syzbot

 sign-in | mailing list | source | docs
🐞 Open [113]
🐞 Fixed [288]
🐞 Invalid [881]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

pool: free list modified: shmpl (6)

Status: upstream: reported on 2025/02/04 10:40
Reported-by: syzbot+640f5b53834a8559e680@syzkaller.appspotmail.com
First crash: 159d, last: 9h07m
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd pool: free list modified: shmpl (3) 1 1866d 1866d 0/3 auto-closed as invalid on 2020/09/01 15:24
openbsd pool: free list modified: shmpl C 22 2231d 2325d 3/3 fixed on 2019/10/29 17:45
openbsd pool: free list modified: shmpl (5) 43 238d 330d 0/3 auto-obsoleted due to no activity on 2025/01/07 01:02
openbsd pool: free list modified: shmpl (2) 1 2047d 2047d 0/3 auto-closed as invalid on 2020/03/04 23:09
openbsd pool: free list modified: shmpl (4) 1 608d 608d 0/3 auto-obsoleted due to no activity on 2024/02/11 22:36

Sample crash report:
panic: pool_do_get: shmpl free list modified: page 0xfffffd806248f000; item addr 0xfffffd806248f540; offset 0x40=0x68745136
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 154448  10382  32767        0x10          0    0  syz-executor
* 54875  10382  32767        0x10  0x4000000    1K syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833d6ff0) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff8398a760,1,ffff80002a2f4208) at pool_do_get+0x5ea sys/kern/subr_pool.c:-1
pool_get(ffffffff8398a760,1) at pool_get+0x149 sys/kern/subr_pool.c:-1
shmget_allocate_segment(ffff8000ffff1210,ffff80002a2f4460,100,ffff80002a2f43b0) at shmget_allocate_segment+0x1a7 sys/kern/sysv_shm.c:-1
sys_shmget(ffff8000ffff1210,ffff80002a2f4460,ffff80002a2f43b0) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:482
syscall(ffff80002a2f4460) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2f4460) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc70e78674f0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pool_do_get: shmpl free list modified: page 0xfffffd806248f000; item addr 0xfffffd806248f540; offset 0x40=0x68745136
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833d6ff0) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff8398a760,1,ffff80002a2f4208) at pool_do_get+0x5ea sys/kern/subr_pool.c:-1
pool_get(ffffffff8398a760,1) at pool_get+0x149 sys/kern/subr_pool.c:-1
shmget_allocate_segment(ffff8000ffff1210,ffff80002a2f4460,100,ffff80002a2f43b0) at shmget_allocate_segment+0x1a7 sys/kern/sysv_shm.c:-1
sys_shmget(ffff8000ffff1210,ffff80002a2f4460,ffff80002a2f43b0) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:482
syscall(ffff80002a2f4460) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2f4460) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc70e78674f0, count: -8
ddb{1}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80002a2f4040
rbx               0xffff8000299dedd7
rdx               0xffff80000143b980
rcx               0xffff8000ffff1210
rax               0xffff8000299ddff0
r8                 0x101010101010101
r9                0x8080808080808080
r10               0x8b0bcb40b3afb16f
r11               0x94d17a19b711af44
r12               0xffff8000299debd8
r13                                0
r14                                0
r15                              0x1
rip               0xffffffff81f73f45    db_enter+0x25
cs                               0x8
rflags                         0x246
rsp               0xffff80002a2f4030
ss                              0x10
db_enter+0x25:  addq    $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor) tid=54875 pid=10382 tcnt=2 stat=onproc
    flags process=10<SUGID> proc=4000000<THREAD>
    runpri=32, usrpri=63, slppri=32, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff8000ffff1c50,0xffffffff8393bab8
    process=0xffff80003b0104f8 user=0xffff80002a2ef000, vmspace=0xfffffd8069c82990
    estcpu=13, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 52596  326806  95932  32767  2        0x10                syz-executor
 10382  154448  91387  32767  7        0x10                syz-executor
*10382   54875  91387  32767  7   0x4000010                syz-executor
 68730  303190  20194  32767  2        0x10                syz-executor
 88501     593  30720  32767  2        0x10                syz-executor
 89573  406075  76063      0  2         0x2                syz-executor
 40597  397005      0      0  3     0x14200  bored         sosplice
 36551  112457  77721  32767  3        0x90  piperd        syz-executor
 28526  414025  35619  32767  3        0x90  piperd        syz-executor
 30720  414388  76421  32767  3        0x90  nanoslp       syz-executor
 95932  245925  12887  32767  2        0x10                syz-executor
 45548    5516  67526  32767  3        0x90  piperd        syz-executor
 20194  432924  97471  32767  3        0x90  nanoslp       syz-executor
 91387  450449  53657  32767  3        0x90  nanoslp       syz-executor
 77721  222027  76063      0  3        0x82  wait          syz-executor
 35619  365958  76063      0  3        0x82  wait          syz-executor
 67526  296931  76063      0  3        0x82  wait          syz-executor
 12887   64730  76063      0  3        0x82  wait          syz-executor
 53657  269279  76063      0  3        0x82  wait          syz-executor
 97471  426389  76063      0  3        0x82  wait          syz-executor
 76421  270948  76063      0  3        0x82  wait          syz-executor
 76063  259371  40359      0  2         0x2                syz-executor
 40359  372889  71205      0  3    0x10008a  sigsusp       ksh
 71205   12949  15847      0  3        0x98  kqread        sshd-session
 15847  202295  56413      0  3        0x92  kqread        sshd-session
 31790  225240      1      0  3    0x100083  ttyin         getty
 56413  280654      1      0  3        0x88  kqread        sshd
 94068  252279  93564     73  3   0x1100090  kqread        syslogd
 93564  383591      1      0  3    0x100082  sbwait        syslogd
  2618  478752      1      0  3    0x100080  kqread        resolvd
 80584  121838  62882     77  3    0x100092  kqread        dhcpleased
 11583   18541  62882     77  3    0x100092  kqread        dhcpleased
 62882  154601      1      0  3        0x80  kqread        dhcpleased
 24348  432791      0      0  3     0x14200  bored         smr
 42748  381947      0      0  2     0x14200                zerothread
 82912  302751      0      0  3     0x14200  aiodoned      aiodoned
 23382  232473      0      0  3     0x14200  syncer        update
 57449   85349      0      0  3     0x14200  cleaner       cleaner
 19485   80776      0      0  3     0x14200  reaper        reaper
 43262  415537      0      0  3     0x14200  pgdaemon      pagedaemon
 98007  394339      0      0  3     0x14200  bored         viomb
 34005  209616      0      0  3  0x40014200  acpi0         acpi0
 17161  167559      0      0  3  0x40014200                idle1
 52715  426650      0      0  3     0x14200  bored         softnet3
 99981  246742      0      0  3     0x14200  bored         softnet2
 85411  375102      0      0  3     0x14200  bored         softnet1
 84051  283186      0      0  2     0x14200                softnet0
 93927  202577      0      0  3     0x14200  bored         systqmp
 79271  478303      0      0  3     0x14200  bored         systq
 73688   48144      0      0  3     0x14200  tmoslp        softclockmp
 51299  146339      0      0  3  0x40014200  tmoslp        softclock
 54475   38129      0      0  3  0x40014200                idle0
     1   76754      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex shmpl r = 0 (0xffffffff8398a778)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1160
#1  mtx_enter_try+0x1ad sys/kern/kern_lock.c:311
#2  mtx_enter+0x62 sys/kern/kern_lock.c:261
#3  pool_get+0x10b sys/kern/subr_pool.c:578
#4  shmget_allocate_segment+0x1a7 sys/kern/sysv_shm.c:-1
#5  sys_shmget+0x1b2 sys/kern/sysv_shm.c:482
#6  syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6  syscall+0xb08 sys/arch/amd64/amd64/trap.c:748
#7  Xsyscall+0x128
Process 10382 (syz-executor) thread 0xffff8000ffff1210 (54875)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a1d2d0)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1160
#1  syscall+0xae6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#1  syscall+0xae6 sys/arch/amd64/amd64/trap.c:748
#2  Xsyscall+0x128
exclusive mutex shmpl r = 0 (0xffffffff8398a778)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1160
#1  mtx_enter_try+0x1ad sys/kern/kern_lock.c:311
#2  mtx_enter+0x62 sys/kern/kern_lock.c:261
#3  pool_get+0x10b sys/kern/subr_pool.c:578
#4  shmget_allocate_segment+0x1a7 sys/kern/sysv_shm.c:-1
#5  sys_shmget+0x1b2 sys/kern/sysv_shm.c:482
#6  syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6  syscall+0xb08 sys/arch/amd64/amd64/trap.c:748
#7  Xsyscall+0x128
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10189  10953K   10967K 166960K     11270        0
            pcb    17     12K      12K 166960K        17        0
         rtable   221      6K       7K 166960K       362        0
             pf    29     16K      16K 166960K        31        0
         ifaddr    38      6K       7K 166960K        44        0
        ifgroup    46      2K       2K 166960K        50        0
         sysctl     3      1K       9K 166960K        11        0
       counters    66     36K      36K 166960K        68        0
       ioctlops     0      0K       2K 166960K        39        0
            iov     0      0K      24K 166960K        30        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1334     84K      84K 166960K      1462        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K       9K 166960K        12        0
         VM map     2      1K       1K 166960K         2        0
            sem    12      0K       0K 166960K        28        0
        dirhash    12      2K       2K 166960K        18        0
           ACPI  1692    195K     286K 166960K     12470        0
      file desc    21     74K     129K 166960K       504        0
          sigio     0      0K       0K 166960K         8        0
           proc    58     79K     115K 166960K       500        0
        subproc    63      3K       4K 166960K       162        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K        63        0
       in_multi    88      6K       7K 166960K       111        0
    ether_multi     1      0K       0K 166960K         3        0
            mrt     2      0K       0K 166960K         2        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys    79    360K     360K 166960K        79        0
           exec     0      0K       1K 166960K       409        0
   fusefs mount     1     32K      32K 166960K         1        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   195    150K     186K 166960K      5966        0
       UVM aobj    14      3K       3K 166960K        15        0
     pinsyscall    42     84K     114K 166960K      1518        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       0K 166960K        28        0
            NDP    10      0K       2K 166960K        27        0
           temp    41   8676K    8742K 166960K      5276        0
         kqueue    13     20K      32K 166960K       102        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       26    0        0     1     0     1     1     0     8    0
rtpcb      120       53    0       50     1     0     1     1     0     8    0
rtentry    176      115    0       13     6     0     6     6     0     8    0
unpcb      144      543    0      528     6     3     3     6     0     8    2
syncache   336        8    0        7     1     0     1     1     0     8    0
tcpqe       32        1    0        1     1     1     0     1     0     8    0
tcpcb      736      196    0      189     7     2     5     7     0     8    4
arp        128       19    0        2     1     0     1     1     0     8    0
ipq         40        1    0        0     1     0     1     1     0     8    0
ipqe        40        1    0        0     1     0     1     1     0     8    0
inpcb      328      506    0      495     7     0     7     7     0     8    5
ip6q        72        1    0        0     1     0     1     1     0     8    0
ip6af       40        2    0        0     1     0     1     1     0     8    0
nd6        144       27    0        4     1     0     1     1     0     8    0
kcovpl      48       18    0       11     1     0     1     1     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      458    0       46    29     0    29    29     0     8    1
art_table   40      459    0       46     5     0     5     5     0     8    0
art_node    32      115    0       22     1     0     1     1     0     8    0
sysvmsgpl   40        1    0        1     1     1     0     1     0     8    0
semupl     112        1    0        1     1     1     0     1     0     8    0
semapl     112       24    0       14     1     0     1     1     0     8    0
shmpl      112       12    0        1     1     0     1     1     0     8    0
pool(0xffffffff8398a760:shmpl): page inconsistency: page 0xfffffd806248f000; 23 on list, 11 missing, 35 items per page
dirhash    1024      21    0        4     3     0     3     3     0     8    0
dino2pl    256     2021    0      502    96     0    96    96     0     8    0
ffsino     288     2021    0      502   109     0   109   109     0     8    0
nchpl      144     2658    0      976    63     0    63    63     0     8    0
uvmvnodes   80     2192    0        0    45     0    45    45     0     8    0
vnodes     216     2192    0        0   122     0   122   122     0     8    0
namei      1024    8240    0     8240     2     1     1     2     0     8    1
percpumem   16       49    0        1     1     0     1     1     0     8    0
kstatmem   264       24    0        2     2     0     2     2     0     8    0
scxspl     216     8648    0     8648    10     3     7     8     1     8    7
plimitpl   152      126    0      103     2     0     2     2     0     8    1
sigapl     424      759    0      707     8     0     8     8     0     8    0
knotepl    120      561    0        0    17     0    17    17     0     8    0
kqueuepl   224      142    0      133     2     0     2     2     0     8    1
pipepl     336      161    0      134     3     0     3     3     0     8    0
fdescpl    520      740    0      707     4     0     4     4     0     8    1
filepl     160     3823    0     3627    16     2    14    16     0     8    5
lockfpl    104      113    0      111     1     0     1     1     0     8    0
lockfspl    48       40    0       38     1     0     1     1     0     8    0
sessionpl  144       35    0       20     1     0     1     1     0     8    0
pgrppl      48       59    0       36     1     0     1     1     0     8    0
ucredpl    104      522    0      504     1     0     1     1     0     8    0
zombiepl   144      707    0      707     1     0     1     1     0     8    1
processpl  1240     759    0      707     5     0     5     5     0     8    0
procpl     656     1312    0     1259     7     1     6     7     0     8    0
sosppl     168        5    0        5     1     0     1     1     0     8    1
sockpl     728     1107    0     1078    16     7     9    16     0     8    5
mcl64k     65536      4    0        0     1     0     1     1     0     8    0
mcl12k     12288      1    0        0     1     0     1     1     0     8    0
mcl9k      9216       1    0        0     1     0     1     1     0     8    0
mcl8k      8192       2    0        0     1     0     1     1     0     8    0
mcl4k      4096     126    0        0    16     0    16    16     0     8    0
mcl2k      2048      38    0        0     5     0     5     5     0     8    0
mtagpl      96        1    0        0     1     0     1     1     0     8    0
mbufpl     256      252    0        0    16     0    16    16     0     8    0
bufpl      280     2756    0      116   189     0   189   189     0     8    0
anonpl      32    10514    0        0    85     0    85    85     0   246    0
amapchunkpl 152   19463    0    19086    40     3    37    40     0   158   19
amappl16   200     1833    0     1817    17     6    11    14     0     8    8
amappl15   192        8    0        8     1     1     0     1     0     8    0
amappl14   184      108    0       98     1     0     1     1     0     8    0
amappl13   176        3    0        3     1     1     0     1     0     8    0
amappl12   168     1337    0     1306     2     0     2     2     0     8    0
amappl11   160       42    0       32     1     0     1     1     0     8    0
amappl10   152        6    0        6     1     1     0     1     0     8    0
amappl9    144      259    0      259     1     1     0     1     0     8    0
amappl8    136       36    0       35     1     0     1     1     0     8    0
amappl7    128       97    0       87     1     0     1     1     0     8    0
amappl6    120      180    0      177     1     0     1     1     0     8    0
amappl5    112      121    0      115     1     0     1     1     0     8    0
amappl4    104      289    0      274     1     0     1     1     0     8    0
amappl3     96     3434    0     3344     4     0     4     4     0     8    0
amappl2     88      628    0      570     2     0     2     2     0     8    0
amappl1     80    10105    0     9553    15     1    14    14     0     8    1
amappl      88     5258    0     5126     5     0     5     5     0    92    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      72       14    0        1     1     0     1     1     0     8    0
uaddrrnd    24      740    0      707     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24      740    0      707     1     0     1     1     0     8    0
vmmpekpl   168     7864    0     7820     3     0     3     3     0     8    0
vmmpepl    168    52346    0    50513   106     3   103   106     0   357   12
vmsppl     480      739    0      707     7     1     6     6     0     8    0
rwobjpl     72    18229    0    15261    57     0    57    57     0     8    1
pdppl      4096    1487    0     1414   119    38    81    99     0     8    8
pvpl        32    18940    0        0   153     0   153   153     0   265    0
pmappl     256      739    0      707     4     1     3     3     0     8    0
extentpl    40       45    0       27     1     0     1     1     0     8    0
phpool     112      416    0       44    11     0    11    11     0     8    0
ddb{1}> machine ddbcpu 0
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
x86_ipi_db(ffffffff83867ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83a1d0c8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff83a1d0c8) at __mp_lock+0x192 sys/kern/kern_lock.c:165
softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x7c5469c9e800, count: 8
ddb{0}> trace
x86_ipi_db(ffffffff83867ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83a1d0c8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff83a1d0c8) at __mp_lock+0x192 sys/kern/kern_lock.c:165
softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x7c5469c9e800, count: -7
ddb{0}> machine ddbcpu 1
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833d6ff0) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff8398a760,1,ffff80002a2f4208) at pool_do_get+0x5ea sys/kern/subr_pool.c:-1
pool_get(ffffffff8398a760,1) at pool_get+0x149 sys/kern/subr_pool.c:-1
shmget_allocate_segment(ffff8000ffff1210,ffff80002a2f4460,100,ffff80002a2f43b0) at shmget_allocate_segment+0x1a7 sys/kern/sysv_shm.c:-1
sys_shmget(ffff8000ffff1210,ffff80002a2f4460,ffff80002a2f43b0) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:482
syscall(ffff80002a2f4460) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2f4460) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc70e78674f0, count: 7
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833d6ff0) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff8398a760,1,ffff80002a2f4208) at pool_do_get+0x5ea sys/kern/subr_pool.c:-1
pool_get(ffffffff8398a760,1) at pool_get+0x149 sys/kern/subr_pool.c:-1
shmget_allocate_segment(ffff8000ffff1210,ffff80002a2f4460,100,ffff80002a2f43b0) at shmget_allocate_segment+0x1a7 sys/kern/sysv_shm.c:-1
sys_shmget(ffff8000ffff1210,ffff80002a2f4460,ffff80002a2f43b0) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:482
syscall(ffff80002a2f4460) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2f4460) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc70e78674f0, count: -8

Crashes (307):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/14 00:37 openbsd 79bd20f69ae4 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/07/13 06:44 openbsd 5bd8d26974b4 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/07/12 23:38 openbsd 2fd78fb00a47 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/07/12 21:14 openbsd 2fd78fb00a47 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/07/11 04:05 openbsd 0b4ddc31a5ae 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/07/11 00:04 openbsd 0b4ddc31a5ae 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/07/10 18:49 openbsd 3cb786741c54 d7384b6d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/07/10 10:07 openbsd 3cb786741c54 d7384b6d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/07/10 06:18 openbsd 3cb786741c54 956bd956 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/07/09 14:05 openbsd bc55f572b2c5 f4e5e155 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/07/07 14:19 openbsd 37d47b610366 4f67c4ae .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/07/07 02:00 openbsd 78908cc80aaa 4f67c4ae .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/07/06 23:47 openbsd 1a059e88663d 4f67c4ae .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/07/04 15:23 openbsd b0affb9da48b d869b261 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main pool: free list modified: shmpl
2025/07/04 04:58 openbsd 2c6e3f429092 76ad128c .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/07/02 21:10 openbsd 78c5810e08e1 115ceea7 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/07/01 14:46 openbsd c56681b2e09c 091a06cd .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/30 21:16 openbsd 76905433011a 6e83b42d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/30 07:55 openbsd 344c04d65da4 fc9d8ee5 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/29 12:49 openbsd 31aef2a8f397 fc9d8ee5 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/27 19:27 openbsd 1800221da719 803ce19b .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/25 15:13 openbsd 31f40ba00147 26d77996 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/22 04:02 openbsd cb7d86176520 d6cdfb8a .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main pool: free list modified: shmpl
2025/06/21 12:30 openbsd f62159b6a996 d6cdfb8a .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/21 09:11 openbsd f62159b6a996 d6cdfb8a .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/16 07:37 openbsd b38eaba60654 5f4b362d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/16 04:31 openbsd 1a751a5f99c1 5f4b362d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/14 20:16 openbsd 2b4e04f3782d 5f4b362d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/12 07:48 openbsd 2de8940ea18f 98683f8f .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/11 02:02 openbsd 410743c62795 5d7e17ca .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/10 22:01 openbsd a3912f8462f6 5d7e17ca .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/09 03:36 openbsd 1d858eebbab4 4826c28e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/08 17:04 openbsd 394c376d8c51 4826c28e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/08 08:09 openbsd 44b12aca1c11 4826c28e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/07 22:06 openbsd fa628edb87f8 4826c28e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/07 19:48 openbsd fa628edb87f8 4826c28e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/07 18:34 openbsd fa628edb87f8 4826c28e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/07 15:08 openbsd fa628edb87f8 4826c28e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/07 12:57 openbsd fa628edb87f8 4826c28e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/07 03:26 openbsd 16c80f155e04 4826c28e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/06 14:27 openbsd 402b23ce0ef8 3d899f2c .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/06 00:54 openbsd b57dcb7bc7e3 6b6b5f21 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/04 18:27 openbsd 98b1dda24a5c e565f08d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/06/04 16:32 openbsd 98b1dda24a5c e565f08d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/03 22:41 openbsd e4273848146a a30356b7 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/06/03 20:51 openbsd e4273848146a a30356b7 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
2025/05/31 18:19 openbsd a5ad0817f1ce 3d2f584d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/05/30 15:38 openbsd 0ce5489608ba 3d2f584d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/05/29 18:48 openbsd 225f0e6a7aa3 3d2f584d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/05/28 05:11 openbsd f55e6d8632c3 874a1386 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid pool: free list modified: shmpl
2025/02/04 10:39 openbsd 1eab3ea7ad62 8f267cef .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: free list modified: shmpl
* Struck through repros no longer work on HEAD.