kernel panic: nbuf 228, STAT_FIX_LEN_9P 49 cclose ADDRBIT16SZ 2, GBIT16(buf) 0
0 views
Skip to first unread message
syzbot
Jul 18, 2018, 8:00:04 PM7/18/18
to aka...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: bf9a9ba0d6af Add panic_hwtf() for kernel faults
git tree: https://github.com/akaros/akaros.git/master
console output: https://syzkaller.appspot.com/x/log.txt?x=16d3cf94400000
kernel config: https://syzkaller.appspot.com/x/.config?x=efef8cf2939304d3
dashboard link: https://syzkaller.appspot.com/bug?extid=6d1da2175d58840eb6ed
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6d1da2...@syzkaller.appspotmail.com
kernel panic at kern/src/ns/chan.c:324, from core 1: nbuf 228,
STAT_FIX_LEN_9P 49 cclose 0x0000000000000000BIT16SZ 2, GBIT16(buf) 0
Stack Backtrace on Core 1:
This is bad!
20:28:51 executing program 2:
r0 = openat$prof_mpstat_raw(0xffffffffffffff9c,
&(0x7f0000000040)='/prof/mpstat-raw\x00', 0x11, 0x3, 0x0)
fd2path(r0, &(0x7f0000001080)=""/4096, 0x1000)
openat$net_tcp_2_remote(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/2/remote\x00', 0x12, 0x1, 0x0)
#01 [<0xffffffffc200a3e7>] in backtrace at src/kdebug.c:219
#02 [<0xffffffffc2009bb2>] in _panic at src/init.c:273
#03 [<0xffffffffc2031a9a>] in cclose at src/ns/chan.c:324
#04 [<0xffffffffc2033429>] in walk_symlink at src/ns/chan.c:1695
#05 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#06 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#07 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#08 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#09 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#10 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#11 [<0xffffffffc2032f32>] in walk at src/ns/chan.c:864
#12 [<0xffffffffc2033609>] in __namec_from at src/ns/chan.c:1131
#13 [<0xffffffffc20341ef>] in namec at src/ns/chan.c:1509
#14 [<0xffffffffc203d066>] in __stat at src/ns/sysfile.c:1032
#15 [<0xffffffffc203e219>] in sysstatakaros at src/ns/sysfile.c:1062
#16 [<0xffffffffc2055e0c>] in stat_helper at src/syscall.c:1872
#17 [<0xffffffffc2055ebf>] in sys_lstat at src/syscall.c:1897
#18 [<0xffffffffc20593c9>] in syscall at src/syscall.c:2528
#19 [<0xffffffffc2059584>] in run_local_syscall at src/syscall.c:2563
#20 [<0xffffffffc2059ab9>] in prep_syscalls at src/syscall.c:2583
20:28:56 executing program 1:
openat$net_tcp_1_data(0xffffffffffffff9c,
&(0x7f0000000040)='/net/tcp/1/data\x00', 0x10, 0x3, 0x0)
openat$proc_self_maps(0xffffffffffffff9c,
&(0x7f0000000080)='/proc/self/maps\x00', 0x10, 0x1, 0x0)
openat$net_ipifc_1_status(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ipifc/1/status\x00', 0x11, 0x1, 0x0)
20:28:56 executing program 7:
r0 = openat$net_iproute(0xffffffffffffff9c,
&(0x7f0000000100)='/net/iproute\x00', 0xfe35, 0x3, 0x0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x32, r0, 0x0)
openat$dev_consctl(0xffffffffffffff9c,
&(0x7f0000000000)='/dev/consctl\x00', 0xd, 0x3, 0x0)
20:28:56 executing program 0:
r0 = openat$dev_empty(0xffffffffffffff9c,
&(0x7f0000001280)='/dev/.empty\x00', 0xfffffffffffffdc6, 0x3, 0x0)
readlink(&(0x7f0000001340)='./file1\x00', 0xffffffffffffff3a,
&(0x7f0000001400)=""/65, 0xfffffd3b)
fd2path(r0, &(0x7f0000000180)=""/159, 0x9f)
readlink(&(0x7f0000000040)='./file1\x00', 0x8, &(0x7f0000000140)=""/3, 0x3)
readlink(&(0x7f0000000000)='./file1\x00', 0x8, &(0x7f00000012c0)=""/77,
0x4d)
readlink(&(0x7f0000000240)='./file1\x00', 0x8, &(0x7f0000000280)=""/4096,
0x1000)
20:28:56 executing program 4:
r0 = openat$net_tcp_1_data(0xffffffffffffff9c,
&(0x7f0000000280)='/net/tcp/1/data\x00', 0x10, 0x3, 0x0)
llseek(r0, 0x0, 0x0, &(0x7f00000004c0), 0x0)
20:28:56 executing program 6:
openat$dev_consctl(0xffffffffffffff9c,
&(0x7f0000000000)='/dev/consctl\x00', 0xd, 0x3, 0x0)
openat$net_ether0_1_ctl(0xffffffffffffff9c,
&(0x7f0000000080)='/net/ether0/1/ctl\x00', 0xfffffffffffffddd, 0x3, 0x0)
20:28:56 executing program 5:
fcntl$F_SETFL(0xffffffffffffffff, 0x4, 0x0)
20:28:56 executing program 3:
r0 = openat$prof_mpstat_raw(0xffffffffffffff9c,
&(0x7f0000000000)='/prof/mpstat-raw\x00', 0x11, 0x3, 0x0)
fcntl$F_GETFD(r0, 0x1)
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: bf9a9ba0d6af Add panic_hwtf() for kernel faults
git tree: https://github.com/akaros/akaros.git/master
console output: https://syzkaller.appspot.com/x/log.txt?x=16d3cf94400000
kernel config: https://syzkaller.appspot.com/x/.config?x=efef8cf2939304d3
dashboard link: https://syzkaller.appspot.com/bug?extid=6d1da2175d58840eb6ed
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6d1da2...@syzkaller.appspotmail.com
kernel panic at kern/src/ns/chan.c:324, from core 1: nbuf 228,
STAT_FIX_LEN_9P 49 cclose 0x0000000000000000BIT16SZ 2, GBIT16(buf) 0
Stack Backtrace on Core 1:
This is bad!
20:28:51 executing program 2:
r0 = openat$prof_mpstat_raw(0xffffffffffffff9c,
&(0x7f0000000040)='/prof/mpstat-raw\x00', 0x11, 0x3, 0x0)
fd2path(r0, &(0x7f0000001080)=""/4096, 0x1000)
openat$net_tcp_2_remote(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/2/remote\x00', 0x12, 0x1, 0x0)
#01 [<0xffffffffc200a3e7>] in backtrace at src/kdebug.c:219
#02 [<0xffffffffc2009bb2>] in _panic at src/init.c:273
#03 [<0xffffffffc2031a9a>] in cclose at src/ns/chan.c:324
#04 [<0xffffffffc2033429>] in walk_symlink at src/ns/chan.c:1695
#05 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#06 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#07 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#08 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#09 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#10 [<0xffffffffc2033414>] in walk_symlink at src/ns/chan.c:1693
#11 [<0xffffffffc2032f32>] in walk at src/ns/chan.c:864
#12 [<0xffffffffc2033609>] in __namec_from at src/ns/chan.c:1131
#13 [<0xffffffffc20341ef>] in namec at src/ns/chan.c:1509
#14 [<0xffffffffc203d066>] in __stat at src/ns/sysfile.c:1032
#15 [<0xffffffffc203e219>] in sysstatakaros at src/ns/sysfile.c:1062
#16 [<0xffffffffc2055e0c>] in stat_helper at src/syscall.c:1872
#17 [<0xffffffffc2055ebf>] in sys_lstat at src/syscall.c:1897
#18 [<0xffffffffc20593c9>] in syscall at src/syscall.c:2528
#19 [<0xffffffffc2059584>] in run_local_syscall at src/syscall.c:2563
#20 [<0xffffffffc2059ab9>] in prep_syscalls at src/syscall.c:2583
20:28:56 executing program 1:
openat$net_tcp_1_data(0xffffffffffffff9c,
&(0x7f0000000040)='/net/tcp/1/data\x00', 0x10, 0x3, 0x0)
openat$proc_self_maps(0xffffffffffffff9c,
&(0x7f0000000080)='/proc/self/maps\x00', 0x10, 0x1, 0x0)
openat$net_ipifc_1_status(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ipifc/1/status\x00', 0x11, 0x1, 0x0)
20:28:56 executing program 7:
r0 = openat$net_iproute(0xffffffffffffff9c,
&(0x7f0000000100)='/net/iproute\x00', 0xfe35, 0x3, 0x0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x32, r0, 0x0)
openat$dev_consctl(0xffffffffffffff9c,
&(0x7f0000000000)='/dev/consctl\x00', 0xd, 0x3, 0x0)
20:28:56 executing program 0:
r0 = openat$dev_empty(0xffffffffffffff9c,
&(0x7f0000001280)='/dev/.empty\x00', 0xfffffffffffffdc6, 0x3, 0x0)
readlink(&(0x7f0000001340)='./file1\x00', 0xffffffffffffff3a,
&(0x7f0000001400)=""/65, 0xfffffd3b)
fd2path(r0, &(0x7f0000000180)=""/159, 0x9f)
readlink(&(0x7f0000000040)='./file1\x00', 0x8, &(0x7f0000000140)=""/3, 0x3)
readlink(&(0x7f0000000000)='./file1\x00', 0x8, &(0x7f00000012c0)=""/77,
0x4d)
readlink(&(0x7f0000000240)='./file1\x00', 0x8, &(0x7f0000000280)=""/4096,
0x1000)
20:28:56 executing program 4:
r0 = openat$net_tcp_1_data(0xffffffffffffff9c,
&(0x7f0000000280)='/net/tcp/1/data\x00', 0x10, 0x3, 0x0)
llseek(r0, 0x0, 0x0, &(0x7f00000004c0), 0x0)
20:28:56 executing program 6:
openat$dev_consctl(0xffffffffffffff9c,
&(0x7f0000000000)='/dev/consctl\x00', 0xd, 0x3, 0x0)
openat$net_ether0_1_ctl(0xffffffffffffff9c,
&(0x7f0000000080)='/net/ether0/1/ctl\x00', 0xfffffffffffffddd, 0x3, 0x0)
20:28:56 executing program 5:
fcntl$F_SETFL(0xffffffffffffffff, 0x4, 0x0)
20:28:56 executing program 3:
r0 = openat$prof_mpstat_raw(0xffffffffffffff9c,
&(0x7f0000000000)='/prof/mpstat-raw\x00', 0x11, 0x3, 0x0)
fcntl$F_GETFD(r0, 0x1)
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Barret Rhoden
Jul 19, 2018, 4:24:51 PM7/19/18
to syzbot, aka...@googlegroups.com
On 2018-07-18 at 17:00 syzbot
#syz invalid
Reply all
Reply to author
Forward
0 new messages