Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. 2019/04/24 11:03:21 fuzzer started 2019/04/24 11:03:28 dialing manager at 10.128.15.235:46379 2019/04/24 11:03:28 syscalls: 311 2019/04/24 11:03:28 code coverage: enabled 2019/04/24 11:03:28 comparison tracing: enabled 2019/04/24 11:03:28 extra coverage: support is not implemented in syzkaller 2019/04/24 11:03:28 setuid sandbox: enabled 2019/04/24 11:03:28 namespace sandbox: support is not implemented in syzkaller 2019/04/24 11:03:28 Android sandbox: support is not implemented in syzkaller 2019/04/24 11:03:28 fault injection: support is not implemented in syzkaller 2019/04/24 11:03:28 leak checking: support is not implemented in syzkaller 2019/04/24 11:03:28 net packet injection: enabled 2019/04/24 11:03:28 net device setup: support is not implemented in syzkaller 11:03:37 executing program 1: r0 = msgget$private(0x0, 0x180) msgrcv(r0, &(0x7f0000000000)={0x0, ""/224}, 0xe8, 0x3, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) getgroups(0x6, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff]) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0xc) setgroups(0x4, &(0x7f0000000280)=[r2, r3, r4, r5]) r6 = openat$tty(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/tty\x00', 0x10001, 0x0) ioctl$TIOCCDTR(r6, 0x20007478) msgrcv(r0, &(0x7f0000000300)={0x0, ""/148}, 0x9c, 0x0, 0x1800) getsockopt$SO_PEERCRED(r6, 0xffff, 0x1022, &(0x7f00000003c0), 0xc) geteuid() r7 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyCcfg\x00', 0x80, 0x0) ioctl$KDMKTONE(r7, 0x20004b08, &(0x7f0000000440)=0x8) utimes(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={{0x100, 0x7ff}, {0x8, 0x80000001}}) r8 = kqueue() syz_open_pts() getsockopt$sock_cred(r6, 0xffff, 0x1022, &(0x7f0000000500), &(0x7f0000000540)=0xc) fchown(r7, r1, r2) r9 = open(&(0x7f0000000580)='./file0\x00', 0x100, 0x10) ioctl$BIOCVERSION(r9, 0x40044271, &(0x7f00000005c0)) ioctl$WSKBDIO_SETMODE(r9, 0x80045713, &(0x7f0000000600)=0x1) ioctl$WSDISPLAYIO_GETSCREEN(r7, 0xc0245755, &(0x7f0000000640)={0x1, './file0\x00', './file0\x00'}) msgsnd(r0, &(0x7f0000000680)={0x3, "40891368de1536ab1b0a792c92c757445b94b3af80dbdc5973153d0cb5402da8bd4deb91ceff2fa2c65d2b353a3b2a21839e87ef9eb454df4c5d1f3c0432f61f99463090fe3fa0cb8207dd9003755be216fbf7d1fcff573183b0c673dba0711b811dd881e877f5780704a7118271205706cd36afcc6a6692cdd65edc7c75743371ca04e90dbdfea0d4470e098e6d5f98fe60f39913af9f83413f36581caab0b7c08c828be5a4dbe584744b37a224b1"}, 0xb7, 0x800) getsockopt$sock_cred(r9, 0xffff, 0x1022, &(0x7f0000000740), &(0x7f0000000780)=0xc) r10 = semget(0x1, 0x0, 0x690) semctl$GETALL(r10, 0x0, 0x6, &(0x7f00000007c0)=""/102) accept$unix(r9, &(0x7f0000000840)=@file={0x0, ""/108}, &(0x7f00000008c0)=0x6e) semctl$GETNCNT(r10, 0x2, 0x3, &(0x7f0000000900)=""/192) fcntl$dupfd(r8, 0x0, r9) 11:03:37 executing program 0: r0 = dup(0xffffffffffffff9c) ioctl$VT_WAITACTIVE(r0, 0x20007606, &(0x7f0000000000)=0x6) getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0xc) fcntl$setown(r0, 0x6, r1) r3 = accept$inet6(r0, &(0x7f0000000080), &(0x7f00000000c0)=0xc) setsockopt$inet6_MRT6_DEL_MFC(r3, 0x29, 0x69, &(0x7f0000000100)={{0x18, 0x3, 0xfff, 0xffffffff}, {0x18, 0x3, 0x2, 0x3ff}, 0x20, [0x401, 0xfffffffffffff001, 0x1, 0x5, 0x9, 0x6, 0x3, 0xf35]}, 0x3c) ioctl$WSMOUSEIO_SETPARAMS(r0, 0x80105728, &(0x7f0000000180)={&(0x7f0000000140)=[{0xe7, 0x7}, {0x47, 0x7ff}], 0x2}) fcntl$setown(r3, 0x6, r1) lseek(r0, 0x0, 0x0) fcntl$lock(r0, 0x9, &(0x7f00000001c0)={0x1, 0x0, 0x1, 0x0, r1}) getitimer(0x0, &(0x7f0000000200)) fchmod(r0, 0x10) connect(r3, &(0x7f0000000240)=@in6={0x18, 0x2, 0xfff, 0x8}, 0xc) mmap(&(0x7f0000ff8000/0x6000)=nil, 0x6000, 0x4, 0x4010, r0, 0x0, 0x58) poll(&(0x7f0000000280)=[{r0, 0x100}, {r3, 0x40}, {r3, 0x144}, {r0, 0x100}, {r3, 0x60}, {r0, 0x2}], 0x6, 0x2) setgroups(0x3, &(0x7f00000002c0)=[r2, r2, r2]) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) mlock(&(0x7f0000fef000/0xe000)=nil, 0xe000) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x5812, r4, 0x0, 0x0) connect(r4, &(0x7f0000000340)=@in6={0x18, 0x0, 0x7fffffff, 0x6}, 0xc) close(r4) ioctl$KDENABIO(r5, 0x20004b3c) mmap(&(0x7f0000fee000/0x3000)=nil, 0x3000, 0x4, 0x4010, r3, 0x0, 0x0) r6 = semget(0x3, 0x5, 0x20) semctl$GETALL(r6, 0x0, 0x6, &(0x7f0000000380)=""/69) ioctl$WSMUXIO_REMOVE_DEVICE(r0, 0x80085762, &(0x7f0000000400)={0x3, 0x10001}) mkdirat(r0, &(0x7f0000000440)='./file0\x00', 0x102) open$dir(&(0x7f0000000480)='./file0\x00', 0x801, 0x144) ioctl$TIOCMBIC(r0, 0x8004746b, &(0x7f00000004c0)=0x81) ioctl$TIOCGETA(r0, 0x402c7413, &(0x7f0000000500)) 11:03:37 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x3d}, {0x3d}, {0x6}]}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) syz_emit_ethernet(0x1, &(0x7f0000000200)="8d") r1 = dup(r0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000280)={0x0, 0x0}, &(0x7f00000002c0)=0xc) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0xc) fchownat(r1, &(0x7f0000000240)='./file0\x00', r2, r3, 0x4) openat$bpf(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000000)={0x9, &(0x7f0000000180)=[{0x2, 0x6, 0x51b, 0x2}, {0x7ff, 0x7, 0x6, 0x3f}, {0x2e52, 0xfffffffffffffffd, 0x10001, 0x360a}, {0x2, 0x3, 0x0, 0x5}, {0x370, 0x100, 0x7, 0x3}, {0x2, 0x3, 0x8, 0x4}, {0x3, 0x401, 0xff, 0x7ff}, {0x80000001, 0x6, 0x5, 0x4}, {0x8, 0x100000001, 0x1, 0x100}]}) 11:03:37 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x20480, 0x0) ioctl$WSDISPLAYIO_LDFONT(r0, 0x8058574d, &(0x7f0000000180)={'./file0\x00', 0x2, 0x5, 0x9, 0x1, 0x400, 0x7ff, 0x4, 0x2, 0x0, 0x3f, 0xce07}) recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x37d, &(0x7f0000000080)=[{0x0, 0xfffffffffffffe35}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0, 0x83}, {0x0}, {0x0}, {0x0}], 0x1012, &(0x7f00000008c0)=""/87, 0x57}, 0x0) mknod(&(0x7f0000000140)='./file0\x00', 0x80002005, 0x2d98) r1 = open(&(0x7f0000001700)='./file0\x00', 0x400000002, 0x0) pwritev(r1, &(0x7f00000002c0), 0x0, 0x0) 11:03:37 executing program 1: ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, &(0x7f00000000c0)={0x0, 0x0, 0x1ff, 0x0, "b8000e000000000002000005002000"}) r0 = socket(0x18, 0x6, 0x0) setsockopt$sock_int(r0, 0xffff, 0x4, &(0x7f0000000000)=0x1ff, 0x4) close(r0) connect$unix(r0, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) connect$unix(r0, &(0x7f0000000040)=@abs={0x1, 0x0, 0x1}, 0x8) 11:03:37 executing program 1: mknod(&(0x7f00000000c0)='./bus\x00', 0x2050, 0x4800) r0 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) ioctl$TIOCSETVERAUTH(r0, 0xc00c7006, &(0x7f0000000000)) getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, &(0x7f0000000140)={0x0, 0x0}, 0xc) r2 = getegid() fchownat(r0, &(0x7f0000000100)='./bus\x00', r1, r2, 0x6) ioctl$BIOCSRSIG(r0, 0x80044272, &(0x7f0000000040)=0x5) 11:03:37 executing program 0: mknod(&(0x7f0000000000)='./bus\x00', 0x80002000, 0x801) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x0, 0x0) ioctl$TIOCSETAF(r0, 0x80087467, &(0x7f0000000080)={0x0, 0xf38, 0x0, 0x0, "805e8185cf5baa5f7a6beef3478b5d040bf35d52"}) ioctl$TIOCGFLAGS(r0, 0x4004745d, &(0x7f00000000c0)) ioctl$TIOCFLUSH(r0, 0x80047410, &(0x7f0000000040)=0xffff) 11:03:37 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000140)={0x3, &(0x7f00000002c0)=[{0x24}, {0x1}, {0x6}]}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000100)={'tap', 0x0}) syz_emit_ethernet(0x11a, &(0x7f00000001c0)="6c50b763fa6e0fdc58b23dd2cb33a0cf666f2b7ba4e996cbc6caf6ce7ad07135c5ac2450f4cc5cdd6d140f5084d7e1696eb35864e320c279a018dfb6593e5b404030e1de316821e7f6e888007c06c501d89f2eb0") 11:03:37 executing program 0: mknod(&(0x7f0000000100)='./bus\x00', 0x2080002005, 0x40004000000028b1) r0 = open(&(0x7f0000000180)='./bus\x00', 0x1, 0x0) faccessat(r0, &(0x7f0000000140)='./bus\x00', 0x22, 0x1) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="000000186004008b00002b27feffffff00000000000000000000000000000000006c00"/44, 0x2c}], 0x1) 11:03:37 executing program 1: r0 = open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0) r1 = open(&(0x7f0000001600)='./file0\x00', 0x0, 0x4) preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000001640)=""/247, 0xffffffcc}], 0x1, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x611, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FIONREAD(r3, 0x4004667f, &(0x7f0000000480)) fcntl$setstatus(r2, 0x4, 0x80) pwritev(r2, &(0x7f00000003c0), 0x10000000000001dc, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x5, 0x10, r1, 0x0, 0x0) writev(r4, &(0x7f0000000180)=[{0x0}], 0x1) writev(r4, &(0x7f0000001b80)=[{&(0x7f0000000400)='=', 0x1}], 0x1) close(r3) writev(r4, &(0x7f0000002380)=[{0x0}], 0x1) setuid(0xee01) r5 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ff9000/0x3000)=nil) shmctl$IPC_SET(r5, 0x1, &(0x7f00000006c0)) shmctl$IPC_RMID(r5, 0x0) sendmsg(r0, &(0x7f0000000440)={&(0x7f0000000000)=@in={0x2, 0x3}, 0xc, &(0x7f00000003c0)=[{&(0x7f0000000080)="8dec0a27abd5da87253afbd6d812d7c346b50f5e8bd0e156929f6c5b36d82a342d1ab4b7a7e9f383039bd1a6e95417a06dc8d5ee7831ee5a6f28d9484399b7e13920f16e202892398d36d6d0b3b63a3e018d0718f9454a8eaf67f9a672f77af81ba3b9e2e93032c4b5f5ce6937500eac332fbeafe07c7874016b45569beaee0da0ed1b8a03e86051ee722ac94f1eabd48ca9b28cc369f56019ac82e6ad15cb6626030ee93bab73b34e34294bd28cd9e1fb3cdc510f60d64a388f499e8abd57616c49145c4736ff7a6551ad293c91ed0306d87185e6b99b8878", 0xd9}, {&(0x7f0000000200)="2adc6d16bcba3a79fb740f9fe7855d377c410b55a1a893cbbf9a841b22ee1378ee503ffe2e5fa462a1a918459b4ecdc449a131e96d0ca324d1cc134ba1df816d50197c4356458c45a93970c5cb811e872b2d9c06a0d363c954350da48d64252a6484e9b67b0e9a05a76df825d39725b404ee856f5af565dcb7a4fdbd70b1ca63d28b691c336161c81d69a5b8204aa878008b5f9feaa2896a4fd3c8bd8180adf0945cc8978655f6f24319d75684a75f737c02dd7faa6b7bef31c90f59185c6b78bd6bfdd6391db45a206717551002e5", 0xcf}, {&(0x7f0000000300)="2d8a78307156d1cda8193ea27eadecae196fffde3b4148086efee444a19a6f10cfc45d90b57f811ea20b2539b5907108b7c1473a224d9e3670fe83e6af1d28dc1940e2f05b09e06a9f8b43d01c29fe4737d9d07119c9916bbfd410ee4bf0e6035f908306418ad78d1386f8f4b3b1e40b1bd2014dc2fd632c0c537c82bdb2d57201732bde45094c6e3b4965fa320a984d0ddef2134572fbdb7e38ee47dde95a1d", 0xa0}, {&(0x7f0000000500)="1375926fc6326ef51cf933c94ac7125c651c10b2912c23f76c88a376a94fafd243bfed98fec037578da5de512bc08cba9f5a31544356cb5853279644abfc365f5b446e233274467e5ef0a30c33e416a09cd99c18c4039d90ef2c1e2ef8a9fe634036ad9f6af5c7bd09a9589f8c99482d31125a8604915d0f0c0bb5fdfb5b4d9ebe8d1cbec17c6f692a9a3d855d1d6fb2", 0x90}], 0x4, &(0x7f00000005c0)=[{0x30, 0xffff, 0x1, "dd446bf9c7e5b693978aab06cc5d32f3434044f1d997b5531eeebf6d1c"}, {0x78, 0x1, 0x7fff, "b6f764598cd5ae3d64ccd9976389c1d60778d7a61def42d10f21ab73d3a8b6ffb584f3bd51e88f4388be2d6557417d5b0d22cfc232ae4ba4a3af8686df050c80f6a02702c0cb39991b40203475173c880ccdbdc2e042d5fb33351f008aeeddc5ddcd0278d9d9bdf3"}, {0x28, 0x1, 0x1ff, "d00cee3160601e68ae6661e8e4307e7d8c1b2e62"}, {0x10, 0xffff, 0xb8c}, {0xa8, 0x1, 0x5, "401681734e5b53ffaa9815dd5fc5095317442216116581a9e4ff2c83ebb79c622e4ec212debcfca011c593e2a294b0d13595170117c99d163f62ddc8db2d684c82773b89ece9c9c070acf417622054e84ccee8a78d90afdffe607dbb70b547ab645e6d5c913e1a089ece47281152ee0c3198669a3b05f4fbe57e02c15c8e16e4a763e22db28c378ff8fa93565ccdc071df"}, {0x80, 0x1, 0xf9, "ae896e38ac1de751f3ebeb30f5837e7320a04f7071cb54068e72f2a7ce99299e4762bf4ca4500e05c17173c54ef0cd3583e1fdee1be919594fbf2baf4bbe6618833b68d4d762522986eb80ad1e1acc2374a6906489e59ad72c0d68d7a92deff38ab98dd1b20e8a4c63d7d7"}], 0x208}, 0x0) 11:03:37 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) open$dir(&(0x7f0000000080)='./file0\x00', 0x340, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x611, 0x0) pwritev(r3, &(0x7f0000000400)=[{&(0x7f0000000440)="76d11bfba01b2b437500f4e773d6d87539da24cace396c1d05b923466a161897509b78dd2cea3471e8956dc5fc20e77b6a13006174ddb0a7bd78cc8c51edf515c237e4adb5514027f448bb7080f211692ad81885ae85829eedd424585b8ca5b54e9edb52d4ecab6e5ca284924102e12f4b934e112398cd4a74bbc1ef9e5004ff43", 0x81}], 0x1, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x5, 0x10, r2, 0x0, 0x0) getsockopt$sock_linger(r1, 0xffff, 0x80, &(0x7f0000000040), &(0x7f0000000080)=0x8) getsockname$unix(r0, &(0x7f0000000000)=@abs, &(0x7f00000000c0)=0x8) 11:03:37 executing program 0: ioctl$TIOCSTAT(0xffffffffffffffff, 0x20007465, &(0x7f0000000000)) ioctl$TIOCFLUSH(0xffffffffffffffff, 0x80047460, &(0x7f0000000080)) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) mlockall(0x1) ioctl$TIOCSTAT(r0, 0x20007465, &(0x7f0000000100)) socket$inet6(0x18, 0x3, 0x80000001) setitimer(0x2, &(0x7f0000000040)={{0x8, 0x8}, {0x24a, 0x5}}, &(0x7f00000000c0)) 11:03:38 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bpf\x00', 0x3, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x7}, {0x10054}, {0x6}]}) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f00000001c0)={0x9, &(0x7f0000000240)=[{0x7f, 0x7, 0x40, 0x5}, {0x1737, 0x3, 0x81, 0x20}, {0x1bb60000000000, 0xffffffff, 0x5, 0x5}, {0xfff, 0x5, 0x100000001, 0x3}, {0xfff, 0x5, 0x6, 0xe916}, {0xff, 0x89, 0x0, 0x84}, {0x407, 0x8, 0xb8, 0xfff}, {0x5, 0x3, 0x2, 0x80000000}, {0x0, 0x7fff, 0x1, 0xffffffff80000001}]}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) syz_emit_ethernet(0x1, &(0x7f0000000200)="f9") ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000180)={0x2, &(0x7f0000000140)=[{0x0, 0x80, 0x8000, 0xc8}, {0x40, 0x4, 0x7ff, 0x100000001}]}) ioctl$FIONREAD(r0, 0x4004667f, &(0x7f0000000100)) login: panic: pool_do_get: shmpl free list modified: page 0xfffffd80379ba000; item addr 0xfffffd80379bae70; offset 0x10=0xdead4000 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *494569 6097 60929 0x10 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 panic() at panic+0x15c pool_do_get(ffffffff822b3328,1,ffff8000221861fc) at pool_do_get+0x464 pool_get(ffffffff822b3328,1) at pool_get+0xb5 shmget_allocate_segment(ffff80002214e720,ffff800022186398,0,ffff800022186400) at shmget_allocate_segment+0x15e sys_shmget(ffff80002214e720,ffff800022186398,ffff800022186400) at sys_shmget+0x13f syscall(ffff800022186470) at syscall+0x511 Xsyscall(6,0,fffffffffffffff4,0,4,3cc2cf700d8) at Xsyscall+0x128 end of kernel end trace frame: 0x357, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic pool_do_get: shmpl free list modified: page 0xfffffd80379ba000; item addr 0xfffffd80379bae70; offset 0x10=0xdead4000 ddb> trace db_enter() at db_enter+0x18 panic() at panic+0x15c pool_do_get(ffffffff822b3328,1,ffff8000221861fc) at pool_do_get+0x464 pool_get(ffffffff822b3328,1) at pool_get+0xb5 shmget_allocate_segment(ffff80002214e720,ffff800022186398,0,ffff800022186400) at shmget_allocate_segment+0x15e sys_shmget(ffff80002214e720,ffff800022186398,ffff800022186400) at sys_shmget+0x13f syscall(ffff800022186470) at syscall+0x511 Xsyscall(6,0,fffffffffffffff4,0,4,3cc2cf700d8) at Xsyscall+0x128 end of kernel end trace frame: 0x357, count: -8 ddb> show registers rdi 0xffffffff81b18397 db_enter+0x17 rsi 0x33b1 __ALIGN_SIZE+0x23b1 rbp 0xffff800022186060 rbx 0xffff800022186110 rdx 0x33b2 __ALIGN_SIZE+0x23b2 rcx 0xffff800000b90000 rax 0xffff800000b90000 r8 0xffff800022186020 r9 0x1 r10 0xffff80000098bbc0 r11 0x446abe3c708934ed r12 0x3000000008 r13 0xffff800022186070 r14 0x100 r15 0x1 rip 0xffffffff81b18398 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800022186050 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=494569 stat=onproc flags process=10 proc=4000000 pri=62, usrpri=62, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff8260,0xffff80002214e4d8 process=0xffff8000ffff69e8 user=0xffff800022181000, vmspace=0xfffffd803f014d68 estcpu=12, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 6097 240368 61525 60929 2 0x10 syz-executor.1 6097 138864 61525 60929 2 0x4000010 syz-executor.1 * 6097 494569 61525 60929 7 0x4000010 syz-executor.1 6097 207661 61525 60929 3 0x4000090 fsleep syz-executor.1 6097 91349 61525 60929 3 0x4000090 fsleep syz-executor.1 6097 111651 61525 60929 3 0x4000090 fsleep syz-executor.1 6097 266666 61525 60929 3 0x4000090 fsleep syz-executor.1 65455 8996 52963 0 3 0x82 piperd syz-executor.0 61525 291763 52963 0 2 0x482 syz-executor.1 52963 313318 97449 0 3 0x82 thrsleep syz-fuzzer 52963 451347 97449 0 3 0x4000082 thrsleep syz-fuzzer 52963 145194 97449 0 3 0x4000082 thrsleep syz-fuzzer 52963 516947 97449 0 3 0x4000082 thrsleep syz-fuzzer 52963 215909 97449 0 3 0x4000082 thrsleep syz-fuzzer 52963 255449 97449 0 3 0x4000082 thrsleep syz-fuzzer 52963 9081 97449 0 3 0x4000082 thrsleep syz-fuzzer 52963 493599 97449 0 3 0x4000082 kqread syz-fuzzer 52963 259628 97449 0 3 0x4000082 thrsleep syz-fuzzer 97449 458792 80902 0 3 0x10008a pause ksh 80902 274637 39704 0 3 0x92 select sshd 85777 97173 1 0 3 0x100083 ttyin getty 39704 53737 1 0 3 0x80 select sshd 45891 383657 56915 73 3 0x100090 kqread syslogd 56915 245848 1 0 3 0x100082 netio syslogd 71043 291635 1 77 3 0x100090 poll dhclient 51793 320688 1 0 3 0x80 poll dhclient 1510 264084 0 0 3 0x14200 pgzero zerothread 97329 491071 0 0 3 0x14200 aiodoned aiodoned 53796 192103 0 0 3 0x14200 syncer update 5640 380441 0 0 3 0x14200 cleaner cleaner 57910 176090 0 0 3 0x14200 reaper reaper 41670 446556 0 0 3 0x14200 pgdaemon pagedaemon 77513 361013 0 0 3 0x14200 bored crynlk 16210 51017 0 0 3 0x14200 bored crypto 25156 347928 0 0 3 0x40014200 acpi0 acpi0 89287 487077 0 0 3 0x14200 bored softnet 40264 497185 0 0 3 0x14200 bored systqmp 64631 208309 0 0 3 0x14200 bored systq 50006 9030 0 0 3 0x40014200 bored softclock 3919 45557 0 0 3 0x40014200 idle0 1405 312112 0 0 3 0x14200 bored smr 1 139316 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9438 6311K 6443K 78643K 10559 0 0 pcb 24 9K 10K 78643K 59 0 0 rtable 100 3K 3K 78643K 177 0 0 ifaddr 35 10K 10K 78643K 39 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 15 0 0 iov 1 8K 8K 78643K 2 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1201 75K 75K 78643K 1215 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 5 13K 25K 78643K 31 0 0 proc 41 30K 54K 78643K 248 0 0 subproc 64 65538K 67586K 78643K 68 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 33 2K 2K 78643K 33 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 30 132K 132K 78643K 30 0 0 exec 0 0K 