syzbot

 sign-in | mailing list | source | docs
🐞 Open [52] 🐞 Fixed [314] 🐞 Invalid [326] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

panic: udp_output: shared udbinfo lock, excl inp lock (2)

Status: fixed on 2019/06/02 04:01
Reported-by: syzbot+bdf4caa36f3ceeac198f@syzkaller.appspotmail.com
Fix commit: eafaa1bc35e9 After parts of the locking fixes in r346595, syzkaller found another one in udp_output(). This one is a race condition. We do check on the laddr and lport without holding a lock in order to determine whether we want a read or a write lock (this is in the "sendto/sendmsg" cases where addr (sin) is given).
First crash: 1819d, last: 1801d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
freebsd panic: udp_output: shared udbinfo lock, excl inp lock C 46 1828d 1866d 1/2 fixed on 2019/04/23 14:14

Sample crash report:
panic: udp_output: shared udbinfo lock, excl inp lock
cpuid = 1
time = 1558261742
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe002112b550
vpanic() at vpanic+0x1e0/frame 0xfffffe002112b5b0
panic() at panic+0x43/frame 0xfffffe002112b610
udp_send() at udp_send+0x139c/frame 0xfffffe002112b730
sosend_dgram() at sosend_dgram+0x550/frame 0xfffffe002112b7a0
sosend() at sosend+0xc6/frame 0xfffffe002112b810
kern_sendit() at kern_sendit+0x35e/frame 0xfffffe002112b8c0
sendit() at sendit+0x226/frame 0xfffffe002112b920
sys_sendmsg() at sys_sendmsg+0x8b/frame 0xfffffe002112b980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe002112bab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe002112bab0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x41309a, rsp = 0x7fffdfffdf38, rbp = 0x3 ---
KDB: enter: panic
[ thread pid 21428 tid 101145 ]
Stopped at      kdb_enter+0x6a: movq    $0,kdb_why

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/05/19 10:40 freebsd e2abb7b27ea6 40046286 console log report syz ci-freebsd-main
2019/05/09 13:15 freebsd c150a0f6fab9 1ab4c999 console log report syz ci-freebsd-main
2019/05/01 02:42 freebsd 219791b23e76 618456b4 console log report syz ci-freebsd-main
2019/05/19 09:58 freebsd e2abb7b27ea6 40046286 console log report ci-freebsd-main
2019/05/15 10:14 freebsd 5834f8720468 bd4e3ac7 console log report ci-freebsd-main
2019/05/09 12:47 freebsd c150a0f6fab9 1ab4c999 console log report ci-freebsd-main
2019/05/01 02:20 freebsd 219791b23e76 618456b4 console log report ci-freebsd-main
* Struck through repros no longer work on HEAD.