syzbot


pool: free list modified: art_heap4 (3)

Status: auto-obsoleted due to no activity on 2022/09/11 15:13
Reported-by: syzbot+59682e8bec66571bf04f@syzkaller.appspotmail.com
First crash: 236d, last: 236d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd pool: free list modified: art_heap4 (2) 4 955d 986d 3/3 fixed on 2020/08/05 06:16
openbsd pool: free list modified: art_heap4 2 1142d 1166d 0/3 auto-closed as invalid on 2020/03/19 11:43

Sample crash report:
panic: pool_do_get: art_heap4 free list modified: page 0xfffffd8067a27000; item addr 0xfffffd8067a27b00; offset 0x0=0x0 != 0xa57a7d9056836fc8
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*380929  61287      0           0  0x4000000    0K syz-executor.4
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8263e415) at panic+0x177 sys/kern/subr_prf.c:202
pool_do_get(ffffffff829eb950,a,ffff80002446bb18) at pool_do_get+0x436 sys/kern/subr_pool.c:740
pool_get(ffffffff829eb950,a) at pool_get+0xe9 sys/kern/subr_pool.c:584
art_table_get(ffff800000c17600,fffffd807d970d00,10) at art_table_get+0x129 sys/net/art.c:721
art_insert(ffff800000c17600,fffffd807b5ca990,ffff800000bfd9c8,80) at art_insert+0x14a sys/net/art.c:386
rtable_insert(6,ffff800000bfd9c0,0,ffff800000d2e8c0,1,fffffd807da077f8) at rtable_insert+0x2e5 sys/net/rtable.c:598
rtrequest(1,ffff80002446be30,1,ffff80002446bef8,6) at rtrequest+0x89b sys/net/route.c:946
rt_ifa_add(ffff800000e43a00,240404,ffff800000e43a40,6) at rt_ifa_add+0x260 sys/net/route.c:1137
rt_ifa_addlocal(ffff800000e43a00) at rt_ifa_addlocal+0x163 sys/net/route.c:1245
in6_update_ifa(ffff800000c34000,ffff80002446c3a0,0) at in6_update_ifa+0x129e sys/netinet6/in6.c:729
in6_ioctl_change_ifaddr(8080691a,ffff80002446c3a0,ffff800000c34000) at in6_ioctl_change_ifaddr+0x481 sys/netinet6/in6.c:358
ifioctl(fffffd807b367d38,8080691a,ffff80002446c3a0,ffff80002448efc8) at ifioctl+0xdf4 sys/net/if.c:2264
soo_ioctl(fffffd806622f860,8080691a,ffff80002446c3a0,ffff80002448efc8) at soo_ioctl+0x26c
end trace frame: 0xffff80002446c4a0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: pool_do_get: art_heap4 free list modified: page 0xfffffd8067a27000; item addr 0xfffffd8067a27b00; offset 0x0=0x0 != 0xa57a7d9056836fc8
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8263e415) at panic+0x177 sys/kern/subr_prf.c:202
pool_do_get(ffffffff829eb950,a,ffff80002446bb18) at pool_do_get+0x436 sys/kern/subr_pool.c:740
pool_get(ffffffff829eb950,a) at pool_get+0xe9 sys/kern/subr_pool.c:584
art_table_get(ffff800000c17600,fffffd807d970d00,10) at art_table_get+0x129 sys/net/art.c:721
art_insert(ffff800000c17600,fffffd807b5ca990,ffff800000bfd9c8,80) at art_insert+0x14a sys/net/art.c:386
rtable_insert(6,ffff800000bfd9c0,0,ffff800000d2e8c0,1,fffffd807da077f8) at rtable_insert+0x2e5 sys/net/rtable.c:598
rtrequest(1,ffff80002446be30,1,ffff80002446bef8,6) at rtrequest+0x89b sys/net/route.c:946
rt_ifa_add(ffff800000e43a00,240404,ffff800000e43a40,6) at rt_ifa_add+0x260 sys/net/route.c:1137
rt_ifa_addlocal(ffff800000e43a00) at rt_ifa_addlocal+0x163 sys/net/route.c:1245
in6_update_ifa(ffff800000c34000,ffff80002446c3a0,0) at in6_update_ifa+0x129e sys/netinet6/in6.c:729
in6_ioctl_change_ifaddr(8080691a,ffff80002446c3a0,ffff800000c34000) at in6_ioctl_change_ifaddr+0x481 sys/netinet6/in6.c:358
ifioctl(fffffd807b367d38,8080691a,ffff80002446c3a0,ffff80002448efc8) at ifioctl+0xdf4 sys/net/if.c:2264
soo_ioctl(fffffd806622f860,8080691a,ffff80002446c3a0,ffff80002448efc8) at soo_ioctl+0x26c
sys_ioctl(ffff80002448efc8,ffff80002446c4b8,ffff80002446c510) at sys_ioctl+0x4a2
syscall(ffff80002446c580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002446c580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf9fbb31390, count: -17
ddb{0}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80002446b960
rbx               0xffffffff82932c5f    cpu_info_full_primary+0x2c5f
rdx               0xffff800000c77700
rcx                                0
rax               0xffff80002448efc8
r8                 0x101010101010101
r9                0x8080808080808080
