uvm_fault: igmp_leavegroup (2)
1 view
Skip to first unread message
syzbot
Dec 12, 2021, 5:26:24 PM12/12/21
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4b4b1389d21d Replace deprecated IO::Socket::INET6 with IO:..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11b2a3e5b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=e22326057ccf34908d78
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e22326...@syzkaller.appspotmail.com
uvm_fault(0xfffffd8072192668, 0x4, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at igmp_leavegroup+0x81: movl 0x4(%rax),%r12d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
igmp_leavegroup(ffff800000cb5a00) at igmp_leavegroup+0x81 sys/netinet/igmp.c:531
in_delmulti(ffff800000cb5a00) at in_delmulti+0xb7 sys/netinet/in.c:920
ip_freemoptions(ffff800000c15430) at ip_freemoptions+0x5a sys/netinet/ip_output.c:1758
in_pcbdetach(fffffd806f3d5980) at in_pcbdetach+0xf3 sys/netinet/in_pcb.c:584
udp_detach(fffffd806f0b61c8) at udp_detach+0x3b sys/netinet/udp_usrreq.c:1263
soclose(fffffd806f0b61c8,0) at soclose+0x245 sys/kern/uipc_socket.c:361
soo_close(fffffd8064ab5a50,ffff8000216cb260) at soo_close+0x40
fdrop(fffffd8064ab5a50,ffff8000216cb260) at fdrop+0xc5 sys/kern/kern_descrip.c:1279
closef(fffffd8064ab5a50,ffff8000216cb260) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff8000216cb260) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff8000216cb260,0,0,1) at exit1+0x345 sys/kern/kern_exit.c:202
sys_exit(ffff8000216cb260,ffff8000249cd3f0,ffff8000249cd450) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff8000249cd4c0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc9f0, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd8072192668, 0x4, 0, 1) -> e
ddb> trace
igmp_leavegroup(ffff800000cb5a00) at igmp_leavegroup+0x81 sys/netinet/igmp.c:531
in_delmulti(ffff800000cb5a00) at in_delmulti+0xb7 sys/netinet/in.c:920
ip_freemoptions(ffff800000c15430) at ip_freemoptions+0x5a sys/netinet/ip_output.c:1758
in_pcbdetach(fffffd806f3d5980) at in_pcbdetach+0xf3 sys/netinet/in_pcb.c:584
udp_detach(fffffd806f0b61c8) at udp_detach+0x3b sys/netinet/udp_usrreq.c:1263
soclose(fffffd806f0b61c8,0) at soclose+0x245 sys/kern/uipc_socket.c:361
soo_close(fffffd8064ab5a50,ffff8000216cb260) at soo_close+0x40
fdrop(fffffd8064ab5a50,ffff8000216cb260) at fdrop+0xc5 sys/kern/kern_descrip.c:1279
closef(fffffd8064ab5a50,ffff8000216cb260) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff8000216cb260) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff8000216cb260,0,0,1) at exit1+0x345 sys/kern/kern_exit.c:202
sys_exit(ffff8000216cb260,ffff8000249cd3f0,ffff8000249cd450) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff8000249cd4c0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc9f0, count: -14
ddb> show registers
rdi 0
rsi 0
rbp 0xffff8000249cd070
rbx 0
rdx 0
rcx 0x1
rax 0
r8 0xffffffff81df64b2 sounlock+0x32
r9 0x5
r10 0x66de3f86197643a7
r11 0xad69c41d43b5fdc2
r12 0
r13 0x3
r14 0xffff8000006ac000
r15 0xffff800000cb5a00
rip 0xffffffff81d3bd81 igmp_leavegroup+0x81
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000249cd040
ss 0x10
igmp_leavegroup+0x81: movl 0x4(%rax),%r12d
ddb> show proc
PROC (syz-executor.1) pid=208303 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000216ca000,0xffffffff828fcf08
process=0xffff8000216fe038 user=0xffff8000249c8000, vmspace=0xfffffd8072192668
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
60274 329807 37630 0 2 0x2 syz-executor.0
80503 468664 37630 0 3 0x82 nanoslp syz-executor.1
7660 49200 0 0 3 0x14200 acct acct
19414 521966 1 0 3 0x100083 ttyin getty
12822 426072 0 0 3 0x14280 nfsidl nfsio
53888 487307 0 0 3 0x14280 nfsidl nfsio
3134 73092 0 0 3 0x14280 nfsidl nfsio
30055 432229 0 0 3 0x14280 nfsidl nfsio
74017 265959 0 0 3 0x14280 nfsidl nfsio
57827 299615 0 0 3 0x14280 nfsidl nfsio
86344 70979 0 0 3 0x14280 nfsidl nfsio
6008 44988 0 0 3 0x14280 nfsidl nfsio
42300 201586 0 0 3 0x14280 nfsidl nfsio
26206 22712 0 0 3 0x14280 nfsidl nfsio
46697 277794 0 0 3 0x14280 nfsidl nfsio
59616 298245 0 0 3 0x14280 nfsidl nfsio
24604 523050 0 0 3 0x14280 nfsidl nfsio
93893 429085 0 0 3 0x14280 nfsidl nfsio
74496 279782 0 0 3 0x14280 nfsidl nfsio
71137 96077 0 0 3 0x14280 nfsidl nfsio
4745 12177 0 0 3 0x14280 nfsidl nfsio
49246 82744 0 0 3 0x14280 nfsidl nfsio
32121 466715 0 0 3 0x14280 nfsidl nfsio
9942 318728 0 0 3 0x14280 nfsidl nfsio
34519 370650 0 0 3 0x14200 bored sosplice
37630 297936 7771 0 3 0x82 thrsleep syz-fuzzer
37630 107381 7771 0 3 0x4000082 nanoslp syz-fuzzer
37630 153630 7771 0 3 0x4000082 thrsleep syz-fuzzer
37630 249678 7771 0 3 0x4000082 thrsleep syz-fuzzer
37630 498198 7771 0 3 0x4000082 thrsleep syz-fuzzer
37630 78374 7771 0 3 0x4000082 kqread syz-fuzzer
37630 20674 7771 0 3 0x4000082 thrsleep syz-fuzzer
7771 229942 77212 0 3 0x10008a sigsusp ksh
77212 508179 97146 0 3 0x9a kqread sshd
97146 298107 1 0 3 0x88 kqread sshd
59333 222301 22163 73 3 0x100090 kqread syslogd
22163 497195 1 0 3 0x100082 netio syslogd
59424 17463 1 0 3 0x100080 kqread resolvd
17654 229891 15765 77 3 0x100092 kqread dhcpleased
77155 253131 15765 77 3 0x100092 kqread dhcpleased
15765 485990 1 0 3 0x80 kqread dhcpleased
81134 151596 0 0 3 0x14200 bored smr
10953 297029 0 0 2 0x14200 zerothread
12113 383686 0 0 3 0x14200 aiodoned aiodoned
69921 82389 0 0 3 0x14200 syncer update
47081 269436 0 0 3 0x14200 cleaner cleaner
39497 71953 0 0 3 0x14200 reaper reaper
72530 209572 0 0 3 0x14200 pgdaemon pagedaemon
52137 257956 0 0 3 0x14200 bored viomb
28162 153557 0 0 3 0x40014200 acpi0 acpi0
47684 345925 0 0 3 0x14200 bored softnet
87861 499597 0 0 3 0x14200 bored systqmp
85774 343547 0 0 3 0x14200 bored systq
73384 282339 0 0 3 0x40014200 bored softclock
17964 451282 0 0 3 0x40014200 idle0
1 144164 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10142 6388K 18855K 78643K 51898 0
pcb 13 24K 34K 78643K 4112 0
rtable 77 11K 13K 78643K 4567 0
ifaddr 38 17K 23K 78643K 1804 0
sysctl 2 0K 0K 78643K 2 0
counters 20 16K 17K 78643K 358 0
ioctlops 0 0K 4K 78643K 5074 0
iov 0 0K 32K 78643K 2479 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1383 87K 87K 78643K 15122 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 175 0
VM map 2 0K 0K 78643K 2 0
sem 11 1K 1K 78643K 11 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 5 13K 25K 78643K 22255 0
sigio 1 0K 0K 78643K 2404 0
proc 71 55K 71K 78643K 2767 0
subproc 26 1K 1K 78643K 926 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 4 0K 0K 78643K 24500 0
in_multi 21 1K 2K 78643K 7572 0
ether_multi 1 0K 0K 78643K 406 0
mrt 1 0K 0K 78643K 79 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 247 1102K 1102K 78643K 247 0
exec 0 0K 2K 78643K 4109 0
pfkey data 0 0K 1K 78643K 3 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 454 1203K 1205K 78643K 269657 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1720 0
NDP 5 0K 0K 78643K 517 0
temp 77 4189K 6238K 78643K 177407 0
kqueue 17 20K 25K 78643K 2325 0
SYN cache 2 0K 16K 78643K 4 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 1658 0 1655 23 22 1 3 0 8 0
rtentry 112 1244 0 1220 3 1 2 2 0 8 0
unpcb 128 18869 0 18856 163 162 1 9 0 8 0
syncache 296 105 0 105 32 32 0 1 0 8 0
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 30 454 30 2 2 0 1 0 8 0
tcpcb 736 8004 0 7931 294 287 7 13 0 8 0
arp 88 188 0 184 1 0 1 1 0 8 0
ipq 40 271 0 271 29 29 0 1 0 8 0
ipqe 40 2615 0 2615 29 29 0 1 0 8 0
inpcb 304 39509 0 39496 434 427 7 19 0 8 6
rttmr 72 59 0 59 8 8 0 1 0 8 0
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 3 0 3 1 1 0 1 0 8 0
nd6 48 275 0 271 4 3 1 1 0 8 0
pkpcb 40 162 0 162 18 18 0 1 0 8 0
kcovpl 48 71 0 69 1 0 1 1 0 8 0
ppxss 1152 126 0 126 36 36 0 1 0 8 0
pfosfp 40 3 0 2 1 0 1 1 0 8 0
pfosfpen 112 3 0 2 1 0 1 1 0 8 0
pfrktable 1344 145 0 144 2 1 1 1 0 8 0
pftag 88 33 0 31 2 1 1 1 0 8 0
pfrule 1360 155 0 140 3 1 2 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 5096 0 4983 61 50 11 15 0 8 1
art_table 32 5097 0 4983 2 0 2 2 0 8 0
art_node 16 1240 0 1222 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 4 1 0 1 1 0 8 0
semapl 112 9 0 0 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 31587 0 30135 94 2 92 92 0 8 0
ffsino 240 31587 0 30135 86 0 86 86 0 8 0
nchpl 144 60655 0 59063 60 0 60 60 0 8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 219388 0 219388 10 9 1 1 0 8 1
vcpupl 1984 153 0 0 20 0 20 20 0 8 0
vmpool 528 217 0 64 12 1 11 11 0 8 0
pfiaddrpl 120 41 0 41 4 4 0 1 0 8 0
scsiplug 72 21 0 21 7 7 0 1 0 8 0
scxspl 216 191548 0 191548 53 52 1 8 0 8 1
plimitpl 152 3268 0 3260 1 0 1 1 0 8 0
sigapl 424 22304 0 22253 6 0 6 6 0 8 0
futexpl 64 239487 0 239487 10 9 1 1 0 8 1
knotepl 112 168430 0 168387 2 0 2 2 0 8 0
kqueuepl 184 12812 0 12792 200 197 3 8 0 8 2
pipepl 304 4979 0 4968 163 162 1 7 0 8 0
fdescpl 432 22263 0 22247 12 10 2 3 0 8 0
filepl 120 187669 0 187560 298 290 8 13 0 8 4
lockfpl 104 7022 0 7020 11 10 1 2 0 8 0
lockfspl 48 1827 0 1825 1 0 1 1 0 8 0
sessionpl 144 87 0 77 1 0 1 1 0 8 0
pgrppl 48 164 0 154 1 0 1 1 0 8 0
ucredpl 96 22097 0 22087 1 0 1 1 0 8 0
zombiepl 144 22254 0 22253 3 2 1 1 0 8 0
processpl 1000 22304 0 22253 8 1 7 7 0 8 0
procpl 672 56192 0 56135 55 49 6 7 0 8 0
sosppl 168 163 0 162 28 27 1 1 0 8 0
sockpl 448 60221 0 60192 1042 1031 11 37 0 8 7
mcl64k 65536 1274 0 1273 62 61 1 1 0 8 0
mcl16k 16384 295 0 295 64 63 1 1 0 8 1
mcl12k 12288 794 0 794 73 72 1 1 0 8 1
mcl9k 9216 340 0 340 67 66 1 1 0 8 1
mcl8k 8192 1971 0 1904 62 53 9 9 0 8 0
mcl4k 4096 2656 0 2656 39 38 1 1 0 8 1
mcl2k2 2112 180 0 180 66 66 0 1 0 8 0
mcl2k 2048 128974 0 128924 46 38 8 12 0 8 0
mtagpl 96 2770 0 2748 46 42 4 6 0 8 2
mbufpl 256 493972 0 493682 1733 1702 31 509 0 8 8
bufpl 280 43341 0 36942 458 0 458 458 0 8 0
anonpl 24 6249378 0 6231655 478 343 135 137 0 188 17
amapchunkpl 152 696273 0 695642 269 242 27 40 0 158 1
amappl16 200 64949 0 64225 314 267 47 51 0 8 8
amappl15 192 2516 0 2509 1 0 1 1 0 8 0
amappl14 184 2544 0 2542 1 0 1 1 0 8 0
amappl13 176 1637 0 1635 2 1 1 1 0 8 0
amappl12 168 3641 0 3640 1 0 1 1 0 8 0
amappl11 160 5375 0 5361 1 0 1 1 0 8 0
amappl10 152 3152 0 3152 10 10 0 1 0 8 0
amappl9 144 1882 0 1880 1 0 1 1 0 8 0
amappl8 136 4379 0 4309 3 0 3 3 0 8 0
amappl7 128 3064 0 3057 1 0 1 1 0 8 0
amappl6 120 1982 0 1966 1 0 1 1 0 8 0
amappl5 112 20622 0 20602 1 0 1 1 0 8 0
amappl4 104 11440 0 11414 1 0 1 1 0 8 0
amappl3 96 5618 0 5602 1 0 1 1 0 8 0
amappl2 88 25572 0 25510 2 0 2 2 0 8 0
amappl1 80 373111 0 372699 25 15 10 12 0 8 0
amappl 88 267812 0 267585 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 22480 0 22311 2 0 2 2 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 22480 0 22311 2 0 2 2 0 8 0
vmmpekpl 168 144041 0 143995 5 2 3 3 0 8 0
vmmpepl 168 2026040 0 2023707 1110 974 136 137 0 357 26
vmsppl 272 22479 0 22311 14 2 12 12 0 8 0
rwobjpl 24 469980 0 468439 25 14 11 11 0 8 1
pdppl 4096 44966 0 44775 277 84 193 195 0 8 2
pvpl 32 10350934 0 10330439 821 616 205 238 0 265 27
pmappl 192 22479 0 22311 10 1 9 9 0 8 0
extentpl 40 58 0 40 1 0 1 1 0 8 0
phpool 112 3894 0 3423 49 35 14 26 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
igmp_leavegroup(ffff800000cb5a00) at igmp_leavegroup+0x81 sys/netinet/igmp.c:531
in_delmulti(ffff800000cb5a00) at in_delmulti+0xb7 sys/netinet/in.c:920
ip_freemoptions(ffff800000c15430) at ip_freemoptions+0x5a sys/netinet/ip_output.c:1758
in_pcbdetach(fffffd806f3d5980) at in_pcbdetach+0xf3 sys/netinet/in_pcb.c:584
udp_detach(fffffd806f0b61c8) at udp_detach+0x3b sys/netinet/udp_usrreq.c:1263
soclose(fffffd806f0b61c8,0) at soclose+0x245 sys/kern/uipc_socket.c:361
soo_close(fffffd8064ab5a50,ffff8000216cb260) at soo_close+0x40
fdrop(fffffd8064ab5a50,ffff8000216cb260) at fdrop+0xc5 sys/kern/kern_descrip.c:1279
closef(fffffd8064ab5a50,ffff8000216cb260) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff8000216cb260) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff8000216cb260,0,0,1) at exit1+0x345 sys/kern/kern_exit.c:202
sys_exit(ffff8000216cb260,ffff8000249cd3f0,ffff8000249cd450) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff8000249cd4c0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc9f0, count: -14
ddb> machine ddbcpu 1
No such command
ddb> trace
igmp_leavegroup(ffff800000cb5a00) at igmp_leavegroup+0x81 sys/netinet/igmp.c:531
in_delmulti(ffff800000cb5a00) at in_delmulti+0xb7 sys/netinet/in.c:920
ip_freemoptions(ffff800000c15430) at ip_freemoptions+0x5a sys/netinet/ip_output.c:1758
in_pcbdetach(fffffd806f3d5980) at in_pcbdetach+0xf3 sys/netinet/in_pcb.c:584
udp_detach(fffffd806f0b61c8) at udp_detach+0x3b sys/netinet/udp_usrreq.c:1263
soclose(fffffd806f0b61c8,0) at soclose+0x245 sys/kern/uipc_socket.c:361
soo_close(fffffd8064ab5a50,ffff8000216cb260) at soo_close+0x40
fdrop(fffffd8064ab5a50,ffff8000216cb260) at fdrop+0xc5 sys/kern/kern_descrip.c:1279
closef(fffffd8064ab5a50,ffff8000216cb260) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff8000216cb260) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff8000216cb260,0,0,1) at exit1+0x345 sys/kern/kern_exit.c:202
sys_exit(ffff8000216cb260,ffff8000249cd3f0,ffff8000249cd450) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff8000249cd4c0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc9f0, count: -14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 4b4b1389d21d Replace deprecated IO::Socket::INET6 with IO:..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11b2a3e5b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=e22326057ccf34908d78
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e22326...@syzkaller.appspotmail.com
uvm_fault(0xfffffd8072192668, 0x4, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at igmp_leavegroup+0x81: movl 0x4(%rax),%r12d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
igmp_leavegroup(ffff800000cb5a00) at igmp_leavegroup+0x81 sys/netinet/igmp.c:531
in_delmulti(ffff800000cb5a00) at in_delmulti+0xb7 sys/netinet/in.c:920
ip_freemoptions(ffff800000c15430) at ip_freemoptions+0x5a sys/netinet/ip_output.c:1758
in_pcbdetach(fffffd806f3d5980) at in_pcbdetach+0xf3 sys/netinet/in_pcb.c:584
udp_detach(fffffd806f0b61c8) at udp_detach+0x3b sys/netinet/udp_usrreq.c:1263
soclose(fffffd806f0b61c8,0) at soclose+0x245 sys/kern/uipc_socket.c:361
soo_close(fffffd8064ab5a50,ffff8000216cb260) at soo_close+0x40
fdrop(fffffd8064ab5a50,ffff8000216cb260) at fdrop+0xc5 sys/kern/kern_descrip.c:1279
closef(fffffd8064ab5a50,ffff8000216cb260) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff8000216cb260) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff8000216cb260,0,0,1) at exit1+0x345 sys/kern/kern_exit.c:202
sys_exit(ffff8000216cb260,ffff8000249cd3f0,ffff8000249cd450) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff8000249cd4c0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc9f0, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd8072192668, 0x4, 0, 1) -> e
ddb> trace
igmp_leavegroup(ffff800000cb5a00) at igmp_leavegroup+0x81 sys/netinet/igmp.c:531
in_delmulti(ffff800000cb5a00) at in_delmulti+0xb7 sys/netinet/in.c:920
ip_freemoptions(ffff800000c15430) at ip_freemoptions+0x5a sys/netinet/ip_output.c:1758
in_pcbdetach(fffffd806f3d5980) at in_pcbdetach+0xf3 sys/netinet/in_pcb.c:584
udp_detach(fffffd806f0b61c8) at udp_detach+0x3b sys/netinet/udp_usrreq.c:1263
soclose(fffffd806f0b61c8,0) at soclose+0x245 sys/kern/uipc_socket.c:361
soo_close(fffffd8064ab5a50,ffff8000216cb260) at soo_close+0x40
fdrop(fffffd8064ab5a50,ffff8000216cb260) at fdrop+0xc5 sys/kern/kern_descrip.c:1279
closef(fffffd8064ab5a50,ffff8000216cb260) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff8000216cb260) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff8000216cb260,0,0,1) at exit1+0x345 sys/kern/kern_exit.c:202
sys_exit(ffff8000216cb260,ffff8000249cd3f0,ffff8000249cd450) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff8000249cd4c0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc9f0, count: -14
ddb> show registers
rdi 0
rsi 0
rbp 0xffff8000249cd070
rbx 0
rdx 0
rcx 0x1
rax 0
r8 0xffffffff81df64b2 sounlock+0x32
r9 0x5
r10 0x66de3f86197643a7
r11 0xad69c41d43b5fdc2
r12 0
r13 0x3
r14 0xffff8000006ac000
r15 0xffff800000cb5a00
rip 0xffffffff81d3bd81 igmp_leavegroup+0x81
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000249cd040
ss 0x10
igmp_leavegroup+0x81: movl 0x4(%rax),%r12d
ddb> show proc
PROC (syz-executor.1) pid=208303 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000216ca000,0xffffffff828fcf08
process=0xffff8000216fe038 user=0xffff8000249c8000, vmspace=0xfffffd8072192668
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
60274 329807 37630 0 2 0x2 syz-executor.0
80503 468664 37630 0 3 0x82 nanoslp syz-executor.1
7660 49200 0 0 3 0x14200 acct acct
19414 521966 1 0 3 0x100083 ttyin getty
12822 426072 0 0 3 0x14280 nfsidl nfsio
53888 487307 0 0 3 0x14280 nfsidl nfsio
3134 73092 0 0 3 0x14280 nfsidl nfsio
30055 432229 0 0 3 0x14280 nfsidl nfsio
74017 265959 0 0 3 0x14280 nfsidl nfsio
57827 299615 0 0 3 0x14280 nfsidl nfsio
86344 70979 0 0 3 0x14280 nfsidl nfsio
6008 44988 0 0 3 0x14280 nfsidl nfsio
42300 201586 0 0 3 0x14280 nfsidl nfsio
26206 22712 0 0 3 0x14280 nfsidl nfsio
46697 277794 0 0 3 0x14280 nfsidl nfsio
59616 298245 0 0 3 0x14280 nfsidl nfsio
24604 523050 0 0 3 0x14280 nfsidl nfsio
93893 429085 0 0 3 0x14280 nfsidl nfsio
74496 279782 0 0 3 0x14280 nfsidl nfsio
71137 96077 0 0 3 0x14280 nfsidl nfsio
4745 12177 0 0 3 0x14280 nfsidl nfsio
49246 82744 0 0 3 0x14280 nfsidl nfsio
32121 466715 0 0 3 0x14280 nfsidl nfsio
9942 318728 0 0 3 0x14280 nfsidl nfsio
34519 370650 0 0 3 0x14200 bored sosplice
37630 297936 7771 0 3 0x82 thrsleep syz-fuzzer
37630 107381 7771 0 3 0x4000082 nanoslp syz-fuzzer
37630 153630 7771 0 3 0x4000082 thrsleep syz-fuzzer
37630 249678 7771 0 3 0x4000082 thrsleep syz-fuzzer
37630 498198 7771 0 3 0x4000082 thrsleep syz-fuzzer
37630 78374 7771 0 3 0x4000082 kqread syz-fuzzer
37630 20674 7771 0 3 0x4000082 thrsleep syz-fuzzer
7771 229942 77212 0 3 0x10008a sigsusp ksh
77212 508179 97146 0 3 0x9a kqread sshd
97146 298107 1 0 3 0x88 kqread sshd
59333 222301 22163 73 3 0x100090 kqread syslogd
22163 497195 1 0 3 0x100082 netio syslogd
59424 17463 1 0 3 0x100080 kqread resolvd
17654 229891 15765 77 3 0x100092 kqread dhcpleased
77155 253131 15765 77 3 0x100092 kqread dhcpleased
15765 485990 1 0 3 0x80 kqread dhcpleased
81134 151596 0 0 3 0x14200 bored smr
10953 297029 0 0 2 0x14200 zerothread
12113 383686 0 0 3 0x14200 aiodoned aiodoned
69921 82389 0 0 3 0x14200 syncer update
47081 269436 0 0 3 0x14200 cleaner cleaner
39497 71953 0 0 3 0x14200 reaper reaper
72530 209572 0 0 3 0x14200 pgdaemon pagedaemon
52137 257956 0 0 3 0x14200 bored viomb
28162 153557 0 0 3 0x40014200 acpi0 acpi0
47684 345925 0 0 3 0x14200 bored softnet
87861 499597 0 0 3 0x14200 bored systqmp
85774 343547 0 0 3 0x14200 bored systq
73384 282339 0 0 3 0x40014200 bored softclock
17964 451282 0 0 3 0x40014200 idle0
1 144164 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10142 6388K 18855K 78643K 51898 0
pcb 13 24K 34K 78643K 4112 0
rtable 77 11K 13K 78643K 4567 0
ifaddr 38 17K 23K 78643K 1804 0
sysctl 2 0K 0K 78643K 2 0
counters 20 16K 17K 78643K 358 0
ioctlops 0 0K 4K 78643K 5074 0
iov 0 0K 32K 78643K 2479 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1383 87K 87K 78643K 15122 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 175 0
VM map 2 0K 0K 78643K 2 0
sem 11 1K 1K 78643K 11 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 5 13K 25K 78643K 22255 0
sigio 1 0K 0K 78643K 2404 0
proc 71 55K 71K 78643K 2767 0
subproc 26 1K 1K 78643K 926 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 4 0K 0K 78643K 24500 0
in_multi 21 1K 2K 78643K 7572 0
ether_multi 1 0K 0K 78643K 406 0
mrt 1 0K 0K 78643K 79 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 247 1102K 1102K 78643K 247 0
exec 0 0K 2K 78643K 4109 0
pfkey data 0 0K 1K 78643K 3 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 454 1203K 1205K 78643K 269657 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1720 0
NDP 5 0K 0K 78643K 517 0
temp 77 4189K 6238K 78643K 177407 0
kqueue 17 20K 25K 78643K 2325 0
SYN cache 2 0K 16K 78643K 4 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 1658 0 1655 23 22 1 3 0 8 0
rtentry 112 1244 0 1220 3 1 2 2 0 8 0
unpcb 128 18869 0 18856 163 162 1 9 0 8 0
syncache 296 105 0 105 32 32 0 1 0 8 0
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 30 454 30 2 2 0 1 0 8 0
tcpcb 736 8004 0 7931 294 287 7 13 0 8 0
arp 88 188 0 184 1 0 1 1 0 8 0
ipq 40 271 0 271 29 29 0 1 0 8 0
ipqe 40 2615 0 2615 29 29 0 1 0 8 0
inpcb 304 39509 0 39496 434 427 7 19 0 8 6
rttmr 72 59 0 59 8 8 0 1 0 8 0
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 3 0 3 1 1 0 1 0 8 0
nd6 48 275 0 271 4 3 1 1 0 8 0
pkpcb 40 162 0 162 18 18 0 1 0 8 0
kcovpl 48 71 0 69 1 0 1 1 0 8 0
ppxss 1152 126 0 126 36 36 0 1 0 8 0
pfosfp 40 3 0 2 1 0 1 1 0 8 0
pfosfpen 112 3 0 2 1 0 1 1 0 8 0
pfrktable 1344 145 0 144 2 1 1 1 0 8 0
pftag 88 33 0 31 2 1 1 1 0 8 0
pfrule 1360 155 0 140 3 1 2 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 5096 0 4983 61 50 11 15 0 8 1
art_table 32 5097 0 4983 2 0 2 2 0 8 0
art_node 16 1240 0 1222 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 4 1 0 1 1 0 8 0
semapl 112 9 0 0 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 31587 0 30135 94 2 92 92 0 8 0
ffsino 240 31587 0 30135 86 0 86 86 0 8 0
nchpl 144 60655 0 59063 60 0 60 60 0 8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 219388 0 219388 10 9 1 1 0 8 1
vcpupl 1984 153 0 0 20 0 20 20 0 8 0
vmpool 528 217 0 64 12 1 11 11 0 8 0
pfiaddrpl 120 41 0 41 4 4 0 1 0 8 0
scsiplug 72 21 0 21 7 7 0 1 0 8 0
scxspl 216 191548 0 191548 53 52 1 8 0 8 1
plimitpl 152 3268 0 3260 1 0 1 1 0 8 0
sigapl 424 22304 0 22253 6 0 6 6 0 8 0
futexpl 64 239487 0 239487 10 9 1 1 0 8 1
knotepl 112 168430 0 168387 2 0 2 2 0 8 0
kqueuepl 184 12812 0 12792 200 197 3 8 0 8 2
pipepl 304 4979 0 4968 163 162 1 7 0 8 0
fdescpl 432 22263 0 22247 12 10 2 3 0 8 0
filepl 120 187669 0 187560 298 290 8 13 0 8 4
lockfpl 104 7022 0 7020 11 10 1 2 0 8 0
lockfspl 48 1827 0 1825 1 0 1 1 0 8 0
sessionpl 144 87 0 77 1 0 1 1 0 8 0
pgrppl 48 164 0 154 1 0 1 1 0 8 0
ucredpl 96 22097 0 22087 1 0 1 1 0 8 0
zombiepl 144 22254 0 22253 3 2 1 1 0 8 0
processpl 1000 22304 0 22253 8 1 7 7 0 8 0
procpl 672 56192 0 56135 55 49 6 7 0 8 0
sosppl 168 163 0 162 28 27 1 1 0 8 0
sockpl 448 60221 0 60192 1042 1031 11 37 0 8 7
mcl64k 65536 1274 0 1273 62 61 1 1 0 8 0
mcl16k 16384 295 0 295 64 63 1 1 0 8 1
mcl12k 12288 794 0 794 73 72 1 1 0 8 1
mcl9k 9216 340 0 340 67 66 1 1 0 8 1
mcl8k 8192 1971 0 1904 62 53 9 9 0 8 0
mcl4k 4096 2656 0 2656 39 38 1 1 0 8 1
mcl2k2 2112 180 0 180 66 66 0 1 0 8 0
mcl2k 2048 128974 0 128924 46 38 8 12 0 8 0
mtagpl 96 2770 0 2748 46 42 4 6 0 8 2
mbufpl 256 493972 0 493682 1733 1702 31 509 0 8 8
bufpl 280 43341 0 36942 458 0 458 458 0 8 0
anonpl 24 6249378 0 6231655 478 343 135 137 0 188 17
amapchunkpl 152 696273 0 695642 269 242 27 40 0 158 1
amappl16 200 64949 0 64225 314 267 47 51 0 8 8
amappl15 192 2516 0 2509 1 0 1 1 0 8 0
amappl14 184 2544 0 2542 1 0 1 1 0 8 0
amappl13 176 1637 0 1635 2 1 1 1 0 8 0
amappl12 168 3641 0 3640 1 0 1 1 0 8 0
amappl11 160 5375 0 5361 1 0 1 1 0 8 0
amappl10 152 3152 0 3152 10 10 0 1 0 8 0
amappl9 144 1882 0 1880 1 0 1 1 0 8 0
amappl8 136 4379 0 4309 3 0 3 3 0 8 0
amappl7 128 3064 0 3057 1 0 1 1 0 8 0
amappl6 120 1982 0 1966 1 0 1 1 0 8 0
amappl5 112 20622 0 20602 1 0 1 1 0 8 0
amappl4 104 11440 0 11414 1 0 1 1 0 8 0
amappl3 96 5618 0 5602 1 0 1 1 0 8 0
amappl2 88 25572 0 25510 2 0 2 2 0 8 0
amappl1 80 373111 0 372699 25 15 10 12 0 8 0
amappl 88 267812 0 267585 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 22480 0 22311 2 0 2 2 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 22480 0 22311 2 0 2 2 0 8 0
vmmpekpl 168 144041 0 143995 5 2 3 3 0 8 0
vmmpepl 168 2026040 0 2023707 1110 974 136 137 0 357 26
vmsppl 272 22479 0 22311 14 2 12 12 0 8 0
rwobjpl 24 469980 0 468439 25 14 11 11 0 8 1
pdppl 4096 44966 0 44775 277 84 193 195 0 8 2
pvpl 32 10350934 0 10330439 821 616 205 238 0 265 27
pmappl 192 22479 0 22311 10 1 9 9 0 8 0
extentpl 40 58 0 40 1 0 1 1 0 8 0
phpool 112 3894 0 3423 49 35 14 26 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
igmp_leavegroup(ffff800000cb5a00) at igmp_leavegroup+0x81 sys/netinet/igmp.c:531
in_delmulti(ffff800000cb5a00) at in_delmulti+0xb7 sys/netinet/in.c:920
ip_freemoptions(ffff800000c15430) at ip_freemoptions+0x5a sys/netinet/ip_output.c:1758
in_pcbdetach(fffffd806f3d5980) at in_pcbdetach+0xf3 sys/netinet/in_pcb.c:584
udp_detach(fffffd806f0b61c8) at udp_detach+0x3b sys/netinet/udp_usrreq.c:1263
soclose(fffffd806f0b61c8,0) at soclose+0x245 sys/kern/uipc_socket.c:361
soo_close(fffffd8064ab5a50,ffff8000216cb260) at soo_close+0x40
fdrop(fffffd8064ab5a50,ffff8000216cb260) at fdrop+0xc5 sys/kern/kern_descrip.c:1279
closef(fffffd8064ab5a50,ffff8000216cb260) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff8000216cb260) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff8000216cb260,0,0,1) at exit1+0x345 sys/kern/kern_exit.c:202
sys_exit(ffff8000216cb260,ffff8000249cd3f0,ffff8000249cd450) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff8000249cd4c0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc9f0, count: -14
ddb> machine ddbcpu 1
No such command
ddb> trace
igmp_leavegroup(ffff800000cb5a00) at igmp_leavegroup+0x81 sys/netinet/igmp.c:531
in_delmulti(ffff800000cb5a00) at in_delmulti+0xb7 sys/netinet/in.c:920
ip_freemoptions(ffff800000c15430) at ip_freemoptions+0x5a sys/netinet/ip_output.c:1758
in_pcbdetach(fffffd806f3d5980) at in_pcbdetach+0xf3 sys/netinet/in_pcb.c:584
udp_detach(fffffd806f0b61c8) at udp_detach+0x3b sys/netinet/udp_usrreq.c:1263
soclose(fffffd806f0b61c8,0) at soclose+0x245 sys/kern/uipc_socket.c:361
soo_close(fffffd8064ab5a50,ffff8000216cb260) at soo_close+0x40
fdrop(fffffd8064ab5a50,ffff8000216cb260) at fdrop+0xc5 sys/kern/kern_descrip.c:1279
closef(fffffd8064ab5a50,ffff8000216cb260) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff8000216cb260) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff8000216cb260,0,0,1) at exit1+0x345 sys/kern/kern_exit.c:202
sys_exit(ffff8000216cb260,ffff8000249cd3f0,ffff8000249cd450) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff8000249cd4c0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc9f0, count: -14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Reply all
Reply to author
Forward
0 new messages