search for: faultcall

...with a minimized reproducer, but it's a bit wacky (the fcntl and bpf calls should have no practical effect), and I haven't managed to come up with a C reproducer. Any ideas? Thanks, Mark. Syzkaller reproducer: # {Threaded:true Collide:true Repeat:false Procs:1 Sandbox:setuid Fault:false FaultCall:-1 FaultNth:0 EnableTun:true UseTmpDir:true HandleSegv:true WaitRepeat:false Debug:false Repro:false} mmap(&(0x7f0000000000/0x24000)=nil, 0x24000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000019000-0x8)='./file0\x00', 0x42, 0x0) fcntl$setstatus(r0,...

...with a minimized reproducer, but it's a bit wacky (the fcntl and bpf calls should have no practical effect), and I haven't managed to come up with a C reproducer. Any ideas? Thanks, Mark. Syzkaller reproducer: # {Threaded:true Collide:true Repeat:false Procs:1 Sandbox:setuid Fault:false FaultCall:-1 FaultNth:0 EnableTun:true UseTmpDir:true HandleSegv:true WaitRepeat:false Debug:false Repro:false} mmap(&(0x7f0000000000/0x24000)=nil, 0x24000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000019000-0x8)='./file0\x00', 0x42, 0x0) fcntl$setstatus(r0,...

...the > fcntl and bpf calls should have no practical effect), and I haven't > managed to come up with a C reproducer. > > Any ideas? > > Thanks, > Mark. > > > Syzkaller reproducer: > # {Threaded:true Collide:true Repeat:false Procs:1 Sandbox:setuid Fault:false FaultCall:-1 FaultNth:0 EnableTun:true UseTmpDir:true HandleSegv:true WaitRepeat:false Debug:false Repro:false} > mmap(&(0x7f0000000000/0x24000)=nil, 0x24000, 0x3, 0x32, 0xffffffffffffffff, 0x0) > r0 = openat(0xffffffffffffff9c, &(0x7f0000019000-0x8)='./file0\x00', 0x42, 0x0) > fcntl...

...87129] Dumping ftrace buffer: [ 36.290635] (ftrace buffer empty) [ 36.294312] Kernel Offset: disabled [ 36.297909] Rebooting in 86400 seconds.. # See https://goo.gl/kgGztJ for information about syzkaller reproducers. #{Threaded:false Collide:false Repeat:false Procs:1 Sandbox: Fault:false FaultCall:-1 FaultNth:0 EnableTun:false UseTmpDir:false HandleSegv:false WaitRepeat:false Debug:false Repro:false} r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00002ac000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &...

...pe: application/octet-stream Size: 5691 bytes Desc: not available URL: <http://lists.linuxfoundation.org/pipermail/virtualization/attachments/20171024/7bfd1081/attachment-0002.obj> -------------- next part -------------- #{Threaded:false Collide:false Repeat:false Procs:1 Sandbox: Fault:false FaultCall:-1 FaultNth:0 EnableTun:false UseTmpDir:false HandleSegv:false WaitRepeat:false Debug:false Repro:false} mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00006a4000-0x10)=[{&(0x7f00002a7000-0x59)=&quo...

...pe: application/octet-stream Size: 5691 bytes Desc: not available URL: <http://lists.linuxfoundation.org/pipermail/virtualization/attachments/20171024/7bfd1081/attachment-0002.obj> -------------- next part -------------- #{Threaded:false Collide:false Repeat:false Procs:1 Sandbox: Fault:false FaultCall:-1 FaultNth:0 EnableTun:false UseTmpDir:false HandleSegv:false WaitRepeat:false Debug:false Repro:false} mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00006a4000-0x10)=[{&(0x7f00002a7000-0x59)=&quo...

...is not set > CONFIG_SG_POOL=y > CONFIG_ARCH_HAS_SG_CHAIN=y > CONFIG_ARCH_HAS_PMEM_API=y > CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y > CONFIG_ARCH_HAS_MMIO_FLUSH=y > CONFIG_STACKDEPOT=y > CONFIG_SBITMAP=y > #{Threaded:false Collide:false Repeat:false Procs:1 Sandbox: Fault:false FaultCall:-1 FaultNth:0 EnableTun:false UseTmpDir:false HandleSegv:false WaitRepeat:false Debug:false Repro:false} > mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) > r0 = socket$netlink(0x10, 0x3, 0x4) > writev(r0, &(0x7f00006a4000-0x10)=[{&(0x7f00002a...

...og Type: application/octet-stream Size: 41803 bytes Desc: not available URL: <http://lists.linuxfoundation.org/pipermail/virtualization/attachments/20171218/d4134bd3/attachment.obj> -------------- next part -------------- #{Threaded:false Collide:false Repeat:true Procs:1 Sandbox: Fault:false FaultCall:-1 FaultNth:0 EnableTun:false UseTmpDir:false HandleSegv:false WaitRepeat:true Debug:false Repro:false} mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f000057e000)={0x26, "6165616400000000000000000000...