kernel panic: Proc-ful Page Fault in the Kernel at ADDR!Proc-ful Page Fau
1 view
Skip to first unread message
syzbot
Jul 18, 2018, 8:00:05 PM7/18/18
to aka...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: bf9a9ba0d6af Add panic_hwtf() for kernel faults
git tree: https://github.com/akaros/akaros.git/master
console output: https://syzkaller.appspot.com/x/log.txt?x=150d8f70400000
kernel config: https://syzkaller.appspot.com/x/.config?x=efef8cf2939304d3
dashboard link: https://syzkaller.appspot.com/bug?extid=9dc7c3b45cbde88af99d
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9dc7c3...@syzkaller.appspotmail.com
kernel panic at kern/arch/x86/trap.c:309, from core 3: Proc-ful Page Fault
in the Kernel at 0x00007f80003b5790!Proc-ful Page Fau
lHW TRAP fxfffffff0000e8cc0 on core 3
rame at 0x0fffffff0000e8cc0 on core 3
0 rax 0x00007f7fffa01200
0 3rbx 0x00000000009b38c0
b rc5x 0xffff8000044e62d0
790 rdx 0xfffffff0000e8df0
!nbuf 42, STAT_FIX_LEN_9P 4 STAT_FI9 e8dX88
_0007f80003 BIT16IT16SZ 2, GBITSZ 2, GBIT16(buf)16(buf) 0
rdi 0xffff80000218cf40
4 r8 0x0000000000000001
1 his is bad!
T000000000000
h r10 0x000010000000a4c0
r11 0x00 r11 0x0000000000000206
0 r12 0xffff80000218cf40
f r13 0xffff80000218cf40
21:01:51 executing program 5:
openat$net_ipifc_1_snoop(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ipifc/1/snoop\x00', 0x13, 0x1, 0x0)
r0 = openat$net_ether0_stats(0xffffffffffffff9c,
&(0x7f0000000100)='/net/ether0/stats\x00', 0x29d, 0x1, 0x0)
fd2path(r0, &(0x7f00000006c0)=""/120, 0x78)
openat$net_udp_0_status(0xffffffffffffff9c,
&(0x7f0000000000)='/net/udp/0/status\x00', 0x12, 0x1, 0x0)
openat$net_ether0_2_ifstats(0xffffffffffffff9c,
&(0x7f0000000080)='/net/ether0/2/ifstats\x00', 0x16, 0x1, 0x0)
21:01:51 executing program 0:
openat$proc_self_syscall(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/syscall\x00', 0x13, 0x1, 0x0)
openat$net_ether0_clone(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ether0/clone\x00', 0x12, 0x3, 0x0)
r14 0xfffffff0000e8df0
r15 0x0000000000000008
trap 0x0000000e Page Fault
gsbs 0xffffffffc8668140
fsbs 0x0000000000000000
err 0x--------00000000
rip 0xffffffffc2007019
cs 0x------------0008
flag 0x0000000000010282
rsp 0xfffffff0000e8d88
ss 0x------------0010
Backtrace of kernel context on Core 3:
#01 [<0xffffffffc2007019>] in post_ev_msg.isra.1 at src/event.c:82
#02 [< [inline] >] in post_vc_msg at src/event.c:106
#02 [<0xffffffffc2007896>] in post_vcore_event at src/event.c:489
#03 [<0xffffffffc20571c2>] in sys_self_notify at src/syscall.c:1506
#04 [<0xffffffffc20593c9>] in syscall at src/syscall.c:2528
#05 [<0xffffffffc2059584>] in run_local_syscall at src/syscall.c:2563
#06 [<0xffffffffc2059ab9>] in prep_syscalls at src/syscall.c:2583
#07 [<0xffffffffc20ab29a>] in sysenter_callwrapper at arch/x86/trap.c:851
21:01:55 executing program 4:
openat$dev_bintime(0xffffffffffffff9c,
&(0x7f0000000140)='/dev/bintime\x00', 0x5, 0x3, 0x0)
openat$proc_self_fpregs(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/fpregs\x00', 0x12, 0x1, 0x0)
21:01:55 executing program 2:
openat$net_ipifc_0_local(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ipifc/0/local\x00', 0x13, 0x1, 0x0)
openat$net_ipifc_0_err(0xffffffffffffff9c,
&(0x7f0000000100)='/net/ipifc/0/err\x00', 0x4, 0x3, 0x0)
21:01:55 executing program 3:
openat$proc_self_vmstatus(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/vmstatus\x00', 0x14, 0x1, 0x0)
openat$net_icmp_clone(0xffffffffffffff9c,
&(0x7f00000003c0)='/net/icmp/clone\x00', 0x6, 0x3, 0x0)
21:01:55 executing program 6:
openat$net_ether0_clone(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ether0/clone\x00', 0x12, 0x3, 0x0)
r0 = openat$dev_pid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pid\x00',
0x9, 0x1, 0x0)
openat(r0, &(0x7f0000000080)='./file0\x00', 0x8, 0x44, 0x0)
21:01:55 executing program 7:
r0 = fcntl$F_DUPFD(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x1)
fstat(r0, &(0x7f0000000000))
21:01:55 executing program 4:
r0 = openat$proc_self_maps(0xffffffffffffff9c,
&(0x7f0000000100)='/proc/self/maps\x00', 0x10, 0x1, 0x0)
r1 = openat$net_ipifc_1_status(0xffffffffffffff9c,
&(0x7f00000001c0)='/net/ipifc/1/status\x00', 0x14, 0x1, 0x0)
fcntl$F_DUPFD(r0, 0x0, r1, 0x0)
openat$dev_hostowner(0xffffffffffffff9c,
&(0x7f0000000080)='/dev/hostowner\x00', 0xf, 0x3, 0x0)
openat$prof_kpctl(0xffffffffffffff9c, &(0x7f0000000040)='/prof/kpctl\x00',
0xc, 0x3, 0x0)
openat$proc_self_wait(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/wait\x00', 0x10, 0x1, 0x0)
openat$net_ether0_1_type(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/ether0/1/type\x00', 0x13, 0x1, 0x0)
21:01:55 executing program 1:
r0 = openat$net_tcp_2_err(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/2/err\x00', 0xf, 0x3, 0x0)
mmap(&(0x7f0000bcc000/0x3000)=nil, 0x3000, 0x8000000a, 0x11, r0,
0xffffffffffffffff)
21:01:55 executing program 5:
r0 = openat$dev_empty(0xffffffffffffff9c,
&(0x7f0000000000)='/dev/.empty\x00', 0xc, 0x3, 0x0)
openat$net_tcp_2_err(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/tcp/2/err\x00', 0xf, 0x3, 0x0)
fd2path(r0, &(0x7f0000000180)=""/159, 0x9f)
openat$net_ether0_ifstats(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ether0/ifstats\x00', 0x14, 0x1, 0x0)
close(r0)
openat$proc_self_user(0xffffffffffffff9c,
&(0x7f0000000080)='/proc/self/user\x00', 0x10, 0x1, 0x0)
21:01:55 executing program 6:
openat$net_ipifc_0_err(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ipifc/0/err\x00', 0x11, 0x3, 0x0)
r0 = openat$net_ipifc_stats(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x8, 0x43, 0x0)
21:01:55 executing program 3:
openat$net_log(0xffffffffffffff9c, &(0x7f0000000000)='/net/log\x00', 0x9,
0x3, 0x0)
r0 = openat$dev_cputime(0xffffffffffffff9c,
&(0x7f00000000c0)='/dev/cputime\x00', 0x8, 0x1, 0x0)
openat$net_ether0_2_data(0xffffffffffffff9c,
&(0x7f0000000100)='/net/ether0/2/data\x00', 0x13, 0x3, 0x0)
fstat(r0, &(0x7f0000000140))
openat$net_log(0xffffffffffffff9c, &(0x7f0000000080)='/net/log\x00', 0x9,
0x3, 0x0)
openat$net_tcp_2_listen(0xffffffffffffff9c,
&(0x7f0000000040)='/net/tcp/2/listen\x00', 0x12, 0x3, 0x0)
21:01:55 executing program 7:
r0 = openat$net_tcp_0_local(0xffffffffffffff9c,
&(0x7f0000000140)='/net/tcp/0/local\x00', 0x49, 0x1, 0x0)
fd2path(r0, &(0x7f0000000180)=""/111, 0x6f)
21:01:56 executing program 4:
openat$proc_self_wait(0xffffffffffffff9c,
&(0x7f00000001c0)='/proc/self/wait\x00', 0xfffffffffffffc59, 0x1, 0x0)
openat$net_ether0_1_data(0xffffffffffffff9c,
&(0x7f0000000080)='/net/ether0/1/data\x00', 0xffffffffffffff9f, 0x3, 0x0)
21:01:56 executing program 5:
vmm_ctl$VMM_CTL_SET_FLAGS(0x4, 0x1)
21:01:57 executing program 3:
abort_sysc_fd(0xffffffffffffffff)
openat$net_ether0_1_data(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ether0/1/data\x00', 0x13, 0x3, 0x0)
openat$proc_self_maps(0xffffffffffffff9c,
&(0x7f0000000040)='/proc/self/maps\x00', 0x10, 0x1, 0x0)
openat$net_tcp_0_ctl(0xffffffffffffff9c,
&(0x7f0000000080)='/net/tcp/0/ctl\x00', 0xf, 0x3, 0x0)
21:01:57 executing program 1:
openat$net_ipifc_0_data(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ipifc/0/data\x00', 0x4cf, 0x3, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000000000001)
mprotect(&(0x7f0000002000/0x7000)=nil, 0x7000, 0x2)
openat$proc_self_ctl(0xffffffffffffff9c,
&(0x7f00000000c0)='/proc/self/ctl\x00', 0x1c9, 0x3, 0x0)
mprotect(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x4)
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: bf9a9ba0d6af Add panic_hwtf() for kernel faults
git tree: https://github.com/akaros/akaros.git/master
console output: https://syzkaller.appspot.com/x/log.txt?x=150d8f70400000
kernel config: https://syzkaller.appspot.com/x/.config?x=efef8cf2939304d3
dashboard link: https://syzkaller.appspot.com/bug?extid=9dc7c3b45cbde88af99d
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9dc7c3...@syzkaller.appspotmail.com
kernel panic at kern/arch/x86/trap.c:309, from core 3: Proc-ful Page Fault
in the Kernel at 0x00007f80003b5790!Proc-ful Page Fau
lHW TRAP fxfffffff0000e8cc0 on core 3
rame at 0x0fffffff0000e8cc0 on core 3
0 rax 0x00007f7fffa01200
0 3rbx 0x00000000009b38c0
b rc5x 0xffff8000044e62d0
790 rdx 0xfffffff0000e8df0
!nbuf 42, STAT_FIX_LEN_9P 4 STAT_FI9 e8dX88
_0007f80003 BIT16IT16SZ 2, GBITSZ 2, GBIT16(buf)16(buf) 0
rdi 0xffff80000218cf40
4 r8 0x0000000000000001
1 his is bad!
T000000000000
h r10 0x000010000000a4c0
r11 0x00 r11 0x0000000000000206
0 r12 0xffff80000218cf40
f r13 0xffff80000218cf40
21:01:51 executing program 5:
openat$net_ipifc_1_snoop(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ipifc/1/snoop\x00', 0x13, 0x1, 0x0)
r0 = openat$net_ether0_stats(0xffffffffffffff9c,
&(0x7f0000000100)='/net/ether0/stats\x00', 0x29d, 0x1, 0x0)
fd2path(r0, &(0x7f00000006c0)=""/120, 0x78)
openat$net_udp_0_status(0xffffffffffffff9c,
&(0x7f0000000000)='/net/udp/0/status\x00', 0x12, 0x1, 0x0)
openat$net_ether0_2_ifstats(0xffffffffffffff9c,
&(0x7f0000000080)='/net/ether0/2/ifstats\x00', 0x16, 0x1, 0x0)
21:01:51 executing program 0:
openat$proc_self_syscall(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/syscall\x00', 0x13, 0x1, 0x0)
openat$net_ether0_clone(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ether0/clone\x00', 0x12, 0x3, 0x0)
r14 0xfffffff0000e8df0
r15 0x0000000000000008
trap 0x0000000e Page Fault
gsbs 0xffffffffc8668140
fsbs 0x0000000000000000
err 0x--------00000000
rip 0xffffffffc2007019
cs 0x------------0008
flag 0x0000000000010282
rsp 0xfffffff0000e8d88
ss 0x------------0010
Backtrace of kernel context on Core 3:
#01 [<0xffffffffc2007019>] in post_ev_msg.isra.1 at src/event.c:82
#02 [< [inline] >] in post_vc_msg at src/event.c:106
#02 [<0xffffffffc2007896>] in post_vcore_event at src/event.c:489
#03 [<0xffffffffc20571c2>] in sys_self_notify at src/syscall.c:1506
#04 [<0xffffffffc20593c9>] in syscall at src/syscall.c:2528
#05 [<0xffffffffc2059584>] in run_local_syscall at src/syscall.c:2563
#06 [<0xffffffffc2059ab9>] in prep_syscalls at src/syscall.c:2583
#07 [<0xffffffffc20ab29a>] in sysenter_callwrapper at arch/x86/trap.c:851
21:01:55 executing program 4:
openat$dev_bintime(0xffffffffffffff9c,
&(0x7f0000000140)='/dev/bintime\x00', 0x5, 0x3, 0x0)
openat$proc_self_fpregs(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/fpregs\x00', 0x12, 0x1, 0x0)
21:01:55 executing program 2:
openat$net_ipifc_0_local(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ipifc/0/local\x00', 0x13, 0x1, 0x0)
openat$net_ipifc_0_err(0xffffffffffffff9c,
&(0x7f0000000100)='/net/ipifc/0/err\x00', 0x4, 0x3, 0x0)
21:01:55 executing program 3:
openat$proc_self_vmstatus(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/vmstatus\x00', 0x14, 0x1, 0x0)
openat$net_icmp_clone(0xffffffffffffff9c,
&(0x7f00000003c0)='/net/icmp/clone\x00', 0x6, 0x3, 0x0)
21:01:55 executing program 6:
openat$net_ether0_clone(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ether0/clone\x00', 0x12, 0x3, 0x0)
r0 = openat$dev_pid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pid\x00',
0x9, 0x1, 0x0)
openat(r0, &(0x7f0000000080)='./file0\x00', 0x8, 0x44, 0x0)
21:01:55 executing program 7:
r0 = fcntl$F_DUPFD(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x1)
fstat(r0, &(0x7f0000000000))
21:01:55 executing program 4:
r0 = openat$proc_self_maps(0xffffffffffffff9c,
&(0x7f0000000100)='/proc/self/maps\x00', 0x10, 0x1, 0x0)
r1 = openat$net_ipifc_1_status(0xffffffffffffff9c,
&(0x7f00000001c0)='/net/ipifc/1/status\x00', 0x14, 0x1, 0x0)
fcntl$F_DUPFD(r0, 0x0, r1, 0x0)
openat$dev_hostowner(0xffffffffffffff9c,
&(0x7f0000000080)='/dev/hostowner\x00', 0xf, 0x3, 0x0)
openat$prof_kpctl(0xffffffffffffff9c, &(0x7f0000000040)='/prof/kpctl\x00',
0xc, 0x3, 0x0)
openat$proc_self_wait(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/wait\x00', 0x10, 0x1, 0x0)
openat$net_ether0_1_type(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/ether0/1/type\x00', 0x13, 0x1, 0x0)
21:01:55 executing program 1:
r0 = openat$net_tcp_2_err(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/2/err\x00', 0xf, 0x3, 0x0)
mmap(&(0x7f0000bcc000/0x3000)=nil, 0x3000, 0x8000000a, 0x11, r0,
0xffffffffffffffff)
21:01:55 executing program 5:
r0 = openat$dev_empty(0xffffffffffffff9c,
&(0x7f0000000000)='/dev/.empty\x00', 0xc, 0x3, 0x0)
openat$net_tcp_2_err(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/tcp/2/err\x00', 0xf, 0x3, 0x0)
fd2path(r0, &(0x7f0000000180)=""/159, 0x9f)
openat$net_ether0_ifstats(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ether0/ifstats\x00', 0x14, 0x1, 0x0)
close(r0)
openat$proc_self_user(0xffffffffffffff9c,
&(0x7f0000000080)='/proc/self/user\x00', 0x10, 0x1, 0x0)
21:01:55 executing program 6:
openat$net_ipifc_0_err(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ipifc/0/err\x00', 0x11, 0x3, 0x0)
r0 = openat$net_ipifc_stats(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x8, 0x43, 0x0)
21:01:55 executing program 3:
openat$net_log(0xffffffffffffff9c, &(0x7f0000000000)='/net/log\x00', 0x9,
0x3, 0x0)
r0 = openat$dev_cputime(0xffffffffffffff9c,
&(0x7f00000000c0)='/dev/cputime\x00', 0x8, 0x1, 0x0)
openat$net_ether0_2_data(0xffffffffffffff9c,
&(0x7f0000000100)='/net/ether0/2/data\x00', 0x13, 0x3, 0x0)
fstat(r0, &(0x7f0000000140))
openat$net_log(0xffffffffffffff9c, &(0x7f0000000080)='/net/log\x00', 0x9,
0x3, 0x0)
openat$net_tcp_2_listen(0xffffffffffffff9c,
&(0x7f0000000040)='/net/tcp/2/listen\x00', 0x12, 0x3, 0x0)
21:01:55 executing program 7:
r0 = openat$net_tcp_0_local(0xffffffffffffff9c,
&(0x7f0000000140)='/net/tcp/0/local\x00', 0x49, 0x1, 0x0)
fd2path(r0, &(0x7f0000000180)=""/111, 0x6f)
21:01:56 executing program 4:
openat$proc_self_wait(0xffffffffffffff9c,
&(0x7f00000001c0)='/proc/self/wait\x00', 0xfffffffffffffc59, 0x1, 0x0)
openat$net_ether0_1_data(0xffffffffffffff9c,
&(0x7f0000000080)='/net/ether0/1/data\x00', 0xffffffffffffff9f, 0x3, 0x0)
21:01:56 executing program 5:
vmm_ctl$VMM_CTL_SET_FLAGS(0x4, 0x1)
21:01:57 executing program 3:
abort_sysc_fd(0xffffffffffffffff)
openat$net_ether0_1_data(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ether0/1/data\x00', 0x13, 0x3, 0x0)
openat$proc_self_maps(0xffffffffffffff9c,
&(0x7f0000000040)='/proc/self/maps\x00', 0x10, 0x1, 0x0)
openat$net_tcp_0_ctl(0xffffffffffffff9c,
&(0x7f0000000080)='/net/tcp/0/ctl\x00', 0xf, 0x3, 0x0)
21:01:57 executing program 1:
openat$net_ipifc_0_data(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ipifc/0/data\x00', 0x4cf, 0x3, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000000000001)
mprotect(&(0x7f0000002000/0x7000)=nil, 0x7000, 0x2)
openat$proc_self_ctl(0xffffffffffffff9c,
&(0x7f00000000c0)='/proc/self/ctl\x00', 0x1c9, 0x3, 0x0)
mprotect(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x4)
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Barret Rhoden
Jul 19, 2018, 4:24:46 PM7/19/18
to syzbot, aka...@googlegroups.com
On 2018-07-18 at 17:00 syzbot
#syz invalid
Reply all
Reply to author
Forward
0 new messages