pool: free list modified: anonpl
3 views
Skip to first unread message
syzbot
Nov 13, 2019, 12:10:09 AM11/13/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: f0c2caef use the default URL when running fw_update, we ca..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14bda0e2e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=b1e7afbffef0104331af
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b1e7af...@syzkaller.appspotmail.com
panic: pool_do_get: anonpl free list modified: page 0xfffffd803ebc6000;
item addr 0xfffffd803ebc6000; offset 0x0=0x0 != 0x3f0ab0a329c1bbcc
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*490797 38222 0 0 0 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8257aac8,2,ffff80001592e828) at pool_do_get+0x42a
sys/kern/subr_pool.c:746
pool_get(ffffffff8257aac8,2) at pool_get+0xb5 sys/kern/subr_pool.c:581
uvm_analloc() at uvm_analloc+0x29 sys/uvm/uvm_anon.c:64
uvm_fault(fffffd803f013dd0,e601fe2d000,0,2) at uvm_fault+0xfa9
sys/uvm/uvm_fault.c:1114
pageflttrap() at pageflttrap+0x239 sys/arch/amd64/amd64/trap.c:199
usertrap(ffff80001592ebc0) at usertrap+0x1fb sys/arch/amd64/amd64/trap.c:369
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffeb690, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
pool_do_get: anonpl free list modified: page 0xfffffd803ebc6000; item addr
0xfffffd803ebc6000; offset 0x0=0x0 != 0x3f0ab0a329c1bbcc
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8257aac8,2,ffff80001592e828) at pool_do_get+0x42a
sys/kern/subr_pool.c:746
pool_get(ffffffff8257aac8,2) at pool_get+0xb5 sys/kern/subr_pool.c:581
uvm_analloc() at uvm_analloc+0x29 sys/uvm/uvm_anon.c:64
uvm_fault(fffffd803f013dd0,e601fe2d000,0,2) at uvm_fault+0xfa9
sys/uvm/uvm_fault.c:1114
pageflttrap() at pageflttrap+0x239 sys/arch/amd64/amd64/trap.c:199
usertrap(ffff80001592ebc0) at usertrap+0x1fb sys/arch/amd64/amd64/trap.c:369
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffeb690, count: -9
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001592e690
rbx 0xffff80001592e740
rdx 0x2
rcx 0
rax 0
r8 0xffff80001592e650
r9 0x1
r10 0
r11 0x2e2b86e51580836c
r12 0x3000000008
r13 0xffff80001592e6a0
r14 0x100
r15 0x1
rip 0xffffffff81210978 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001592e680
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=490797 stat=onproc
flags process=0 proc=0
pri=82, usrpri=82, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff3650,0xffffffff8257d7e0
process=0xffff8000148a2d98 user=0xffff800015929000,
vmspace=0xfffffd803f013dd0
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*38222 490797 49313 0 7 0 syz-executor.0
10072 488237 4786 0 2 0 syz-executor.1
10072 435630 4786 0 3 0x4000080 fsleep syz-executor.1
4786 348753 49324 0 2 0x482 syz-executor.1
49313 505303 49324 0 2 0x482 syz-executor.0
91654 340610 0 0 3 0x14200 acct acct
62066 483678 1 0 3 0x100083 ttyin getty
38098 8169 0 0 3 0x14200 bored sosplice
49324 331471 22095 0 3 0x82 thrsleep syz-fuzzer
49324 55933 22095 0 2 0x4000482 syz-fuzzer
49324 38420 22095 0 3 0x4000082 thrsleep syz-fuzzer
49324 196621 22095 0 3 0x4000082 thrsleep syz-fuzzer
49324 287320 22095 0 3 0x4000082 thrsleep syz-fuzzer
49324 12216 22095 0 3 0x4000082 thrsleep syz-fuzzer
49324 452833 22095 0 3 0x4000082 thrsleep syz-fuzzer
49324 367432 22095 0 3 0x4000082 kqread syz-fuzzer
22095 497930 14503 0 3 0x10008a pause ksh
14503 81258 74786 0 3 0x92 select sshd
74786 268309 1 0 3 0x80 select sshd
52936 351813 79795 73 3 0x100090 kqread syslogd
79795 105185 1 0 3 0x100082 netio syslogd
71275 74846 0 0 2 0x14200 zerothread
41871 435974 0 0 3 0x14200 aiodoned aiodoned
30032 494360 0 0 3 0x14200 syncer update
44592 406853 0 0 3 0x14200 cleaner cleaner
83570 332530 0 0 3 0x14200 reaper reaper
42115 328920 0 0 3 0x14200 pgdaemon pagedaemon
45686 387561 0 0 3 0x14200 bored crynlk
73947 161764 0 0 3 0x14200 bored crypto
64509 115324 0 0 3 0x40014200 acpi0 acpi0
36968 428148 0 0 3 0x14200 bored softnet
48845 436123 0 0 3 0x14200 bored systqmp
56583 360688 0 0 3 0x14200 bored systq
80434 148007 0 0 3 0x40014200 bored softclock
42962 262167 0 0 3 0x40014200 idle0
68425 505594 0 0 3 0x14200 bored smr
1 489856 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9527 6945K 8567K 78643K 19234 0 0
pcb 13 10K 12K 78643K 516 0 0
rtable 122 12K 13K 78643K 1055 0 0
ifaddr 159 21K 22K 78643K 709 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 162 0 0
iov 0 0K 24K 78643K 886 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1231 77K 78K 78643K 4126 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 26 0 0
VM map 30 7K 7K 78643K 36 0 0
sem 12 1K 1K 78643K 586 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 6 17K 25K 78643K 2506 0 0
sigio 0 0K 0K 78643K 48 0 0
proc 43 30K 63K 78643K 1145 0 0
subproc 32 2K 2K 78643K 272 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 310 0 0
in_multi 33 2K 2K 78643K 338 0 0
ether_multi 1 0K 0K 78643K 23 0 0
mrt 0 0K 0K 78643K 5 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 72 318K 318K 78643K 72 0 0
exec 0 0K 1K 78643K 596 0 0
pfkey data 0 0K 4K 78643K 5 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 155 218K 218K 78643K 7226 0 0
UVM aobj 130 6K 6K 78643K 140 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 727 0 0
NDP 18 0K 0K 78643K 123 0 0
temp 159 3535K 4175K 78643K 93201 0 0
kqueue 0 0K 0K 78643K 32 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 72 0 66 1 0 1 1 0
8 0
rtpcb 80 306 0 306 6 5 1 1 0
8 1
rtentry 112 314 0 269 2 0 2 2 0
8 0
unpcb 120 2104 0 2095 1 0 1 1 0
8 0
syncache 264 15 0 15 7 7 0 1 0
8 0
tcpqe 32 110 0 110 4 4 0 1 0
8 0
tcpcb 544 2330 0 2326 19 17 2 15 0
8 1
ipq 40 41 0 41 12 11 1 1 0
8 1
ipqe 40 1382 0 1382 12 11 1 1 0
8 1
inpcb 280 5934 0 5930 20 18 2 9 0
8 1
rttmr 72 1 0 0 1 0 1 1 0
8 0
ip6q 72 4 0 4 2 2 0 1 0
8 0
ip6af 40 12 0 12 2 2 0 1 0
8 0
nd6 48 42 0 38 1 0 1 1 0
8 0
pkpcb 40 16 0 16 8 8 0 1 0
8 0
ppxss 1128 29 0 29 8 7 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 1277 0 1037 27 12 15 16 0
8 0
art_table 32 1278 0 1037 3 0 3 3 0
8 1
art_node 16 313 0 272 1 0 1 1 0
8 0
sysvmsgpl 40 52 0 12 1 0 1 1 0
8 0
semupl 112 2 0 2 1 1 0 1 0
8 0
semapl 112 582 0 572 1 0 1 1 0
8 0
shmpl 112 138 0 10 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 5057 0 3655 46 0 46 46 0
8 0
ffsino 240 5057 0 3655 83 0 83 83 0
8 0
nchpl 144 8875 0 8423 60 39 21 60 0
8 0
uvmvnodes 72 6495 0 0 119 0 119 119 0
8 0
vnodes 208 6495 0 0 342 0 342 342 0
8 0
namei 1024 31295 0 31295 4 3 1 1 0
8 1
vcpupl 1984 28 0 0 4 0 4 4 0
8 0
vmpool 520 34 0 6 2 0 2 2 0
8 0
scsiplug 64 2 0 2 2 2 0 1 0
8 0
scxspl 192 30127 0 30127 17 15 2 7 0
8 2
plimitpl 152 205 0 199 1 0 1 1 0
8 0
sigapl 432 2635 0 2623 2 0 2 2 0
8 0
futexpl 56 80039 0 80038 4 3 1 1 0
8 0
knotepl 112 591 0 572 2 1 1 2 0
8 0
kqueuepl 104 952 0 950 4 3 1 4 0
8 0
pipepl 128 1552 0 1533 10 9 1 2 0
8 0
fdescpl 424 2636 0 2623 2 0 2 2 0
8 0
filepl 120 25108 0 25024 21 17 4 10 0
8 1
lockfpl 104 1214 0 1214 4 3 1 1 0
8 1
lockfspl 48 417 0 417 4 3 1 1 0
8 1
sessionpl 112 32 0 24 1 0 1 1 0
8 0
pgrppl 48 88 0 80 1 0 1 1 0
8 0
ucredpl 96 3582 0 3576 1 0 1 1 0
8 0
zombiepl 144 2625 0 2625 1 0 1 1 0
8 1
processpl 864 2654 0 2625 4 0 4 4 0
8 0
procpl 632 5748 0 5711 6 2 4 5 0
8 0
sosppl 128 41 0 41 11 10 1 1 0
8 1
sockpl 384 8408 0 8395 36 32 4 13 0
8 2
mcl64k 65536 519 0 519 39 38 1 33 0
8 1
mcl16k 16384 48 0 48 10 9 1 1 0
8 1
mcl12k 12288 100 0 100 9 8 1 1 0
8 1
mcl9k 9216 40 0 40 10 9 1 1 0
8 1
mcl8k 8192 149 0 149 8 7 1 1 0
8 1
mcl4k 4096 250 0 250 6 5 1 1 0
8 1
mcl2k2 2112 27 0 27 11 11 0 1 0
8 0
mcl2k 2048 75465 0 75417 20 13 7 15 0
8 0
mtagpl 80 317 0 317 5 3 2 2 0
8 2
mbufpl 256 143110 0 143001 99 82 17 32 0
8 1
bufpl 256 16451 0 9955 407 0 407 407 0
8 0
anonpl 16 343102 0 324529 178 90 88 111 0
62 0
anonpl: pool(0xffffffff8257aac8:anonpl): free list modified: page
0xfffffd803ebc6000; item ordinal 0; addr 0xfffffd803ebc6000 (p
0xfffffd803ebc6000); offset 0x0=0x0
anonpl: pool(0xffffffff8257aac8:anonpl): page inconsistency: page
0xfffffd803ebc6000; item ordinal 1; addr 0xc5e83528246c8415
amapchunkpl 152 13984 0 13840 42 34 8 31 0
158 0
amappl16 192 16049 0 14885 189 129 60 80 0
8 1
amappl15 184 286 0 286 3 3 0 1 0
8 0
amappl14 176 157 0 149 1 0 1 1 0
8 0
amappl13 168 569 0 568 2 1 1 1 0
8 0
amappl12 160 669 0 664 1 0 1 1 0
8 0
amappl11 152 317 0 313 1 0 1 1 0
8 0
amappl10 144 404 0 402 1 0 1 1 0
8 0
amappl9 136 1049 0 1046 1 0 1 1 0
8 0
amappl8 128 632 0 585 2 0 2 2 0
8 0
amappl7 120 471 0 466 1 0 1 1 0
8 0
amappl6 112 283 0 270 1 0 1 1 0
8 0
amappl5 104 941 0 931 1 0 1 1 0
8 0
amappl4 96 2655 0 2623 1 0 1 1 0
8 0
amappl3 88 832 0 825 1 0 1 1 0
8 0
amappl2 80 19749 0 19680 3 1 2 3 0
8 0
amappl1 72 57452 0 57057 26 17 9 20 0
8 0
amappl 80 6236 0 6182 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 139 0 10 3 0 3 3 0
8 0
uaddrrnd 24 2670 0 2623 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2670 0 2623 1 0 1 1 0
8 0
vmmpekpl 168 20192 0 20161 2 0 2 2 0
8 0
vmmpepl 168 328789 0 326467 329 185 144 173 0 357
40
vmsppl 272 2635 0 2623 2 1 1 2 0
8 0
pdppl 4096 5346 0 5286 11 3 8 8 0
8 0
pvpl 32 893401 0 871668 369 147 222 268 0 265
23
pmappl 200 2669 0 2629 3 0 3 3 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 741 0 192 17 0 17 17 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: f0c2caef use the default URL when running fw_update, we ca..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14bda0e2e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=b1e7afbffef0104331af
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b1e7af...@syzkaller.appspotmail.com
panic: pool_do_get: anonpl free list modified: page 0xfffffd803ebc6000;
item addr 0xfffffd803ebc6000; offset 0x0=0x0 != 0x3f0ab0a329c1bbcc
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*490797 38222 0 0 0 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8257aac8,2,ffff80001592e828) at pool_do_get+0x42a
sys/kern/subr_pool.c:746
pool_get(ffffffff8257aac8,2) at pool_get+0xb5 sys/kern/subr_pool.c:581
uvm_analloc() at uvm_analloc+0x29 sys/uvm/uvm_anon.c:64
uvm_fault(fffffd803f013dd0,e601fe2d000,0,2) at uvm_fault+0xfa9
sys/uvm/uvm_fault.c:1114
pageflttrap() at pageflttrap+0x239 sys/arch/amd64/amd64/trap.c:199
usertrap(ffff80001592ebc0) at usertrap+0x1fb sys/arch/amd64/amd64/trap.c:369
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffeb690, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
pool_do_get: anonpl free list modified: page 0xfffffd803ebc6000; item addr
0xfffffd803ebc6000; offset 0x0=0x0 != 0x3f0ab0a329c1bbcc
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pool_do_get(ffffffff8257aac8,2,ffff80001592e828) at pool_do_get+0x42a
sys/kern/subr_pool.c:746
pool_get(ffffffff8257aac8,2) at pool_get+0xb5 sys/kern/subr_pool.c:581
uvm_analloc() at uvm_analloc+0x29 sys/uvm/uvm_anon.c:64
uvm_fault(fffffd803f013dd0,e601fe2d000,0,2) at uvm_fault+0xfa9
sys/uvm/uvm_fault.c:1114
pageflttrap() at pageflttrap+0x239 sys/arch/amd64/amd64/trap.c:199
usertrap(ffff80001592ebc0) at usertrap+0x1fb sys/arch/amd64/amd64/trap.c:369
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffeb690, count: -9
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001592e690
rbx 0xffff80001592e740
rdx 0x2
rcx 0
rax 0
r8 0xffff80001592e650
r9 0x1
r10 0
r11 0x2e2b86e51580836c
r12 0x3000000008
r13 0xffff80001592e6a0
r14 0x100
r15 0x1
rip 0xffffffff81210978 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001592e680
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=490797 stat=onproc
flags process=0 proc=0
pri=82, usrpri=82, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff3650,0xffffffff8257d7e0
process=0xffff8000148a2d98 user=0xffff800015929000,
vmspace=0xfffffd803f013dd0
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*38222 490797 49313 0 7 0 syz-executor.0
10072 488237 4786 0 2 0 syz-executor.1
10072 435630 4786 0 3 0x4000080 fsleep syz-executor.1
4786 348753 49324 0 2 0x482 syz-executor.1
49313 505303 49324 0 2 0x482 syz-executor.0
91654 340610 0 0 3 0x14200 acct acct
62066 483678 1 0 3 0x100083 ttyin getty
38098 8169 0 0 3 0x14200 bored sosplice
49324 331471 22095 0 3 0x82 thrsleep syz-fuzzer
49324 55933 22095 0 2 0x4000482 syz-fuzzer
49324 38420 22095 0 3 0x4000082 thrsleep syz-fuzzer
49324 196621 22095 0 3 0x4000082 thrsleep syz-fuzzer
49324 287320 22095 0 3 0x4000082 thrsleep syz-fuzzer
49324 12216 22095 0 3 0x4000082 thrsleep syz-fuzzer
49324 452833 22095 0 3 0x4000082 thrsleep syz-fuzzer
49324 367432 22095 0 3 0x4000082 kqread syz-fuzzer
22095 497930 14503 0 3 0x10008a pause ksh
14503 81258 74786 0 3 0x92 select sshd
74786 268309 1 0 3 0x80 select sshd
52936 351813 79795 73 3 0x100090 kqread syslogd
79795 105185 1 0 3 0x100082 netio syslogd
71275 74846 0 0 2 0x14200 zerothread
41871 435974 0 0 3 0x14200 aiodoned aiodoned
30032 494360 0 0 3 0x14200 syncer update
44592 406853 0 0 3 0x14200 cleaner cleaner
83570 332530 0 0 3 0x14200 reaper reaper
42115 328920 0 0 3 0x14200 pgdaemon pagedaemon
45686 387561 0 0 3 0x14200 bored crynlk
73947 161764 0 0 3 0x14200 bored crypto
64509 115324 0 0 3 0x40014200 acpi0 acpi0
36968 428148 0 0 3 0x14200 bored softnet
48845 436123 0 0 3 0x14200 bored systqmp
56583 360688 0 0 3 0x14200 bored systq
80434 148007 0 0 3 0x40014200 bored softclock
42962 262167 0 0 3 0x40014200 idle0
68425 505594 0 0 3 0x14200 bored smr
1 489856 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9527 6945K 8567K 78643K 19234 0 0
pcb 13 10K 12K 78643K 516 0 0
rtable 122 12K 13K 78643K 1055 0 0
ifaddr 159 21K 22K 78643K 709 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 162 0 0
iov 0 0K 24K 78643K 886 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1231 77K 78K 78643K 4126 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 26 0 0
VM map 30 7K 7K 78643K 36 0 0
sem 12 1K 1K 78643K 586 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 6 17K 25K 78643K 2506 0 0
sigio 0 0K 0K 78643K 48 0 0
proc 43 30K 63K 78643K 1145 0 0
subproc 32 2K 2K 78643K 272 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 310 0 0
in_multi 33 2K 2K 78643K 338 0 0
ether_multi 1 0K 0K 78643K 23 0 0
mrt 0 0K 0K 78643K 5 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 72 318K 318K 78643K 72 0 0
exec 0 0K 1K 78643K 596 0 0
pfkey data 0 0K 4K 78643K 5 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 155 218K 218K 78643K 7226 0 0
UVM aobj 130 6K 6K 78643K 140 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 727 0 0
NDP 18 0K 0K 78643K 123 0 0
temp 159 3535K 4175K 78643K 93201 0 0
kqueue 0 0K 0K 78643K 32 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 72 0 66 1 0 1 1 0
8 0
rtpcb 80 306 0 306 6 5 1 1 0
8 1
rtentry 112 314 0 269 2 0 2 2 0
8 0
unpcb 120 2104 0 2095 1 0 1 1 0
8 0
syncache 264 15 0 15 7 7 0 1 0
8 0
tcpqe 32 110 0 110 4 4 0 1 0
8 0
tcpcb 544 2330 0 2326 19 17 2 15 0
8 1
ipq 40 41 0 41 12 11 1 1 0
8 1
ipqe 40 1382 0 1382 12 11 1 1 0
8 1
inpcb 280 5934 0 5930 20 18 2 9 0
8 1
rttmr 72 1 0 0 1 0 1 1 0
8 0
ip6q 72 4 0 4 2 2 0 1 0
8 0
ip6af 40 12 0 12 2 2 0 1 0
8 0
nd6 48 42 0 38 1 0 1 1 0
8 0
pkpcb 40 16 0 16 8 8 0 1 0
8 0
ppxss 1128 29 0 29 8 7 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 1277 0 1037 27 12 15 16 0
8 0
art_table 32 1278 0 1037 3 0 3 3 0
8 1
art_node 16 313 0 272 1 0 1 1 0
8 0
sysvmsgpl 40 52 0 12 1 0 1 1 0
8 0
semupl 112 2 0 2 1 1 0 1 0
8 0
semapl 112 582 0 572 1 0 1 1 0
8 0
shmpl 112 138 0 10 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 5057 0 3655 46 0 46 46 0
8 0
