pool: free list modified: sockpl (2)
0 views
Skip to first unread message
syzbot
Mar 9, 2022, 12:35:27 PM3/9/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d4130671fee9 In IPsec policy replace integer refcount with..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=142dded6700000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=3384a3034cc10d7dfbeb
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3384a3...@syzkaller.appspotmail.com
panic: pool_do_get: sockpl free list modified: page 0xfffffd80678d7000; item addr 0xfffffd80678d7aa0; offset 0x0=0x0 != 0xec7ebe9704445a55
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*175156 5874 0 0x10 0x4000000 0 syz-executor.2
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825f541d) at panic+0x161 sys/kern/subr_prf.c:202
pool_do_get(ffffffff8298df58,9,ffff80002e7e4eb8) at pool_do_get+0x427 sys/kern/subr_pool.c:740
pool_get(ffffffff8298df58,9) at pool_get+0xb3 sys/kern/subr_pool.c:584
socreate(1,ffff80002e7e4f98,1,0) at socreate+0xa7 soalloc sys/kern/uipc_socket.c:147 [inline]
socreate(1,ffff80002e7e4f98,1,0) at socreate+0xa7 sys/kern/uipc_socket.c:176
sys_socketpair(ffff800026511508,ffff80002e7e5028,ffff80002e7e5080) at sys_socketpair+0xa7 sys/kern/uipc_syscalls.c:433
syscall(ffff80002e7e50f0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa43fb83fda0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: d4130671fee9 In IPsec policy replace integer refcount with..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=142dded6700000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=3384a3034cc10d7dfbeb
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3384a3...@syzkaller.appspotmail.com
panic: pool_do_get: sockpl free list modified: page 0xfffffd80678d7000; item addr 0xfffffd80678d7aa0; offset 0x0=0x0 != 0xec7ebe9704445a55
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*175156 5874 0 0x10 0x4000000 0 syz-executor.2
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825f541d) at panic+0x161 sys/kern/subr_prf.c:202
pool_do_get(ffffffff8298df58,9,ffff80002e7e4eb8) at pool_do_get+0x427 sys/kern/subr_pool.c:740
pool_get(ffffffff8298df58,9) at pool_get+0xb3 sys/kern/subr_pool.c:584
socreate(1,ffff80002e7e4f98,1,0) at socreate+0xa7 soalloc sys/kern/uipc_socket.c:147 [inline]
socreate(1,ffff80002e7e4f98,1,0) at socreate+0xa7 sys/kern/uipc_socket.c:176
sys_socketpair(ffff800026511508,ffff80002e7e5028,ffff80002e7e5080) at sys_socketpair+0xa7 sys/kern/uipc_syscalls.c:433
syscall(ffff80002e7e50f0) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa43fb83fda0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Aug 2, 2022, 4:04:17 AM8/2/22
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages