pool: free list modified: filepl
1 view
Skip to first unread message
syzbot
Jun 8, 2020, 10:09:18 AM6/8/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: c349dbc7 update drm to linux 5.7
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=112b4196100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=b257831e5c342428326c
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b25783...@syzkaller.appspotmail.com
panic: pool_do_get: filepl free list modified: page 0xfffffd8057c24000; item addr 0xfffffd8057c24018; offset 0x0=0xeb4457d600000000 != 0xeb4457d617932e96
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 16644 41212 0 0x10 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8244f00b) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8281bd40,9,ffff80001d79df18) at pool_do_get+0x42a sys/kern/subr_pool.c:738
pool_get(ffffffff8281bd40,9) at pool_get+0xb5 sys/kern/subr_pool.c:581
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 fnew sys/kern/kern_descrip.c:1048 [inline]
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 sys/kern/kern_descrip.c:1022
sys_socketpair(ffff80001d718600,ffff80001d79e098,ffff80001d79e0e0) at sys_socketpair+0x1b0 sys/kern/uipc_syscalls.c:452
syscall(ffff80001d79e160) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5b6bdba9e70, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
pool_do_get: filepl free list modified: page 0xfffffd8057c24000; item addr 0xfffffd8057c24018; offset 0x0=0xeb4457d600000000 != 0xeb4457d617932e96
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8244f00b) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8281bd40,9,ffff80001d79df18) at pool_do_get+0x42a sys/kern/subr_pool.c:738
pool_get(ffffffff8281bd40,9) at pool_get+0xb5 sys/kern/subr_pool.c:581
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 fnew sys/kern/kern_descrip.c:1048 [inline]
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 sys/kern/kern_descrip.c:1022
sys_socketpair(ffff80001d718600,ffff80001d79e098,ffff80001d79e0e0) at sys_socketpair+0x1b0 sys/kern/uipc_syscalls.c:452
syscall(ffff80001d79e160) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5b6bdba9e70, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001d79dd80
rbx 0xffff80001d79de30
rdx 0x2
rcx 0
rax 0x1
r8 0xffffffff81ad64bf kprintf+0x15f
r9 0x1
r10 0x2
r11 0x4f7c3197fbbb3b70
r12 0x3000000008
r13 0xffff80001d79dd90
r14 0x100
r15 0x1
rip 0xffffffff8181e468 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001d79dd70
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=16644 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff80001d718ae0,0xffffffff8283c0a8
process=0xffff8000ffffb938 user=0xffff80001d799000, vmspace=0xfffffd806bc0abb0
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
41212 128217 18379 0 2 0x10 syz-executor.0
*41212 16644 18379 0 7 0x4000010 syz-executor.0
44222 4517 0 0 3 0x14200 bored sosplice
18379 5491 28896 0 3 0x82 nanosleep syz-executor.0
41141 329615 28896 0 3 0x2 biowait syz-executor.1
28896 404319 49756 0 3 0x82 thrsleep syz-fuzzer
28896 56191 49756 0 3 0x4000082 nanosleep syz-fuzzer
28896 38718 49756 0 3 0x4000082 kqread syz-fuzzer
28896 101458 49756 0 3 0x4000082 thrsleep syz-fuzzer
28896 52003 49756 0 3 0x4000082 thrsleep syz-fuzzer
28896 407590 49756 0 3 0x4000082 thrsleep syz-fuzzer
28896 98831 49756 0 3 0x4000082 thrsleep syz-fuzzer
49756 416169 2532 0 3 0x10008a pause ksh
