pool: free list modified: vmsppl
0 visualizzazioni
Passa al primo messaggio da leggere
syzbot
28 giu 2020, 07:30:1628/06/20
a syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 634337a5 /dev/{null,mem,kmem,...}
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15363a39100000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=9b8e5654b0d67fc0a631
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9b8e56...@syzkaller.appspotmail.com
�"C� ��# �D�T9o|�{>��'sb /8�)*�2 �DE��� �X@?6.� ��t� �� K�V�f�qo�i١`ے �V�J��=��뽩O J( ]���0�8#� Q�3��E�z~�H��� @[!�� �� ��"C� ��# �D�T9o|�{>��'sb /8�)*�2 �DE��� �X@?6.� ��t� �� K�V�f�qo�i١`ے �V�J��=��뽩O J( ]���0�8#� Q�3��E�z~�H��� @[!�� �� �panic: pool_do_get: vmsppl free list modified: page 0xfffffd806e8e9000; item addr 0xfffffd80c8cf8303; offset 0x0=0xffffffffffffffff != 0xb18362a0b4afa7ff
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*236162 21921 0 0x2 0 0K syz-executor.1
54568 1136 0 0x2 0x4000000 1 syz-fuzzer
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff824912bf) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff828d94f8,9,ffff800021efb438) at pool_do_get+0x439 sys/kern/subr_pool.c:738
pool_get(ffffffff828d94f8,9) at pool_get+0xeb sys/kern/subr_pool.c:581
uvmspace_fork(ffff800020dfcf80) at uvmspace_fork+0x64 uvmspace_alloc sys/uvm/uvm_map.c:3479 [inline]
uvmspace_fork(ffff800020dfcf80) at uvmspace_fork+0x64 sys/uvm/uvm_map.c:4060
process_new(ffff800020e469d8,ffff800020dfcf80,1) at process_new+0x16f sys/kern/kern_fork.c:258
fork1(ffff800020e47ae8,1,ffffffff81c58340,0,ffff800021efb690,0) at fork1+0x31b sys/kern/kern_fork.c:377
syscall(ffff800021efb710) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021efb710) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffbc6a0, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 634337a5 /dev/{null,mem,kmem,...}
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15363a39100000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=9b8e5654b0d67fc0a631
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9b8e56...@syzkaller.appspotmail.com
�"C� ��# �D�T9o|�{>��'sb /8�)*�2 �DE��� �X@?6.� ��t� �� K�V�f�qo�i١`ے �V�J��=��뽩O J( ]���0�8#� Q�3��E�z~�H��� @[!�� �� ��"C� ��# �D�T9o|�{>��'sb /8�)*�2 �DE��� �X@?6.� ��t� �� K�V�f�qo�i١`ے �V�J��=��뽩O J( ]���0�8#� Q�3��E�z~�H��� @[!�� �� �panic: pool_do_get: vmsppl free list modified: page 0xfffffd806e8e9000; item addr 0xfffffd80c8cf8303; offset 0x0=0xffffffffffffffff != 0xb18362a0b4afa7ff
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*236162 21921 0 0x2 0 0K syz-executor.1
54568 1136 0 0x2 0x4000000 1 syz-fuzzer
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff824912bf) at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff828d94f8,9,ffff800021efb438) at pool_do_get+0x439 sys/kern/subr_pool.c:738
pool_get(ffffffff828d94f8,9) at pool_get+0xeb sys/kern/subr_pool.c:581
uvmspace_fork(ffff800020dfcf80) at uvmspace_fork+0x64 uvmspace_alloc sys/uvm/uvm_map.c:3479 [inline]
uvmspace_fork(ffff800020dfcf80) at uvmspace_fork+0x64 sys/uvm/uvm_map.c:4060
process_new(ffff800020e469d8,ffff800020dfcf80,1) at process_new+0x16f sys/kern/kern_fork.c:258
fork1(ffff800020e47ae8,1,ffffffff81c58340,0,ffff800021efb690,0) at fork1+0x31b sys/kern/kern_fork.c:377
syscall(ffff800021efb710) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021efb710) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffbc6a0, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
29 giu 2020, 03:00:3029/06/20
a syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Rispondi a tutti
Rispondi all'autore
Inoltra
0 nuovi messaggi