syzbot

 sign-in | mailing list | source | docs
🐞 Open [144]
🐞 Fixed [274]
🐞 Invalid [739]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

pool: cpu free list modified: mbufpl (4)

Status: auto-obsoleted due to no activity on 2024/11/11 00:29
Reported-by: syzbot+daecb1649911bafa9776@syzkaller.appspotmail.com
First crash: 220d, last: 100d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd pool: cpu free list modified: mbufpl syz 15863 1569d 1856d 3/3 fixed on 2020/08/05 06:16
openbsd pool: cpu free list modified: mbufpl (2) 1 881d 881d 0/3 auto-obsoleted due to no activity on 2022/09/22 19:57
openbsd pool: cpu free list modified: mbufpl (3) 1 394d 394d 0/3 auto-obsoleted due to no activity on 2024/01/22 11:03

Sample crash report:
panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd805750de00+16 0x0!=0x89ee3791d35ff45d
Starting stack trace...
panic(ffffffff82fd472f) at panic+0x1d0 sys/kern/subr_prf.c:229
pool_cache_get(ffffffff83515408) at pool_cache_get+0x3e4
pool_get(ffffffff83515408,2) at pool_get+0xba
m_get(2,3) at m_get+0x82 sys/kern/uipc_mbuf.c:243
sbappendaddr(ffff8000012f6fb8,ffff8000012f7078,ffffffff83229d30,fffffd8074cbbd00,0) at sbappendaddr+0x47e
rtm_sendup(ffff8000012f6fb8,fffffd8067f9d500) at rtm_sendup+0x181 sys/net/rtsock.c:607
route_input(fffffd8067f9d500,0,18) at route_input+0x277 sys/net/rtsock.c:583
rtm_send(fffffd806ea47bd0,1,0,0) at rtm_send+0x24c sys/net/rtsock.c:1758
rt_ifa_add(ffff80000125ce00,840100,ffff80000125ce40,0) at rt_ifa_add+0x2bf sys/net/route.c:1283
in6_ioctl_change_ifaddr(8080691a,ffff8000369d88e0,ffff800001205800) at in6_ioctl_change_ifaddr+0x778 sys/netinet6/in6.c:384
ifioctl(ffff8000012d27e0,8080691a,ffff8000369d88e0,ffff8000fffeb1f0) at ifioctl+0x1571 pru_control sys/sys/protosw.h:354 [inline]
ifioctl(ffff8000012d27e0,8080691a,ffff8000369d88e0,ffff8000fffeb1f0) at ifioctl+0x1571 sys/net/if.c:2449
sys_ioctl(ffff8000fffeb1f0,ffff8000369d8ac0,ffff8000369d8a10) at sys_ioctl+0x67c
syscall(ffff8000369d8ac0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff8000369d8ac0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x70d3592f2d90, count: 243
End of stack trace.
panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd805750de00+16 0x0!=0x89ee3791d35ff45d
Starting stack trace...
panic(ffffffff82fd472f) at panic+0x1d0 sys/kern/subr_prf.c:229
pool_cache_get(ffffffff83515408) at pool_cache_get+0x3e4
pool_get(ffffffff83515408,2) at pool_get+0xba
m_clget(0,2,800) at m_clget+0x275 sys/kern/uipc_mbuf.c:394
vio_populate_rx_mbufs(ffff8000001a0000) at vio_populate_rx_mbufs+0x131 sys/dev/pv/if_vio.c:1088
vio_rx_intr(ffff8000001a0050) at vio_rx_intr+0x76 sys/dev/pv/if_vio.c:1242
intr_handler(ffff8000369d7900,ffff80000006c000) at intr_handler+0x11d sys/arch/amd64/amd64/intr.c:557
Xintr_ioapic_edge25_untramp() at Xintr_ioapic_edge25_untramp+0x18f
Xspllower() at Xspllower+0x1d
tsleep(fffffd806be525b0,11,ffffffff82fd3bc8,0) at tsleep+0x1b8 sys/kern/kern_synch.c:144
getblk(fffffd807ec0b798,1fa660,4000,0,ffffffffffffffff) at getblk+0x197 sys/kern/vfs_bio.c:1025
bread(fffffd807ec0b798,1fa660,4000,ffff8000369d7cb8) at bread+0x47 bio_doread sys/kern/vfs_bio.c:430 [inline]
bread(fffffd807ec0b798,1fa660,4000,ffff8000369d7cb8) at bread+0x47 sys/kern/vfs_bio.c:475
ffs_update(fffffd8067cf9118,1) at ffs_update+0x198 sys/ufs/ffs/ffs_inode.c:91
ffs_truncate(fffffd8067cf9118,0,0,ffffffffffffffff) at ffs_truncate+0xcb6
ufs_inactive(ffff8000369d7f88) at ufs_inactive+0x203 sys/ufs/ufs/ufs_inode.c:84
VOP_INACTIVE(fffffd8067c55100,ffff8000fffeb1f0) at VOP_INACTIVE+0x107 sys/kern/vfs_vops.c:495
vput(fffffd8067c55100) at vput+0xe5 sys/kern/vfs_subr.c:779
vn_close(fffffd8067c55100,2,ffffffffffffffff,ffff8000fffeb1f0) at vn_close+0xb7 sys/kern/vfs_vnops.c:294
acct_shutdown() at acct_shutdown+0x8a sys/kern/kern_acct.c:361
vfs_shutdown(ffff8000fffeb1f0) at vfs_shutdown+0x23 sys/kern/vfs_subr.c:1779
boot(100) at boot+0x15c sys/arch/amd64/amd64/machdep.c:907
reboot(100) at reboot+0xb1
panic(ffffffff82fd472f) at panic+0x1f9 sys/kern/subr_prf.c:231
pool_cache_get(ffffffff83515408) at pool_cache_get+0x3e4
pool_get(ffffffff83515408,2) at pool_get+0xba
m_get(2,3) at m_get+0x82 sys/kern/uipc_mbuf.c:243
sbappendaddr(ffff8000012f6fb8,ffff8000012f7078,ffffffff83229d30,fffffd8074cbbd00,0) at sbappendaddr+0x47e
rtm_sendup(ffff8000012f6fb8,fffffd8067f9d500) at rtm_sendup+0x181 sys/net/rtsock.c:607
route_input(fffffd8067f9d500,0,18) at route_input+0x277 sys/net/rtsock.c:583
rtm_send(fffffd806ea47bd0,1,0,0) at rtm_send+0x24c sys/net/rtsock.c:1758
rt_ifa_add(ffff80000125ce00,840100,ffff80000125ce40,0) at rt_ifa_add+0x2bf sys/net/route.c:1283
in6_ioctl_change_ifaddr(8080691a,ffff8000369d88e0,ffff800001205800) at in6_ioctl_change_ifaddr+0x778 sys/netinet6/in6.c:384
ifioctl(ffff8000012d27e0,8080691a,ffff8000369d88e0,ffff8000fffeb1f0) at ifioctl+0x1571 pru_control sys/sys/protosw.h:354 [inline]
ifioctl(ffff8000012d27e0,8080691a,ffff8000369d88e0,ffff8000fffeb1f0) at ifioctl+0x1571 sys/net/if.c:2449
sys_ioctl(ffff8000fffeb1f0,ffff8000369d8ac0,ffff8000369d8a10) at sys_ioctl+0x67c
syscall(ffff8000369d8ac0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff8000369d8ac0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x70d3592f2d90, count: 221
End of stack trace.

dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2     Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 43b93b83-f320-801a-a1ee-23eab263a335
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f27c0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/13 00:28 openbsd 6fd6d0214b92 7b0f4b46 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: cpu free list modified: mbufpl
2024/08/05 03:19 openbsd f4fd31f807af 1786a2a8 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: cpu free list modified: mbufpl
2024/07/26 21:08 openbsd 2175e0d6ddd5 7b1976c4 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: cpu free list modified: mbufpl
2024/05/16 16:34 openbsd b20edd337af0 ad5321c6 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: cpu free list modified: mbufpl
2024/04/15 20:41 openbsd 7019ae976ad9 459f4b00 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore pool: cpu free list modified: mbufpl
* Struck through repros no longer work on HEAD.