malloc: free list modified: free (2)
1 view
Skip to first unread message
syzbot
Apr 28, 2022, 10:00:29 AM4/28/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 259734c7096b The timeout in ospf6d regress seems to be too..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1463e66cf00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=6b45863a004814b61fa9
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6b4586...@syzkaller.appspotmail.com
panic: Data modified on freelist: word 4 of object 0xffff800001016800 size 0x400 previous type free (0x0 != 0xdead4110)
Starting stack trace...
panic(ffffffff82562c73) at panic+0x155 sys/kern/subr_prf.c:233
malloc(400,7f,1) at malloc+0xa85 sys/kern/kern_malloc.c:364
parsepledges(ffff80002166aa90,ffffffff8255dc27,20000000,ffff80002e58dc38) at parsepledges+0x47 sys/kern/kern_pledge.c:429
sys_pledge(ffff80002166aa90,ffff80002e58dca8,ffff80002e58dd00) at sys_pledge+0x4d sys/kern/kern_pledge.c:470
syscall(ffff80002e58dd70) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf38281adfe0, count: 251
End of stack trace.
syncing disks...panic: ffs_update: bad link cnt
Starting stack trace...
panic(ffffffff825ff7a8) at panic+0x155 sys/kern/subr_prf.c:233
ffs_update(fffffd8065f97d28,0) at ffs_update+0x303 sys/ufs/ffs/ffs_inode.c:101
VOP_FSYNC(fffffd807baa75d0,fffffd807f7d7540,2,ffff80002166aa90) at VOP_FSYNC+0xc5 sys/kern/vfs_vops.c:327
ffs_sync_vnode(fffffd807baa75d0,ffff80002e58d810) at ffs_sync_vnode+0x15a sys/ufs/ffs/ffs_vfsops.c:1191
vfs_mount_foreach_vnode(ffff8000006d8000,ffffffff810705b0,ffff80002e58d810) at vfs_mount_foreach_vnode+0x55 sys/kern/vfs_subr.c:894
ffs_sync(ffff8000006d8000,2,0,fffffd807f7d7540,ffff80002166aa90) at ffs_sync+0x11f sys/ufs/ffs/ffs_vfsops.c:1242
sys_sync(ffff80002166aa90,0,0) at sys_sync+0xbc sys/kern/vfs_syscalls.c:539
vfs_syncwait(ffff80002166aa90,1) at vfs_syncwait+0x36
vfs_shutdown(ffff80002166aa90) at vfs_shutdown+0x5d sys/kern/vfs_subr.c:1770
boot(100) at boot+0xbb sys/arch/amd64/amd64/machdep.c:830
reboot(100) at reboot+0x77
panic(ffffffff82562c73) at panic+0x175 sys/kern/subr_prf.c:235
malloc(400,7f,1) at malloc+0xa85 sys/kern/kern_malloc.c:364
parsepledges(ffff80002166aa90,ffffffff8255dc27,20000000,ffff80002e58dc38) at parsepledges+0x47 sys/kern/kern_pledge.c:429
sys_pledge(ffff80002166aa90,ffff80002e58dca8,ffff80002e58dd00) at sys_pledge+0x4d sys/kern/kern_pledge.c:470
syscall(ffff80002e58dd70) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf38281adfe0, count: 240
End of stack trace.
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID db0dc653-7a57-7afa-fd77-d87c02d918a4
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2730: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.53
boot> set $lines = 0
set: syntax error
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 259734c7096b The timeout in ospf6d regress seems to be too..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1463e66cf00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=6b45863a004814b61fa9
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6b4586...@syzkaller.appspotmail.com
panic: Data modified on freelist: word 4 of object 0xffff800001016800 size 0x400 previous type free (0x0 != 0xdead4110)
Starting stack trace...
panic(ffffffff82562c73) at panic+0x155 sys/kern/subr_prf.c:233
malloc(400,7f,1) at malloc+0xa85 sys/kern/kern_malloc.c:364
parsepledges(ffff80002166aa90,ffffffff8255dc27,20000000,ffff80002e58dc38) at parsepledges+0x47 sys/kern/kern_pledge.c:429
sys_pledge(ffff80002166aa90,ffff80002e58dca8,ffff80002e58dd00) at sys_pledge+0x4d sys/kern/kern_pledge.c:470
syscall(ffff80002e58dd70) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf38281adfe0, count: 251
End of stack trace.
syncing disks...panic: ffs_update: bad link cnt
Starting stack trace...
panic(ffffffff825ff7a8) at panic+0x155 sys/kern/subr_prf.c:233
ffs_update(fffffd8065f97d28,0) at ffs_update+0x303 sys/ufs/ffs/ffs_inode.c:101
VOP_FSYNC(fffffd807baa75d0,fffffd807f7d7540,2,ffff80002166aa90) at VOP_FSYNC+0xc5 sys/kern/vfs_vops.c:327
ffs_sync_vnode(fffffd807baa75d0,ffff80002e58d810) at ffs_sync_vnode+0x15a sys/ufs/ffs/ffs_vfsops.c:1191
vfs_mount_foreach_vnode(ffff8000006d8000,ffffffff810705b0,ffff80002e58d810) at vfs_mount_foreach_vnode+0x55 sys/kern/vfs_subr.c:894
ffs_sync(ffff8000006d8000,2,0,fffffd807f7d7540,ffff80002166aa90) at ffs_sync+0x11f sys/ufs/ffs/ffs_vfsops.c:1242
sys_sync(ffff80002166aa90,0,0) at sys_sync+0xbc sys/kern/vfs_syscalls.c:539
vfs_syncwait(ffff80002166aa90,1) at vfs_syncwait+0x36
vfs_shutdown(ffff80002166aa90) at vfs_shutdown+0x5d sys/kern/vfs_subr.c:1770
boot(100) at boot+0xbb sys/arch/amd64/amd64/machdep.c:830
reboot(100) at reboot+0x77
panic(ffffffff82562c73) at panic+0x175 sys/kern/subr_prf.c:235
malloc(400,7f,1) at malloc+0xa85 sys/kern/kern_malloc.c:364
parsepledges(ffff80002166aa90,ffffffff8255dc27,20000000,ffff80002e58dc38) at parsepledges+0x47 sys/kern/kern_pledge.c:429
sys_pledge(ffff80002166aa90,ffff80002e58dca8,ffff80002e58dd00) at sys_pledge+0x4d sys/kern/kern_pledge.c:470
syscall(ffff80002e58dd70) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf38281adfe0, count: 240
End of stack trace.
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID db0dc653-7a57-7afa-fd77-d87c02d918a4
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2730: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.53
boot> set $lines = 0
set: syntax error
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jul 27, 2022, 10:00:32 AM7/27/22
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages