pool: free list modified: pdppl (3)
1 view
Skip to first unread message
syzbot
Oct 22, 2022, 2:59:35 AM10/22/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3fb2197480c3 tlsexttest.c: make various static structs const
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10500816880000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=614c458f83ae2631c788
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7234b53a1eeb/disk-3fb21974.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/87fc7acb4246/bsd-3fb21974.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1dfa89945bbf/kernel-3fb21974.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+614c45...@syzkaller.appspotmail.com
panic: pool_do_get: pdppl free list modified: page 0xfffffd807c79f000; item addr 0xfffffd807c79f000; offset 0x0=0x11e57ed0 != 0x8c1db69afe7e0cc9
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*345037 66840 0 0x2 0 0 syz-executor.4
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82618cf2) at panic+0x161 sys/kern/subr_prf.c:198
pool_do_get(ffffffff829db668,1,ffff8000231c5628) at pool_do_get+0x427 sys/kern/subr_pool.c:738
pool_get(ffffffff829db668,1) at pool_get+0xb3 sys/kern/subr_pool.c:582
pmap_create() at pmap_create+0x13f sys/arch/amd64/amd64/pmap.c:1337
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_init sys/uvm/uvm_map.c:3325 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_alloc sys/uvm/uvm_map.c:3303 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 sys/uvm/uvm_map.c:3896
process_new(ffff8000231f5510,ffff800021711798,1) at process_new+0x304 sys/kern/kern_fork.c:260
fork1(ffff8000217ae2a8,1,ffffffff81ca0de0,0,ffff8000231c5900,0) at fork1+0x30c sys/kern/kern_fork.c:379
syscall(ffff8000231c5970) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe0850, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: pool_do_get: pdppl free list modified: page 0xfffffd807c79f000; item addr 0xfffffd807c79f000; offset 0x0=0x11e57ed0 != 0x8c1db69afe7e0cc9
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82618cf2) at panic+0x161 sys/kern/subr_prf.c:198
pool_do_get(ffffffff829db668,1,ffff8000231c5628) at pool_do_get+0x427 sys/kern/subr_pool.c:738
pool_get(ffffffff829db668,1) at pool_get+0xb3 sys/kern/subr_pool.c:582
pmap_create() at pmap_create+0x13f sys/arch/amd64/amd64/pmap.c:1337
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_init sys/uvm/uvm_map.c:3325 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_alloc sys/uvm/uvm_map.c:3303 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 sys/uvm/uvm_map.c:3896
process_new(ffff8000231f5510,ffff800021711798,1) at process_new+0x304 sys/kern/kern_fork.c:260
fork1(ffff8000217ae2a8,1,ffffffff81ca0de0,0,ffff8000231c5900,0) at fork1+0x30c sys/kern/kern_fork.c:379
syscall(ffff8000231c5970) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe0850, count: -10
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000231c54a0
rbx 0x8c1db69afe7e0cc9
rdx 0
rcx 0
rax 0xffff8000217ae2a8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x4f1d51cc3993af9a
r11 0xe3fce8d2ed1265c6
r12 0
r13 0xfffffd807c79f000
r14 0
r15 0x1
rip 0xffffffff823ac408 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000231c5490
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.4) pid=345037 stat=onproc
flags process=2<EXEC> proc=0
pri=81, usrpri=81, nice=20
forw=0xffffffffffffffff, list=0xffff8000231f4550,0xffff80002cec42b8
process=0xffff800021711798 user=0xffff8000231c0000, vmspace=0xfffffd805ec7c118
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
92308 210338 29189 0 2 0 syz-executor.7
92308 188229 29189 0 3 0x4000080 fsleep syz-executor.7
80926 252401 33578 0 3 0x80 nanoslp syz-executor.6
80926 177073 33578 0 3 0x4000080 fsleep syz-executor.6
67969 83641 45832 0 2 0 syz-executor.3
67969 330778 45832 0 3 0x4000080 fsleep syz-executor.3
81835 298736 20449 0 2 0 syz-executor.1
81835 171127 20449 0 3 0x4000080 fsleep syz-executor.1
54504 422930 60657 0 2 0 syz-executor.0
54504 271169 60657 0 3 0x4000080 fsleep syz-executor.0
54504 408234 60657 0 3 0x4000080 fsleep syz-executor.0
54504 217584 60657 0 3 0x4000080 fsleep syz-executor.0
31454 359145 53697 0 2 0 syz-executor.2
31454 68004 53697 0 2 0x4000000 syz-executor.2
60657 235510 12197 0 3 0x82 nanoslp syz-executor.0
29189 352899 12197 0 3 0x82 nanoslp syz-executor.7
20449 276439 12197 0 3 0x82 nanoslp syz-executor.1
64129 468245 12197 0 3 0x82 nanoslp syz-executor.5
*66840 345037 12197 0 7 0x2 syz-executor.4
33578 226496 12197 0 3 0x82 nanoslp syz-executor.6
45832 292710 12197 0 3 0x82 nanoslp syz-executor.3
55107 347486 1 0 3 0x100083 ttyin getty
53697 209882 12197 0 3 0x82 nanoslp syz-executor.2
26381 286346 0 0 3 0x14200 acct acct
20030 399758 0 0 3 0x14280 nfsidl nfsio
56144 378931 0 0 3 0x14280 nfsidl nfsio
20997 220089 0 0 3 0x14280 nfsidl nfsio
41770 455032 0 0 3 0x14280 nfsidl nfsio
49110 3500 0 0 3 0x14280 nfsidl nfsio
41403 36619 0 0 3 0x14280 nfsidl nfsio
12690 63206 0 0 3 0x14280 nfsidl nfsio
99188 503433 0 0 3 0x14280 nfsidl nfsio
50032 70992 0 0 3 0x14280 nfsidl nfsio
80137 455796 0 0 3 0x14280 nfsidl nfsio
68329 222572 0 0 3 0x14280 nfsidl nfsio
50825 321158 0 0 3 0x14280 nfsidl nfsio
62077 90452 0 0 3 0x14280 nfsidl nfsio
47346 198877 0 0 3 0x14280 nfsidl nfsio
5145 442396 0 0 3 0x14280 nfsidl nfsio
14155 403207 0 0 3 0x14280 nfsidl nfsio
89058 32676 0 0 3 0x14280 nfsidl nfsio
10635 29020 0 0 3 0x14280 nfsidl nfsio
52034 28865 0 0 3 0x14280 nfsidl nfsio
23153 454065 0 0 3 0x14280 nfsidl nfsio
70355 321590 0 0 3 0x14200 bored sosplice
12197 83719 72061 0 3 0x82 thrsleep syz-fuzzer
12197 235965 72061 0 3 0x4000082 nanoslp syz-fuzzer
12197 119812 72061 0 3 0x4000082 thrsleep syz-fuzzer
12197 217303 72061 0 3 0x4000082 wait syz-fuzzer
12197 502420 72061 0 3 0x4000082 thrsleep syz-fuzzer
12197 20692 72061 0 3 0x4000082 wait syz-fuzzer
12197 166025 72061 0 3 0x4000082 wait syz-fuzzer
12197 1669 72061 0 3 0x4000082 wait syz-fuzzer
12197 293476 72061 0 3 0x4000082 thrsleep syz-fuzzer
12197 251419 72061 0 3 0x4000082 wait syz-fuzzer
12197 38847 72061 0 3 0x4000082 wait syz-fuzzer
12197 360051 72061 0 3 0x4000082 wait syz-fuzzer
12197 138076 72061 0 3 0x4000082 wait syz-fuzzer
12197 123441 72061 0 3 0x4000082 kqread syz-fuzzer
72061 74360 48701 0 3 0x10008a sigsusp ksh
48701 435861 22350 0 3 0x9a kqread sshd
22350 469444 1 0 3 0x88 kqread sshd
56699 299575 87956 73 3 0x1100090 kqread syslogd
87956 333647 1 0 3 0x100082 netio syslogd
54115 486239 1 0 3 0x100080 kqread resolvd
55812 388778 79066 77 3 0x100092 kqread dhcpleased
5115 344141 79066 77 3 0x100092 kqread dhcpleased
79066 198958 1 0 3 0x80 kqread dhcpleased
90590 3604 0 0 3 0x14200 bored smr
44121 446193 0 0 2 0x14200 zerothread
32511 207278 0 0 3 0x14200 aiodoned aiodoned
78399 410468 0 0 3 0x14200 syncer update
6773 410363 0 0 3 0x14200 cleaner cleaner
64614 247468 0 0 3 0x14200 reaper reaper
61474 208708 0 0 3 0x14200 pgdaemon pagedaemon
91101 32344 0 0 3 0x14200 bored viomb
87115 506443 0 0 3 0x40014200 acpi0 acpi0
5081 320854 0 0 3 0x14200 bored softnet
84797 491124 0 0 3 0x14200 bored softnet
69705 379300 0 0 3 0x14200 bored softnet
11862 292134 0 0 3 0x14200 bored softnet
99740 314982 0 0 3 0x14200 bored systqmp
7664 413211 0 0 3 0x14200 bored systq
69390 205342 0 0 3 0x40014200 bored softclock
6532 258434 0 0 3 0x40014200 idle0
1 39981 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10197 6427K 6831K 78643K 19618 0
pcb 13 18K 23K 78643K 1150 0
rtable 179 18K 20K 78643K 3942 0
