pool: free list modified: fdescpl (4)
1 view
Skip to first unread message
syzbot
Sep 4, 2023, 5:49:01 AM9/4/23
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 1c33b230a824 Allow UDP for built-in inetd(8) services on 1..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1759b100680000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=4d9ac021f7ec741cfa9b
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0c4031725a8f/disk-1c33b230.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/4ab6ba208472/bsd-1c33b230.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9e2d386ae3b6/kernel-1c33b230.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4d9ac0...@syzkaller.appspotmail.com
panic: pool_do_get: fdescpl free list modified: page 0xfffffd80685fa000; item addr 0xfffffd80685fa3f0; offset 0x48=0xdead4113
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*351839 85250 32767 0x10 0 1 syz-executor.3
297946 84245 0 0x2000002 0x4000000 0 syz-fuzzer
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8280ddb7) at panic+0x17b sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d1c520,9,ffff80002129b8a8) at pool_do_get+0x484 sys/kern/subr_pool.c:739
pool_get(ffffffff82d1c520,9) at pool_get+0xed sys/kern/subr_pool.c:582
fdcopy(ffff800021223250) at fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
fdcopy(ffff800021223250) at fdcopy+0x48 sys/kern/kern_descrip.c:1106
process_new(ffff80002128fd38,ffff800021223250,1) at process_new+0x2bc sys/kern/kern_fork.c:257
fork1(ffff800021262818,1,ffffffff814992d0,0,ffff80002129bb00,0) at fork1+0x318 sys/kern/kern_fork.c:383
syscall(ffff80002129bb80) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129bb80) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x712d742cfba0, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pool_do_get: fdescpl free list modified: page 0xfffffd80685fa000; item addr 0xfffffd80685fa3f0; offset 0x48=0xdead4113
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8280ddb7) at panic+0x17b sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d1c520,9,ffff80002129b8a8) at pool_do_get+0x484 sys/kern/subr_pool.c:739
pool_get(ffffffff82d1c520,9) at pool_get+0xed sys/kern/subr_pool.c:582
fdcopy(ffff800021223250) at fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
fdcopy(ffff800021223250) at fdcopy+0x48 sys/kern/kern_descrip.c:1106
process_new(ffff80002128fd38,ffff800021223250,1) at process_new+0x2bc sys/kern/kern_fork.c:257
fork1(ffff800021262818,1,ffffffff814992d0,0,ffff80002129bb00,0) at fork1+0x318 sys/kern/kern_fork.c:383
syscall(ffff80002129bb80) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129bb80) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x712d742cfba0, count: -9
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002129b6f0
rbx 0xffff800020d59b9f
rdx 0
rcx 0xffff800021262818
rax 0xffff800020d58ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x4753bc9fe4403a7f
r11 0xe9e0df75afc1e476
r12 0xffff800020d599a0
r13 0
r14 0
r15 0x1
rip 0xffffffff8238030c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002129b6e0
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.3) pid=351839 stat=onproc
flags process=10<SUGID> proc=0
pri=16, usrpri=79, nice=20
forw=0xffffffffffffffff, list=0xffff800021263ab0,0xffff800021263d68
process=0xffff800021223250 user=0xffff800021296000, vmspace=0xfffffd8069aa0cd0
estcpu=29, cpticks=1, pctcpu=0.2
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
970 125974 45332 32767 3 0x90 nanoslp syz-executor.6
970 321142 45332 32767 3 0x4000010 fdlock syz-executor.6
970 360384 45332 32767 3 0x4000090 fsleep syz-executor.6
11212 361637 63872 32767 3 0x90 nanoslp syz-executor.5
11212 488193 63872 32767 3 0x4000090 netio syz-executor.5
11212 287493 63872 32767 3 0x4000090 fsleep syz-executor.5
50226 27475 38871 32767 3 0x90 nanoslp syz-executor.1
50226 169940 38871 32767 3 0x4000090 fifor syz-executor.1
50226 48934 38871 32767 3 0x4000090 fifor syz-executor.1
50226 446634 38871 32767 3 0x4000090 fsleep syz-executor.1
26605 147954 84019 32767 2 0x10 syz-executor.2
84019 327442 84245 0 3 0x82 wait syz-executor.2
