pool: free list modified: pvpl (2)
0 views
Skip to first unread message
syzbot
Oct 22, 2025, 5:18:31 AM (7 days ago) Oct 22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: ebf1dab469cf just skip the test if $PATH or $HOME has whit..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1507d734580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=81751b013a0cca45b174
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4817b2cafde9/disk-ebf1dab4.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/f267c1a2fb8b/bsd-ebf1dab4.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7e5595d0895d/kernel-ebf1dab4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+81751b...@syzkaller.appspotmail.com
panic: pool_do_get: pvpl free list modified: page 0xfffffd806734d000; item addr 0xfffffd806734df00; offset 0x0=0xffffffff83888000 != 0x2c0aa41eab05b81d
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*430541 94738 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8338d4a6) at panic+0x1cf sys/kern/subr_prf.c:198
pool_do_get(ffffffff8394d5a0,2,ffff80002a882548) at pool_do_get+0x574 sys/kern/subr_pool.c:743
pool_get(ffffffff8394d5a0,2) at pool_get+0x11a sys/kern/subr_pool.c:-1
pmap_enter(fffffd8070e03880,200000b98000,63445000,3,22) at pmap_enter+0x1dc sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_lower(ffff80002a882860,ffff80002a882898,ffff80002a8827e0) at uvm_fault_lower+0x7d6 sys/uvm/uvm_fault.c:1520
uvm_fault(fffffd806ec0de68,200000b98000,0,2) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1
kpageflttrap(ffff80002a882a00,200000b98000) at kpageflttrap+0x2d1 sys/arch/amd64/amd64/trap.c:-1
kerntrap(ffff80002a882a00) at kerntrap+0x186 sys/arch/amd64/amd64/trap.c:491
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
mmrw(20c,ffff80002a882eb0,0) at mmrw+0x3d6 sys/arch/amd64/amd64/mem.c:-1
spec_read(ffff80002a882c90) at spec_read+0x142 sys/kern/spec_vnops.c:215
VOP_READ(fffffd806e5c1b38,ffff80002a882eb0,0,fffffd8007bfb8f0) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
end trace frame: 0xffff80002a882d80, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: pool_do_get: pvpl free list modified: page 0xfffffd806734d000; item addr 0xfffffd806734df00; offset 0x0=0xffffffff83888000 != 0x2c0aa41eab05b81d
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8338d4a6) at panic+0x1cf sys/kern/subr_prf.c:198
pool_do_get(ffffffff8394d5a0,2,ffff80002a882548) at pool_do_get+0x574 sys/kern/subr_pool.c:743
pool_get(ffffffff8394d5a0,2) at pool_get+0x11a sys/kern/subr_pool.c:-1
pmap_enter(fffffd8070e03880,200000b98000,63445000,3,22) at pmap_enter+0x1dc sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_lower(ffff80002a882860,ffff80002a882898,ffff80002a8827e0) at uvm_fault_lower+0x7d6 sys/uvm/uvm_fault.c:1520
uvm_fault(fffffd806ec0de68,200000b98000,0,2) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1
kpageflttrap(ffff80002a882a00,200000b98000) at kpageflttrap+0x2d1 sys/arch/amd64/amd64/trap.c:-1
kerntrap(ffff80002a882a00) at kerntrap+0x186 sys/arch/amd64/amd64/trap.c:491
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
mmrw(20c,ffff80002a882eb0,0) at mmrw+0x3d6 sys/arch/amd64/amd64/mem.c:-1
spec_read(ffff80002a882c90) at spec_read+0x142 sys/kern/spec_vnops.c:215
VOP_READ(fffffd806e5c1b38,ffff80002a882eb0,0,fffffd8007bfb8f0) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
vn_read(fffffd806c23c780,ffff80002a882eb0,1) at vn_read+0x16d sys/kern/vfs_vnops.c:369
dofilereadv(ffff80002a86d500,3,ffff80002a882eb0,1,ffff80002a882f60) at dofilereadv+0x25a sys/kern/sys_generic.c:252
sys_preadv(ffff80002a86d500,ffff80002a883010,ffff80002a882f60) at sys_preadv+0xe3 sys/kern/vfs_syscalls.c:3336
syscall(ffff80002a883010) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a883010) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x455ba7aa8a0, count: -19
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a8823b0
rbx 0xfffffd806734df00
rdx 0xffff800001468ac0
rcx 0
rax 0xffff80002a86d500
r8 0x101010101010101
r9 0x8080808080808080
r10 0x33ce7bec163c4be5
r11 0xc7f6275ee194f6a0
r12 0
r13 0x18d10b251841312e
r14 0
r15 0x1
rip 0xffffffff819ff715 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002a8823a0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=430541 pid=94738 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=80, usrpri=81, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a86c808,0xffff80002a787ca0
process=0xffff80003c9e16a0 user=0xffff80002a87e000, vmspace=0xfffffd806ec0de68
estcpu=31, cpticks=4, pctcpu=0.0, user=0, sys=4, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
98159 184415 69813 0 2 0 syz-executor
98159 353492 69813 0 3 0x4000080 fsleep syz-executor
39971 25860 62731 0 2 0 syz-executor
39971 380408 62731 0 3 0x4000080 fsleep syz-executor
86924 358309 21877 0 2 0 syz-executor
86924 381641 21877 0 3 0x4000080 fsleep syz-executor
86924 483536 21877 0 3 0x4000080 fsleep syz-executor
45143 175007 67714 0 2 0 syz-executor
45143 479067 67714 0 3 0x4000080 fsleep syz-executor
45143 250963 67714 0 2 0x4000000 syz-executor
76922 158815 61064 0 2 0 syz-executor
76922 33074 61064 0 3 0x4000080 fsleep syz-executor
76922 402412 61064 0 3 0x4000080 fsleep syz-executor
76922 100014 61064 0 3 0x4000080 fsleep syz-executor
94738 456427 76565 0 2 0 syz-executor
*94738 430541 76565 0 7 0x4000000 syz-executor
54216 258790 35066 0 2 0 syz-executor
54216 299659 35066 0 3 0x4000080 kqread syz-executor
54216 61271 35066 0 3 0x4000080 fsleep syz-executor
54216 34166 35066 0 3 0x4000080 fsleep syz-executor
90661 10395 50306 0 2 0 syz-executor
90661 429964 50306 0 3 0x4000080 kqpoll syz-executor
90661 133875 50306 0 3 0x4000080 fsleep syz-executor
6233 93631 1 0 3 0x100083 ttyopn getty
21877 265745 81843 0 3 0x82 nanoslp syz-executor
69813 514529 81843 0 3 0x82 nanoslp syz-executor
67714 425755 81843 0 3 0x82 nanoslp syz-executor
32290 130042 0 0 3 0x14280 nfsidl nfsio
1252 433616 0 0 3 0x14280 nfsidl nfsio
49379 214667 0 0 3 0x14280 nfsidl nfsio
16518 501782 0 0 3 0x14280 nfsidl nfsio
67449 184602 0 0 3 0x14280 nfsidl nfsio
70178 43437 0 0 3 0x14280 nfsidl nfsio
39203 147645 0 0 3 0x14280 nfsidl nfsio
87826 450572 0 0 3 0x14280 nfsidl nfsio
31108 222509 0 0 3 0x14280 nfsidl nfsio
94155 446701 0 0 3 0x14280 nfsidl nfsio
15682 101558 0 0 3 0x14280 nfsidl nfsio
92556 47275 0 0 3 0x14280 nfsidl nfsio
68839 347522 0 0 3 0x14280 nfsidl nfsio
28541 405211 0 0 3 0x14280 nfsidl nfsio
96844 274509 0 0 3 0x14280 nfsidl nfsio
86085 360043 0 0 3 0x14280 nfsidl nfsio
28197 393394 0 0 3 0x14280 nfsidl nfsio
63373 16023 0 0 3 0x14280 nfsidl nfsio
93365 431905 0 0 3 0x14280 nfsidl nfsio
76983 513077 0 0 3 0x14280 nfsidl nfsio
76565 359366 81843 0 3 0x82 nanoslp syz-executor
61064 215034 81843 0 3 0x82 nanoslp syz-executor
35066 301941 81843 0 3 0x82 nanoslp syz-executor
17039 314217 0 0 3 0x14200 bored sosplice
50306 91299 81843 0 3 0x82 nanoslp syz-executor
62731 251168 81843 0 3 0x82 nanoslp syz-executor
81843 188743 7070 0 3 0x82 kqread syz-executor
7070 508172 51394 0 3 0x10008a sigsusp ksh
51394 304562 69984 0 3 0x98 kqread sshd-session
69984 189661 38042 0 3 0x92 kqread sshd-session
38042 212577 1 0 3 0x88 kqread sshd
93408 301770 30838 73 3 0x1100090 kqread syslogd
30838 510435 1 0 3 0x100082 sbwait syslogd
32761 500832 1 0 3 0x100080 kqread resolvd
30139 433321 39067 77 3 0x100092 kqread dhcpleased
28331 345886 39067 77 3 0x100092 kqread dhcpleased
39067 456156 1 0 3 0x80 kqread dhcpleased
75007 300855 0 0 3 0x14200 bored smr
2821 10253 0 0 2 0x14200 zerothread
75877 432092 0 0 3 0x14200 aiodoned aiodoned
49427 330266 0 0 3 0x14200 syncer update
80181 467071 0 0 3 0x14200 cleaner cleaner
2152 5629 0 0 3 0x14200 reaper reaper
87543 42053 0 0 3 0x14200 pgdaemon pagedaemon
41297 510293 0 0 3 0x14200 bored viomb
74312 123424 0 0 3 0x40014200 acpi0 acpi0
87884 28596 0 0 3 0x14200 bored softnet0
41331 393894 0 0 3 0x14200 smrbar systqmp
44140 309873 0 0 3 0x14200 bored systq
53238 55365 0 0 3 0x40014200 tmoslp softclock
92047 155963 0 0 3 0x40014200 idle0
1 279861 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10202 11142K 11693K 166960K 14533 0
pcb 17 20K 22K 166960K 427 0
rtable 251 13K 14K 166960K 891 0
pf 37 14K 67481K 166960K 293 0
ifaddr 42 8K 8K 166960K 161 0
ifgroup 58 2K 2K 166960K 276 0
sysctl 4 1K 9K 166960K 87 0
counters 34 18K 18K 166960K 142 0
ioctlops 0 0K 4K 166960K 608 0
iov 1 2K 17K 166960K 297 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1472 92K 93K 166960K 3259 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 23 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 52 0
dirhash 12 2K 2K 166960K 45 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 240K 166960K 2042 0
sigio 0 0K 0K 166960K 39 0
proc 60 59K 116K 166960K 895 0
subproc 72 4K 4K 166960K 136 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 496 0
in_multi 86 6K 7K 166960K 297 0
ether_multi 1 0K 0K 166960K 52 0
mrt 2 0K 0K 166960K 9 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 109 493K 493K 166960K 109 0
exec 0 0K 1K 166960K 713 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 4 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 250 151K 177K 166960K 19546 0
UVM aobj 87 11K 11K 166960K 91 0
pinsyscall 39 78K 96K 166960K 3291 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 178 0
NDP 13 0K 2K 166960K 113 0
temp 77 8650K 8776K 166960K 65549 0
kqueue 16 24K 31K 166960K 406 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 164 0 161 1 0 1 1 0 8 0
rtentry 136 223 0 133 4 0 4 4 0 8 0
unpcb 144 1541 0 1524 10 8 2 6 0 8 1
syncache 336 7 0 7 1 1 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 736 905 0 897 26 22 4 13 0 8 3
arp 96 39 0 20 1 0 1 1 0 8 0
ipq 40 5 0 5 1 0 1 1 0 8 1
ipqe 40 7 0 7 1 0 1 1 0 8 1
inpcb 328 2363 0 2351 22 18 4 12 0 8 2
ip6q 72 7 0 7 3 2 1 1 0 8 1
ip6af 40 13 0 13 3 2 1 1 0 8 1
nd6 112 50 0 27 1 0 1 1 0 8 0
pkpcb 40 13 0 13 3 2 1 1 0 8 1
kcovpl 48 15 0 7 1 0 1 1 0 8 0
ppxss 1072 78 0 78 4 3 1 1 0 8 1
pppxif 1384 8 0 8 2 1 1 1 0 8 1
pfstscr 40 1 0 0 1 0 1 1 0 8 0
pfrktable 1344 2 0 2 2 2 0 1 0 8 0
pfanchor 1288 2 0 2 1 1 0 1 0 8 0
pfstitem 24 5 0 0 1 0 1 1 0 8 0
pfstkey 128 71 0 67 1 0 1 1 0 8 0
pfstate 384 36 0 33 1 0 1 1 0 8 0
pfrule 1344 6 0 6 2 2 0 1 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 980 0 574 36 10 26 31 0 8 0
art_table 40 982 0 574 5 0 5 5 0 8 0
art_node 32 223 0 144 1 0 1 1 0 8 0
sysvmsgpl 40 3 0 1 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 49 0 39 1 0 1 1 0 8 0
shmpl 112 88 0 4 3 0 3 3 0 8 0
dirhash 1024 39 0 22 3 0 3 3 0 8 0
dino2pl 256 5028 0 3513 96 0 96 96 0 8 0
ffsino 256 5028 0 3513 96 0 96 96 0 8 0
nchpl 144 7733 0 6017 65 0 65 65 0 8 0
rtmask 32 22 0 22 3 3 0 1 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 26889 0 26889 5 4 1 2 0 8 1
kstatmem 264 164 0 138 3 0 3 3 0 8 1
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 11 0 11 4 3 1 1 0 8 1
scxspl 216 24496 0 24496 15 14 1 8 1 8 1
plimitpl 152 555 0 538 1 0 1 1 0 8 0
sigapl 424 2321 0 2257 8 0 8 8 0 8 0
knotepl 120 99587 0 99537 42 32 10 17 0 8 6
kqueuepl 184 797 0 783 4 3 1 4 0 8 0
pipepl 304 383 0 355 5 2 3 5 0 8 0
fdescpl 448 2281 0 2251 5 1 4 5 0 8 0
filepl 120 15324 0 15109 18 7 11 14 0 8 2
lockfpl 104 922 0 920 3 1 2 2 0 8 1
lockfspl 48 331 0 329 1 0 1 1 0 8 0
sessionpl 144 33 0 25 1 0 1 1 0 8 0
pgrppl 48 75 0 59 1 0 1 1 0 8 0
ucredpl 104 2526 0 2515 1 0 1 1 0 8 0
zombiepl 144 3086 0 3086 1 0 1 1 0 8 1
processpl 1152 2321 0 2257 5 0 5 5 0 8 0
procpl 664 5363 0 5284 9 1 8 8 0 8 0
sosppl 168 5 0 5 3 2 1 1 0 8 1
sockpl 552 4168 0 4136 26 21 5 13 0 8 2
mcl64k 65536 486 0 486 2 1 1 1 0 8 1
mcl16k 16384 67 0 67 2 1 1 1 0 8 1
mcl12k 12288 2 0 2 2 2 0 1 0 8 0
mcl8k 8192 19 0 19 4 3 1 1 0 8 1
mcl4k 4096 5075 0 5023 16 8 8 14 0 8 1
mcl2k2 2112 24 0 24 3 2 1 2 0 8 1
mcl2k 2048 2941 0 2939 6 5 1 5 0 8 0
mtagpl 96 22 0 17 1 0 1 1 0 8 0
mbufpl 256 27147 0 27019 80 65 15 70 0 8 4
bufpl 280 7820 0 1598 445 0 445 445 0 8 0
anonpl 24 325456 0 318704 125 57 68 68 0 187 27
amapchunkpl 152 68407 0 67782 66 34 32 39 0 158 7
amappl16 200 6164 0 6009 55 40 15 27 0 8 6
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 17 0 17 1 1 0 1 0 8 0
amappl13 176 487 0 486 1 0 1 1 0 8 0
amappl12 168 2672 0 2633 3 1 2 3 0 8 0
amappl11 160 9 0 9 1 1 0 1 0 8 0
amappl10 152 42 0 32 1 0 1 1 0 8 0
amappl9 144 252 0 252 1 1 0 1 0 8 0
amappl8 136 27 0 25 1 0 1 1 0 8 0
amappl7 128 105 0 104 1 0 1 1 0 8 0
amappl6 120 363 0 350 1 0 1 1 0 8 0
amappl5 112 82 0 74 1 0 1 1 0 8 0
amappl4 104 430 0 407 1 0 1 1 0 8 0
amappl3 96 12092 0 11990 3 0 3 3 0 8 0
amappl2 88 2397 0 2324 2 0 2 2 0 8 0
amappl1 80 17666 0 17123 14 0 14 14 0 8 1
amappl 88 18419 0 18236 6 1 5 5 0 92 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
dma32768 32768 1 0 1 1 1 0 1 0 8 0
dma8192 8192 3 0 3 2 2 0 1 0 8 0
dma4096 4096 2 0 2 2 2 0 1 0 8 0
dma2048 2048 2 0 2 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma512 512 1 0 1 1 0 1 1 0 8 1
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 256 0 256 3 2 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 21 0 20 1 0 1 1 0 8 0
aobjpl 72 90 0 4 2 0 2 2 0 8 0
uaddrrnd 24 2281 0 2251 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2281 0 2251 1 0 1 1 0 8 0
vmmpekpl 168 17472 0 17412 3 0 3 3 0 8 0
vmmpepl 168 147307 0 145312 118 10 108 108 0 357 15
vmsppl 368 2280 0 2251 4 1 3 4 0 8 0
rwobjpl 40 44334 0 37321 71 0 71 71 0 8 0
pdppl 4096 4568 0 4502 136 70 66 80 0 8 0
pvpl 32 944177 0 931665 250 108 142 142 0 265 41
pvpl: pool(0xffffffff8394d5a0:pvpl): free list modified: page 0xfffffd806734d000; item ordinal 0; addr 0xfffffd806734df00 (p 0xfffffd806734d000); offset 0x0=0xffffffff83888000
pmappl 216 2280 0 2251 3 1 2 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 529 0 199 12 0 12 12 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8338d4a6) at panic+0x1cf sys/kern/subr_prf.c:198
pool_do_get(ffffffff8394d5a0,2,ffff80002a882548) at pool_do_get+0x574 sys/kern/subr_pool.c:743
pool_get(ffffffff8394d5a0,2) at pool_get+0x11a sys/kern/subr_pool.c:-1
pmap_enter(fffffd8070e03880,200000b98000,63445000,3,22) at pmap_enter+0x1dc sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_lower(ffff80002a882860,ffff80002a882898,ffff80002a8827e0) at uvm_fault_lower+0x7d6 sys/uvm/uvm_fault.c:1520
uvm_fault(fffffd806ec0de68,200000b98000,0,2) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1
kpageflttrap(ffff80002a882a00,200000b98000) at kpageflttrap+0x2d1 sys/arch/amd64/amd64/trap.c:-1
kerntrap(ffff80002a882a00) at kerntrap+0x186 sys/arch/amd64/amd64/trap.c:491
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
mmrw(20c,ffff80002a882eb0,0) at mmrw+0x3d6 sys/arch/amd64/amd64/mem.c:-1
spec_read(ffff80002a882c90) at spec_read+0x142 sys/kern/spec_vnops.c:215
VOP_READ(fffffd806e5c1b38,ffff80002a882eb0,0,fffffd8007bfb8f0) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
vn_read(fffffd806c23c780,ffff80002a882eb0,1) at vn_read+0x16d sys/kern/vfs_vnops.c:369
dofilereadv(ffff80002a86d500,3,ffff80002a882eb0,1,ffff80002a882f60) at dofilereadv+0x25a sys/kern/sys_generic.c:252
sys_preadv(ffff80002a86d500,ffff80002a883010,ffff80002a882f60) at sys_preadv+0xe3 sys/kern/vfs_syscalls.c:3336
syscall(ffff80002a883010) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a883010) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x455ba7aa8a0, count: -19
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8338d4a6) at panic+0x1cf sys/kern/subr_prf.c:198
pool_do_get(ffffffff8394d5a0,2,ffff80002a882548) at pool_do_get+0x574 sys/kern/subr_pool.c:743
pool_get(ffffffff8394d5a0,2) at pool_get+0x11a sys/kern/subr_pool.c:-1
pmap_enter(fffffd8070e03880,200000b98000,63445000,3,22) at pmap_enter+0x1dc sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_lower(ffff80002a882860,ffff80002a882898,ffff80002a8827e0) at uvm_fault_lower+0x7d6 sys/uvm/uvm_fault.c:1520
uvm_fault(fffffd806ec0de68,200000b98000,0,2) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1
kpageflttrap(ffff80002a882a00,200000b98000) at kpageflttrap+0x2d1 sys/arch/amd64/amd64/trap.c:-1
kerntrap(ffff80002a882a00) at kerntrap+0x186 sys/arch/amd64/amd64/trap.c:491
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
mmrw(20c,ffff80002a882eb0,0) at mmrw+0x3d6 sys/arch/amd64/amd64/mem.c:-1
spec_read(ffff80002a882c90) at spec_read+0x142 sys/kern/spec_vnops.c:215
VOP_READ(fffffd806e5c1b38,ffff80002a882eb0,0,fffffd8007bfb8f0) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
vn_read(fffffd806c23c780,ffff80002a882eb0,1) at vn_read+0x16d sys/kern/vfs_vnops.c:369
dofilereadv(ffff80002a86d500,3,ffff80002a882eb0,1,ffff80002a882f60) at dofilereadv+0x25a sys/kern/sys_generic.c:252
sys_preadv(ffff80002a86d500,ffff80002a883010,ffff80002a882f60) at sys_preadv+0xe3 sys/kern/vfs_syscalls.c:3336
syscall(ffff80002a883010) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a883010) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x455ba7aa8a0, count: -19
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: ebf1dab469cf just skip the test if $PATH or $HOME has whit..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1507d734580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=81751b013a0cca45b174
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4817b2cafde9/disk-ebf1dab4.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/f267c1a2fb8b/bsd-ebf1dab4.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7e5595d0895d/kernel-ebf1dab4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+81751b...@syzkaller.appspotmail.com
panic: pool_do_get: pvpl free list modified: page 0xfffffd806734d000; item addr 0xfffffd806734df00; offset 0x0=0xffffffff83888000 != 0x2c0aa41eab05b81d
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*430541 94738 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8338d4a6) at panic+0x1cf sys/kern/subr_prf.c:198
pool_do_get(ffffffff8394d5a0,2,ffff80002a882548) at pool_do_get+0x574 sys/kern/subr_pool.c:743
pool_get(ffffffff8394d5a0,2) at pool_get+0x11a sys/kern/subr_pool.c:-1
pmap_enter(fffffd8070e03880,200000b98000,63445000,3,22) at pmap_enter+0x1dc sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_lower(ffff80002a882860,ffff80002a882898,ffff80002a8827e0) at uvm_fault_lower+0x7d6 sys/uvm/uvm_fault.c:1520
uvm_fault(fffffd806ec0de68,200000b98000,0,2) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1
kpageflttrap(ffff80002a882a00,200000b98000) at kpageflttrap+0x2d1 sys/arch/amd64/amd64/trap.c:-1
kerntrap(ffff80002a882a00) at kerntrap+0x186 sys/arch/amd64/amd64/trap.c:491
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
mmrw(20c,ffff80002a882eb0,0) at mmrw+0x3d6 sys/arch/amd64/amd64/mem.c:-1
spec_read(ffff80002a882c90) at spec_read+0x142 sys/kern/spec_vnops.c:215
VOP_READ(fffffd806e5c1b38,ffff80002a882eb0,0,fffffd8007bfb8f0) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
end trace frame: 0xffff80002a882d80, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: pool_do_get: pvpl free list modified: page 0xfffffd806734d000; item addr 0xfffffd806734df00; offset 0x0=0xffffffff83888000 != 0x2c0aa41eab05b81d
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8338d4a6) at panic+0x1cf sys/kern/subr_prf.c:198
pool_do_get(ffffffff8394d5a0,2,ffff80002a882548) at pool_do_get+0x574 sys/kern/subr_pool.c:743
pool_get(ffffffff8394d5a0,2) at pool_get+0x11a sys/kern/subr_pool.c:-1
pmap_enter(fffffd8070e03880,200000b98000,63445000,3,22) at pmap_enter+0x1dc sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_lower(ffff80002a882860,ffff80002a882898,ffff80002a8827e0) at uvm_fault_lower+0x7d6 sys/uvm/uvm_fault.c:1520
uvm_fault(fffffd806ec0de68,200000b98000,0,2) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1
kpageflttrap(ffff80002a882a00,200000b98000) at kpageflttrap+0x2d1 sys/arch/amd64/amd64/trap.c:-1
kerntrap(ffff80002a882a00) at kerntrap+0x186 sys/arch/amd64/amd64/trap.c:491
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
mmrw(20c,ffff80002a882eb0,0) at mmrw+0x3d6 sys/arch/amd64/amd64/mem.c:-1
spec_read(ffff80002a882c90) at spec_read+0x142 sys/kern/spec_vnops.c:215
VOP_READ(fffffd806e5c1b38,ffff80002a882eb0,0,fffffd8007bfb8f0) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
vn_read(fffffd806c23c780,ffff80002a882eb0,1) at vn_read+0x16d sys/kern/vfs_vnops.c:369
dofilereadv(ffff80002a86d500,3,ffff80002a882eb0,1,ffff80002a882f60) at dofilereadv+0x25a sys/kern/sys_generic.c:252
sys_preadv(ffff80002a86d500,ffff80002a883010,ffff80002a882f60) at sys_preadv+0xe3 sys/kern/vfs_syscalls.c:3336
syscall(ffff80002a883010) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a883010) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x455ba7aa8a0, count: -19
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a8823b0
rbx 0xfffffd806734df00
rdx 0xffff800001468ac0
rcx 0
rax 0xffff80002a86d500
r8 0x101010101010101
r9 0x8080808080808080
r10 0x33ce7bec163c4be5
r11 0xc7f6275ee194f6a0
r12 0
r13 0x18d10b251841312e
r14 0
r15 0x1
rip 0xffffffff819ff715 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002a8823a0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=430541 pid=94738 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=80, usrpri=81, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a86c808,0xffff80002a787ca0
process=0xffff80003c9e16a0 user=0xffff80002a87e000, vmspace=0xfffffd806ec0de68
estcpu=31, cpticks=4, pctcpu=0.0, user=0, sys=4, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
98159 184415 69813 0 2 0 syz-executor
98159 353492 69813 0 3 0x4000080 fsleep syz-executor
39971 25860 62731 0 2 0 syz-executor
39971 380408 62731 0 3 0x4000080 fsleep syz-executor
86924 358309 21877 0 2 0 syz-executor
86924 381641 21877 0 3 0x4000080 fsleep syz-executor
86924 483536 21877 0 3 0x4000080 fsleep syz-executor
45143 175007 67714 0 2 0 syz-executor
45143 479067 67714 0 3 0x4000080 fsleep syz-executor
45143 250963 67714 0 2 0x4000000 syz-executor
76922 158815 61064 0 2 0 syz-executor
76922 33074 61064 0 3 0x4000080 fsleep syz-executor
76922 402412 61064 0 3 0x4000080 fsleep syz-executor
76922 100014 61064 0 3 0x4000080 fsleep syz-executor
94738 456427 76565 0 2 0 syz-executor
*94738 430541 76565 0 7 0x4000000 syz-executor
54216 258790 35066 0 2 0 syz-executor
54216 299659 35066 0 3 0x4000080 kqread syz-executor
54216 61271 35066 0 3 0x4000080 fsleep syz-executor
54216 34166 35066 0 3 0x4000080 fsleep syz-executor
90661 10395 50306 0 2 0 syz-executor
90661 429964 50306 0 3 0x4000080 kqpoll syz-executor
90661 133875 50306 0 3 0x4000080 fsleep syz-executor
6233 93631 1 0 3 0x100083 ttyopn getty
21877 265745 81843 0 3 0x82 nanoslp syz-executor
69813 514529 81843 0 3 0x82 nanoslp syz-executor
67714 425755 81843 0 3 0x82 nanoslp syz-executor
32290 130042 0 0 3 0x14280 nfsidl nfsio
1252 433616 0 0 3 0x14280 nfsidl nfsio
49379 214667 0 0 3 0x14280 nfsidl nfsio
16518 501782 0 0 3 0x14280 nfsidl nfsio
67449 184602 0 0 3 0x14280 nfsidl nfsio
70178 43437 0 0 3 0x14280 nfsidl nfsio
39203 147645 0 0 3 0x14280 nfsidl nfsio
87826 450572 0 0 3 0x14280 nfsidl nfsio
31108 222509 0 0 3 0x14280 nfsidl nfsio
94155 446701 0 0 3 0x14280 nfsidl nfsio
15682 101558 0 0 3 0x14280 nfsidl nfsio
92556 47275 0 0 3 0x14280 nfsidl nfsio
68839 347522 0 0 3 0x14280 nfsidl nfsio
28541 405211 0 0 3 0x14280 nfsidl nfsio
96844 274509 0 0 3 0x14280 nfsidl nfsio
86085 360043 0 0 3 0x14280 nfsidl nfsio
28197 393394 0 0 3 0x14280 nfsidl nfsio
63373 16023 0 0 3 0x14280 nfsidl nfsio
93365 431905 0 0 3 0x14280 nfsidl nfsio
76983 513077 0 0 3 0x14280 nfsidl nfsio
76565 359366 81843 0 3 0x82 nanoslp syz-executor
61064 215034 81843 0 3 0x82 nanoslp syz-executor
35066 301941 81843 0 3 0x82 nanoslp syz-executor
17039 314217 0 0 3 0x14200 bored sosplice
50306 91299 81843 0 3 0x82 nanoslp syz-executor
62731 251168 81843 0 3 0x82 nanoslp syz-executor
81843 188743 7070 0 3 0x82 kqread syz-executor
7070 508172 51394 0 3 0x10008a sigsusp ksh
51394 304562 69984 0 3 0x98 kqread sshd-session
69984 189661 38042 0 3 0x92 kqread sshd-session
38042 212577 1 0 3 0x88 kqread sshd
93408 301770 30838 73 3 0x1100090 kqread syslogd
30838 510435 1 0 3 0x100082 sbwait syslogd
32761 500832 1 0 3 0x100080 kqread resolvd
30139 433321 39067 77 3 0x100092 kqread dhcpleased
28331 345886 39067 77 3 0x100092 kqread dhcpleased
39067 456156 1 0 3 0x80 kqread dhcpleased
75007 300855 0 0 3 0x14200 bored smr
2821 10253 0 0 2 0x14200 zerothread
75877 432092 0 0 3 0x14200 aiodoned aiodoned
49427 330266 0 0 3 0x14200 syncer update
80181 467071 0 0 3 0x14200 cleaner cleaner
2152 5629 0 0 3 0x14200 reaper reaper
87543 42053 0 0 3 0x14200 pgdaemon pagedaemon
41297 510293 0 0 3 0x14200 bored viomb
74312 123424 0 0 3 0x40014200 acpi0 acpi0
87884 28596 0 0 3 0x14200 bored softnet0
41331 393894 0 0 3 0x14200 smrbar systqmp
44140 309873 0 0 3 0x14200 bored systq
53238 55365 0 0 3 0x40014200 tmoslp softclock
92047 155963 0 0 3 0x40014200 idle0
1 279861 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10202 11142K 11693K 166960K 14533 0
pcb 17 20K 22K 166960K 427 0
rtable 251 13K 14K 166960K 891 0
pf 37 14K 67481K 166960K 293 0
ifaddr 42 8K 8K 166960K 161 0
ifgroup 58 2K 2K 166960K 276 0
sysctl 4 1K 9K 166960K 87 0
counters 34 18K 18K 166960K 142 0
ioctlops 0 0K 4K 166960K 608 0
iov 1 2K 17K 166960K 297 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1472 92K 93K 166960K 3259 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 23 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 52 0
dirhash 12 2K 2K 166960K 45 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 240K 166960K 2042 0
sigio 0 0K 0K 166960K 39 0
proc 60 59K 116K 166960K 895 0
subproc 72 4K 4K 166960K 136 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 496 0
in_multi 86 6K 7K 166960K 297 0
ether_multi 1 0K 0K 166960K 52 0
mrt 2 0K 0K 166960K 9 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 109 493K 493K 166960K 109 0
exec 0 0K 1K 166960K 713 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 4 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 250 151K 177K 166960K 19546 0
UVM aobj 87 11K 11K 166960K 91 0
pinsyscall 39 78K 96K 166960K 3291 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 178 0
NDP 13 0K 2K 166960K 113 0
temp 77 8650K 8776K 166960K 65549 0
kqueue 16 24K 31K 166960K 406 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 164 0 161 1 0 1 1 0 8 0
rtentry 136 223 0 133 4 0 4 4 0 8 0
unpcb 144 1541 0 1524 10 8 2 6 0 8 1
syncache 336 7 0 7 1 1 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 736 905 0 897 26 22 4 13 0 8 3
arp 96 39 0 20 1 0 1 1 0 8 0
ipq 40 5 0 5 1 0 1 1 0 8 1
ipqe 40 7 0 7 1 0 1 1 0 8 1
inpcb 328 2363 0 2351 22 18 4 12 0 8 2
ip6q 72 7 0 7 3 2 1 1 0 8 1
ip6af 40 13 0 13 3 2 1 1 0 8 1
nd6 112 50 0 27 1 0 1 1 0 8 0
pkpcb 40 13 0 13 3 2 1 1 0 8 1
kcovpl 48 15 0 7 1 0 1 1 0 8 0
ppxss 1072 78 0 78 4 3 1 1 0 8 1
pppxif 1384 8 0 8 2 1 1 1 0 8 1
pfstscr 40 1 0 0 1 0 1 1 0 8 0
pfrktable 1344 2 0 2 2 2 0 1 0 8 0
pfanchor 1288 2 0 2 1 1 0 1 0 8 0
pfstitem 24 5 0 0 1 0 1 1 0 8 0
pfstkey 128 71 0 67 1 0 1 1 0 8 0
pfstate 384 36 0 33 1 0 1 1 0 8 0
pfrule 1344 6 0 6 2 2 0 1 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 980 0 574 36 10 26 31 0 8 0
art_table 40 982 0 574 5 0 5 5 0 8 0
art_node 32 223 0 144 1 0 1 1 0 8 0
sysvmsgpl 40 3 0 1 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 49 0 39 1 0 1 1 0 8 0
shmpl 112 88 0 4 3 0 3 3 0 8 0
dirhash 1024 39 0 22 3 0 3 3 0 8 0
dino2pl 256 5028 0 3513 96 0 96 96 0 8 0
ffsino 256 5028 0 3513 96 0 96 96 0 8 0
nchpl 144 7733 0 6017 65 0 65 65 0 8 0
rtmask 32 22 0 22 3 3 0 1 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 26889 0 26889 5 4 1 2 0 8 1
kstatmem 264 164 0 138 3 0 3 3 0 8 1
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 11 0 11 4 3 1 1 0 8 1
scxspl 216 24496 0 24496 15 14 1 8 1 8 1
plimitpl 152 555 0 538 1 0 1 1 0 8 0
sigapl 424 2321 0 2257 8 0 8 8 0 8 0
knotepl 120 99587 0 99537 42 32 10 17 0 8 6
kqueuepl 184 797 0 783 4 3 1 4 0 8 0
pipepl 304 383 0 355 5 2 3 5 0 8 0
fdescpl 448 2281 0 2251 5 1 4 5 0 8 0
filepl 120 15324 0 15109 18 7 11 14 0 8 2
lockfpl 104 922 0 920 3 1 2 2 0 8 1
lockfspl 48 331 0 329 1 0 1 1 0 8 0
sessionpl 144 33 0 25 1 0 1 1 0 8 0
pgrppl 48 75 0 59 1 0 1 1 0 8 0
ucredpl 104 2526 0 2515 1 0 1 1 0 8 0
zombiepl 144 3086 0 3086 1 0 1 1 0 8 1
processpl 1152 2321 0 2257 5 0 5 5 0 8 0
procpl 664 5363 0 5284 9 1 8 8 0 8 0
sosppl 168 5 0 5 3 2 1 1 0 8 1
sockpl 552 4168 0 4136 26 21 5 13 0 8 2
mcl64k 65536 486 0 486 2 1 1 1 0 8 1
mcl16k 16384 67 0 67 2 1 1 1 0 8 1
mcl12k 12288 2 0 2 2 2 0 1 0 8 0
mcl8k 8192 19 0 19 4 3 1 1 0 8 1
mcl4k 4096 5075 0 5023 16 8 8 14 0 8 1
mcl2k2 2112 24 0 24 3 2 1 2 0 8 1
mcl2k 2048 2941 0 2939 6 5 1 5 0 8 0
mtagpl 96 22 0 17 1 0 1 1 0 8 0
mbufpl 256 27147 0 27019 80 65 15 70 0 8 4
bufpl 280 7820 0 1598 445 0 445 445 0 8 0
anonpl 24 325456 0 318704 125 57 68 68 0 187 27
amapchunkpl 152 68407 0 67782 66 34 32 39 0 158 7
amappl16 200 6164 0 6009 55 40 15 27 0 8 6
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 17 0 17 1 1 0 1 0 8 0
amappl13 176 487 0 486 1 0 1 1 0 8 0
amappl12 168 2672 0 2633 3 1 2 3 0 8 0
amappl11 160 9 0 9 1 1 0 1 0 8 0
amappl10 152 42 0 32 1 0 1 1 0 8 0
amappl9 144 252 0 252 1 1 0 1 0 8 0
amappl8 136 27 0 25 1 0 1 1 0 8 0
amappl7 128 105 0 104 1 0 1 1 0 8 0
amappl6 120 363 0 350 1 0 1 1 0 8 0
amappl5 112 82 0 74 1 0 1 1 0 8 0
amappl4 104 430 0 407 1 0 1 1 0 8 0
amappl3 96 12092 0 11990 3 0 3 3 0 8 0
amappl2 88 2397 0 2324 2 0 2 2 0 8 0
amappl1 80 17666 0 17123 14 0 14 14 0 8 1
amappl 88 18419 0 18236 6 1 5 5 0 92 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
dma32768 32768 1 0 1 1 1 0 1 0 8 0
dma8192 8192 3 0 3 2 2 0 1 0 8 0
dma4096 4096 2 0 2 2 2 0 1 0 8 0
dma2048 2048 2 0 2 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma512 512 1 0 1 1 0 1 1 0 8 1
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 256 0 256 3 2 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 21 0 20 1 0 1 1 0 8 0
aobjpl 72 90 0 4 2 0 2 2 0 8 0
uaddrrnd 24 2281 0 2251 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2281 0 2251 1 0 1 1 0 8 0
vmmpekpl 168 17472 0 17412 3 0 3 3 0 8 0
vmmpepl 168 147307 0 145312 118 10 108 108 0 357 15
vmsppl 368 2280 0 2251 4 1 3 4 0 8 0
rwobjpl 40 44334 0 37321 71 0 71 71 0 8 0
pdppl 4096 4568 0 4502 136 70 66 80 0 8 0
pvpl 32 944177 0 931665 250 108 142 142 0 265 41
pvpl: pool(0xffffffff8394d5a0:pvpl): free list modified: page 0xfffffd806734d000; item ordinal 0; addr 0xfffffd806734df00 (p 0xfffffd806734d000); offset 0x0=0xffffffff83888000
pmappl 216 2280 0 2251 3 1 2 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 529 0 199 12 0 12 12 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8338d4a6) at panic+0x1cf sys/kern/subr_prf.c:198
pool_do_get(ffffffff8394d5a0,2,ffff80002a882548) at pool_do_get+0x574 sys/kern/subr_pool.c:743
pool_get(ffffffff8394d5a0,2) at pool_get+0x11a sys/kern/subr_pool.c:-1
pmap_enter(fffffd8070e03880,200000b98000,63445000,3,22) at pmap_enter+0x1dc sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_lower(ffff80002a882860,ffff80002a882898,ffff80002a8827e0) at uvm_fault_lower+0x7d6 sys/uvm/uvm_fault.c:1520
uvm_fault(fffffd806ec0de68,200000b98000,0,2) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1
kpageflttrap(ffff80002a882a00,200000b98000) at kpageflttrap+0x2d1 sys/arch/amd64/amd64/trap.c:-1
kerntrap(ffff80002a882a00) at kerntrap+0x186 sys/arch/amd64/amd64/trap.c:491
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
mmrw(20c,ffff80002a882eb0,0) at mmrw+0x3d6 sys/arch/amd64/amd64/mem.c:-1
spec_read(ffff80002a882c90) at spec_read+0x142 sys/kern/spec_vnops.c:215
VOP_READ(fffffd806e5c1b38,ffff80002a882eb0,0,fffffd8007bfb8f0) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
vn_read(fffffd806c23c780,ffff80002a882eb0,1) at vn_read+0x16d sys/kern/vfs_vnops.c:369
dofilereadv(ffff80002a86d500,3,ffff80002a882eb0,1,ffff80002a882f60) at dofilereadv+0x25a sys/kern/sys_generic.c:252
sys_preadv(ffff80002a86d500,ffff80002a883010,ffff80002a882f60) at sys_preadv+0xe3 sys/kern/vfs_syscalls.c:3336
syscall(ffff80002a883010) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a883010) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x455ba7aa8a0, count: -19
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8338d4a6) at panic+0x1cf sys/kern/subr_prf.c:198
pool_do_get(ffffffff8394d5a0,2,ffff80002a882548) at pool_do_get+0x574 sys/kern/subr_pool.c:743
pool_get(ffffffff8394d5a0,2) at pool_get+0x11a sys/kern/subr_pool.c:-1
pmap_enter(fffffd8070e03880,200000b98000,63445000,3,22) at pmap_enter+0x1dc sys/arch/amd64/amd64/pmap.c:-1
uvm_fault_lower(ffff80002a882860,ffff80002a882898,ffff80002a8827e0) at uvm_fault_lower+0x7d6 sys/uvm/uvm_fault.c:1520
uvm_fault(fffffd806ec0de68,200000b98000,0,2) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1
kpageflttrap(ffff80002a882a00,200000b98000) at kpageflttrap+0x2d1 sys/arch/amd64/amd64/trap.c:-1
kerntrap(ffff80002a882a00) at kerntrap+0x186 sys/arch/amd64/amd64/trap.c:491
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
mmrw(20c,ffff80002a882eb0,0) at mmrw+0x3d6 sys/arch/amd64/amd64/mem.c:-1
spec_read(ffff80002a882c90) at spec_read+0x142 sys/kern/spec_vnops.c:215
VOP_READ(fffffd806e5c1b38,ffff80002a882eb0,0,fffffd8007bfb8f0) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
vn_read(fffffd806c23c780,ffff80002a882eb0,1) at vn_read+0x16d sys/kern/vfs_vnops.c:369
dofilereadv(ffff80002a86d500,3,ffff80002a882eb0,1,ffff80002a882f60) at dofilereadv+0x25a sys/kern/sys_generic.c:252
sys_preadv(ffff80002a86d500,ffff80002a883010,ffff80002a882f60) at sys_preadv+0xe3 sys/kern/vfs_syscalls.c:3336
syscall(ffff80002a883010) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a883010) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x455ba7aa8a0, count: -19
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages