syzbot

 sign-in | mailing list | source | docs
🐞 Open [51] 🐞 Fixed [315] 🐞 Invalid [326] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

panic: m_getm2: len is < 0

Status: fixed on 2019/09/24 14:06
Reported-by: syzbot+307f167f9bc214f095bc@syzkaller.appspotmail.com
Fix commit: 2ef5bd2f0c46 Limit the number of bytes which can be queued for SCTP sockets. This is joint work with rrs@. Reported by: syzbot+307f167f9bc214f095bc@syzkaller.appspotmail.com MFC after: 1 week
First crash: 1867d, last: 1862d

Sample crash report:
login: panic: m_getm2: len is < 0
cpuid = 0
time = 1553249927
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe002127c300
vpanic() at vpanic+0x1e0/frame 0xfffffe002127c360
panic() at panic+0x43/frame 0xfffffe002127c3c0
m_getm2() at m_getm2+0x478/frame 0xfffffe002127c430
m_uiotombuf() at m_uiotombuf+0xb5/frame 0xfffffe002127c490
sctp_lower_sosend() at sctp_lower_sosend+0x5099/frame 0xfffffe002127c670
sctp_sosend() at sctp_sosend+0x510/frame 0xfffffe002127c7a0
sosend() at sosend+0xc6/frame 0xfffffe002127c810
kern_sendit() at kern_sendit+0x35e/frame 0xfffffe002127c8c0
sendit() at sendit+0x226/frame 0xfffffe002127c920
sys_sendto() at sys_sendto+0x5c/frame 0xfffffe002127c980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe002127cab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe002127cab0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x412e7a, rsp = 0x7fffdffdcf38, rbp = 0x6 ---
KDB: enter: panic
[ thread pid 788 tid 100118 ]
Stopped at      kdb_enter+0x6a: movq    $0,kdb_why

Crashes (13):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/03/22 10:28 freebsd 434f008798f2 dce6e62f console log report syz ci-freebsd-main
2019/03/20 10:58 freebsd 90d8cba8606b 2458c1c6 console log report syz ci-freebsd-main
2019/03/20 06:56 freebsd 90d8cba8606b 2458c1c6 console log report syz ci-freebsd-main
2019/03/18 03:43 freebsd 8b17fbc25c73 f8757044 console log report syz ci-freebsd-main
2019/03/17 10:48 freebsd 310a121be6b8 bab43553 console log report syz ci-freebsd-main
2019/03/17 06:04 freebsd 310a121be6b8 bab43553 console log report syz ci-freebsd-main
2019/03/22 10:10 freebsd 434f008798f2 dce6e62f console log report ci-freebsd-main
2019/03/20 10:42 freebsd 90d8cba8606b 2458c1c6 console log report ci-freebsd-main
2019/03/20 06:41 freebsd 90d8cba8606b 2458c1c6 console log report ci-freebsd-main
2019/03/18 03:25 freebsd 8b17fbc25c73 f8757044 console log report ci-freebsd-main
2019/03/17 10:50 freebsd 310a121be6b8 bab43553 console log report ci-freebsd-main
2019/03/17 10:31 freebsd 310a121be6b8 bab43553 console log report ci-freebsd-main
2019/03/17 05:47 freebsd 310a121be6b8 bab43553 console log report ci-freebsd-main
* Struck through repros no longer work on HEAD.