27586 416528 63541 32767 2 0x90 syz-executor.4
63541 9308 84245 0 3 0x82 wait syz-executor.4
45332 213366 84282 32767 3 0x90 nanoslp syz-executor.6
84282 24883 84245 0 3 0x82 wait syz-executor.6
88897 410712 70863 32767 2 0x10 syz-executor.7
70863 292489 84245 0 3 0x82 wait syz-executor.7
38871 228598 34069 32767 3 0x90 nanoslp syz-executor.1
34069 361429 84245 0 3 0x82 wait syz-executor.1
*85250 351839 93596 32767 7 0x10 syz-executor.3
93596 415778 84245 0 3 0x82 wait syz-executor.3
45607 378298 36961 32767 2 0x10 syz-executor.0
36961 176443 84245 0 3 0x82 wait syz-executor.0
63872 128612 26288 32767 3 0x90 nanoslp syz-executor.5
26288 118968 84245 0 3 0x82 wait syz-executor.5
8532 518080 0 0 3 0x14200 bored sosplice
84245 22567 81513 0 3 0x2000082 thrsleep syz-fuzzer
84245 128740 81513 0 3 0x6000082 nanoslp syz-fuzzer
84245 285217 81513 0 3 0x6000082 wait syz-fuzzer
84245 51632 81513 0 3 0x6000082 wait syz-fuzzer
84245 504736 81513 0 3 0x6000082 thrsleep syz-fuzzer
84245 72532 81513 0 3 0x6000082 wait syz-fuzzer
84245 250262 81513 0 3 0x6000082 wait syz-fuzzer
84245 313881 81513 0 3 0x6000082 thrsleep syz-fuzzer
84245 357162 81513 0 3 0x6000082 wait syz-fuzzer
84245 297946 81513 0 7 0x6000002 syz-fuzzer
84245 277654 81513 0 3 0x6000082 thrsleep syz-fuzzer
84245 18574 81513 0 3 0x6000082 wait syz-fuzzer
84245 406107 81513 0 3 0x6000082 thrsleep syz-fuzzer
84245 463590 81513 0 2 0x6000002 syz-fuzzer
84245 470501 81513 0 3 0x6000082 wait syz-fuzzer
84245 430846 81513 0 3 0x6000082 wait syz-fuzzer
81513 487040 67562 0 3 0x10008a sigsusp ksh
67562 231940 304 0 2 0x12 sshd
99277 2621 1 0 3 0x100083 ttyin getty
304 35297 1 0 3 0x88 kqread sshd
6514 477548 16617 73 3 0x1100090 kqread syslogd
16617 260023 1 0 3 0x100082 netio syslogd
68677 384422 1 0 3 0x100080 kqread resolvd
30468 461343 5333 77 3 0x100092 kqread dhcpleased
49657 140893 5333 77 3 0x100092 kqread dhcpleased
5333 403756 1 0 3 0x80 kqread dhcpleased
97817 506398 0 0 3 0x14200 bored smr
75588 363175 0 0 3 0x14200 pgzero zerothread
83013 311241 0 0 3 0x14200 aiodoned aiodoned
5747 370932 0 0 3 0x14200 syncer update
62201 67371 0 0 3 0x14200 cleaner cleaner
66701 100855 0 0 3 0x14200 reaper reaper
43281 363479 0 0 3 0x14200 pgdaemon pagedaemon
63024 354511 0 0 3 0x14200 bored viomb
46371 305107 0 0 3 0x40014200 acpi0 acpi0
40249 292851 0 0 3 0x40014200 idle1
1206 361774 0 0 3 0x14200 bored softnet3
30420 462076 0 0 3 0x14200 bored softnet2
34508 21169 0 0 3 0x14200 bored softnet1
57350 17903 0 0 3 0x14200 bored softnet0
78043 105958 0 0 3 0x14200 bored systqmp
37368 90193 0 0 3 0x14200 bored systq
27120 230603 0 0 3 0x40014200 bored softclock
54108 367231 0 0 3 0x40014200 idle0
1 458294 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex fdescpl r = 0 (0xffffffff82d1c530)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 pool_get+0xc1 sys/kern/subr_pool.c:579
#4 fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
#4 fdcopy+0x48 sys/kern/kern_descrip.c:1106
#5 process_new+0x2bc sys/kern/kern_fork.c:257
#6 fork1+0x318 sys/kern/kern_fork.c:383
#7 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#7 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#8 Xsyscall+0x128
Process 970 (syz-executor.6) thread 0xffff80002120c2c0 (321142)
exclusive rwlock sysctllk r = 0 (0xffffffff82c1b190)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 sys_sysctl+0x1c3 sys/kern/kern_sysctl.c:235
#3 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#3 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#4 Xsyscall+0x128
Process 85250 (syz-executor.3) thread 0xffff800021262818 (351839)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82c770a0)
#0 witness_lock+0x447
#1 syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline]
#1 syscall+0x5cd sys/arch/amd64/amd64/trap.c:623
#2 Xsyscall+0x128
exclusive mutex fdescpl r = 0 (0xffffffff82d1c530)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 pool_get+0xc1 sys/kern/subr_pool.c:579
#4 fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
#4 fdcopy+0x48 sys/kern/kern_descrip.c:1106
#5 process_new+0x2bc sys/kern/kern_fork.c:257
#6 fork1+0x318 sys/kern/kern_fork.c:383
