panic: in6_cksum: out of data, len 64

panic: in6_cksum: out of data, len 64
Status: auto-closed as invalid on 2020/10/06 16:46
Reported-by: syzbot+1aa1b6dee8562b5a5add@syzkaller.appspotmail.com
First crash: 382d, last: 382d

Sample crash report:
panic: in6_cksum: out of data, len 64
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*398718  32477      0     0x14000      0x200    0  softnet
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff823fa49c) at panic+0x15c sys/kern/subr_prf.c:207
in6_cksum(fffffd805a975d00,0,28,78) at in6_cksum+0xf96 sys/netinet6/in6_cksum.c:161
in6_proto_cksum_out(fffffd805a975d00,ffff800000677800) at in6_proto_cksum_out+0x41c sys/netinet6/ip6_output.c:2723
ip6_output(fffffd805a975d00,0,0,4,0,0) at ip6_output+0x189f sys/netinet6/ip6_output.c:668
ip6_send_dispatch(ffffffff827e4ae8) at ip6_send_dispatch+0x8f sys/netinet6/ip6_input.c:1465
taskq_thread(ffff80000002b080) at taskq_thread+0x92 sys/kern/kern_task.c:438
end trace frame: 0x0, count: 8
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> 
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
in6_cksum: out of data, len 64
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff823fa49c) at panic+0x15c sys/kern/subr_prf.c:207
in6_cksum(fffffd805a975d00,0,28,78) at in6_cksum+0xf96 sys/netinet6/in6_cksum.c:161
in6_proto_cksum_out(fffffd805a975d00,ffff800000677800) at in6_proto_cksum_out+0x41c sys/netinet6/ip6_output.c:2723
ip6_output(fffffd805a975d00,0,0,4,0,0) at ip6_output+0x189f sys/netinet6/ip6_output.c:668
ip6_send_dispatch(ffffffff827e4ae8) at ip6_send_dispatch+0x8f sys/netinet6/ip6_input.c:1465
taskq_thread(ffff80000002b080) at taskq_thread+0x92 sys/kern/kern_task.c:438
end trace frame: 0x0, count: -7
ddb> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80001d678370
rbx               0xffff80001d678420
rdx                              0x2
rcx                                0
rax                              0x1
r8                0xffffffff815e8b5f    kprintf+0x15f
r9                               0x1
r10                              0x2
r11               0x6149eed56dd08142
r12                     0x3000000008
r13               0xffff80001d678380
r14                            0x100
r15                              0x1
rip               0xffffffff81327368    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff80001d678360
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb> show proc
PROC (softnet) pid=398718 stat=onproc
    flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
    pri=32, usrpri=50, nice=20
    forw=0xffffffffffffffff, list=0xffff80001d651ea0,0xffff80001d651760
    process=0xffff8000ffffe3a0 user=0xffff80001d673000, vmspace=0xffffffff8283a1f0
    estcpu=0, cpticks=0, pctcpu=0.12
    user=0, sys=0, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 23416  508106  47264      0  2           0                syz-executor.1
 23416  123421  47264      0  2   0x4000000                syz-executor.1
 27381  341648  14752      0  2           0                syz-executor.0
 27381  201564  14752      0  3   0x4000080  fsleep        syz-executor.0
 27381  357677  14752      0  3   0x4000080  pipewr        syz-executor.0
 47264  520545   7364      0  3        0x82  nanosleep     syz-executor.1
 84611  520560      0      0  3     0x14280  nfsidl        nfsio
 35790  219566      0      0  3     0x14280  nfsidl        nfsio
 53356  272175      0      0  3     0x14280  nfsidl        nfsio
  1908  480335      0      0  3     0x14280  nfsidl        nfsio
 12380  310303      0      0  3     0x14280  nfsidl        nfsio
 24191  172035      0      0  3     0x14280  nfsidl        nfsio
 75657  172487      0      0  3     0x14280  nfsidl        nfsio
 25724  324377      0      0  3     0x14280  nfsidl        nfsio
 35757  134085      0      0  3     0x14280  nfsidl        nfsio
 57385  369393      0      0  3     0x14280  nfsidl        nfsio
 45145  160153      0      0  3     0x14280  nfsidl        nfsio
 93436  319238      0      0  3     0x14280  nfsidl        nfsio
 91578  281200      0      0  3     0x14280  nfsidl        nfsio
 51400  433758      0      0  3     0x14280  nfsidl        nfsio
 65732  468083      0      0  3     0x14280  nfsidl        nfsio
 56378   27329      0      0  3     0x14280  nfsidl        nfsio
 68731  307008      0      0  3     0x14280  nfsidl        nfsio
 13374   49451      0      0  3     0x14280  nfsidl        nfsio
 77368  412127      0      0  3     0x14280  nfsidl        nfsio
 66377  495784      0      0  3     0x14280  nfsidl        nfsio
 22994  300100      0      0  3     0x14200  bored         sosplice
 14752  178663   7364      0  3        0x82  nanosleep     syz-executor.0
  7364  379239  33878      0  3        0x82  thrsleep      syz-fuzzer
  7364  450700  33878      0  3   0x4000082  thrsleep      syz-fuzzer
  7364  194862  33878      0  3   0x4000082  thrsleep      syz-fuzzer
  7364  398808  33878      0  3   0x4000082  thrsleep      syz-fuzzer
  7364  110407  33878      0  3   0x4000082  kqread        syz-fuzzer
  7364  412504  33878      0  3   0x4000082  thrsleep      syz-fuzzer
  7364  177860  33878      0  3   0x4000082  thrsleep      syz-fuzzer
  7364  174425  33878      0  3   0x4000082  thrsleep      syz-fuzzer
 33878  295768  25417      0  3    0x10008a  pause         ksh
 25417   21074  12158      0  3        0x92  select        sshd
 19128   60350      1      0  3    0x100083  ttyopn        getty
 12158  411366      1      0  3        0x80  select        sshd
 93117  261853  80973     73  3    0x100090  kqread        syslogd
 80973  331159      1      0  3    0x100082  netio         syslogd
 65206  347125      1     77  3    0x100090  poll          dhclient
 89891   74357      1      0  3        0x80  poll          dhclient
 59693   17232      0      0  3     0x14200  bored         smr
 30056  466601      0      0  2     0x14200                zerothread
 83159  406070      0      0  3     0x14200  aiodoned      aiodoned
 10079  370927      0      0  3     0x14200  syncer        update
 42617  127731      0      0  3     0x14200  cleaner       cleaner
 26155  261303      0      0  3     0x14200  reaper        reaper
 90155  435158      0      0  3     0x14200  pgdaemon      pagedaemon
 65150  450817      0      0  3     0x14200  bored         crynlk
 23496  106344      0      0  3     0x14200  bored         crypto
 11958  488169      0      0  3  0x40014200  acpi0         acpi0
*32477  398718      0      0  7     0x14200                softnet
   691  131677      0      0  2     0x14200                systqmp
 75646  247792      0      0  3     0x14200  bored         systq
 83015  492475      0      0  3  0x40014200  bored         softclock
 35213  375915      0      0  3  0x40014200                idle0
     1  206939      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb> show all locks
No such command
ddb> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf  9508   6354K    6610K  78643K     11069        0
            pcb    13      8K       8K  78643K        67        0
         rtable   106     14K      18K  78643K       516        0
         ifaddr    81     15K      16K  78643K       175        0
       counters    21     16K      16K  78643K        28        0
       ioctlops     0      0K       4K  78643K        69        0
            iov     0      0K      16K  78643K        41        0
          mount     1      1K       1K  78643K         1        0
         vnodes  1219     77K      77K  78643K      1407        0
      UFS quota     1     32K      32K  78643K         1        0
      UFS mount     5     36K      36K  78643K         5        0
            shm     2      1K       5K  78643K         6        0
         VM map     2      0K       0K  78643K         2        0
            sem    12      0K       0K  78643K        62        0
        dirhash    12      2K       2K  78643K        12        0
           ACPI  1809    195K     288K  78643K     12938        0
      file desc     6     17K      25K  78643K       348        0
          sigio     0      0K       0K  78643K         4        0
           proc    49     38K      63K  78643K       436        0
        subproc    32      2K       2K  78643K        51        0
    NFS srvsock     1      0K       0K  78643K         1        0
     NFS daemon     1     16K      16K  78643K         1        0
    ip_moptions     0      0K       0K  78643K        26        0
       in_multi    46      2K       3K  78643K       142        0
    ether_multi     1      0K       0K  78643K        11        0
            mrt     0      0K       0K  78643K         3        0
    ISOFS mount     1     32K      32K  78643K         1        0
  MSDOSFS mount     1     16K      16K  78643K         1        0
           ttys    55    254K     254K  78643K        55        0
           exec     0      0K       1K  78643K       223        0
        pagedep     1      8K       8K  78643K         1        0
       inodedep     1     32K      32K  78643K         1        0
         newblk     1      0K       0K  78643K         1        0
        VM swap     7     26K      26K  78643K         7        0
       UVM amap   136     39K      56K  78643K      1686        0
       UVM aobj    24      2K       2K  78643K        24        0
        memdesc     1      4K       4K  78643K         1        0
    crypto data     1      1K       1K  78643K         1        0
    ip6_options     0      0K       1K  78643K        42        0
            NDP    13      0K       0K  78643K        36        0
           temp   140   3864K    3928K  78643K      7248        0
         kqueue     6     10K      14K  78643K        23        0
      SYN cache     2     16K      16K  78643K         2        0
ddb> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64        9    0        4     1     0     1     1     0     8    0
rtpcb       80       31    0       29     1     0     1     1     0     8    0
rtentry    112       80    0       46     2     0     2     2     0     8    0
unpcb      120      159    0      151     1     0     1     1     0     8    0
syncache   264        9    0        9     3     3     0     1     0     8    0
tcpqe       32      131    0      131     2     2     0     1     0     8    0
tcpcb      544      122    0      116     1     0     1     1     0     8    0
inpcb      296      365    0      356     2     0     2     2     0     8    1
rttmr       72        1    0        1     1     0     1     1     0     8    1
nd6         48       20    0       19     1     0     1     1     0     8    0
pkpcb       40        4    0        4     2     1     1     1     0     8    1
ppxss      1128       2    0        2     1     0     1     1     0     8    1
pfrke_plain 160       9    0        6     1     0     1     1     0     8    0
pfrktable  1344      78    0       73     2     0     2     2     0     8    1
pftag       88       15    0       14     1     0     1     1     0     8    0
pfrule     1360      16    0       12     1     0     1     1     0     8    0
art_heap8  4096       2    0        0     2     0     2     2     0     8    0
art_heap4  256      287    0      128    13     0    13    13     0     8    2
art_table   32      289    0      128     2     0     2     2     0     8    0
art_node    16       79    0       46     1     0     1     1     0     8    0
sysvmsgpl   40        8    0        2     1     0     1     1     0     8    0
semupl     112        1    0        1     1     1     0     1     0     8    0
semapl     112       52    0       42     1     0     1     1     0     8    0
shmpl      112       21    0        0     1     0     1     1     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino2pl    256     1879    0      484    88     0    88    88     0     8    0
ffsino     240     1879    0      484    83     0    83    83     0     8    0
nchpl      144     2559    0      970    60     0    60    60     0     8    0
rtmask      32       12    0       11     1     0     1     1     0     8    0
uvmvnodes   72     2046    0        0    38     0    38    38     0     8    0
vnodes     208     2046    0        0   108     0   108   108     0     8    0
namei      1024    7321    0     7321     1     0     1     1     0     8    1
vcpupl     1984       2    0        0     1     0     1     1     0     8    0
vmpool     528        6    0        4     1     0     1     1     0     8    0
pfiaddrpl  120       22    0       18     1     0     1     1     0     8    0
scxspl     192     7558    0     7558     1     0     1     1     0     8    1
plimitpl   152       39    0       32     1     0     1     1     0     8    0
sigapl     424      552    0      502     6     0     6     6     0     8    0
futexpl     56     6997    0     6996     1     0     1     1     0     8    0
knotepl    112      105    0       86     1     0     1     1     0     8    0
kqueuepl   144       54    0       43     1     0     1     1     0     8    0
pipepl     272      118    0      106     2     1     1     2     0     8    0
fdescpl    432      517    0      502     2     0     2     2     0     8    0
filepl     120     3243    0     3143     5     1     4     5     0     8    0
lockfpl    104      586    0      584     1     0     1     1     0     8    0
lockfspl    48      161    0      159     1     0     1     1     0     8    0
sessionpl  112       18    0        8     1     0     1     1     0     8    0
pgrppl      48       20    0       10     1     0     1     1     0     8    0
ucredpl     96      262    0      255     1     0     1     1     0     8    0
zombiepl   144      502    0      502     1     0     1     1     0     8    1
processpl  928      552    0      502     7     0     7     7     0     8    0
procpl     624      937    0      877     5     0     5     5     0     8    0
sosppl     128        3    0        3     1     1     0     1     0     8    0
sockpl     400      564    0      545     5     1     4     4     0     8    1
mcl64k     65536     38    0       38     1     0     1     1     0     8    1
mcl16k     16384      5    0        5     2     1     1     1     0     8    1
mcl12k     12288      7    0        7     1     0     1     1     0     8    1
mcl9k      9216       7    0        7     2     1     1     1     0     8    1
mcl8k      8192      12    0       12     1     0     1     1     0     8    1
mcl4k      4096      35    0       35     2     1     1     1     0     8    1
mcl2k2     2112       1    0        1     1     0     1     1     0     8    1
mcl2k      2048   77966    0    77922    15     8     7    13     0     8    0
mtagpl      96       35    0       21     2     1     1     1     0     8    0
mbufpl     256   125639    0   125503    18     3    15    15     0     8    2
bufpl      280     3916    0      128   271     0   271   271     0     8    0
anonpl      16    69619    0    53766    84    10    74    83     0   107    7
amapchunkpl 152    2546    0     2395    18     4    14    14     0   158    8
amappl16   192     2573    0     1653    58    10    48    58     0     8    1
amappl15   184       46    0       45     1     0     1     1     0     8    0
amappl14   176      139    0      130     1     0     1     1     0     8    0
amappl13   168      174    0      169     1     0     1     1     0     8    0
amappl12   160       12    0       10     1     0     1     1     0     8    0
amappl11   152      168    0      157     1     0     1     1     0     8    0
amappl10   144       21    0       16     1     0     1     1     0     8    0
amappl9    136      378    0      377     1     0     1     1     0     8    0
amappl8    128      358    0      316     2     0     2     2     0     8    0
amappl7    120      111    0      100     1     0     1     1     0     8    0
amappl6    112       24    0       19     1     0     1     1     0     8    0
amappl5    104      334    0      323     1     0     1     1     0     8    0
amappl4     96      690    0      660     1     0     1     1     0     8    0
amappl3     88      226    0      217     1     0     1     1     0     8    0
amappl2     80     3290    0     3218     2     0     2     2     0     8    0
amappl1     72    18865    0    18428    23    14     9    17     0     8    0
amappl      80     1163    0     1118     2     0     2     2     0    84    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      64       23    0        0     1     0     1     1     0     8    0
uaddrrnd    24      523    0      506     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24      523    0      506     1     0     1     1     0     8    0
vmmpekpl   168     7238    0     7204     2     0     2     2     0     8    0
vmmpepl    168    69622    0    67479   128    20   108   121     0   357   14
vmsppl     272      522    0      506     3     1     2     2     0     8    0
pdppl      4096    1052    0     1014     6     1     5     6     0     8    0
pvpl        32   210996    0   191905   201    10   191   200     0   265   31
pmappl     200      522    0      506     1     0     1     1     0     8    0
extentpl    40       53    0       36     1     0     1     1     0     8    0
phpool     112      254    0       19     7     0     7     7     0     8    0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff823fa49c) at panic+0x15c sys/kern/subr_prf.c:207
in6_cksum(fffffd805a975d00,0,28,78) at in6_cksum+0xf96 sys/netinet6/in6_cksum.c:161
in6_proto_cksum_out(fffffd805a975d00,ffff800000677800) at in6_proto_cksum_out+0x41c sys/netinet6/ip6_output.c:2723
ip6_output(fffffd805a975d00,0,0,4,0,0) at ip6_output+0x189f sys/netinet6/ip6_output.c:668
ip6_send_dispatch(ffffffff827e4ae8) at ip6_send_dispatch+0x8f sys/netinet6/ip6_input.c:1465
taskq_thread(ffff80000002b080) at taskq_thread+0x92 sys/kern/kern_task.c:438
end trace frame: 0x0, count: -7
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff823fa49c) at panic+0x15c sys/kern/subr_prf.c:207
in6_cksum(fffffd805a975d00,0,28,78) at in6_cksum+0xf96 sys/netinet6/in6_cksum.c:161
in6_proto_cksum_out(fffffd805a975d00,ffff800000677800) at in6_proto_cksum_out+0x41c sys/netinet6/ip6_output.c:2723
ip6_output(fffffd805a975d00,0,0,4,0,0) at ip6_output+0x189f sys/netinet6/ip6_output.c:668
ip6_send_dispatch(ffffffff827e4ae8) at ip6_send_dispatch+0x8f sys/netinet6/ip6_input.c:1465
taskq_thread(ffff80000002b080) at taskq_thread+0x92 sys/kern/kern_task.c:438
end trace frame: 0x0, count: -7
Crashes (1):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-openbsd-main	2020/07/08 16:45	openbsd	638aa2bc5640	bae5742c	.config	log	report