ef1>] in sys_write at src/syscall.c:1785
#12 [<0xffffffffc20593c9>] in syscall at src/syscall.c:2528
#13 [<0xffffffffc2059584>] in run_local_syscall at src/syscall.c:2563
#14 [<0xffffffffc2059ab9>] in prep_syscalls at src/syscall.c:2583
#15 [<0xffffffffc20ab29a>] in sysenter_callwrapper at arch/x86/trap.c:851
Reply all
Reply to author
Forward
0 new messages