syzbot


assert "ifa == rt->rt_ifa" failed in nd6.c
Status: fixed on 2019/09/29 08:30
Reported-by: syzbot+43d18b34f2a4379210f7@syzkaller.appspotmail.com
Fix commit: bdbfbec5cea8 Do more sanity checks when accepting socket addresses in routing messages from user land. Inspect length field early in rtm_xaddrs(). Strings must be NUL terminated. The socket address type and length depend on the routing message type. Currently checks are not super strict to avoid too much user land fallout. OK mpi@ Reported-by: syzbot+638dbf7851da8e255af5@syzkaller.appspotmail.com
First crash: 670d, last: 669d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd assert "ifa == rt->rt_ifa" failed in nd6.c (2) 262 632d 669d 0/3 auto-closed as invalid on 2020/01/04 20:58

Sample crash report:

Crashes (9):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-openbsd-main 2019/09/29 07:39 openbsd dc01f72605a6 eb6b9855 .config log report
ci-openbsd-main 2019/09/29 07:02 openbsd dc01f72605a6 eb6b9855 .config log report
ci-openbsd-multicore 2019/09/29 06:18 openbsd b7ac218179b1 eb6b9855 .config log report
ci-openbsd-main 2019/09/29 03:58 openbsd dc01f72605a6 eb6b9855 .config log report
ci-openbsd-main 2019/09/29 00:23 openbsd dc01f72605a6 eb6b9855 .config log report
ci-openbsd-main 2019/09/28 13:48 openbsd dd0887e41377 eb6b9855 .config log report
ci-openbsd-main 2019/09/28 12:28 openbsd dd0887e41377 eb6b9855 .config log report
ci-openbsd-main 2019/09/28 06:53 openbsd 81b7b661bdbb d8074e0b .config log report
ci-openbsd-main 2019/09/28 05:38 openbsd 81b7b661bdbb d8074e0b .config log report