pool: free list modified: mbufpl (2)
0 views
Skip to first unread message
syzbot
Sep 11, 2019, 8:57:08 AM9/11/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 067ee7eb Add window_marked_flag, GitHub issue 1887.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14a13149600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=c97ce78c14fc8ef266f9
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c97ce7...@syzkaller.appspotmail.com
panic: pool_do_get: mbufpl free list modified: page 0xfffffd806f0a8000;
item addr 0xfffffd806f0a8300; offset 0x0=0x0 != 0x3c51b1fad6aceb8e
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8263e270,2,ffff800020a1fae8) at pool_do_get+0x439
sys/kern/subr_pool.c:746
pool_get() at pool_get+0xeb sys/kern/subr_pool.c:581
m_clget(0,2,800) at m_clget+0x1c9 m_gethdr sys/kern/uipc_mbuf.c:283 [inline]
m_clget(0,2,800) at m_clget+0x1c9 sys/kern/uipc_mbuf.c:400
vio_populate_rx_mbufs(ffff800000173000) at vio_populate_rx_mbufs+0xf9
vio_add_rx_mbuf sys/dev/pv/if_vio.c:908 [inline]
vio_populate_rx_mbufs(ffff800000173000) at vio_populate_rx_mbufs+0xf9
sys/dev/pv/if_vio.c:951
vio_rx_intr(ffff800000173050) at vio_rx_intr+0x69
intr_handler(ffff800020a1fce0,ffff80000024db00) at intr_handler+0x8f
sys/arch/amd64/amd64/intr.c:529
Xintr_ioapic_edge19_untramp(0,0,1388,0,0,ffff80000001dae0) at
Xintr_ioapic_edge19_untramp+0x19f
acpicpu_idle() at acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187
sched_idle(ffffffff8250aff0) at sched_idle+0x3f7 sys/kern/kern_sched.c:181
end trace frame: 0x0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
pool_do_get: mbufpl free list modified: page 0xfffffd806f0a8000; item addr
0xfffffd806f0a8300; offset 0x0=0x0 != 0x3c51b1fad6aceb8e
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8263e270,2,ffff800020a1fae8) at pool_do_get+0x439
sys/kern/subr_pool.c:746
pool_get() at pool_get+0xeb sys/kern/subr_pool.c:581
m_clget(0,2,800) at m_clget+0x1c9 m_gethdr sys/kern/uipc_mbuf.c:283 [inline]
m_clget(0,2,800) at m_clget+0x1c9 sys/kern/uipc_mbuf.c:400
vio_populate_rx_mbufs(ffff800000173000) at vio_populate_rx_mbufs+0xf9
vio_add_rx_mbuf sys/dev/pv/if_vio.c:908 [inline]
vio_populate_rx_mbufs(ffff800000173000) at vio_populate_rx_mbufs+0xf9
sys/dev/pv/if_vio.c:951
vio_rx_intr(ffff800000173050) at vio_rx_intr+0x69
intr_handler(ffff800020a1fce0,ffff80000024db00) at intr_handler+0x8f
sys/arch/amd64/amd64/intr.c:529
Xintr_ioapic_edge19_untramp(0,0,1388,0,0,ffff80000001dae0) at
Xintr_ioapic_edge19_untramp+0x19f
acpicpu_idle() at acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187
sched_idle(ffffffff8250aff0) at sched_idle+0x3f7 sys/kern/kern_sched.c:181
end trace frame: 0x0, count: -11
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020a1f930
rbx 0xffff800020a1f9e0
rdx 0xffffffff8250aff0 cpu_info_full_primary+0x1ff0
rcx 0xffffffff8250aff0 cpu_info_full_primary+0x1ff0
rax 0xffffffff8250aff0 cpu_info_full_primary+0x1ff0
r8 0xffffffff812fd86f kprintf+0x16f
r9 0x1
r10 0x25
r11 0x2808596715e0214f
r12 0x3000000008
r13 0xffff800020a1f940
r14 0x100
r15 0x1
rip 0xffffffff81c098c8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020a1f920
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (idle0) pid=259617 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
pri=0, usrpri=50, nice=20
forw=0x929fd840932ae0ba, list=0xffff800020a10ed0,0xffff800020a10010
process=0xffff800020a12000 user=0xffff800020a1a000,
vmspace=0xffffffff826421b0
estcpu=0, cpticks=32564, pctcpu=0.0
user=0, sys=0, intr=1
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
59052 88550 31850 0 3 0x80 nanosleep syz-executor.1
59052 217026 31850 0 3 0x4000080 nanosleep syz-executor.1
61302 374682 54076 0 3 0x2 biowait syz-executor.0
31850 200696 54076 0 3 0x82 nanosleep syz-executor.1
2391 30835 0 0 3 0x14200 acct acct
7743 497256 0 0 3 0x14200 bored sosplice
54076 161386 15544 0 3 0x82 nanosleep syz-fuzzer
54076 232349 15544 0 3 0x4000082 nanosleep syz-fuzzer
54076 378014 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 73196 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 424038 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 101839 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 413898 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 29599 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 33186 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 261932 15544 0 3 0x4000082 kqread syz-fuzzer
15544 418443 60379 0 3 0x10008a pause ksh
60379 491206 97708 0 3 0x92 select sshd
8406 346672 1 0 3 0x100083 ttyin getty
97708 513486 1 0 3 0x80 select sshd
936 401878 7317 74 3 0x100092 bpf pflogd
7317 323918 1 0 3 0x80 netio pflogd
91246 386890 14048 73 3 0x100090 kqread syslogd
14048 271083 1 0 3 0x100082 netio syslogd
35197 175237 1 77 3 0x100090 poll dhclient
70491 87713 1 0 3 0x80 poll dhclient
68816 482833 0 0 3 0x14200 pgzero zerothread
56403 300952 0 0 3 0x14200 aiodoned aiodoned
91547 463040 0 0 3 0x14200 syncer update
83017 148780 0 0 3 0x14200 cleaner cleaner
29403 282563 0 0 3 0x14200 reaper reaper
76883 487398 0 0 3 0x14200 pgdaemon pagedaemon
40208 430189 0 0 3 0x14200 bored crynlk
19827 274561 0 0 3 0x14200 bored crypto
6568 184229 0 0 3 0x40014200 acpi0 acpi0
62331 440837 0 0 7 0x40014200 idle1
96781 444379 0 0 2 0x14200 softnet
75554 457579 0 0 3 0x14200 bored systqmp
53674 92529 0 0 3 0x14200 bored systq
47862 497218 0 0 3 0x40014200 bored softclock
*13774 259617 0 0 7 0x40014200 idle0
96142 26931 0 0 3 0x14200 bored smr
1 57591 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex mbufpl r = 0 (0xffffffff8263e280)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pool_get+0xbf sys/kern/subr_pool.c:578
#4 m_clget+0x1c9 m_gethdr sys/kern/uipc_mbuf.c:283 [inline]
#4 m_clget+0x1c9 sys/kern/uipc_mbuf.c:400
#5 vio_populate_rx_mbufs+0xf9 vio_add_rx_mbuf sys/dev/pv/if_vio.c:908
[inline]
#5 vio_populate_rx_mbufs+0xf9 sys/dev/pv/if_vio.c:951
#6 vio_rx_intr+0x69
#7 intr_handler+0x8f sys/arch/amd64/amd64/intr.c:529
#8 Xintr_ioapic_edge19_untramp+0x19f
#9 acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187
#10 sched_idle+0x3f7 sys/kern/kern_sched.c:181
#11 proc_trampoline+0x1c
Process 61302 (syz-executor.0) thread 0xffff800020ab09f8 (374682)
exclusive rrwlock inode r = 0 (0xfffffd8069f12c58)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 rw_enter+0x447 sys/kern/kern_rwlock.c:306
#2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435
#3 ufs_ihashins+0x45 sys/ufs/ufs/ufs_ihash.c:140
#4 ffs_vget+0x13e sys/ufs/ffs/ffs_vfsops.c:1352
#5 ffs_inode_alloc+0x1cf sys/ufs/ffs/ffs_alloc.c:392
#6 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1164
#7 VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:450
#8 domkdirat+0x121 sys/kern/vfs_syscalls.c:2983
#9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#10 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8069f12818)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 rw_enter+0x447 sys/kern/kern_rwlock.c:306
#2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435
#3 VOP_LOCK+0xf0 sys/kern/vfs_vops.c:615
#4 vn_lock+0x81 sys/kern/vfs_vnops.c:562
#5 vfs_lookup+0xe6 sys/kern/vfs_lookup.c:418
#6 namei+0x62c sys/kern/vfs_lookup.c:248
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:2968
#8 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#8 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#9 Xsyscall+0x128
Process 13774 (idle0) thread 0xffff800020a104f0 (259617)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82666ce0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 intr_handler+0x5e sys/arch/amd64/amd64/intr.c:525
#2 Xintr_ioapic_edge19_untramp+0x19f
#3 acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187
#4 sched_idle+0x3f7 sys/kern/kern_sched.c:181
#5 proc_trampoline+0x1c
exclusive mutex mbufpl r = 0 (0xffffffff8263e280)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pool_get+0xbf sys/kern/subr_pool.c:578
#4 m_clget+0x1c9 m_gethdr sys/kern/uipc_mbuf.c:283 [inline]
#4 m_clget+0x1c9 sys/kern/uipc_mbuf.c:400
#5 vio_populate_rx_mbufs+0xf9 vio_add_rx_mbuf sys/dev/pv/if_vio.c:908
[inline]
#5 vio_populate_rx_mbufs+0xf9 sys/dev/pv/if_vio.c:951
#6 vio_rx_intr+0x69
#7 intr_handler+0x8f sys/arch/amd64/amd64/intr.c:529
#8 Xintr_ioapic_edge19_untramp+0x19f
#9 acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187
#10 sched_idle+0x3f7 sys/kern/kern_sched.c:181
#11 proc_trampoline+0x1c
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9594 6837K 7969K 78643K 24145 0 0
pcb 13 8K 8K 78643K 2751 0 0
rtable 110 12K 13K 78643K 2380 0 0
ifaddr 72 18K 20K 78643K 765 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1796 0 0
iov 0 0K 24K 78643K 728 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1216 76K 77K 78643K 7190 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 92 0 0
VM map 2 1K 1K 78643K 19 0 0
sem 12 0K 1K 78643K 1124 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 5 13K 25K 78643K 12436 0 0
sigio 0 0K 0K 78643K 75 0 0
proc 61 63K 95K 78643K 2348 0 0
subproc 32 2K 2K 78643K 493 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 415 0 0
in_multi 35 2K 2K 78643K 732 0 0
ether_multi 1 0K 0K 78643K 137 0 0
mrt 4 0K 0K 78643K 98 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 162 715K 715K 78643K 162 0 0
exec 0 0K 1K 78643K 974 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 169 25K 34K 78643K 36092 0 0
UVM aobj 130 5K 5K 78643K 155 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 5846 0 0
NDP 15 0K 0K 78643K 239 0 0
temp 193 3556K 4195K 78643K 147176 0 0
kqueue 0 0K 0K 78643K 82 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 36 0 31 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 259 0 257 1 0 1 1 0
8 0
rtentry 112 313 0 272 2 0 2 2 0
8 0
unpcb 120 2380 0 2359 7 6 1 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpqe 32 208 0 208 17 17 0 1 0
8 0
tcpcb 544 5041 0 5037 1 0 1 1 0
8 0
inpcb 280 17904 0 17897 20 18 2 2 0
8 1
rttmr 72 21 0 21 6 6 0 1 0
8 0
nd6 48 56 0 52 1 0 1 1 0
8 0
pkpcb 40 24 0 24 7 7 0 1 0
8 0
ppxss 1128 102 0 102 21 21 0 1 0
8 0
pffrag 232 28 0 28 5 5 0 1 0
482 0
pffrnode 88 28 0 28 5 5 0 1 0
8 0
pffrent 40 68 0 68 6 6 0 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 584 0 563 3 2 1 3 0
8 0
pfstkey 112 584 0 563 11 9 2 11 0
8 0
pfstate 328 584 0 563 34 31 3 32 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 1423 0 1209 22 8 14 15 0
8 0
art_table 32 1424 0 1209 2 0 2 2 0
8 0
art_node 16 303 0 266 1 0 1 1 0
8 0
semupl 112 9 0 9 1 1 0 1 0
8 0
semapl 112 1102 0 1092 1 0 1 1 0
8 0
shmpl 112 153 0 25 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 19677 0 18251 47 0 47 47 0
8 0
ffsino 272 19677 0 18251 96 0 96 96 0
8 0
nchpl 144 36123 0 35643 64 40 24 61 0
8 1
uvmvnodes 72 6517 0 0 119 0 119 119 0
8 0
vnodes 208 6517 0 0 343 0 343 343 0
8 0
namei 1024 101640 0 101639 2 1 1 1 0
8 0
percpumem 16 30 0 0 1 0 1 1 0
8 0
vmpool 552 17 0 17 4 4 0 1 0
8 0
scsiplug 64 17 0 17 6 6 0 1 0
8 0
scxspl 192 106691 0 106690 26 24 2 7 0
8 1
plimitpl 152 514 0 506 1 0 1 1 0
8 0
sigapl 432 12556 0 12541 3 1 2 3 0
8 0
futexpl 56 181487 0 181487 1 0 1 1 0
8 1
knotepl 112 4790 0 4771 3 2 1 3 0
8 0
kqueuepl 104 10086 0 10084 2 1 1 2 0
8 0
pipepl 112 19856 0 19837 19 17 2 2 0
8 1
fdescpl 488 12557 0 12541 3 0 3 3 0
8 0
filepl 152 89825 0 89724 42 34 8 9 0
8 4
lockfpl 104 4760 0 4759 1 0 1 1 0
8 0
lockfspl 48 1112 0 1111 1 0 1 1 0
8 0
sessionpl 112 45 0 34 1 0 1 1 0
8 0
pgrppl 48 139 0 128 1 0 1 1 0
8 0
ucredpl 96 8767 0 8755 1 0 1 1 0
8 0
zombiepl 144 12545 0 12545 2 1 1 1 0
8 1
processpl 896 12578 0 12545 4 0 4 4 0
8 0
procpl 632 33107 0 33064 17 12 5 5 0
8 1
srpgc 64 52 0 52 21 20 1 1 0
8 1
sosppl 128 96 0 96 14 14 0 1 0
8 0
sockpl 384 20711 0 20681 38 33 5 8 0
8 1
mcl64k 65536 26 0 0 3 0 3 3 0
8 0
mcl16k 16384 12 0 0 2 0 2 2 0
8 0
mcl12k 12288 25 0 0 2 0 2 2 0
8 0
mcl9k 9216 21 0 0 2 0 2 2 0
8 0
mcl8k 8192 20 0 0 3 1 2 3 0
8 0
mcl4k 4096 49 0 0 5 2 3 3 0
8 0
mcl2k2 2112 15 0 0 1 0 1 1 0
8 0
mcl2k 2048 299 0 0 13 3 10 12 0
8 0
mtagpl 80 35 0 0 1 0 1 1 0
8 0
mbufpl 256 604 0 0 18 4 14 18 0
8 0
mbufpl: pool(0xffffffff8263e270:mbufpl): free list modified: page
0xfffffd806f0a8000; item ordinal 0; addr 0xfffffd806f0a8300 (p
0xfffffd806f4bb000); offset 0x0=0x0
mbufpl: pool(0xffffffff8263e270:mbufpl): page inconsistency: page
0xfffffd806f0a8000; item ordinal 1; addr 0xfffffd80bb7171d8
bufpl 256 43575 0 36527 441 0 441 441 0
8 0
anonpl 16 1803355 0 1797643 232 197 35 52 0
124 0
amapchunkpl 152 109792 0 109702 37 32 5 12 0
158 0
amappl16 192 63588 0 63313 225 209 16 30 0
8 1
amappl15 184 328 0 327 1 0 1 1 0
8 0
amappl14 176 5292 0 5286 2 1 1 1 0
8 0
amappl13 168 2329 0 2329 4 4 0 1 0
8 0
amappl12 160 1060 0 1054 3 2 1 1 0
8 0
amappl11 152 1070 0 1053 1 0 1 1 0
8 0
amappl10 144 1424 0 1417 1 0 1 1 0
8 0
amappl9 136 1783 0 1777 1 0 1 1 0
8 0
amappl8 128 1446 0 1348 5 1 4 4 0
8 0
amappl7 120 1519 0 1511 1 0 1 1 0
8 0
amappl6 112 1041 0 1020 1 0 1 1 0
8 0
amappl5 104 1494 0 1480 1 0 1 1 0
8 0
amappl4 96 12852 0 12810 3 1 2 2 0
8 0
amappl3 88 7718 0 7712 1 0 1 1 0
8 0
amappl2 80 98121 0 98040 4 2 2 3 0
8 0
amappl1 72 244011 0 243577 26 16 10 20 0
8 0
amappl 80 34204 0 34169 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 154 0 25 3 0 3 3 0
8 0
uaddrrnd 24 12574 0 12541 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 12574 0 12541 1 0 1 1 0
8 0
vmmpekpl 168 117217 0 117188 2 0 2 2 0
8 0
vmmpepl 168 1468335 0 1466830 239 161 78 83 0
357 1
vmsppl 368 12556 0 12541 2 0 2 2 0
8 0
pdppl 4096 25155 0 25116 6 0 6 6 0
8 1
pvpl 32 4098329 0 4089339 502 396 106 135 0 265
15
pmappl 232 12573 0 12558 7 6 1 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 622 0 22 18 0 18 18 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 067ee7eb Add window_marked_flag, GitHub issue 1887.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14a13149600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=c97ce78c14fc8ef266f9
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c97ce7...@syzkaller.appspotmail.com
panic: pool_do_get: mbufpl free list modified: page 0xfffffd806f0a8000;
item addr 0xfffffd806f0a8300; offset 0x0=0x0 != 0x3c51b1fad6aceb8e
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8263e270,2,ffff800020a1fae8) at pool_do_get+0x439
sys/kern/subr_pool.c:746
pool_get() at pool_get+0xeb sys/kern/subr_pool.c:581
m_clget(0,2,800) at m_clget+0x1c9 m_gethdr sys/kern/uipc_mbuf.c:283 [inline]
m_clget(0,2,800) at m_clget+0x1c9 sys/kern/uipc_mbuf.c:400
vio_populate_rx_mbufs(ffff800000173000) at vio_populate_rx_mbufs+0xf9
vio_add_rx_mbuf sys/dev/pv/if_vio.c:908 [inline]
vio_populate_rx_mbufs(ffff800000173000) at vio_populate_rx_mbufs+0xf9
sys/dev/pv/if_vio.c:951
vio_rx_intr(ffff800000173050) at vio_rx_intr+0x69
intr_handler(ffff800020a1fce0,ffff80000024db00) at intr_handler+0x8f
sys/arch/amd64/amd64/intr.c:529
Xintr_ioapic_edge19_untramp(0,0,1388,0,0,ffff80000001dae0) at
Xintr_ioapic_edge19_untramp+0x19f
acpicpu_idle() at acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187
sched_idle(ffffffff8250aff0) at sched_idle+0x3f7 sys/kern/kern_sched.c:181
end trace frame: 0x0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
pool_do_get: mbufpl free list modified: page 0xfffffd806f0a8000; item addr
0xfffffd806f0a8300; offset 0x0=0x0 != 0x3c51b1fad6aceb8e
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8263e270,2,ffff800020a1fae8) at pool_do_get+0x439
sys/kern/subr_pool.c:746
pool_get() at pool_get+0xeb sys/kern/subr_pool.c:581
m_clget(0,2,800) at m_clget+0x1c9 m_gethdr sys/kern/uipc_mbuf.c:283 [inline]
m_clget(0,2,800) at m_clget+0x1c9 sys/kern/uipc_mbuf.c:400
vio_populate_rx_mbufs(ffff800000173000) at vio_populate_rx_mbufs+0xf9
vio_add_rx_mbuf sys/dev/pv/if_vio.c:908 [inline]
vio_populate_rx_mbufs(ffff800000173000) at vio_populate_rx_mbufs+0xf9
sys/dev/pv/if_vio.c:951
vio_rx_intr(ffff800000173050) at vio_rx_intr+0x69
intr_handler(ffff800020a1fce0,ffff80000024db00) at intr_handler+0x8f
sys/arch/amd64/amd64/intr.c:529
Xintr_ioapic_edge19_untramp(0,0,1388,0,0,ffff80000001dae0) at
Xintr_ioapic_edge19_untramp+0x19f
acpicpu_idle() at acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187
sched_idle(ffffffff8250aff0) at sched_idle+0x3f7 sys/kern/kern_sched.c:181
end trace frame: 0x0, count: -11
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020a1f930
rbx 0xffff800020a1f9e0
rdx 0xffffffff8250aff0 cpu_info_full_primary+0x1ff0
rcx 0xffffffff8250aff0 cpu_info_full_primary+0x1ff0
rax 0xffffffff8250aff0 cpu_info_full_primary+0x1ff0
r8 0xffffffff812fd86f kprintf+0x16f
r9 0x1
r10 0x25
r11 0x2808596715e0214f
r12 0x3000000008
r13 0xffff800020a1f940
r14 0x100
r15 0x1
rip 0xffffffff81c098c8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020a1f920
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (idle0) pid=259617 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
pri=0, usrpri=50, nice=20
forw=0x929fd840932ae0ba, list=0xffff800020a10ed0,0xffff800020a10010
process=0xffff800020a12000 user=0xffff800020a1a000,
vmspace=0xffffffff826421b0
estcpu=0, cpticks=32564, pctcpu=0.0
user=0, sys=0, intr=1
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
59052 88550 31850 0 3 0x80 nanosleep syz-executor.1
59052 217026 31850 0 3 0x4000080 nanosleep syz-executor.1
61302 374682 54076 0 3 0x2 biowait syz-executor.0
31850 200696 54076 0 3 0x82 nanosleep syz-executor.1
2391 30835 0 0 3 0x14200 acct acct
7743 497256 0 0 3 0x14200 bored sosplice
54076 161386 15544 0 3 0x82 nanosleep syz-fuzzer
54076 232349 15544 0 3 0x4000082 nanosleep syz-fuzzer
54076 378014 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 73196 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 424038 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 101839 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 413898 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 29599 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 33186 15544 0 3 0x4000082 thrsleep syz-fuzzer
54076 261932 15544 0 3 0x4000082 kqread syz-fuzzer
15544 418443 60379 0 3 0x10008a pause ksh
60379 491206 97708 0 3 0x92 select sshd
8406 346672 1 0 3 0x100083 ttyin getty
97708 513486 1 0 3 0x80 select sshd
936 401878 7317 74 3 0x100092 bpf pflogd
7317 323918 1 0 3 0x80 netio pflogd
91246 386890 14048 73 3 0x100090 kqread syslogd
14048 271083 1 0 3 0x100082 netio syslogd
35197 175237 1 77 3 0x100090 poll dhclient
70491 87713 1 0 3 0x80 poll dhclient
68816 482833 0 0 3 0x14200 pgzero zerothread
56403 300952 0 0 3 0x14200 aiodoned aiodoned
91547 463040 0 0 3 0x14200 syncer update
83017 148780 0 0 3 0x14200 cleaner cleaner
29403 282563 0 0 3 0x14200 reaper reaper
76883 487398 0 0 3 0x14200 pgdaemon pagedaemon
40208 430189 0 0 3 0x14200 bored crynlk
19827 274561 0 0 3 0x14200 bored crypto
6568 184229 0 0 3 0x40014200 acpi0 acpi0
62331 440837 0 0 7 0x40014200 idle1
96781 444379 0 0 2 0x14200 softnet
75554 457579 0 0 3 0x14200 bored systqmp
53674 92529 0 0 3 0x14200 bored systq
47862 497218 0 0 3 0x40014200 bored softclock
*13774 259617 0 0 7 0x40014200 idle0
96142 26931 0 0 3 0x14200 bored smr
1 57591 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex mbufpl r = 0 (0xffffffff8263e280)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pool_get+0xbf sys/kern/subr_pool.c:578
#4 m_clget+0x1c9 m_gethdr sys/kern/uipc_mbuf.c:283 [inline]
#4 m_clget+0x1c9 sys/kern/uipc_mbuf.c:400
#5 vio_populate_rx_mbufs+0xf9 vio_add_rx_mbuf sys/dev/pv/if_vio.c:908
[inline]
#5 vio_populate_rx_mbufs+0xf9 sys/dev/pv/if_vio.c:951
#6 vio_rx_intr+0x69
#7 intr_handler+0x8f sys/arch/amd64/amd64/intr.c:529
#8 Xintr_ioapic_edge19_untramp+0x19f
#9 acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187
#10 sched_idle+0x3f7 sys/kern/kern_sched.c:181
#11 proc_trampoline+0x1c
Process 61302 (syz-executor.0) thread 0xffff800020ab09f8 (374682)
exclusive rrwlock inode r = 0 (0xfffffd8069f12c58)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 rw_enter+0x447 sys/kern/kern_rwlock.c:306
#2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435
#3 ufs_ihashins+0x45 sys/ufs/ufs/ufs_ihash.c:140
#4 ffs_vget+0x13e sys/ufs/ffs/ffs_vfsops.c:1352
#5 ffs_inode_alloc+0x1cf sys/ufs/ffs/ffs_alloc.c:392
#6 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1164
#7 VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:450
#8 domkdirat+0x121 sys/kern/vfs_syscalls.c:2983
#9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#10 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8069f12818)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 rw_enter+0x447 sys/kern/kern_rwlock.c:306
#2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435
#3 VOP_LOCK+0xf0 sys/kern/vfs_vops.c:615
#4 vn_lock+0x81 sys/kern/vfs_vnops.c:562
#5 vfs_lookup+0xe6 sys/kern/vfs_lookup.c:418
#6 namei+0x62c sys/kern/vfs_lookup.c:248
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:2968
#8 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#8 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#9 Xsyscall+0x128
Process 13774 (idle0) thread 0xffff800020a104f0 (259617)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82666ce0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 intr_handler+0x5e sys/arch/amd64/amd64/intr.c:525
#2 Xintr_ioapic_edge19_untramp+0x19f
#3 acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187
#4 sched_idle+0x3f7 sys/kern/kern_sched.c:181
#5 proc_trampoline+0x1c
exclusive mutex mbufpl r = 0 (0xffffffff8263e280)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pool_get+0xbf sys/kern/subr_pool.c:578
#4 m_clget+0x1c9 m_gethdr sys/kern/uipc_mbuf.c:283 [inline]
#4 m_clget+0x1c9 sys/kern/uipc_mbuf.c:400
#5 vio_populate_rx_mbufs+0xf9 vio_add_rx_mbuf sys/dev/pv/if_vio.c:908
[inline]
#5 vio_populate_rx_mbufs+0xf9 sys/dev/pv/if_vio.c:951
#6 vio_rx_intr+0x69
#7 intr_handler+0x8f sys/arch/amd64/amd64/intr.c:529
#8 Xintr_ioapic_edge19_untramp+0x19f
#9 acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187
#10 sched_idle+0x3f7 sys/kern/kern_sched.c:181
#11 proc_trampoline+0x1c
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9594 6837K 7969K 78643K 24145 0 0
pcb 13 8K 8K 78643K 2751 0 0
rtable 110 12K 13K 78643K 2380 0 0
ifaddr 72 18K 20K 78643K 765 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1796 0 0
iov 0 0K 24K 78643K 728 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1216 76K 77K 78643K 7190 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 92 0 0
VM map 2 1K 1K 78643K 19 0 0
sem 12 0K 1K 78643K 1124 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 5 13K 25K 78643K 12436 0 0
sigio 0 0K 0K 78643K 75 0 0
proc 61 63K 95K 78643K 2348 0 0
subproc 32 2K 2K 78643K 493 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 415 0 0
in_multi 35 2K 2K 78643K 732 0 0
ether_multi 1 0K 0K 78643K 137 0 0
mrt 4 0K 0K 78643K 98 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 162 715K 715K 78643K 162 0 0
exec 0 0K 1K 78643K 974 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 169 25K 34K 78643K 36092 0 0
UVM aobj 130 5K 5K 78643K 155 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 5846 0 0
NDP 15 0K 0K 78643K 239 0 0
temp 193 3556K 4195K 78643K 147176 0 0
kqueue 0 0K 0K 78643K 82 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 36 0 31 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 259 0 257 1 0 1 1 0
8 0
rtentry 112 313 0 272 2 0 2 2 0
8 0
unpcb 120 2380 0 2359 7 6 1 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpqe 32 208 0 208 17 17 0 1 0
8 0
tcpcb 544 5041 0 5037 1 0 1 1 0
8 0
inpcb 280 17904 0 17897 20 18 2 2 0
8 1
rttmr 72 21 0 21 6 6 0 1 0
8 0
nd6 48 56 0 52 1 0 1 1 0
8 0
pkpcb 40 24 0 24 7 7 0 1 0
8 0
ppxss 1128 102 0 102 21 21 0 1 0
8 0
pffrag 232 28 0 28 5 5 0 1 0
482 0
pffrnode 88 28 0 28 5 5 0 1 0
8 0
pffrent 40 68 0 68 6 6 0 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 584 0 563 3 2 1 3 0
8 0
pfstkey 112 584 0 563 11 9 2 11 0
8 0
pfstate 328 584 0 563 34 31 3 32 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 1423 0 1209 22 8 14 15 0
8 0
art_table 32 1424 0 1209 2 0 2 2 0
8 0
art_node 16 303 0 266 1 0 1 1 0
8 0
semupl 112 9 0 9 1 1 0 1 0
8 0
semapl 112 1102 0 1092 1 0 1 1 0
8 0
shmpl 112 153 0 25 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 19677 0 18251 47 0 47 47 0
8 0
ffsino 272 19677 0 18251 96 0 96 96 0
8 0
nchpl 144 36123 0 35643 64 40 24 61 0
8 1
uvmvnodes 72 6517 0 0 119 0 119 119 0
8 0
vnodes 208 6517 0 0 343 0 343 343 0
8 0
namei 1024 101640 0 101639 2 1 1 1 0
8 0
percpumem 16 30 0 0 1 0 1 1 0
8 0
vmpool 552 17 0 17 4 4 0 1 0
8 0
scsiplug 64 17 0 17 6 6 0 1 0
8 0
scxspl 192 106691 0 106690 26 24 2 7 0
8 1
plimitpl 152 514 0 506 1 0 1 1 0
8 0
sigapl 432 12556 0 12541 3 1 2 3 0
8 0
futexpl 56 181487 0 181487 1 0 1 1 0
8 1
knotepl 112 4790 0 4771 3 2 1 3 0
8 0
kqueuepl 104 10086 0 10084 2 1 1 2 0
8 0
pipepl 112 19856 0 19837 19 17 2 2 0
8 1
fdescpl 488 12557 0 12541 3 0 3 3 0
8 0
filepl 152 89825 0 89724 42 34 8 9 0
8 4
lockfpl 104 4760 0 4759 1 0 1 1 0
8 0
lockfspl 48 1112 0 1111 1 0 1 1 0
8 0
sessionpl 112 45 0 34 1 0 1 1 0
8 0
pgrppl 48 139 0 128 1 0 1 1 0
8 0
ucredpl 96 8767 0 8755 1 0 1 1 0
8 0
zombiepl 144 12545 0 12545 2 1 1 1 0
8 1
processpl 896 12578 0 12545 4 0 4 4 0
8 0
procpl 632 33107 0 33064 17 12 5 5 0
8 1
srpgc 64 52 0 52 21 20 1 1 0
8 1
sosppl 128 96 0 96 14 14 0 1 0
8 0
sockpl 384 20711 0 20681 38 33 5 8 0
8 1
mcl64k 65536 26 0 0 3 0 3 3 0
8 0
mcl16k 16384 12 0 0 2 0 2 2 0
8 0
mcl12k 12288 25 0 0 2 0 2 2 0
8 0
mcl9k 9216 21 0 0 2 0 2 2 0
8 0
mcl8k 8192 20 0 0 3 1 2 3 0
8 0
mcl4k 4096 49 0 0 5 2 3 3 0
8 0
mcl2k2 2112 15 0 0 1 0 1 1 0
8 0
mcl2k 2048 299 0 0 13 3 10 12 0
8 0
mtagpl 80 35 0 0 1 0 1 1 0
8 0
mbufpl 256 604 0 0 18 4 14 18 0
8 0
mbufpl: pool(0xffffffff8263e270:mbufpl): free list modified: page
0xfffffd806f0a8000; item ordinal 0; addr 0xfffffd806f0a8300 (p
0xfffffd806f4bb000); offset 0x0=0x0
mbufpl: pool(0xffffffff8263e270:mbufpl): page inconsistency: page
0xfffffd806f0a8000; item ordinal 1; addr 0xfffffd80bb7171d8
bufpl 256 43575 0 36527 441 0 441 441 0
8 0
anonpl 16 1803355 0 1797643 232 197 35 52 0
124 0
amapchunkpl 152 109792 0 109702 37 32 5 12 0
158 0
amappl16 192 63588 0 63313 225 209 16 30 0
8 1
amappl15 184 328 0 327 1 0 1 1 0
8 0
amappl14 176 5292 0 5286 2 1 1 1 0
8 0
amappl13 168 2329 0 2329 4 4 0 1 0
8 0
amappl12 160 1060 0 1054 3 2 1 1 0
8 0
amappl11 152 1070 0 1053 1 0 1 1 0
8 0
amappl10 144 1424 0 1417 1 0 1 1 0
8 0
amappl9 136 1783 0 1777 1 0 1 1 0
8 0
amappl8 128 1446 0 1348 5 1 4 4 0
8 0
amappl7 120 1519 0 1511 1 0 1 1 0
8 0
amappl6 112 1041 0 1020 1 0 1 1 0
8 0
amappl5 104 1494 0 1480 1 0 1 1 0
8 0
amappl4 96 12852 0 12810 3 1 2 2 0
8 0
amappl3 88 7718 0 7712 1 0 1 1 0
8 0
amappl2 80 98121 0 98040 4 2 2 3 0
8 0
amappl1 72 244011 0 243577 26 16 10 20 0
8 0
amappl 80 34204 0 34169 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 154 0 25 3 0 3 3 0
8 0
uaddrrnd 24 12574 0 12541 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 12574 0 12541 1 0 1 1 0
8 0
vmmpekpl 168 117217 0 117188 2 0 2 2 0
8 0
vmmpepl 168 1468335 0 1466830 239 161 78 83 0
357 1
vmsppl 368 12556 0 12541 2 0 2 2 0
8 0
pdppl 4096 25155 0 25116 6 0 6 6 0
8 1
pvpl 32 4098329 0 4089339 502 396 106 135 0 265
15
pmappl 232 12573 0 12558 7 6 1 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 622 0 22 18 0 18 18 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 21, 2019, 9:20:08 AM9/21/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: ea5e035f Add A20 GMAC clocks.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13ba48e5600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=c97ce78c14fc8ef266f9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10f4c275600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c97ce7...@syzkaller.appspotmail.com
panic: pool_do_get: mbufpl free list modified: page 0xfffffd803f02f000;
item addr 0xfffffd803f02f400; offset 0x0=0x0 != 0xecd56dae074cb91d
sys/kern/subr_pool.c:746
pool_get(ffffffff8259b180,2) at pool_get+0xb5 sys/kern/subr_pool.c:581
m_gethdr(2,2) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283
tcp_output(ffff800000a60320) at tcp_output+0x1408
tcp_usrreq(fffffd80363de188,9,fffffd803f02f700,0,0,ffff8000ffff4010) at
tcp_usrreq+0xa54
sosend(fffffd80363de188,0,ffff800014866668,0,0,80) at sosend+0x63d
sys/kern/uipc_socket.c:524
dofilewritev(ffff8000ffff4010,4,ffff800014866668,0,ffff800014866750) at
dofilewritev+0x1ac sys/kern/sys_generic.c:364
sys_write(ffff8000ffff4010,ffff800014866700,ffff800014866750) at
sys_write+0x83 sys/kern/sys_generic.c:284
syscall(ffff8000148667d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,4,1fccbd11616b,4,4,1fcee3efd480) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc1d40, count: 3
ddb> set $maxwidth = 0
ddb> show panic
pool_do_get: mbufpl free list modified: page 0xfffffd803f02f000; item addr
0xfffffd803f02f400; offset 0x0=0x0 != 0xecd56dae074cb91d
ddb> trace
sys/kern/subr_pool.c:746
pool_get(ffffffff8259b180,2) at pool_get+0xb5 sys/kern/subr_pool.c:581
m_gethdr(2,2) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283
tcp_output(ffff800000a60320) at tcp_output+0x1408
tcp_usrreq(fffffd80363de188,9,fffffd803f02f700,0,0,ffff8000ffff4010) at
tcp_usrreq+0xa54
sosend(fffffd80363de188,0,ffff800014866668,0,0,80) at sosend+0x63d
sys/kern/uipc_socket.c:524
dofilewritev(ffff8000ffff4010,4,ffff800014866668,0,ffff800014866750) at
dofilewritev+0x1ac sys/kern/sys_generic.c:364
sys_write(ffff8000ffff4010,ffff800014866700,ffff800014866750) at
sys_write+0x83 sys/kern/sys_generic.c:284
syscall(ffff8000148667d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,4,1fccbd11616b,4,4,1fcee3efd480) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc1d40, count: -12
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800014866070
rbx 0xffff800014866120
rdx 0x2
rcx 0x1
rax 0x1
r8 0xffff800014866030
r9 0x1
r10 0xbfe4e95795d0460
r11 0xbd2676bd8c5b4201
r12 0x3000000008
r13 0xffff800014866080
r14 0x100
r15 0x1
rip 0xffffffff81fe2d68 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800014866060
PROC (sshd) pid=37421 stat=onproc
flags process=12<EXEC,SUGID> proc=0
pri=51, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff58c0,0xffff8000ffff4788
process=0xffff8000148a3458 user=0xffff800014861000,
vmspace=0xfffffd803f013770
estcpu=1, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
94224 436676 34847 0 3 0x82 thrsleep syz-execprog
94224 495514 34847 0 2 0x4000002 syz-execprog
94224 345960 34847 0 3 0x4000082 thrsleep syz-execprog
94224 297277 34847 0 3 0x4000082 thrsleep syz-execprog
94224 515205 34847 0 2 0x4000002 syz-execprog
94224 157678 34847 0 3 0x4000082 thrsleep syz-execprog
94224 297955 34847 0 3 0x4000082 thrsleep syz-execprog
34847 235884 43172 0 3 0x10008a pause ksh
*43172 37421 21585 0 7 0x12 sshd
52191 402993 1 0 3 0x100083 ttyin getty
21585 331441 1 0 3 0x80 select sshd
26966 378227 24805 73 3 0x100090 kqread syslogd
24805 410332 1 0 3 0x100082 netio syslogd
3691 123257 1 77 3 0x100090 poll dhclient
42626 384261 1 0 3 0x80 poll dhclient
87140 150474 0 0 3 0x14200 pgzero zerothread
12261 186032 0 0 3 0x14200 aiodoned aiodoned
90987 400576 0 0 3 0x14200 syncer update
78230 397630 0 0 3 0x14200 cleaner cleaner
52465 367430 0 0 3 0x14200 reaper reaper
41942 32094 0 0 3 0x14200 pgdaemon pagedaemon
38232 378734 0 0 3 0x14200 bored crynlk
57745 395136 0 0 3 0x14200 bored crypto
81651 263905 0 0 3 0x40014200 acpi0 acpi0
84360 412907 0 0 3 0x14200 bored softnet
17536 171861 0 0 3 0x14200 bored systqmp
45421 72601 0 0 3 0x14200 bored systq
51615 397449 0 0 3 0x40014200 bored softclock
26376 264078 0 0 3 0x40014200 idle0
57723 193862 0 0 3 0x14200 bored smr
1 375900 0 0 3 0x82 wait init
No such command
ddb> show malloc
pcb 13 8K 8K 78643K 13 0 0
rtable 77 2K 2K 78643K 155 0 0
ifaddr 28 8K 8K 78643K 1624 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 14 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
file desc 2 4K 12K 78643K 1614 0 0
proc 47 38K 54K 78643K 307 0 0
ether_multi 1 0K 0K 78643K 1 0 0
exec 0 0K 1K 78643K 172 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
temp 39 3517K 3581K 78643K 6252 0 0
8 0
rtpcb 80 17 0 15 1 0 1 1 0
8 0
rtentry 112 34 0 4 1 0 1 1 0
8 0
unpcb 120 27 0 19 1 0 1 1 0
8 0
syncache 264 5 0 5 1 1 0 1 0
8 0
tcpcb 544 8 0 5 1 0 1 1 0
8 0
inpcb 280 1623 0 1617 1 0 1 1 0
8 0
nd6 48 2 0 0 1 0 1 1 0
8 0
8 0
art_table 32 169 0 2 2 0 2 2 0
8 0
art_node 16 33 0 6 1 0 1 1 0
8 0
8 0
ffsino 240 3009 0 1615 83 0 83 83 0
8 1
nchpl 144 4845 0 3242 60 0 60 60 0
8 0
uvmvnodes 72 3018 0 0 55 0 55 55 0
8 0
vnodes 208 3018 0 0 159 0 159 159 0
8 0
namei 1024 10225 0 10225 2 1 1 1 0
8 1
scxspl 192 13725 0 13724 8 7 1 7 0
8 0
plimitpl 152 14 0 8 1 0 1 1 0
8 0
sigapl 432 1793 0 1782 2 0 2 2 0
8 0
knotepl 112 39 0 28 1 0 1 1 0
8 0
kqueuepl 104 2 0 0 1 0 1 1 0
8 0
pipepl 112 138 0 125 2 1 1 1 0
8 0
fdescpl 424 1794 0 1782 2 0 2 2 0
8 0
filepl 120 4170 0 4117 2 0 2 2 0
8 0
lockfpl 104 5 0 4 1 0 1 1 0
8 0
lockfspl 48 3 0 2 1 0 1 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 1782 0 1782 2 1 1 1 0
8 1
processpl 864 1808 0 1782 4 0 4 4 0
8 0
procpl 632 1814 0 1782 3 0 3 3 0
8 0
sockpl 384 1667 0 1651 2 0 2 2 0
8 0
mcl4k 4096 10 0 10 1 1 0 1 0
8 0
mcl2k 2048 5481 0 5448 8 3 5 8 0
8 0
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 12707 0 12647 8 3 5 6 0
8 0
mbufpl: pool(0xffffffff8259b180:mbufpl): free list modified: page
0xfffffd803f02f000; item ordinal 0; addr 0xfffffd803f02f400 (p
0xfffffd803f7cc000); offset 0x0=0x0
bufpl 256 7381 0 2922 279 0 279 279 0
8 0
anonpl 16 62484 0 60081 17 7 10 13 0
62 0
amapchunkpl 152 2474 0 2415 5 2 3 5 0
158 0
amappl16 192 6617 0 6529 5 0 5 5 0
8 0
amappl15 184 1 0 0 1 0 1 1 0
8 0
amappl14 176 21 0 19 2 1 1 1 0
8 0
amappl13 168 1598 0 1597 1 0 1 1 0
8 0
amappl12 160 8 0 6 1 0 1 1 0
8 0
amappl11 152 43 0 32 1 0 1 1 0
8 0
amappl10 144 11 0 9 2 1 1 1 0
8 0
amappl9 136 427 0 421 1 0 1 1 0
8 0
amappl8 128 116 0 107 1 0 1 1 0
8 0
amappl7 120 30 0 26 1 0 1 1 0
8 0
amappl6 112 71 0 64 1 0 1 1 0
8 0
amappl5 104 122 0 113 1 0 1 1 0
8 0
amappl4 96 3619 0 3592 1 0 1 1 0
8 0
amappl3 88 117 0 112 1 0 1 1 0
8 0
amappl2 80 4037 0 3984 4 2 2 3 0
8 0
amappl1 72 26102 0 25716 27 18 9 20 0
8 0
amappl 80 2028 0 2003 1 0 1 1 0
8 0
uaddrrnd 24 1794 0 1782 1 0 1 1 0
8 0
vmmpekpl 168 9375 0 9360 1 0 1 1 0
8 0
vmmpepl 168 99110 0 98215 89 39 50 77 0 357
10
vmsppl 272 1793 0 1782 1 0 1 1 0
8 0
pdppl 4096 3594 0 3564 5 0 5 5 0
8 0
pvpl 32 269188 0 264457 115 30 85 112 0 265
46
pmappl 200 1793 0 1782 1 0 1 1 0
8 0
8 0
HEAD commit: ea5e035f Add A20 GMAC clocks.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13ba48e5600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=c97ce78c14fc8ef266f9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10f4c275600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c97ce7...@syzkaller.appspotmail.com
item addr 0xfffffd803f02f400; offset 0x0=0x0 != 0xecd56dae074cb91d
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 37421 43172 0 0x12 0 0 sshd
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8259b180,2,ffff800014866208) at pool_do_get+0x42a
panic() at panic+0x15c sys/kern/subr_prf.c:207
sys/kern/subr_pool.c:746
pool_get(ffffffff8259b180,2) at pool_get+0xb5 sys/kern/subr_pool.c:581
m_gethdr(2,2) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283
tcp_output(ffff800000a60320) at tcp_output+0x1408
tcp_usrreq(fffffd80363de188,9,fffffd803f02f700,0,0,ffff8000ffff4010) at
tcp_usrreq+0xa54
sosend(fffffd80363de188,0,ffff800014866668,0,0,80) at sosend+0x63d
sys/kern/uipc_socket.c:524
dofilewritev(ffff8000ffff4010,4,ffff800014866668,0,ffff800014866750) at
dofilewritev+0x1ac sys/kern/sys_generic.c:364
sys_write(ffff8000ffff4010,ffff800014866700,ffff800014866750) at
sys_write+0x83 sys/kern/sys_generic.c:284
syscall(ffff8000148667d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,4,1fccbd11616b,4,4,1fcee3efd480) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc1d40, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $maxwidth = 0
ddb> show panic
pool_do_get: mbufpl free list modified: page 0xfffffd803f02f000; item addr
0xfffffd803f02f400; offset 0x0=0x0 != 0xecd56dae074cb91d
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8259b180,2,ffff800014866208) at pool_do_get+0x42a
panic() at panic+0x15c sys/kern/subr_prf.c:207
sys/kern/subr_pool.c:746
pool_get(ffffffff8259b180,2) at pool_get+0xb5 sys/kern/subr_pool.c:581
m_gethdr(2,2) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283
tcp_output(ffff800000a60320) at tcp_output+0x1408
tcp_usrreq(fffffd80363de188,9,fffffd803f02f700,0,0,ffff8000ffff4010) at
tcp_usrreq+0xa54
sosend(fffffd80363de188,0,ffff800014866668,0,0,80) at sosend+0x63d
sys/kern/uipc_socket.c:524
dofilewritev(ffff8000ffff4010,4,ffff800014866668,0,ffff800014866750) at
dofilewritev+0x1ac sys/kern/sys_generic.c:364
sys_write(ffff8000ffff4010,ffff800014866700,ffff800014866750) at
sys_write+0x83 sys/kern/sys_generic.c:284
syscall(ffff8000148667d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,4,1fccbd11616b,4,4,1fcee3efd480) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc1d40, count: -12
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800014866070
rbx 0xffff800014866120
rdx 0x2
rcx 0x1
rax 0x1
r8 0xffff800014866030
r9 0x1
r10 0xbfe4e95795d0460
r11 0xbd2676bd8c5b4201
r12 0x3000000008
r13 0xffff800014866080
r14 0x100
r15 0x1
rip 0xffffffff81fe2d68 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800014866060
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
db_enter+0x18: addq $0x8,%rsp
PROC (sshd) pid=37421 stat=onproc
flags process=12<EXEC,SUGID> proc=0
pri=51, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff58c0,0xffff8000ffff4788
process=0xffff8000148a3458 user=0xffff800014861000,
vmspace=0xfffffd803f013770
estcpu=1, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
45783 49071 94224 0 3 0x2 biowait syz-executor.0
94224 436676 34847 0 3 0x82 thrsleep syz-execprog
94224 495514 34847 0 2 0x4000002 syz-execprog
94224 345960 34847 0 3 0x4000082 thrsleep syz-execprog
94224 297277 34847 0 3 0x4000082 thrsleep syz-execprog
94224 515205 34847 0 2 0x4000002 syz-execprog
94224 157678 34847 0 3 0x4000082 thrsleep syz-execprog
94224 297955 34847 0 3 0x4000082 thrsleep syz-execprog
34847 235884 43172 0 3 0x10008a pause ksh
*43172 37421 21585 0 7 0x12 sshd
52191 402993 1 0 3 0x100083 ttyin getty
21585 331441 1 0 3 0x80 select sshd
26966 378227 24805 73 3 0x100090 kqread syslogd
24805 410332 1 0 3 0x100082 netio syslogd
3691 123257 1 77 3 0x100090 poll dhclient
42626 384261 1 0 3 0x80 poll dhclient
87140 150474 0 0 3 0x14200 pgzero zerothread
12261 186032 0 0 3 0x14200 aiodoned aiodoned
90987 400576 0 0 3 0x14200 syncer update
78230 397630 0 0 3 0x14200 cleaner cleaner
52465 367430 0 0 3 0x14200 reaper reaper
41942 32094 0 0 3 0x14200 pgdaemon pagedaemon
38232 378734 0 0 3 0x14200 bored crynlk
57745 395136 0 0 3 0x14200 bored crypto
81651 263905 0 0 3 0x40014200 acpi0 acpi0
84360 412907 0 0 3 0x14200 bored softnet
17536 171861 0 0 3 0x14200 bored systqmp
45421 72601 0 0 3 0x14200 bored systq
51615 397449 0 0 3 0x40014200 bored softclock
26376 264078 0 0 3 0x40014200 idle0
57723 193862 0 0 3 0x14200 bored smr
1 375900 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9433 6309K 6309K 78643K 10526 0 0
pcb 13 8K 8K 78643K 13 0 0
rtable 77 2K 2K 78643K 155 0 0
ifaddr 28 8K 8K 78643K 1624 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 14 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1180 74K 74K 78643K 1185 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
UFS mount 5 36K 36K 78643K 5 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 2 4K 12K 78643K 1614 0 0
proc 47 38K 54K 78643K 307 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 22 1K 1K 78643K 22 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
exec 0 0K 1K 78643K 172 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 65 11K 11K 78643K 2450 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 4 0K 0K 78643K 6 0 0
crypto data 1 1K 1K 78643K 1 0 0
temp 39 3517K 3581K 78643K 6252 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 4 0 1 1 0 1 1 0
Idle
8 0
rtpcb 80 17 0 15 1 0 1 1 0
8 0
rtentry 112 34 0 4 1 0 1 1 0
8 0
unpcb 120 27 0 19 1 0 1 1 0
8 0
syncache 264 5 0 5 1 1 0 1 0
8 0
tcpcb 544 8 0 5 1 0 1 1 0
8 0
inpcb 280 1623 0 1617 1 0 1 1 0
8 0
nd6 48 2 0 0 1 0 1 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 168 0 2 11 0 11 11 0
8 0
8 0
art_table 32 169 0 2 2 0 2 2 0
8 0
art_node 16 33 0 6 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 3009 0 1615 45 0 45 45 0
8 0
8 0
ffsino 240 3009 0 1615 83 0 83 83 0
8 1
nchpl 144 4845 0 3242 60 0 60 60 0
8 0
uvmvnodes 72 3018 0 0 55 0 55 55 0
8 0
vnodes 208 3018 0 0 159 0 159 159 0
8 0
namei 1024 10225 0 10225 2 1 1 1 0
8 1
scxspl 192 13725 0 13724 8 7 1 7 0
8 0
plimitpl 152 14 0 8 1 0 1 1 0
8 0
sigapl 432 1793 0 1782 2 0 2 2 0
8 0
knotepl 112 39 0 28 1 0 1 1 0
8 0
kqueuepl 104 2 0 0 1 0 1 1 0
8 0
pipepl 112 138 0 125 2 1 1 1 0
8 0
fdescpl 424 1794 0 1782 2 0 2 2 0
8 0
filepl 120 4170 0 4117 2 0 2 2 0
8 0
lockfpl 104 5 0 4 1 0 1 1 0
8 0
lockfspl 48 3 0 2 1 0 1 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 1782 0 1782 2 1 1 1 0
8 1
processpl 864 1808 0 1782 4 0 4 4 0
8 0
procpl 632 1814 0 1782 3 0 3 3 0
8 0
sockpl 384 1667 0 1651 2 0 2 2 0
8 0
mcl4k 4096 10 0 10 1 1 0 1 0
8 0
mcl2k 2048 5481 0 5448 8 3 5 8 0
8 0
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 12707 0 12647 8 3 5 6 0
8 0
mbufpl: pool(0xffffffff8259b180:mbufpl): free list modified: page
0xfffffd803f02f000; item ordinal 0; addr 0xfffffd803f02f400 (p
0xfffffd803f7cc000); offset 0x0=0x0
bufpl 256 7381 0 2922 279 0 279 279 0
8 0
anonpl 16 62484 0 60081 17 7 10 13 0
62 0
amapchunkpl 152 2474 0 2415 5 2 3 5 0
158 0
amappl16 192 6617 0 6529 5 0 5 5 0
8 0
amappl15 184 1 0 0 1 0 1 1 0
8 0
amappl14 176 21 0 19 2 1 1 1 0
8 0
amappl13 168 1598 0 1597 1 0 1 1 0
8 0
amappl12 160 8 0 6 1 0 1 1 0
8 0
amappl11 152 43 0 32 1 0 1 1 0
8 0
amappl10 144 11 0 9 2 1 1 1 0
8 0
amappl9 136 427 0 421 1 0 1 1 0
8 0
amappl8 128 116 0 107 1 0 1 1 0
8 0
amappl7 120 30 0 26 1 0 1 1 0
8 0
amappl6 112 71 0 64 1 0 1 1 0
8 0
amappl5 104 122 0 113 1 0 1 1 0
8 0
amappl4 96 3619 0 3592 1 0 1 1 0
8 0
amappl3 88 117 0 112 1 0 1 1 0
8 0
amappl2 80 4037 0 3984 4 2 2 3 0
8 0
amappl1 72 26102 0 25716 27 18 9 20 0
8 0
amappl 80 2028 0 2003 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
8 0
uaddrrnd 24 1794 0 1782 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 1794 0 1782 1 0 1 1 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
8 0
vmmpekpl 168 9375 0 9360 1 0 1 1 0
8 0
vmmpepl 168 99110 0 98215 89 39 50 77 0 357
10
vmsppl 272 1793 0 1782 1 0 1 1 0
8 0
pdppl 4096 3594 0 3564 5 0 5 5 0
8 0
pvpl 32 269188 0 264457 115 30 85 112 0 265
46
pmappl 200 1793 0 1782 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 405 0 10 12 0 12 12 0
8 0
8 0
Anton Lindqvist
May 8, 2020, 2:40:50 AM5/8/20
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: pool: cpu free list modified: mbufpl
Reply all
Reply to author
Forward
0 new messages