ffsino 240 5057 0 3655 83 0 83 83 0
8 0
nchpl 144 8875 0 8423 60 39 21 60 0
8 0
uvmvnodes 72 6495 0 0 119 0 119 119 0
8 0
vnodes 208 6495 0 0 342 0 342 342 0
8 0
namei 1024 31295 0 31295 4 3 1 1 0
8 1
vcpupl 1984 28 0 0 4 0 4 4 0
8 0
vmpool 520 34 0 6 2 0 2 2 0
8 0
scsiplug 64 2 0 2 2 2 0 1 0
8 0
scxspl 192 30127 0 30127 17 15 2 7 0
8 2
plimitpl 152 205 0 199 1 0 1 1 0
8 0
sigapl 432 2635 0 2623 2 0 2 2 0
8 0
futexpl 56 80039 0 80038 4 3 1 1 0
8 0
knotepl 112 591 0 572 2 1 1 2 0
8 0
kqueuepl 104 952 0 950 4 3 1 4 0
8 0
pipepl 128 1552 0 1533 10 9 1 2 0
8 0
fdescpl 424 2636 0 2623 2 0 2 2 0
8 0
filepl 120 25108 0 25024 21 17 4 10 0
8 1
lockfpl 104 1214 0 1214 4 3 1 1 0
8 1
lockfspl 48 417 0 417 4 3 1 1 0
8 1
sessionpl 112 32 0 24 1 0 1 1 0
8 0
pgrppl 48 88 0 80 1 0 1 1 0
8 0
ucredpl 96 3582 0 3576 1 0 1 1 0
8 0
zombiepl 144 2625 0 2625 1 0 1 1 0
8 1
processpl 864 2654 0 2625 4 0 4 4 0
8 0
procpl 632 5748 0 5711 6 2 4 5 0
8 0
sosppl 128 41 0 41 11 10 1 1 0
8 1
sockpl 384 8408 0 8395 36 32 4 13 0
8 2
mcl64k 65536 519 0 519 39 38 1 33 0
8 1
mcl16k 16384 48 0 48 10 9 1 1 0
8 1
mcl12k 12288 100 0 100 9 8 1 1 0
8 1
mcl9k 9216 40 0 40 10 9 1 1 0
8 1
mcl8k 8192 149 0 149 8 7 1 1 0
8 1
mcl4k 4096 250 0 250 6 5 1 1 0
8 1
mcl2k2 2112 27 0 27 11 11 0 1 0
8 0
mcl2k 2048 75465 0 75417 20 13 7 15 0
8 0
mtagpl 80 317 0 317 5 3 2 2 0
8 2
mbufpl 256 143110 0 143001 99 82 17 32 0
8 1
bufpl 256 16451 0 9955 407 0 407 407 0
8 0
anonpl 16 343102 0 324529 178 90 88 111 0
62 0
anonpl: pool(0xffffffff8257aac8:anonpl): free list modified: page
0xfffffd803ebc6000; item ordinal 0; addr 0xfffffd803ebc6000 (p
0xfffffd803ebc6000); offset 0x0=0x0
anonpl: pool(0xffffffff8257aac8:anonpl): page inconsistency: page
0xfffffd803ebc6000; item ordinal 1; addr 0xc5e83528246c8415
amapchunkpl 152 13984 0 13840 42 34 8 31 0
158 0
amappl16 192 16049 0 14885 189 129 60 80 0
8 1
amappl15 184 286 0 286 3 3 0 1 0
8 0
amappl14 176 157 0 149 1 0 1 1 0
8 0
amappl13 168 569 0 568 2 1 1 1 0
8 0
amappl12 160 669 0 664 1 0 1 1 0
8 0
amappl11 152 317 0 313 1 0 1 1 0
8 0
amappl10 144 404 0 402 1 0 1 1 0
8 0
amappl9 136 1049 0 1046 1 0 1 1 0
8 0
amappl8 128 632 0 585 2 0 2 2 0
8 0
amappl7 120 471 0 466 1 0 1 1 0
8 0
amappl6 112 283 0 270 1 0 1 1 0
8 0
amappl5 104 941 0 931 1 0 1 1 0
8 0
amappl4 96 2655 0 2623 1 0 1 1 0
8 0
amappl3 88 832 0 825 1 0 1 1 0
8 0
amappl2 80 19749 0 19680 3 1 2 3 0
8 0
amappl1 72 57452 0 57057 26 17 9 20 0
8 0
amappl 80 6236 0 6182 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 139 0 10 3 0 3 3 0
8 0
uaddrrnd 24 2670 0 2623 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2670 0 2623 1 0 1 1 0
8 0
vmmpekpl 168 20192 0 20161 2 0 2 2 0
8 0
vmmpepl 168 328789 0 326467 329 185 144 173 0 357
40
vmsppl 272 2635 0 2623 2 1 1 2 0
8 0
pdppl 4096 5346 0 5286 11 3 8 8 0
8 0
pvpl 32 893401 0 871668 369 147 222 268 0 265
23
pmappl 200 2669 0 2629 3 0 3 3 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 741 0 192 17 0 17 17 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 20, 2020, 4:03:10 AM9/20/20
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages