syzbot

 sign-in | mailing list | source | docs
🐞 Open [126] 🐞 Fixed [269] 🐞 Invalid [575] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

uvm_fault: ip_pcbopts

Status: fixed on 2018/12/04 18:27
Reported-by: syzbot+139ac2d7d3d60162334b@syzkaller.appspotmail.com
Fix commit: In PRU_DISCONNECT don't fall through into PRU_ABORT since the latter frees
First crash: 1967d, last: 1963d

Sample crash report:
login: uvm_fault(0xffffff007f12b948, 0xd0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at      ip_pcbopts+0x19:        movq    0(%r14),%rdi
ddb> 
ddb> set $lines = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffff007f12b948, 0xd0, 0, 1) -> e
ip_pcbopts(ffffff006e6fb488,0) at ip_pcbopts+0x19
end trace frame: 0xffff8000210fade0, count: 0
ddb> trace
ip_pcbopts(ffffff006e6fb488,0) at ip_pcbopts+0x19
sosetopt(ffffff006e4851e8,ffff8000210c2010,0,ffffff006e6fb488) at sosetopt+0xbfsys_setsockopt(ffff8000210faf00,ffff8000210c2010,ffff8000210a5fd8) at sys_setsockopt+0x1aa
syscall(0) at syscall+0x3e4
Xsyscall(6,0,0,0,1,7f7ffffd86c8) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd8680, count: -5
ddb> show registers
rdi                             0xd0
rsi                                0
rbp               0xffff8000210fad90
rbx               0xffffffff81041fb0    rip_ctloutput
rdx                                0
rcx                              0x1
rax                                0
r8                                 0
r9                                 0
r10                                0
r11               0xffffffff81041fb0    rip_ctloutput
r12                              0x1
r13                                0
r14                             0xd0
r15                                0
rip               0xffffffff81410a79    ip_pcbopts+0x19
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff8000210fad60
ss                              0x10
ip_pcbopts+0x19:        movq    0(%r14),%rdi
ddb> show proc
PROC (syz-executor0982) pid=246218 stat=onproc
    flags process=2<EXEC> proc=0
    pri=50, usrpri=50, nice=20
    forw=0xffffffffffffffff, list=0xffff8000210c2268,0xffffffff81eafff0
    process=0xffff8000210a5fd8 user=0xffff8000210f5000, vmspace=0xffffff007f12b948
    estcpu=0, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
*93869  246218  74417      0  7         0x2                syz-executor0982
 74417  221300  53905      0  3    0x10008a  pause         ksh
 53905   62215  57600      0  3        0x92  select        sshd
 39356  508814      1      0  3    0x100083  ttyin         getty
 57600  169773      1      0  3        0x80  select        sshd
   676  299003  55282     73  2    0x100090                syslogd
 55282  197277      1      0  3    0x100082  netio         syslogd
 76968  157695      1     77  3    0x100090  poll          dhclient
 36313  372561      1      0  3        0x80  poll          dhclient
 87206   31724      0      0  2     0x14200                zerothread
 42189  155538      0      0  3     0x14200  aiodoned      aiodoned
 54161  202547      0      0  3     0x14200  syncer        update
 86651  322640      0      0  3     0x14200  cleaner       cleaner
 76129   74362      0      0  3     0x14200  reaper        reaper
 55072  169182      0      0  3     0x14200  pgdaemon      pagedaemon
 57347   22759      0      0  3     0x14200  bored         crynlk
  6643  440773      0      0  3     0x14200  bored         crypto
 78910  118818      0      0  3  0x40014200  acpi0         acpi0
  6554   67769      0      0  3     0x14200  bored         softnet
     9  362753      0      0  3     0x14200  bored         systqmp
 16896  126092      0      0  3     0x14200  bored         systq
 20463   97100      0      0  3  0x40014200  bored         softclock
  1010  377392      0      0  3  0x40014200                idle0
     1   38535      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb>

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/12/02 17:24 openbsd cedc02c7d74b 28e157f1 console log report syz C ci-openbsd-main
2018/12/04 12:11 openbsd f939acc2595a 03f94a45 console log report ci-openbsd-main
2018/12/04 09:39 openbsd f939acc2595a 03f94a45 console log report ci-openbsd-main
2018/12/03 12:42 openbsd 87d30890b5c0 7dcaeaf3 console log report ci-openbsd-main
2018/12/02 17:06 openbsd cedc02c7d74b 28e157f1 console log report ci-openbsd-main
2018/11/30 21:17 openbsd d93678d71f23 ade12e91 console log report ci-openbsd-main
* Struck through repros no longer work on HEAD.