syzbot
Akaros
Android 4.14
Android 4.4
Android 4.9
Android 5.4
FreeBSD
Linux
Linux 4.14
Linux 4.19
Linux 4.4
Linux 4.9
NetBSD
OpenBSD
gVisor
sign-in
|
mailing list
|
source
|
docs
🐞
Open [52]
🐞
Fixed [132]
🐞
Invalid [197]
panic: in6_cksum: out of data, len 64
Status:
upstream: reported on 2020/07/08 16:46
Reported-by: syzbot+1aa1b6dee8562b5a5add@syzkaller.appspotmail.com
First crash: 29d, last: 29d
Sample crash report:
panic: in6_cksum: out of data, len 64 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *398718 32477 0 0x14000 0x200 0 softnet db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823fa49c) at panic+0x15c sys/kern/subr_prf.c:207 in6_cksum(fffffd805a975d00,0,28,78) at in6_cksum+0xf96 sys/netinet6/in6_cksum.c:161 in6_proto_cksum_out(fffffd805a975d00,ffff800000677800) at in6_proto_cksum_out+0x41c sys/netinet6/ip6_output.c:2723 ip6_output(fffffd805a975d00,0,0,4,0,0) at ip6_output+0x189f sys/netinet6/ip6_output.c:668 ip6_send_dispatch(ffffffff827e4ae8) at ip6_send_dispatch+0x8f sys/netinet6/ip6_input.c:1465 taskq_thread(ffff80000002b080) at taskq_thread+0x92 sys/kern/kern_task.c:438 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic in6_cksum: out of data, len 64 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823fa49c) at panic+0x15c sys/kern/subr_prf.c:207 in6_cksum(fffffd805a975d00,0,28,78) at in6_cksum+0xf96 sys/netinet6/in6_cksum.c:161 in6_proto_cksum_out(fffffd805a975d00,ffff800000677800) at in6_proto_cksum_out+0x41c sys/netinet6/ip6_output.c:2723 ip6_output(fffffd805a975d00,0,0,4,0,0) at ip6_output+0x189f sys/netinet6/ip6_output.c:668 ip6_send_dispatch(ffffffff827e4ae8) at ip6_send_dispatch+0x8f sys/netinet6/ip6_input.c:1465 taskq_thread(ffff80000002b080) at taskq_thread+0x92 sys/kern/kern_task.c:438 end trace frame: 0x0, count: -7 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80001d678370 rbx 0xffff80001d678420 rdx 0x2 rcx 0 rax 0x1 r8 0xffffffff815e8b5f kprintf+0x15f r9 0x1 r10 0x2 r11 0x6149eed56dd08142 r12 0x3000000008 r13 0xffff80001d678380 r14 0x100 r15 0x1 rip 0xffffffff81327368 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001d678360 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softnet) pid=398718 stat=onproc flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM> pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff80001d651ea0,0xffff80001d651760 process=0xffff8000ffffe3a0 user=0xffff80001d673000, vmspace=0xffffffff8283a1f0 estcpu=0, cpticks=0, pctcpu=0.12 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 23416 508106 47264 0 2 0 syz-executor.1 23416 123421 47264 0 2 0x4000000 syz-executor.1 27381 341648 14752 0 2 0 syz-executor.0 27381 201564 14752 0 3 0x4000080 fsleep syz-executor.0 27381 357677 14752 0 3 0x4000080 pipewr syz-executor.0 47264 520545 7364 0 3 0x82 nanosleep syz-executor.1 84611 520560 0 0 3 0x14280 nfsidl nfsio 35790 219566 0 0 3 0x14280 nfsidl nfsio 53356 272175 0 0 3 0x14280 nfsidl nfsio 1908 480335 0 0 3 0x14280 nfsidl nfsio 12380 310303 0 0 3 0x14280 nfsidl nfsio 24191 172035 0 0 3 0x14280 nfsidl nfsio 75657 172487 0 0 3 0x14280 nfsidl nfsio 25724 324377 0 0 3 0x14280 nfsidl nfsio 35757 134085 0 0 3 0x14280 nfsidl nfsio 57385 369393 0 0 3 0x14280 nfsidl nfsio 45145 160153 0 0 3 0x14280 nfsidl nfsio 93436 319238 0 0 3 0x14280 nfsidl nfsio 91578 281200 0 0 3 0x14280 nfsidl nfsio 51400 433758 0 0 3 0x14280 nfsidl nfsio 65732 468083 0 0 3 0x14280 nfsidl nfsio 56378 27329 0 0 3 0x14280 nfsidl nfsio 68731 307008 0 0 3 0x14280 nfsidl nfsio 13374 49451 0 0 3 0x14280 nfsidl nfsio 77368 412127 0 0 3 0x14280 nfsidl nfsio 66377 495784 0 0 3 0x14280 nfsidl nfsio 22994 300100 0 0 3 0x14200 bored sosplice 14752 178663 7364 0 3 0x82 nanosleep syz-executor.0 7364 379239 33878 0 3 0x82 thrsleep syz-fuzzer 7364 450700 33878 0 3 0x4000082 thrsleep syz-fuzzer 7364 194862 33878 0 3 0x4000082 thrsleep syz-fuzzer 7364 398808 33878 0 3 0x4000082 thrsleep syz-fuzzer 7364 110407 33878 0 3 0x4000082 kqread syz-fuzzer 7364 412504 33878 0 3 0x4000082 thrsleep syz-fuzzer 7364 177860 33878 0 3 0x4000082 thrsleep syz-fuzzer 7364 174425 33878 0 3 0x4000082 thrsleep syz-fuzzer 33878 295768 25417 0 3 0x10008a pause ksh 25417 21074 12158 0 3 0x92 select sshd 19128 60350 1 0 3 0x100083 ttyopn getty 12158 411366 1 0 3 0x80 select sshd 93117 261853 80973 73 3 0x100090 kqread syslogd 80973 331159 1 0 3 0x100082 netio syslogd 65206 347125 1 77 3 0x100090 poll dhclient 89891 74357 1 0 3 0x80 poll dhclient 59693 17232 0 0 3 0x14200 bored smr 30056 466601 0 0 2 0x14200 zerothread 83159 406070 0 0 3 0x14200 aiodoned aiodoned 10079 370927 0 0 3 0x14200 syncer update 42617 127731 0 0 3 0x14200 cleaner cleaner 26155 261303 0 0 3 0x14200 reaper reaper 90155 435158 0 0 3 0x14200 pgdaemon pagedaemon 65150 450817 0 0 3 0x14200 bored crynlk 23496 106344 0 0 3 0x14200 bored crypto 11958 488169 0 0 3 0x40014200 acpi0 acpi0 *32477 398718 0 0 7 0x14200 softnet 691 131677 0 0 2 0x14200 systqmp 75646 247792 0 0 3 0x14200 bored systq 83015 492475 0 0 3 0x40014200 bored softclock 35213 375915 0 0 3 0x40014200 idle0 1 206939 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9508 6354K 6610K 78643K 11069 0 pcb 13 8K 8K 78643K 67 0 rtable 106 14K 18K 78643K 516 0 ifaddr 81 15K 16K 78643K 175 0 counters 21 16K 16K 78643K 28 0 ioctlops 0 0K 4K 78643K 69 0 iov 0 0K 16K 78643K 41 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1407 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 6 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 62 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 6 17K 25K 78643K 348 0 sigio 0 0K 0K 78643K 4 0 proc 49 38K 63K 78643K 436 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 26 0 in_multi 46 2K 3K 78643K 142 0 ether_multi 1 0K 0K 78643K 11 0 mrt 0 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 223 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 136 39K 56K 78643K 1686 0 UVM aobj 24 2K 2K 78643K 24 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 42 0 NDP 13 0K 0K 78643K 36 0 temp 140 3864K 3928K 78643K 7248 0 kqueue 6 10K 14K 78643K 23 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 4 1 0 1 1 0 8 0 rtpcb 80 31 0 29 1 0 1 1 0 8 0 rtentry 112 80 0 46 2 0 2 2 0 8 0 unpcb 120 159 0 151 1 0 1 1 0 8 0 syncache 264 9 0 9 3 3 0 1 0 8 0 tcpqe 32 131 0 131 2 2 0 1 0 8 0 tcpcb 544 122 0 116 1 0 1 1 0 8 0 inpcb 296 365 0 356 2 0 2 2 0 8 1 rttmr 72 1 0 1 1 0 1 1 0 8 1 nd6 48 20 0 19 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 1 1 1 0 8 1 ppxss 1128 2 0 2 1 0 1 1 0 8 1 pfrke_plain 160 9 0 6 1 0 1 1 0 8 0 pfrktable 1344 78 0 73 2 0 2 2 0 8 1 pftag 88 15 0 14 1 0 1 1 0 8 0 pfrule 1360 16 0 12 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 287 0 128 13 0 13 13 0 8 2 art_table 32 289 0 128 2 0 2 2 0 8 0 art_node 16 79 0 46 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 2 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 52 0 42 1 0 1 1 0 8 0 shmpl 112 21 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1879 0 484 88 0 88 88 0 8 0 ffsino 240 1879 0 484 83 0 83 83 0 8 0 nchpl 144 2559 0 970 60 0 60 60 0 8 0 rtmask 32 12 0 11 1 0 1 1 0 8 0 uvmvnodes 72 2046 0 0 38 0 38 38 0 8 0 vnodes 208 2046 0 0 108 0 108 108 0 8 0 namei 1024 7321 0 7321 1 0 1 1 0 8 1 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 528 6 0 4 1 0 1 1 0 8 0 pfiaddrpl 120 22 0 18 1 0 1 1 0 8 0 scxspl 192 7558 0 7558 1 0 1 1 0 8 1 plimitpl 152 39 0 32 1 0 1 1 0 8 0 sigapl 424 552 0 502 6 0 6 6 0 8 0 futexpl 56 6997 0 6996 1 0 1 1 0 8 0 knotepl 112 105 0 86 1 0 1 1 0 8 0 kqueuepl 144 54 0 43 1 0 1 1 0 8 0 pipepl 272 118 0 106 2 1 1 2 0 8 0 fdescpl 432 517 0 502 2 0 2 2 0 8 0 filepl 120 3243 0 3143 5 1 4 5 0 8 0 lockfpl 104 586 0 584 1 0 1 1 0 8 0 lockfspl 48 161 0 159 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 20 0 10 1 0 1 1 0 8 0 ucredpl 96 262 0 255 1 0 1 1 0 8 0 zombiepl 144 502 0 502 1 0 1 1 0 8 1 processpl 928 552 0 502 7 0 7 7 0 8 0 procpl 624 937 0 877 5 0 5 5 0 8 0 sosppl 128 3 0 3 1 1 0 1 0 8 0 sockpl 400 564 0 545 5 1 4 4 0 8 1 mcl64k 65536 38 0 38 1 0 1 1 0 8 1 mcl16k 16384 5 0 5 2 1 1 1 0 8 1 mcl12k 12288 7 0 7 1 0 1 1 0 8 1 mcl9k 9216 7 0 7 2 1 1 1 0 8 1 mcl8k 8192 12 0 12 1 0 1 1 0 8 1 mcl4k 4096 35 0 35 2 1 1 1 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 77966 0 77922 15 8 7 13 0 8 0 mtagpl 96 35 0 21 2 1 1 1 0 8 0 mbufpl 256 125639 0 125503 18 3 15 15 0 8 2 bufpl 280 3916 0 128 271 0 271 271 0 8 0 anonpl 16 69619 0 53766 84 10 74 83 0 107 7 amapchunkpl 152 2546 0 2395 18 4 14 14 0 158 8 amappl16 192 2573 0 1653 58 10 48 58 0 8 1 amappl15 184 46 0 45 1 0 1 1 0 8 0 amappl14 176 139 0 130 1 0 1 1 0 8 0 amappl13 168 174 0 169 1 0 1 1 0 8 0 amappl12 160 12 0 10 1 0 1 1 0 8 0 amappl11 152 168 0 157 1 0 1 1 0 8 0 amappl10 144 21 0 16 1 0 1 1 0 8 0 amappl9 136 378 0 377 1 0 1 1 0 8 0 amappl8 128 358 0 316 2 0 2 2 0 8 0 amappl7 120 111 0 100 1 0 1 1 0 8 0 amappl6 112 24 0 19 1 0 1 1 0 8 0 amappl5 104 334 0 323 1 0 1 1 0 8 0 amappl4 96 690 0 660 1 0 1 1 0 8 0 amappl3 88 226 0 217 1 0 1 1 0 8 0 amappl2 80 3290 0 3218 2 0 2 2 0 8 0 amappl1 72 18865 0 18428 23 14 9 17 0 8 0 amappl 80 1163 0 1118 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 23 0 0 1 0 1 1 0 8 0 uaddrrnd 24 523 0 506 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 523 0 506 1 0 1 1 0 8 0 vmmpekpl 168 7238 0 7204 2 0 2 2 0 8 0 vmmpepl 168 69622 0 67479 128 20 108 121 0 357 14 vmsppl 272 522 0 506 3 1 2 2 0 8 0 pdppl 4096 1052 0 1014 6 1 5 6 0 8 0 pvpl 32 210996 0 191905 201 10 191 200 0 265 31 pmappl 200 522 0 506 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 254 0 19 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823fa49c) at panic+0x15c sys/kern/subr_prf.c:207 in6_cksum(fffffd805a975d00,0,28,78) at in6_cksum+0xf96 sys/netinet6/in6_cksum.c:161 in6_proto_cksum_out(fffffd805a975d00,ffff800000677800) at in6_proto_cksum_out+0x41c sys/netinet6/ip6_output.c:2723 ip6_output(fffffd805a975d00,0,0,4,0,0) at ip6_output+0x189f sys/netinet6/ip6_output.c:668 ip6_send_dispatch(ffffffff827e4ae8) at ip6_send_dispatch+0x8f sys/netinet6/ip6_input.c:1465 taskq_thread(ffff80000002b080) at taskq_thread+0x92 sys/kern/kern_task.c:438 end trace frame: 0x0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823fa49c) at panic+0x15c sys/kern/subr_prf.c:207 in6_cksum(fffffd805a975d00,0,28,78) at in6_cksum+0xf96 sys/netinet6/in6_cksum.c:161 in6_proto_cksum_out(fffffd805a975d00,ffff800000677800) at in6_proto_cksum_out+0x41c sys/netinet6/ip6_output.c:2723 ip6_output(fffffd805a975d00,0,0,4,0,0) at ip6_output+0x189f sys/netinet6/ip6_output.c:668 ip6_send_dispatch(ffffffff827e4ae8) at ip6_send_dispatch+0x8f sys/netinet6/ip6_input.c:1465 taskq_thread(ffff80000002b080) at taskq_thread+0x92 sys/kern/kern_task.c:438 end trace frame: 0x0, count: -7
Crashes (1):
Manager
Time
Kernel
Commit
Syzkaller
Config
Log
Report
Syz repro
C repro
ci-openbsd-main
2020/07/08 16:45
openbsd
638aa2bc
bae5742c
.config
log
report