#7 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#7 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#8 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10206 6411K 6420K 78643K 11735 0
pcb 13 16K 20K 78643K 19 0
rtable 240 6K 7K 78643K 6219 0
pf 29 8K 8K 78643K 329 0
ifaddr 44 17K 18K 78643K 654 0
ifgroup 50 2K 2K 78643K 650 0
sysctl 3 1K 1K 78643K 3 0
counters 60 35K 35K 78643K 360 0
ioctlops 0 0K 2K 78643K 840 0
iov 0 0K 24K 78643K 4156 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1280 80K 80K 78643K 8963 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 709 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 11845 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 21 77K 113K 78643K 49680 0
sigio 0 0K 0K 78643K 760 0
proc 56 78K 103K 78643K 6978 0
subproc 104 6K 6K 78643K 2054 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 8385 0
in_multi 99 7K 7K 78643K 2828 0
ether_multi 1 0K 0K 78643K 52 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 175 784K 784K 78643K 175 0
exec 0 0K 1K 78643K 13052 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 495 92K 110K 78643K 483034 0
UVM aobj 131 4K 4K 78643K 131 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1653 0
NDP 11 0K 2K 78643K 477 0
temp 75 5921K 6004K 78643K 131510 0
kqueue 12 18K 33K 78643K 3939 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 3355 0 3352 45 44 1 6 0 8 0
rtentry 112 1874 0 1761 4 0 4 4 0 8 0
unpcb 144 118078 0 118063 525 519 6 16 0 8 5
syncache 304 712 0 712 86 85 1 1 0 8 1
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 497 0 497 74 73 1 1 0 8 1
tcpcb 808 23702 0 23685 602 594 8 18 0 8 5
arp 120 327 0 308 1 0 1 1 0 8 0
ipq 40 61 0 59 20 19 1 1 0 8 0
ipqe 40 279 0 277 20 19 1 1 0 8 0
inpcb 368 43667 0 43643 680 673 7 23 0 8 3
nd6 136 578 0 552 11 10 1 2 0 8 0
kcovpl 48 158 0 150 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 7511 0 7044 45 15 30 31 0 8 0
art_table 32 7512 0 7044 4 0 4 4 0 8 0
art_node 16 1873 0 1770 1 0 1 1 0 8 0
semapl 112 11843 0 11833 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 62942 0 61467 93 0 93 93 0 8 0
ffsino 272 62942 0 61467 99 0 99 99 0 8 0
nchpl 144 129578 0 127937 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 417651 0 417651 15 14 1 2 0 8 1
percpumem 16 193 0 150 1 0 1 1 0 8 0
kstatmem 264 322 0 300 2 0 2 2 0 8 0
scxspl 216 381315 0 381315 152 150 2 8 1 8 2
plimitpl 152 6686 0 6663 54 53 1 2 0 8 0
sigapl 424 49671 0 49621 8 1 7 7 0 8 0
futexpl 64 462467 0 462464 9 8 1 1 0 8 0
knotepl 120 2599 0 0 21 3 18 18 0 8 0
kqueuepl 216 10609 0 10601 167 162 5 8 0 8 4
pipepl 320 8843 0 8814 246 243 3 11 0 8 0
fdescpl 496 49653 0 49621 7 2 5 6 0 8 0
pool(0xffffffff82d1c520:fdescpl): page inconsistency: page 0xfffffd80685fa000; 3 on list, 4 missing, 8 items per page
filepl 152 372382 0 372135 628 610 18 28 0 8 8
lockfpl 104 19894 0 19892 3 2 1 2 0 8 0
lockfspl 48 4526 0 4524 1 0 1 1 0 8 0
sessionpl 144 173 0 157 1 0 1 1 0 8 0
pgrppl 48 1034 0 1018 1 0 1 1 0 8 0
ucredpl 104 34209 0 34191 1 0 1 1 0 8 0
zombiepl 144 49621 0 49621 1 0 1 1 0 8 1
processpl 1072 49672 0 49621 4 0 4 4 0 8 0
procpl 680 136274 0 136201 98 90 8 9 0 8 1
sosppl 168 953 0 949 56 55 1 1 0 8 0
sockpl 488 166707 0 166664 3510 3494 16 56 0 8 8
mcl64k 65536 89 0 0 4 1 3 3 0 8 0
mcl16k 16384 71 0 0 4 1 3 3 0 8 0
mcl12k 12288 53 0 0 2 0 2 2 0 8 0
mcl9k 9216 48 0 0 4 2 2 2 0 8 0
mcl8k 8192 73 0 0 5 2 3 3 0 8 0
mcl4k 4096 145 0 0 5 1 4 4 0 8 0
mcl2k2 2112 22 0 0 2 0 2 2 0 8 0
mcl2k 2048 832 0 0 49 22 27 33 0 8 0
mtagpl 96 12 0 0 1 0 1 1 0 8 0
mbufpl 256 5066 0 0 293 0 293 293 0 8 0
bufpl 288 82972 0 76646 453 0 453 453 0 8 0
anonpl 24 4950542 0 4939004 311 214 97 118 0 186 0
amapchunkpl 152 1527846 0 1526997 336 298 38 52 0 158 0
amappl16 200 105048 0 104769 604 576 28 42 0 8 9
amappl15 192 16 0 16 1 1 0 1 0 8 0
amappl14 184 633 0 619 2 1 1 2 0 8 0
amappl13 176 25 0 24 1 0 1 1 0 8 0
amappl12 168 52570 0 52533 2 0 2 2 0 8 0
amappl11 160 51 0 41 1 0 1 1 0 8 0
amappl10 152 274 0 258 1 0 1 1 0 8 0
amappl9 144 596 0 596 75 75 0 1 0 8 0
amappl8 136 3028 0 2736 11 0 11 11 0 8 0
amappl7 128 332 0 316 2 1 1 2 0 8 0
amappl6 120 1968 0 1931 9 7 2 2 0 8 0
amappl5 112 1684 0 1674 1 0 1 1 0 8 0
amappl4 104 2659 0 2604 4 2 2 2 0 8 0
amappl3 96 298524 0 298437 12 9 3 4 0 8 0
amappl2 88 52451 0 52341 7 4 3 3 0 8 0
amappl1 80 191131 0 190595 23 10 13 22 0 8 0
amappl 88 479650 0 479395 8 0 8 8 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 49653 0 49621 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 49653 0 49621 1 0 1 1 0 8 0
vmmpekpl 168 363014 0 362954 4 0 4 4 0 8 0
vmmpepl 168 2928348 0 2925798 463 322 141 152 0 357 1
vmsppl 464 49652 0 49621 7 2 5 6 0 8 0
rwobjpl 56 702882 0 695227 142 30 112 114 0 8 0
pdppl 4096 99314 0 99242 1976 1894 82 90 0 8 10
pvpl 32 14423252 0 14405111 992 813 179 336 0 265 2
pmappl 248 49652 0 49621 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 4428 0 3309 33 0 33 33 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82b86ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82c76e98) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82c76e98) at __mp_lock+0x122 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158
witness_checkorder(fffffd806f55e010,9,0) at witness_checkorder+0x115 sys/kern/subr_witness.c:770
mtx_enter(fffffd806f55e000) at mtx_enter+0x3e sys/kern/kern_lock.c:265
kqueue_scan(ffff800021271570,8,ffff800021271670,ffff800021271770,ffff80002120c810,ffff8000212717cc) at kqueue_scan+0x1ed sys/kern/kern_event.c:1376
sys_kevent(ffff80002120c810,ffff800021271830,ffff800021271880) at sys_kevent+0x4b4 sys/kern/kern_event.c:1062
syscall(ffff800021271900) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff800021271900) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x20bb47080, count: 2
ddb{0}> trace
x86_ipi_db(ffffffff82b86ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82c76e98) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82c76e98) at __mp_lock+0x122 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158
witness_checkorder(fffffd806f55e010,9,0) at witness_checkorder+0x115 sys/kern/subr_witness.c:770
mtx_enter(fffffd806f55e000) at mtx_enter+0x3e sys/kern/kern_lock.c:265
kqueue_scan(ffff800021271570,8,ffff800021271670,ffff800021271770,ffff80002120c810,ffff8000212717cc) at kqueue_scan+0x1ed sys/kern/kern_event.c:1376
sys_kevent(ffff80002120c810,ffff800021271830,ffff800021271880) at sys_kevent+0x4b4 sys/kern/kern_event.c:1062
syscall(ffff800021271900) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff800021271900) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x20bb47080, count: -13
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x1c: addq $0x8,%rsp
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8280ddb7) at panic+0x17b sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d1c520,9,ffff80002129b8a8) at pool_do_get+0x484 sys/kern/subr_pool.c:739
pool_get(ffffffff82d1c520,9) at pool_get+0xed sys/kern/subr_pool.c:582
fdcopy(ffff800021223250) at fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
fdcopy(ffff800021223250) at fdcopy+0x48 sys/kern/kern_descrip.c:1106
process_new(ffff80002128fd38,ffff800021223250,1) at process_new+0x2bc sys/kern/kern_fork.c:257
fork1(ffff800021262818,1,ffffffff814992d0,0,ffff80002129bb00,0) at fork1+0x318 sys/kern/kern_fork.c:383
syscall(ffff80002129bb80) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129bb80) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x712d742cfba0, count: 6
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8280ddb7) at panic+0x17b sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d1c520,9,ffff80002129b8a8) at pool_do_get+0x484 sys/kern/subr_pool.c:739
pool_get(ffffffff82d1c520,9) at pool_get+0xed sys/kern/subr_pool.c:582
fdcopy(ffff800021223250) at fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
fdcopy(ffff800021223250) at fdcopy+0x48 sys/kern/kern_descrip.c:1106
process_new(ffff80002128fd38,ffff800021223250,1) at process_new+0x2bc sys/kern/kern_fork.c:257
fork1(ffff800021262818,1,ffffffff814992d0,0,ffff80002129bb00,0) at fork1+0x318 sys/kern/kern_fork.c:383
syscall(ffff80002129bb80) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129bb80) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x712d742cfba0, count: -9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 1c33b230a824 Allow UDP for built-in inetd(8) services on 1..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1759b100680000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=4d9ac021f7ec741cfa9b
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0c4031725a8f/disk-1c33b230.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/4ab6ba208472/bsd-1c33b230.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9e2d386ae3b6/kernel-1c33b230.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4d9ac0...@syzkaller.appspotmail.com
panic: pool_do_get: fdescpl free list modified: page 0xfffffd80685fa000; item addr 0xfffffd80685fa3f0; offset 0x48=0xdead4113
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*351839 85250 32767 0x10 0 1 syz-executor.3
297946 84245 0 0x2000002 0x4000000 0 syz-fuzzer
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8280ddb7) at panic+0x17b sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d1c520,9,ffff80002129b8a8) at pool_do_get+0x484 sys/kern/subr_pool.c:739
pool_get(ffffffff82d1c520,9) at pool_get+0xed sys/kern/subr_pool.c:582
fdcopy(ffff800021223250) at fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
fdcopy(ffff800021223250) at fdcopy+0x48 sys/kern/kern_descrip.c:1106
process_new(ffff80002128fd38,ffff800021223250,1) at process_new+0x2bc sys/kern/kern_fork.c:257
fork1(ffff800021262818,1,ffffffff814992d0,0,ffff80002129bb00,0) at fork1+0x318 sys/kern/kern_fork.c:383
syscall(ffff80002129bb80) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129bb80) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x712d742cfba0, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pool_do_get: fdescpl free list modified: page 0xfffffd80685fa000; item addr 0xfffffd80685fa3f0; offset 0x48=0xdead4113
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8280ddb7) at panic+0x17b sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d1c520,9,ffff80002129b8a8) at pool_do_get+0x484 sys/kern/subr_pool.c:739
pool_get(ffffffff82d1c520,9) at pool_get+0xed sys/kern/subr_pool.c:582
fdcopy(ffff800021223250) at fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
fdcopy(ffff800021223250) at fdcopy+0x48 sys/kern/kern_descrip.c:1106
process_new(ffff80002128fd38,ffff800021223250,1) at process_new+0x2bc sys/kern/kern_fork.c:257
fork1(ffff800021262818,1,ffffffff814992d0,0,ffff80002129bb00,0) at fork1+0x318 sys/kern/kern_fork.c:383
syscall(ffff80002129bb80) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129bb80) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x712d742cfba0, count: -9
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002129b6f0
rbx 0xffff800020d59b9f
rdx 0
rcx 0xffff800021262818
rax 0xffff800020d58ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x4753bc9fe4403a7f
r11 0xe9e0df75afc1e476
r12 0xffff800020d599a0
r13 0
r14 0
r15 0x1
rip 0xffffffff8238030c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002129b6e0
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.3) pid=351839 stat=onproc
flags process=10<SUGID> proc=0
pri=16, usrpri=79, nice=20
forw=0xffffffffffffffff, list=0xffff800021263ab0,0xffff800021263d68
process=0xffff800021223250 user=0xffff800021296000, vmspace=0xfffffd8069aa0cd0
estcpu=29, cpticks=1, pctcpu=0.2
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
970 125974 45332 32767 3 0x90 nanoslp syz-executor.6
970 321142 45332 32767 3 0x4000010 fdlock syz-executor.6
970 360384 45332 32767 3 0x4000090 fsleep syz-executor.6
11212 361637 63872 32767 3 0x90 nanoslp syz-executor.5
11212 488193 63872 32767 3 0x4000090 netio syz-executor.5
11212 287493 63872 32767 3 0x4000090 fsleep syz-executor.5
50226 27475 38871 32767 3 0x90 nanoslp syz-executor.1
50226 169940 38871 32767 3 0x4000090 fifor syz-executor.1
50226 48934 38871 32767 3 0x4000090 fifor syz-executor.1
50226 446634 38871 32767 3 0x4000090 fsleep syz-executor.1
26605 147954 84019 32767 2 0x10 syz-executor.2
84019 327442 84245 0 3 0x82 wait syz-executor.2
27586 416528 63541 32767 2 0x90 syz-executor.4
63541 9308 84245 0 3 0x82 wait syz-executor.4
