syzbot

 sign-in | mailing list | source | docs
🐞 Open [82]
🐞 Fixed [276]
🐞 Invalid [847]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

uvm_fault: sogetopt

Status: fixed on 2018/12/04 18:27
Reported-by: syzbot+2cd350dfe5c96f6469f2@syzkaller.appspotmail.com
Fix commit: In PRU_DISCONNECT don't fall through into PRU_ABORT since the latter frees
First crash: 2268d, last: 2268d

Sample crash report:
uvm_fault(0xffffff007f12b948, 0x48, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at      sogetopt+0x3ae: testb   $0x1,0x48(%r15)
ddb> 
ddb> set $lines = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffff007f12b948, 0x48, 0, 1) -> e
sogetopt(ffffff006e490170,ffff8000210c2e20,ffffff006e705788,ffff8000210fa328) at sogetopt+0x3ae
end trace frame: 0xffff8000210fa2d0, count: 0
ddb> trace
sogetopt(ffffff006e490170,ffff8000210c2e20,ffffff006e705788,ffff8000210fa328) at sogetopt+0x3ae
sys_getsockopt(ffff8000210fa3b0,ffff8000210c2e20,ffff8000210a5010) at sys_getsockopt+0x13c
syscall(0) at syscall+0x3e4
Xsyscall(6,0,0,0,1,7f7ffffbebc8) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffbeb80, count: -4
ddb> show registers
rdi               0xffffffff81e1ac30    netlock
rsi                           0xffff    __ALIGN_SIZE+0xefff
rbp               0xffff8000210fa270
rbx               0xffffff006d91ab00
rdx                           0x1022    __ALIGN_SIZE+0x22
rcx                              0x1
rax                              0x1
r8                0xffffff006d91ab00
r9                                 0
r10               0x8b6ea16accbec4a8
r11               0xffffffff8186f430    pool_lock_mtx_leave
r12                           0x1022    __ALIGN_SIZE+0x22
r13                           0xffff    __ALIGN_SIZE+0xefff
r14               0xffffff006d91ab00
r15                                0
rip               0xffffffff81a25ffe    sogetopt+0x3ae
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff8000210fa250
ss                              0x10
sogetopt+0x3ae: testb   $0x1,0x48(%r15)
ddb> show proc
PROC (syz-executor9364) pid=384203 stat=onproc
    flags process=2<EXEC> proc=0
    pri=51, usrpri=51, nice=20
    forw=0xffffffffffffffff, list=0xffff8000210c3078,0xffffffff81e956a0
    process=0xffff8000210a5010 user=0xffff8000210f5000, vmspace=0xffffff007f12b948
    estcpu=1, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
*56471  384203  74318      0  7         0x2                syz-executor9364
 74318  452817  71580      0  3    0x10008a  pause         ksh
 71580  260478  44287      0  3        0x92  select        sshd
  3879  246509      1      0  3    0x100083  ttyin         getty
 44287  510322      1      0  3        0x80  select        sshd
 21790  384146  60926     73  2    0x100090                syslogd
 60926  492157      1      0  3    0x100082  netio         syslogd
 32316  148290      1     77  3    0x100090  poll          dhclient
 21967  349865      1      0  3        0x80  poll          dhclient
 21334  313344      0      0  2     0x14200                zerothread
 55762  353713      0      0  3     0x14200  aiodoned      aiodoned
 35012  278323      0      0  3     0x14200  syncer        update
 10409   32443      0      0  3     0x14200  cleaner       cleaner
 58435   46163      0      0  3     0x14200  reaper        reaper
 70989  150172      0      0  3     0x14200  pgdaemon      pagedaemon
 25990  343055      0      0  3     0x14200  bored         crynlk
 33981  120958      0      0  3     0x14200  bored         crypto
 36834  151323      0      0  3  0x40014200  acpi0         acpi0
  3014  500201      0      0  3     0x14200  bored         softnet
   565  511338      0      0  3     0x14200  bored         systqmp
 95081  211626      0      0  3     0x14200  bored         systq
 32606  177822      0      0  3  0x40014200  bored         softclock
 71050  236547      0      0  3  0x40014200                idle0
     1  274328      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb>

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/12/01 18:38 openbsd 3f7c3e6a6fe6 28e157f1 console log report syz C ci-openbsd-main
2018/12/01 18:20 openbsd 3f7c3e6a6fe6 28e157f1 console log report ci-openbsd-main
* Struck through repros no longer work on HEAD.