g
g
g
g
panic: : ool_Nache_iteR_D gic_check: mbufpl cpu f ee l
i
sStopped at savectx+0xb1: movl $0,%gs:0x530
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*122232 2738 0 0 0 0 syz-executor.0
246068 87954 0 0x12 0 1 sshd
savectx(6,73958520000,9,c6,7394edbe130,7394edbe1c8) at savectx+0xb1
end of kernel
end trace frame: 0x7f7ffffce5f0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd807430f600+24 0xef5ec75ebdcbd12f!=0x10a13adedbcb302f
ddb{0}> trace
savectx(6,73958520000,9,c6,7394edbe130,7394edbe1c8) at savectx+0xb1
end of kernel
end trace frame: 0x7f7ffffce5f0, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff800020b397c0
rbx 0
rdx 0xffff800020acec78
rcx 0
rax 0x35
r8 0xffffffff8165462f kprintf+0x16f
r9 0x1
r10 0x25
r11 0xbc10e21e65e5256
r12 0
r13 0
r14 0xffff800020acec78
r15 0
rip 0xffffffff81df23f1 savectx+0xb1
cs 0x8
rflags 0x46
rsp 0xffff800020b39740
ss 0x10
savectx+0xb1: movl $0,%gs:0x530
ddb{0}> show proc
PROC (syz-executor.0) pid=122232 stat=onproc
flags process=0 proc=0
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020ab0ee8,0xffffffff8267a4c0
process=0xffff800020add180 user=0xffff800020b34000, vmspace=0xfffffd807f00b170
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
* 2738 122232 18334 0 7 0 syz-executor.0
66658 180312 1 0 3 0x82 nanosleep getty
24727 341735 86577 0 2 0x2 syz-executor.1
18334 452572 86577 0 3 0x82 nanosleep syz-executor.0
19712 57312 0 0 3 0x14200 acct acct
77381 364603 0 0 3 0x14200 bored sosplice
86577 350119 30529 0 3 0x82 thrsleep syz-fuzzer
86577 216684 30529 0 3 0x4000082 nanosleep syz-fuzzer
86577 455633 30529 0 3 0x4000082 thrsleep syz-fuzzer
86577 255307 30529 0 3 0x4000082 thrsleep syz-fuzzer
86577 190692 30529 0 3 0x4000082 thrsleep syz-fuzzer
86577 256755 30529 0 3 0x4000082 kqread syz-fuzzer
86577 357983 30529 0 3 0x4000082 thrsleep syz-fuzzer
86577 289304 30529 0 3 0x4000082 thrsleep syz-fuzzer
86577 152282 30529 0 3 0x4000082 thrsleep syz-fuzzer
86577 389829 30529 0 3 0x4000082 nanosleep syz-fuzzer
30529 249501 87954 0 3 0x10008a pause ksh
87954 246068 46497 0 7 0x12 sshd
46497 501890 1 0 3 0x80 select sshd
48670 440112 63191 74 3 0x100092 bpf pflogd
63191 67447 1 0 3 0x80 netio pflogd
89079 518368 25647 73 3 0x100090 kqread syslogd
25647 173142 1 0 3 0x100082 netio syslogd
55904 121460 1 77 3 0x100090 poll dhclient
67404 399830 1 0 3 0x80 poll dhclient
70943 207575 0 0 2 0x14200 zerothread
61857 187106 0 0 3 0x14200 aiodoned aiodoned
42033 185634 0 0 3 0x14200 syncer update
11170 143738 0 0 3 0x14200 cleaner cleaner
68647 150950 0 0 3 0x14200 reaper reaper
74688 35992 0 0 3 0x14200 pgdaemon pagedaemon
89237 203805 0 0 3 0x14200 bored crynlk
51963 137474 0 0 3 0x14200 bored crypto
70227 513062 0 0 3 0x40014200 acpi0 acpi0
93307 102002 0 0 3 0x40014200 idle1
90855 104100 0 0 3 0x14200 bored softnet
94526 365550 0 0 3 0x14200 bored systqmp
33210 383338 0 0 3 0x14200 bored systq
47818 165500 0 0 3 0x40014200 bored softclock
61197 68498 0 0 3 0x40014200 idle0
63699 105322 0 0 3 0x14200 bored smr
1 198453 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 2738 (syz-executor.0) thread 0xffff800020acec78 (122232)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82638a30)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline]
#1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555
#2 Xsyscall+0x128
Process 87954 (sshd) thread 0xffff800020ac0c68 (246068)
exclusive rwlock netlock r = 0 (0xffffffff8248f918)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x51b sys/kern/uipc_socket.c:512
#3 dofilewritev+0x1b7 sys/kern/sys_generic.c:364
#4 sys_write+0x83 sys/kern/sys_generic.c:284
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#6 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9682 6753K 9051K 78643K 62414 0 0
pcb 13 13K 15K 78643K 2036 0 0
rtable 141 15K 18K 78643K 5524 0 0
ifaddr 123 30K 32K 78643K 1626 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1900 0 0
iov 0 0K 32K 78643K 4949 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1226 77K 78K 78643K 16261 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 103 0 0
VM map 54 27K 27K 78643K 81 0 0
sem 12 0K 1K 78643K 2914 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 5 13K 25K 78643K 9337 0 0
sigio 0 0K 0K 78643K 125 0 0
proc 62 63K 95K 78643K 3882 0 0
subproc 32 2K 2K 78643K 1098 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 1K 78643K 950 0 0
in_multi 34 2K 3K 78643K 1309 0 0
ether_multi 1 0K 0K 78643K 138 0 0
mrt 2 0K 0K 78643K 75 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 174 768K 768K 78643K 174 0 0
exec 0 0K 1K 78643K 1971 0 0
pfkey data 0 0K 4K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 217 355K 359K 78643K 33965 0 0
UVM aobj 130 4K 4K 78643K 130 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 2204 0 0
NDP 27 0K 1K 78643K 520 0 0
temp 277 3566K 4205K 78643K 339080 0 0
kqueue 0 0K 0K 78643K 89 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 171 0 166 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 1006 0 1004 1 0 1 1 0 8 0
rtentry 112 1060 0 1007 2 0 2 2 0 8 0
unpcb 120 6388 0 6368 19 18 1 2 0 8 0
syncache 264 44 0 44 19 19 0 1 0 8 0
tcpqe 32 21 0 21 8 8 0 1 0 8 0
tcpcb 544 10306 0 10302 54 53 1 12 0 8 0
inpcb 280 21671 0 21664 84 82 2 13 0 8 1
rttmr 72 27 0 26 9 8 1 1 0 8 0
ip6q 72 10 0 10 6 6 0 1 0 8 0
ip6af 40 25 0 25 6 6 0 1 0 8 0
nd6 48 165 0 163 2 1 1 1 0 8 0
pkpcb 40 39 0 39 13 13 0 1 0 8 0
swfcl 56 4 0 0 1 0 1 1 0 8 0
ppxss 1128 241 0 241 24 24 0 1 0 8 0
pffrag 232 304 0 304 23 22 1 1 0 482 1
pffrnode 88 304 0 304 23 22 1 1 0 8 1
pffrent 40 11141 0 11141 23 22 1 1 0 8 1
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 822 0 749 1 0 1 1 0 8 0
pfstkey 112 822 0 749 3 0 3 3 0 8 0
pfstate 328 822 0 749 12 4 8 9 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 63 0 60 23 20 3 4 0 8 0
art_heap4 256 5083 0 4815 56 37 19 22 0 8 1
art_table 32 5146 0 4875 3 0 3 3 0 8 0
art_node 16 1052 0 1012 1 0 1 1 0 8 0
sysvmsgpl 40 6 0 4 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 2912 0 2902 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 15361 0 13903 49 1 48 48 0 8 0
ffsino 272 15361 0 13903 98 0 98 98 0 8 0
nchpl 144 30652 0 30146 63 37 26 62 0 8 0
uvmvnodes 72 7753 0 0 141 0 141 141 0 8 0
vnodes 208 7753 0 0 409 0 409 409 0 8 0
namei 1024 117230 0 117230 4 3 1 1 0 8 1
percpumem 16 30 0 0 1 0 1 1 0 8 0
vcpupl 1984 53 0 1 7 0 7 7 0 8 0
vmpool 552 79 0 27 4 0 4 4 0 8 0
scsiplug 64 11 0 11 8 8 0 1 0 8 0
scxspl 192 96842 0 96842 67 66 1 4 0 8 1
plimitpl 152 839 0 831 1 0 1 1 0 8 0
sigapl 432 9356 0 9341 4 2 2 3 0 8 0
futexpl 56 239080 0 239080 4 3 1 1 0 8 1
knotepl 112 2027 0 2008 7 6 1 3 0 8 0
kqueuepl 104 2535 0 2533 4 3 1 4 0 8 0
pipepl 112 5678 0 5659 14 13 1 2 0 8 0
fdescpl 488 9357 0 9341 3 0 3 3 0 8 0
filepl 152 96366 0 96267 80 74 6 14 0 8 2
lockfpl 104 3579 0 3578 1 0 1 1 0 8 0
lockfspl 48 1233 0 1232 1 0 1 1 0 8 0
sessionpl 112 86 0 76 1 0 1 1 0 8 0
pgrppl 48 203 0 193 1 0 1 1 0 8 0
ucredpl 96 12037 0 12027 1 0 1 1 0 8 0
zombiepl 144 9345 0 9345 3 2 1 1 0 8 1
processpl 896 9378 0 9345 5 1 4 5 0 8 0
procpl 632 29815 0 29773 5 0 5 5 0 8 0
srpgc 64 138 0 138 29 29 0 1 0 8 0
sosppl 128 162 0 162 27 27 0 1 0 8 0
sockpl 384 29351 0 29320 129 123 6 23 0 8 1
mcl64k 65536 696 0 0 82 32 50 66 0 8 0
mcl16k 16384 41 0 0 5 2 3 3 0 8 1
mcl12k 12288 35 0 0 2 0 2 2 0 8 0
mcl9k 9216 39 0 0 2 0 2 2 0 8 0
mcl8k 8192 37 0 0 4 1 3 3 0 8 0
mcl4k 4096 57 0 0 5 2 3 3 0 8 0
mcl2k2 2112 12 0 0 1 0 1 1 0 8 0
mcl2k 2048 230 0 0 21 7 14 21 0 8 2
mtagpl 80 270 0 0 4 1 3 4 0 8 0
mbufpl 256 1384 0 0 52 0 52 52 0 8 0
bufpl 256 40567 0 32813 485 0 485 485 0 8 0
anonpl 16 1159409 0 1136898 265 158 107 107 0 124 8
amapchunkpl 152 69722 0 69561 127 118 9 21 0 158 1
amappl16 192 50517 0 49182 313 234 79 79 0 8 8
amappl15 184 2689 0 2687 9 8 1 1 0 8 0
amappl14 176 2171 0 2161 1 0 1 1 0 8 0
amappl13 168 1446 0 1444 1 0 1 1 0 8 0
amappl12 160 661 0 657 1 0 1 1 0 8 0
amappl11 152 895 0 880 1 0 1 1 0 8 0
amappl10 144 758 0 750 1 0 1 1 0 8 0
amappl9 136 2810 0 2805 1 0 1 1 0 8 0
amappl8 128 2406 0 2333 3 0 3 3 0 8 0
amappl7 120 1066 0 1057 1 0 1 1 0 8 0
amappl6 112 736 0 725 1 0 1 1 0 8 0
amappl5 104 1319 0 1304 1 0 1 1 0 8 0
amappl4 96 9749 0 9713 1 0 1 1 0 8 0
amappl3 88 2179 0 2167 1 0 1 1 0 8 0
amappl2 80 72710 0 72634 3 0 3 3 0 8 0
amappl1 72 220354 0 219922 25 15 10 20 0 8 0
amappl 80 31301 0 31235 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 129 0 0 3 0 3 3 0 8 0
uaddrrnd 24 9436 0 9341 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9436 0 9341 1 0 1 1 0 8 0
vmmpekpl 168 72307 0 72262 4 1 3 3 0 8 0
vmmpepl 168 1211288 0 1208579 436 270 166 172 0 357 37
vmsppl 368 9356 0 9341 2 0 2 2 0 8 0
pdppl 4096 18879 0 18788 16 4 12 12 0 8 0
pvpl 32 2992433 0 2969263 547 320 227 234 0 265 28
pmappl 232 9435 0 9368 7 2 5 5 0 8 0
extentpl 40 41 0 26 1 0 1 1 0 8 0
phpool 112 914 0 164 22 0 22 22 0 8 0