2532 139792 18637 0 3 0x92 select sshd
41620 252306 1 0 3 0x100083 ttyin getty
18637 44213 1 0 3 0x80 select sshd
81738 493847 57804 73 3 0x100090 kqread syslogd
57804 278591 1 0 3 0x100082 netio syslogd
83472 490126 1 77 3 0x100090 poll dhclient
54691 141175 1 0 3 0x80 poll dhclient
79027 72741 0 0 3 0x14200 bored smr
79152 422833 0 0 2 0x14200 zerothread
30978 458195 0 0 3 0x14200 aiodoned aiodoned
57758 36054 0 0 3 0x14200 syncer update
21212 439904 0 0 3 0x14200 cleaner cleaner
98894 298939 0 0 3 0x14200 reaper reaper
33222 74314 0 0 3 0x14200 pgdaemon pagedaemon
67190 447547 0 0 3 0x14200 bored crynlk
44184 100202 0 0 3 0x14200 bored crypto
40140 509372 0 0 3 0x40014200 acpi0 acpi0
13360 486541 0 0 3 0x14200 bored softnet
4292 261775 0 0 3 0x14200 bored systqmp
87655 29191 0 0 3 0x14200 bored systq
67778 244903 0 0 3 0x40014200 bored softclock
4571 483547 0 0 3 0x40014200 idle0
1 467599 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9469 6330K 6588K 78643K 10779 0
pcb 13 8K 8K 78643K 43 0
rtable 86 3K 7K 78643K 274 0
ifaddr 45 10K 11K 78643K 87 0
counters 20 16K 16K 78643K 25 0
ioctlops 0 0K 4K 78643K 29 0
iov 0 0K 16K 78643K 30 0
mount 1 1K 1K 78643K 1 0
vnodes 1218 77K 77K 78643K 1279 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 3 0
VM map 2 0K 0K 78643K 2 0
sem 11 1K 1K 78643K 21 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 5 13K 25K 78643K 164 0
sigio 0 0K 0K 78643K 13 0
proc 48 38K 63K 78643K 380 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 11 0
in_multi 22 1K 2K 78643K 44 0
ether_multi 1 0K 0K 78643K 5 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 37 175K 175K 78643K 37 0
exec 0 0K 1K 78643K 214 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 125 39K 39K 78643K 1253 0
UVM aobj 6 2K 2K 78643K 10 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 10 0
NDP 7 0K 0K 78643K 16 0
temp 90 3846K 3911K 78643K 3953 0
kqueue 3 4K 8K 78643K 11 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 2 1 0 1 1 0 8 0
rtpcb 80 123 0 121 1 0 1 1 0 8 0
rtentry 112 45 0 12 2 0 2 2 0 8 0
unpcb 120 85 0 57 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 140 0 140 1 1 0 1 0 8 0
tcpcb 544 67 0 63 1 0 1 1 0 8 0
inpcb 280 241 0 234 2 0 2 2 0 8 1
nd6 48 6 0 3 1 0 1 1 0 8 0
ppxss 1128 1 0 1 1 1 0 1 0 8 0
pfrktable 1344 20 0 20 1 1 0 1 0 8 0
pftag 88 4 0 4 1 1 0 1 0 8 0
pfrule 1360 5 0 5 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 189 0 44 12 1 11 12 0 8 0
art_table 32 190 0 44 2 0 2 2 0 8 0
art_node 16 44 0 14 1 0 1 1 0 8 0
sysvmsgpl 40 14 0 7 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 9 0 0 1 0 1 1 0 8 0
shmpl 112 8 0 4 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1607 0 208 88 0 88 88 0 8 0
ffsino 240 1607 0 208 83 0 83 83 0 8 0
nchpl 144 2012 0 410 60 0 60 60 0 8 0
uvmvnodes 72 1694 0 0 31 0 31 31 0 8 0
vnodes 208 1694 0 0 90 0 90 90 0 8 0
namei 1024 5145 0 5144 1 0 1 1 0 8 0
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 528 2 0 0 1 0 1 1 0 8 0
pfiaddrpl 120 6 0 6 1 1 0 1 0 8 0
scxspl 192 6207 0 6206 1 0 1 1 0 8 0
plimitpl 152 20 0 13 1 0 1 1 0 8 0
sigapl 424 351 0 322 4 0 4 4 0 8 0
futexpl 56 2726 0 2726 1 0 1 1 0 8 1
knotepl 112 77 0 58 1 0 1 1 0 8 0
kqueuepl 144 21 0 19 1 0 1 1 0 8 0
pipelkpl 16 91 0 81 1 0 1 1 0 8 0
pipepl 120 182 0 163 1 0 1 1 0 8 0
fdescpl 432 336 0 322 2 0 2 2 0 8 0
filepl 120 1936 0 1822 4 0 4 4 0 8 0
filepl: pool(0xffffffff8281bd40:filepl): free list modified: page 0xfffffd8057c24000; item ordinal 0; addr 0xfffffd8057c24018 (p 0xfffffd8057c24000); offset 0x0=0xeb4457d600000000
lockfpl 104 36 0 34 1 0 1 1 0 8 0
lockfspl 48 15 0 13 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 17 0 7 1 0 1 1 0 8 0
ucredpl 96 153 0 141 1 0 1 1 0 8 0
zombiepl 144 322 0 322 1 0 1 1 0 8 1
processpl 920 351 0 322 4 0 4 4 0 8 0
procpl 624 533 0 497 4 0 4 4 0 8 1
sosppl 128 2 0 2 1 0 1 1 0 8 1
sockpl 400 449 0 412 4 0 4 4 0 8 0
mcl64k 65536 10 0 10 1 0 1 1 0 8 1
mcl16k 16384 2 0 2 2 1 1 1 0 8 1
mcl12k 12288 6 0 6 1 0 1 1 0 8 1
mcl9k 9216 6 0 6 1 0 1 1 0 8 1
mcl8k 8192 2 0 2 1 0 1 1 0 8 1
mcl4k 4096 24 0 24 1 0 1 1 0 8 1
mcl2k 2048 73512 0 73470 13 7 6 12 0 8 0
mtagpl 80 15 0 9 2 1 1 1 0 8 0
mbufpl 256 117373 0 117289 11 4 7 10 0 8 0
bufpl 280 3726 0 125 258 0 258 258 0 8 0
anonpl 16 46633 0 31919 62 1 61 61 0 107 1
amapchunkpl 152 1563 0 1433 8 2 6 8 0 158 0
amappl16 192 1538 0 738 42 0 42 42 0 8 1
amappl15 184 2 0 1 1 0 1 1 0 8 0
amappl14 176 94 0 87 1 0 1 1 0 8 0
amappl13 168 27 0 24 1 0 1 1 0 8 0
amappl12 160 68 0 65 2 1 1 1 0 8 0
amappl11 152 53 0 43 1 0 1 1 0 8 0
amappl10 144 20 0 11 1 0 1 1 0 8 0
amappl9 136 377 0 373 1 0 1 1 0 8 0
amappl8 128 315 0 277 2 0 2 2 0 8 0
amappl7 120 107 0 94 1 0 1 1 0 8 0
amappl6 112 23 0 18 1 0 1 1 0 8 0
amappl5 104 342 0 331 1 0 1 1 0 8 0
amappl4 96 425 0 395 1 0 1 1 0 8 0
amappl3 88 180 0 174 1 0 1 1 0 8 0
amappl2 80 1863 0 1797 2 0 2 2 0 8 0
amappl1 72 15460 0 15038 22 13 9 17 0 8 0
amappl 80 777 0 736 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 9 0 4 1 0 1 1 0 8 0
uaddrrnd 24 338 0 322 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 338 0 322 1 0 1 1 0 8 0
vmmpekpl 168 6271 0 6243 2 0 2 2 0 8 0
vmmpepl 168 47204 0 45305 109 13 96 105 0 357 13
vmsppl 272 337 0 322 3 1 2 2 0 8 1
pdppl 4096 682 0 646 6 1 5 6 0 8 0
pvpl 32 155564 0 137874 149 0 149 149 0 265 5
pmappl 200 337 0 322 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 238 0 17 7 0 7 7 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8244f00b) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8281bd40,9,ffff80001d79df18) at pool_do_get+0x42a sys/kern/subr_pool.c:738
pool_get(ffffffff8281bd40,9) at pool_get+0xb5 sys/kern/subr_pool.c:581
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 fnew sys/kern/kern_descrip.c:1048 [inline]
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 sys/kern/kern_descrip.c:1022
sys_socketpair(ffff80001d718600,ffff80001d79e098,ffff80001d79e0e0) at sys_socketpair+0x1b0 sys/kern/uipc_syscalls.c:452
syscall(ffff80001d79e160) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5b6bdba9e70, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8244f00b) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8281bd40,9,ffff80001d79df18) at pool_do_get+0x42a sys/kern/subr_pool.c:738
pool_get(ffffffff8281bd40,9) at pool_get+0xb5 sys/kern/subr_pool.c:581
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 fnew sys/kern/kern_descrip.c:1048 [inline]
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 sys/kern/kern_descrip.c:1022
sys_socketpair(ffff80001d718600,ffff80001d79e098,ffff80001d79e0e0) at sys_socketpair+0x1b0 sys/kern/uipc_syscalls.c:452
syscall(ffff80001d79e160) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5b6bdba9e70, count: -8
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: c349dbc7 update drm to linux 5.7
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=112b4196100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=b257831e5c342428326c
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b25783...@syzkaller.appspotmail.com
panic: pool_do_get: filepl free list modified: page 0xfffffd8057c24000; item addr 0xfffffd8057c24018; offset 0x0=0xeb4457d600000000 != 0xeb4457d617932e96
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 16644 41212 0 0x10 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8244f00b) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8281bd40,9,ffff80001d79df18) at pool_do_get+0x42a sys/kern/subr_pool.c:738
pool_get(ffffffff8281bd40,9) at pool_get+0xb5 sys/kern/subr_pool.c:581
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 fnew sys/kern/kern_descrip.c:1048 [inline]
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 sys/kern/kern_descrip.c:1022
sys_socketpair(ffff80001d718600,ffff80001d79e098,ffff80001d79e0e0) at sys_socketpair+0x1b0 sys/kern/uipc_syscalls.c:452
syscall(ffff80001d79e160) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5b6bdba9e70, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
pool_do_get: filepl free list modified: page 0xfffffd8057c24000; item addr 0xfffffd8057c24018; offset 0x0=0xeb4457d600000000 != 0xeb4457d617932e96
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8244f00b) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8281bd40,9,ffff80001d79df18) at pool_do_get+0x42a sys/kern/subr_pool.c:738
pool_get(ffffffff8281bd40,9) at pool_get+0xb5 sys/kern/subr_pool.c:581
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 fnew sys/kern/kern_descrip.c:1048 [inline]
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 sys/kern/kern_descrip.c:1022
sys_socketpair(ffff80001d718600,ffff80001d79e098,ffff80001d79e0e0) at sys_socketpair+0x1b0 sys/kern/uipc_syscalls.c:452
syscall(ffff80001d79e160) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5b6bdba9e70, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001d79dd80
rbx 0xffff80001d79de30
rdx 0x2
rcx 0
rax 0x1
r8 0xffffffff81ad64bf kprintf+0x15f
r9 0x1
r10 0x2
r11 0x4f7c3197fbbb3b70
r12 0x3000000008
r13 0xffff80001d79dd90
r14 0x100
r15 0x1
rip 0xffffffff8181e468 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001d79dd70
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=16644 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff80001d718ae0,0xffffffff8283c0a8
process=0xffff8000ffffb938 user=0xffff80001d799000, vmspace=0xfffffd806bc0abb0
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
41212 128217 18379 0 2 0x10 syz-executor.0
*41212 16644 18379 0 7 0x4000010 syz-executor.0
44222 4517 0 0 3 0x14200 bored sosplice
18379 5491 28896 0 3 0x82 nanosleep syz-executor.0
41141 329615 28896 0 3 0x2 biowait syz-executor.1
28896 404319 49756 0 3 0x82 thrsleep syz-fuzzer
28896 56191 49756 0 3 0x4000082 nanosleep syz-fuzzer
28896 38718 49756 0 3 0x4000082 kqread syz-fuzzer
28896 101458 49756 0 3 0x4000082 thrsleep syz-fuzzer
28896 52003 49756 0 3 0x4000082 thrsleep syz-fuzzer
28896 407590 49756 0 3 0x4000082 thrsleep syz-fuzzer
28896 98831 49756 0 3 0x4000082 thrsleep syz-fuzzer
49756 416169 2532 0 3 0x10008a pause ksh
2532 139792 18637 0 3 0x92 select sshd
41620 252306 1 0 3 0x100083 ttyin getty
18637 44213 1 0 3 0x80 select sshd
81738 493847 57804 73 3 0x100090 kqread syslogd
57804 278591 1 0 3 0x100082 netio syslogd
83472 490126 1 77 3 0x100090 poll dhclient
54691 141175 1 0 3 0x80 poll dhclient
79027 72741 0 0 3 0x14200 bored smr
79152 422833 0 0 2 0x14200 zerothread
30978 458195 0 0 3 0x14200 aiodoned aiodoned
57758 36054 0 0 3 0x14200 syncer update
21212 439904 0 0 3 0x14200 cleaner cleaner
98894 298939 0 0 3 0x14200 reaper reaper
33222 74314 0 0 3 0x14200 pgdaemon pagedaemon
67190 447547 0 0 3 0x14200 bored crynlk
44184 100202 0 0 3 0x14200 bored crypto
40140 509372 0 0 3 0x40014200 acpi0 acpi0
13360 486541 0 0 3 0x14200 bored softnet
4292 261775 0 0 3 0x14200 bored systqmp
87655 29191 0 0 3 0x14200 bored systq
67778 244903 0 0 3 0x40014200 bored softclock
4571 483547 0 0 3 0x40014200 idle0
1 467599 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9469 6330K 6588K 78643K 10779 0
pcb 13 8K 8K 78643K 43 0
rtable 86 3K 7K 78643K 274 0
ifaddr 45 10K 11K 78643K 87 0
counters 20 16K 16K 78643K 25 0
ioctlops 0 0K 4K 78643K 29 0
iov 0 0K 16K 78643K 30 0
mount 1 1K 1K 78643K 1 0
vnodes 1218 77K 77K 78643K 1279 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 3 0
VM map 2 0K 0K 78643K 2 0
sem 11 1K 1K 78643K 21 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 5 13K 25K 78643K 164 0
sigio 0 0K 0K 78643K 13 0
proc 48 38K 63K 78643K 380 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 11 0
in_multi 22 1K 2K 78643K 44 0
ether_multi 1 0K 0K 78643K 5 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 37 175K 175K 78643K 37 0
exec 0 0K 1K 78643K 214 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 125 39K 39K 78643K 1253 0
UVM aobj 6 2K 2K 78643K 10 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 10 0
NDP 7 0K 0K 78643K 16 0
temp 90 3846K 3911K 78643K 3953 0
kqueue 3 4K 8K 78643K 11 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 2 1 0 1 1 0 8 0
rtpcb 80 123 0 121 1 0 1 1 0 8 0
rtentry 112 45 0 12 2 0 2 2 0 8 0
unpcb 120 85 0 57 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 140 0 140 1 1 0 1 0 8 0
tcpcb 544 67 0 63 1 0 1 1 0 8 0
inpcb 280 241 0 234 2 0 2 2 0 8 1
nd6 48 6 0 3 1 0 1 1 0 8 0
ppxss 1128 1 0 1 1 1 0 1 0 8 0
pfrktable 1344 20 0 20 1 1 0 1 0 8 0
pftag 88 4 0 4 1 1 0 1 0 8 0
pfrule 1360 5 0 5 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 189 0 44 12 1 11 12 0 8 0
art_table 32 190 0 44 2 0 2 2 0 8 0
art_node 16 44 0 14 1 0 1 1 0 8 0
sysvmsgpl 40 14 0 7 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 9 0 0 1 0 1 1 0 8 0
shmpl 112 8 0 4 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1607 0 208 88 0 88 88 0 8 0
ffsino 240 1607 0 208 83 0 83 83 0 8 0
nchpl 144 2012 0 410 60 0 60 60 0 8 0
uvmvnodes 72 1694 0 0 31 0 31 31 0 8 0
vnodes 208 1694 0 0 90 0 90 90 0 8 0
namei 1024 5145 0 5144 1 0 1 1 0 8 0
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 528 2 0 0 1 0 1 1 0 8 0
pfiaddrpl 120 6 0 6 1 1 0 1 0 8 0
scxspl 192 6207 0 6206 1 0 1 1 0 8 0
plimitpl 152 20 0 13 1 0 1 1 0 8 0
sigapl 424 351 0 322 4 0 4 4 0 8 0
futexpl 56 2726 0 2726 1 0 1 1 0 8 1
knotepl 112 77 0 58 1 0 1 1 0 8 0
kqueuepl 144 21 0 19 1 0 1 1 0 8 0
pipelkpl 16 91 0 81 1 0 1 1 0 8 0
pipepl 120 182 0 163 1 0 1 1 0 8 0
fdescpl 432 336 0 322 2 0 2 2 0 8 0
filepl 120 1936 0 1822 4 0 4 4 0 8 0
filepl: pool(0xffffffff8281bd40:filepl): free list modified: page 0xfffffd8057c24000; item ordinal 0; addr 0xfffffd8057c24018 (p 0xfffffd8057c24000); offset 0x0=0xeb4457d600000000
lockfpl 104 36 0 34 1 0 1 1 0 8 0
lockfspl 48 15 0 13 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 17 0 7 1 0 1 1 0 8 0
ucredpl 96 153 0 141 1 0 1 1 0 8 0
zombiepl 144 322 0 322 1 0 1 1 0 8 1
processpl 920 351 0 322 4 0 4 4 0 8 0
procpl 624 533 0 497 4 0 4 4 0 8 1
sosppl 128 2 0 2 1 0 1 1 0 8 1
sockpl 400 449 0 412 4 0 4 4 0 8 0
mcl64k 65536 10 0 10 1 0 1 1 0 8 1
mcl16k 16384 2 0 2 2 1 1 1 0 8 1
mcl12k 12288 6 0 6 1 0 1 1 0 8 1
mcl9k 9216 6 0 6 1 0 1 1 0 8 1
mcl8k 8192 2 0 2 1 0 1 1 0 8 1
mcl4k 4096 24 0 24 1 0 1 1 0 8 1
mcl2k 2048 73512 0 73470 13 7 6 12 0 8 0
mtagpl 80 15 0 9 2 1 1 1 0 8 0
mbufpl 256 117373 0 117289 11 4 7 10 0 8 0
bufpl 280 3726 0 125 258 0 258 258 0 8 0
anonpl 16 46633 0 31919 62 1 61 61 0 107 1
amapchunkpl 152 1563 0 1433 8 2 6 8 0 158 0
amappl16 192 1538 0 738 42 0 42 42 0 8 1
amappl15 184 2 0 1 1 0 1 1 0 8 0
amappl14 176 94 0 87 1 0 1 1 0 8 0
amappl13 168 27 0 24 1 0 1 1 0 8 0
amappl12 160 68 0 65 2 1 1 1 0 8 0
amappl11 152 53 0 43 1 0 1 1 0 8 0
amappl10 144 20 0 11 1 0 1 1 0 8 0
amappl9 136 377 0 373 1 0 1 1 0 8 0
amappl8 128 315 0 277 2 0 2 2 0 8 0
amappl7 120 107 0 94 1 0 1 1 0 8 0
amappl6 112 23 0 18 1 0 1 1 0 8 0
amappl5 104 342 0 331 1 0 1 1 0 8 0
amappl4 96 425 0 395 1 0 1 1 0 8 0
amappl3 88 180 0 174 1 0 1 1 0 8 0
amappl2 80 1863 0 1797 2 0 2 2 0 8 0
amappl1 72 15460 0 15038 22 13 9 17 0 8 0
amappl 80 777 0 736 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 9 0 4 1 0 1 1 0 8 0
uaddrrnd 24 338 0 322 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 338 0 322 1 0 1 1 0 8 0
vmmpekpl 168 6271 0 6243 2 0 2 2 0 8 0
vmmpepl 168 47204 0 45305 109 13 96 105 0 357 13
vmsppl 272 337 0 322 3 1 2 2 0 8 1
pdppl 4096 682 0 646 6 1 5 6 0 8 0
pvpl 32 155564 0 137874 149 0 149 149 0 265 5
pmappl 200 337 0 322 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 238 0 17 7 0 7 7 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8244f00b) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8281bd40,9,ffff80001d79df18) at pool_do_get+0x42a sys/kern/subr_pool.c:738
pool_get(ffffffff8281bd40,9) at pool_get+0xb5 sys/kern/subr_pool.c:581
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 fnew sys/kern/kern_descrip.c:1048 [inline]
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 sys/kern/kern_descrip.c:1022
sys_socketpair(ffff80001d718600,ffff80001d79e098,ffff80001d79e0e0) at sys_socketpair+0x1b0 sys/kern/uipc_syscalls.c:452
syscall(ffff80001d79e160) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5b6bdba9e70, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8244f00b) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8281bd40,9,ffff80001d79df18) at pool_do_get+0x42a sys/kern/subr_pool.c:738
pool_get(ffffffff8281bd40,9) at pool_get+0xb5 sys/kern/subr_pool.c:581
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 fnew sys/kern/kern_descrip.c:1048 [inline]
falloc(ffff80001d718600,ffff80001d79dff0,ffff80001d79e020) at falloc+0x103 sys/kern/kern_descrip.c:1022
sys_socketpair(ffff80001d718600,ffff80001d79e098,ffff80001d79e0e0) at sys_socketpair+0x1b0 sys/kern/uipc_syscalls.c:452
syscall(ffff80001d79e160) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5b6bdba9e70, count: -8
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 6, 2020, 10:09:10 AM9/6/20
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages