syzbot

 sign-in | mailing list | source | docs
🐞 Open [54]
🐞 Fixed [320]
🐞 Invalid [362]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

Fatal trap 18: integer divide fault in kern_fcntl

Status: fixed on 2019/10/02 23:07
Reported-by: syzbot+e4b682208761aa5bc53a@syzkaller.appspotmail.com
Fix commit: 4a7b33ecf4d8 Disallow fcntl(F_READAHEAD) when the vnode is not a regular file.
First crash: 1923d, last: 1896d

Sample crash report:
Fatal trap 18: integer divide fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer	= 0x20:0xffffffff80fd5f90
stack pointer	        = 0x28:0xfffffe001f8e0850
frame pointer	        = 0x28:0xfffffe001f8e08f0
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 30814 (syz-executor.0)
trap number		= 18
panic: integer divide fault
cpuid = 0
time = 1566226220
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe001f8e0520
vpanic() at vpanic+0x1e0/frame 0xfffffe001f8e0580
panic() at panic+0x43/frame 0xfffffe001f8e05e0
trap_fatal() at trap_fatal+0x4de/frame 0xfffffe001f8e0660
trap() at trap+0xba/frame 0xfffffe001f8e0780
calltrap() at calltrap+0x8/frame 0xfffffe001f8e0780
--- trap 0x12, rip = 0xffffffff80fd5f90, rsp = 0xfffffe001f8e0850, rbp = 0xfffffe001f8e08f0 ---
kern_fcntl() at kern_fcntl+0xa30/frame 0xfffffe001f8e08f0
kern_fcntl_freebsd() at kern_fcntl_freebsd+0x14f/frame 0xfffffe001f8e0980
amd64_syscall() at amd64_syscall+0x479/frame 0xfffffe001f8e0ab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe001f8e0ab0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x41328a, rsp = 0x7fffdfffdf38, rbp = 0x3 ---
KDB: enter: panic
[ thread pid 30814 tid 100945 ]
Stopped at      kdb_enter+0x6a: movq    $0,kdb_why

Crashes (22):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/08/19 14:50 freebsd 20a19e32a496 b8ceabfc console log report ci-freebsd-main
2019/09/14 23:44 freebsd b01bd2e8d6dd 32d59357 console log report ci-freebsd-i386
2019/09/05 19:45 freebsd 4266fa42d0f7 bf6bcce4 console log report ci-freebsd-i386
2019/09/03 10:23 freebsd 286ae5bd6b5d 14544a56 console log report ci-freebsd-i386
2019/08/29 20:44 freebsd e1c624c9b690 cd626f3b console log report ci-freebsd-i386
2019/08/29 09:58 freebsd c17eb3d289cd 40203c15 console log report ci-freebsd-i386
2019/08/28 18:48 freebsd 76040af02052 1eb076e9 console log report ci-freebsd-i386
2019/08/28 16:14 freebsd 76040af02052 1eb076e9 console log report ci-freebsd-i386
2019/08/27 20:40 freebsd 1f20b99485aa d21c5d9d console log report ci-freebsd-i386
2019/08/26 02:57 freebsd 2e66408a6708 d21c5d9d console log report ci-freebsd-i386
2019/08/25 18:48 freebsd 6c54dfdc8e30 d21c5d9d console log report ci-freebsd-i386
2019/08/25 05:35 freebsd 4e8090e4b586 d21c5d9d console log report ci-freebsd-i386
2019/08/24 11:16 freebsd 7ed91a6e6f69 78ded196 console log report ci-freebsd-i386
2019/08/24 01:00 freebsd dd5c45df1fbf 78ded196 console log report ci-freebsd-i386
2019/08/24 00:11 freebsd dd5c45df1fbf 78ded196 console log report ci-freebsd-i386
2019/08/23 17:55 freebsd dd5c45df1fbf 78ded196 console log report ci-freebsd-i386
2019/08/23 00:49 freebsd 48c02702bb4b 0ab81da2 console log report ci-freebsd-i386
2019/08/22 22:34 freebsd 48c02702bb4b 0ab81da2 console log report ci-freebsd-i386
2019/08/22 17:41 freebsd 48c02702bb4b 0ab81da2 console log report ci-freebsd-i386
2019/08/21 09:30 freebsd 17d1470975a0 4ea67ff8 console log report ci-freebsd-i386
2019/08/20 04:57 freebsd 20a19e32a496 ae348fb7 console log report ci-freebsd-i386
2019/08/19 16:15 freebsd 20a19e32a496 b8ceabfc console log report ci-freebsd-i386
* Struck through repros no longer work on HEAD.