1K 78643K 165 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 91 21K 21K 78643K 824 0 0 UVM aobj 2 2K 2K 78643K 3 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 5 0K 0K 78643K 10 0 0 temp 81 2684K 2748K 78643K 2919 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 inpcbpl 280 28 0 21 1 0 1 1 0 8 0 plimitpl 152 14 0 7 1 0 1 1 0 8 0 rtentry 112 41 0 1 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 17 0 17 1 0 1 1 0 8 1 tcpcb 544 10 0 6 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 ppxss 1128 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 185 0 0 12 0 12 12 0 8 0 art_table 32 186 0 0 2 0 2 2 0 8 0 art_node 16 40 0 6 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 2 1 0 1 1 0 8 1 shmpl 112 1 0 1 1 0 1 1 0 8 1 shmpl: pool(0xffffffff822b3328:shmpl): page inconsistency: page 0xfffffd80379ba000; item ordinal 0; addr 0x6f6627e44ab29721 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1452 0 44 46 0 46 46 0 8 0 ffsino 240 1452 0 44 83 0 83 83 0 8 0 nchpl 144 1696 0 74 61 0 61 61 0 8 0 uvmvnodes 72 1501 0 0 28 0 28 28 0 8 0 vnodes 200 1501 0 0 79 0 79 79 0 8 0 namei 1024 4006 0 4006 2 1 1 1 0 8 1 scxspl 192 4256 0 4256 7 1 6 6 0 8 6 sigapl 432 201 0 188 2 0 2 2 0 8 0 futexpl 56 289 0 285 1 0 1 1 0 8 0 knotepl 112 47 0 28 1 0 1 1 0 8 0 kqueuepl 104 4 0 2 1 0 1 1 0 8 0 pipepl 112 134 0 115 1 0 1 1 0 8 0 fdescpl 424 202 0 188 2 0 2 2 0 8 0 filepl 120 994 0 896 4 0 4 4 0 8 1 lockfpl 104 9 0 8 2 1 1 1 0 8 0 lockfspl 32 5 0 4 2 1 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 51 0 43 1 0 1 1 0 8 0 zombiepl 144 188 0 188 2 1 1 1 0 8 1 processpl 840 216 0 188 4 0 4 4 0 8 0 procpl 600 245 0 203 4 0 4 4 0 8 0 sockpl 384 76 0 58 3 0 3 3 0 8 1 mcl4k 4096 10 0 10 2 1 1 1 0 8 1 mcl2k 2048 54821 0 54776 16 3 13 13 0 8 6 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 89631 0 89547 11 4 7 7 0 8 0 bufpl 256 5633 0 1139 281 0 281 281 0 8 0 anonpl 16 30511 0 20044 44 1 43 43 0 62 0 amapchunkpl 152 805 0 689 8 1 7 7 0 158 2 amappl16 192 721 0 150 29 0 29 29 0 8 0 amappl14 176 29 0 27 1 0 1 1 0 8 0 amappl13 168 7 0 6 1 0 1 1 0 8 0 amappl12 160 9 0 7 1 0 1 1 0 8 0 amappl11 152 31 0 17 1 0 1 1 0 8 0 amappl10 144 55 0 54 1 0 1 1 0 8 0 amappl9 136 537 0 533 1 0 1 1 0 8 0 amappl8 128 115 0 100 1 0 1 1 0 8 0 amappl7 120 27 0 24 1 0 1 1 0 8 0 amappl6 112 55 0 48 1 0 1 1 0 8 0 amappl5 104 127 0 117 1 0 1 1 0 8 0 amappl4 96 396 0 372 2 1 1 2 0 8 0 amappl3 88 118 0 111 1 0 1 1 0 8 0 amappl2 80 758 0 708 3 1 2 2 0 8 0 amappl1 72 12597 0 12179 23 10 13 19 0 8 3 amappl 72 457 0 417 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 2 0 1 1 0 1 1 0 8 0 uaddrrnd 24 202 0 188 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 202 0 188 1 0 1 1 0 8 0 vmmpekpl 168 5610 0 5592 1 0 1 1 0 8 0 vmmpepl 168 28960 0 27462 96 13 83 83 0 357 17 vmsppl 264 201 0 188 2 0 2 2 0 8 1 pdppl 4096 410 0 376 6 0 6 6 0 8 1 pvpl 32 110021 0 96240 116 4 112 112 0 265 0 pmappl 200 201 0 188 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 420 0 11 12 0 12 12 0 8 0