panic: Duplicate free of ADDR from zone ADDR(mbuf) slab ADDR(8)
已查看 10 次
跳至第一个未读帖子
syzbot
2019年3月18日 10:45:052019/3/18
收件人 syzkaller-f...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b24a98cb Revert r345244 for now.
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15ff9af7200000
dashboard link: https://syzkaller.appspot.com/bug?extid=3b44abc8ab5f48beb411
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=114a922b200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ec44ef200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3b44ab...@syzkaller.appspotmail.com
panic: Duplicate free of 0xfffff800049ad800 from zone
0xfffff800041e82c0(mbuf) slab 0xfffff800049adf90(8)
cpuid = 0
time = 1552920091
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
0xfffffe0016b2c4a0
vpanic() at vpanic+0x1e0/frame 0xfffffe0016b2c500
panic() at panic+0x43/frame 0xfffffe0016b2c560
uma_dbg_free() at uma_dbg_free+0x246/frame 0xfffffe0016b2c5b0
uma_zfree_arg() at uma_zfree_arg+0x1aa/frame 0xfffffe0016b2c640
uipc_ready() at uipc_ready+0x19f/frame 0xfffffe0016b2c690
sendfile_iodone() at sendfile_iodone+0x342/frame 0xfffffe0016b2c6f0
vnode_pager_generic_getpages_done_async() at
vnode_pager_generic_getpages_done_async+0x4a/frame 0xfffffe0016b2c720
bufdone() at bufdone+0xa1/frame 0xfffffe0016b2c7a0
g_io_deliver() at g_io_deliver+0x35b/frame 0xfffffe0016b2c800
g_io_deliver() at g_io_deliver+0x35b/frame 0xfffffe0016b2c860
g_io_deliver() at g_io_deliver+0x35b/frame 0xfffffe0016b2c8c0
g_disk_done() at g_disk_done+0x179/frame 0xfffffe0016b2c910
dadone() at dadone+0x655/frame 0xfffffe0016b2c9a0
xpt_done_process() at xpt_done_process+0x5b2/frame 0xfffffe0016b2ca00
xpt_done_td() at xpt_done_td+0x175/frame 0xfffffe0016b2ca60
fork_exit() at fork_exit+0xb0/frame 0xfffffe0016b2cab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0016b2cab0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 5 tid 100031 ]
Stopped at kdb_enter+0x6a: movq $0,kdb_why
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: b24a98cb Revert r345244 for now.
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15ff9af7200000
dashboard link: https://syzkaller.appspot.com/bug?extid=3b44abc8ab5f48beb411
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=114a922b200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ec44ef200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3b44ab...@syzkaller.appspotmail.com
panic: Duplicate free of 0xfffff800049ad800 from zone
0xfffff800041e82c0(mbuf) slab 0xfffff800049adf90(8)
cpuid = 0
time = 1552920091
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
0xfffffe0016b2c4a0
vpanic() at vpanic+0x1e0/frame 0xfffffe0016b2c500
panic() at panic+0x43/frame 0xfffffe0016b2c560
uma_dbg_free() at uma_dbg_free+0x246/frame 0xfffffe0016b2c5b0
uma_zfree_arg() at uma_zfree_arg+0x1aa/frame 0xfffffe0016b2c640
uipc_ready() at uipc_ready+0x19f/frame 0xfffffe0016b2c690
sendfile_iodone() at sendfile_iodone+0x342/frame 0xfffffe0016b2c6f0
vnode_pager_generic_getpages_done_async() at
vnode_pager_generic_getpages_done_async+0x4a/frame 0xfffffe0016b2c720
bufdone() at bufdone+0xa1/frame 0xfffffe0016b2c7a0
g_io_deliver() at g_io_deliver+0x35b/frame 0xfffffe0016b2c800
g_io_deliver() at g_io_deliver+0x35b/frame 0xfffffe0016b2c860
g_io_deliver() at g_io_deliver+0x35b/frame 0xfffffe0016b2c8c0
g_disk_done() at g_disk_done+0x179/frame 0xfffffe0016b2c910
dadone() at dadone+0x655/frame 0xfffffe0016b2c9a0
xpt_done_process() at xpt_done_process+0x5b2/frame 0xfffffe0016b2ca00
xpt_done_td() at xpt_done_td+0x175/frame 0xfffffe0016b2ca60
fork_exit() at fork_exit+0xb0/frame 0xfffffe0016b2cab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0016b2cab0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 5 tid 100031 ]
Stopped at kdb_enter+0x6a: movq $0,kdb_why
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Mark Johnston
2020年4月10日 16:44:062020/4/10
收件人 syzbot、syzkaller-f...@googlegroups.com
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzk...@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
>
> You received this message because you are subscribed to the Google Groups "syzkaller-freebsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-freebsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-freebsd-bugs/0000000000001e947405845f6fff%40google.com.
> For more options, visit https://groups.google.com/d/optout.
回复全部
回复作者
转发
0 个新帖子