45332 213366 84282 32767 3 0x90 nanoslp syz-executor.6
84282 24883 84245 0 3 0x82 wait syz-executor.6
88897 410712 70863 32767 2 0x10 syz-executor.7
70863 292489 84245 0 3 0x82 wait syz-executor.7
38871 228598 34069 32767 3 0x90 nanoslp syz-executor.1
34069 361429 84245 0 3 0x82 wait syz-executor.1
*85250 351839 93596 32767 7 0x10 syz-executor.3
93596 415778 84245 0 3 0x82 wait syz-executor.3
45607 378298 36961 32767 2 0x10 syz-executor.0
36961 176443 84245 0 3 0x82 wait syz-executor.0
63872 128612 26288 32767 3 0x90 nanoslp syz-executor.5
26288 118968 84245 0 3 0x82 wait syz-executor.5
8532 518080 0 0 3 0x14200 bored sosplice
84245 22567 81513 0 3 0x2000082 thrsleep syz-fuzzer
84245 128740 81513 0 3 0x6000082 nanoslp syz-fuzzer
84245 285217 81513 0 3 0x6000082 wait syz-fuzzer
84245 51632 81513 0 3 0x6000082 wait syz-fuzzer
84245 504736 81513 0 3 0x6000082 thrsleep syz-fuzzer
84245 72532 81513 0 3 0x6000082 wait syz-fuzzer
84245 250262 81513 0 3 0x6000082 wait syz-fuzzer
84245 313881 81513 0 3 0x6000082 thrsleep syz-fuzzer
84245 357162 81513 0 3 0x6000082 wait syz-fuzzer
84245 297946 81513 0 7 0x6000002 syz-fuzzer
84245 277654 81513 0 3 0x6000082 thrsleep syz-fuzzer
84245 18574 81513 0 3 0x6000082 wait syz-fuzzer
84245 406107 81513 0 3 0x6000082 thrsleep syz-fuzzer
84245 463590 81513 0 2 0x6000002 syz-fuzzer
84245 470501 81513 0 3 0x6000082 wait syz-fuzzer
84245 430846 81513 0 3 0x6000082 wait syz-fuzzer
81513 487040 67562 0 3 0x10008a sigsusp ksh
67562 231940 304 0 2 0x12 sshd
99277 2621 1 0 3 0x100083 ttyin getty
304 35297 1 0 3 0x88 kqread sshd
6514 477548 16617 73 3 0x1100090 kqread syslogd
16617 260023 1 0 3 0x100082 netio syslogd
68677 384422 1 0 3 0x100080 kqread resolvd
30468 461343 5333 77 3 0x100092 kqread dhcpleased
49657 140893 5333 77 3 0x100092 kqread dhcpleased
5333 403756 1 0 3 0x80 kqread dhcpleased
97817 506398 0 0 3 0x14200 bored smr
75588 363175 0 0 3 0x14200 pgzero zerothread
83013 311241 0 0 3 0x14200 aiodoned aiodoned
5747 370932 0 0 3 0x14200 syncer update
62201 67371 0 0 3 0x14200 cleaner cleaner
66701 100855 0 0 3 0x14200 reaper reaper
43281 363479 0 0 3 0x14200 pgdaemon pagedaemon
63024 354511 0 0 3 0x14200 bored viomb
46371 305107 0 0 3 0x40014200 acpi0 acpi0
40249 292851 0 0 3 0x40014200 idle1
1206 361774 0 0 3 0x14200 bored softnet3
30420 462076 0 0 3 0x14200 bored softnet2
34508 21169 0 0 3 0x14200 bored softnet1
57350 17903 0 0 3 0x14200 bored softnet0
78043 105958 0 0 3 0x14200 bored systqmp
37368 90193 0 0 3 0x14200 bored systq
27120 230603 0 0 3 0x40014200 bored softclock
54108 367231 0 0 3 0x40014200 idle0
1 458294 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex fdescpl r = 0 (0xffffffff82d1c530)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 pool_get+0xc1 sys/kern/subr_pool.c:579
#4 fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
#4 fdcopy+0x48 sys/kern/kern_descrip.c:1106
#5 process_new+0x2bc sys/kern/kern_fork.c:257
#6 fork1+0x318 sys/kern/kern_fork.c:383
#7 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#7 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#8 Xsyscall+0x128
Process 970 (syz-executor.6) thread 0xffff80002120c2c0 (321142)
exclusive rwlock sysctllk r = 0 (0xffffffff82c1b190)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 sys_sysctl+0x1c3 sys/kern/kern_sysctl.c:235
#3 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#3 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#4 Xsyscall+0x128
Process 85250 (syz-executor.3) thread 0xffff800021262818 (351839)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82c770a0)
#0 witness_lock+0x447
#1 syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline]
#1 syscall+0x5cd sys/arch/amd64/amd64/trap.c:623
#2 Xsyscall+0x128
exclusive mutex fdescpl r = 0 (0xffffffff82d1c530)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 pool_get+0xc1 sys/kern/subr_pool.c:579
#4 fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
#4 fdcopy+0x48 sys/kern/kern_descrip.c:1106
#5 process_new+0x2bc sys/kern/kern_fork.c:257
#6 fork1+0x318 sys/kern/kern_fork.c:383
#7 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#7 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#8 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10206 6411K 6420K 78643K 11735 0
pcb 13 16K 20K 78643K 19 0
rtable 240 6K 7K 78643K 6219 0
pf 29 8K 8K 78643K 329 0
ifaddr 44 17K 18K 78643K 654 0
ifgroup 50 2K 2K 78643K 650 0
sysctl 3 1K 1K 78643K 3 0
counters 60 35K 35K 78643K 360 0
ioctlops 0 0K 2K 78643K 840 0
iov 0 0K 24K 78643K 4156 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1280 80K 80K 78643K 8963 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 709 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 11845 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 21 77K 113K 78643K 49680 0
sigio 0 0K 0K 78643K 760 0
proc 56 78K 103K 78643K 6978 0
subproc 104 6K 6K 78643K 2054 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 8385 0
in_multi 99 7K 7K 78643K 2828 0
ether_multi 1 0K 0K 78643K 52 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 175 784K 784K 78643K 175 0
exec 0 0K 1K 78643K 13052 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 495 92K 110K 78643K 483034 0
UVM aobj 131 4K 4K 78643K 131 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1653 0
NDP 11 0K 2K 78643K 477 0
temp 75 5921K 6004K 78643K 131510 0
kqueue 12 18K 33K 78643K 3939 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 3355 0 3352 45 44 1 6 0 8 0
rtentry 112 1874 0 1761 4 0 4 4 0 8 0
unpcb 144 118078 0 118063 525 519 6 16 0 8 5
syncache 304 712 0 712 86 85 1 1 0 8 1
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 497 0 497 74 73 1 1 0 8 1
tcpcb 808 23702 0 23685 602 594 8 18 0 8 5
arp 120 327 0 308 1 0 1 1 0 8 0
ipq 40 61 0 59 20 19 1 1 0 8 0
ipqe 40 279 0 277 20 19 1 1 0 8 0
inpcb 368 43667 0 43643 680 673 7 23 0 8 3
nd6 136 578 0 552 11 10 1 2 0 8 0
kcovpl 48 158 0 150 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 7511 0 7044 45 15 30 31 0 8 0
art_table 32 7512 0 7044 4 0 4 4 0 8 0
art_node 16 1873 0 1770 1 0 1 1 0 8 0
semapl 112 11843 0 11833 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 62942 0 61467 93 0 93 93 0 8 0
ffsino 272 62942 0 61467 99 0 99 99 0 8 0
nchpl 144 129578 0 127937 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 417651 0 417651 15 14 1 2 0 8 1
percpumem 16 193 0 150 1 0 1 1 0 8 0
kstatmem 264 322 0 300 2 0 2 2 0 8 0
scxspl 216 381315 0 381315 152 150 2 8 1 8 2
plimitpl 152 6686 0 6663 54 53 1 2 0 8 0
sigapl 424 49671 0 49621 8 1 7 7 0 8 0
futexpl 64 462467 0 462464 9 8 1 1 0 8 0
knotepl 120 2599 0 0 21 3 18 18 0 8 0
kqueuepl 216 10609 0 10601 167 162 5 8 0 8 4
pipepl 320 8843 0 8814 246 243 3 11 0 8 0
fdescpl 496 49653 0 49621 7 2 5 6 0 8 0
pool(0xffffffff82d1c520:fdescpl): page inconsistency: page 0xfffffd80685fa000; 3 on list, 4 missing, 8 items per page
filepl 152 372382 0 372135 628 610 18 28 0 8 8
lockfpl 104 19894 0 19892 3 2 1 2 0 8 0
lockfspl 48 4526 0 4524 1 0 1 1 0 8 0
sessionpl 144 173 0 157 1 0 1 1 0 8 0
pgrppl 48 1034 0 1018 1 0 1 1 0 8 0
ucredpl 104 34209 0 34191 1 0 1 1 0 8 0
zombiepl 144 49621 0 49621 1 0 1 1 0 8 1
processpl 1072 49672 0 49621 4 0 4 4 0 8 0
procpl 680 136274 0 136201 98 90 8 9 0 8 1
sosppl 168 953 0 949 56 55 1 1 0 8 0
sockpl 488 166707 0 166664 3510 3494 16 56 0 8 8
mcl64k 65536 89 0 0 4 1 3 3 0 8 0
mcl16k 16384 71 0 0 4 1 3 3 0 8 0
mcl12k 12288 53 0 0 2 0 2 2 0 8 0
mcl9k 9216 48 0 0 4 2 2 2 0 8 0
mcl8k 8192 73 0 0 5 2 3 3 0 8 0
mcl4k 4096 145 0 0 5 1 4 4 0 8 0
mcl2k2 2112 22 0 0 2 0 2 2 0 8 0
mcl2k 2048 832 0 0 49 22 27 33 0 8 0
mtagpl 96 12 0 0 1 0 1 1 0 8 0
mbufpl 256 5066 0 0 293 0 293 293 0 8 0
bufpl 288 82972 0 76646 453 0 453 453 0 8 0
anonpl 24 4950542 0 4939004 311 214 97 118 0 186 0
amapchunkpl 152 1527846 0 1526997 336 298 38 52 0 158 0
amappl16 200 105048 0 104769 604 576 28 42 0 8 9
amappl15 192 16 0 16 1 1 0 1 0 8 0
amappl14 184 633 0 619 2 1 1 2 0 8 0
amappl13 176 25 0 24 1 0 1 1 0 8 0
amappl12 168 52570 0 52533 2 0 2 2 0 8 0
amappl11 160 51 0 41 1 0 1 1 0 8 0
amappl10 152 274 0 258 1 0 1 1 0 8 0
amappl9 144 596 0 596 75 75 0 1 0 8 0
amappl8 136 3028 0 2736 11 0 11 11 0 8 0
amappl7 128 332 0 316 2 1 1 2 0 8 0
amappl6 120 1968 0 1931 9 7 2 2 0 8 0
amappl5 112 1684 0 1674 1 0 1 1 0 8 0
amappl4 104 2659 0 2604 4 2 2 2 0 8 0
amappl3 96 298524 0 298437 12 9 3 4 0 8 0
amappl2 88 52451 0 52341 7 4 3 3 0 8 0
amappl1 80 191131 0 190595 23 10 13 22 0 8 0
amappl 88 479650 0 479395 8 0 8 8 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 49653 0 49621 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 49653 0 49621 1 0 1 1 0 8 0
vmmpekpl 168 363014 0 362954 4 0 4 4 0 8 0
vmmpepl 168 2928348 0 2925798 463 322 141 152 0 357 1
vmsppl 464 49652 0 49621 7 2 5 6 0 8 0
rwobjpl 56 702882 0 695227 142 30 112 114 0 8 0
pdppl 4096 99314 0 99242 1976 1894 82 90 0 8 10
pvpl 32 14423252 0 14405111 992 813 179 336 0 265 2
pmappl 248 49652 0 49621 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 4428 0 3309 33 0 33 33 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82b86ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82c76e98) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82c76e98) at __mp_lock+0x122 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158
witness_checkorder(fffffd806f55e010,9,0) at witness_checkorder+0x115 sys/kern/subr_witness.c:770
mtx_enter(fffffd806f55e000) at mtx_enter+0x3e sys/kern/kern_lock.c:265
kqueue_scan(ffff800021271570,8,ffff800021271670,ffff800021271770,ffff80002120c810,ffff8000212717cc) at kqueue_scan+0x1ed sys/kern/kern_event.c:1376
sys_kevent(ffff80002120c810,ffff800021271830,ffff800021271880) at sys_kevent+0x4b4 sys/kern/kern_event.c:1062
syscall(ffff800021271900) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff800021271900) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x20bb47080, count: 2
ddb{0}> trace
x86_ipi_db(ffffffff82b86ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82c76e98) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82c76e98) at __mp_lock+0x122 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158
witness_checkorder(fffffd806f55e010,9,0) at witness_checkorder+0x115 sys/kern/subr_witness.c:770
mtx_enter(fffffd806f55e000) at mtx_enter+0x3e sys/kern/kern_lock.c:265
kqueue_scan(ffff800021271570,8,ffff800021271670,ffff800021271770,ffff80002120c810,ffff8000212717cc) at kqueue_scan+0x1ed sys/kern/kern_event.c:1376
sys_kevent(ffff80002120c810,ffff800021271830,ffff800021271880) at sys_kevent+0x4b4 sys/kern/kern_event.c:1062
syscall(ffff800021271900) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff800021271900) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x20bb47080, count: -13
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x1c: addq $0x8,%rsp
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8280ddb7) at panic+0x17b sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d1c520,9,ffff80002129b8a8) at pool_do_get+0x484 sys/kern/subr_pool.c:739
pool_get(ffffffff82d1c520,9) at pool_get+0xed sys/kern/subr_pool.c:582
fdcopy(ffff800021223250) at fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
fdcopy(ffff800021223250) at fdcopy+0x48 sys/kern/kern_descrip.c:1106
process_new(ffff80002128fd38,ffff800021223250,1) at process_new+0x2bc sys/kern/kern_fork.c:257
fork1(ffff800021262818,1,ffffffff814992d0,0,ffff80002129bb00,0) at fork1+0x318 sys/kern/kern_fork.c:383
syscall(ffff80002129bb80) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129bb80) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x712d742cfba0, count: 6
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8280ddb7) at panic+0x17b sys/kern/subr_prf.c:198
pool_do_get(ffffffff82d1c520,9,ffff80002129b8a8) at pool_do_get+0x484 sys/kern/subr_pool.c:739
pool_get(ffffffff82d1c520,9) at pool_get+0xed sys/kern/subr_pool.c:582
fdcopy(ffff800021223250) at fdcopy+0x48 fdinit sys/kern/kern_descrip.c:1067 [inline]
fdcopy(ffff800021223250) at fdcopy+0x48 sys/kern/kern_descrip.c:1106
process_new(ffff80002128fd38,ffff800021223250,1) at process_new+0x2bc sys/kern/kern_fork.c:257
fork1(ffff800021262818,1,ffffffff814992d0,0,ffff80002129bb00,0) at fork1+0x318 sys/kern/kern_fork.c:383
syscall(ffff80002129bb80) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129bb80) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x712d742cfba0, count: -9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages