syzbot

 sign-in | mailing list | source | docs
🐞 Open [132] 🐞 Fixed [269] 🐞 Invalid [576] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

uvm_fault: VOP_ACCESS

Status: fixed on 2019/01/23 09:39
Reported-by: syzbot+cc59412ed8429450a1ae@syzkaller.appspotmail.com
Fix commit: namei can return a null dvp on success. check this before access.
First crash: 1961d, last: 1919d
Duplicate bugs (1)
duplicates (1):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
kernel: page fault trap, code=0 5 1919d 1960d 0/3 closed as dup on 2018/12/12 17:51

Sample crash report:
uvm_fault(0xfffffd803f014318, 0x8, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at      VOP_ACCESS+0x4a:        movq    0x8(%r13),%rax
ddb> 
ddb> set $lines = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd803f014318, 0x8, 0, 1) -> e
VOP_ACCESS(a48a170b574295bc,d,ffff800014956280,ffff800014a30df0) at VOP_ACCESS+0x4a sys/kern/vfs_vops.c:189
end trace frame: 0xffff800014a30d00, count: 0
ddb> trace
VOP_ACCESS(a48a170b574295bc,d,ffff800014956280,ffff800014a30df0) at VOP_ACCESS+0x4a sys/kern/vfs_vops.c:189
sys_unveil(3b32ff32b6bb4771,10,ffff800014956280) at sys_unveil+0x317 sys/kern/vfs_syscalls.c:925
syscall(28edf18940eaa5b2) at syscall+0x528
Xsyscall(6,0,8,0,2,ad564688010) at Xsyscall+0x128
end of kernel
end trace frame: 0xad7dbc7a410, count: -4
ddb> show registers
rdi               0xffffffff8109823a    VOP_ACCESS+0x3a
rsi                             0x84
rbp               0xffff800014a307e0
rbx                             0x2f
rdx                             0x85
rcx               0xffff800001738000
rax               0xffff800001738000
r8                              0x40
r9                0xfffffd803f7c7a80
r10               0xc4cd00cd37ef9019
r11               0xef8a1a02a19a200f
r12                            0x100
r13                                0
r14               0xffff800014956280
r15               0xfffffd803f7c7a80
rip               0xffffffff8109824a    VOP_ACCESS+0x4a
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff800014a30790
ss                              0x10
VOP_ACCESS+0x4a:        movq    0x8(%r13),%rax
ddb> show proc
PROC (syz-executor1) pid=423164 stat=onproc
    flags process=10<SUGID> proc=4000000<THREAD>
    pri=86, usrpri=86, nice=20
    forw=0xffffffffffffffff, list=0xffff800014956988,0xffffffff8221ec38
    process=0xffff8000149b2368 user=0xffff800014a2b000, vmspace=0xfffffd803f014318
    estcpu=36, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 20962  511129   8709  60929  2        0x10                syz-executor1
*20962  423164   8709  60929  7   0x4000010                syz-executor1
  8709  142092  67240      0  2       0x482                syz-executor1
 28807   70516  67240      0  2         0x2                syz-executor0
 19669   99214      1      0  3    0x100083  ttyopn        getty
  8357   43209      0      0  3     0x14200  bored         sosplice
 67240  199449  30955      0  3        0x82  thrsleep      syz-fuzzer
 67240   34449  30955      0  2   0x4000482                syz-fuzzer
 67240  170510  30955      0  3   0x4000082  thrsleep      syz-fuzzer
 67240  188257  30955      0  3   0x4000082  thrsleep      syz-fuzzer
 67240  488281  30955      0  3   0x4000082  kqread        syz-fuzzer
 67240  429858  30955      0  3   0x4000082  thrsleep      syz-fuzzer
 67240  239876  30955      0  3   0x4000082  thrsleep      syz-fuzzer
 67240  323316  30955      0  3   0x4000082  thrsleep      syz-fuzzer
 30955  170274  12481      0  3    0x10008a  pause         ksh
 12481   69948  40894      0  3        0x92  select        sshd
 40894  365632      1      0  3        0x80  select        sshd
 48135  480654  12791     73  2    0x100090                syslogd
 12791  356035      1      0  3    0x100082  netio         syslogd
 23768  490190      1     77  3    0x100090  poll          dhclient
 13023  110824      1      0  3        0x80  poll          dhclient
 96171  132008      0      0  2     0x14200                zerothread
 14681  470283      0      0  3     0x14200  aiodoned      aiodoned
  8745   37689      0      0  3     0x14200  syncer        update
 56049  337875      0      0  3     0x14200  cleaner       cleaner
 58541  195947      0      0  3     0x14200  reaper        reaper
 93492   68985      0      0  3     0x14200  pgdaemon      pagedaemon
 62595  186046      0      0  3     0x14200  bored         crynlk
 35623  263944      0      0  3     0x14200  bored         crypto
 48553  512425      0      0  3  0x40014200  acpi0         acpi0
 42604  461583      0      0  3     0x14200  bored         softnet
 92254  333993      0      0  3     0x14200  bored         systqmp
 84638  158700      0      0  3     0x14200  bored         systq
  5329  482377      0      0  3  0x40014200  bored         softclock
 84665  435405      0      0  3  0x40014200                idle0
     1   70421      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper

Crashes (393):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/01/23 09:05 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-main
2019/01/23 08:05 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-main
2019/01/23 06:58 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-multicore
2019/01/23 05:46 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-main
2019/01/23 04:39 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-main
2019/01/23 04:21 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-multicore
2019/01/23 03:16 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-multicore
2019/01/23 01:57 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-main
2019/01/23 01:06 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-multicore
2019/01/23 00:03 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-main
2019/01/22 23:36 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-main
2019/01/22 22:26 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 21:25 openbsd a6994fd1ceb5 fd37a550 .config console log report ci-openbsd-main
2019/01/22 20:03 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-main
2019/01/22 19:47 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-main
2019/01/22 18:46 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 18:37 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-main
2019/01/22 17:37 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 16:58 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-main
2019/01/22 15:57 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 15:41 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 14:38 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 14:07 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-main
2019/01/22 13:06 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 13:00 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 11:58 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-main
2019/01/22 10:51 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 10:13 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 09:13 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 08:57 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-main
2019/01/22 07:37 openbsd 8de5712f0412 fd37a550 .config console log report ci-openbsd-main
2019/01/22 06:33 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 05:59 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 04:55 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 04:47 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 03:32 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 02:46 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 01:44 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 01:16 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-multicore
2019/01/22 00:15 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-main
2019/01/21 23:45 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-main
2019/01/21 22:42 openbsd 202907923950 fd37a550 .config console log report ci-openbsd-main
2018/12/11 15:52 https://github.com/blackgnezdo/src.git anton-kcov-dec8 2829727f0d0a 01a271f5 .config console log report ci-openbsd-multicore
* Struck through repros no longer work on HEAD.