Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

page fault in pipewrite #46

Open
dvyukov opened this issue Jul 3, 2018 · 0 comments
Open

page fault in pipewrite #46

dvyukov opened this issue Jul 3, 2018 · 0 comments

Comments

@dvyukov
Copy link
Contributor

dvyukov commented Jul 3, 2018

On commit 94fd376
kernel reliably crashes with:

/ $ HW TRAP frame at 0xfffffff000061b90 on core 0
  rax  0xffff8000044a0660
  rbx  0x000000000000000b
  rcx  0x0000000000000000
  rdx  0x000000000000000b
  rbp  0xfffffff000061c58
  rsi  0x0000000000483e33
  rdi  0xffff8000044a0660
  r8   0x0000000000000003
  r9   0x0000000000000000
  r10  0x0000000000000000
  r11  0x0000000000000202
  r12  0xffff800003ab2820
  r13  0x0000000000483e33
  r14  0x0000000000010000
  r15  0xffff8000044a0660
  trap 0x0000000e Page Fault
  gsbs 0xffffffffc82e58c0
  fsbs 0x0000000000000000
  err  0x--------00000000
  rip  0xffffffffc20536a8
  cs   0x------------0008
  flag 0x0000000000010202
  rsp  0xfffffff000061c58
  ss   0x------------0010

Backtrace of kernel context on Core 0:
#01 [<0xffffffffc20536a8>] in memcpy
#02 [<0xffffffffc203a495>] in __qwrite
#03 [<0xffffffffc207ef26>] in pipewrite
#04 [<0xffffffffc203f3c4>] in rwrite
#05 [<0xffffffffc2057ca9>] in syscall
#06 [<0xffffffffc2057e64>] in run_local_syscall
#07 [<0xffffffffc20a957a>] in sysenter_callwrapper
kernel panic at kern/arch/x86/trap.c:311, from core 0: Proc-ful Page Fault in the Kernel at 0x0000000000483e33!
Entering Nanwan's Dungeon on Core 0 (Ints off):
Type 'help' for a list of commands.

Repro instructions:
checkout https://github.com/dvyukov/syzkaller.git dvyukov-akaros-pipe-crash branch into $GOPATH/src/github.com/google/syzkaller
Run:
make execprog
make TARGETOS=akaros SOURCEDIR=/path/to/akaros/toolchain executor
/path/to/akaros/toolchain is the dir containing x86_64-ucb-akaros-gcc
scp bin/akaros_amd64/syz-executor to the akaros VM
create /tmp/simple file with a single line openat(0xffffffffffffff9c, &(0x7f0000000500)='file1\x00', 0x10002, 0x1a0)
finally run:
bin/linux_amd64/syz-execprog -os=akaros -debug -threaded=1 -executor "/usr/bin/ssh -p 5555 -i id_rsa.akaros -o IdentitiesOnly=yes -v root@localhost /syz-executor" /tmp/simple

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant