syzbot


panic: kernel diagnostic assertion "M_DATABUF(m) + M_SIZE(m) >= (m->m_data + m->m_len)" failed: file "/syzkaller/manager
Status: fixed on 2018/12/19 08:48
Reported-by: syzbot+6cf507dd6e63d45e55a3@syzkaller.appspotmail.com
Fix commit: 49729d6e In PRU_DISCONNECT don't fall through into PRU_ABORT since the latter frees the inpcb apart from the disconnect. Just call soisdisconnected() and clear the inp->inp_faddr since the socket is still valid after a disconnect. Problem found by syzkaller via Greg Steuck OK visa@ Fixes: Reported-by: syzbot+2cd350dfe5c96f6469f2@syzkaller.appspotmail.com Reported-by: syzbot+139ac2d7d3d60162334b@syzkaller.appspotmail.com Reported-by: syzbot+02168317bd0156c13b69@syzkaller.appspotmail.com Reported-by: syzbot+de8d2459ecf4cdc576a1@syzkaller.appspotmail.com
First crash: 139d, last: 133d

Sample crash report:

All crashes (7):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro
ci-openbsd-main 2018/12/03 18:21 openbsd f939acc2 21927904 log report syz C
ci-openbsd-main 2018/12/03 18:02 openbsd f939acc2 21927904 log report
ci-openbsd-multicore 2018/12/09 14:23 https://github.com/blackgnezdo/src.git anton-kcov-dec8 737f2a16 e699a2b9 .config log report
ci-openbsd-multicore 2018/12/07 23:51 https://github.com/blackgnezdo/src.git multicore 013d1561 65ed2472 .config log report
ci-openbsd-multicore 2018/12/07 23:28 https://github.com/blackgnezdo/src.git multicore 013d1561 65ed2472 .config log report
ci-openbsd-multicore 2018/12/07 23:23 https://github.com/blackgnezdo/src.git multicore 013d1561 65ed2472 .config log report
ci-openbsd-main 2018/12/05 21:02 openbsd 7d03a16b f162ad97 log report