ifaddr 130 33K 33K 78643K 1457 0
sysctl 3 1K 1K 78643K 3 0
counters 24 17K 17K 78643K 214 0
ioctlops 0 0K 4K 78643K 3778 0
iov 0 0K 32K 78643K 905 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1488 93K 93K 78643K 5632 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 72 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 1K 78643K 581 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 17 61K 65K 78643K 8198 0
sigio 0 0K 0K 78643K 1062 0
proc 59 59K 75K 78643K 2046 0
subproc 104 6K 6K 78643K 741 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 491 0
in_multi 63 4K 6K 78643K 963 0
ether_multi 1 0K 0K 78643K 41 0
mrt 1 0K 0K 78643K 41 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 163 731K 731K 78643K 163 0
exec 0 0K 2K 78643K 3172 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 400 534K 534K 78643K 44430 0
UVM aobj 131 6K 6K 78643K 139 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 4 0K 0K 78643K 263 0
NDP 10 0K 2K 78643K 303 0
temp 120 4730K 5754K 78643K 90429 0
kqueue 12 18K 26K 78643K 558 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 574 0 571 6 5 1 3 0 8 0
rtentry 112 883 0 816 4 1 3 4 0 8 0
unpcb 144 6298 0 6285 64 60 4 10 0 8 3
syncache 296 27 0 27 6 5 1 1 0 8 1
tcpqe 32 16 0 16 4 3 1 1 0 8 1
tcpcb 768 1881 0 1871 80 77 3 18 0 8 1
arp 88 123 0 111 1 0 1 1 0 8 0
ipq 40 4 0 3 3 2 1 1 0 8 0
ipqe 40 13 0 12 3 2 1 1 0 8 0
inpcb 336 5886 0 5875 94 85 9 17 0 8 8
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 4 0 4 1 1 0 1 0 8 0
nd6 48 221 0 206 1 0 1 1 0 8 0
kcovpl 48 57 0 49 1 0 1 1 0 8 0
mppekey 1024 3 0 3 1 1 0 1 0 8 0
ppxss 1160 92 0 92 9 9 0 1 0 8 0
pppxif 1608 11 0 11 3 3 0 1 0 8 0
pfstscr 40 1641 0 1635 1 0 1 1 0 8 0
pfosfp 40 72 0 69 1 0 1 1 0 8 0
pfosfpen 112 72 0 1 3 0 3 3 0 8 0
pfrktable 1344 629 0 622 4 3 1 1 0 8 0
pfanchor 1280 574 2 67 43 0 43 43 0 8 0
pftag 88 9 0 6 3 2 1 1 0 8 0
pfqueue 264 76 0 76 4 4 0 1 0 8 0
pfstitem 24 93 0 87 1 0 1 1 0 8 0
pfstkey 120 1641 0 1637 1 0 1 1 0 8 0
pfstate 336 824 0 821 1 0 1 1 0 8 0
pfrule 1360 306 0 271 11 8 3 3 0 8 0
rttmr 136 12 0 12 2 2 0 1 0 8 0
art_heap8 4096 4 0 3 4 3 1 2 0 8 0
art_heap4 256 4165 0 3874 47 20 27 29 0 8 1
art_table 32 4169 0 3877 4 0 4 4 0 8 0
art_node 16 882 0 823 1 0 1 1 0 8 0
sysvmsgpl 40 62 0 37 1 0 1 1 0 8 0
semapl 112 578 0 568 1 0 1 1 0 8 0
shmpl 112 136 0 8 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 11591 0 10135 92 0 92 92 0 8 0
ffsino 240 11591 0 10135 86 0 86 86 0 8 0
nchpl 144 22371 0 20742 63 1 62 63 0 8 0
rtmask 32 2 0 2 1 1 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 89580 0 89580 4 3 1 2 0 8 1
vcpupl 2048 72 0 1 9 0 9 9 0 8 0
vmpool 536 94 0 23 5 0 5 5 0 8 0
pfiaddrpl 120 191 0 174 3 2 1 1 0 8 0
kstatmem 264 298 0 278 2 0 2 2 0 8 0
scsiplug 72 8 0 8 2 2 0 1 0 8 0
scxspl 216 60707 0 60707 18 17 1 8 0 8 1
plimitpl 152 896 0 881 1 0 1 1 0 8 0
sigapl 424 8411 0 8344 8 0 8 8 0 8 0
futexpl 64 75469 0 75462 1 0 1 1 0 8 0
knotepl 120 124156 0 124076 48 43 5 11 0 8 0
kqueuepl 184 1315 0 1307 17 16 1 4 0 8 0
pipepl 288 1707 0 1679 32 29 3 7 0 8 0
fdescpl 432 8373 0 8345 4 0 4 4 0 8 0
filepl 120 60287 0 60011 69 57 12 16 0 8 2
lockfpl 104 3215 0 3213 7 6 1 2 0 8 0
lockfspl 48 798 0 796 1 0 1 1 0 8 0
sessionpl 144 74 0 58 1 0 1 1 0 8 0
pgrppl 48 81 0 65 1 0 1 1 0 8 0
ucredpl 104 6563 0 6552 1 0 1 1 0 8 0
zombiepl 144 8345 0 8344 1 0 1 1 0 8 0
processpl 1000 8411 0 8344 10 1 9 9 0 8 0
procpl 672 20003 0 19915 21 12 9 9 0 8 1
sosppl 168 66 0 66 10 10 0 1 0 8 0
sockpl 456 12758 0 12731 343 327 16 34 0 8 12
mcl64k 65536 301 0 301 10 9 1 1 0 8 1
mcl16k 16384 137 0 137 10 9 1 1 0 8 1
mcl12k 12288 281 0 281 9 8 1 1 0 8 1
mcl9k 9216 126 0 126 12 11 1 1 0 8 1
mcl8k 8192 726 0 725 4 3 1 2 0 8 0
mcl4k 4096 1319 0 1319 4 3 1 1 0 8 1
