syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [125] 🐞 Fixed [269] 🐞 Invalid [574] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2019/10/26 08:44 | 16m | anton@basename.se | https://github.com/mptre/openbsd-src shm | OK |
login: panic: pool_do_get: shmpl free list modified: page 0xfffffd8034ecb000; item addr 0xfffffd8034ecbee0; offset 0x10=0xdeaf4000
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 53828 41917 0 0 0x4000000 0 syz-executor0831
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x15c sys/kern/subr_prf.c:208
pool_do_get(ffffffff82274ff0,1,ffff8000149ac5d4) at pool_do_get+0x48b sys/kern/subr_pool.c:750
pool_get(ffffffff82274ff0,1) at pool_get+0xc1 sys/kern/subr_pool.c:587
shmget_allocate_segment(ffff8000ffff4bc8,ffff8000149ac7b8,0,ffff8000149ac7a0) at shmget_allocate_segment+0x15e sys/kern/sysv_shm.c:409
sys_shmget(ffff8000ffff4bc8,ffff8000149ac7b8,ffff8000149ac7a0) at sys_shmget+0x13f sys/kern/sysv_shm.c:472
syscall(ffff8000149ac850) at syscall+0x541
Xsyscall(6,0,9b881b4d0f0,0,9b881b4d0d0,9b881b4d0c8) at Xsyscall+0x128
end of kernel
end trace frame: 0x9bb652fbd50, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
pool_do_get: shmpl free list modified: page 0xfffffd8034ecb000; item addr 0xfffffd8034ecbee0; offset 0x10=0xdeaf4000
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x15c sys/kern/subr_prf.c:208
pool_do_get(ffffffff82274ff0,1,ffff8000149ac5d4) at pool_do_get+0x48b sys/kern/subr_pool.c:750
pool_get(ffffffff82274ff0,1) at pool_get+0xc1 sys/kern/subr_pool.c:587
shmget_allocate_segment(ffff8000ffff4bc8,ffff8000149ac7b8,0,ffff8000149ac7a0) at shmget_allocate_segment+0x15e sys/kern/sysv_shm.c:409
sys_shmget(ffff8000ffff4bc8,ffff8000149ac7b8,ffff8000149ac7a0) at sys_shmget+0x13f sys/kern/sysv_shm.c:472
syscall(ffff8000149ac850) at syscall+0x541
Xsyscall(6,0,9b881b4d0f0,0,9b881b4d0d0,9b881b4d0c8) at Xsyscall+0x128
end of kernel
end trace frame: 0x9bb652fbd50, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000149ac430
rbx 0xffff8000149ac4e0
rdx 0x2
rcx 0x1
rax 0x1
r8 0xffff8000149ac3f0
r9 0x1
r10 0x2b212da9ad2beae7
r11 0x8232fb4fb5f4b1f5
r12 0x3000000008
r13 0xffff8000149ac440
r14 0x100
r15 0x1
rip 0xffffffff8139b908 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000149ac420
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor0831) pid=53828 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=57, usrpri=57, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff4e20,0xffffffff8225f578
process=0xffff8000149626a8 user=0xffff8000149a7000, vmspace=0xfffffd803f015b58
estcpu=7, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
41917 339687 7134 0 2 0 syz-executor0831
41917 147897 7134 0 2 0x4000000 syz-executor0831
*41917 53828 7134 0 7 0x4000000 syz-executor0831
7134 85158 7029 0 2 0x482 syz-executor0831
7029 346740 21742 0 3 0x10008a pause ksh
21742 100106 28976 0 3 0x92 select sshd
76423 429888 1 0 3 0x100083 ttyin getty
28976 176260 1 0 3 0x80 select sshd
15687 235215 89025 73 3 0x100090 kqread syslogd
89025 110065 1 0 3 0x100082 netio syslogd
42466 19104 1 77 3 0x100090 poll dhclient
69775 191706 1 0 3 0x80 poll dhclient
1264 135764 0 0 2 0x14200 zerothread
57715 160593 0 0 3 0x14200 aiodoned aiodoned
60329 479889 0 0 3 0x14200 syncer update
61712 436122 0 0 3 0x14200 cleaner cleaner
51967 370167 0 0 3 0x14200 reaper reaper
57482 95932 0 0 3 0x14200 pgdaemon pagedaemon
6796 47132 0 0 3 0x14200 bored crynlk
80791 394374 0 0 3 0x14200 bored crypto
3726 101147 0 0 3 0x40014200 acpi0 acpi0
83877 174885 0 0 3 0x14200 bored softnet
30081 488624 0 0 3 0x14200 bored systqmp
44719 55560 0 0 3 0x14200 bored systq
8060 129765 0 0 3 0x40014200 bored softclock
74644 78710 0 0 3 0x40014200 idle0
35987 15734 0 0 3 0x14200 bored smr
1 292266 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9426 6306K 6307K 78643K 10519 0 0
pcb 23 9K 9K 78643K 55 0 0
rtable 61 1K 2K 78643K 115 0 0
ifaddr 21 7K 7K 78643K 21 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 13 0 0
iov 1 12K 12K 78643K 3 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1166 73K 73K 78643K 1171 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1777 193K 286K 78643K 12501 0 0
file desc 1 0K 0K 78643K 1 0 0
proc 40 30K 38K 78643K 207 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 11 0K 0K 78643K 11 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
exec 0 0K 1K 78643K 150 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 56 11K 11K 78643K 682 0 0
UVM aobj 2 2K 2K 78643K 4 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 3 0K 0K 78643K 3 0 0
temp 30 2339K 2403K 78643K 1684 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 2 0 0 1 0 1 1 0 8 0
inpcbpl 280 22 0 16 1 0 1 1 0 8 0
plimitpl 152 14 0 8 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
shmpl 112 2 0 2 1 0 1 1 0 8 1
shmpl: pool(0xffffffff82274ff0:shmpl): page inconsistency: page 0xfffffd8034ecb000; item ordinal 0; addr 0x28bb74a67b447810
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1383 0 16 45 0 45 45 0 8 0
ffsino 240 1383 0 16 81 0 81 81 0 8 0
nchpl 144 1556 0 31 57 0 57 57 0 8 0
uvmvnodes 72 1392 0 0 26 0 26 26 0 8 0
vnodes 200 1392 0 0 74 0 74 74 0 8 0
namei 1024 3266 0 3266 2 1 1 1 0 8 1
scxspl 192 2639 0 2639 8 2 6 6 0 8 6
sigapl 432 176 0 165 2 0 2 2 0 8 0
futexpl 56 27 0 27 1 0 1 1 0 8 1
knotepl 112 5 0 0 1 0 1 1 0 8 0
kqueuepl 104 1 0 0 1 0 1 1 0 8 0
pipepl 112 114 0 107 2 1 1 1 0 8 0
fdescpl 424 177 0 165 2 0 2 2 0 8 0
filepl 120 813 0 769 2 0 2 2 0 8 0
lockfpl 104 11 0 10 2 1 1 1 0 8 0
lockfspl 32 5 0 4 2 1 1 1 0 8 0
sessionpl 112 18 0 9 1 0 1 1 0 8 0
pgrppl 48 18 0 9 1 0 1 1 0 8 0
ucredpl 96 47 0 40 1 0 1 1 0 8 0
zombiepl 144 165 0 165 2 1 1 1 0 8 1
processpl 840 191 0 165 4 0 4 4 0 8 0
procpl 600 196 0 168 3 0 3 3 0 8 0
sockpl 384 64 0 48 2 0 2 2 0 8 0
mcl4k 4096 10 0 10 1 0 1 1 0 8 1
mcl2k 2048 5795 0 5767 6 0 6 6 0 8 2
mtagpl 80 2 0 2 1 1 0 1 0 8 0
mbufpl 256 9933 0 9893 5 1 4 4 0 8 0
bufpl 256 2181 0 226 123 0 123 123 0 8 0
anonpl 16 17650 0 16423 8 2 6 7 0 62 1
amapchunkpl 152 541 0 501 2 0 2 2 0 158 0
amappl16 192 96 0 85 2 0 2 2 0 8 1
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 24 0 21 1 0 1 1 0 8 0
amappl13 168 14 0 11 1 0 1 1 0 8 0
amappl12 160 9 0 9 1 0 1 1 0 8 1
amappl11 152 171 0 161 1 0 1 1 0 8 0
amappl10 144 43 0 43 2 1 1 1 0 8 1
amappl9 136 169 0 168 1 0 1 1 0 8 0
amappl8 128 87 0 82 1 0 1 1 0 8 0
amappl7 120 12 0 11 1 0 1 1 0 8 0
amappl6 112 42 0 38 1 0 1 1 0 8 0
amappl5 104 225 0 215 1 0 1 1 0 8 0
amappl4 96 258 0 234 1 0 1 1 0 8 0
amappl3 88 111 0 105 1 0 1 1 0 8 0
amappl2 80 572 0 531 1 0 1 1 0 8 0
amappl1 72 11559 0 11149 16 7 9 16 0 8 0
amappl 72 390 0 367 1 0 1 1 0 75 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma64 64 259 0 259 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 3 0 2 1 0 1 1 0 8 0
uaddrrnd 24 177 0 165 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 177 0 165 1 0 1 1 0 8 0
vmmpekpl 168 5203 0 5188 1 0 1 1 0 8 0
vmmpepl 168 23596 0 22821 49 14 35 47 0 357 1
vmsppl 264 176 0 165 1 0 1 1 0 8 0
pdppl 4096 360 0 330 5 0 5 5 0 8 0
pvpl 32 71152 0 68203 32 5 27 27 0 265 3
pmappl 192 176 0 165 1 0 1 1 0 8 0
extentpl 40 39 0 25 1 0 1 1 0 8 0
phpool 112 236 0 4 7 0 7 7 0 8 0
ddb>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2019/03/02 15:37 | openbsd | b4bf48081222 | 1c0e457a | .config | console log | report | syz | C | ci-openbsd-main | |||
| 2019/06/05 05:20 | openbsd | 759317bf8c07 | bfb4a51e | .config | console log | report | ci-openbsd-multicore | |||||
| 2019/06/04 10:41 | openbsd | 0bb0865d8b1d | ce07a7ae | .config | console log | report | ci-openbsd-main | |||||
| 2019/05/16 15:31 | openbsd | f42f1754a5d1 | f59a9cb5 | .config | console log | report | ci-openbsd-main | |||||
| 2019/05/06 00:59 | openbsd | b3b9c1b50a99 | d28f4ce5 | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/04/24 18:04 | openbsd | 40247284e05a | 8e3c52b1 | .config | console log | report | ci-openbsd-main | |||||
| 2019/04/20 05:37 | openbsd | d2bd3ff2a67d | b0e8efcb | .config | console log | report | ci-openbsd-main | |||||
| 2019/04/20 05:21 | openbsd | 288b7a5c2a7a | b0e8efcb | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/04/18 10:57 | openbsd | c2f34caa76c3 | b0e8efcb | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/04/10 16:59 | openbsd | 66f3c4a661b7 | e955ac50 | .config | console log | report | ci-openbsd-multicore | |||||
| 2019/04/09 18:18 | openbsd | 996953b367ff | 91d50a67 | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/04/08 16:33 | openbsd | 255ddc57f342 | 0dfb0452 | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/04/08 09:33 | openbsd | e4c7564ca5a8 | c34fde03 | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/04/07 17:44 | openbsd | 4253825dbbaa | c34fde03 | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/04/07 17:21 | openbsd | 4253825dbbaa | c34fde03 | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/03/28 05:32 | openbsd | c95a22197bfd | f94f56fe | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/03/28 04:05 | openbsd | c95a22197bfd | f94f56fe | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/03/28 03:09 | openbsd | c95a22197bfd | f94f56fe | .config | console log | report | ci-openbsd-setuid | |||||
| 2019/03/15 04:07 | openbsd | fee69528d2cd | d72db19b | .config | console log | report | ci-openbsd-main | |||||
| 2019/03/06 12:12 | openbsd | 2905afd1bbd6 | 05cf83bf | .config | console log | report | ci-openbsd-main | |||||
| 2019/03/04 07:14 | openbsd | 337a50c064c7 | 3419571c | .config | console log | report | ci-openbsd-main | |||||
| 2019/03/02 15:14 | openbsd | b4bf48081222 | 1c0e457a | .config | console log | report | ci-openbsd-main |