kernel panic: Got a walk from a symlink that wasn't ..! (2)

5 views
Skip to first unread message

syzbot

unread,
Nov 11, 2020, 7:51:18 AM11/11/20
to aka...@googlegroups.com
Hello,

syzbot found the following issue on:

HEAD commit: d8b15e15 tests/linux: use Akaros's CFLAGS
git tree: akaros
console output: https://syzkaller.appspot.com/x/log.txt?x=11d20d76500000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b018fab5edd31b3
dashboard link: https://syzkaller.appspot.com/bug?extid=699d00e9fd2b82c15de7

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+699d00...@syzkaller.appspotmail.com

kernel panic at kern/src/ns/chan.c:786, from core 1: Got a walk from a symlink that wasn't ..!
Stack Backtrace on Core 1:
#01 [<0xffffffffc200aa6c>] in backtrace at src/kdebug.c:235
#02 [<0xffffffffc200a205>] in _panic at src/init.c:275
#03 [<0xffffffffc2033ec9>] in walk at src/ns/chan.c:786
#04 [<0xffffffffc20344f8>] in __namec_from at src/ns/chan.c:1319
#05 [<0xffffffffc2034c43>] in namec at src/ns/chan.c:1530
#06 [<0xffffffffc203e28c>] in syssymlink at src/ns/sysfile.c:472
#07 [<0xffffffffc2056bf2>] in sys_symlink at src/syscall.c:2036
#08 [<0xffffffffc205a249>] in syscall at src/syscall.c:2582
#09 [<0xffffffffc205add8>] in run_local_syscall at src/syscall.c:2619
#10 [<0xffffffffc205b319>] in prep_syscalls at src/syscall.c:2639
#11 [<0xffffffffc20b7a92>] in sysenter_callwrapper at arch/x86/trap.c:932
12:50:42 executing program 0:
r0 = openat$net_ipifc_1_local(0xffffffffffffff9c, &(0x7f0000000300)='/net/ipifc/1/local\x00', 0x13, 0x1, 0x0)
r1 = openat$net_tcp_0_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/net/tcp/0/ctl\x00', 0xffffffffffffffca, 0x3, 0x0)
fcntl$F_DUPFD(r0, 0x0, r1, 0x0)
r2 = openat$prof_kprintx(0xffffffffffffff9c, &(0x7f0000000000)='/prof/kprintx\x00', 0xe, 0x3, 0x0)
r3 = openat$net_ipifc_1_data(0xffffffffffffff9c, &(0x7f00000001c0)='/net/ipifc/1/data\x00', 0x12, 0x3, 0x0)
fcntl$F_DUPFD(r2, 0x0, r3, 0x0)
close(r2)
openat$net_udp_0_err(0xffffffffffffff9c, &(0x7f0000000040)='/net/udp/0/err\x00', 0xf, 0x3, 0x0)
openat$net_iprouter(0xffffffffffffff9c, &(0x7f0000000100)='/net/iprouter\x00', 0xe, 0x3, 0x0)
r4 = openat$prof_empty(0xffffffffffffff9c, &(0x7f00000000c0)='/prof/.empty\x00', 0xd, 0x3, 0x0)
fcntl$F_DUPFD(0xffffffffffffff9c, 0x0, r4, 0x0)
12:50:47 executing program 0:
r0 = openat$net_tcp_1_listen(0xffffffffffffff9c, &(0x7f0000000000)='/net/tcp/1/listen\x00', 0x12, 0x3, 0x0)
openat$proc_self_fd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/fd\x00', 0xe, 0x1, 0x0)
r1 = openat$proc_self_user(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/user\x00', 0x10, 0x1, 0x0)
r2 = openat$dev_pgrpid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/pgrpid\x00', 0xc, 0x1, 0x0)
fcntl$F_DUPFD(r1, 0x0, r2, 0x1)
r3 = openat$net_tcp_2_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/net/tcp/2/ctl\x00', 0xf, 0x3, 0x0)
openat$net_tcp_0_listen(0xffffffffffffff9c, &(0x7f0000000140)='/net/tcp/0/listen\x00', 0x12, 0x3, 0x0)
r4 = openat$net_ether0_clone(0xffffffffffffff9c, &(0x7f0000000180)='/net/ether0/clone\x00', 0x12, 0x3, 0x0)
abort_sysc_fd(r4)
openat$net_udp_0_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/net/udp/0/ctl\x00', 0xf, 0x3, 0x0)
openat$net_tcp_1_local(0xffffffffffffff9c, &(0x7f0000000200)='/net/tcp/1/local\x00', 0x11, 0x1, 0x0)
openat$dev_stderr(0xffffffffffffff9c, &(0x7f0000000240)='/dev/stderr\x00', 0xc, 0x3, 0x0)
openat$net_tcp_2_remote(0xffffffffffffff9c, &(0x7f0000000280)='/net/tcp/2/remote\x00', 0x12, 0x1, 0x0)
openat$net_icmp_stats(0xffffffffffffff9c, &(0x7f00000002c0)='/net/icmp/stats\x00', 0x10, 0x1, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000004, 0x1010, r0, 0x8)
openat$net_icmpv6_clone(0xffffffffffffff9c, &(0x7f0000000300)='/net/icmpv6/clone\x00', 0x12, 0x3, 0x0)
openat$proc_self_wait(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/wait\x00', 0x10, 0x1, 0x0)
vc_entry()
close(r3)
openat$net_tcp_1_status(0xffffffffffffff9c, &(0x7f0000000380)='/net/tcp/1/status\x00', 0x12, 0x1, 0x0)


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,
Mar 11, 2021, 7:51:14 AMMar 11
to aka...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages