pool: cpu free list modified: knotepl
0 views
Skip to first unread message
syzbot
Mar 16, 2026, 10:21:24 AMMar 16
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 15ef65f2835f make ttm_device_prepare_hibernation() return ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=154678da580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=44a5a5a73a236b28a93a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/77675697292d/disk-15ef65f2.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/aceb614d1439/bsd-15ef65f2.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5088c9860323/kernel-15ef65f2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+44a5a5...@syzkaller.appspotmail.com
panic: pool_cache_item_magic_check: knotepl cpu free list modified: item addr 0xfffffd806c5ed8f0+16 0x0!=0xc3b5562b45d7cefb
Starting stack trace...
panic(ffffffff8349a564) at panic+0x1d0 sys/kern/subr_prf.c:229
pool_cache_get(ffffffff839649f8) at pool_cache_get+0x3d4 sys/kern/subr_pool.c:1906
pool_get(ffffffff839649f8,9) at pool_get+0xd6 sys/kern/subr_pool.c:-1
kqueue_register(fffffd806f4d5b60,ffff80003c4935e0,7e,ffff80003c646ac0) at kqueue_register+0x1fb sys/kern/kern_event.c:1415
ppollregister_evts(ffff80003c646ac0,ffff80003c4935e0,1,ffff8000016043f0,7e) at ppollregister_evts+0xca sys/kern/sys_generic.c:1048
ppollregister(ffff80003c646ac0,ffff800001604000,fe,ffff80003c49395c,ffff80003c493958) at ppollregister+0x32f sys/kern/sys_generic.c:1146
doppoll(ffff80003c646ac0,200000000000,fe,ffff80003c4939e8,0,ffff80003c493a70) at doppoll+0x214 sys/kern/sys_generic.c:963
sys_poll(ffff80003c646ac0,ffff80003c493b20,ffff80003c493a70) at sys_poll+0xd8 sys/kern/sys_generic.c:-1
syscall(ffff80003c493b20) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c493b20) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x84e6ff61c0, count: 247
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 15ef65f2835f make ttm_device_prepare_hibernation() return ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=154678da580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=44a5a5a73a236b28a93a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/77675697292d/disk-15ef65f2.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/aceb614d1439/bsd-15ef65f2.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5088c9860323/kernel-15ef65f2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+44a5a5...@syzkaller.appspotmail.com
panic: pool_cache_item_magic_check: knotepl cpu free list modified: item addr 0xfffffd806c5ed8f0+16 0x0!=0xc3b5562b45d7cefb
Starting stack trace...
panic(ffffffff8349a564) at panic+0x1d0 sys/kern/subr_prf.c:229
pool_cache_get(ffffffff839649f8) at pool_cache_get+0x3d4 sys/kern/subr_pool.c:1906
pool_get(ffffffff839649f8,9) at pool_get+0xd6 sys/kern/subr_pool.c:-1
kqueue_register(fffffd806f4d5b60,ffff80003c4935e0,7e,ffff80003c646ac0) at kqueue_register+0x1fb sys/kern/kern_event.c:1415
ppollregister_evts(ffff80003c646ac0,ffff80003c4935e0,1,ffff8000016043f0,7e) at ppollregister_evts+0xca sys/kern/sys_generic.c:1048
ppollregister(ffff80003c646ac0,ffff800001604000,fe,ffff80003c49395c,ffff80003c493958) at ppollregister+0x32f sys/kern/sys_generic.c:1146
doppoll(ffff80003c646ac0,200000000000,fe,ffff80003c4939e8,0,ffff80003c493a70) at doppoll+0x214 sys/kern/sys_generic.c:963
sys_poll(ffff80003c646ac0,ffff80003c493b20,ffff80003c493a70) at sys_poll+0xd8 sys/kern/sys_generic.c:-1
syscall(ffff80003c493b20) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c493b20) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x84e6ff61c0, count: 247
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages