corrupted report (2)
2 views
Skip to first unread message
syzbot
Sep 13, 2019, 3:36:09 PM9/13/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 33d1bf81 Plug mem leaks on error paths, based in part on g..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17388259600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=4fc1105bd147331cd7ee
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4fc110...@syzkaller.appspotmail.com
panic: ifa_update_broadaddr does not support dynamic length
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 4291 60420 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
ifa_update_broadaddr(ffff800000a91800,ffff800000b88700,ffff800014f28300) at
ifa_update_broadaddr+0x61 sys/net/if.c:2970
in_ioctl(80206913,ffff800014f282f0,ffff800000a91800,1) at in_ioctl+0x463
sys/netinet/in.c:299
ifioctl(fffffd802f2a6620,80206913,ffff800014f282f0,ffff800014f409f8) at
ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff800014f409f8,ffff800014f28408,ffff800014f28450) at
sys_ioctl+0x5b9
syscall(ffff800014f284d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,af6e1144010) at Xsyscall+0x128
end of kernel
end trace frame: 0xaf97755d4d0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
ifa_update_broadaddr does not support dynamic length
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
ifa_update_broadaddr(ffff800000a91800,ffff800000b88700,ffff800014f28300) at
ifa_update_broadaddr+0x61 sys/net/if.c:2970
in_ioctl(80206913,ffff800014f282f0,ffff800000a91800,1) at in_ioctl+0x463
sys/netinet/in.c:299
ifioctl(fffffd802f2a6620,80206913,ffff800014f282f0,ffff800014f409f8) at
ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff800014f409f8,ffff800014f28408,ffff800014f28450) at
sys_ioctl+0x5b9
syscall(ffff800014f284d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,af6e1144010) at Xsyscall+0x128
end of kernel
end trace frame: 0xaf97755d4d0, count: -8
ddb> show registers
rdi 0xffffffff8117ea37 db_enter+0x17
rsi 0x1e00 __ALIGN_SIZE+0xe00
rbp 0xffff800014f28090
rbx 0xffff800014f28140
rdx 0x1e01 __ALIGN_SIZE+0xe01
rcx 0xffff80001574c000
rax 0xffff80001574c000
r8 0xffff800014f28050
r9 0x1
r10 0xffff800000a591c0
r11 0x4a51614ae793c5d6
r12 0x3000000008
r13 0xffff800014f280a0
r14 0x100
r15 0x1
rip 0xffffffff8117ea38 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800014f28080
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=4291 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=80, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff800014f40c70,0xffffffff82575d38
process=0xffff8000148a2a38 user=0xffff800014f23000,
vmspace=0xfffffd803f013ee0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
60420 397006 80776 0 2 0 syz-executor.0
*60420 4291 80776 0 7 0x4000000 syz-executor.0
50986 399629 41100 0 2 0x2 syz-executor.1
35253 438180 1 0 3 0x80 nanosleep init
80776 154188 41100 0 3 0x82 nanosleep syz-executor.0
12325 433087 0 0 3 0x14200 bored sosplice
41100 399108 33847 0 3 0x82 thrsleep syz-fuzzer
41100 172549 33847 0 3 0x4000082 nanosleep syz-fuzzer
41100 380038 33847 0 3 0x4000082 thrsleep syz-fuzzer
41100 99078 33847 0 3 0x4000082 thrsleep syz-fuzzer
41100 154421 33847 0 3 0x4000082 thrsleep syz-fuzzer
41100 255467 33847 0 3 0x4000082 kqread syz-fuzzer
41100 482604 33847 0 3 0x4000082 thrsleep syz-fuzzer
33847 327996 83752 0 3 0x10008a pause ksh
83752 396891 97818 0 3 0x92 select sshd
97818 407010 1 0 3 0x80 select sshd
55025 310832 49388 73 3 0x100090 kqread syslogd
49388 513946 1 0 3 0x100082 netio syslogd
47044 121397 1 77 3 0x100090 poll dhclient
937 97652 1 0 3 0x80 poll dhclient
99127 493421 0 0 2 0x14200 zerothread
46885 206554 0 0 3 0x14200 aiodoned aiodoned
67324 332749 0 0 3 0x14200 syncer update
32046 511564 0 0 3 0x14200 cleaner cleaner
51987 260601 0 0 3 0x14200 reaper reaper
59277 469337 0 0 3 0x14200 pgdaemon pagedaemon
69907 84148 0 0 3 0x14200 bored crynlk
28824 145059 0 0 3 0x14200 bored crypto
32302 509108 0 0 3 0x40014200 acpi0 acpi0
88218 66580 0 0 3 0x14200 bored softnet
28674 105958 0 0 3 0x14200 bored systqmp
71302 370363 0 0 3 0x14200 bored systq
95634 351383 0 0 3 0x40014200 bored softclock
8879 82366 0 0 3 0x40014200 idle0
88932 272115 0 0 3 0x14200 bored smr
1 329417 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> serialport: VM disconnected.
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 33d1bf81 Plug mem leaks on error paths, based in part on g..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17388259600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=4fc1105bd147331cd7ee
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4fc110...@syzkaller.appspotmail.com
panic: ifa_update_broadaddr does not support dynamic length
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 4291 60420 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
ifa_update_broadaddr(ffff800000a91800,ffff800000b88700,ffff800014f28300) at
ifa_update_broadaddr+0x61 sys/net/if.c:2970
in_ioctl(80206913,ffff800014f282f0,ffff800000a91800,1) at in_ioctl+0x463
sys/netinet/in.c:299
ifioctl(fffffd802f2a6620,80206913,ffff800014f282f0,ffff800014f409f8) at
ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff800014f409f8,ffff800014f28408,ffff800014f28450) at
sys_ioctl+0x5b9
syscall(ffff800014f284d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,af6e1144010) at Xsyscall+0x128
end of kernel
end trace frame: 0xaf97755d4d0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
ifa_update_broadaddr does not support dynamic length
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
ifa_update_broadaddr(ffff800000a91800,ffff800000b88700,ffff800014f28300) at
ifa_update_broadaddr+0x61 sys/net/if.c:2970
in_ioctl(80206913,ffff800014f282f0,ffff800000a91800,1) at in_ioctl+0x463
sys/netinet/in.c:299
ifioctl(fffffd802f2a6620,80206913,ffff800014f282f0,ffff800014f409f8) at
ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff800014f409f8,ffff800014f28408,ffff800014f28450) at
sys_ioctl+0x5b9
syscall(ffff800014f284d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,af6e1144010) at Xsyscall+0x128
end of kernel
end trace frame: 0xaf97755d4d0, count: -8
ddb> show registers
rdi 0xffffffff8117ea37 db_enter+0x17
rsi 0x1e00 __ALIGN_SIZE+0xe00
rbp 0xffff800014f28090
rbx 0xffff800014f28140
rdx 0x1e01 __ALIGN_SIZE+0xe01
rcx 0xffff80001574c000
rax 0xffff80001574c000
r8 0xffff800014f28050
r9 0x1
r10 0xffff800000a591c0
r11 0x4a51614ae793c5d6
r12 0x3000000008
r13 0xffff800014f280a0
r14 0x100
r15 0x1
rip 0xffffffff8117ea38 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800014f28080
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=4291 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=80, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff800014f40c70,0xffffffff82575d38
process=0xffff8000148a2a38 user=0xffff800014f23000,
vmspace=0xfffffd803f013ee0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
60420 397006 80776 0 2 0 syz-executor.0
*60420 4291 80776 0 7 0x4000000 syz-executor.0
50986 399629 41100 0 2 0x2 syz-executor.1
35253 438180 1 0 3 0x80 nanosleep init
80776 154188 41100 0 3 0x82 nanosleep syz-executor.0
12325 433087 0 0 3 0x14200 bored sosplice
41100 399108 33847 0 3 0x82 thrsleep syz-fuzzer
41100 172549 33847 0 3 0x4000082 nanosleep syz-fuzzer
41100 380038 33847 0 3 0x4000082 thrsleep syz-fuzzer
41100 99078 33847 0 3 0x4000082 thrsleep syz-fuzzer
41100 154421 33847 0 3 0x4000082 thrsleep syz-fuzzer
41100 255467 33847 0 3 0x4000082 kqread syz-fuzzer
41100 482604 33847 0 3 0x4000082 thrsleep syz-fuzzer
33847 327996 83752 0 3 0x10008a pause ksh
83752 396891 97818 0 3 0x92 select sshd
97818 407010 1 0 3 0x80 select sshd
55025 310832 49388 73 3 0x100090 kqread syslogd
49388 513946 1 0 3 0x100082 netio syslogd
47044 121397 1 77 3 0x100090 poll dhclient
937 97652 1 0 3 0x80 poll dhclient
99127 493421 0 0 2 0x14200 zerothread
46885 206554 0 0 3 0x14200 aiodoned aiodoned
67324 332749 0 0 3 0x14200 syncer update
32046 511564 0 0 3 0x14200 cleaner cleaner
51987 260601 0 0 3 0x14200 reaper reaper
59277 469337 0 0 3 0x14200 pgdaemon pagedaemon
69907 84148 0 0 3 0x14200 bored crynlk
28824 145059 0 0 3 0x14200 bored crypto
32302 509108 0 0 3 0x40014200 acpi0 acpi0
88218 66580 0 0 3 0x14200 bored softnet
28674 105958 0 0 3 0x14200 bored systqmp
71302 370363 0 0 3 0x14200 bored systq
95634 351383 0 0 3 0x40014200 bored softclock
8879 82366 0 0 3 0x40014200 idle0
88932 272115 0 0 3 0x14200 bored smr
1 329417 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> serialport: VM disconnected.
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Sep 13, 2019, 4:09:55 PM9/13/19
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: panic: ifa_update_broadaddr does not support dynamic length
Reply all
Reply to author
Forward
0 new messages