mcl2k2 2112 133 0 133 13 12 1 1 0 8 1
mcl2k 2048 91222 0 91162 25 16 9 13 0 8 0
mtagpl 96 565 0 554 9 5 4 5 0 8 3
mbufpl 256 230418 0 230203 813 788 25 572 0 8 1
bufpl 288 15173 0 8773 458 0 458 458 0 8 0
anonpl 24 1508044 0 1488847 188 70 118 129 0 188 1
amapchunkpl 152 127350 0 126626 72 42 30 40 0 158 1
amappl16 200 20245 0 19587 89 53 36 48 0 8 0
amappl15 192 1390 0 1379 2 1 1 2 0 8 0
amappl14 184 1385 0 1381 1 0 1 1 0 8 0
amappl13 176 1298 0 1296 1 0 1 1 0 8 0
amappl12 168 1320 0 1312 1 0 1 1 0 8 0
amappl11 160 165 0 154 1 0 1 1 0 8 0
amappl10 152 1579 0 1568 1 0 1 1 0 8 0
amappl9 144 1682 0 1677 1 0 1 1 0 8 0
amappl8 136 2272 0 2181 4 0 4 4 0 8 0
amappl7 128 976 0 953 1 0 1 1 0 8 0
amappl6 120 1354 0 1327 2 1 1 2 0 8 0
amappl5 112 7547 0 7535 1 0 1 1 0 8 0
amappl4 104 2313 0 2278 2 1 1 2 0 8 0
amappl3 96 24135 0 24079 2 0 2 2 0 8 0
amappl2 88 3241 0 3189 3 1 2 3 0 8 0
amappl1 80 195035 0 194305 28 12 16 21 0 8 0
amappl 88 42990 0 42785 7 2 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 138 0 8 3 0 3 3 0 8 0
uaddrrnd 24 8466 0 8368 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 8466 0 8368 1 0 1 1 0 8 0
vmmpekpl 168 60747 0 60676 4 0 4 4 0 8 0
vmmpepl 168 826664 0 823717 243 100 143 151 0 357 6
vmsppl 272 8466 0 8368 8 1 7 7 0 8 0
rwobjpl 24 194534 0 186652 50 1 49 50 0 8 0
pdppl 4096 16939 0 16807 642 509 133 136 0 8 1
pdppl: pool(0xffffffff829db668:pdppl): free list modified: page 0xfffffd807c79f000; item ordinal 0; addr 0xfffffd807c79f000 (p 0xfffffd8075ac6000); offset 0x0=0x11e57ed0
pool(pdppl): free list modified: page 0xfffffd807c79f000; item ordinal 0; addr 0xfffffd807c79f000 (p 0xfffffd8075ac6000); offset 0x0=0x0
pdppl: pool(0xffffffff829db668:pdppl): page inconsistency: page 0xfffffd807c79f000; item ordinal 1; addr 0x1bfa9f830d82ddf2
pvpl 32 3041021 0 3016837 388 188 200 268 0 265 4
pmappl 216 8466 0 8368 6 0 6 6 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2361 0 1489 43 15 28 41 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82618cf2) at panic+0x161 sys/kern/subr_prf.c:198
pool_do_get(ffffffff829db668,1,ffff8000231c5628) at pool_do_get+0x427 sys/kern/subr_pool.c:738
pool_get(ffffffff829db668,1) at pool_get+0xb3 sys/kern/subr_pool.c:582
pmap_create() at pmap_create+0x13f sys/arch/amd64/amd64/pmap.c:1337
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_init sys/uvm/uvm_map.c:3325 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_alloc sys/uvm/uvm_map.c:3303 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 sys/uvm/uvm_map.c:3896
process_new(ffff8000231f5510,ffff800021711798,1) at process_new+0x304 sys/kern/kern_fork.c:260
fork1(ffff8000217ae2a8,1,ffffffff81ca0de0,0,ffff8000231c5900,0) at fork1+0x30c sys/kern/kern_fork.c:379
syscall(ffff8000231c5970) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe0850, count: -10
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82618cf2) at panic+0x161 sys/kern/subr_prf.c:198
pool_do_get(ffffffff829db668,1,ffff8000231c5628) at pool_do_get+0x427 sys/kern/subr_pool.c:738
pool_get(ffffffff829db668,1) at pool_get+0xb3 sys/kern/subr_pool.c:582
pmap_create() at pmap_create+0x13f sys/arch/amd64/amd64/pmap.c:1337
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_init sys/uvm/uvm_map.c:3325 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_alloc sys/uvm/uvm_map.c:3303 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 sys/uvm/uvm_map.c:3896
process_new(ffff8000231f5510,ffff800021711798,1) at process_new+0x304 sys/kern/kern_fork.c:260
fork1(ffff8000217ae2a8,1,ffffffff81ca0de0,0,ffff8000231c5900,0) at fork1+0x30c sys/kern/kern_fork.c:379
syscall(ffff8000231c5970) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe0850, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3fb2197480c3 tlsexttest.c: make various static structs const
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10500816880000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=614c458f83ae2631c788
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7234b53a1eeb/disk-3fb21974.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/87fc7acb4246/bsd-3fb21974.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1dfa89945bbf/kernel-3fb21974.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+614c45...@syzkaller.appspotmail.com
panic: pool_do_get: pdppl free list modified: page 0xfffffd807c79f000; item addr 0xfffffd807c79f000; offset 0x0=0x11e57ed0 != 0x8c1db69afe7e0cc9
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*345037 66840 0 0x2 0 0 syz-executor.4
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82618cf2) at panic+0x161 sys/kern/subr_prf.c:198
pool_do_get(ffffffff829db668,1,ffff8000231c5628) at pool_do_get+0x427 sys/kern/subr_pool.c:738
pool_get(ffffffff829db668,1) at pool_get+0xb3 sys/kern/subr_pool.c:582
pmap_create() at pmap_create+0x13f sys/arch/amd64/amd64/pmap.c:1337
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_init sys/uvm/uvm_map.c:3325 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_alloc sys/uvm/uvm_map.c:3303 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 sys/uvm/uvm_map.c:3896
process_new(ffff8000231f5510,ffff800021711798,1) at process_new+0x304 sys/kern/kern_fork.c:260
fork1(ffff8000217ae2a8,1,ffffffff81ca0de0,0,ffff8000231c5900,0) at fork1+0x30c sys/kern/kern_fork.c:379
syscall(ffff8000231c5970) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe0850, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: pool_do_get: pdppl free list modified: page 0xfffffd807c79f000; item addr 0xfffffd807c79f000; offset 0x0=0x11e57ed0 != 0x8c1db69afe7e0cc9
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82618cf2) at panic+0x161 sys/kern/subr_prf.c:198
pool_do_get(ffffffff829db668,1,ffff8000231c5628) at pool_do_get+0x427 sys/kern/subr_pool.c:738
pool_get(ffffffff829db668,1) at pool_get+0xb3 sys/kern/subr_pool.c:582
pmap_create() at pmap_create+0x13f sys/arch/amd64/amd64/pmap.c:1337
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_init sys/uvm/uvm_map.c:3325 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_alloc sys/uvm/uvm_map.c:3303 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 sys/uvm/uvm_map.c:3896
process_new(ffff8000231f5510,ffff800021711798,1) at process_new+0x304 sys/kern/kern_fork.c:260
fork1(ffff8000217ae2a8,1,ffffffff81ca0de0,0,ffff8000231c5900,0) at fork1+0x30c sys/kern/kern_fork.c:379
syscall(ffff8000231c5970) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe0850, count: -10
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000231c54a0
rbx 0x8c1db69afe7e0cc9
rdx 0
rcx 0
rax 0xffff8000217ae2a8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x4f1d51cc3993af9a
r11 0xe3fce8d2ed1265c6
r12 0
r13 0xfffffd807c79f000
r14 0
r15 0x1
rip 0xffffffff823ac408 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000231c5490
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.4) pid=345037 stat=onproc
flags process=2<EXEC> proc=0
pri=81, usrpri=81, nice=20
forw=0xffffffffffffffff, list=0xffff8000231f4550,0xffff80002cec42b8
process=0xffff800021711798 user=0xffff8000231c0000, vmspace=0xfffffd805ec7c118
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
92308 210338 29189 0 2 0 syz-executor.7
92308 188229 29189 0 3 0x4000080 fsleep syz-executor.7
80926 252401 33578 0 3 0x80 nanoslp syz-executor.6
80926 177073 33578 0 3 0x4000080 fsleep syz-executor.6
67969 83641 45832 0 2 0 syz-executor.3
67969 330778 45832 0 3 0x4000080 fsleep syz-executor.3
81835 298736 20449 0 2 0 syz-executor.1
81835 171127 20449 0 3 0x4000080 fsleep syz-executor.1
54504 422930 60657 0 2 0 syz-executor.0
54504 271169 60657 0 3 0x4000080 fsleep syz-executor.0
54504 408234 60657 0 3 0x4000080 fsleep syz-executor.0
54504 217584 60657 0 3 0x4000080 fsleep syz-executor.0
31454 359145 53697 0 2 0 syz-executor.2
31454 68004 53697 0 2 0x4000000 syz-executor.2
60657 235510 12197 0 3 0x82 nanoslp syz-executor.0
29189 352899 12197 0 3 0x82 nanoslp syz-executor.7
20449 276439 12197 0 3 0x82 nanoslp syz-executor.1
64129 468245 12197 0 3 0x82 nanoslp syz-executor.5
*66840 345037 12197 0 7 0x2 syz-executor.4
33578 226496 12197 0 3 0x82 nanoslp syz-executor.6
45832 292710 12197 0 3 0x82 nanoslp syz-executor.3
55107 347486 1 0 3 0x100083 ttyin getty
53697 209882 12197 0 3 0x82 nanoslp syz-executor.2
26381 286346 0 0 3 0x14200 acct acct
20030 399758 0 0 3 0x14280 nfsidl nfsio
56144 378931 0 0 3 0x14280 nfsidl nfsio
20997 220089 0 0 3 0x14280 nfsidl nfsio
41770 455032 0 0 3 0x14280 nfsidl nfsio
49110 3500 0 0 3 0x14280 nfsidl nfsio
41403 36619 0 0 3 0x14280 nfsidl nfsio
12690 63206 0 0 3 0x14280 nfsidl nfsio
99188 503433 0 0 3 0x14280 nfsidl nfsio
50032 70992 0 0 3 0x14280 nfsidl nfsio
80137 455796 0 0 3 0x14280 nfsidl nfsio
68329 222572 0 0 3 0x14280 nfsidl nfsio
50825 321158 0 0 3 0x14280 nfsidl nfsio
62077 90452 0 0 3 0x14280 nfsidl nfsio
47346 198877 0 0 3 0x14280 nfsidl nfsio
5145 442396 0 0 3 0x14280 nfsidl nfsio
14155 403207 0 0 3 0x14280 nfsidl nfsio
89058 32676 0 0 3 0x14280 nfsidl nfsio
10635 29020 0 0 3 0x14280 nfsidl nfsio
52034 28865 0 0 3 0x14280 nfsidl nfsio
23153 454065 0 0 3 0x14280 nfsidl nfsio
70355 321590 0 0 3 0x14200 bored sosplice
12197 83719 72061 0 3 0x82 thrsleep syz-fuzzer
12197 235965 72061 0 3 0x4000082 nanoslp syz-fuzzer
12197 119812 72061 0 3 0x4000082 thrsleep syz-fuzzer
12197 217303 72061 0 3 0x4000082 wait syz-fuzzer
12197 502420 72061 0 3 0x4000082 thrsleep syz-fuzzer
12197 20692 72061 0 3 0x4000082 wait syz-fuzzer
12197 166025 72061 0 3 0x4000082 wait syz-fuzzer
12197 1669 72061 0 3 0x4000082 wait syz-fuzzer
12197 293476 72061 0 3 0x4000082 thrsleep syz-fuzzer
12197 251419 72061 0 3 0x4000082 wait syz-fuzzer
12197 38847 72061 0 3 0x4000082 wait syz-fuzzer
12197 360051 72061 0 3 0x4000082 wait syz-fuzzer
12197 138076 72061 0 3 0x4000082 wait syz-fuzzer
12197 123441 72061 0 3 0x4000082 kqread syz-fuzzer
72061 74360 48701 0 3 0x10008a sigsusp ksh
48701 435861 22350 0 3 0x9a kqread sshd
22350 469444 1 0 3 0x88 kqread sshd
56699 299575 87956 73 3 0x1100090 kqread syslogd
87956 333647 1 0 3 0x100082 netio syslogd
54115 486239 1 0 3 0x100080 kqread resolvd
55812 388778 79066 77 3 0x100092 kqread dhcpleased
5115 344141 79066 77 3 0x100092 kqread dhcpleased
79066 198958 1 0 3 0x80 kqread dhcpleased
90590 3604 0 0 3 0x14200 bored smr
44121 446193 0 0 2 0x14200 zerothread
32511 207278 0 0 3 0x14200 aiodoned aiodoned
78399 410468 0 0 3 0x14200 syncer update
6773 410363 0 0 3 0x14200 cleaner cleaner
64614 247468 0 0 3 0x14200 reaper reaper
61474 208708 0 0 3 0x14200 pgdaemon pagedaemon
91101 32344 0 0 3 0x14200 bored viomb
87115 506443 0 0 3 0x40014200 acpi0 acpi0
5081 320854 0 0 3 0x14200 bored softnet
84797 491124 0 0 3 0x14200 bored softnet
69705 379300 0 0 3 0x14200 bored softnet
11862 292134 0 0 3 0x14200 bored softnet
99740 314982 0 0 3 0x14200 bored systqmp
7664 413211 0 0 3 0x14200 bored systq
69390 205342 0 0 3 0x40014200 bored softclock
6532 258434 0 0 3 0x40014200 idle0
1 39981 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10197 6427K 6831K 78643K 19618 0
pcb 13 18K 23K 78643K 1150 0
rtable 179 18K 20K 78643K 3942 0
ifaddr 130 33K 33K 78643K 1457 0
sysctl 3 1K 1K 78643K 3 0
counters 24 17K 17K 78643K 214 0
ioctlops 0 0K 4K 78643K 3778 0
iov 0 0K 32K 78643K 905 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1488 93K 93K 78643K 5632 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 72 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 1K 78643K 581 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 17 61K 65K 78643K 8198 0
sigio 0 0K 0K 78643K 1062 0
proc 59 59K 75K 78643K 2046 0
subproc 104 6K 6K 78643K 741 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 491 0
in_multi 63 4K 6K 78643K 963 0
ether_multi 1 0K 0K 78643K 41 0
mrt 1 0K 0K 78643K 41 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 163 731K 731K 78643K 163 0
exec 0 0K 2K 78643K 3172 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 400 534K 534K 78643K 44430 0
UVM aobj 131 6K 6K 78643K 139 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 4 0K 0K 78643K 263 0
NDP 10 0K 2K 78643K 303 0
temp 120 4730K 5754K 78643K 90429 0
kqueue 12 18K 26K 78643K 558 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 574 0 571 6 5 1 3 0 8 0
rtentry 112 883 0 816 4 1 3 4 0 8 0
unpcb 144 6298 0 6285 64 60 4 10 0 8 3
syncache 296 27 0 27 6 5 1 1 0 8 1
tcpqe 32 16 0 16 4 3 1 1 0 8 1
tcpcb 768 1881 0 1871 80 77 3 18 0 8 1
arp 88 123 0 111 1 0 1 1 0 8 0
ipq 40 4 0 3 3 2 1 1 0 8 0
ipqe 40 13 0 12 3 2 1 1 0 8 0
inpcb 336 5886 0 5875 94 85 9 17 0 8 8
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 4 0 4 1 1 0 1 0 8 0
nd6 48 221 0 206 1 0 1 1 0 8 0
kcovpl 48 57 0 49 1 0 1 1 0 8 0
mppekey 1024 3 0 3 1 1 0 1 0 8 0
ppxss 1160 92 0 92 9 9 0 1 0 8 0
pppxif 1608 11 0 11 3 3 0 1 0 8 0
pfstscr 40 1641 0 1635 1 0 1 1 0 8 0
pfosfp 40 72 0 69 1 0 1 1 0 8 0
pfosfpen 112 72 0 1 3 0 3 3 0 8 0
pfrktable 1344 629 0 622 4 3 1 1 0 8 0
pfanchor 1280 574 2 67 43 0 43 43 0 8 0
pftag 88 9 0 6 3 2 1 1 0 8 0
pfqueue 264 76 0 76 4 4 0 1 0 8 0
pfstitem 24 93 0 87 1 0 1 1 0 8 0
pfstkey 120 1641 0 1637 1 0 1 1 0 8 0
pfstate 336 824 0 821 1 0 1 1 0 8 0
pfrule 1360 306 0 271 11 8 3 3 0 8 0
rttmr 136 12 0 12 2 2 0 1 0 8 0
art_heap8 4096 4 0 3 4 3 1 2 0 8 0
art_heap4 256 4165 0 3874 47 20 27 29 0 8 1
art_table 32 4169 0 3877 4 0 4 4 0 8 0
art_node 16 882 0 823 1 0 1 1 0 8 0
sysvmsgpl 40 62 0 37 1 0 1 1 0 8 0
semapl 112 578 0 568 1 0 1 1 0 8 0
shmpl 112 136 0 8 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 11591 0 10135 92 0 92 92 0 8 0
ffsino 240 11591 0 10135 86 0 86 86 0 8 0
nchpl 144 22371 0 20742 63 1 62 63 0 8 0
rtmask 32 2 0 2 1 1 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 89580 0 89580 4 3 1 2 0 8 1
vcpupl 2048 72 0 1 9 0 9 9 0 8 0
vmpool 536 94 0 23 5 0 5 5 0 8 0
pfiaddrpl 120 191 0 174 3 2 1 1 0 8 0
kstatmem 264 298 0 278 2 0 2 2 0 8 0
scsiplug 72 8 0 8 2 2 0 1 0 8 0
scxspl 216 60707 0 60707 18 17 1 8 0 8 1
plimitpl 152 896 0 881 1 0 1 1 0 8 0
sigapl 424 8411 0 8344 8 0 8 8 0 8 0
futexpl 64 75469 0 75462 1 0 1 1 0 8 0
knotepl 120 124156 0 124076 48 43 5 11 0 8 0
kqueuepl 184 1315 0 1307 17 16 1 4 0 8 0
pipepl 288 1707 0 1679 32 29 3 7 0 8 0
fdescpl 432 8373 0 8345 4 0 4 4 0 8 0
filepl 120 60287 0 60011 69 57 12 16 0 8 2
lockfpl 104 3215 0 3213 7 6 1 2 0 8 0
lockfspl 48 798 0 796 1 0 1 1 0 8 0
sessionpl 144 74 0 58 1 0 1 1 0 8 0
pgrppl 48 81 0 65 1 0 1 1 0 8 0
ucredpl 104 6563 0 6552 1 0 1 1 0 8 0
zombiepl 144 8345 0 8344 1 0 1 1 0 8 0
processpl 1000 8411 0 8344 10 1 9 9 0 8 0
procpl 672 20003 0 19915 21 12 9 9 0 8 1
sosppl 168 66 0 66 10 10 0 1 0 8 0
sockpl 456 12758 0 12731 343 327 16 34 0 8 12
mcl64k 65536 301 0 301 10 9 1 1 0 8 1
mcl16k 16384 137 0 137 10 9 1 1 0 8 1
mcl12k 12288 281 0 281 9 8 1 1 0 8 1
mcl9k 9216 126 0 126 12 11 1 1 0 8 1
mcl8k 8192 726 0 725 4 3 1 2 0 8 0
mcl4k 4096 1319 0 1319 4 3 1 1 0 8 1
mcl2k2 2112 133 0 133 13 12 1 1 0 8 1
mcl2k 2048 91222 0 91162 25 16 9 13 0 8 0
mtagpl 96 565 0 554 9 5 4 5 0 8 3
mbufpl 256 230418 0 230203 813 788 25 572 0 8 1
bufpl 288 15173 0 8773 458 0 458 458 0 8 0
anonpl 24 1508044 0 1488847 188 70 118 129 0 188 1
amapchunkpl 152 127350 0 126626 72 42 30 40 0 158 1
amappl16 200 20245 0 19587 89 53 36 48 0 8 0
amappl15 192 1390 0 1379 2 1 1 2 0 8 0
amappl14 184 1385 0 1381 1 0 1 1 0 8 0
amappl13 176 1298 0 1296 1 0 1 1 0 8 0
amappl12 168 1320 0 1312 1 0 1 1 0 8 0
amappl11 160 165 0 154 1 0 1 1 0 8 0
amappl10 152 1579 0 1568 1 0 1 1 0 8 0
amappl9 144 1682 0 1677 1 0 1 1 0 8 0
amappl8 136 2272 0 2181 4 0 4 4 0 8 0
amappl7 128 976 0 953 1 0 1 1 0 8 0
amappl6 120 1354 0 1327 2 1 1 2 0 8 0
amappl5 112 7547 0 7535 1 0 1 1 0 8 0
amappl4 104 2313 0 2278 2 1 1 2 0 8 0
amappl3 96 24135 0 24079 2 0 2 2 0 8 0
amappl2 88 3241 0 3189 3 1 2 3 0 8 0
amappl1 80 195035 0 194305 28 12 16 21 0 8 0
amappl 88 42990 0 42785 7 2 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 138 0 8 3 0 3 3 0 8 0
uaddrrnd 24 8466 0 8368 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 8466 0 8368 1 0 1 1 0 8 0
vmmpekpl 168 60747 0 60676 4 0 4 4 0 8 0
vmmpepl 168 826664 0 823717 243 100 143 151 0 357 6
vmsppl 272 8466 0 8368 8 1 7 7 0 8 0
rwobjpl 24 194534 0 186652 50 1 49 50 0 8 0
pdppl 4096 16939 0 16807 642 509 133 136 0 8 1
pdppl: pool(0xffffffff829db668:pdppl): free list modified: page 0xfffffd807c79f000; item ordinal 0; addr 0xfffffd807c79f000 (p 0xfffffd8075ac6000); offset 0x0=0x11e57ed0
pool(pdppl): free list modified: page 0xfffffd807c79f000; item ordinal 0; addr 0xfffffd807c79f000 (p 0xfffffd8075ac6000); offset 0x0=0x0
pdppl: pool(0xffffffff829db668:pdppl): page inconsistency: page 0xfffffd807c79f000; item ordinal 1; addr 0x1bfa9f830d82ddf2
pvpl 32 3041021 0 3016837 388 188 200 268 0 265 4
pmappl 216 8466 0 8368 6 0 6 6 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2361 0 1489 43 15 28 41 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82618cf2) at panic+0x161 sys/kern/subr_prf.c:198
pool_do_get(ffffffff829db668,1,ffff8000231c5628) at pool_do_get+0x427 sys/kern/subr_pool.c:738
pool_get(ffffffff829db668,1) at pool_get+0xb3 sys/kern/subr_pool.c:582
pmap_create() at pmap_create+0x13f sys/arch/amd64/amd64/pmap.c:1337
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_init sys/uvm/uvm_map.c:3325 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_alloc sys/uvm/uvm_map.c:3303 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 sys/uvm/uvm_map.c:3896
process_new(ffff8000231f5510,ffff800021711798,1) at process_new+0x304 sys/kern/kern_fork.c:260
fork1(ffff8000217ae2a8,1,ffffffff81ca0de0,0,ffff8000231c5900,0) at fork1+0x30c sys/kern/kern_fork.c:379
syscall(ffff8000231c5970) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe0850, count: -10
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82618cf2) at panic+0x161 sys/kern/subr_prf.c:198
pool_do_get(ffffffff829db668,1,ffff8000231c5628) at pool_do_get+0x427 sys/kern/subr_pool.c:738
pool_get(ffffffff829db668,1) at pool_get+0xb3 sys/kern/subr_pool.c:582
pmap_create() at pmap_create+0x13f sys/arch/amd64/amd64/pmap.c:1337
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_init sys/uvm/uvm_map.c:3325 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 uvmspace_alloc sys/uvm/uvm_map.c:3303 [inline]
uvmspace_fork(ffff800021711798) at uvmspace_fork+0x60 sys/uvm/uvm_map.c:3896
process_new(ffff8000231f5510,ffff800021711798,1) at process_new+0x304 sys/kern/kern_fork.c:260
fork1(ffff8000217ae2a8,1,ffffffff81ca0de0,0,ffff8000231c5900,0) at fork1+0x30c sys/kern/kern_fork.c:379
syscall(ffff8000231c5970) at syscall+0x447 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe0850, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 20, 2023, 1:59:27 AM1/20/23
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages