panic: pool_cache_iteWmAR_NmIaNgGi: cS_PcLh eNcOkT: LmObWuERfEpDl O Nc pSuY fSCrAeLeL l0is 1t2 1mo dEiXfIiTe d0: i9t
0 views
Skip to first unread message
syzbot
May 9, 2020, 11:10:17 AM5/9/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 7752f9fd Refactor tls13_server_hello_sent().
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=127b3b7c100000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=260fa61022d52e0e0eb6
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+260fa6...@syzkaller.appspotmail.com
panic: pool_cache_iteWmAR_NmIaNgGi: cS_PcLh eNcOkT: LmObWuERfEpDl O Nc pSuY fSCrAeLeL l0is 1t2 1mo dEiXfIiTe d0: i9t
e
mStopped at savectx+0xb1: movl $0,%gs:0x530
TID PID UID PRFLAGS PFLAGS CPU COMMAND
68443 33933 0 0 0x4000000 1 syz-executor.0
*373418 22922 0 0 0x4000000 0 syz-executor.1
savectx() at savectx+0xb1
end of kernel
end trace frame: 0x17d97ef4c60, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806d7f8400+16 0x0!=0xa523e026d6b5d9a7
ddb{0}> trace
savectx() at savectx+0xb1
end of kernel
end trace frame: 0x17d97ef4c60, count: -1
ddb{0}> show registers
rdi 0xffffffff814db3c3 printf+0x93
rsi 0x185e9 acpi_pdirpa+0x4451
rbp 0xffff800023fb3700
rbx 0
rdx 0x185ea acpi_pdirpa+0x4452
rcx 0xffff800023198000
rax 0x33
r8 0xffffffff814db7df kprintf+0x16f
r9 0x1
r10 0x25
r11 0x8a7222d40ab2d912
r12 0
r13 0
r14 0xffff800020ed8768
r15 0
rip 0xffffffff816c23f1 savectx+0xb1
cs 0x8
rflags 0x46
rsp 0xffff800023fb3680
ss 0
savectx+0xb1: movl $0,%gs:0x530
ddb{0}> show proc
PROC (syz-executor.1) pid=373418 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=17, usrpri=58, nice=20
forw=0xffffffffffffffff, list=0xffff800020ed84f8,0xffff800020ed9138
process=0xffff800020ece7d0 user=0xffff800023fae000, vmspace=0xfffffd807efff2e0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
33933 378239 48145 0 2 0 syz-executor.0
33933 68443 48145 0 7 0x4000000 syz-executor.0
22922 92408 16357 0 2 0 syz-executor.1
22922 168326 16357 0 3 0x4000080 fsleep syz-executor.1
*22922 373418 16357 0 7 0x4000000 syz-executor.1
22490 84180 0 0 3 0x14200 acct acct
14617 142808 0 0 3 0x14200 bored sosplice
16357 30302 90471 0 3 0x82 nanosleep syz-executor.1
48145 96897 90471 0 3 0x82 nanosleep syz-executor.0
90471 505183 10997 0 3 0x82 thrsleep syz-fuzzer
90471 442708 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 515033 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 40519 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 146079 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 169728 10997 0 3 0x4000082 kqread syz-fuzzer
90471 348369 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 39 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 423856 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 290466 10997 0 3 0x4000082 thrsleep syz-fuzzer
10997 427753 19258 0 3 0x10008a pause ksh
19258 238652 4890 0 3 0x92 select sshd
25859 282017 1 0 3 0x100083 ttyin getty
4890 148711 1 0 3 0x80 select sshd
15943 357269 17987 74 3 0x100092 bpf pflogd
17987 350912 1 0 3 0x80 netio pflogd
89796 171270 83917 73 3 0x100090 kqread syslogd
83917 259541 1 0 3 0x100082 netio syslogd
1506 328459 1 77 3 0x100090 poll dhclient
96295 263382 1 0 3 0x80 poll dhclient
21805 338062 0 0 3 0x14200 bored smr
71365 417934 0 0 2 0x14200 zerothread
66270 75211 0 0 3 0x14200 aiodoned aiodoned
16354 423186 0 0 3 0x14200 syncer update
94886 429516 0 0 3 0x14200 cleaner cleaner
66373 175319 0 0 3 0x14200 reaper reaper
79383 519917 0 0 3 0x14200 pgdaemon pagedaemon
53433 194427 0 0 3 0x14200 bored crynlk
50778 165528 0 0 3 0x14200 bored crypto
18674 251211 0 0 3 0x40014200 acpi0 acpi0
95481 9236 0 0 3 0x40014200 idle1
35504 284787 0 0 3 0x14200 bored softnet
42833 90426 0 0 3 0x14200 bored systqmp
34506 293019 0 0 3 0x14200 bored systq
47333 453450 0 0 3 0x40014200 bored softclock
61303 356873 0 0 3 0x40014200 idle0
1 373340 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &iopl->mtx r = 0 (0xffff800000038170)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 scsi_xsh_runqueue+0x238 scsi_pending_finish sys/scsi/scsi_base.c:228 [inline]
#3 scsi_xsh_runqueue+0x238 sys/scsi/scsi_base.c:597
#4 scsi_xsh_add+0xc9 sys/scsi/scsi_base.c:535
#5 sdstrategy+0x187 sys/scsi/sd.c:585
#6 spec_strategy+0x74 sys/kern/spec_vnops.c:468
#7 ufs_strategy+0x17c
#8 VOP_STRATEGY+0x99 sys/kern/vfs_vops.c:712
#9 bwrite+0x1b9 sys/kern/vfs_bio.c:756
#10 ffs_write+0x6d3
#11 VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268
#12 vn_write+0x14e sys/kern/vfs_vnops.c:414
#13 dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#14 sys_writev+0xa7 sys/kern/sys_generic.c:312
#15 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#15 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#16 Xsyscall+0x128
Process 33933 (syz-executor.0) thread 0xffff800020ed9128 (68443)
exclusive rwlock netlock r = 0 (0xffffffff824ddfc8)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x559 sys/kern/uipc_socket.c:537
#3 sendit+0x52b sys/kern/uipc_syscalls.c:657
#4 sys_sendto+0x80 sys/kern/uipc_syscalls.c:522
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#6 Xsyscall+0x128
Process 22922 (syz-executor.1) thread 0xffff800020ed8768 (373418)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82693100)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 __mp_acquire_count+0x51 sys/kern/kern_lock.c:227
#2 mi_switch+0x392 sys/kern/sched_bsd.c:435
#3 sleep_finish+0x113 sys/kern/kern_synch.c:418
#4 sleep_finish_all+0x32 sleep_finish_timeout sys/kern/kern_synch.c:447 [inline]
#4 sleep_finish_all+0x32 sys/kern/kern_synch.c:393
#5 tsleep+0x1cc sys/kern/kern_synch.c:155
#6 biowait+0xa6 sys/kern/vfs_bio.c:1256
#7 bwrite+0x1e4 sys/kern/vfs_bio.c:765
#8 ffs_write+0x6d3
#9 VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268
#10 vn_write+0x14e sys/kern/vfs_vnops.c:414
#11 dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#12 sys_writev+0xa7 sys/kern/sys_generic.c:312
#13 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#13 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd80654b5700)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 rw_enter+0x453 sys/kern/kern_rwlock.c:311
#2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462
#3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:603
#4 vn_lock+0x81 sys/kern/vfs_vnops.c:575
#5 vn_write+0x11a sys/kern/vfs_vnops.c:411
#6 dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#7 sys_writev+0xa7 sys/kern/sys_generic.c:312
#8 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#9 Xsyscall+0x128
exclusive mutex &iopl->mtx r = 0 (0xffff800000038170)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 scsi_xsh_runqueue+0x238 scsi_pending_finish sys/scsi/scsi_base.c:228 [inline]
#3 scsi_xsh_runqueue+0x238 sys/scsi/scsi_base.c:597
#4 scsi_xsh_add+0xc9 sys/scsi/scsi_base.c:535
#5 sdstrategy+0x187 sys/scsi/sd.c:585
#6 spec_strategy+0x74 sys/kern/spec_vnops.c:468
#7 ufs_strategy+0x17c
#8 VOP_STRATEGY+0x99 sys/kern/vfs_vops.c:712
#9 bwrite+0x1b9 sys/kern/vfs_bio.c:756
#10 ffs_write+0x6d3
#11 VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268
#12 vn_write+0x14e sys/kern/vfs_vnops.c:414
#13 dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#14 sys_writev+0xa7 sys/kern/sys_generic.c:312
#15 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#15 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#16 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9506 6418K 6805K 78643K 10813 0
pcb 13 8K 8K 78643K 63 0
rtable 105 3K 3K 78643K 245 0
ifaddr 68 14K 14K 78643K 108 0
counters 43 33K 34K 78643K 51 0
ioctlops 0 0K 4K 78643K 1479 0
iov 0 0K 24K 78643K 23 0
mount 1 1K 1K 78643K 1 0
vnodes 1220 77K 77K 78643K 1282 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 4 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 19 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1823 197K 290K 78643K 12980 0
file desc 6 17K 25K 78643K 171 0
proc 60 63K 95K 78643K 444 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 17 0
in_multi 56 3K 3K 78643K 77 0
ether_multi 1 0K 0K 78643K 9 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 55 254K 254K 78643K 55 0
exec 0 0K 1K 78643K 227 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 124 39K 55K 78643K 1490 0
UVM aobj 10 4K 4K 78643K 10 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 42 0
NDP 10 0K 0K 78643K 18 0
temp 92 3042K 3112K 78643K 8424 0
kqueue 3 4K 8K 78643K 13 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 1 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 23 0 21 1 0 1 1 0 8 0
rtentry 112 48 0 4 2 0 2 2 0 8 0
unpcb 120 135 0 124 1 0 1 1 0 8 0
syncache 264 5 0 5 2 1 1 1 0 8 1
sackhl 24 1 0 0 1 0 1 1 0 8 0
tcpqe 32 376 0 376 1 1 0 1 0 8 0
tcpcb 544 92 0 88 1 0 1 1 0 8 0
inpcb 280 362 0 352 2 0 2 2 0 8 1
nd6 48 7 0 0 1 0 1 1 0 8 0
pffrag 232 2 0 2 1 0 1 1 0 482 1
pffrnode 88 2 0 2 1 0 1 1 0 8 1
pffrent 40 48 0 48 1 0 1 1 0 8 1
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 28 0 3 1 0 1 1 0 8 0
pfstkey 112 28 0 3 1 0 1 1 0 8 0
pfstate 328 28 0 3 3 0 3 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 209 0 2 13 0 13 13 0 8 0
art_table 32 210 0 2 2 0 2 2 0 8 0
art_node 16 47 0 7 1 0 1 1 0 8 0
sysvmsgpl 40 4 0 0 1 0 1 1 0 8 0
semapl 112 17 0 7 1 0 1 1 0 8 0
shmpl 112 8 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1634 0 226 89 0 89 89 0 8 0
ffsino 272 1634 0 226 95 0 95 95 0 8 0
nchpl 144 2059 0 450 60 0 60 60 0 8 0
uvmvnodes 72 1723 0 0 32 0 32 32 0 8 0
vnodes 208 1723 0 0 91 0 91 91 0 8 0
namei 1024 5488 0 5488 1 0 1 1 0 8 1
percpumem 16 36 0 4 1 0 1 1 0 8 0
vcpupl 1984 1 0 0 1 0 1 1 0 8 0
vmpool 560 1 0 0 1 0 1 1 0 8 0
scxspl 192 6290 0 6290 8 1 7 7 0 8 7
plimitpl 152 24 0 16 1 0 1 1 0 8 0
sigapl 424 388 0 354 4 0 4 4 0 8 0
futexpl 56 2601 0 2600 1 0 1 1 0 8 0
knotepl 112 72 0 53 1 0 1 1 0 8 0
kqueuepl 144 22 0 20 1 0 1 1 0 8 0
pipelkpl 48 92 0 82 1 0 1 1 0 8 0
pipepl 120 184 0 165 2 0 2 2 0 8 1
fdescpl 496 371 0 354 3 0 3 3 0 8 0
filepl 152 2138 0 2032 6 0 6 6 0 8 1
lockfpl 104 41 0 40 1 0 1 1 0 8 0
lockfspl 48 18 0 17 1 0 1 1 0 8 0
sessionpl 112 18 0 7 1 0 1 1 0 8 0
pgrppl 48 18 0 7 1 0 1 1 0 8 0
ucredpl 96 166 0 157 1 0 1 1 0 8 0
zombiepl 144 354 0 354 1 0 1 1 0 8 1
processpl 984 388 0 354 5 0 5 5 0 8 0
procpl 624 715 0 669 4 0 4 4 0 8 0
sosppl 128 2 0 2 1 0 1 1 0 8 1
sockpl 400 520 0 497 4 0 4 4 0 8 1
mcl64k 65536 9 0 0 2 0 2 2 0 8 0
mcl12k 12288 5 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 5 0 0 1 0 1 1 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 187 0 0 23 0 23 23 0 8 0
mtagpl 80 15 0 0 1 0 1 1 0 8 0
mbufpl 256 212 0 0 13 0 13 13 0 8 0
bufpl 280 3903 0 132 270 0 270 270 0 8 0
anonpl 16 50662 0 36584 69 1 68 68 0 124 11
amapchunkpl 152 2587 0 2454 21 2 19 19 0 158 13
amappl16 192 1731 0 972 47 4 43 47 0 8 5
amappl15 184 66 0 63 1 0 1 1 0 8 0
amappl14 176 24 0 21 1 0 1 1 0 8 0
amappl13 168 26 0 25 1 0 1 1 0 8 0
amappl12 160 82 0 75 1 0 1 1 0 8 0
amappl11 152 60 0 45 1 0 1 1 0 8 0
amappl10 144 25 0 19 1 0 1 1 0 8 0
amappl9 136 381 0 380 1 0 1 1 0 8 0
amappl8 128 358 0 322 2 0 2 2 0 8 0
amappl7 120 127 0 113 1 0 1 1 0 8 0
amappl6 112 30 0 25 1 0 1 1 0 8 0
amappl5 104 279 0 261 1 0 1 1 0 8 0
amappl4 96 497 0 466 1 0 1 1 0 8 0
amappl3 88 106 0 101 1 0 1 1 0 8 0
amappl2 80 2090 0 2006 2 0 2 2 0 8 0
amappl1 72 18210 0 17743 23 13 10 18 0 8 0
amappl 80 969 0 922 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 9 0 0 1 0 1 1 0 8 0
uaddrrnd 24 372 0 354 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 372 0 354 1 0 1 1 0 8 0
vmmpekpl 168 6892 0 6860 2 0 2 2 0 8 0
vmmpepl 168 52091 0 50056 107 8 99 104 0 357 10
vmsppl 368 371 0 354 2 0 2 2 0 8 0
pdppl 4096 752 0 709 6 0 6 6 0 8 0
pvpl 32 166922 0 149575 166 0 166 166 0 265 26
pmappl 232 371 0 354 3 1 2 2 0 8 1
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 263 0 3 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
savectx() at savectx+0xb1
end of kernel
end trace frame: 0x17d97ef4c60, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x3c sys/arch/amd64/amd64/bus_space.c:639
comcnputc(800,6d) at comcnputc+0x1c8 sys/dev/ic/com.c:1260
cnputc(6d) at cnputc+0x4c sys/dev/cons.c:239
kputchar(6d,5,0) at kputchar+0x219 sys/kern/subr_prf.c:343
kprintf() at kprintf+0x15c sys/kern/subr_prf.c:700
panic(ffffffff821fc0da) at panic+0xf3 vprintf sys/kern/subr_prf.c:528 [inline]
panic(ffffffff821fc0da) at panic+0xf3 sys/kern/subr_prf.c:197
pool_cache_get(ffffffff8268b9a0) at pool_cache_get+0x323 pool_cache_item_magic_check sys/kern/subr_pool.c:1781 [inline]
pool_cache_get(ffffffff8268b9a0) at pool_cache_get+0x323 sys/kern/subr_pool.c:1884
pool_get(ffffffff8268b9a0,2) at pool_get+0x91 sys/kern/subr_pool.c:572
m_gethdr(2,2) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283
ip6_fragment(fffffd806f2bc900,28,11,5dc) at ip6_fragment+0xec sys/netinet6/ip6_output.c:810
ip6_output(fffffd806f2bc900,0,fffffd806f6d9a48,0,0,fffffd806f6d99d8) at ip6_output+0x1b92 sys/netinet6/ip6_output.c:736
end trace frame: 0xffff800023fb9a60, count: 0
ddb{1}> trace
x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x3c sys/arch/amd64/amd64/bus_space.c:639
comcnputc(800,6d) at comcnputc+0x1c8 sys/dev/ic/com.c:1260
cnputc(6d) at cnputc+0x4c sys/dev/cons.c:239
kputchar(6d,5,0) at kputchar+0x219 sys/kern/subr_prf.c:343
kprintf() at kprintf+0x15c sys/kern/subr_prf.c:700
panic(ffffffff821fc0da) at panic+0xf3 vprintf sys/kern/subr_prf.c:528 [inline]
panic(ffffffff821fc0da) at panic+0xf3 sys/kern/subr_prf.c:197
pool_cache_get(ffffffff8268b9a0) at pool_cache_get+0x323 pool_cache_item_magic_check sys/kern/subr_pool.c:1781 [inline]
pool_cache_get(ffffffff8268b9a0) at pool_cache_get+0x323 sys/kern/subr_pool.c:1884
pool_get(ffffffff8268b9a0,2) at pool_get+0x91 sys/kern/subr_pool.c:572
m_gethdr(2,2) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283
ip6_fragment(fffffd806f2bc900,28,11,5dc) at ip6_fragment+0xec sys/netinet6/ip6_output.c:810
ip6_output(fffffd806f2bc900,0,fffffd806f6d9a48,0,0,fffffd806f6d99d8) at ip6_output+0x1b92 sys/netinet6/ip6_output.c:736
udp6_output(fffffd806f6d99d8,fffffd807f01e900,0,0) at udp6_output+0x36a sys/netinet6/udp6_output.c:236
sosend(fffffd806cb381a0,0,ffff800023fb9b60,0,0,8a) at sosend+0x671 sys/kern/uipc_socket.c:549
sendit(ffff800020ed9128,9,ffff800023fb9c40,a,ffff800023fb9d20) at sendit+0x52b sys/kern/uipc_syscalls.c:657
sys_sendto(ffff800020ed9128,ffff800023fb9cd8,ffff800023fb9d20) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:522
syscall(ffff800023fb9da0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023fb9da0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x13f1011bfd0, count: -20
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 7752f9fd Refactor tls13_server_hello_sent().
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=127b3b7c100000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=260fa61022d52e0e0eb6
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+260fa6...@syzkaller.appspotmail.com
panic: pool_cache_iteWmAR_NmIaNgGi: cS_PcLh eNcOkT: LmObWuERfEpDl O Nc pSuY fSCrAeLeL l0is 1t2 1mo dEiXfIiTe d0: i9t
e
mStopped at savectx+0xb1: movl $0,%gs:0x530
TID PID UID PRFLAGS PFLAGS CPU COMMAND
68443 33933 0 0 0x4000000 1 syz-executor.0
*373418 22922 0 0 0x4000000 0 syz-executor.1
savectx() at savectx+0xb1
end of kernel
end trace frame: 0x17d97ef4c60, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806d7f8400+16 0x0!=0xa523e026d6b5d9a7
ddb{0}> trace
savectx() at savectx+0xb1
end of kernel
end trace frame: 0x17d97ef4c60, count: -1
ddb{0}> show registers
rdi 0xffffffff814db3c3 printf+0x93
rsi 0x185e9 acpi_pdirpa+0x4451
rbp 0xffff800023fb3700
rbx 0
rdx 0x185ea acpi_pdirpa+0x4452
rcx 0xffff800023198000
rax 0x33
r8 0xffffffff814db7df kprintf+0x16f
r9 0x1
r10 0x25
r11 0x8a7222d40ab2d912
r12 0
r13 0
r14 0xffff800020ed8768
r15 0
rip 0xffffffff816c23f1 savectx+0xb1
cs 0x8
rflags 0x46
rsp 0xffff800023fb3680
ss 0
savectx+0xb1: movl $0,%gs:0x530
ddb{0}> show proc
PROC (syz-executor.1) pid=373418 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=17, usrpri=58, nice=20
forw=0xffffffffffffffff, list=0xffff800020ed84f8,0xffff800020ed9138
process=0xffff800020ece7d0 user=0xffff800023fae000, vmspace=0xfffffd807efff2e0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
33933 378239 48145 0 2 0 syz-executor.0
33933 68443 48145 0 7 0x4000000 syz-executor.0
22922 92408 16357 0 2 0 syz-executor.1
22922 168326 16357 0 3 0x4000080 fsleep syz-executor.1
*22922 373418 16357 0 7 0x4000000 syz-executor.1
22490 84180 0 0 3 0x14200 acct acct
14617 142808 0 0 3 0x14200 bored sosplice
16357 30302 90471 0 3 0x82 nanosleep syz-executor.1
48145 96897 90471 0 3 0x82 nanosleep syz-executor.0
90471 505183 10997 0 3 0x82 thrsleep syz-fuzzer
90471 442708 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 515033 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 40519 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 146079 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 169728 10997 0 3 0x4000082 kqread syz-fuzzer
90471 348369 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 39 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 423856 10997 0 3 0x4000082 thrsleep syz-fuzzer
90471 290466 10997 0 3 0x4000082 thrsleep syz-fuzzer
10997 427753 19258 0 3 0x10008a pause ksh
19258 238652 4890 0 3 0x92 select sshd
25859 282017 1 0 3 0x100083 ttyin getty
4890 148711 1 0 3 0x80 select sshd
15943 357269 17987 74 3 0x100092 bpf pflogd
17987 350912 1 0 3 0x80 netio pflogd
89796 171270 83917 73 3 0x100090 kqread syslogd
83917 259541 1 0 3 0x100082 netio syslogd
1506 328459 1 77 3 0x100090 poll dhclient
96295 263382 1 0 3 0x80 poll dhclient
21805 338062 0 0 3 0x14200 bored smr
71365 417934 0 0 2 0x14200 zerothread
66270 75211 0 0 3 0x14200 aiodoned aiodoned
16354 423186 0 0 3 0x14200 syncer update
94886 429516 0 0 3 0x14200 cleaner cleaner
66373 175319 0 0 3 0x14200 reaper reaper
79383 519917 0 0 3 0x14200 pgdaemon pagedaemon
53433 194427 0 0 3 0x14200 bored crynlk
50778 165528 0 0 3 0x14200 bored crypto
18674 251211 0 0 3 0x40014200 acpi0 acpi0
95481 9236 0 0 3 0x40014200 idle1
35504 284787 0 0 3 0x14200 bored softnet
42833 90426 0 0 3 0x14200 bored systqmp
34506 293019 0 0 3 0x14200 bored systq
47333 453450 0 0 3 0x40014200 bored softclock
61303 356873 0 0 3 0x40014200 idle0
1 373340 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &iopl->mtx r = 0 (0xffff800000038170)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 scsi_xsh_runqueue+0x238 scsi_pending_finish sys/scsi/scsi_base.c:228 [inline]
#3 scsi_xsh_runqueue+0x238 sys/scsi/scsi_base.c:597
#4 scsi_xsh_add+0xc9 sys/scsi/scsi_base.c:535
#5 sdstrategy+0x187 sys/scsi/sd.c:585
#6 spec_strategy+0x74 sys/kern/spec_vnops.c:468
#7 ufs_strategy+0x17c
#8 VOP_STRATEGY+0x99 sys/kern/vfs_vops.c:712
#9 bwrite+0x1b9 sys/kern/vfs_bio.c:756
#10 ffs_write+0x6d3
#11 VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268
#12 vn_write+0x14e sys/kern/vfs_vnops.c:414
#13 dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#14 sys_writev+0xa7 sys/kern/sys_generic.c:312
#15 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#15 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#16 Xsyscall+0x128
Process 33933 (syz-executor.0) thread 0xffff800020ed9128 (68443)
exclusive rwlock netlock r = 0 (0xffffffff824ddfc8)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x559 sys/kern/uipc_socket.c:537
#3 sendit+0x52b sys/kern/uipc_syscalls.c:657
#4 sys_sendto+0x80 sys/kern/uipc_syscalls.c:522
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#6 Xsyscall+0x128
Process 22922 (syz-executor.1) thread 0xffff800020ed8768 (373418)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82693100)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 __mp_acquire_count+0x51 sys/kern/kern_lock.c:227
#2 mi_switch+0x392 sys/kern/sched_bsd.c:435
#3 sleep_finish+0x113 sys/kern/kern_synch.c:418
#4 sleep_finish_all+0x32 sleep_finish_timeout sys/kern/kern_synch.c:447 [inline]
#4 sleep_finish_all+0x32 sys/kern/kern_synch.c:393
#5 tsleep+0x1cc sys/kern/kern_synch.c:155
#6 biowait+0xa6 sys/kern/vfs_bio.c:1256
#7 bwrite+0x1e4 sys/kern/vfs_bio.c:765
#8 ffs_write+0x6d3
#9 VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268
#10 vn_write+0x14e sys/kern/vfs_vnops.c:414
#11 dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#12 sys_writev+0xa7 sys/kern/sys_generic.c:312
#13 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#13 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd80654b5700)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 rw_enter+0x453 sys/kern/kern_rwlock.c:311
#2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462
#3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:603
#4 vn_lock+0x81 sys/kern/vfs_vnops.c:575
#5 vn_write+0x11a sys/kern/vfs_vnops.c:411
#6 dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#7 sys_writev+0xa7 sys/kern/sys_generic.c:312
#8 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#9 Xsyscall+0x128
exclusive mutex &iopl->mtx r = 0 (0xffff800000038170)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 scsi_xsh_runqueue+0x238 scsi_pending_finish sys/scsi/scsi_base.c:228 [inline]
#3 scsi_xsh_runqueue+0x238 sys/scsi/scsi_base.c:597
#4 scsi_xsh_add+0xc9 sys/scsi/scsi_base.c:535
#5 sdstrategy+0x187 sys/scsi/sd.c:585
#6 spec_strategy+0x74 sys/kern/spec_vnops.c:468
#7 ufs_strategy+0x17c
#8 VOP_STRATEGY+0x99 sys/kern/vfs_vops.c:712
#9 bwrite+0x1b9 sys/kern/vfs_bio.c:756
#10 ffs_write+0x6d3
#11 VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268
#12 vn_write+0x14e sys/kern/vfs_vnops.c:414
#13 dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#14 sys_writev+0xa7 sys/kern/sys_generic.c:312
#15 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#15 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#16 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9506 6418K 6805K 78643K 10813 0
pcb 13 8K 8K 78643K 63 0
rtable 105 3K 3K 78643K 245 0
ifaddr 68 14K 14K 78643K 108 0
counters 43 33K 34K 78643K 51 0
ioctlops 0 0K 4K 78643K 1479 0
iov 0 0K 24K 78643K 23 0
mount 1 1K 1K 78643K 1 0
vnodes 1220 77K 77K 78643K 1282 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 4 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 19 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1823 197K 290K 78643K 12980 0
file desc 6 17K 25K 78643K 171 0
proc 60 63K 95K 78643K 444 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 17 0
in_multi 56 3K 3K 78643K 77 0
ether_multi 1 0K 0K 78643K 9 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 55 254K 254K 78643K 55 0
exec 0 0K 1K 78643K 227 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 124 39K 55K 78643K 1490 0
UVM aobj 10 4K 4K 78643K 10 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 42 0
NDP 10 0K 0K 78643K 18 0
temp 92 3042K 3112K 78643K 8424 0
kqueue 3 4K 8K 78643K 13 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 1 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 23 0 21 1 0 1 1 0 8 0
rtentry 112 48 0 4 2 0 2 2 0 8 0
unpcb 120 135 0 124 1 0 1 1 0 8 0
syncache 264 5 0 5 2 1 1 1 0 8 1
sackhl 24 1 0 0 1 0 1 1 0 8 0
tcpqe 32 376 0 376 1 1 0 1 0 8 0
tcpcb 544 92 0 88 1 0 1 1 0 8 0
inpcb 280 362 0 352 2 0 2 2 0 8 1
nd6 48 7 0 0 1 0 1 1 0 8 0
pffrag 232 2 0 2 1 0 1 1 0 482 1
pffrnode 88 2 0 2 1 0 1 1 0 8 1
pffrent 40 48 0 48 1 0 1 1 0 8 1
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 28 0 3 1 0 1 1 0 8 0
pfstkey 112 28 0 3 1 0 1 1 0 8 0
pfstate 328 28 0 3 3 0 3 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 209 0 2 13 0 13 13 0 8 0
art_table 32 210 0 2 2 0 2 2 0 8 0
art_node 16 47 0 7 1 0 1 1 0 8 0
sysvmsgpl 40 4 0 0 1 0 1 1 0 8 0
semapl 112 17 0 7 1 0 1 1 0 8 0
shmpl 112 8 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1634 0 226 89 0 89 89 0 8 0
ffsino 272 1634 0 226 95 0 95 95 0 8 0
nchpl 144 2059 0 450 60 0 60 60 0 8 0
uvmvnodes 72 1723 0 0 32 0 32 32 0 8 0
vnodes 208 1723 0 0 91 0 91 91 0 8 0
namei 1024 5488 0 5488 1 0 1 1 0 8 1
percpumem 16 36 0 4 1 0 1 1 0 8 0
vcpupl 1984 1 0 0 1 0 1 1 0 8 0
vmpool 560 1 0 0 1 0 1 1 0 8 0
scxspl 192 6290 0 6290 8 1 7 7 0 8 7
plimitpl 152 24 0 16 1 0 1 1 0 8 0
sigapl 424 388 0 354 4 0 4 4 0 8 0
futexpl 56 2601 0 2600 1 0 1 1 0 8 0
knotepl 112 72 0 53 1 0 1 1 0 8 0
kqueuepl 144 22 0 20 1 0 1 1 0 8 0
pipelkpl 48 92 0 82 1 0 1 1 0 8 0
pipepl 120 184 0 165 2 0 2 2 0 8 1
fdescpl 496 371 0 354 3 0 3 3 0 8 0
filepl 152 2138 0 2032 6 0 6 6 0 8 1
lockfpl 104 41 0 40 1 0 1 1 0 8 0
lockfspl 48 18 0 17 1 0 1 1 0 8 0
sessionpl 112 18 0 7 1 0 1 1 0 8 0
pgrppl 48 18 0 7 1 0 1 1 0 8 0
ucredpl 96 166 0 157 1 0 1 1 0 8 0
zombiepl 144 354 0 354 1 0 1 1 0 8 1
processpl 984 388 0 354 5 0 5 5 0 8 0
procpl 624 715 0 669 4 0 4 4 0 8 0
sosppl 128 2 0 2 1 0 1 1 0 8 1
sockpl 400 520 0 497 4 0 4 4 0 8 1
mcl64k 65536 9 0 0 2 0 2 2 0 8 0
mcl12k 12288 5 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 5 0 0 1 0 1 1 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 187 0 0 23 0 23 23 0 8 0
mtagpl 80 15 0 0 1 0 1 1 0 8 0
mbufpl 256 212 0 0 13 0 13 13 0 8 0
bufpl 280 3903 0 132 270 0 270 270 0 8 0
anonpl 16 50662 0 36584 69 1 68 68 0 124 11
amapchunkpl 152 2587 0 2454 21 2 19 19 0 158 13
amappl16 192 1731 0 972 47 4 43 47 0 8 5
amappl15 184 66 0 63 1 0 1 1 0 8 0
amappl14 176 24 0 21 1 0 1 1 0 8 0
amappl13 168 26 0 25 1 0 1 1 0 8 0
amappl12 160 82 0 75 1 0 1 1 0 8 0
amappl11 152 60 0 45 1 0 1 1 0 8 0
amappl10 144 25 0 19 1 0 1 1 0 8 0
amappl9 136 381 0 380 1 0 1 1 0 8 0
amappl8 128 358 0 322 2 0 2 2 0 8 0
amappl7 120 127 0 113 1 0 1 1 0 8 0
amappl6 112 30 0 25 1 0 1 1 0 8 0
amappl5 104 279 0 261 1 0 1 1 0 8 0
amappl4 96 497 0 466 1 0 1 1 0 8 0
amappl3 88 106 0 101 1 0 1 1 0 8 0
amappl2 80 2090 0 2006 2 0 2 2 0 8 0
amappl1 72 18210 0 17743 23 13 10 18 0 8 0
amappl 80 969 0 922 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 9 0 0 1 0 1 1 0 8 0
uaddrrnd 24 372 0 354 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 372 0 354 1 0 1 1 0 8 0
vmmpekpl 168 6892 0 6860 2 0 2 2 0 8 0
vmmpepl 168 52091 0 50056 107 8 99 104 0 357 10
vmsppl 368 371 0 354 2 0 2 2 0 8 0
pdppl 4096 752 0 709 6 0 6 6 0 8 0
pvpl 32 166922 0 149575 166 0 166 166 0 265 26
pmappl 232 371 0 354 3 1 2 2 0 8 1
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 263 0 3 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
savectx() at savectx+0xb1
end of kernel
end trace frame: 0x17d97ef4c60, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x3c sys/arch/amd64/amd64/bus_space.c:639
comcnputc(800,6d) at comcnputc+0x1c8 sys/dev/ic/com.c:1260
cnputc(6d) at cnputc+0x4c sys/dev/cons.c:239
kputchar(6d,5,0) at kputchar+0x219 sys/kern/subr_prf.c:343
kprintf() at kprintf+0x15c sys/kern/subr_prf.c:700
panic(ffffffff821fc0da) at panic+0xf3 vprintf sys/kern/subr_prf.c:528 [inline]
panic(ffffffff821fc0da) at panic+0xf3 sys/kern/subr_prf.c:197
pool_cache_get(ffffffff8268b9a0) at pool_cache_get+0x323 pool_cache_item_magic_check sys/kern/subr_pool.c:1781 [inline]
pool_cache_get(ffffffff8268b9a0) at pool_cache_get+0x323 sys/kern/subr_pool.c:1884
pool_get(ffffffff8268b9a0,2) at pool_get+0x91 sys/kern/subr_pool.c:572
m_gethdr(2,2) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283
ip6_fragment(fffffd806f2bc900,28,11,5dc) at ip6_fragment+0xec sys/netinet6/ip6_output.c:810
ip6_output(fffffd806f2bc900,0,fffffd806f6d9a48,0,0,fffffd806f6d99d8) at ip6_output+0x1b92 sys/netinet6/ip6_output.c:736
end trace frame: 0xffff800023fb9a60, count: 0
ddb{1}> trace
x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x3c sys/arch/amd64/amd64/bus_space.c:639
comcnputc(800,6d) at comcnputc+0x1c8 sys/dev/ic/com.c:1260
cnputc(6d) at cnputc+0x4c sys/dev/cons.c:239
kputchar(6d,5,0) at kputchar+0x219 sys/kern/subr_prf.c:343
kprintf() at kprintf+0x15c sys/kern/subr_prf.c:700
panic(ffffffff821fc0da) at panic+0xf3 vprintf sys/kern/subr_prf.c:528 [inline]
panic(ffffffff821fc0da) at panic+0xf3 sys/kern/subr_prf.c:197
pool_cache_get(ffffffff8268b9a0) at pool_cache_get+0x323 pool_cache_item_magic_check sys/kern/subr_pool.c:1781 [inline]
pool_cache_get(ffffffff8268b9a0) at pool_cache_get+0x323 sys/kern/subr_pool.c:1884
pool_get(ffffffff8268b9a0,2) at pool_get+0x91 sys/kern/subr_pool.c:572
m_gethdr(2,2) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283
ip6_fragment(fffffd806f2bc900,28,11,5dc) at ip6_fragment+0xec sys/netinet6/ip6_output.c:810
ip6_output(fffffd806f2bc900,0,fffffd806f6d9a48,0,0,fffffd806f6d99d8) at ip6_output+0x1b92 sys/netinet6/ip6_output.c:736
udp6_output(fffffd806f6d99d8,fffffd807f01e900,0,0) at udp6_output+0x36a sys/netinet6/udp6_output.c:236
sosend(fffffd806cb381a0,0,ffff800023fb9b60,0,0,8a) at sosend+0x671 sys/kern/uipc_socket.c:549
sendit(ffff800020ed9128,9,ffff800023fb9c40,a,ffff800023fb9d20) at sendit+0x52b sys/kern/uipc_syscalls.c:657
sys_sendto(ffff800020ed9128,ffff800023fb9cd8,ffff800023fb9d20) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:522
syscall(ffff800023fb9da0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023fb9da0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x13f1011bfd0, count: -20
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Greg Steuck
May 10, 2020, 10:43:43 AM5/10/20
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: pool: cpu free list modified: mbufpl
Reply all
Reply to author
Forward
0 new messages