syzbot |
sign-in | mailing list | source | docs |
Fapanic: uma_zalloc: Bucket pointer mangled.
cpuid = 0
time = 1579525197
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00245691d0
vpanic() at vpanic+0x1ce/frame 0xfffffe0024569240
panic() at panic+0x43/frame 0xfffffe00245692a0
uma_zalloc_arg() at uma_zalloc_arg+0x30c/frame 0xfffffe0024569300
vm_page_alloc_domain_after() at vm_page_alloc_domain_after+0x20d/frame 0xfffffe00245693a0
vm_page_alloc() at vm_page_alloc+0x74/frame 0xfffffe0024569400
get_pv_entry() at get_pv_entry+0xb3/frame 0xfffffe0024569450
pmap_enter() at pmap_enter+0xefd/frame 0xfffffe0024569530
vm_fault() at vm_fault+0x20a8/frame 0xfffffe00245696d0
vm_fault_trap() at vm_fault_trap+0xa2/frame 0xfffffe0024569720
trap_pfault() at trap_pfault+0x3f7/frame 0xfffffe00245697c0
trap() at trap+0x441/frame 0xfffffe0024569900
calltrap() at calltrap+0x8/frame 0xfffffe0024569900
--- trap 0xc, rip = 0xffffffff8175fa26, rsp = 0xfffffe00245699d0, rbp = 0xfffffe00245699d0 ---
copyin_nosmap_erms() at copyin_nosmap_erms+0x156/frame 0xfffffe00245699d0
freebsd32_sendmsg() at freebsd32_sendmsg+0x48e/frame 0xfffffe0024569ab0
ia32_syscall() at ia32_syscall+0x48c/frame 0xfffffe0024569bf0
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x8143001
KDB: enter: panic
[ thread pid 6605 tid 100891 ]
Stopped at kdb_enter+0x67: movq $0,0x1466d86(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0
rax 0x12
rcx 0xfffffe0025e00000
rdx 0x3ffff
rbx 0
rsp 0xfffffe00245691b0
rbp 0xfffffe00245691d0
rsi 0x40001
rdi 0xffffffff810ba256 vprintf+0x176
r8 0
r9 0xffffffff
r10 0xfffffe002456961c
r11 0xfffff8003af554f0
r12 0xffffffff82068d90 ddb_dbbe
r13 0
r14 0xffffffff8193636f
r15 0xffffffff8193636f
rip 0xffffffff810af317 kdb_enter+0x67
rflags 0x200082 kernphys+0x82
kdb_enter+0x67: movq $0,0x1466d86(%rip)
db> show proc
Process 6605 (syz-executor.1) at 0xfffff8003ac09a60:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 769 at 0xfffff8003a6f6a60
ABI: FreeBSD ELF32
arguments: /root/syz-executor.1
reaper: 0xfffff800032fa530 reapsubtree: 1
sigparent: 20
vmspace: 0xfffff8003aed9000
(map 0xfffff8003aed9000)
(map.pmap 0xfffff8003aed90c0)
(pmap 0xfffff8003aed9120)
threads: 2
101079 s syz-executor.1
100891 Run CPU 0 syz-executor.1
db> ps
pid ppid pgrp uid state wmesg wchan cmd
6605 769 769 0 T (threaded) syz-executor.1
101079 s syz-executor.1
100891 Run CPU 0 syz-executor.1
6604 791 791 0 R (threaded) syz-executor.3
101148 RunQ syz-executor.3
100883 RunQ syz-executor.3
100884 S uwait 0xfffff800210d0a80 syz-executor.3
6603 771 771 0 R (threaded) syz-executor.2
100074 RunQ syz-executor.2
100887 Run CPU 1 syz-executor.2
100889 S uwait 0xfffff80003d97600 syz-executor.2
6602 768 768 0 R (threaded) syz-executor.0
100124 RunQ syz-executor.0
100874 RunQ syz-executor.0
100888 S accept 0xfffff80003e80878 syz-executor.0
100881 S uwait 0xfffff80003300100 syz-executor.0
5554 1 5554 65 Ss select 0xfffff80003f60240 dhclient
4350 1 4350 0 Ss select 0xfffff8003af440c0 dhclient
4347 1 4347 0 Ss select 0xfffff8003ac43f40 dhclient
4326 1 4326 65 Ss select 0xfffff80003f60340 dhclient
3101 1 3101 0 Ss select 0xfffff8003af442c0 dhclient
3098 1 3098 0 Ss select 0xfffff80003f604c0 dhclient
3076 1 3076 65 Ss select 0xfffff8003af441c0 dhclient
1776 1 1776 0 Ss select 0xfffff80003f603c0 dhclient
1773 1 1773 0 Ss select 0xfffff80003f60440 dhclient
1753 1 1753 65 Ss select 0xfffff8003af44240 dhclient
1032 1 1032 0 Ss select 0xfffff80003f605c0 dhclient
1029 1 1029 0 Ss select 0xfffff8003af444c0 dhclient
791 766 791 0 Rs syz-executor.3
771 766 771 0 Rs syz-executor.2
769 766 769 0 Rs syz-executor.1
768 766 768 0 Rs syz-executor.0
766 764 764 0 S (threaded) syz-fuzzer
100100 S uwait 0xfffff80003a48180 syz-fuzzer
100101 S uwait 0xfffff80003df6b80 syz-fuzzer
100102 S uwait 0xfffff80003e02080 syz-fuzzer
100103 S uwait 0xfffff80003d97d80 syz-fuzzer
100104 S uwait 0xfffff80003d97e80 syz-fuzzer
100105 S uwait 0xfffff80003a48280 syz-fuzzer
100106 S uwait 0xfffff80003a48380 syz-fuzzer
100107 S uwait 0xfffff80003df6000 syz-fuzzer
100108 S kqread 0xfffff8000333b900 syz-fuzzer
100110 S uwait 0xfffff80003a47c00 syz-fuzzer
100112 S uwait 0xfffff80003a47d00 syz-fuzzer
764 762 764 0 Ss pause 0xfffff8003a704b08 csh
762 0 762 0 Ss select 0xfffff80003f608c0 sshd
746 1 746 0 Ss+ ttyin 0xfffff800033f7cb0 getty
745 1 745 0 Ss+ ttyin 0xfffff800033f8cb0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003aba0b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003aba4b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003aba8b0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003abacb0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003abb0b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003abb4b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003abb8b0 getty
684 1 684 0 Ss nanslp 0xffffffff824feca0 cron
0 0 0 0 NW
db> show all locks
Process 6605 (syz-executor.1) thread 0xfffff8003af55000 (100891)
exclusive sleep mutex pmap (pmap) r = 0 (0xfffff8003aed9120) locked @ /syzkaller/managers/i386/kernel/sys/amd64/amd64/pmap.c:6027
shared sx vm map (user) (vm map (user)) r = 0 (0xfffff8003aed9060) locked @ /syzkaller/managers/i386/kernel/sys/vm/vm_map.c:4776
Process 6604 (syz-executor.3) thread 0xfffff8003a5e9000 (100883)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003f3ebc0) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_bio.c:1665
exclusive lockmgr ufs (ufs) r = 0 (0xfffff8003a5dc438) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_vnops.c:877
Process 6603 (syz-executor.2) thread 0xfffff8002161a000 (100887)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003f37380) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_bio.c:1665
exclusive lockmgr ufs (ufs) r = 0 (0xfffff8003a5fb068) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_vnops.c:877
Process 6602 (syz-executor.0) thread 0xfffff8002124f000 (100874)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003f47440) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_bio.c:1665
exclusive lockmgr ufs (ufs) r = 0 (0xfffff8003a5dc068) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_vnops.c:877
db> show malloc
Type InUse MemUse Requests
devbuf 4213 4851K 4241
vtbuf 24 1968K 46
sysctloid 26527 1553K 26591
kobj 331 1324K 487
newblk 62 1040K 83796
vfscache 4 1025K 4
pcb 39 551K 2225
inodedep 13 518K 10528
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 143 285K 6688
acpica 1674 185K 49750
vnet_data 1 168K 1
filedesc 21 149K 11293
pagedep 9 130K 5654
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 221 89K 252
BPF 46 88K 46
bus 962 78K 3330
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 493 62K 493
umtx 340 43K 340
kdtrace 191 37K 22289
shm 2 34K 4
gtaskqueue 22 34K 22
hostcache 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
ifaddr 74 25K 76
kbdmux 6 22K 6
vmem 3 20K 5
temp 34 17K 2310
ufs_mount 3 17K 4
proc 3 17K 3
lltable 44 16K 101
tty 16 16K 16
tidhash 1 16K 1
ithread 89 15K 89
ether_multi 172 14K 177
bus-sc 30 14K 1394
KTRACE 100 13K 100
ifnet 7 13K 7
kenv 95 12K 99
eventhandler 123 11K 123
in6_multi 89 11K 89
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 2 9K 10526
devstat 4 9K 4
UART 12 9K 12
rpc 2 8K 2
shmfd 1 8K 1
cred 32 8K 253
pfs_vncache 1 8K 1
sctp_timw 31 8K 31
audit_evclass 231 8K 289
routetbl 58 7K 62
kqueue 63 7K 6612
CAM DEV 3 6K 508
plimit 24 6K 426
vt 11 6K 11
sglist 5 6K 5
CAM queue 5 6K 1522
sctp_atcl 10 5K 332
select 40 5K 40
DEVFSP 78 5K 82
ufs_dirhash 24 5K 24
taskqueue 42 5K 42
session 35 5K 50
pgrp 35 5K 52
memdesc 1 4K 1
MCA 32 4K 32
sctp_stro 4 4K 109
evdev 4 4K 4
kcovinfo 64 4K 68
freework 16 4K 37541
UMA 234 4K 234
lockf 32 4K 54
hhook 13 4K 13
proc-args 52 3K 661
acpisem 22 3K 22
terminal 11 3K 11
uidinfo 5 3K 8
sctp_ifa 17 3K 17
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 21
Unitno 30 2K 16015
CAM XPT 22 2K 541
in_multi 6 2K 7
acpidev 20 2K 20
crypto 2 2K 2
msi 9 2K 9
tun 7 2K 7
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 47
NFSD session 1 1K 1
diradd 7 1K 8856
CAM periph 4 1K 270
freeblks 3 1K 10204
indirdep 3 1K 47911
mld 6 1K 6
sctp_ifn 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
sctp_atky 14 1K 441
iov 7 1K 23085
CAM SIM 2 1K 2
softdep 1 1K 1
mkdir 4 1K 11264
pfil 4 1K 4
chacha20random 1 1K 1
epoch 4 1K 4
cdev 2 1K 2
inpcbpolicy 14 1K 2291
encap_export_host 8 1K 8
freefile 3 1K 8811
osd 3 1K 9
newdirblk 4 1K 5632
dirrem 2 1K 8813
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 3
sctp_athm 10 1K 334
CAM path 4 1K 1030
apmdev 1 1K 1
atkbddev 2 1K 2
sctp_map 8 1K 218
soname 5 1K 7846
pmchooks 1 1K 1
prison 4 1K 4
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
nexusdev 5 1K 5
filecaps 5 1K 116
entropy 2 1K 42
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
CAM CCB 0 0K 167375
madt_table 0 0K 2
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
CAM ccb queue 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 21706
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 19
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 5
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 16
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 331
sctp_iter 0 0K 9
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 9
sctp_aadr 0 0K 0
sctp_stri 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 4
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
mpr 0 0K 0
statfs 0 0K 5815
export_host 0 0K 0
cl_savebuf 0 0K 2
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
mfibuf 0 0K 0
mbuf_tag 0 0K 178
accf 0 0K 0
pts 0 0K 0
ioctlops 0 0K 145
Witness 0 0K 0
stack 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 682
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 53
filedesc_to_leader 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
db> show ktr
No such command; use "help" to list available commands
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/01/20 13:00 | freebsd | 7b465d316297 | c40da18c | console log | report | ci-freebsd-i386 |