pool: free list modified: pdppl (2)
1 view
Skip to first unread message
syzbot
Dec 9, 2021, 3:13:32 AM12/9/21
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: e4d8cd3ce2d5 relayd/ssl.c: Remove a workaround that uses a..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1340f3adb00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=7e0f816e4358e8b63b01
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7e0f81...@syzkaller.appspotmail.com
panic: pool_do_get: pdppl free list modified: page 0xfffffd8068d24000; item addr 0xfffffd8068d24000; offset 0x0=0x11e57ed0 != 0xc88bf7ad40ce2178
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*507987 73922 0 0 0x4000000 0K syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff824ea29d) at panic+0x177 sys/kern/subr_prf.c:202
pool_do_get(ffffffff82863db8,1,ffff800029752ac8) at pool_do_get+0x444 sys/kern/subr_pool.c:740
pool_get(ffffffff82863db8,1) at pool_get+0xeb sys/kern/subr_pool.c:584
pmap_create() at pmap_create+0xe7 sys/arch/amd64/amd64/pmap.c:1326
uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x45 uvmspace_init sys/uvm/uvm_map.c:3495 [inline]
uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x45 sys/uvm/uvm_map.c:3476
vm_impl_init_vmx(ffff80002187b880,ffff800021237508) at vm_impl_init_vmx+0x71 sys/arch/amd64/amd64/vmm.c:1601
vm_create(ffff800000b07800,ffff800021237508) at vm_create+0x1d2 vm_impl_init sys/arch/amd64/amd64/vmm.c:1710 [inline]
vm_create(ffff800000b07800,ffff800021237508) at vm_create+0x1d2 sys/arch/amd64/amd64/vmm.c:1527
vmmioctl(a00,c5005601,ffff800000b07800,1,ffff800021237508) at vmmioctl+0x1f2
VOP_IOCTL(fffffd806e35c3d0,c5005601,ffff800000b07800,1,fffffd807f7d7720,ffff800021237508) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd807bb18ee8,c5005601,ffff800000b07800,ffff800021237508) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff800021237508,ffff800029752fa8,ffff800029752ff0) at sys_ioctl+0x4a2
syscall(ffff800029753070) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800029753070) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5afd727a410, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: e4d8cd3ce2d5 relayd/ssl.c: Remove a workaround that uses a..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1340f3adb00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=7e0f816e4358e8b63b01
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7e0f81...@syzkaller.appspotmail.com
panic: pool_do_get: pdppl free list modified: page 0xfffffd8068d24000; item addr 0xfffffd8068d24000; offset 0x0=0x11e57ed0 != 0xc88bf7ad40ce2178
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*507987 73922 0 0 0x4000000 0K syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff824ea29d) at panic+0x177 sys/kern/subr_prf.c:202
pool_do_get(ffffffff82863db8,1,ffff800029752ac8) at pool_do_get+0x444 sys/kern/subr_pool.c:740
pool_get(ffffffff82863db8,1) at pool_get+0xeb sys/kern/subr_pool.c:584
pmap_create() at pmap_create+0xe7 sys/arch/amd64/amd64/pmap.c:1326
uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x45 uvmspace_init sys/uvm/uvm_map.c:3495 [inline]
uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x45 sys/uvm/uvm_map.c:3476
vm_impl_init_vmx(ffff80002187b880,ffff800021237508) at vm_impl_init_vmx+0x71 sys/arch/amd64/amd64/vmm.c:1601
vm_create(ffff800000b07800,ffff800021237508) at vm_create+0x1d2 vm_impl_init sys/arch/amd64/amd64/vmm.c:1710 [inline]
vm_create(ffff800000b07800,ffff800021237508) at vm_create+0x1d2 sys/arch/amd64/amd64/vmm.c:1527
vmmioctl(a00,c5005601,ffff800000b07800,1,ffff800021237508) at vmmioctl+0x1f2
VOP_IOCTL(fffffd806e35c3d0,c5005601,ffff800000b07800,1,fffffd807f7d7720,ffff800021237508) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd807bb18ee8,c5005601,ffff800000b07800,ffff800021237508) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff800021237508,ffff800029752fa8,ffff800029752ff0) at sys_ioctl+0x4a2
syscall(ffff800029753070) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800029753070) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x5afd727a410, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 9, 2022, 3:14:23 AM3/9/22
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages