syzbot

 sign-in | mailing list | source | docs
🐞 Open [96]
🐞 Fixed [352]
🐞 Invalid [383]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM

Status: upstream: reported on 2025/04/18 10:51
Reported-by: syzbot+d6f7e1299095275ef6ce@syzkaller.appspotmail.com
First crash: 92d, last: 43d

Sample crash report:
panic: ip6_deletefraghdr: ext headers not contigous in mbuf 0xfffffe006e166c00 m_len 40 >= offset 48 + 8

cpuid = 0
time = 13277757
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0057351ed0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057352030
vpanic() at vpanic+0x257/frame 0xfffffe00573521f0
panic() at panic+0xb5/frame 0xfffffe00573522b0
frag6_input() at frag6_input/frame 0xfffffe00573522f0
pf_normalize_ip6() at pf_normalize_ip6+0xd8b/frame 0xfffffe0057352450
pf_test() at pf_test+0xc91/frame 0xfffffe0057352a00
pf_check6_in() at pf_check6_in+0xac/frame 0xfffffe0057352a50
pfil_mbuf_in() at pfil_mbuf_in+0x8c/frame 0xfffffe0057352a90
ip6_input() at ip6_input+0x16dd/frame 0xfffffe0057352cf0
swi_net() at swi_net+0x2b8/frame 0xfffffe0057352d90
ithread_loop() at ithread_loop+0x4ec/frame 0xfffffe0057352ef0
fork_exit() at fork_exit+0xcc/frame 0xfffffe0057352f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0057352f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100033 ]
Stopped at      kdb_enter+0x6e: movq    $0,0x25bdb47(%rip)
db> 
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs                        0x20
ds                        0x3b
es                        0x3b
fs                        0x13
gs                        0x1b
ss                        0x28
rax                       0x12
rcx         0xfffffe00033eee30
rdx                          0
rbx         0xffffffff827b44e0  .str.27
rsp         0xfffffe0057352010
rbp         0xfffffe0057352030
rsi                          0
rdi         0xffffffff816154a9  printf+0x149
r8                           0
r9                  0xffffffff
r10          0x100000000000000
r11                        0x4
r12         0xfffffe0008021780
r13         0xfffffffffffffffe
r14         0xffffffff827b44e0  .str.27
r15                          0
rip         0xffffffff815ff64e  kdb_enter+0x6e
rflags                    0x46
kdb_enter+0x6e: movq    $0,0x25bdb47(%rip)
db> show proc
Process 12 (intr) at 0xfffffe0008008580:
 state: NORMAL
 uid: 0  gids: 0
 parent: pid 0 at 0xffffffff83b478e0
 ABI: null
 flag: 0x10000284  flag2: 0
 reaper: 0xffffffff83b478e0 reapsubtree: 12
 sigparent: 20
 vmspace: 0xffffffff83b488c0
   (map 0xffffffff83b488c0)
   (map.pmap 0xffffffff83b48960)
   (pmap 0xffffffff83b489d0)
 threads: 20
100013                   I                                   [swi6: task queue]
100014                   I                                   [swi6: Giant taskq]
100016                   I                                   [swi5: fast taskq]
100033                   Run     CPU 0                       [swi1: netisr 0]
100034                   I                                   [swi1: hpts]
100035                   I                                   [swi1: hpts]
100048                   I                                   [irq24: virtio_pci0]
100049                   I                                   [irq25: virtio_pci0]
100050                   I                                   [irq26: virtio_pci0]
100051                   I                                   [irq27: virtio_pci0]
100052                   I                                   [irq28: virtio_pci1]
100053                   I                                   [irq29: virtio_pci1]
100054                   I                                   [irq30: virtio_pci1]
100055                   I                                   [irq31: virtio_pci1]
100056                   I                                   [irq32: virtio_pci1]
100061                   I                                   [irq10: virtio_pci2]
100063                   I                                   [irq1: atkbd0]
100064                   I                                   [irq12: psm0]
100065                   I                                   [swi0: uart uart++]
100069                   I                                   [swi1: pf send]
db>

Crashes (686):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/06 19:29 freebsd-src 6d46fd2cbea4 3d899f2c console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/06 18:22 freebsd-src 6d46fd2cbea4 3d899f2c console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/06 17:15 freebsd-src 6d46fd2cbea4 3d899f2c console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/06 15:27 freebsd-src 6d46fd2cbea4 3d899f2c console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/06 14:00 freebsd-src 6d46fd2cbea4 3d899f2c console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/06 12:59 freebsd-src 6d46fd2cbea4 3d899f2c console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/06 11:31 freebsd-src 6d46fd2cbea4 3d899f2c console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/06 09:02 freebsd-src 6d46fd2cbea4 3d899f2c console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/06 07:36 freebsd-src 934df0ca61bf 6b6b5f21 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/06 03:27 freebsd-src 934df0ca61bf 6b6b5f21 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/05 17:11 freebsd-src 38c655093c6b 6b6b5f21 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/05 13:05 freebsd-src 38c655093c6b 6b6b5f21 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/05 08:45 freebsd-src 8e1e989c77d4 6b6b5f21 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/05 05:07 freebsd-src 8e1e989c77d4 6b6b5f21 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/05 00:38 freebsd-src 8e1e989c77d4 6b6b5f21 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/04 21:56 freebsd-src 8e1e989c77d4 6b6b5f21 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/04 17:47 freebsd-src a5fe142e0844 e565f08d console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/04 16:36 freebsd-src a5fe142e0844 e565f08d console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/04 12:33 freebsd-src a5fe142e0844 e565f08d console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/04 11:19 freebsd-src a5fe142e0844 e565f08d console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/04 07:26 freebsd-src 71f854e5a01a a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/04 05:37 freebsd-src 71f854e5a01a a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/04 03:52 freebsd-src 71f854e5a01a a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 23:25 freebsd-src 2a35b00732d9 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 21:35 freebsd-src 2a35b00732d9 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 20:34 freebsd-src 2a35b00732d9 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 20:15 freebsd-src 2a35b00732d9 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 18:32 freebsd-src 2a35b00732d9 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 17:00 freebsd-src 2a35b00732d9 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 15:30 freebsd-src 2a35b00732d9 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 13:43 freebsd-src 2a35b00732d9 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 12:08 freebsd-src 2a35b00732d9 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 10:36 freebsd-src d8773fdcbfa3 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 08:01 freebsd-src d8773fdcbfa3 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 02:42 freebsd-src d8773fdcbfa3 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 01:42 freebsd-src d8773fdcbfa3 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/03 00:33 freebsd-src d8773fdcbfa3 a30356b7 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/02 19:59 freebsd-src 2e113ef82465 aaaaf5ea console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/02 17:38 freebsd-src 2e113ef82465 aaaaf5ea console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/02 15:56 freebsd-src 2e113ef82465 aaaaf5ea console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/02 14:49 freebsd-src 2e113ef82465 aaaaf5ea console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/02 08:12 freebsd-src 2e113ef82465 3d2f584d console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/04/18 10:51 freebsd-src 7121e9414f29 2a20f901 console log report ci-freebsd-main panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/05 23:26 freebsd-src 38c655093c6b 6b6b5f21 console log report ci-freebsd-i386 panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/04 10:11 freebsd-src a5fe142e0844 e565f08d console log report ci-freebsd-i386 panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
2025/06/02 03:28 freebsd-src 4bf049bfeefd 3d2f584d console log report ci-freebsd-i386 panic: ip6_deletefraghdr: ext headers not contigous in mbuf ADDR m_len NUM >= offset NUM + NUM
* Struck through repros no longer work on HEAD.