From nobody Sat Sep 09 16:45:45 2023
X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rjf4K66G6z4tMhb
	for <freebsd-net@mlmmj.nyi.freebsd.org>; Sat,  9 Sep 2023 16:45:53 +0000 (UTC)
	(envelope-from pho@FreeBSD.org)
Received: from kaskal.pair.com (kaskal.pair.com [209.68.5.173])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Rjf4J4ZHMz3Gr0
	for <freebsd-net@freebsd.org>; Sat,  9 Sep 2023 16:45:52 +0000 (UTC)
	(envelope-from pho@FreeBSD.org)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=softfail (mx1.freebsd.org: 209.68.5.173 is neither permitted nor denied by domain of pho@FreeBSD.org) smtp.mailfrom=pho@FreeBSD.org;
	dmarc=none
Received: from kaskal.pair.com (localhost [127.0.0.1])
	by kaskal.pair.com (Postfix) with ESMTP id 88DB2D65686
	for <freebsd-net@freebsd.org>; Sat,  9 Sep 2023 12:45:51 -0400 (EDT)
Received: from Peters-MacBook-Air.local (unknown [88.128.92.139])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by kaskal.pair.com (Postfix) with ESMTPSA id 1929DD8D653
	for <freebsd-net@freebsd.org>; Sat,  9 Sep 2023 12:45:50 -0400 (EDT)
Date: Sat, 9 Sep 2023 18:45:45 +0200
From: Peter Holm <pho@FreeBSD.org>
To: freebsd-net@freebsd.org
Subject: A syzkaller regression test triggered a panic
Message-ID: <ZPyhOXSjcPgb1evY@Peters-MacBook-Air.local>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Scanned-By: mailmunge 3.11 on 209.68.5.173
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.20 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_LOW(-0.10)[209.68.5.173:from];
	R_DKIM_NA(0.00)[];
	DMARC_NA(0.00)[freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	ASN(0.00)[asn:7859, ipnet:209.68.0.0/18, country:US];
	MIME_TRACE(0.00)[0:+];
	MLMMJ_DEST(0.00)[freebsd-net@freebsd.org];
	ARC_NA(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	FREEFALL_USER(0.00)[pho];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
	R_SPF_SOFTFAIL(0.00)[~all];
	TO_DOM_EQ_FROM_DOM(0.00)[]
X-Rspamd-Queue-Id: 4Rjf4J4ZHMz3Gr0

Fatal trap 9: general protection fault while in kernel mode
cpuid = 1; apic id = 01
instruction pointer     = 0x20:0xffffffff80d21330
stack pointer           = 0x28:0xfffffe01d39b9b20
frame pointer           = 0x28:0xfffffe01d39b9b40
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 30447 (syzkaller24)
rdi: deadc0dedeadc0de rsi: fffff80070830800 rdx: 0000000000000000
rcx: fffff807ecfcd660  r8: 00000000000000fe  r9: fffffe0037804218
rax: fffff807ecfcd600 rbx: fffff8039ed87c40 rbp: fffffe01d39b9b40
r10: fffff80070830800 r11: fffff8082001a800 r12: fffff807ecfcd600
r13: fffff8015bf5f8c0 r14: 0000000000000000 r15: 0000000000000000
trap number             = 9
panic: general protection fault
cpuid = 1
time = 1694207336
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01d39b9860
vpanic() at vpanic+0x132/frame 0xfffffe01d39b9990
panic() at panic+0x43/frame 0xfffffe01d39b99f0
trap_fatal() at trap_fatal+0x40c/frame 0xfffffe01d39b9a50
calltrap() at calltrap+0x8/frame 0xfffffe01d39b9a50
--- trap 0x9, rip = 0xffffffff80d21330, rsp = 0xfffffe01d39b9b20, rbp = 0xfffffe01d39b9b40 ---
ip_mfilter_free() at ip_mfilter_free+0x1a0/frame 0xfffffe01d39b9b40
inp_freemoptions() at inp_freemoptions+0x85/frame 0xfffffe01d39b9b80
sorele_locked() at sorele_locked+0xf7/frame 0xfffffe01d39b9bb0
soclose() at soclose+0x17d/frame 0xfffffe01d39b9c10
_fdrop() at _fdrop+0x1b/frame 0xfffffe01d39b9c30
closef() at closef+0x1e3/frame 0xfffffe01d39b9cc0
fdescfree() at fdescfree+0x41a/frame 0xfffffe01d39b9d80
exit1() at exit1+0x4a1/frame 0xfffffe01d39b9df0
sys_exit() at sys_exit+0xd/frame 0xfffffe01d39b9e00
amd64_syscall() at amd64_syscall+0x14f/frame 0xfffffe01d39b9f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01d39b9f30
--- syscall (1, FreeBSD ELF64, exit), rip = 0x822150e6a, rsp = 0x820d6b1f8, rbp = 0x820d6b210 ---
KDB: enter: panic
[ thread pid 30447 tid 131724 ]
Stopped at      kdb_enter+0x32: movq    $0,0xe275d3(%rip)
db>

Details @ https://people.freebsd.org/~pho/stress/log/log0487.txt

-Peter