syzbot

 sign-in | mailing list | source | docs
🐞 Open [144]
🐞 Fixed [274]
🐞 Invalid [739]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

uvm_fault: tun_dev_read

Status: auto-closed as invalid on 2019/06/05 22:47
Reported-by: syzbot+ce2a53be1a47b142379f@syzkaller.appspotmail.com
First crash: 2177d, last: 2176d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd uvm_fault: tun_dev_read (2) 71 1580d 1827d 0/3 auto-closed as invalid on 2020/10/23 18:18

Sample crash report:
uvm_fault(0xffffff002bdc1b60, 0x6000118, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at      tun_dev_read+0x1fa:     movl    0x18(%r15),%ebx
ddb> 
ddb> set $lines = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffff002bdc1b60, 0x6000118, 0, 1) -> e
tun_dev_read(ffff800014b06ad8,ffffff0035ff5db8,ffffff0035ff5db8) at tun_dev_read+0x1fa
end trace frame: 0xffff800014b06990, count: 0
ddb> trace
tun_dev_read(ffff800014b06ad8,ffffff0035ff5db8,ffffff0035ff5db8) at tun_dev_read+0x1fa
spec_read(10) at spec_read+0x9d
VOP_READ(ffff800014b06ad8,ffffff0035ff5db8,ffffff0030acc970,0) at VOP_READ+0x5evn_read(ffffff0030acc970,ffff800014a1d7f8,3e8) at vn_read+0x130
dofilereadv(ffff800014a1d7f8,ffff800014b06b80,3e8,ffff800014b06b90,655993151e8) at dofilereadv+0x14f
sys_read(ffff800014b06c20,ffff800014a1d7f8,ffff8000149f9668) at sys_read+0x6e
syscall(0) at syscall+0x3e4
Xsyscall(6,3,0,3,1,65581f1a400) at Xsyscall+0x128
end of kernel
end trace frame: 0x65599315200, count: -8
ddb> show registers
rdi                                0
rsi               0xffffffff81847b54    tun_dev_read+0x244
rbp               0xffff800014b068f0
rbx                                0
rdx               0xffff800002acc000
rcx                             0xf1
rax                            0x212
r8                    0x7f7fffffc000
r9                                 0
r10                                0
r11               0xffffffff8188ec90    pool_lock_mtx_leave
r12               0xffff800014b06ad8
r13                              0x5
r14               0xffff800000aca000
r15                        0x6000100    __kernel_end_phys+0x4000100
rip               0xffffffff81847b0a    tun_dev_read+0x1fa
cs                               0x8
rflags                       0x10206    __ALIGN_SIZE+0xf206
rsp               0xffff800014b068b0
ss                              0x10
tun_dev_read+0x1fa:     movl    0x18(%r15),%ebx
ddb> show proc
PROC (syz-executor0) pid=164140 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=86, usrpri=86, nice=20
    forw=0xffffffffffffffff, list=0xffff800014a1c2e0,0xffffffff81e94fe8
    process=0xffff8000149f9668 user=0xffff800014b01000, vmspace=0xffffff002bdc1b60
    estcpu=36, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 63437  501580  91377      0  2           0                syz-executor0
*63437  164140  91377      0  7   0x4000000                syz-executor0
 85253  514150  57642      0  2           0                syz-executor1
 85253  485955  57642      0  3   0x4000080  fifow         syz-executor1
 54410  428172  74827      0  3        0x82  netio         sshd
 60854   79489  74827      0  3        0x82  netio         sshd
 58763  389883      1      0  3    0x100083  ttyin         getty
 58827  230925      0      0  3     0x14200  bored         sosplice
 91377  494715  98695      0  2       0x482                syz-executor0
 57642   25113  98695      0  3        0x82  nanosleep     syz-executor1
 98695  183234  10748      0  3        0x82  thrsleep      syz-fuzzer
 98695   26427  10748      0  2   0x4000482                syz-fuzzer
 98695   27685  10748      0  3   0x4000082  thrsleep      syz-fuzzer
 98695  190292  10748      0  3   0x4000082  thrsleep      syz-fuzzer
 98695  126944  10748      0  3   0x4000082  kqread        syz-fuzzer
 98695   79805  10748      0  3   0x4000082  thrsleep      syz-fuzzer
 98695  212469  10748      0  3   0x4000082  thrsleep      syz-fuzzer
 10748   25522  19411      0  3    0x10008a  pause         ksh
 19411  383339  74827      0  3        0x92  select        sshd
 74827  125960      1      0  3        0x80  select        sshd
 41535   86516  11657     73  2    0x100090                syslogd
 11657   33464      1      0  3    0x100082  netio         syslogd
 19532  377932      1     77  3    0x100090  poll          dhclient
 15664  300880      1      0  3        0x80  poll          dhclient
 76727  444427      0      0  2     0x14200                zerothread
 38698  107784      0      0  3     0x14200  aiodoned      aiodoned
 16130  411597      0      0  3     0x14200  syncer        update
 36856   13952      0      0  3     0x14200  cleaner       cleaner
 73933  338251      0      0  3     0x14200  reaper        reaper
 95309   12443      0      0  3     0x14200  pgdaemon      pagedaemon
 57068  264523      0      0  3     0x14200  bored         crynlk
 16981  302598      0      0  3     0x14200  bored         crypto
 87889   83039      0      0  3  0x40014200  acpi0         acpi0
 47272   24285      0      0  3     0x14200  bored         softnet
 58092  260970      0      0  3     0x14200  bored         systqmp
 97768  105292      0      0  3     0x14200  bored         systq
 11195  287455      0      0  3  0x40014200  bored         softclock
 56216  242477      0      0  3  0x40014200                idle0
     1  509338      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/12/07 22:46 openbsd 53ac6a98736c 65ed2472 .config console log report ci-openbsd-main
2018/12/06 18:36 openbsd 7d03a16b0321 cc3a19d5 console log report ci-openbsd-main
* Struck through repros no longer work on HEAD.