syzbot


corrupted report (2)

Status: closed as dup on 2019/09/13 20:10
Reported-by: syzbot+4fc1105bd147331cd7ee@syzkaller.appspotmail.com
First crash: 1116d, last: 1067d
Duplicate of (1):
Title Repro Cause bisect Fix bisect Count Last Reported
panic: ifa_update_broadaddr does not support dynamic length syz 6780 1061d 1119d
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd corrupted report (5) 3 391d 391d 0/3 closed as dup on 2021/09/07 12:09
openbsd corrupted report (6) 201 1d19h 380d 0/3 upstream: reported on 2021/09/18 20:58
openbsd corrupted report (4) 21 621d 789d 0/3 auto-closed as invalid on 2021/04/20 22:19
openbsd corrupted report 7 1120d 1133d 0/3 closed as dup on 2019/08/27 18:20
openbsd corrupted report (3) 6058 790d 1052d 0/3 closed as dup on 2019/11/17 14:10

Sample crash report:
kernel: protection fault trap, code=0
Stopped at      pfi_ifhead_RB_REMOVE+0x58:      movq    0x10(%r12),%rbx
ddb> 
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
pfi_ifhead_RB_REMOVE(ffffffff8259a410,ffff800000a9cb00) at pfi_ifhead_RB_REMOVE+0x58 sys/net/pf_if.c:80
pfi_detach_ifgroup(ffff800000a84780) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline]
pfi_detach_ifgroup(ffff800000a84780) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:298
if_delgroup(ffff800000ac0800,ffff800000a84780) at if_delgroup+0x1b7 sys/net/if.c:2674
if_detach(ffff800000ac0800) at if_detach+0x1c0 sys/net/if.c:1116
tun_clone_destroy(ffff800000ac0800) at tun_clone_destroy+0x1c0 sys/net/if_tun.c:278
spec_close(ffff80001598d170) at spec_close+0x311 sys/kern/spec_vnops.c:555
VOP_CLOSE(fffffd803e8c08f0,7,fffffd803f7c66c0,ffff80001491c780) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175
vn_closefile(fffffd802db07f10,ffff80001491c780) at vn_closefile+0xd3 vn_close sys/kern/vfs_vnops.c:301 [inline]
vn_closefile(fffffd802db07f10,ffff80001491c780) at vn_closefile+0xd3 sys/kern/vfs_vnops.c:613
fdrop(fffffd802db07f10,ffff80001491c780) at fdrop+0xc2 sys/kern/kern_descrip.c:1273
closef(fffffd802db07f10,ffff80001491c780) at closef+0x118 sys/kern/kern_descrip.c:1257
fdfree(ffff80001491c780) at fdfree+0x100 sys/kern/kern_descrip.c:1189
exit1(ffff80001491c780,9,1) at exit1+0x32f sys/kern/kern_exit.c:196
postsig(ffff80001491c780,9) at postsig+0x4a6 sigexit sys/kern/kern_sig.c:1499 [inline]
postsig(ffff80001491c780,9) at postsig+0x4a6 sys/kern/kern_sig.c:1431
userret(ffff80001491c780) at userret+0x159 sys/kern/kern_sig.c:1889
syscall(ffff80001598d5f0) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:115 [inline]
syscall(ffff80001598d5f0) at syscall+0x42e sys/arch/amd64/amd64/trap.c:577
Xsyscall(6,b,0,b,27b30,7bd8921f000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcbdf0, count: -16
ddb> show registers
rdi               0xffffffff8259a410    pfi_ifs
rsi               0xffff800000a9cb00
rbp               0xffff80001598cfb0
rbx               0xdeadbeefdeadbeef
rdx               0xffffffff824e2d68    ifg_head+0x8
rcx                                0
rax               0xffff800000a9cb10
r8                 0x101010101010101
r9                0x8080808080808080
r10               0x4c160ac196384355
r11               0x5f002fe87c789770
r12               0xdeadbeefdeadbeef
r13               0xffff800000a641c0
r14               0xffff800000a9cb00
r15               0xffffffff8259a410    pfi_ifs
rip               0xffffffff81a8c208    pfi_ifhead_RB_REMOVE+0x58
cs                               0x8
rflags                       0x10282    __ALIGN_SIZE+0xf282
rsp               0xffff80001598cf50
ss                              0x10
pfi_ifhead_RB_REMOVE+0x58:      movq    0x10(%r12),%rbx
ddb> show proc
PROC (syz-executor.1) pid=271642 stat=onproc
    flags process=a<EXEC,EXITING> proc=2000<WEXIT>
    pri=32, usrpri=50, nice=20
    forw=0xffffffffffffffff, list=0xffff80001491d8c8,0xffffffff825a0a68
    process=0xffff8000ffff77b0 user=0xffff800015988000, vmspace=0xfffffd803f014ee0
    estcpu=0, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 96003  428437      0      0  3     0x14200  bored         sosplice
 10787  397262  25983      0  3        0x82  wait          syz-executor.0
 25983   98472  43773      0  2         0x2                syz-fuzzer
 25983  119963  43773      0  2   0x4000002                syz-fuzzer
 25983  116988  43773      0  2   0x4000082                syz-fuzzer
 25983  288202  43773      0  3   0x4000082  thrsleep      syz-fuzzer
 25983  504528  43773      0  3   0x4000082  thrsleep      syz-fuzzer
 25983  259145  43773      0  2   0x4000002                syz-fuzzer
 25983  483975  43773      0  3   0x4000082  thrsleep      syz-fuzzer
 25983  393095  43773      0  3   0x4000082  thrsleep      syz-fuzzer
 43773  360167  81917      0  3    0x10008a  pause         ksh
 81917  384838  67040      0  3        0x92  select        sshd
 67040  286042      1      0  3        0x80  select        sshd
 52815  510087  59277     73  3    0x100090  kqread        syslogd
 59277  467718      1      0  3    0x100082  netio         syslogd
 54979  336783      1     77  3    0x100090  poll          dhclient
 71129  290748      1      0  3        0x80  poll          dhclient
 32473  156308      0      0  2     0x14200                zerothread
 15851  326847      0      0  3     0x14200  aiodoned      aiodoned
 84729  324245      0      0  3     0x14200  syncer        update
  6981  426086      0      0  3     0x14200  cleaner       cleaner
 46151   43401      0      0  2     0x14200                reaper
 56423  128248      0      0  3     0x14200  pgdaemon      pagedaemon
 41016  341248      0      0  3     0x14200  bored         crynlk
 66265   27039      0      0  3     0x14200  bored         crypto
 62454  329457      0      0  3  0x40014200  acpi0         acpi0
 66225  450207      0      0  2     0x14200                softnet
 96729  311967      0      0  2     0x14200                systqmp
 26583  523157      0      0  3     0x14200  bored         systq
 83433   81072      0      0  3  0x40014200  bored         softclock
 86057  523833      0      0  3  0x40014200                idle0
 98537  208936      0      0  3     0x14200  bored         smr
     1   23240      0      0  2         0x2                init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb> serialport: VM disconnected.

Crashes (17):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-openbsd-main 2019/11/01 19:23 openbsd 21c01296238d 997ccc67 .config log report
ci-openbsd-main 2019/10/31 08:41 openbsd 7ef8321bb317 a41ca8fa .config log report
ci-openbsd-main 2019/10/12 07:45 openbsd 353d046454df 426631dd .config log report
ci-openbsd-multicore 2019/10/11 11:04 openbsd 9db0ea45749c 1a3bad90 .config log report
ci-openbsd-multicore 2019/10/10 21:11 openbsd 1eea934d9376 a4efa8c0 .config log report
ci-openbsd-multicore 2019/10/10 06:30 openbsd bb3393dc10c6 c4b9981b .config log report
ci-openbsd-multicore 2019/10/08 17:06 openbsd 0767cd885e7f 64612bfd .config log report
ci-openbsd-multicore 2019/10/05 09:54 openbsd b5642e9fefea f3f7d9c8 .config log report
ci-openbsd-main 2019/10/05 03:34 openbsd b5642e9fefea f3f7d9c8 .config log report
ci-openbsd-main 2019/10/05 01:10 openbsd b5642e9fefea f3f7d9c8 .config log report
ci-openbsd-multicore 2019/10/05 00:46 openbsd b5642e9fefea f3f7d9c8 .config log report
ci-openbsd-main 2019/10/04 08:02 openbsd f4b852de2dd5 fc17ba49 .config log report
ci-openbsd-multicore 2019/10/04 07:26 openbsd f4b852de2dd5 fc17ba49 .config log report
ci-openbsd-main 2019/10/04 04:46 openbsd f4b852de2dd5 fc17ba49 .config log report
ci-openbsd-main 2019/10/04 04:34 openbsd f4b852de2dd5 fc17ba49 .config log report
ci-openbsd-main 2019/10/04 03:31 openbsd f4b852de2dd5 fc17ba49 .config log report
ci-openbsd-main 2019/09/13 19:35 openbsd 33d1bf81aaf6 32d59357 .config log report
* Struck through repros no longer work on HEAD.