r10               0xc20ffb16d71ebbee
r11               0x8fad948f3fd96378
r12               0xffffffff82932a60    cpu_info_full_primary+0x2a60
r13                                0
r14                                0
r15                              0x1
rip               0xffffffff811d3698    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff80002446b950
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.4) pid=380929 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=32, usrpri=86, nice=20
    forw=0xffffffffffffffff, list=0xffff80002448f268,0xffffffff829ec468
    process=0xffff800024ebb620 user=0xffff800024467000, vmspace=0xfffffd80705518b0
    estcpu=36, cpticks=2, pctcpu=0.0
    user=0, sys=2, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 61287   61002  35088      0  2           0                syz-executor.4
*61287  380929  35088      0  7   0x4000000                syz-executor.4
 62601  185644  63582      0  2           0                syz-executor.0
  9682  520528  74900      0  2           0                syz-executor.7
  9682  245782  74900      0  3   0x4000080  fsleep        syz-executor.7
 43312  217838  78148      0  2           0                syz-executor.6
 52365  126337  88539      0  2           0                syz-executor.2
 88539  183054  50347      0  3        0x82  nanoslp       syz-executor.2
 74900  356665  50347      0  3        0x82  nanoslp       syz-executor.7
  8098  212537  50347      0  3        0x82  nanoslp       syz-executor.5
 63943  470066      0      0  3     0x14200  acct          acct
 63582  209160  50347      0  3        0x82  nanoslp       syz-executor.0
 64541  276889      1      0  3    0x100083  ttyopn        getty
 78148  374137  50347      0  3        0x82  nanoslp       syz-executor.6
 35088  212744  50347      0  3        0x82  nanoslp       syz-executor.4
 49132  294946  50347      0  3        0x82  nanoslp       syz-executor.1
  8969  104651  50347      0  3        0x82  nanoslp       syz-executor.3
 23052  226200      0      0  3     0x14280  nfsidl        nfsio
 87832  372350      0      0  3     0x14280  nfsidl        nfsio
 84862  165832      0      0  3     0x14280  nfsidl        nfsio
 37180  307958      0      0  3     0x14280  nfsidl        nfsio
 33467  115691      0      0  3     0x14280  nfsidl        nfsio
 83696  500083      0      0  3     0x14280  nfsidl        nfsio
 96387  126271      0      0  3     0x14280  nfsidl        nfsio
 66424   43799      0      0  3     0x14280  nfsidl        nfsio
 84395   85832      0      0  3     0x14280  nfsidl        nfsio
 55628  215172      0      0  3     0x14280  nfsidl        nfsio
 13304  465718      0      0  3     0x14280  nfsidl        nfsio
 86496  210389      0      0  3     0x14280  nfsidl        nfsio
 86607  270453      0      0  3     0x14280  nfsidl        nfsio
 45225  126219      0      0  3     0x14280  nfsidl        nfsio
 58871   86096      0      0  3     0x14280  nfsidl        nfsio
 54290  157797      0      0  3     0x14280  nfsidl        nfsio
 78598  370399      0      0  3     0x14280  nfsidl        nfsio
 67151  393405      0      0  3     0x14280  nfsidl        nfsio
 50647  403172      0      0  3     0x14280  nfsidl        nfsio
  4168  210185      0      0  3     0x14280  nfsidl        nfsio
  6569  353234      0      0  3     0x14200  bored         sosplice
 50347  236757  62840      0  3        0x82  kqread        syz-fuzzer
 50347  148764  62840      0  3   0x4000082  thrsleep      syz-fuzzer
 50347  448007  62840      0  3   0x4000082  thrsleep      syz-fuzzer
 50347   56557  62840      0  3   0x4000082  thrsleep      syz-fuzzer
 50347  516609  62840      0  3   0x4000082  thrsleep      syz-fuzzer
 50347  422124  62840      0  3   0x4000082  thrsleep      syz-fuzzer
 50347  302562  62840      0  3   0x4000082  thrsleep      syz-fuzzer
 50347  460300  62840      0  3   0x4000082  thrsleep      syz-fuzzer
 50347  117306  62840      0  3   0x4000082  thrsleep      syz-fuzzer
 62840   89738  75747      0  3    0x10008a  sigsusp       ksh
 75747  173677  10462      0  3        0x9a  kqread        sshd
 10462  159810      1      0  3        0x88  kqread        sshd
 91676  324495  51353     74  3   0x1100092  bpf           pflogd
 51353  205984      1      0  3        0x80  netio         pflogd
 48396  243751  86940     73  3   0x1100090  kqread        syslogd
 86940   40911      1      0  3    0x100082  netio         syslogd
  4044   88265      1      0  3    0x100080  kqread        resolvd
 81960  444533  77026     77  3    0x100092  kqread        dhcpleased
 67416  253412  77026     77  3    0x100092  kqread        dhcpleased
 77026  365211      1      0  3        0x80  kqread        dhcpleased
 50353   81003      0      0  3     0x14200  bored         smr
 65031  263635      0      0  2     0x14200                zerothread
 98830  248556      0      0  3     0x14200  aiodoned      aiodoned
 69266  427525      0      0  3     0x14200  syncer        update
 13253   13322      0      0  3     0x14200  cleaner       cleaner
 40316  318407      0      0  3     0x14200  reaper        reaper
 87238   94606      0      0  3     0x14200  pgdaemon      pagedaemon
 50621  140720      0      0  3     0x14200  bored         viomb
 88450  186848      0      0  3  0x40014200  acpi0         acpi0
 12655  481278      0      0  7  0x40014200                idle1
 68730   82057      0      0  3     0x14200  bored         softnet
 12407  294906      0      0  3     0x14200  bored         softnet
 66560   64081      0      0  3     0x14200  bored         softnet
 66165   61743      0      0  3     0x14200  bored         softnet
 59479  320848      0      0  3     0x14200  bored         systqmp
 48770   75680      0      0  3     0x14200  bored         systq
  4725  364251      0      0  3  0x40014200  bored         softclock
 95060   42679      0      0  3  0x40014200                idle0
     1  312940      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}> show all locks
ddb{0}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10249   6586K    6958K  78643K     34973        0
            pcb    13     20K      24K  78643K      1317        0
         rtable   216     21K      21K  78643K      2892        0
         ifaddr    97     22K      23K  78643K      1359        0
         sysctl     3      1K       1K  78643K         3        0
       counters    56     35K      36K  78643K       342        0
       ioctlops     0      0K       8K  78643K      4753        0
            iov     0      0K      36K  78643K      2222        0
          mount     1      1K       1K  78643K         1        0
            log     0      0K       0K  78643K         4        0
         vnodes  1364     85K      86K  78643K      8269        0
      UFS quota     1     32K      32K  78643K         1        0
      UFS mount     5     36K      36K  78643K         5        0
            shm     2      1K       9K  78643K       113        0
         VM map     2      1K       1K  78643K         2        0
            sem    17      2K       3K  78643K       117        0
        dirhash    12      2K       2K  78643K        12        0
           ACPI  1697    195K     286K  78643K     12548        0
      file desc    15     53K      89K  78643K     14396        0
          sigio     0      0K       0K  78643K       206        0
           proc    72     91K     128K  78643K      1691        0
        subproc   104      6K       7K  78643K       480        0
    NFS srvsock     1      0K       0K  78643K         1        0
     NFS daemon     1     16K      16K  78643K         1        0
    ip_moptions     0      0K       0K  78643K       391        0
       in_multi    78      5K       6K  78643K       809        0
    ether_multi     1      0K       0K  78643K        68        0
            mrt     1      0K       0K  78643K        28        0
    ISOFS mount     1     32K      32K  78643K         1        0
  MSDOSFS mount     1     16K      16K  78643K         1        0
           ttys   295   1314K    1314K  78643K       295        0
           exec     0      0K       2K  78643K      2639        0
            tdb     3      0K       0K  78643K         3        0
        pagedep     1      8K       8K  78643K         1        0
       inodedep     1     32K      32K  78643K         1        0
         newblk     1      0K       0K  78643K         1        0
        VM swap     7     26K      26K  78643K         7        0
       UVM amap   463    843K     843K  78643K     81917        0
       UVM aobj   135      4K       4K  78643K       138        0
        memdesc     1      4K       4K  78643K         1        0
    crypto data     1      1K       1K  78643K         1        0
    ip6_options     0      0K       0K  78643K       562        0
            NDP    15      0K       2K  78643K       280        0
           temp   218   4888K    5896K  78643K    197790        0
         kqueue    12     18K      26K  78643K      1199        0
      SYN cache     2     16K      16K  78643K         2        0
ddb{0}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       22    0        0     1     0     1     1     0     8    0
rtpcb      120     1213    0     1210    17    15     2     3     0     8    1
rtentry    112      579    0      500     4     1     3     4     0     8    0
unpcb      136     7573    0     7557    67    66     1     6     0     8    0
syncache   296      173    0      173    17    16     1     1     0     8    1
tcpqe       32       25   55       25     5     5     0     1     0     8    0
tcpcb      736     5735    0     5720   149   144     5    20     0     8    3
arp        120       79    0       67     1     0     1     1     0     8    0
inpcb      312    25136    0    25121   219   214     5    19     0     8    3
nd6         48      160    0      142     1     0     1     1     0     8    0
pkpcb       40       21    0       21     4     4     0     1     0     8    0
kcovpl      48       30    0       22     1     0     1     1     0     8    0
ppxss      1248      56    0       56    13    13     0     1     0     8    0
pfstscr     40       13    0       13     2     2     0     1     0     8    0
pffrag     232       82    0       79     4     3     1     1     0   482    0
pffrnode    88       82    0       79     4     3     1     1     0     8    0
pffrent     40      323    0      320     4     3     1     1     0     8    0
pfosfp      40     1494    0     1070     5     0     5     5     0     8    0
pfosfpen   112     1494    0      779    21     0    21    21     0     8    0
pfrktable  1344     302    0      290     3     1     2     2     0     8    0
pftag       88       77    0       69     1     0     1     1     0     8    0
pfqueue    264        4    0        4     1     1     0     1     0     8    0
pfstitem    24       57    0       54     1     0     1     1     0     8    0
pfstkey    112       73    0       70     1     0     1     1     0     8    0
pfstate    336       63    0       60     3     2     1     3     0     8    0
pfrule     1360     461    0      420     6     2     4     4     0     8    0
rttmr       64        7    0        7     2     2     0     1     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256     2322    0     1908    39    13    26    30     0     8    0
art_heap4: pool(0xffffffff829eb950:art_heap4): free list modified: page 0xfffffd8067a27000; item ordinal 0; addr 0xfffffd8067a27b00 (p 0xfffffd8062f18000); offset 0x0=0x0
pool(art_heap4): free list modified: page 0xfffffd8067a27000; item ordinal 0; addr 0xfffffd8067a27b00 (p 0xfffffd8062f18000); offset 0x0=0x0
art_heap4: pool(0xffffffff829eb950:art_heap4): page inconsistency: page 0xfffffd8067a27000; item ordinal 1; addr 0x532c986b8796008a
art_table   32     2324    0     1908     5     1     4     4     0     8    0
art_node    16      571    0      501     1     0     1     1     0     8    0
sysvmsgpl   40       31    0       13     1     0     1     1     0     8    0
semupl     112        3    0        3     2     2     0     1     0     8    0
semapl     112      105    0       90     1     0     1     1     0     8    0
shmpl      112      135    0        7     4     0     4     4     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino2pl    256    19836    0    18385    91     0    91    91     0     8    0
ffsino     272    19836    0    18385    98     0    98    98     0     8    0
nchpl      144    38366    0    36724    63     0    63    63     0     8    0
uvmvnodes   80     5926    0        0   121     0   121   121     0     8    0
vnodes     224     5926    0        0   349     0   349   349     0     8    0
namei      1024  135021    0   135021     5     4     1     2     0     8    1
percpumem   16      183    0      143     1     0     1     1     0     8    0
vcpupl     2048      63    0        1     8     0     8     8     0     8    0
vmpool     560      104    0       42     8     3     5     5     0     8    0
pfiaddrpl  120      104    0       85     2     1     1     1     0     8    0
kstatmem   264      316    0      286     3     0     3     3     0     8    0
scsiplug    72       13    0       13     5     5     0     1     0     8    0
scxspl     216   113285    0   113285    26    25     1     8     0     8    1
plimitpl   152     1497    0     1482     1     0     1     1     0     8    0
sigapl     424    14756    0    14686    11     3     8     8     0     8    0
futexpl     64   144831    0   144830     3     2     1     1     0     8    0
knotepl    120      808    0        0    10     0    10    10     0     8    0
kqueuepl   216     3570    0     3561    63    62     1     5     0     8    0
pipepl     336     2465    0     2437    50    47     3     8     0     8    0
fdescpl    496    14656    0    14628     5     0     5     5     0     8    0
filepl     152   102971    0   102728   160   148    12    21     0     8    1
lockfpl    104     4628    0     4626    11    10     1     2     0     8    0
lockfspl    48     1183    0     1181     1     0     1     1     0     8    0
sessionpl  144       48    0       31     1     0     1     1     0     8    0
pgrppl      48       69    0       52     1     0     1     1     0     8    0
ucredpl     96    11511    0    11498     1     0     1     1     0     8    0
zombiepl   144    14689    0    14686     1     0     1     1     0     8    0
processpl  1064   14756    0    14686     5     0     5     5     0     8    0
procpl     672    38256    0    38176    28    20     8     9     0     8    0
srpgc       96       29    0       29    11    11     0     1     0     8    0
sosppl     168       94    0       93    15    14     1     1     0     8    0
sockpl     480    34033    0    33999   552   542    10    35     0     8    4
mcl64k     65536     17    0        0     3     0     3     3     0     8    0
mcl16k     16384     17    0        0     3     1     2     3     0     8    0
mcl12k     12288     17    0        0     2     0     2     2     0     8    0
mcl9k      9216       6    0        0     1     0     1     1     0     8    0
mcl8k      8192      17    0        0     3     0     3     3     0     8    0
mcl4k      4096      17    0        0     3     0     3     3     0     8    0
mcl2k2     2112       9    0        0     1     0     1     1     0     8    0
mcl2k      2048     195    0        0    21     1    20    21     0     8    0
mtagpl      96      746    0        0    17     0    17    17     0     8    0
mbufpl     256     7500    0        0   434     1   433   433     0     8    0
bufpl      288    25504    0    19172   453     0   453   453     0     8    0
anonpl      24  2953077    0  2933220   373   236   137   156     0   186    0
amapchunkpl 152  237528    0   236877    80    49    31    43     0   158    0
amappl16   200    51169    0    50320   249   201    48    60     0     8    0
amappl15   192     5028    0     5026     1     0     1     1     0     8    0
amappl14   184     1305    0     1301     1     0     1     1     0     8    0
amappl13   176      891    0      889     1     0     1     1     0     8    0
amappl12   168      776    0      771     1     0     1     1     0     8    0
amappl11   160     3430    0     3410     3     1     2     2     0     8    0
amappl10   152     1637    0     1631     1     0     1     1     0     8    0
amappl9    144     2002    0     1997     1     0     1     1     0     8    0
amappl8    136     2608    0     2492     5     0     5     5     0     8    0
amappl7    128     1505    0     1490     1     0     1     1     0     8    0
amappl6    120     1906    0     1881     2     1     1     2     0     8    0
amappl5    112    13215    0    13197     1     0     1     1     0     8    0
amappl4    104     7440    0     7405     5     4     1     2     0     8    0
amappl3     96    43213    0    43170     2     0     2     2     0     8    0
amappl2     88    16223    0    16163     3     1     2     3     0     8    0
amappl1     80   351876    0   351280    21     6    15    20     0     8    0
amappl      88    80521    0    80303     7     1     6     6     0    92    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      72      137    0        3     3     0     3     3     0     8    0
uaddrrnd    24    14760    0    14670     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24    14760    0    14670     1     0     1     1     0     8    0
vmmpekpl   168    97561    0    97481     5     1     4     5     0     8    0
vmmpepl    168  1422840    0  1419945   372   220   152   165     0   357    7
vmsppl     368    14759    0    14670    10     1     9     9     0     8    0
rwobjpl     56   361574    0   353589   144    29   115   118     0     8    0
pdppl      4096   29527    0    29402   580   449   131   131     0     8    6
pvpl        32  5741894    0  5720512   629   436   193   260     0   265    0
pmappl     248    14759    0    14670     6     0     6     6     0     8    0
extentpl    40       58    0       38     1     0     1     1     0     8    0
phpool     112     2185    0      881    39     1    38    38     0     8    0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8263e415) at panic+0x177 sys/kern/subr_prf.c:202
pool_do_get(ffffffff829eb950,a,ffff80002446bb18) at pool_do_get+0x436 sys/kern/subr_pool.c:740
pool_get(ffffffff829eb950,a) at pool_get+0xe9 sys/kern/subr_pool.c:584
art_table_get(ffff800000c17600,fffffd807d970d00,10) at art_table_get+0x129 sys/net/art.c:721
art_insert(ffff800000c17600,fffffd807b5ca990,ffff800000bfd9c8,80) at art_insert+0x14a sys/net/art.c:386
rtable_insert(6,ffff800000bfd9c0,0,ffff800000d2e8c0,1,fffffd807da077f8) at rtable_insert+0x2e5 sys/net/rtable.c:598
rtrequest(1,ffff80002446be30,1,ffff80002446bef8,6) at rtrequest+0x89b sys/net/route.c:946
rt_ifa_add(ffff800000e43a00,240404,ffff800000e43a40,6) at rt_ifa_add+0x260 sys/net/route.c:1137
rt_ifa_addlocal(ffff800000e43a00) at rt_ifa_addlocal+0x163 sys/net/route.c:1245
in6_update_ifa(ffff800000c34000,ffff80002446c3a0,0) at in6_update_ifa+0x129e sys/netinet6/in6.c:729
in6_ioctl_change_ifaddr(8080691a,ffff80002446c3a0,ffff800000c34000) at in6_ioctl_change_ifaddr+0x481 sys/netinet6/in6.c:358
ifioctl(fffffd807b367d38,8080691a,ffff80002446c3a0,ffff80002448efc8) at ifioctl+0xdf4 sys/net/if.c:2264
soo_ioctl(fffffd806622f860,8080691a,ffff80002446c3a0,ffff80002448efc8) at soo_ioctl+0x26c
sys_ioctl(ffff80002448efc8,ffff80002446c4b8,ffff80002446c510) at sys_ioctl+0x4a2
syscall(ffff80002446c580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002446c580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf9fbb31390, count: -17
ddb{0}> machine ddbcpu 1
Stopped at      x86_ipi_db+0x1a:        addq    $0x8,%rsp
x86_ipi_db(ffff800020cd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020cd8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff800020cd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020cd8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: -5

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-openbsd-multicore 2022/06/13 15:12 openbsd 48b0cf000ae7 0d5abf15 .config console log report pool: free list modified: art_heap4
* Struck through repros no longer work on HEAD.