kernel panic: Proc-ful Page Fault in thPe Kernel at ADDR!?a

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit: 9196d29ad275 qio: Fix Qmsg panic in read_all_blocks()
git tree: https://github.com/akaros/akaros.git/master
console output: https://syzkaller.appspot.com/x/log.txt?x=179be1c2400000
kernel config: https://syzkaller.appspot.com/x/.config?x=efef8cf2939304d3
dashboard link: https://syzkaller.appspot.com/bug?extid=c0454687b2027dc4f7c9
compiler:

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c04546...@syzkaller.appspotmail.com

kernel panic at kern/arch/x86/trap.c:312, from core 1: Proc-ful Page Fault
in thPe Kernel at 0x000000000000001b!��?a
�HW TRAP fra��me at 0xfffffff00010cd30 on core 1
J
�C rax 0x00000000;0W�G)��E[0֪ Nj *� � �0Gѣ0��Qg ���0000
� rbx 0xffY#ff8��@ P��00014e �6b7e�k0�
� rcx 0xfffffff00010cea0
& rdx 0xfffffff00010cd6c
rbp 0xfffffff00010ce38
o rs(�i 0x0000000000000000
rdi 0xfffffff` B�o�$�J�=|�t]7 �=�� �y�0��00�e10cea0
� r8 0��,x0000000000000001
J r9 0xffffffffc8790880
� r10 �~ d�1 0x0000000000000030
q r11 0xffff800014e697a0
(�v.u ^�1��0M�P]���he�?R� )w r12 0xffff800014a91d00
�� � r13 0x00000000200000c0
� r174 0x000�00000000�000�73�
� r15 0x000000000000@0004
� trap 0x0000000e �� Page Fault
� gsbs 0xffffffffc86F67c�40
fsbs 0x000000�0000000000
err 0x---�-----00000000
0 rip 0xffffffffc2058424
� 7� �cs 0x---------t---00408
� f lagO� U0x�00000�00000010246
15:24:21 executing program 3:
openat$net_iprouter(0xffffffffffffff9c,
&(0x7f0000000040)='/net/iprouter\x00', 0xe, 0x3, 0x0)
abort_sysc_fd(0xffffffffffffffff)
P�)��� � -�m�~�R���*���!� �$�= T ��F ����t � An;J ' y yG�y.Q�K<� rsp
0xfffffff00010cdf8
ss 0x------------0010
Backtrace of kernel context on Core 1:
#01 [<0xffffffffc2058424>] in sys_readlink at src/syscall.c:2037
#02 [<0xffffffffc2059439>] in syscall at src/syscall.c:2528
#03 [<0xffffffffc2059604>] in run_local_syscall at src/syscall.c:2563
#04 [<0xffffffffc2059b39>] in prep_syscalls at src/syscall.c:2583
#05 [<0xffffffffc20ab38a>] in sysenter_callwrapper at arch/x86/trap.c:854
kernel warning at kern/src/ns/convM2D.c:52, from core 3: nbuf 0,
STAT_FIX_LEN_9P 49 BIT16SZ 2, GBIT16(buf) 0
15:24:22 executing program 2:
r0 = openat$net_ipifc_1_local(0xffffffffffffff9c,
&(0x7f0000000100)='/net/ipifc/1/local\x00', 0xffffffcf, 0x1, 0x0)
fcntl$F_GETFL(r0, 0x3)
openat$net_udp_0_err(0xffffffffffffff9c,
&(0x7f0000000040)='/net/udp/0/err\x00', 0xf, 0x3, 0x0)
openat$dev_stdin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/stdin\x00',
0xb, 0x3, 0x0)
15:24:24 executing program 7:
r0 = openat$proc_self_user(0xffffffffffffff9c,
&(0x7f00000003c0)='/proc/self/user\x00', 0x10, 0x1, 0x0)
fd2path(r0, &(0x7f0000000040)=""/59, 0x3b)
openat$net_tcp_1_err(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/1/err\x00', 0xf, 0x3, 0x0)
15:24:25 executing program 5:
openat$dev_config(0xffffffffffffff9c, &(0x7f0000000140)='/dev/config\x00',
0xc, 0x1, 0x0)
openat$net_ipifc_0_ctl(0xffffffffffffff9c,
&(0x7f0000000040)='/net/ipifc/0/ctl\x00', 0xfffffffffffffeb3, 0x3, 0x0)
openat$net_tcp_0_listen(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/0/listen\x00', 0x10, 0x3, 0x0)
openat$dev_bintime(0xffffffffffffff9c,
&(0x7f0000000080)='/dev/bintime\x00', 0xd, 0x3, 0x0)
15:24:25 executing program 1:
mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1ffffff)
openat$net_ether0_1_type(0xffffffffffffff9c,
&(0x7f0000000100)='/net/ether0/1/type\x00', 0x13, 0x1, 0x0)
openat$prof_kprintx(0xffffffffffffff9c,
&(0x7f0000000080)='/prof/kprintx\x00', 0xe, 0x3, 0x0)
openat$dev_zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0xa,
0x1, 0x0)
openat$net_ipifc_1_listen(0xffffffffffffff9c,
&(0x7f00000000c0)='/net/ipifc/1/listen\x00', 0x14, 0x3, 0x0)
openat$proc_self_wait(0xffffffffffffff9c,
&(0x7f0000000000)='/proc/self/wait\x00', 0x10, 0x1, 0x0)
openat$net_tcp_2_ctl(0xffffffffffffff9c,
&(0x7f0000000180)='/net/tcp/2/ctl\x00', 0xf, 0x3, 0x0)
openat$dev_time(0xffffffffffffff9c, &(0x7f0000000040)='/dev/time\x00', 0xa,
0x3, 0x0)
15:24:25 executing program 6:
r0 = openat$net_ether0_1_ifstats(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ether0/1/ifstats\x00', 0x16, 0x1, 0x0)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12032, r0, 0x0)
openat$dev_sysname(0xffffffffffffff9c,
&(0x7f0000000040)='/dev/sysname\x00', 0xd, 0x3, 0x0)
15:24:25 executing program 4:
openat$net_tcp_2_local(0xffffffffffffff9c,
&(0x7f0000000000)='/net/tcp/2/local\x00', 0xffffffffffffffa1, 0x1, 0x0)
r0 = openat$net_tcp_0_listen(0xffffffffffffff9c,
&(0x7f0000000040)='/net/tcp/0/listen\x00', 0x12, 0x3, 0x0)
fd2path(r0, &(0x7f0000001400)=""/4096, 0x27)
15:24:26 executing program 0:
openat$dev_osversion(0xffffffffffffff9c,
&(0x7f0000000180)='/dev/osversion\x00', 0x19f07d031a718058, 0x1, 0x0)
vmm_ctl$VMM_CTL_GET_EXITS(0x1)
openat$dev_osversion(0xffffffffffffff9c,
&(0x7f0000000100)='/dev/osversion\x00', 0xfffffcbf, 0x1, 0x0)
openat$net_ipifc_0_err(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ipifc/0/err\x00', 0x11, 0x3, 0x0)
15:24:27 executing program 3:
openat$net_iproute(0xffffffffffffff9c,
&(0x7f0000000200)='/net/iproute\x00', 0xffffffffffffff11, 0x3, 0x0)
openat$net_ether0_stats(0xffffffffffffff9c,
&(0x7f0000000000)='/net/ether0/stats\x00', 0x12, 0x1, 0x0)
openat$net_udp_0_data(0xffffffffffffff9c,
&(0x7f0000000040)='/net/udp/0/data\x00', 0x10, 0x3, 0x0)
15:24:28 executing program 2:
r0 = openat$net_tcp_2_status(0xffffffffffffff9c,
&(0x7f0000000040)='/net/tcp/2/status\x00', 0x12, 0x1, 0x0)
r1 = openat$dev_empty(0xffffffffffffff9c,
&(0x7f0000000000)='/dev/.empty\x00', 0xc, 0x3, 0x0)
fcntl$F_DUPFD(r0, 0x0, r1, 0x0)


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.

[syzbot]

Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.