malloc: free list modified: devbuf
2 views
Skip to first unread message
syzbot
Oct 15, 2019, 9:29:08 PM10/15/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 19120e8f Fix db_stack_dump() w/ custom addr & implement db..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13d7276f600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=17937fddcfc9aedfe5b0
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+17937f...@syzkaller.appspotmail.com
panic: Data modified on freelist: word 5 of object 0xffff800000b9da00 size
0xc0 previous type devbuf (0xd != 0xdeafbead)
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*321221 26071 0 0 0x4000000 0 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(c0,2,1) at malloc+0xa23 sys/kern/kern_malloc.c:331
ifq_init(ffff800000b3c260,ffff800000b3c000,0) at ifq_init+0x6f priq_alloc
sys/net/ifq.c:671 [inline]
ifq_init(ffff800000b3c260,ffff800000b3c000,0) at ifq_init+0x6f
sys/net/ifq.c:202
if_attach_common(ffff800000b3c000) at if_attach_common+0xaf sys/net/if.c:617
if_attach(ffff800000b3c000) at if_attach+0x19 sys/net/if.c:540
tun_create(ffffffff824f9dd0,d9,800) at tun_create+0x1d3 sys/net/if_tun.c:241
if_clone_create(ffff800017b5cb00,0) at if_clone_create+0xa0
sys/net/if.c:1221
tapopen(5dd9,1,2000,ffff8000ffff29f8) at tapopen+0xd1 sys/net/if_tun.c:342
spec_open(ffff800017b5cbe8) at spec_open+0x3ea sys/kern/spec_vnops.c:158
VOP_OPEN(fffffd802f4aeaa8,1,fffffd803f7c6780,ffff8000ffff29f8) at
VOP_OPEN+0x6a sys/kern/vfs_vops.c:154
vn_open(ffff800017b5ce38,201,80) at vn_open+0x4eb sys/kern/vfs_vnops.c:186
doopenat(ffff8000ffff29f8,ffffff9c,200001c0,200,80,ffff800017b5d030) at
doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff800017b5d0b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
end trace frame: 0xffff800017b5d130, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
Data modified on freelist: word 5 of object 0xffff800000b9da00 size 0xc0
previous type devbuf (0xd != 0xdeafbead)
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(c0,2,1) at malloc+0xa23 sys/kern/kern_malloc.c:331
ifq_init(ffff800000b3c260,ffff800000b3c000,0) at ifq_init+0x6f priq_alloc
sys/net/ifq.c:671 [inline]
ifq_init(ffff800000b3c260,ffff800000b3c000,0) at ifq_init+0x6f
sys/net/ifq.c:202
if_attach_common(ffff800000b3c000) at if_attach_common+0xaf sys/net/if.c:617
if_attach(ffff800000b3c000) at if_attach+0x19 sys/net/if.c:540
tun_create(ffffffff824f9dd0,d9,800) at tun_create+0x1d3 sys/net/if_tun.c:241
if_clone_create(ffff800017b5cb00,0) at if_clone_create+0xa0
sys/net/if.c:1221
tapopen(5dd9,1,2000,ffff8000ffff29f8) at tapopen+0xd1 sys/net/if_tun.c:342
spec_open(ffff800017b5cbe8) at spec_open+0x3ea sys/kern/spec_vnops.c:158
VOP_OPEN(fffffd802f4aeaa8,1,fffffd803f7c6780,ffff8000ffff29f8) at
VOP_OPEN+0x6a sys/kern/vfs_vops.c:154
vn_open(ffff800017b5ce38,201,80) at vn_open+0x4eb sys/kern/vfs_vnops.c:186
doopenat(ffff8000ffff29f8,ffffff9c,200001c0,200,80,ffff800017b5d030) at
doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff800017b5d0b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(0,0,ffffffffffffffa0,0,3,ac1f3c39010) at Xsyscall+0x128
end of kernel
end trace frame: 0xac408ce53d0, count: -15
ddb> show registers
rdi 0xffffffff81e06467 db_enter+0x17
rsi 0x43e6 __ALIGN_SIZE+0x33e6
rbp 0xffff800017b5c7f0
rbx 0xffff800017b5c8a0
rdx 0x43e7 __ALIGN_SIZE+0x33e7
rcx 0xffff800014919000
rax 0xffff800014919000
r8 0xffff800017b5c7b0
r9 0x1
r10 0xffff800000a56b00
r11 0x205e44f73dfc1e16
r12 0x3000000008
r13 0xffff800017b5c800
r14 0x100
r15 0x1
rip 0xffffffff81e06468 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800017b5c7e0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.1) pid=321221 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=80, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff2780,0xffffffff825a3380
process=0xffff8000148a2d98 user=0xffff800017b58000,
vmspace=0xfffffd803f013440
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
26071 348508 8367 0 2 0 syz-executor.1
*26071 321221 8367 0 7 0x4000000 syz-executor.1
33077 439238 16371 0 3 0x2 biowait syz-executor.0
8367 156333 16371 0 3 0x82 nanosleep syz-executor.1
35062 11272 0 0 3 0x14200 acct acct
21605 66056 0 0 3 0x14200 bored sosplice
16371 493359 85085 0 3 0x82 thrsleep syz-fuzzer
16371 341247 85085 0 3 0x4000082 nanosleep syz-fuzzer
16371 63339 85085 0 3 0x4000082 thrsleep syz-fuzzer
16371 84711 85085 0 3 0x4000082 thrsleep syz-fuzzer
16371 427920 85085 0 3 0x4000082 kqread syz-fuzzer
16371 359071 85085 0 3 0x4000082 thrsleep syz-fuzzer
16371 23035 85085 0 3 0x4000082 thrsleep syz-fuzzer
85085 475267 57101 0 3 0x10008a pause ksh
57101 46057 28699 0 3 0x92 select sshd
56042 331427 1 0 3 0x100083 ttyin getty
28699 238667 1 0 3 0x80 select sshd
59948 337748 87455 73 3 0x100090 kqread syslogd
87455 199676 1 0 3 0x100082 netio syslogd
43088 454142 1 77 3 0x100090 poll dhclient
2372 260173 1 0 3 0x80 poll dhclient
78186 102103 0 0 2 0x14200 zerothread
43391 387436 0 0 3 0x14200 aiodoned aiodoned
31202 347966 0 0 3 0x14200 syncer update
31562 251260 0 0 3 0x14200 cleaner cleaner
15369 278326 0 0 3 0x14200 reaper reaper
47622 363459 0 0 3 0x14200 pgdaemon pagedaemon
97473 486353 0 0 3 0x14200 bored crynlk
29891 207209 0 0 3 0x14200 bored crypto
1210 108459 0 0 3 0x40014200 acpi0 acpi0
26478 504876 0 0 3 0x14200 bored softnet
19781 37517 0 0 3 0x14200 bored systqmp
81335 129483 0 0 3 0x14200 bored systq
27691 147583 0 0 3 0x40014200 bored softclock
55053 22369 0 0 3 0x40014200 idle0
68927 390354 0 0 3 0x14200 bored smr
1 417915 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9571 6390K 7663K 78643K 22669 0 0
pcb 13 10K 12K 78643K 589 0 0
rtable 85 7K 9K 78643K 2090 0 0
ifaddr 76 15K 18K 78643K 481 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 202 0 0
iov 0 0K 32K 78643K 817 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1217 76K 77K 78643K 6173 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 55 0 0
VM map 17 4K 4K 78643K 28 0 0
sem 12 0K 1K 78643K 589 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 3071 0 0
sigio 0 0K 0K 78643K 43 0 0
proc 49 38K 55K 78643K 1624 0 0
subproc 32 2K 2K 78643K 442 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 235 0 0
in_multi 11 0K 2K 78643K 428 0 0
ether_multi 1 0K 0K 78643K 34 0 0
mrt 0 0K 0K 78643K 33 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 96 424K 424K 78643K 96 0 0
exec 0 0K 1K 78643K 851 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 142 153K 153K 78643K 10048 0 0
UVM aobj 130 4K 4K 78643K 147 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 565 0 0
NDP 20 0K 1K 78643K 163 0 0
temp 226 3544K 4193K 78643K 81211 0 0
kqueue 0 0K 0K 78643K 38 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 81 0 77 1 0 1 1 0
8 0
rtpcb 80 336 0 333 1 0 1 1 0
8 0
rtentry 112 416 0 390 2 0 2 2 0
8 0
unpcb 120 1668 0 1659 2 1 1 2 0
8 0
syncache 264 14 0 14 6 6 0 1 0
8 0
tcpqe 32 87 0 87 2 2 0 1 0
8 0
tcpcb 544 1119 0 1115 8 7 1 2 0
8 0
ipq 40 27 0 27 12 11 1 1 0
8 1
ipqe 40 414 0 414 12 11 1 1 0
8 1
inpcb 280 4857 0 4850 40 38 2 13 0
8 1
rttmr 72 9 0 9 6 6 0 1 0
8 0
ip6q 72 1 0 1 1 1 0 1 0
8 0
nd6 48 57 0 57 4 3 1 1 0
8 1
pkpcb 40 4 0 4 1 1 0 1 0
8 0
swfcl 56 2 0 0 1 0 1 1 0
8 0
ppxss 1128 42 0 42 18 17 1 1 0
8 1
art_heap8 4096 37 0 36 19 18 1 3 0
8 0
art_heap4 256 2015 0 1885 44 31 13 17 0
8 3
art_table 32 2052 0 1921 5 2 3 3 0
8 1
art_node 16 415 0 391 1 0 1 1 0
8 0
sysvmsgpl 40 44 0 29 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 585 0 575 1 0 1 1 0
8 0
shmpl 112 145 0 17 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 6098 0 4705 46 0 46 46 0
8 0
ffsino 240 6098 0 4705 83 0 83 83 0
8 0
nchpl 144 11535 0 11103 60 41 19 60 0
8 0
uvmvnodes 72 7397 0 0 135 0 135 135 0
8 0
vnodes 208 7397 0 0 390 0 390 390 0
8 0
namei 1024 42606 0 42605 4 3 1 1 0
8 0
vcpupl 1984 16 0 1 2 0 2 2 0
8 0
vmpool 520 26 0 11 1 0 1 1 0
8 0
scsiplug 64 5 0 5 3 3 0 1 0
8 0
scxspl 192 44179 0 44177 29 28 1 7 0
8 0
plimitpl 152 281 0 274 1 0 1 1 0
8 0
sigapl 432 3170 0 3157 2 0 2 2 0
8 0
futexpl 56 87751 0 87751 4 3 1 1 0
8 1
knotepl 112 2688 0 2669 5 4 1 2 0
8 0
kqueuepl 104 3586 0 3584 1 0 1 1 0
8 0
pipepl 112 3000 0 2981 11 10 1 2 0
8 0
fdescpl 424 3171 0 3157 2 0 2 2 0
8 0
filepl 120 34351 0 34253 31 27 4 11 0
8 1
lockfpl 104 1101 0 1099 1 0 1 1 0
8 0
lockfspl 48 381 0 379 1 0 1 1 0
8 0
sessionpl 112 41 0 31 1 0 1 1 0
8 0
pgrppl 48 87 0 77 1 0 1 1 0
8 0
ucredpl 96 5886 0 5878 1 0 1 1 0
8 0
zombiepl 144 3157 0 3157 1 0 1 1 0
8 1
processpl 864 3187 0 3157 4 0 4 4 0
8 0
procpl 632 8153 0 8116 19 15 4 5 0
8 0
sosppl 128 27 0 27 9 9 0 1 0
8 0
sockpl 384 7049 0 7030 59 55 4 21 0
8 1
mcl64k 65536 1622 0 1622 148 123 25 33 0 8
25
mcl16k 16384 50 0 50 22 21 1 1 0
8 1
mcl12k 12288 103 0 103 18 18 0 1 0
8 0
mcl9k 9216 45 0 45 22 22 0 1 0
8 0
mcl8k 8192 179 0 179 14 13 1 1 0
8 1
mcl4k 4096 404 0 404 8 7 1 1 0
8 1
mcl2k2 2112 35 0 35 15 15 0 1 0
8 0
mcl2k 2048 72451 0 72402 19 12 7 15 0
8 0
mtagpl 80 150 0 148 8 7 1 1 0
8 0
mbufpl 256 143425 0 143357 124 106 18 26 0
8 8
bufpl 256 19732 0 12336 467 4 463 463 0
8 0
anonpl 16 449514 0 432845 262 175 87 98 0
62 7
amapchunkpl 152 21840 0 21706 87 80 7 17 0
158 0
amappl16 192 19231 0 18209 220 162 58 64 0
8 5
amappl15 184 405 0 403 3 2 1 1 0
8 0
amappl14 176 978 0 974 1 0 1 1 0
8 0
amappl13 168 58 0 58 6 6 0 1 0
8 0
amappl12 160 307 0 304 1 0 1 1 0
8 0
amappl11 152 395 0 384 1 0 1 1 0
8 0
amappl10 144 419 0 416 2 1 1 1 0
8 0
amappl9 136 1402 0 1395 1 0 1 1 0
8 0
amappl8 128 922 0 882 2 0 2 2 0
8 0
amappl7 120 536 0 527 1 0 1 1 0
8 0
amappl6 112 359 0 348 1 0 1 1 0
8 0
amappl5 104 631 0 620 1 0 1 1 0
8 0
amappl4 96 3032 0 3002 1 0 1 1 0
8 0
amappl3 88 1026 0 1018 1 0 1 1 0
8 0
amappl2 80 23340 0 23272 3 1 2 3 0
8 0
amappl1 72 72409 0 72003 26 17 9 20 0
8 0
amappl 80 8778 0 8726 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 146 0 17 3 0 3 3 0
8 0
uaddrrnd 24 3197 0 3157 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 3197 0 3157 1 0 1 1 0
8 0
vmmpekpl 168 28210 0 28180 2 0 2 2 0
8 0
vmmpepl 168 403544 0 401422 431 298 133 138 0 357
32
vmsppl 272 3170 0 3157 8 7 1 2 0
8 0
pdppl 4096 6400 0 6351 9 2 7 7 0
8 0
pvpl 32 1187064 0 1167268 549 346 203 334 0 265
26
pmappl 200 3196 0 3168 2 0 2 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 982 0 356 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 19120e8f Fix db_stack_dump() w/ custom addr & implement db..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13d7276f600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=17937fddcfc9aedfe5b0
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+17937f...@syzkaller.appspotmail.com
panic: Data modified on freelist: word 5 of object 0xffff800000b9da00 size
0xc0 previous type devbuf (0xd != 0xdeafbead)
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*321221 26071 0 0 0x4000000 0 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(c0,2,1) at malloc+0xa23 sys/kern/kern_malloc.c:331
ifq_init(ffff800000b3c260,ffff800000b3c000,0) at ifq_init+0x6f priq_alloc
sys/net/ifq.c:671 [inline]
ifq_init(ffff800000b3c260,ffff800000b3c000,0) at ifq_init+0x6f
sys/net/ifq.c:202
if_attach_common(ffff800000b3c000) at if_attach_common+0xaf sys/net/if.c:617
if_attach(ffff800000b3c000) at if_attach+0x19 sys/net/if.c:540
tun_create(ffffffff824f9dd0,d9,800) at tun_create+0x1d3 sys/net/if_tun.c:241
if_clone_create(ffff800017b5cb00,0) at if_clone_create+0xa0
sys/net/if.c:1221
tapopen(5dd9,1,2000,ffff8000ffff29f8) at tapopen+0xd1 sys/net/if_tun.c:342
spec_open(ffff800017b5cbe8) at spec_open+0x3ea sys/kern/spec_vnops.c:158
VOP_OPEN(fffffd802f4aeaa8,1,fffffd803f7c6780,ffff8000ffff29f8) at
VOP_OPEN+0x6a sys/kern/vfs_vops.c:154
vn_open(ffff800017b5ce38,201,80) at vn_open+0x4eb sys/kern/vfs_vnops.c:186
doopenat(ffff8000ffff29f8,ffffff9c,200001c0,200,80,ffff800017b5d030) at
doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff800017b5d0b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
end trace frame: 0xffff800017b5d130, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
Data modified on freelist: word 5 of object 0xffff800000b9da00 size 0xc0
previous type devbuf (0xd != 0xdeafbead)
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(c0,2,1) at malloc+0xa23 sys/kern/kern_malloc.c:331
ifq_init(ffff800000b3c260,ffff800000b3c000,0) at ifq_init+0x6f priq_alloc
sys/net/ifq.c:671 [inline]
ifq_init(ffff800000b3c260,ffff800000b3c000,0) at ifq_init+0x6f
sys/net/ifq.c:202
if_attach_common(ffff800000b3c000) at if_attach_common+0xaf sys/net/if.c:617
if_attach(ffff800000b3c000) at if_attach+0x19 sys/net/if.c:540
tun_create(ffffffff824f9dd0,d9,800) at tun_create+0x1d3 sys/net/if_tun.c:241
if_clone_create(ffff800017b5cb00,0) at if_clone_create+0xa0
sys/net/if.c:1221
tapopen(5dd9,1,2000,ffff8000ffff29f8) at tapopen+0xd1 sys/net/if_tun.c:342
spec_open(ffff800017b5cbe8) at spec_open+0x3ea sys/kern/spec_vnops.c:158
VOP_OPEN(fffffd802f4aeaa8,1,fffffd803f7c6780,ffff8000ffff29f8) at
VOP_OPEN+0x6a sys/kern/vfs_vops.c:154
vn_open(ffff800017b5ce38,201,80) at vn_open+0x4eb sys/kern/vfs_vnops.c:186
doopenat(ffff8000ffff29f8,ffffff9c,200001c0,200,80,ffff800017b5d030) at
doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff800017b5d0b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(0,0,ffffffffffffffa0,0,3,ac1f3c39010) at Xsyscall+0x128
end of kernel
end trace frame: 0xac408ce53d0, count: -15
ddb> show registers
rdi 0xffffffff81e06467 db_enter+0x17
rsi 0x43e6 __ALIGN_SIZE+0x33e6
rbp 0xffff800017b5c7f0
rbx 0xffff800017b5c8a0
rdx 0x43e7 __ALIGN_SIZE+0x33e7
rcx 0xffff800014919000
rax 0xffff800014919000
r8 0xffff800017b5c7b0
r9 0x1
r10 0xffff800000a56b00
r11 0x205e44f73dfc1e16
r12 0x3000000008
r13 0xffff800017b5c800
r14 0x100
r15 0x1
rip 0xffffffff81e06468 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800017b5c7e0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.1) pid=321221 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=80, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff2780,0xffffffff825a3380
process=0xffff8000148a2d98 user=0xffff800017b58000,
vmspace=0xfffffd803f013440
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
26071 348508 8367 0 2 0 syz-executor.1
*26071 321221 8367 0 7 0x4000000 syz-executor.1
33077 439238 16371 0 3 0x2 biowait syz-executor.0
8367 156333 16371 0 3 0x82 nanosleep syz-executor.1
35062 11272 0 0 3 0x14200 acct acct
21605 66056 0 0 3 0x14200 bored sosplice
16371 493359 85085 0 3 0x82 thrsleep syz-fuzzer
16371 341247 85085 0 3 0x4000082 nanosleep syz-fuzzer
16371 63339 85085 0 3 0x4000082 thrsleep syz-fuzzer
16371 84711 85085 0 3 0x4000082 thrsleep syz-fuzzer
16371 427920 85085 0 3 0x4000082 kqread syz-fuzzer
16371 359071 85085 0 3 0x4000082 thrsleep syz-fuzzer
16371 23035 85085 0 3 0x4000082 thrsleep syz-fuzzer
85085 475267 57101 0 3 0x10008a pause ksh
57101 46057 28699 0 3 0x92 select sshd
56042 331427 1 0 3 0x100083 ttyin getty
28699 238667 1 0 3 0x80 select sshd
59948 337748 87455 73 3 0x100090 kqread syslogd
87455 199676 1 0 3 0x100082 netio syslogd
43088 454142 1 77 3 0x100090 poll dhclient
2372 260173 1 0 3 0x80 poll dhclient
78186 102103 0 0 2 0x14200 zerothread
43391 387436 0 0 3 0x14200 aiodoned aiodoned
31202 347966 0 0 3 0x14200 syncer update
31562 251260 0 0 3 0x14200 cleaner cleaner
15369 278326 0 0 3 0x14200 reaper reaper
47622 363459 0 0 3 0x14200 pgdaemon pagedaemon
97473 486353 0 0 3 0x14200 bored crynlk
29891 207209 0 0 3 0x14200 bored crypto
1210 108459 0 0 3 0x40014200 acpi0 acpi0
26478 504876 0 0 3 0x14200 bored softnet
19781 37517 0 0 3 0x14200 bored systqmp
81335 129483 0 0 3 0x14200 bored systq
27691 147583 0 0 3 0x40014200 bored softclock
55053 22369 0 0 3 0x40014200 idle0
68927 390354 0 0 3 0x14200 bored smr
1 417915 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9571 6390K 7663K 78643K 22669 0 0
pcb 13 10K 12K 78643K 589 0 0
rtable 85 7K 9K 78643K 2090 0 0
ifaddr 76 15K 18K 78643K 481 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 202 0 0
iov 0 0K 32K 78643K 817 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1217 76K 77K 78643K 6173 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 55 0 0
VM map 17 4K 4K 78643K 28 0 0
sem 12 0K 1K 78643K 589 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 3071 0 0
sigio 0 0K 0K 78643K 43 0 0
proc 49 38K 55K 78643K 1624 0 0
subproc 32 2K 2K 78643K 442 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 235 0 0
in_multi 11 0K 2K 78643K 428 0 0
ether_multi 1 0K 0K 78643K 34 0 0
mrt 0 0K 0K 78643K 33 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 96 424K 424K 78643K 96 0 0
exec 0 0K 1K 78643K 851 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 142 153K 153K 78643K 10048 0 0
UVM aobj 130 4K 4K 78643K 147 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 565 0 0
NDP 20 0K 1K 78643K 163 0 0
temp 226 3544K 4193K 78643K 81211 0 0
kqueue 0 0K 0K 78643K 38 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 81 0 77 1 0 1 1 0
8 0
rtpcb 80 336 0 333 1 0 1 1 0
8 0
rtentry 112 416 0 390 2 0 2 2 0
8 0
unpcb 120 1668 0 1659 2 1 1 2 0
8 0
syncache 264 14 0 14 6 6 0 1 0
8 0
tcpqe 32 87 0 87 2 2 0 1 0
8 0
tcpcb 544 1119 0 1115 8 7 1 2 0
8 0
ipq 40 27 0 27 12 11 1 1 0
8 1
ipqe 40 414 0 414 12 11 1 1 0
8 1
inpcb 280 4857 0 4850 40 38 2 13 0
8 1
rttmr 72 9 0 9 6 6 0 1 0
8 0
ip6q 72 1 0 1 1 1 0 1 0
8 0
nd6 48 57 0 57 4 3 1 1 0
8 1
pkpcb 40 4 0 4 1 1 0 1 0
8 0
swfcl 56 2 0 0 1 0 1 1 0
8 0
ppxss 1128 42 0 42 18 17 1 1 0
8 1
art_heap8 4096 37 0 36 19 18 1 3 0
8 0
art_heap4 256 2015 0 1885 44 31 13 17 0
8 3
art_table 32 2052 0 1921 5 2 3 3 0
8 1
art_node 16 415 0 391 1 0 1 1 0
8 0
sysvmsgpl 40 44 0 29 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 585 0 575 1 0 1 1 0
8 0
shmpl 112 145 0 17 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 6098 0 4705 46 0 46 46 0
8 0
ffsino 240 6098 0 4705 83 0 83 83 0
8 0
nchpl 144 11535 0 11103 60 41 19 60 0
8 0
uvmvnodes 72 7397 0 0 135 0 135 135 0
8 0
vnodes 208 7397 0 0 390 0 390 390 0
8 0
namei 1024 42606 0 42605 4 3 1 1 0
8 0
vcpupl 1984 16 0 1 2 0 2 2 0
8 0
vmpool 520 26 0 11 1 0 1 1 0
8 0
scsiplug 64 5 0 5 3 3 0 1 0
8 0
scxspl 192 44179 0 44177 29 28 1 7 0
8 0
plimitpl 152 281 0 274 1 0 1 1 0
8 0
sigapl 432 3170 0 3157 2 0 2 2 0
8 0
futexpl 56 87751 0 87751 4 3 1 1 0
8 1
knotepl 112 2688 0 2669 5 4 1 2 0
8 0
kqueuepl 104 3586 0 3584 1 0 1 1 0
8 0
pipepl 112 3000 0 2981 11 10 1 2 0
8 0
fdescpl 424 3171 0 3157 2 0 2 2 0
8 0
filepl 120 34351 0 34253 31 27 4 11 0
8 1
lockfpl 104 1101 0 1099 1 0 1 1 0
8 0
lockfspl 48 381 0 379 1 0 1 1 0
8 0
sessionpl 112 41 0 31 1 0 1 1 0
8 0
pgrppl 48 87 0 77 1 0 1 1 0
8 0
ucredpl 96 5886 0 5878 1 0 1 1 0
8 0
zombiepl 144 3157 0 3157 1 0 1 1 0
8 1
processpl 864 3187 0 3157 4 0 4 4 0
8 0
procpl 632 8153 0 8116 19 15 4 5 0
8 0
sosppl 128 27 0 27 9 9 0 1 0
8 0
sockpl 384 7049 0 7030 59 55 4 21 0
8 1
mcl64k 65536 1622 0 1622 148 123 25 33 0 8
25
mcl16k 16384 50 0 50 22 21 1 1 0
8 1
mcl12k 12288 103 0 103 18 18 0 1 0
8 0
mcl9k 9216 45 0 45 22 22 0 1 0
8 0
mcl8k 8192 179 0 179 14 13 1 1 0
8 1
mcl4k 4096 404 0 404 8 7 1 1 0
8 1
mcl2k2 2112 35 0 35 15 15 0 1 0
8 0
mcl2k 2048 72451 0 72402 19 12 7 15 0
8 0
mtagpl 80 150 0 148 8 7 1 1 0
8 0
mbufpl 256 143425 0 143357 124 106 18 26 0
8 8
bufpl 256 19732 0 12336 467 4 463 463 0
8 0
anonpl 16 449514 0 432845 262 175 87 98 0
62 7
amapchunkpl 152 21840 0 21706 87 80 7 17 0
158 0
amappl16 192 19231 0 18209 220 162 58 64 0
8 5
amappl15 184 405 0 403 3 2 1 1 0
8 0
amappl14 176 978 0 974 1 0 1 1 0
8 0
amappl13 168 58 0 58 6 6 0 1 0
8 0
amappl12 160 307 0 304 1 0 1 1 0
8 0
amappl11 152 395 0 384 1 0 1 1 0
8 0
amappl10 144 419 0 416 2 1 1 1 0
8 0
amappl9 136 1402 0 1395 1 0 1 1 0
8 0
amappl8 128 922 0 882 2 0 2 2 0
8 0
amappl7 120 536 0 527 1 0 1 1 0
8 0
amappl6 112 359 0 348 1 0 1 1 0
8 0
amappl5 104 631 0 620 1 0 1 1 0
8 0
amappl4 96 3032 0 3002 1 0 1 1 0
8 0
amappl3 88 1026 0 1018 1 0 1 1 0
8 0
amappl2 80 23340 0 23272 3 1 2 3 0
8 0
amappl1 72 72409 0 72003 26 17 9 20 0
8 0
amappl 80 8778 0 8726 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 146 0 17 3 0 3 3 0
8 0
uaddrrnd 24 3197 0 3157 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 3197 0 3157 1 0 1 1 0
8 0
vmmpekpl 168 28210 0 28180 2 0 2 2 0
8 0
vmmpepl 168 403544 0 401422 431 298 133 138 0 357
32
vmsppl 272 3170 0 3157 8 7 1 2 0
8 0
pdppl 4096 6400 0 6351 9 2 7 7 0
8 0
pvpl 32 1187064 0 1167268 549 346 203 334 0 265
26
pmappl 200 3196 0 3168 2 0 2 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 982 0 356 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Oct 15, 2019, 10:18:08 PM10/15/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 19120e8f Fix db_stack_dump() w/ custom addr & implement db..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13e1bc27600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+17937f...@syzkaller.appspotmail.com
panic: Data modified on freelist: word 5 of object 0xffff8000006a0800 size
0x100 previous type devbuf (0xd != 0xdeadbeef)
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 59837 74774 0 0 0x4000000 0 syz-executor.0
bpfopen(31700,1,2000,ffff8000ffff9b30) at bpfopen+0xb5 sys/net/bpf.c:360
spec_open_clone(ffff80001492e488) at spec_open_clone+0x241
sys/kern/spec_vnops.c:737
spec_open(ffff80001492e488) at spec_open+0x40e
VOP_OPEN(fffffd8036cdf9c0,1,fffffd803f7c6a80,ffff8000ffff9b30) at
VOP_OPEN+0x6a sys/kern/vfs_vops.c:154
vn_open(ffff80001492e6d8,1,0) at vn_open+0x4eb sys/kern/vfs_vnops.c:186
doopenat(ffff8000ffff9b30,ffffff9c,20000040,0,0,ffff80001492e8d0) at
doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff80001492e950) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff9f,0,3,9109ce6b0e0) at Xsyscall+0x128
end of kernel
end trace frame: 0x9138cff6760, count: 4
previous type devbuf (0xd != 0xdeadbeef)
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(100,2,a) at malloc+0xa23 sys/kern/kern_malloc.c:331
bpfopen(31700,1,2000,ffff8000ffff9b30) at bpfopen+0xb5 sys/net/bpf.c:360
spec_open_clone(ffff80001492e488) at spec_open_clone+0x241
sys/kern/spec_vnops.c:737
spec_open(ffff80001492e488) at spec_open+0x40e
VOP_OPEN(fffffd8036cdf9c0,1,fffffd803f7c6a80,ffff8000ffff9b30) at
VOP_OPEN+0x6a sys/kern/vfs_vops.c:154
vn_open(ffff80001492e6d8,1,0) at vn_open+0x4eb sys/kern/vfs_vnops.c:186
doopenat(ffff8000ffff9b30,ffffff9c,20000040,0,0,ffff80001492e8d0) at
doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff80001492e950) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff9f,0,3,9109ce6b0e0) at Xsyscall+0x128
end of kernel
end trace frame: 0x9138cff6760, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001492e190
rbx 0xffff80001492e240
rdx 0x2
rcx 0x1
rax 0x1
r8 0xffff80001492e150
r9 0x1
r10 0x68fee372fa5059eb
r11 0xd7948a21fed90169
r12 0x3000000008
r13 0xffff80001492e1a0
flags process=0 proc=4000000<THREAD>
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff8280,0xffffffff825a3380
process=0xffff8000148a2a38 user=0xffff800014929000,
vmspace=0xfffffd803f013220
estcpu=0, cpticks=1, pctcpu=0.0
74774 364052 71350 0 3 0x4000080 kqread syz-executor.0
*74774 59837 71350 0 7 0x4000000 syz-executor.0
71350 432615 58181 0 3 0x82 nanosleep syz-executor.0
58181 107879 79415 0 3 0x82 thrsleep syz-execprog
58181 408205 79415 0 3 0x4000082 thrsleep syz-execprog
58181 318950 79415 0 3 0x4000082 thrsleep syz-execprog
58181 515634 79415 0 3 0x4000082 thrsleep syz-execprog
58181 118833 79415 0 3 0x4000082 kqread syz-execprog
58181 137448 79415 0 3 0x4000082 thrsleep syz-execprog
58181 207775 79415 0 3 0x4000082 thrsleep syz-execprog
79415 434467 94238 0 3 0x10008a pause ksh
94238 349845 22467 0 3 0x92 select sshd
69932 210780 1 0 3 0x100083 ttyin getty
22467 520649 1 0 3 0x80 select sshd
39619 304039 33582 73 3 0x100090 kqread syslogd
33582 225303 1 0 3 0x100082 netio syslogd
95483 59277 1 77 3 0x100090 poll dhclient
33519 450344 1 0 3 0x80 poll dhclient
58110 337863 0 0 3 0x14200 pgzero zerothread
69464 83862 0 0 3 0x14200 aiodoned aiodoned
18763 300936 0 0 3 0x14200 syncer update
28978 213169 0 0 3 0x14200 cleaner cleaner
19973 405275 0 0 3 0x14200 reaper reaper
61023 256917 0 0 3 0x14200 pgdaemon pagedaemon
59024 253562 0 0 3 0x14200 bored crynlk
59140 166191 0 0 3 0x14200 bored crypto
24476 339532 0 0 3 0x40014200 acpi0 acpi0
41052 497423 0 0 3 0x14200 bored softnet
53623 60821 0 0 3 0x14200 bored systqmp
50366 392816 0 0 3 0x14200 bored systq
53369 249905 0 0 3 0x40014200 bored softclock
6619 438447 0 0 3 0x40014200 idle0
68335 297882 0 0 3 0x14200 bored smr
1 297069 0 0 3 0x82 wait init
HEAD commit: 19120e8f Fix db_stack_dump() w/ custom addr & implement db..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=17937fddcfc9aedfe5b0
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17c71173600000
dashboard link: https://syzkaller.appspot.com/bug?extid=17937fddcfc9aedfe5b0
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+17937f...@syzkaller.appspotmail.com
0x100 previous type devbuf (0xd != 0xdeadbeef)
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(100,2,a) at malloc+0xa23 sys/kern/kern_malloc.c:331
panic() at panic+0x15c sys/kern/subr_prf.c:207
bpfopen(31700,1,2000,ffff8000ffff9b30) at bpfopen+0xb5 sys/net/bpf.c:360
spec_open_clone(ffff80001492e488) at spec_open_clone+0x241
sys/kern/spec_vnops.c:737
spec_open(ffff80001492e488) at spec_open+0x40e
VOP_OPEN(fffffd8036cdf9c0,1,fffffd803f7c6a80,ffff8000ffff9b30) at
VOP_OPEN+0x6a sys/kern/vfs_vops.c:154
vn_open(ffff80001492e6d8,1,0) at vn_open+0x4eb sys/kern/vfs_vnops.c:186
doopenat(ffff8000ffff9b30,ffffff9c,20000040,0,0,ffff80001492e8d0) at
doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff80001492e950) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff9f,0,3,9109ce6b0e0) at Xsyscall+0x128
end of kernel
end trace frame: 0x9138cff6760, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
Data modified on freelist: word 5 of object 0xffff8000006a0800 size 0x100
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
previous type devbuf (0xd != 0xdeadbeef)
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
bpfopen(31700,1,2000,ffff8000ffff9b30) at bpfopen+0xb5 sys/net/bpf.c:360
spec_open_clone(ffff80001492e488) at spec_open_clone+0x241
sys/kern/spec_vnops.c:737
spec_open(ffff80001492e488) at spec_open+0x40e
VOP_OPEN(fffffd8036cdf9c0,1,fffffd803f7c6a80,ffff8000ffff9b30) at
VOP_OPEN+0x6a sys/kern/vfs_vops.c:154
vn_open(ffff80001492e6d8,1,0) at vn_open+0x4eb sys/kern/vfs_vnops.c:186
doopenat(ffff8000ffff9b30,ffffff9c,20000040,0,0,ffff80001492e8d0) at
doopenat+0x28b sys/kern/vfs_syscalls.c:1157
syscall(ffff80001492e950) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff9f,0,3,9109ce6b0e0) at Xsyscall+0x128
end of kernel
end trace frame: 0x9138cff6760, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001492e190
rbx 0xffff80001492e240
rdx 0x2
rcx 0x1
rax 0x1
r8 0xffff80001492e150
r9 0x1
r10 0x68fee372fa5059eb
r11 0xd7948a21fed90169
r12 0x3000000008
r13 0xffff80001492e1a0
r14 0x100
r15 0x1
rip 0xffffffff81e06468 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001492e180
r15 0x1
rip 0xffffffff81e06468 db_enter+0x18
cs 0x8
rflags 0x246
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=59837 stat=onproc
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
flags process=0 proc=4000000<THREAD>
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff8280,0xffffffff825a3380
process=0xffff8000148a2a38 user=0xffff800014929000,
vmspace=0xfffffd803f013220
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
74774 222767 71350 0 2 0 syz-executor.0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
74774 364052 71350 0 3 0x4000080 kqread syz-executor.0
*74774 59837 71350 0 7 0x4000000 syz-executor.0
71350 432615 58181 0 3 0x82 nanosleep syz-executor.0
58181 107879 79415 0 3 0x82 thrsleep syz-execprog
58181 408205 79415 0 3 0x4000082 thrsleep syz-execprog
58181 318950 79415 0 3 0x4000082 thrsleep syz-execprog
58181 515634 79415 0 3 0x4000082 thrsleep syz-execprog
58181 118833 79415 0 3 0x4000082 kqread syz-execprog
58181 137448 79415 0 3 0x4000082 thrsleep syz-execprog
58181 207775 79415 0 3 0x4000082 thrsleep syz-execprog
79415 434467 94238 0 3 0x10008a pause ksh
94238 349845 22467 0 3 0x92 select sshd
69932 210780 1 0 3 0x100083 ttyin getty
22467 520649 1 0 3 0x80 select sshd
39619 304039 33582 73 3 0x100090 kqread syslogd
33582 225303 1 0 3 0x100082 netio syslogd
95483 59277 1 77 3 0x100090 poll dhclient
33519 450344 1 0 3 0x80 poll dhclient
58110 337863 0 0 3 0x14200 pgzero zerothread
69464 83862 0 0 3 0x14200 aiodoned aiodoned
18763 300936 0 0 3 0x14200 syncer update
28978 213169 0 0 3 0x14200 cleaner cleaner
19973 405275 0 0 3 0x14200 reaper reaper
61023 256917 0 0 3 0x14200 pgdaemon pagedaemon
59024 253562 0 0 3 0x14200 bored crynlk
59140 166191 0 0 3 0x14200 bored crypto
24476 339532 0 0 3 0x40014200 acpi0 acpi0
41052 497423 0 0 3 0x14200 bored softnet
53623 60821 0 0 3 0x14200 bored systqmp
50366 392816 0 0 3 0x14200 bored systq
53369 249905 0 0 3 0x40014200 bored softclock
6619 438447 0 0 3 0x40014200 idle0
68335 297882 0 0 3 0x14200 bored smr
1 297069 0 0 3 0x82 wait init
Anton Lindqvist
Oct 22, 2019, 6:40:24 AM10/22/19
to syzbot, syzkaller-o...@googlegroups.com
#syz fix: put bpfdesc reference counting back, revert change introduced in 1.175 as: BPF: remove redundant reference counting of filedescriptors
Reply all
Reply to author
Forward
0 new messages