panic: WpARooNIlN_Gca: cShPeL_i NtOeTm _LmOaWEgRicE_D cOhNe ckS:YS CmAbLuLf pl2 c78pu7 0f00re9e3 0l EiXsItT mo0d iaf
i
eStopped at savectx+0xb1: movl $0,%gs:0x530
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*490521 74274 0 0x2 0 0 syz-executor.0
110703 84400 0 0x12 0 1 sshd
savectx() at savectx+0xb1
end of kernel
end trace frame: 0x7f7ffffe1c80, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806d70c400+16 0x0!=0x43b464085cf7a605
ddb{0}> trace
savectx() at savectx+0xb1
end of kernel
end trace frame: 0x7f7ffffe1c80, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff800020b65360
rbx 0
rdx 0xffff800020a8b6e0
rcx 0
rax 0x39
r8 0xffffffff8104a77f kprintf+0x16f
r9 0x1
r10 0x25
r11 0xb48bcbb65af697f8
r12 0
r13 0
r14 0xffff800020a8b6e0
r15 0
rip 0xffffffff8171d3f1 savectx+0xb1
cs 0x8
rflags 0x46
rsp 0xffff800020b652e0
ss 0x10
savectx+0xb1: movl $0,%gs:0x530
ddb{0}> show proc
PROC (syz-executor.0) pid=490521 stat=onproc
flags process=2<EXEC> proc=0
pri=73, usrpri=73, nice=20
forw=0xffffffffffffffff, list=0xffff800020a8b458,0xffff800020a8b1e0
process=0xffff800020a78750 user=0xffff800020b60000, vmspace=0xfffffd807f007730
estcpu=36, cpticks=1, pctcpu=0.18
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
98785 91387 74274 0 2 0 syz-executor.0
4041 458270 0 0 3 0x14200 bored sosplice
82475 43567 63088 0 3 0x2 biowait syz-executor.1
*74274 490521 63088 0 7 0x2 syz-executor.0
63088 358794 42873 0 3 0x82 thrsleep syz-fuzzer
63088 352640 42873 0 3 0x4000082 nanosleep syz-fuzzer
63088 512076 42873 0 3 0x4000082 thrsleep syz-fuzzer
63088 385504 42873 0 3 0x4000082 thrsleep syz-fuzzer
63088 464282 42873 0 3 0x4000082 kqread syz-fuzzer
63088 488099 42873 0 3 0x4000082 thrsleep syz-fuzzer
63088 475237 42873 0 3 0x4000082 thrsleep syz-fuzzer
63088 122157 42873 0 3 0x4000082 nanosleep syz-fuzzer
63088 456264 42873 0 3 0x4000082 thrsleep syz-fuzzer
63088 44407 42873 0 3 0x4000082 thrsleep syz-fuzzer
42873 97286 84400 0 3 0x10008a pause ksh
84400 110703 26975 0 7 0x12 sshd
13008 432882 1 0 3 0x100083 ttyin getty
26975 337748 1 0 3 0x80 select sshd
74443 429808 29055 74 3 0x100092 bpf pflogd
29055 391785 1 0 3 0x80 netio pflogd
94574 194867 32774 73 3 0x100090 kqread syslogd
32774 466933 1 0 3 0x100082 netio syslogd
85815 78517 1 77 3 0x100090 poll dhclient
81906 337007 1 0 3 0x80 poll dhclient
48713 453899 0 0 3 0x14200 pgzero zerothread
44708 385815 0 0 3 0x14200 aiodoned aiodoned
46362 80795 0 0 3 0x14200 syncer update
97981 403520 0 0 3 0x14200 cleaner cleaner
77401 521488 0 0 3 0x14200 reaper reaper
64047 60751 0 0 3 0x14200 pgdaemon pagedaemon
609 173018 0 0 3 0x14200 bored crynlk
61138 378596 0 0 3 0x14200 bored crypto
27106 249284 0 0 3 0x40014200 acpi0 acpi0
79823 451024 0 0 3 0x40014200 idle1
14154 292749 0 0 3 0x14200 bored softnet
4422 348933 0 0 3 0x14200 bored systqmp
46694 180213 0 0 3 0x14200 bored systq
49700 31087 0 0 3 0x40014200 bored softclock
8259 85543 0 0 3 0x40014200 idle0
75427 134752 0 0 3 0x14200 bored smr
1 462593 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff82691258)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 uvm_pmr_getpages+0x34e sys/uvm/uvm_pmemrange.c:822
#4 uvm_pglistalloc+0x362 sys/uvm/uvm_page.c:790
#5 uvm_km_kmemalloc_pla+0x238 sys/uvm/uvm_km.c:368
#6 uvm_uarea_alloc+0x51 sys/uvm/uvm_glue.c:274
#7 fork1+0x295 sys/kern/kern_fork.c:366
#8 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#8 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#9 Xsyscall+0x128
Process 82475 (syz-executor.1) thread 0xffff800020a8b1d0 (43567)
exclusive rrwlock inode r = 0 (0xfffffd806e2466f8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 rw_enter+0x453 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x88 sys/kern/kern_rwlock.c:453
#3 VOP_LOCK+0xf0 sys/kern/vfs_vops.c:615
#4 vn_lock+0x81 sys/kern/vfs_vnops.c:571
#5 vget+0x1c3 sys/kern/vfs_subr.c:672
#6 ufs_ihashget+0x141 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x74 sys/ufs/ffs/ffs_vfsops.c:1323
#8 ufs_lookup+0x14b4 sys/ufs/ufs/ufs_lookup.c:487
#9 VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:91
#10 vfs_lookup+0x7a6 sys/kern/vfs_lookup.c:568
#11 namei+0x63c sys/kern/vfs_lookup.c:249
#12 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1776
#13 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#13 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806e246c48)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 rw_enter+0x453 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x88 sys/kern/kern_rwlock.c:453
#3 VOP_LOCK+0xf0 sys/kern/vfs_vops.c:615
#4 vn_lock+0x81 sys/kern/vfs_vnops.c:571
#5 vget+0x1c3 sys/kern/vfs_subr.c:672
#6 cache_lookup+0x2bb sys/kern/vfs_cache.c:224
#7 ufs_lookup+0x1bc sys/ufs/ufs/ufs_lookup.c:162
#8 VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:91
#9 vfs_lookup+0x7a6 sys/kern/vfs_lookup.c:568
#10 namei+0x63c sys/kern/vfs_lookup.c:249
#11 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1776
#12 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#12 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#13 Xsyscall+0x128
Process 74274 (syz-executor.0) thread 0xffff800020a8b6e0 (490521)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8263eb08)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline]
#1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555
#2 Xsyscall+0x128
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff82691258)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 uvm_pmr_getpages+0x34e sys/uvm/uvm_pmemrange.c:822
#4 uvm_pglistalloc+0x362 sys/uvm/uvm_page.c:790
#5 uvm_km_kmemalloc_pla+0x238 sys/uvm/uvm_km.c:368
#6 uvm_uarea_alloc+0x51 sys/uvm/uvm_glue.c:274
#7 fork1+0x295 sys/kern/kern_fork.c:366
#8 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#8 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#9 Xsyscall+0x128
Process 84400 (sshd) thread 0xffff800020ac1be8 (110703)
exclusive rwlock netlock r = 0 (0xffffffff824bff78)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x51b sys/kern/uipc_socket.c:512
#3 dofilewritev+0x1b7 sys/kern/sys_generic.c:364
#4 sys_write+0x83 sys/kern/sys_generic.c:284
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#6 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9529 6608K 6856K 78643K 10881 0
pcb 13 8K 8K 78643K 51 0
rtable 108 4K 4K 78643K 237 0
ifaddr 69 13K 13K 78643K 86 0
counters 39 33K 33K 78643K 39 0
ioctlops 0 0K 4K 78643K 1473 0
iov 0 0K 24K 78643K 21 0
mount 1 1K 1K 78643K 1 0
vnodes 1221 77K 77K 78643K 1309 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 7 0
VM map 4 2K 2K 78643K 4 0
sem 12 0K 1K 78643K 63 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 196K 290K 78643K 12766 0
file desc 5 13K 25K 78643K 135 0
sigio 0 0K 0K 78643K 12 0
proc 60 63K 95K 78643K 443 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 15 0
in_multi 47 2K 2K 78643K 63 0
ether_multi 1 0K 0K 78643K 7 0
mrt 0 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 54 238K 238K 78643K 54 0
exec 0 0K 1K 78643K 220 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 109 38K 40K 78643K 1397 0
UVM aobj 17 2K 2K 78643K 17 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 24 0
NDP 11 0K 0K 78643K 17 0
temp 117 3579K 3644K 78643K 4381 0
kqueue 0 0K 0K 78643K 1 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 0 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 96 25 0 23 1 0 1 1 0 8 0
rtentry 112 45 0 1 2 0 2 2 0 8 0
unpcb 120 184 0 174 1 0 1 1 0 8 0
syncache 280 4 0 4 1 1 0 1 0 8 0
tcpqe 32 228 0 228 1 1 0 1 0 8 0
tcpcb 640 82 0 78 1 0 1 1 0 8 0
inpcb 280 327 0 320 2 0 2 2 0 8 1
nd6 48 4 0 0 1 0 1 1 0 8 0
ppxss 1128 1 0 1 1 0 1 1 0 8 1
pffrag 232 3 0 3 1 0 1 1 0 482 1
pffrnode 88 3 0 3 1 0 1 1 0 8 1
pffrent 40 135 0 135 1 0 1 1 0 8 1
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 24 0 0 1 0 1 1 0 8 0
pfstkey 112 24 0 0 1 0 1 1 0 8 0
pfstate 328 24 0 0 2 0 2 2 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 212 0 0 14 0 14 14 0 8 0
art_table 32 213 0 0 2 0 2 2 0 8 0
art_node 16 44 0 4 1 0 1 1 0 8 0
sysvmsgpl 40 27 0 21 1 0 1 1 0 8 0
semupl 112 4 0 4 1 0 1 1 0 8 1
semapl 112 61 0 51 1 0 1 1 0 8 0
shmpl 112 15 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1591 0 184 46 0 46 46 0 8 0
ffsino 272 1591 0 184 94 0 94 94 0 8 0
nchpl 144 1981 0 362 61 0 61 61 0 8 0
uvmvnodes 72 1697 0 0 31 0 31 31 0 8 0
vnodes 208 1697 0 0 90 0 90 90 0 8 0
namei 1024 5394 0 5394 1 0 1 1 0 8 1
percpumem 16 30 0 0 1 0 1 1 0 8 0
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 552 2 0 0 1 0 1 1 0 8 0
scsiplug 64 1 0 1 1 0 1 1 0 8 1
scxspl 208 5687 0 5686 8 1 7 7 0 8 6
plimitpl 152 23 0 15 1 0 1 1 0 8 0
sigapl 432 333 0 318 3 1 2 3 0 8 0
futexpl 56 3077 0 3077 1 0 1 1 0 8 1
knotepl 112 64 0 45 1 0 1 1 0 8 0
kqueuepl 104 34 0 32 1 0 1 1 0 8 0
pipepl 160 280 0 261 2 0 2 2 0 8 1
fdescpl 488 334 0 318 3 0 3 3 0 8 0
filepl 152 2352 0 2251 6 0 6 6 0 8 2
lockfpl 104 50 0 49 1 0 1 1 0 8 0
lockfspl 48 20 0 19 1 0 1 1 0 8 0
sessionpl 128 18 0 7 1 0 1 1 0 8 0
pgrppl 48 20 0 9 1 0 1 1 0 8 0
ucredpl 96 159 0 150 1 0 1 1 0 8 0
zombiepl 144 318 0 318 1 0 1 1 0 8 1
processpl 928 350 0 318 5 0 5 5 0 8 0
procpl 648 631 0 590 5 0 5 5 0 8 1
sosppl 144 35 0 35 1 0 1 1 0 8 1
sockpl 384 540 0 521 5 0 5 5 0 8 3
mcl64k 65536 8 0 0 1 0 1 1 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 5 0 0 1 0 1 1 0 8 0
mcl2k 2048 147 0 0 18 0 18 18 0 8 0
mtagpl 80 11 0 0 1 0 1 1 0 8 0
mbufpl 256 241 0 0 15 0 15 15 0 8 0
bufpl 280 6582 0 1314 377 0 377 377 0 8 0
anonpl 16 51792 0 32092 87 1 86 86 0 124 6
amapchunkpl 152 1945 0 1790 14 0 14 14 0 158 5
amappl16 192 1717 0 640 56 0 56 56 0 8 2
amappl14 176 50 0 43 1 0 1 1 0 8 0
amappl12 160 59 0 53 2 1 1 1 0 8 0
amappl11 152 106 0 90 1 0 1 1 0 8 0
amappl10 144 16 0 10 1 0 1 1 0 8 0
amappl9 136 600 0 597 1 0 1 1 0 8 0
amappl8 128 166 0 140 2 0 2 2 0 8 0
amappl7 120 37 0 34 1 0 1 1 0 8 0
amappl6 112 108 0 98 1 0 1 1 0 8 0
amappl5 104 186 0 170 1 0 1 1 0 8 0
amappl4 96 530 0 502 1 0 1 1 0 8 0
amappl3 88 162 0 156 1 0 1 1 0 8 0
amappl2 80 1733 0 1670 3 1 2 3 0 8 0
amappl1 72 17314 0 16887 26 16 10 20 0 8 0
amappl 80 886 0 840 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 16 0 0 1 0 1 1 0 8 0
uaddrrnd 24 336 0 318 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 336 0 318 1 0 1 1 0 8 0
vmmpekpl 168 6967 0 6931 2 0 2 2 0 8 0
vmmpepl 168 48337 0 46141 141 10 131 135 0 357 32
vmsppl 368 333 0 318 2 0 2 2 0 8 0
pdppl 4096 679 0 638 6 0 6 6 0 8 0
pvpl 32 166754 0 143934 202 0 202 202 0 265 15
pmappl 232 335 0 318 2 0 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 162 0 3 5 0 5 5 0 8 0