syzbot


uvm_fault: m_copyback
Status: fixed on 2021/01/20 22:02
Reported-by: syzbot+947e89e06ac3fec187d0@syzkaller.appspotmail.com
Fix commit: 2cbebc019f52 pflog(4) tried to log the translated packet with rdr-to, nat-to, and af-to addresses and ports applied. Therefore it created a mbuf chain on the stack with a partial copy. This is too complicated for IP options, extension header, NAT46 af-to, and fragmented mbuf chains. It even caused a crash in syzkaller. Usually the length checks in pf_setup_pdesc() rejected the faked mbuf and the goto copy logged the packet unmodified. Remove the pflog_mtap() function and call bpf_mtap_hdr() directly. As the old buggy code was bypassed in most cases, tcpdump(8) output of pflog does not change. Uncondionally log the unmodified packet. Reported-by: syzbot+947e89e06ac3fec187d0@syzkaller.appspotmail.com OK sashan@
First crash: 359d, last: 212d

Sample crash report:

Crashes (69):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-openbsd-multicore 2021/01/03 04:50 openbsd e8326ca2c688 79264ae3 .config log report
ci-openbsd-multicore 2020/12/21 04:36 openbsd f0738f1860da 04201c06 .config log report
ci-openbsd-multicore 2020/12/11 22:43 openbsd 109c71d4397c bca53db9 .config log report
ci-openbsd-multicore 2020/11/23 14:46 openbsd d176a5c81a04 878fb17a .config log report
ci-openbsd-multicore 2020/11/18 10:59 openbsd 471d5e8a0b05 09323409 .config log report
ci-openbsd-multicore 2020/11/15 14:49 openbsd c63cca64c969 1bf9a662 .config log report
ci-openbsd-multicore 2020/11/11 12:10 openbsd f791c386a5be cca87986 .config log report
ci-openbsd-multicore 2020/10/23 09:52 openbsd a80e5d367a75 4e740c00 .config log report
ci-openbsd-multicore 2020/10/14 07:02 openbsd 05e0a99435b4 fc7735a2 .config log report
ci-openbsd-multicore 2020/10/12 15:33 openbsd 0d27d3d93b84 d32b0bbf .config log report
ci-openbsd-multicore 2020/10/12 13:37 openbsd 0d27d3d93b84 4a77ae0b .config log report
ci-openbsd-multicore 2020/10/09 21:22 openbsd 2769981bcf36 93817d89 .config log report
ci-openbsd-multicore 2020/10/07 05:37 openbsd 7392f8b916e4 1880b4a9 .config log report
ci-openbsd-multicore 2020/09/17 22:13 openbsd 222ffc23a7c7 8247808b .config log report
ci-openbsd-multicore 2020/09/17 17:02 openbsd 222ffc23a7c7 8247808b .config log report
ci-openbsd-multicore 2020/09/17 14:31 openbsd 222ffc23a7c7 8247808b .config log report
ci-openbsd-multicore 2020/09/12 10:21 openbsd c38ae11dbcbd 21d289c2 .config log report
ci-openbsd-multicore 2020/09/07 05:55 openbsd 1235808c95d2 abf9ba4f .config log report
ci-openbsd-multicore 2020/09/02 20:32 openbsd 42522c3881a4 abf9ba4f .config log report
ci-openbsd-multicore 2020/09/01 02:13 openbsd e3132ea9152e d5a3ae1f .config log report
ci-openbsd-multicore 2020/08/23 21:26 openbsd 7e57f0c193e5 1da71ab0 .config log report
ci-openbsd-multicore 2020/08/18 21:57 openbsd 0b50a22dd240 e1c29030 .config log report
ci-openbsd-multicore 2020/08/15 14:05 openbsd cc37c486677e c2707aa5 .config log report
ci-openbsd-multicore 2020/08/10 21:26 openbsd 3c86a58ec715 7adc7b65 .config log report
ci-openbsd-multicore 2020/08/09 10:39 openbsd 97da2ad2205f f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 07:20 openbsd 97da2ad2205f f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 06:19 openbsd 97da2ad2205f f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 06:08 openbsd 97da2ad2205f f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 05:37 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 05:30 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 04:50 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 04:49 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 04:25 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 04:13 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 04:08 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 03:50 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 03:11 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 02:21 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 02:17 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 02:15 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 01:57 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 01:55 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 01:48 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 01:46 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 01:26 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 00:45 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 00:42 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 00:28 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/09 00:25 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 23:50 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 23:21 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 23:19 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 23:14 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 22:35 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 22:34 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 22:28 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 22:02 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 22:02 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 21:59 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 21:57 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 21:32 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 21:18 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 19:29 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 18:42 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 18:03 openbsd a395eaf7c290 f721e4a0 .config log report
ci-openbsd-multicore 2020/08/08 16:48 openbsd a395eaf7c290 f721e4a0 .config log report