syzbot


uvm_fault: nd6_dad_duplicated

Status: auto-closed as invalid on 2020/11/06 01:33
Reported-by: syzbot+0dca639bbac9d36577eb@syzkaller.appspotmail.com
First crash: 1328d, last: 1328d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd uvm_fault: nd6_dad_duplicated (2) 76 835d 841d 3/3 fixed on 2021/12/13 23:24

Sample crash report:
uvm_fault(0xffffffff8281f6c8, 0x10, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at      nd6_dad_duplicated+0x28:        movq    0x10(%r14),%r13
ddb> 
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffffff8281f6c8, 0x10, 0, 1) -> e
nd6_dad_duplicated(0) at nd6_dad_duplicated+0x28 sys/netinet6/nd6_nbr.c:1265
end trace frame: 0xffff80001d675ce0, count: 0
ddb> trace
nd6_dad_duplicated(0) at nd6_dad_duplicated+0x28 sys/netinet6/nd6_nbr.c:1265
nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 nd6_dad_ns_input sys/netinet6/nd6_nbr.c:1342 [inline]
nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 sys/netinet6/nd6_nbr.c:301
icmp6_input(ffff80001d675fe8,ffff80001d675ff4,3a,18) at icmp6_input+0xa25 sys/netinet6/icmp6.c:687
ip_deliver(ffff80001d675fe8,ffff80001d675ff4,3a,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:604
ip6_input_if(ffff80001d675fe8,ffff80001d675ff4,29,0,ffff800000679000) at ip6_input_if+0xee1
ipv6_input(ffff800000679000,fffffd80532d4f00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171
if_input_local(ffff800000679000,fffffd80532d4f00,18) at if_input_local+0x11d sys/net/if.c:771
loinput(ffff800000679000,fffffd80532d4f00) at loinput+0x4d sys/net/if_loop.c:238
if_input_process(ffff800000679000,ffff80001d676128) at if_input_process+0xd2 sys/net/if.c:830
ifiq_process(ffff8000006793f0) at ifiq_process+0x80 sys/net/ifq.c:768
taskq_thread(ffff80000002b080) at taskq_thread+0x8d sys/kern/kern_task.c:449
end trace frame: 0x0, count: -11
ddb> show registers
rdi                                0
rsi                                0
rbp               0xffff80001d675b70
rbx                                0
rdx                                0
rcx                              0x7
rax               0xffff8000ffffe000
r8                            0xc90f    __ALIGN_SIZE+0xb90f
r9                0xffffffff81a27ffe    nd6_ns_input+0x39e
r10                              0x1
r11               0x8895d69caeaef91a
r12                                0
r13                              0x2
r14                                0
r15               0xffff800000b9ab00
rip               0xffffffff81a2a7e8    nd6_dad_duplicated+0x28
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff80001d675af0
ss                              0x10
nd6_dad_duplicated+0x28:        movq    0x10(%r14),%r13
ddb> show proc
PROC (softnet) pid=128355 stat=onproc
    flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
    pri=32, usrpri=50, nice=20
    forw=0xffffffffffffffff, list=0xffff8000ffffe278,0xffff8000ffffe500
    process=0xffff8000ffffc000 user=0xffff80001d671000, vmspace=0xffffffff8281f6c8
    estcpu=0, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 14986  117780  10581      0  2           0                syz-executor.0
 14986  523675  10581      0  2   0x4000000                syz-executor.0
 68769  173864  38268      0  2         0x2                syz-executor.1
 10581   38172  38268      0  3        0x82  nanosleep     syz-executor.0
 83654  446375      0      0  3     0x14200  acct          acct
  8319  499750      0      0  3     0x14280  nfsidl        nfsio
 60853  137490      0      0  3     0x14280  nfsidl        nfsio
 61777  407011      0      0  3     0x14280  nfsidl        nfsio
 25535  281458      0      0  3     0x14280  nfsidl        nfsio
 36903  138716      0      0  3     0x14280  nfsidl        nfsio
  6012  343943      0      0  3     0x14280  nfsidl        nfsio
 19694   53535      0      0  3     0x14280  nfsidl        nfsio
 85470  127654      0      0  3     0x14280  nfsidl        nfsio
 34177  434971      0      0  3     0x14280  nfsidl        nfsio
  9639  204339      0      0  3     0x14280  nfsidl        nfsio
 83637  497649      0      0  3     0x14280  nfsidl        nfsio
 79300  132833      0      0  3     0x14280  nfsidl        nfsio
 63591  169994      0      0  3     0x14280  nfsidl        nfsio
 15045  216938      0      0  3     0x14280  nfsidl        nfsio
 60723  499388      0      0  3     0x14280  nfsidl        nfsio
  1537  353755      0      0  3     0x14280  nfsidl        nfsio
 22849  432583      0      0  3     0x14280  nfsidl        nfsio
 85124  292782      0      0  3     0x14280  nfsidl        nfsio
 98453  364073      0      0  3     0x14280  nfsidl        nfsio
 90631  142186      0      0  3     0x14280  nfsidl        nfsio
 14385  445216      0      0  3     0x14200  bored         sosplice
 38268  277977  83112      0  3        0x82  thrsleep      syz-fuzzer
 38268  203642  83112      0  3   0x4000082  nanosleep     syz-fuzzer
 38268  231024  83112      0  3   0x4000082  kqread        syz-fuzzer
 38268  284460  83112      0  3   0x4000082  thrsleep      syz-fuzzer
 38268  275143  83112      0  3   0x4000082  thrsleep      syz-fuzzer
 38268  225336  83112      0  3   0x4000082  thrsleep      syz-fuzzer
 38268  431598  83112      0  3   0x4000082  thrsleep      syz-fuzzer
 83112   58847  71395      0  3    0x10008a  pause         ksh
 71395  175305  65063      0  3        0x92  select        sshd
  4485   82323      1      0  3    0x100083  ttyin         getty
 65063  503816      1      0  3        0x80  select        sshd
 85565  301865  81217     73  3    0x100090  kqread        syslogd
 81217  289187      1      0  3    0x100082  netio         syslogd
 87514  178522      0      0  3     0x14200  bored         smr
 38943  297085      0      0  2     0x14200                zerothread
 45393  156260      0      0  3     0x14200  aiodoned      aiodoned
 26566  248638      0      0  3     0x14200  syncer        update
 10575  257950      0      0  3     0x14200  cleaner       cleaner
  8241  154720      0      0  3     0x14200  reaper        reaper
 27689  304528      0      0  3     0x14200  pgdaemon      pagedaemon
 54600  155630      0      0  3     0x14200  bored         crynlk
 76163  436755      0      0  3     0x14200  bored         crypto
 97068  386245      0      0  3  0x40014200  acpi0         acpi0
*88204  128355      0      0  7     0x14200                softnet
 76023  138586      0      0  2     0x14200                systqmp
 62476  432539      0      0  3     0x14200  bored         systq
 45610  494388      0      0  3  0x40014200  bored         softclock
 95901  297402      0      0  3  0x40014200                idle0
     1  318854      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb> show all locks
No such command
ddb> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf  9553   6322K    6956K  78643K     16495        0
            pcb    13      8K       8K  78643K       777        0
         rtable   178     33K      36K  78643K      3366        0
         ifaddr   132     25K      26K  78643K       813        0
         sysctl     2      0K       0K  78643K         2        0
       counters    21     16K      17K  78643K       102        0
       ioctlops     0      0K       4K  78643K       844        0
            iov     0      0K      32K  78643K       447        0
          mount     1      1K       1K  78643K         1        0
         vnodes  1235     78K      78K  78643K      3357        0
      UFS quota     1     32K      32K  78643K         1        0
      UFS mount     5     36K      36K  78643K         5        0
            shm     2      1K       5K  78643K        50        0
         VM map     2      0K       0K  78643K         2        0
            sem    12      0K       1K  78643K       834        0
        dirhash     9      1K       2K  78643K        12        0
           ACPI  1809    195K     288K  78643K     12938        0
      file desc     5     13K      25K  78643K      5682        0
          sigio     0      0K       0K  78643K        56        0
           proc    46     30K      63K  78643K      1264        0
        subproc    32      2K       3K  78643K       357        0
    NFS srvsock     1      0K       0K  78643K         1        0
     NFS daemon     1     16K      16K  78643K         1        0
    ip_moptions     0      0K       0K  78643K       366        0
       in_multi    29      2K       2K  78643K       644        0
    ether_multi     1      0K       0K  78643K       106        0
            mrt     0      0K       0K  78643K        16        0
    ISOFS mount     1     32K      32K  78643K         1        0
  MSDOSFS mount     1     16K      16K  78643K         1        0
           ttys    85    387K     387K  78643K        85        0
           exec     0      0K       2K  78643K      1052        0
        pagedep     1      8K       8K  78643K         1        0
       inodedep     1     32K      32K  78643K         1        0
         newblk     1      0K       0K  78643K         1        0
        VM swap     7     26K      26K  78643K         7        0
       UVM amap   166    139K     155K  78643K     15191        0
       UVM aobj   132      8K       8K  78643K       199        0
        memdesc     1      4K       4K  78643K         1        0
    crypto data     1      1K       1K  78643K         1        0
    ip6_options     0      0K       0K  78643K       534        0
            NDP    21      0K       0K  78643K       155        0
           temp   189   4013K    4080K  78643K     78366        0
         kqueue     6     10K      22K  78643K       208        0
      SYN cache     2     16K      16K  78643K         2        0
ddb> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64       47    0       43     1     0     1     1     0     8    0
rtpcb       88     1134    0     1134    20    19     1     1     0     8    1
rtentry    112      363    0      335     2     0     2     2     0     8    0
unpcb      120    11599    0    11589     2     1     1     2     0     8    0
syncache   272       30    0       30    14    14     0     1     0     8    0
tcpqe       32       82    0       82     2     2     0     1     0     8    0
tcpcb      592     1347    0     1335    22    20     2     3     0     8    1
ipq         40       22    0       22     9     9     0     1     0     8    0
ipqe        40      311    0      311     9     9     0     1     0     8    0
inpcb      296     7994    0     7979    19    17     2     2     0     8    0
rttmr       72        4    0        4     2     2     0     1     0     8    0
ip6q        72        1    0        1     1     1     0     1     0     8    0
ip6af       40        2    0        2     1     1     0     1     0     8    0
nd6         48       89    0       85     2     1     1     1     0     8    0
pkpcb       40       22    0       22     8     8     0     1     0     8    0
swfcl       56        2    0        0     1     0     1     1     0     8    0
ppxss      1136      11    0       11     8     8     0     1     0     8    0
pfstscr     40       18    0       17     1     0     1     1     0     8    0
pfosfp      40        4    0        0     1     0     1     1     0     8    0
pfosfpen   112        4    0        0     1     0     1     1     0     8    0
pfrke_plain 160      33    0       33     3     3     0     1     0     8    0
pfrktable  1344     675    0      633    12     8     4     4     0     8    0
pftag       88       63    0       50     3     2     1     1     0     8    0
pfstitem    24       10    0        8     1     0     1     1     0     8    0
pfstkey    112       26    0       24     1     0     1     1     0     8    0
pfstate    328       13    0       12     1     0     1     1     0     8    0
pfrule     1360     216    0      135     8     1     7     7     0     8    0
art_heap8  4096       6    0        5     6     5     1     4     0     8    0
art_heap4  256     1658    0     1478    30    16    14    14     0     8    2
art_table   32     1664    0     1483     2     0     2     2     0     8    0
art_node    16      354    0      328     1     0     1     1     0     8    0
sysvmsgpl   40       16    0        9     1     0     1     1     0     8    0
semupl     112        2    0        2     1     1     0     1     0     8    0
semapl     112      830    0      820     1     0     1     1     0     8    0
shmpl      112      196    0       68     5     1     4     4     0     8    0
dirhash    1024      17    0       10     3     1     2     3     0     8    0
dino2pl    256     8084    0     6691    88     0    88    88     0     8    0
ffsino     240     8084    0     6691    83     0    83    83     0     8    0
nchpl      144    15427    0    13845    60     0    60    60     0     8    0
rtmask      32       20    0       20     3     3     0     1     0     8    0
uvmvnodes   72     5964    0        0   109     0   109   109     0     8    0
vnodes     208     5964    0        0   314     0   314   314     0     8    0
namei      1024   46747    0    46746     8     7     1     1     0     8    0
vcpupl     1984      18    0        0     3     0     3     3     0     8    0
vmpool     528       39    0       21     2     0     2     2     0     8    0
pfiaddrpl  120      286    0      212     6     3     3     3     0     8    0
scsiplug    72        6    0        6     5     5     0     1     0     8    0
scxspl     200    57297    0    57297     2     1     1     1     0     8    1
plimitpl   152      268    0      262     1     0     1     1     0     8    0
sigapl     424     5834    0     5786     6     0     6     6     0     8    0
futexpl     56    99984    0    99984     8     7     1     1     0     8    1
knotepl    112      554    0      534     1     0     1     1     0     8    0
kqueuepl   152      507    0      499     1     0     1     1     0     8    0
pipepl     272      637    0      626    13    11     2     2     0     8    1
fdescpl    432     5797    0     5785     2     0     2     2     0     8    0
filepl     120    42188    0    42099    10     6     4     5     0     8    1
lockfpl    104     9673    0     9673     6     5     1     1     0     8    1
lockfspl    48     1273    0     1273     6     5     1     1     0     8    1
sessionpl  120       36    0       28     1     0     1     1     0     8    0
pgrppl      48       64    0       56     1     0     1     1     0     8    0
ucredpl     96     2870    0     2864     1     0     1     1     0     8    0
zombiepl   144     5786    0     5786     2     1     1     1     0     8    1
processpl  944     5834    0     5786     8     1     7     7     0     8    0
procpl     632    14045    0    13990    15     9     6     6     0     8    0
sosppl     144       51    0       51    17    17     0     1     0     8    0
sockpl     400    20756    0    20731    38    34     4     5     0     8    1
mcl64k     65536   1008    0     1008   119   103    16    65     0     8   16
mcl16k     16384     24    0       24    16    16     0     1     0     8    0
mcl12k     12288    138    0      138    27    27     0     1     0     8    0
mcl9k      9216      82    0       82    34    34     0     1     0     8    0
mcl8k      8192     150    0      150    23    23     0     1     0     8    0
mcl4k      4096     373    0      373    19    18     1     1     0     8    1
mcl2k2     2112      31    0       31    23    23     0     1     0     8    0
mcl2k      2048   98884    0    98842    19    13     6    14     0     8    0
mtagpl      96      556    0      544     9     8     1     5     0     8    0
mbufpl     256   190882    0   190643   130   114    16    38     0     8    0
bufpl      280    16966    0    10995   428     1   427   427     0     8    0
anonpl      16   582439    0   564227   212   126    86    99     0   107    2
amapchunkpl 152   30197    0    30009   133   111    22    22     0   158   13
amappl16   192    22284    0    21193   190   133    57    67     0     8    2
amappl15   184      620    0      615     1     0     1     1     0     8    0
amappl14   176      499    0      494     1     0     1     1     0     8    0
amappl13   168     2074    0     2073     1     0     1     1     0     8    0
amappl12   160      369    0      364     2     1     1     1     0     8    0
amappl11   152     1076    0     1072     1     0     1     1     0     8    0
amappl10   144      631    0      628     1     0     1     1     0     8    0
amappl9    136      838    0      837     1     0     1     1     0     8    0
amappl8    128      918    0      849     3     0     3     3     0     8    0
amappl7    120     1005    0      999     1     0     1     1     0     8    0
amappl6    112     1194    0     1176     1     0     1     1     0     8    0
amappl5    104     5116    0     5106     1     0     1     1     0     8    0
amappl4     96     3249    0     3219     1     0     1     1     0     8    0
amappl3     88      749    0      743     1     0     1     1     0     8    0
amappl2     80    40286    0    40222     2     0     2     2     0     8    0
amappl1     72   166599    0   166196    22    12    10    18     0     8    0
amappl      80    14568    0    14509     2     0     2     2     0    84    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      64      198    0       67     3     0     3     3     0     8    0
uaddrrnd    24     5836    0     5806     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     5836    0     5806     1     0     1     1     0     8    0
vmmpekpl   168    36359    0    36321     2     0     2     2     0     8    0
vmmpepl    168   736647    0   734421   479   370   109   146     0   357    3
vmsppl     272     5835    0     5806     4     1     3     3     0     8    1
pdppl      4096   11678    0    11630    10     3     7     7     0     8    0
pvpl        32  1600235    0  1579793   648   354   294   329     0   265  110
pmappl     200     5835    0     5806     3     1     2     2     0     8    0
extentpl    40       53    0       36     1     0     1     1     0     8    0
phpool     112      633    0      382    10     0    10    10     0     8    0
ddb> machine ddbcpu 0
No such command
ddb> trace
nd6_dad_duplicated(0) at nd6_dad_duplicated+0x28 sys/netinet6/nd6_nbr.c:1265
nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 nd6_dad_ns_input sys/netinet6/nd6_nbr.c:1342 [inline]
nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 sys/netinet6/nd6_nbr.c:301
icmp6_input(ffff80001d675fe8,ffff80001d675ff4,3a,18) at icmp6_input+0xa25 sys/netinet6/icmp6.c:687
ip_deliver(ffff80001d675fe8,ffff80001d675ff4,3a,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:604
ip6_input_if(ffff80001d675fe8,ffff80001d675ff4,29,0,ffff800000679000) at ip6_input_if+0xee1
ipv6_input(ffff800000679000,fffffd80532d4f00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171
if_input_local(ffff800000679000,fffffd80532d4f00,18) at if_input_local+0x11d sys/net/if.c:771
loinput(ffff800000679000,fffffd80532d4f00) at loinput+0x4d sys/net/if_loop.c:238
if_input_process(ffff800000679000,ffff80001d676128) at if_input_process+0xd2 sys/net/if.c:830
ifiq_process(ffff8000006793f0) at ifiq_process+0x80 sys/net/ifq.c:768
taskq_thread(ffff80000002b080) at taskq_thread+0x8d sys/kern/kern_task.c:449
end trace frame: 0x0, count: -11
ddb> machine ddbcpu 1
No such command
ddb> trace
nd6_dad_duplicated(0) at nd6_dad_duplicated+0x28 sys/netinet6/nd6_nbr.c:1265
nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 nd6_dad_ns_input sys/netinet6/nd6_nbr.c:1342 [inline]
nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 sys/netinet6/nd6_nbr.c:301
icmp6_input(ffff80001d675fe8,ffff80001d675ff4,3a,18) at icmp6_input+0xa25 sys/netinet6/icmp6.c:687
ip_deliver(ffff80001d675fe8,ffff80001d675ff4,3a,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:604
ip6_input_if(ffff80001d675fe8,ffff80001d675ff4,29,0,ffff800000679000) at ip6_input_if+0xee1
ipv6_input(ffff800000679000,fffffd80532d4f00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171
if_input_local(ffff800000679000,fffffd80532d4f00,18) at if_input_local+0x11d sys/net/if.c:771
loinput(ffff800000679000,fffffd80532d4f00) at loinput+0x4d sys/net/if_loop.c:238
if_input_process(ffff800000679000,ffff80001d676128) at if_input_process+0xd2 sys/net/if.c:830
ifiq_process(ffff8000006793f0) at ifiq_process+0x80 sys/net/ifq.c:768
taskq_thread(ffff80000002b080) at taskq_thread+0x8d sys/kern/kern_task.c:449
end trace frame: 0x0, count: -11

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/08/08 01:32 openbsd 42858fb0ce8a bb468f32 .config console log report ci-openbsd-main
* Struck through repros no longer work on HEAD.