pool: free list modified: mbufpl (5)
0 views
Skip to first unread message
syzbot
Nov 28, 2025, 9:55:31 PM (13 hours ago) Nov 28
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f9d861d10df2 Add "no banner" option to suppress Server hea..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10f88112580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=202933e4acc099883900
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3d1c29e36da5/disk-f9d861d1.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/fea98f4643b6/bsd-f9d861d1.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/79a57515701e/kernel-f9d861d1.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+202933...@syzkaller.appspotmail.com
panic: pool_p_free: mbufpl free list modified: page 0xfffffd80680c5000; item addr 0xfffffd80680c5e00; offset 0x0=0x0
Starting stack trace...
panic(ffffffff8334d627) at panic+0x1ba sys/kern/subr_prf.c:229
pool_p_free(ffffffff8398f440,fffffd80695bab08) at pool_p_free+0x28c sys/kern/subr_pool.c:1005
pool_reclaim(ffffffff8398f440) at pool_reclaim+0x2c2 sys/kern/subr_pool.c:1152
pool_reclaim_all() at pool_reclaim_all+0x48 sys/kern/subr_pool.c:-1
kern_sysctl(ffff80002a8a8fb4,1,0,ffff80002a8a8fe8,200000001440,4,5635bc0e9d51e5b0) at kern_sysctl+0x1094 sys/kern/kern_sysctl.c:686
sys_sysctl(ffff800031cfda10,ffff80002a8a9110,ffff80002a8a9060) at sys_sysctl+0x3e5 sys/kern/kern_sysctl.c:-1
syscall(ffff80002a8a9110) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8a9110) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xcebc3c6fce0, count: 249
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: f9d861d10df2 Add "no banner" option to suppress Server hea..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10f88112580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=202933e4acc099883900
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3d1c29e36da5/disk-f9d861d1.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/fea98f4643b6/bsd-f9d861d1.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/79a57515701e/kernel-f9d861d1.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+202933...@syzkaller.appspotmail.com
panic: pool_p_free: mbufpl free list modified: page 0xfffffd80680c5000; item addr 0xfffffd80680c5e00; offset 0x0=0x0
Starting stack trace...
panic(ffffffff8334d627) at panic+0x1ba sys/kern/subr_prf.c:229
pool_p_free(ffffffff8398f440,fffffd80695bab08) at pool_p_free+0x28c sys/kern/subr_pool.c:1005
pool_reclaim(ffffffff8398f440) at pool_reclaim+0x2c2 sys/kern/subr_pool.c:1152
pool_reclaim_all() at pool_reclaim_all+0x48 sys/kern/subr_pool.c:-1
kern_sysctl(ffff80002a8a8fb4,1,0,ffff80002a8a8fe8,200000001440,4,5635bc0e9d51e5b0) at kern_sysctl+0x1094 sys/kern/kern_sysctl.c:686
sys_sysctl(ffff800031cfda10,ffff80002a8a9110,ffff80002a8a9060) at sys_sysctl+0x3e5 sys/kern/kern_sysctl.c:-1
syscall(ffff80002a8a9110) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8a9110) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xcebc3c6fce0, count: 249
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages