syzbot


kernel: integer divide fault trap, code=0

Status: fixed on 2020/12/17 08:29
Reported-by: syzbot+9c309db201f06e39a8ba@syzkaller.appspotmail.com
Fix commit: 39c2a1337a94 Reject rules with invalid port ranges
First crash: 1630d, last: 1601d

Sample crash report:
login: kernel: integer divide fault trap, code=0
Stopped at      pf_get_transaddr+0x298: idivl   %r13d,%eax
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
pf_get_transaddr(ffff800000aa9548,ffff800020da96d0,ffff800020da9588,ffff800020da95b0) at pf_get_transaddr+0x298 sys/net/pf_lb.c:689
pf_test_rule(ffff800020da96d0,ffff800020da97c0,ffff800020da97d0,ffff800020da97b0,ffff800020da9798,3) at pf_test_rule+0x495 sys/net/pf.c:3822
pf_test(2,1,ffff80000017b2a8,ffff800020da98e8) at pf_test+0x1909 sys/net/pf.c:7101
ip_input_if(ffff800020da98e8,ffff800020da98f4,4,0,ffff80000017b2a8) at ip_input_if+0x59e sys/netinet/ip_input.c:316
ipv4_input(ffff80000017b2a8,fffffd806f119700) at ipv4_input+0x48 sys/netinet/ip_input.c:215
ether_input(ffff80000017b2a8,fffffd806f119700,0) at ether_input+0x345 sys/net/if_ethersubr.c:461
if_input_process(ffff80000017b2a8,ffff800020da9a18) at if_input_process+0x10b if_ih_input sys/net/if.c:902 [inline]
if_input_process(ffff80000017b2a8,ffff800020da9a18) at if_input_process+0x10b sys/net/if.c:936
ifiq_process(ffff80000017b6a0) at ifiq_process+0x80 sys/net/ifq.c:646
taskq_thread(ffff80000002c000) at taskq_thread+0xec sys/kern/kern_task.c:437
end trace frame: 0x0, count: -9
ddb{0}> 

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/07 01:03 openbsd 56c392bf0c09 bed10395 .config console log report syz ci-openbsd-multicore
2020/06/08 04:46 openbsd 957dfd9fbe6a 7751efd0 .config console log report syz ci-openbsd-multicore
2020/07/07 00:25 openbsd 56c392bf0c09 bed10395 .config console log report ci-openbsd-multicore
2020/06/08 04:34 openbsd 957dfd9fbe6a 7751efd0 .config console log report ci-openbsd-multicore
* Struck through repros no longer work on HEAD.