panic.go:LINE +0x72 fp=ADDR sp=ADDR pc=ADDR (4)
2 views
Skip to first unread message
syzbot
Jan 24, 2020, 8:54:11 AM1/24/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 99ecd6d8 remove ssh-rsa (SHA1) from the list of allowed CA..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=158cbb69e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=adeac1adb10d2a335617
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+adeac1...@syzkaller.appspotmail.com
/usr/local/go/src/runtime/panic.go:774 +0x72 fp=0xc0026599a0 sp=0xc002659970 pc=0x42e9e2
runtime.sigpanic()
/usr/local/go/src/runtime/signal_unix.go:401 +0x3de fp=0xc0026599d0 sp=0xc0026599a0 pc=0x443ece
github.com/google/syzkaller/prog.(*ConstArg).Size(0xc001848a40, 0xc001848a40)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:50 +0x33 fp=0xc0026599f0 sp=0xc0026599d0 pc=0x789f93
github.com/google/syzkaller/prog.foreachArgImpl(0x9a7540, 0xc0017d9920, 0x0, 0x0, 0x0, 0x0, 0xc002659b20)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:137 +0x1dc fp=0xc002659ae0 sp=0xc0026599f0 pc=0x76c11c
github.com/google/syzkaller/prog.ForeachSubArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:110
github.com/google/syzkaller/prog.(*Target).isComplexPtr(0xc000079520, 0xc0017d98f0, 0xc001876200)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/any.go:169 +0x100 fp=0xc002659b48 sp=0xc002659ae0 pc=0x76e7d0
github.com/google/syzkaller/prog.(*Prog).complexPtrs.func1(0x9a7580, 0xc0017d98f0, 0xc0018491c0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/any.go:152 +0x113 fp=0xc002659ba8 sp=0xc002659b48 pc=0x79f3c3
github.com/google/syzkaller/prog.foreachArgImpl(0x9a7580, 0xc0017d98f0, 0xc001747bc8, 0x0, 0x0, 0x773700, 0xc002659d28)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:125 +0xbe fp=0xc002659c98 sp=0xc002659ba8 pc=0x76bffe
github.com/google/syzkaller/prog.ForeachArg(0xc001747bc0, 0xc002659d28)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:120 +0x9e fp=0xc002659d00 sp=0xc002659c98 pc=0x76bece
github.com/google/syzkaller/prog.(*Prog).complexPtrs(0xc001747ac0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/any.go:151 +0x92 fp=0xc002659d50 sp=0xc002659d00 pc=0x76e692
github.com/google/syzkaller/prog.(*mutator).squashAny(0xc002659ec0, 0x5)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:87 +0x51 fp=0xc002659e48 sp=0xc002659d50 pc=0x783c41
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc001747ac0, 0x9a1dc0, 0xc001646a80, 0x1e, 0xc00160bc40, 0xc001ee6000, 0x1ec3, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:38 +0x1f8 fp=0xc002659f08 sp=0xc002659e48 pc=0x7835c8
main.(*Proc).loop(0xc00160bc80)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99 +0x434 fp=0xc002659fd8 sp=0xc002659f08 pc=0x7ece44
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:1357 +0x1 fp=0xc002659fe0 sp=0xc002659fd8 pc=0x45d471
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
goroutine 1 [select]:
main.(*Fuzzer).pollLoop(0xc0000d1080)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:320 +0x127
main.main()
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:262 +0x12bd
goroutine 19 [IO wait]:
internal/poll.runtime_pollWait(0x24cad4ec8, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc0000c1518, 0x72, 0x1000, 0x1000, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc0000c1500, 0xc000222000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
net.(*netFD).Read(0xc0000c1500, 0xc000222000, 0x1000, 0x1000, 0xc00014fa60, 0xc00014fb40, 0x7c3bad)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc00000f2f8, 0xc000222000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:184 +0x68
bufio.(*Reader).fill(0xc000057b00)
/usr/local/go/src/bufio/bufio.go:100 +0x103
bufio.(*Reader).ReadByte(0xc000057b00, 0xc00014fc00, 0xc0000c1580, 0xc00000dce0)
/usr/local/go/src/bufio/bufio.go:252 +0x39
compress/flate.(*decompressor).moreBits(0xc000125300, 0x91cc50, 0xc00014fb88)
/usr/local/go/src/compress/flate/inflate.go:696 +0x37
compress/flate.(*decompressor).nextBlock(0xc000125300)
/usr/local/go/src/compress/flate/inflate.go:303 +0x36
compress/flate.(*decompressor).Read(0xc000125300, 0xc00022e000, 0x1000, 0x1000, 0x892e40, 0xc002b6f770, 0x199)
/usr/local/go/src/compress/flate/inflate.go:347 +0x77
github.com/google/syzkaller/pkg/rpctype.(*flateConn).Read(0xc0000f8b40, 0xc00022e000, 0x1000, 0x1000, 0x10, 0xc00014fb88, 0x7c3a0d)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:131 +0x51
bufio.(*Reader).Read(0xc000057b60, 0xc000020a60, 0x1, 0x9, 0x0, 0x0, 0xc00014fd70)
/usr/local/go/src/bufio/bufio.go:226 +0x26a
io.ReadAtLeast(0x99dd40, 0xc000057b60, 0xc000020a60, 0x1, 0x9, 0x1, 0x1, 0x0, 0x0)
/usr/local/go/src/io/io.go:310 +0x87
io.ReadFull(...)
/usr/local/go/src/io/io.go:329
encoding/gob.decodeUintReader(0x99dd40, 0xc000057b60, 0xc000020a60, 0x9, 0x9, 0x4050d5, 0x43080c, 0xc00014fd48, 0x45a320)
/usr/local/go/src/encoding/gob/decode.go:120 +0x6f
encoding/gob.(*Decoder).recvMessage(0xc0000c1580, 0x404fbc)
/usr/local/go/src/encoding/gob/decoder.go:81 +0x57
encoding/gob.(*Decoder).decodeTypeSequence(0xc0000c1580, 0xc000000100, 0xc00014fe10)
/usr/local/go/src/encoding/gob/decoder.go:143 +0x10c
encoding/gob.(*Decoder).DecodeValue(0xc0000c1580, 0x82da20, 0xc0000f9020, 0x16, 0x0, 0x0)
/usr/local/go/src/encoding/gob/decoder.go:211 +0x10b
encoding/gob.(*Decoder).Decode(0xc0000c1580, 0x82da20, 0xc0000f9020, 0x0, 0x0)
/usr/local/go/src/encoding/gob/decoder.go:188 +0x16d
net/rpc.(*gobClientCodec).ReadResponseHeader(0xc0000f8c30, 0xc0000f9020, 0xc002b6f740, 0x0)
/usr/local/go/src/net/rpc/client.go:228 +0x45
net/rpc.(*Client).input(0xc000057c20)
/usr/local/go/src/net/rpc/client.go:109 +0xa5
created by net/rpc.NewClientWithCodec
/usr/local/go/src/net/rpc/client.go:206 +0x89
goroutine 7 [syscall]:
os/signal.signal_recv(0x0)
/usr/local/go/src/runtime/sigqueue.go:147 +0x9c
os/signal.loop()
/usr/local/go/src/os/signal/signal_unix.go:23 +0x22
created by os/signal.init.0
/usr/local/go/src/os/signal/signal_unix.go:29 +0x41
goroutine 15 [chan receive]:
github.com/google/syzkaller/pkg/osutil.HandleInterrupts.func1(0xc00006a5a0)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:74 +0xb6
created by github.com/google/syzkaller/pkg/osutil.HandleInterrupts
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:71 +0x3f
goroutine 16 [chan receive]:
main.main.func1(0xc00006a5a0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:137 +0x34
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:135 +0x5b0
goroutine 24 [IO wait]:
internal/poll.runtime_pollWait(0x24cad4c58, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc0014bbcf8, 0x72, 0x1ff01, 0x1ffd6, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc0014bbce0, 0xc002faa02a, 0x1ffd6, 0x1ffd6, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc002e95068, 0xc002faa02a, 0x1ffd6, 0x1ffd6, 0x2a, 0x0, 0x0)
/usr/local/go/src/os/file.go:116 +0x71
github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc002e95068, 0xc0003fca80)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:594 +0xaf
created by github.com/google/syzkaller/pkg/ipc.makeCommand
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:588 +0x89f
goroutine 26 [IO wait]:
internal/poll.runtime_pollWait(0x24cad49e8, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc001786a38, 0x72, 0x1, 0xc, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc001786a20, 0xc001531c90, 0xc, 0xc, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc002e952d8, 0xc001531c90, 0xc, 0xc, 0xc0026539d8, 0x40c698, 0x10)
/usr/local/go/src/os/file.go:116 +0x71
io.ReadAtLeast(0x99e4e0, 0xc002e952d8, 0xc001531c90, 0xc, 0xc, 0xc, 0x0, 0x3fd840, 0x3fd840)
/usr/local/go/src/io/io.go:310 +0x87
io.ReadFull(...)
/usr/local/go/src/io/io.go:329
github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc0003fcb60, 0xc000022a00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203000, 0x203000, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:748 +0x282
github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc000092240, 0xc000022a00, 0xc0015e2180, 0xc002653ce8, 0x7b12e4, 0xc002653d40, 0x44500e, 0x413b6a, 0xc0000a6bb8, 0xc002949c58)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:280 +0x108
main.(*Proc).executeRaw(0xc001717b40, 0xc000022a00, 0xc0015e2180, 0x1, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:292 +0x20c
main.(*Proc).execute(0xc001717b40, 0xc000022a00, 0xc0015e2180, 0x0, 0x1, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x6a
main.(*Proc).loop(0xc001717b40)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:101 +0x4de
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
goroutine 27 [IO wait]:
internal/poll.runtime_pollWait(0x24cad4d28, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc001786978, 0x72, 0x1ff01, 0x1ffd6, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc001786960, 0xc002fca02a, 0x1ffd6, 0x1ffd6, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc002e952c8, 0xc002fca02a, 0x1ffd6, 0x1ffd6, 0x2a, 0x0, 0x0)
/usr/local/go/src/os/file.go:116 +0x71
github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc002e952c8, 0xc0003fcb60)
OpenBSD/amd64 (ci-openbsd-main-3.c.syzkaller.internal) (tty00)
login: uvm_fault(0xfffffd806bc09110, 0x15, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd806bc09110, 0x15, 0, 1) -> e
in_delmulti(9) at in_delmulti+0x8d sys/netinet/in.c:914
end trace frame: 0xffff80001d429a70, count: 0
ddb> trace
in_delmulti(9) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff8000009ff000) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ffff8000009f1800) at in_ifdetach+0x74 sys/netinet/in.c:969
if_detach(ffff8000009f1800) at if_detach+0x140 sys/net/if.c:1151
tun_clone_destroy(ffff8000009f1800) at tun_clone_destroy+0x112 sys/net/if_tun.c:282
spec_close(ffff80001d429bf0) at spec_close+0x311 sys/kern/spec_vnops.c:555
VOP_CLOSE(fffffd805db6dd00,7,fffffd806c3be840,ffff80001d349008) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175
vn_closefile(fffffd8055b11880,ffff80001d349008) at vn_closefile+0xd3 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd8055b11880,ffff80001d349008) at vn_closefile+0xd3 sys/kern/vfs_vnops.c:610
fdrop(fffffd8055b11880,ffff80001d349008) at fdrop+0xc2 sys/kern/kern_descrip.c:1271
closef(fffffd8055b11880,ffff80001d349008) at closef+0x118 sys/kern/kern_descrip.c:1255
fdfree(ffff80001d349008) at fdfree+0x100 sys/kern/kern_descrip.c:1187
exit1(ffff80001d349008,0,d,1) at exit1+0x334 sys/kern/kern_exit.c:196
postsig(ffff80001d349008,d) at postsig+0x4a8 sigexit sys/kern/kern_sig.c:1476 [inline]
postsig(ffff80001d349008,d) at postsig+0x4a8 sys/kern/kern_sig.c:1408
userret(ffff80001d349008) at userret+0x159 sys/kern/kern_sig.c:1860
syscall(ffff80001d42a070) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff80001d42a070) at syscall+0x42e sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff15d0, count: -16
ddb> show registers
rdi 0x2
rsi 0
rbp 0xffff80001d429a20
rbx 0
rdx 0x3
rcx 0x1
rax 0
r8 0xffff8000009ff000
r9 0x5
r10 0x81b3d9e21607e453
r11 0x1fe1de68d7337c72
r12 0
r13 0x3
r14 0x9
r15 0x1
rip 0xffffffff8104b50d in_delmulti+0x8d
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001d4299c0
ss 0x10
in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb> show proc
PROC (syz-executor.0) pid=417846 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
pri=70, usrpri=70, nice=20
forw=0xffffffffffffffff, list=0xffff80001d3b7010,0xffff80001d34a608
process=0xffff80001d39e000 user=0xffff80001d425000, vmspace=0xfffffd806bc09110
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
69645 392502 0 0 3 0x14200 acct acct
74775 515016 0 0 3 0x14200 bored sosplice
95910 189302 1 0 2 0x2 syz-executor.1
51008 149748 2798 0 2 0x10008a ksh
2798 127664 42796 0 2 0x12 sshd
12939 48616 1 0 3 0x100083 ttyin getty
42796 12939 1 0 3 0x80 select sshd
9277 62635 12266 73 3 0x100090 kqread syslogd
12266 234222 1 0 3 0x100082 netio syslogd
23164 375215 1 77 2 0x100090 dhclient
46270 121946 1 0 3 0x80 poll dhclient
21539 338380 0 0 2 0x14200 zerothread
40089 476687 0 0 3 0x14200 aiodoned aiodoned
4554 343202 0 0 3 0x14200 syncer update
24507 61417 0 0 3 0x14200 cleaner cleaner
13770 479804 0 0 3 0x14200 reaper reaper
17960 463336 0 0 3 0x14200 pgdaemon pagedaemon
18374 73572 0 0 3 0x14200 bored crynlk
32266 515121 0 0 3 0x14200 bored crypto
3210 16120 0 0 3 0x40014200 acpi0 acpi0
20622 4257 0 0 2 0x14200 softnet
12819 365413 0 0 2 0x14200 systqmp
13534 213179 0 0 3 0x14200 bored systq
21270 49048 0 0 3 0x40014200 bored softclock
4923 413465 0 0 3 0x40014200 idle0
20240 47998 0 0 3 0x14200 bored smr
1 315248 0 0 2 0x82 init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9499 6480K 7175K 78643K 11593 0
pcb 13 8K 8K 78643K 88 0
rtable 110 3K 3K 78643K 335 0
ifaddr 73 15K 16K 78643K 142 0
counters 19 16K 16K 78643K 19 0
ioctlops 0 0K 2K 78643K 29 0
iov 0 0K 16K 78643K 61 0
mount 1 1K 1K 78643K 1 0
vnodes 1224 77K 77K 78643K 1527 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 6 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 1K 78643K 56 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1794 195K 288K 78643K 12646 0
file desc 3 8K 21K 78643K 342 0
sigio 0 0K 0K 78643K 2 0
proc 49 38K 54K 78643K 388 0
subproc 23 1K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 56 0
in_multi 59 3K 3K 78643K 101 0
ether_multi 1 0K 0K 78643K 17 0
mrt 0 0K 0K 78643K 3 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 221 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 72 35K 38K 78643K 1698 0
UVM aobj 35 2K 2K 78643K 37 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 91 0
NDP 11 0K 0K 78643K 27 0
temp 125 3014K 3078K 78643K 11168 0
kqueue 2 2K 12K 78643K 37 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 8 0 2 1 0 1 1 0 8 0
rtpcb 80 49 0 47 1 0 1 1 0 8 0
rtentry 112 54 0 9 2 0 2 2 0 8 0
unpcb 120 1103 0 1095 3 0 3 3 0 8 2
syncache 264 5 0 5 2 2 0 1 0 8 0
tcpqe 32 215 0 215 1 1 0 1 0 8 0
tcpcb 544 184 0 180 1 0 1 1 0 8 0
inpcb 280 486 0 479 2 0 2 2 0 8 1
rttmr 72 1 0 1 1 1 0 1 0 8 0
ip6q 72 2 0 2 1 0 1 1 0 8 1
ip6af 40 6 0 6 1 0 1 1 0 8 1
nd6 48 5 0 1 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 238 0 15 15 0 15 15 0 8 0
art_table 32 239 0 15 2 0 2 2 0 8 0
art_node 16 52 0 11 1 0 1 1 0 8 0
sysvmsgpl 40 18 0 7 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 52 0 42 1 0 1 1 0 8 0
shmpl 112 35 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1914 0 515 46 0 46 46 0 8 0
ffsino 240 1914 0 515 83 0 83 83 0 8 0
nchpl 144 2711 0 1103 60 0 60 60 0 8 0
uvmvnodes 72 2180 0 0 40 0 40 40 0 8 0
vnodes 208 2180 0 0 115 0 115 115 0 8 0
namei 1024 7449 0 7449 1 0 1 1 0 8 1
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 528 4 0 2 2 1 1 1 0 8 0
scsiplug 64 1 0 1 1 1 0 1 0 8 0
scxspl 192 7486 0 7486 1 0 1 1 0 8 1
plimitpl 152 46 0 39 1 0 1 1 0 8 0
sigapl 432 513 0 502 2 0 2 2 0 8 0
futexpl 56 9425 0 9425 1 0 1 1 0 8 1
knotepl 112 99 0 94 1 0 1 1 0 8 0
kqueuepl 104 74 0 73 1 0 1 1 0 8 0
pipelkpl 16 159 0 150 1 0 1 1 0 8 0
pipepl 120 318 0 306 1 0 1 1 0 8 0
fdescpl 432 514 0 502 2 0 2 2 0 8 0
filepl 120 4593 0 4520 6 0 6 6 0 8 3
lockfpl 104 94 0 93 1 0 1 1 0 8 0
lockfspl 48 28 0 27 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 21 0 11 1 0 1 1 0 8 0
ucredpl 96 484 0 477 1 0 1 1 0 8 0
zombiepl 144 503 0 501 1 0 1 1 0 8 0
processpl 896 530 0 501 4 0 4 4 0 8 0
procpl 624 949 0 920 4 0 4 4 0 8 0
sockpl 400 1646 0 1629 11 1 10 11 0 8 8
mcl64k 65536 14 0 14 2 1 1 1 0 8 1
mcl16k 16384 3 0 3 1 0 1 1 0 8 1
mcl12k 12288 11 0 11 2 1 1 1 0 8 1
mcl9k 9216 6 0 6 2 1 1 1 0 8 1
mcl8k 8192 12 0 12 2 1 1 1 0 8 1
mcl4k 4096 46 0 46 2 1 1 1 0 8 1
mcl2k2 2112 7 0 7 2 1 1 1 0 8 1
mcl2k 2048 63361 0 63306 18 10 8 15 0 8 0
mtagpl 80 36 0 28 2 1 1 1 0 8 0
mbufpl 256 103376 0 103257 19 2 17 17 0 8 4
bufpl 280 7056 0 1330 409 0 409 409 0 8 0
anonpl 16 64819 0 63591 79 4 75 79 0 107 61
amapchunkpl 152 2499 0 2461 10 4 6 10 0 158 3
amappl16 192 2734 0 2718 55 11 44 55 0 8 38
amappl15 184 50 0 46 1 0 1 1 0 8 0
amappl14 176 27 0 26 1 0 1 1 0 8 0
amappl13 168 162 0 161 1 0 1 1 0 8 0
amappl12 160 9 0 9 2 1 1 1 0 8 1
amappl11 152 48 0 37 1 0 1 1 0 8 0
amappl10 144 13 0 12 1 0 1 1 0 8 0
amappl9 136 544 0 541 1 0 1 1 0 8 0
amappl8 128 114 0 110 1 0 1 1 0 8 0
amappl7 120 92 0 83 1 0 1 1 0 8 0
amappl6 112 62 0 59 1 0 1 1 0 8 0
amappl5 104 177 0 167 1 0 1 1 0 8 0
amappl4 96 731 0 706 1 0 1 1 0 8 0
amappl3 88 137 0 129 1 0 1 1 0 8 0
amappl2 80 3458 0 3397 3 1 2 3 0 8 0
amappl1 72 18932 0 18532 26 16 10 20 0 8 0
amappl 80 1209 0 1186 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 36 0 2 1 0 1 1 0 8 0
uaddrrnd 24 518 0 504 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 518 0 504 1 0 1 1 0 8 0
vmmpekpl 168 7460 0 7431 2 0 2 2 0 8 0
vmmpepl 168 67710 0 66796 119 22 97 113 0 357 44
vmsppl 272 517 0 504 3 1 2 2 0 8 0
pdppl 4096 1042 0 1010 5 0 5 5 0 8 0
pvpl 32 194089 0 191127 189 4 185 189 0 265 143
pmappl 200 517 0 504 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 173 0 19 5 0 5 5 0 8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 99ecd6d8 remove ssh-rsa (SHA1) from the list of allowed CA..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=158cbb69e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=adeac1adb10d2a335617
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+adeac1...@syzkaller.appspotmail.com
/usr/local/go/src/runtime/panic.go:774 +0x72 fp=0xc0026599a0 sp=0xc002659970 pc=0x42e9e2
runtime.sigpanic()
/usr/local/go/src/runtime/signal_unix.go:401 +0x3de fp=0xc0026599d0 sp=0xc0026599a0 pc=0x443ece
github.com/google/syzkaller/prog.(*ConstArg).Size(0xc001848a40, 0xc001848a40)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:50 +0x33 fp=0xc0026599f0 sp=0xc0026599d0 pc=0x789f93
github.com/google/syzkaller/prog.foreachArgImpl(0x9a7540, 0xc0017d9920, 0x0, 0x0, 0x0, 0x0, 0xc002659b20)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:137 +0x1dc fp=0xc002659ae0 sp=0xc0026599f0 pc=0x76c11c
github.com/google/syzkaller/prog.ForeachSubArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:110
github.com/google/syzkaller/prog.(*Target).isComplexPtr(0xc000079520, 0xc0017d98f0, 0xc001876200)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/any.go:169 +0x100 fp=0xc002659b48 sp=0xc002659ae0 pc=0x76e7d0
github.com/google/syzkaller/prog.(*Prog).complexPtrs.func1(0x9a7580, 0xc0017d98f0, 0xc0018491c0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/any.go:152 +0x113 fp=0xc002659ba8 sp=0xc002659b48 pc=0x79f3c3
github.com/google/syzkaller/prog.foreachArgImpl(0x9a7580, 0xc0017d98f0, 0xc001747bc8, 0x0, 0x0, 0x773700, 0xc002659d28)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:125 +0xbe fp=0xc002659c98 sp=0xc002659ba8 pc=0x76bffe
github.com/google/syzkaller/prog.ForeachArg(0xc001747bc0, 0xc002659d28)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:120 +0x9e fp=0xc002659d00 sp=0xc002659c98 pc=0x76bece
github.com/google/syzkaller/prog.(*Prog).complexPtrs(0xc001747ac0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/any.go:151 +0x92 fp=0xc002659d50 sp=0xc002659d00 pc=0x76e692
github.com/google/syzkaller/prog.(*mutator).squashAny(0xc002659ec0, 0x5)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:87 +0x51 fp=0xc002659e48 sp=0xc002659d50 pc=0x783c41
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc001747ac0, 0x9a1dc0, 0xc001646a80, 0x1e, 0xc00160bc40, 0xc001ee6000, 0x1ec3, 0x2400)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:38 +0x1f8 fp=0xc002659f08 sp=0xc002659e48 pc=0x7835c8
main.(*Proc).loop(0xc00160bc80)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99 +0x434 fp=0xc002659fd8 sp=0xc002659f08 pc=0x7ece44
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:1357 +0x1 fp=0xc002659fe0 sp=0xc002659fd8 pc=0x45d471
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
goroutine 1 [select]:
main.(*Fuzzer).pollLoop(0xc0000d1080)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:320 +0x127
main.main()
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:262 +0x12bd
goroutine 19 [IO wait]:
internal/poll.runtime_pollWait(0x24cad4ec8, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc0000c1518, 0x72, 0x1000, 0x1000, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc0000c1500, 0xc000222000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
net.(*netFD).Read(0xc0000c1500, 0xc000222000, 0x1000, 0x1000, 0xc00014fa60, 0xc00014fb40, 0x7c3bad)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc00000f2f8, 0xc000222000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:184 +0x68
bufio.(*Reader).fill(0xc000057b00)
/usr/local/go/src/bufio/bufio.go:100 +0x103
bufio.(*Reader).ReadByte(0xc000057b00, 0xc00014fc00, 0xc0000c1580, 0xc00000dce0)
/usr/local/go/src/bufio/bufio.go:252 +0x39
compress/flate.(*decompressor).moreBits(0xc000125300, 0x91cc50, 0xc00014fb88)
/usr/local/go/src/compress/flate/inflate.go:696 +0x37
compress/flate.(*decompressor).nextBlock(0xc000125300)
/usr/local/go/src/compress/flate/inflate.go:303 +0x36
compress/flate.(*decompressor).Read(0xc000125300, 0xc00022e000, 0x1000, 0x1000, 0x892e40, 0xc002b6f770, 0x199)
/usr/local/go/src/compress/flate/inflate.go:347 +0x77
github.com/google/syzkaller/pkg/rpctype.(*flateConn).Read(0xc0000f8b40, 0xc00022e000, 0x1000, 0x1000, 0x10, 0xc00014fb88, 0x7c3a0d)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:131 +0x51
bufio.(*Reader).Read(0xc000057b60, 0xc000020a60, 0x1, 0x9, 0x0, 0x0, 0xc00014fd70)
/usr/local/go/src/bufio/bufio.go:226 +0x26a
io.ReadAtLeast(0x99dd40, 0xc000057b60, 0xc000020a60, 0x1, 0x9, 0x1, 0x1, 0x0, 0x0)
/usr/local/go/src/io/io.go:310 +0x87
io.ReadFull(...)
/usr/local/go/src/io/io.go:329
encoding/gob.decodeUintReader(0x99dd40, 0xc000057b60, 0xc000020a60, 0x9, 0x9, 0x4050d5, 0x43080c, 0xc00014fd48, 0x45a320)
/usr/local/go/src/encoding/gob/decode.go:120 +0x6f
encoding/gob.(*Decoder).recvMessage(0xc0000c1580, 0x404fbc)
/usr/local/go/src/encoding/gob/decoder.go:81 +0x57
encoding/gob.(*Decoder).decodeTypeSequence(0xc0000c1580, 0xc000000100, 0xc00014fe10)
/usr/local/go/src/encoding/gob/decoder.go:143 +0x10c
encoding/gob.(*Decoder).DecodeValue(0xc0000c1580, 0x82da20, 0xc0000f9020, 0x16, 0x0, 0x0)
/usr/local/go/src/encoding/gob/decoder.go:211 +0x10b
encoding/gob.(*Decoder).Decode(0xc0000c1580, 0x82da20, 0xc0000f9020, 0x0, 0x0)
/usr/local/go/src/encoding/gob/decoder.go:188 +0x16d
net/rpc.(*gobClientCodec).ReadResponseHeader(0xc0000f8c30, 0xc0000f9020, 0xc002b6f740, 0x0)
/usr/local/go/src/net/rpc/client.go:228 +0x45
net/rpc.(*Client).input(0xc000057c20)
/usr/local/go/src/net/rpc/client.go:109 +0xa5
created by net/rpc.NewClientWithCodec
/usr/local/go/src/net/rpc/client.go:206 +0x89
goroutine 7 [syscall]:
os/signal.signal_recv(0x0)
/usr/local/go/src/runtime/sigqueue.go:147 +0x9c
os/signal.loop()
/usr/local/go/src/os/signal/signal_unix.go:23 +0x22
created by os/signal.init.0
/usr/local/go/src/os/signal/signal_unix.go:29 +0x41
goroutine 15 [chan receive]:
github.com/google/syzkaller/pkg/osutil.HandleInterrupts.func1(0xc00006a5a0)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:74 +0xb6
created by github.com/google/syzkaller/pkg/osutil.HandleInterrupts
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:71 +0x3f
goroutine 16 [chan receive]:
main.main.func1(0xc00006a5a0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:137 +0x34
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:135 +0x5b0
goroutine 24 [IO wait]:
internal/poll.runtime_pollWait(0x24cad4c58, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc0014bbcf8, 0x72, 0x1ff01, 0x1ffd6, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc0014bbce0, 0xc002faa02a, 0x1ffd6, 0x1ffd6, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc002e95068, 0xc002faa02a, 0x1ffd6, 0x1ffd6, 0x2a, 0x0, 0x0)
/usr/local/go/src/os/file.go:116 +0x71
github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc002e95068, 0xc0003fca80)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:594 +0xaf
created by github.com/google/syzkaller/pkg/ipc.makeCommand
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:588 +0x89f
goroutine 26 [IO wait]:
internal/poll.runtime_pollWait(0x24cad49e8, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc001786a38, 0x72, 0x1, 0xc, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc001786a20, 0xc001531c90, 0xc, 0xc, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc002e952d8, 0xc001531c90, 0xc, 0xc, 0xc0026539d8, 0x40c698, 0x10)
/usr/local/go/src/os/file.go:116 +0x71
io.ReadAtLeast(0x99e4e0, 0xc002e952d8, 0xc001531c90, 0xc, 0xc, 0xc, 0x0, 0x3fd840, 0x3fd840)
/usr/local/go/src/io/io.go:310 +0x87
io.ReadFull(...)
/usr/local/go/src/io/io.go:329
github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc0003fcb60, 0xc000022a00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203000, 0x203000, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:748 +0x282
github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc000092240, 0xc000022a00, 0xc0015e2180, 0xc002653ce8, 0x7b12e4, 0xc002653d40, 0x44500e, 0x413b6a, 0xc0000a6bb8, 0xc002949c58)
/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:280 +0x108
main.(*Proc).executeRaw(0xc001717b40, 0xc000022a00, 0xc0015e2180, 0x1, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:292 +0x20c
main.(*Proc).execute(0xc001717b40, 0xc000022a00, 0xc0015e2180, 0x0, 0x1, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x6a
main.(*Proc).loop(0xc001717b40)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:101 +0x4de
created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x114c
goroutine 27 [IO wait]:
internal/poll.runtime_pollWait(0x24cad4d28, 0x72, 0xffffffffffffffff)
/usr/local/go/src/runtime/netpoll.go:184 +0x55
internal/poll.(*pollDesc).wait(0xc001786978, 0x72, 0x1ff01, 0x1ffd6, 0xffffffffffffffff)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45
internal/poll.(*pollDesc).waitRead(...)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
internal/poll.(*FD).Read(0xc001786960, 0xc002fca02a, 0x1ffd6, 0x1ffd6, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf
os.(*File).read(...)
/usr/local/go/src/os/file_unix.go:259
os.(*File).Read(0xc002e952c8, 0xc002fca02a, 0x1ffd6, 0x1ffd6, 0x2a, 0x0, 0x0)
/usr/local/go/src/os/file.go:116 +0x71
github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc002e952c8, 0xc0003fcb60)
OpenBSD/amd64 (ci-openbsd-main-3.c.syzkaller.internal) (tty00)
login: uvm_fault(0xfffffd806bc09110, 0x15, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd806bc09110, 0x15, 0, 1) -> e
in_delmulti(9) at in_delmulti+0x8d sys/netinet/in.c:914
end trace frame: 0xffff80001d429a70, count: 0
ddb> trace
in_delmulti(9) at in_delmulti+0x8d sys/netinet/in.c:914
in_purgeaddr(ffff8000009ff000) at in_purgeaddr+0x156 sys/netinet/in.c:760
in_ifdetach(ffff8000009f1800) at in_ifdetach+0x74 sys/netinet/in.c:969
if_detach(ffff8000009f1800) at if_detach+0x140 sys/net/if.c:1151
tun_clone_destroy(ffff8000009f1800) at tun_clone_destroy+0x112 sys/net/if_tun.c:282
spec_close(ffff80001d429bf0) at spec_close+0x311 sys/kern/spec_vnops.c:555
VOP_CLOSE(fffffd805db6dd00,7,fffffd806c3be840,ffff80001d349008) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175
vn_closefile(fffffd8055b11880,ffff80001d349008) at vn_closefile+0xd3 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd8055b11880,ffff80001d349008) at vn_closefile+0xd3 sys/kern/vfs_vnops.c:610
fdrop(fffffd8055b11880,ffff80001d349008) at fdrop+0xc2 sys/kern/kern_descrip.c:1271
closef(fffffd8055b11880,ffff80001d349008) at closef+0x118 sys/kern/kern_descrip.c:1255
fdfree(ffff80001d349008) at fdfree+0x100 sys/kern/kern_descrip.c:1187
exit1(ffff80001d349008,0,d,1) at exit1+0x334 sys/kern/kern_exit.c:196
postsig(ffff80001d349008,d) at postsig+0x4a8 sigexit sys/kern/kern_sig.c:1476 [inline]
postsig(ffff80001d349008,d) at postsig+0x4a8 sys/kern/kern_sig.c:1408
userret(ffff80001d349008) at userret+0x159 sys/kern/kern_sig.c:1860
syscall(ffff80001d42a070) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff80001d42a070) at syscall+0x42e sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff15d0, count: -16
ddb> show registers
rdi 0x2
rsi 0
rbp 0xffff80001d429a20
rbx 0
rdx 0x3
rcx 0x1
rax 0
r8 0xffff8000009ff000
r9 0x5
r10 0x81b3d9e21607e453
r11 0x1fe1de68d7337c72
r12 0
r13 0x3
r14 0x9
r15 0x1
rip 0xffffffff8104b50d in_delmulti+0x8d
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001d4299c0
ss 0x10
in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb> show proc
PROC (syz-executor.0) pid=417846 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
pri=70, usrpri=70, nice=20
forw=0xffffffffffffffff, list=0xffff80001d3b7010,0xffff80001d34a608
process=0xffff80001d39e000 user=0xffff80001d425000, vmspace=0xfffffd806bc09110
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
69645 392502 0 0 3 0x14200 acct acct
74775 515016 0 0 3 0x14200 bored sosplice
95910 189302 1 0 2 0x2 syz-executor.1
51008 149748 2798 0 2 0x10008a ksh
2798 127664 42796 0 2 0x12 sshd
12939 48616 1 0 3 0x100083 ttyin getty
42796 12939 1 0 3 0x80 select sshd
9277 62635 12266 73 3 0x100090 kqread syslogd
12266 234222 1 0 3 0x100082 netio syslogd
23164 375215 1 77 2 0x100090 dhclient
46270 121946 1 0 3 0x80 poll dhclient
21539 338380 0 0 2 0x14200 zerothread
40089 476687 0 0 3 0x14200 aiodoned aiodoned
4554 343202 0 0 3 0x14200 syncer update
24507 61417 0 0 3 0x14200 cleaner cleaner
13770 479804 0 0 3 0x14200 reaper reaper
17960 463336 0 0 3 0x14200 pgdaemon pagedaemon
18374 73572 0 0 3 0x14200 bored crynlk
32266 515121 0 0 3 0x14200 bored crypto
3210 16120 0 0 3 0x40014200 acpi0 acpi0
20622 4257 0 0 2 0x14200 softnet
12819 365413 0 0 2 0x14200 systqmp
13534 213179 0 0 3 0x14200 bored systq
21270 49048 0 0 3 0x40014200 bored softclock
4923 413465 0 0 3 0x40014200 idle0
20240 47998 0 0 3 0x14200 bored smr
1 315248 0 0 2 0x82 init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9499 6480K 7175K 78643K 11593 0
pcb 13 8K 8K 78643K 88 0
rtable 110 3K 3K 78643K 335 0
ifaddr 73 15K 16K 78643K 142 0
counters 19 16K 16K 78643K 19 0
ioctlops 0 0K 2K 78643K 29 0
iov 0 0K 16K 78643K 61 0
mount 1 1K 1K 78643K 1 0
vnodes 1224 77K 77K 78643K 1527 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 6 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 1K 78643K 56 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1794 195K 288K 78643K 12646 0
file desc 3 8K 21K 78643K 342 0
sigio 0 0K 0K 78643K 2 0
proc 49 38K 54K 78643K 388 0
subproc 23 1K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 56 0
in_multi 59 3K 3K 78643K 101 0
ether_multi 1 0K 0K 78643K 17 0
mrt 0 0K 0K 78643K 3 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 221 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 72 35K 38K 78643K 1698 0
UVM aobj 35 2K 2K 78643K 37 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 91 0
NDP 11 0K 0K 78643K 27 0
temp 125 3014K 3078K 78643K 11168 0
kqueue 2 2K 12K 78643K 37 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 8 0 2 1 0 1 1 0 8 0
rtpcb 80 49 0 47 1 0 1 1 0 8 0
rtentry 112 54 0 9 2 0 2 2 0 8 0
unpcb 120 1103 0 1095 3 0 3 3 0 8 2
syncache 264 5 0 5 2 2 0 1 0 8 0
tcpqe 32 215 0 215 1 1 0 1 0 8 0
tcpcb 544 184 0 180 1 0 1 1 0 8 0
inpcb 280 486 0 479 2 0 2 2 0 8 1
rttmr 72 1 0 1 1 1 0 1 0 8 0
ip6q 72 2 0 2 1 0 1 1 0 8 1
ip6af 40 6 0 6 1 0 1 1 0 8 1
nd6 48 5 0 1 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 238 0 15 15 0 15 15 0 8 0
art_table 32 239 0 15 2 0 2 2 0 8 0
art_node 16 52 0 11 1 0 1 1 0 8 0
sysvmsgpl 40 18 0 7 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 52 0 42 1 0 1 1 0 8 0
shmpl 112 35 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1914 0 515 46 0 46 46 0 8 0
ffsino 240 1914 0 515 83 0 83 83 0 8 0
nchpl 144 2711 0 1103 60 0 60 60 0 8 0
uvmvnodes 72 2180 0 0 40 0 40 40 0 8 0
vnodes 208 2180 0 0 115 0 115 115 0 8 0
namei 1024 7449 0 7449 1 0 1 1 0 8 1
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 528 4 0 2 2 1 1 1 0 8 0
scsiplug 64 1 0 1 1 1 0 1 0 8 0
scxspl 192 7486 0 7486 1 0 1 1 0 8 1
plimitpl 152 46 0 39 1 0 1 1 0 8 0
sigapl 432 513 0 502 2 0 2 2 0 8 0
futexpl 56 9425 0 9425 1 0 1 1 0 8 1
knotepl 112 99 0 94 1 0 1 1 0 8 0
kqueuepl 104 74 0 73 1 0 1 1 0 8 0
pipelkpl 16 159 0 150 1 0 1 1 0 8 0
pipepl 120 318 0 306 1 0 1 1 0 8 0
fdescpl 432 514 0 502 2 0 2 2 0 8 0
filepl 120 4593 0 4520 6 0 6 6 0 8 3
lockfpl 104 94 0 93 1 0 1 1 0 8 0
lockfspl 48 28 0 27 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 21 0 11 1 0 1 1 0 8 0
ucredpl 96 484 0 477 1 0 1 1 0 8 0
zombiepl 144 503 0 501 1 0 1 1 0 8 0
processpl 896 530 0 501 4 0 4 4 0 8 0
procpl 624 949 0 920 4 0 4 4 0 8 0
sockpl 400 1646 0 1629 11 1 10 11 0 8 8
mcl64k 65536 14 0 14 2 1 1 1 0 8 1
mcl16k 16384 3 0 3 1 0 1 1 0 8 1
mcl12k 12288 11 0 11 2 1 1 1 0 8 1
mcl9k 9216 6 0 6 2 1 1 1 0 8 1
mcl8k 8192 12 0 12 2 1 1 1 0 8 1
mcl4k 4096 46 0 46 2 1 1 1 0 8 1
mcl2k2 2112 7 0 7 2 1 1 1 0 8 1
mcl2k 2048 63361 0 63306 18 10 8 15 0 8 0
mtagpl 80 36 0 28 2 1 1 1 0 8 0
mbufpl 256 103376 0 103257 19 2 17 17 0 8 4
bufpl 280 7056 0 1330 409 0 409 409 0 8 0
anonpl 16 64819 0 63591 79 4 75 79 0 107 61
amapchunkpl 152 2499 0 2461 10 4 6 10 0 158 3
amappl16 192 2734 0 2718 55 11 44 55 0 8 38
amappl15 184 50 0 46 1 0 1 1 0 8 0
amappl14 176 27 0 26 1 0 1 1 0 8 0
amappl13 168 162 0 161 1 0 1 1 0 8 0
amappl12 160 9 0 9 2 1 1 1 0 8 1
amappl11 152 48 0 37 1 0 1 1 0 8 0
amappl10 144 13 0 12 1 0 1 1 0 8 0
amappl9 136 544 0 541 1 0 1 1 0 8 0
amappl8 128 114 0 110 1 0 1 1 0 8 0
amappl7 120 92 0 83 1 0 1 1 0 8 0
amappl6 112 62 0 59 1 0 1 1 0 8 0
amappl5 104 177 0 167 1 0 1 1 0 8 0
amappl4 96 731 0 706 1 0 1 1 0 8 0
amappl3 88 137 0 129 1 0 1 1 0 8 0
amappl2 80 3458 0 3397 3 1 2 3 0 8 0
amappl1 72 18932 0 18532 26 16 10 20 0 8 0
amappl 80 1209 0 1186 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 36 0 2 1 0 1 1 0 8 0
uaddrrnd 24 518 0 504 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 518 0 504 1 0 1 1 0 8 0
vmmpekpl 168 7460 0 7431 2 0 2 2 0 8 0
vmmpepl 168 67710 0 66796 119 22 97 113 0 357 44
vmsppl 272 517 0 504 3 1 2 2 0 8 0
pdppl 4096 1042 0 1010 5 0 5 5 0 8 0
pvpl 32 194089 0 191127 189 4 185 189 0 265 143
pmappl 200 517 0 504 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 173 0 19 5 0 5 5 0 8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Jan 26, 2020, 4:58:19 AM1/26/20
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages