panic: vtnet_txq_offload_ctx: mbuf ADDR start NUM offset NUM proto -NUM (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: 6baddb6b1176 release.sh: Don't install git if already pres..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=12e9afe6180000
dashboard link: https://syzkaller.appspot.com/bug?extid=59122d2e848087d3355a

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+59122d...@syzkaller.appspotmail.com

panic: vtnet_txq_offload_ctx: mbuf 0xfffffe006bc4a300 start 14 offset 14 proto -1
cpuid = 1
time = 1711739200
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00744598b0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0074459a10
vpanic() at vpanic+0x26a/frame 0xfffffe0074459bd0
panic() at panic+0xb5/frame 0xfffffe0074459c90
vtnet_txq_encap() at vtnet_txq_encap+0xaae/frame 0xfffffe0074459e10
vtnet_txq_mq_start_locked() at vtnet_txq_mq_start_locked+0x2e0/frame 0xfffffe0074459f10
vtnet_txq_mq_start() at vtnet_txq_mq_start+0xd9/frame 0xfffffe0074459f50
ether_output_frame() at ether_output_frame+0x37d/frame 0xfffffe007445a030
ether_output() at ether_output+0x11b3/frame 0xfffffe007445a1a0
ip_output_send() at ip_output_send+0x301/frame 0xfffffe007445a210
ip_output() at ip_output+0x2ba9/frame 0xfffffe007445a410
udp_send() at udp_send+0x1ad8/frame 0xfffffe007445a650
udp6_send() at udp6_send+0x609/frame 0xfffffe007445a930
sosend_dgram() at sosend_dgram+0x667/frame 0xfffffe007445a9a0
sousrsend() at sousrsend+0x116/frame 0xfffffe007445aa30
kern_sendit() at kern_sendit+0x5b5/frame 0xfffffe007445aba0
sendit() at sendit+0x157/frame 0xfffffe007445abf0
sys_sendto() at sys_sendto+0x181/frame 0xfffffe007445ad10
amd64_syscall() at amd64_syscall+0x473/frame 0xfffffe007445af30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe007445af30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x2aeb2a, rsp = 0x8227c0f08, rbp = 0x8227c0f80 ---
KDB: enter: panic
[ thread pid 1239 tid 100570 ]
Stopped at kdb_enter+0x6e: movq $0,0x21912e7(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe006d800000
rdx 0x3ffff
rbx 0xffffffff82707560 .str.27
rsp 0xfffffe00744599f0
rbp 0xfffffe0074459a10
rsi 0x40001
rdi 0xffffffff815e52b9 printf+0x149
r8 0
r9 0xffffffff
r10 0x1
r11 0
r12 0xfffffe00743cc000
r13 0xfffffffffffffffd
r14 0xffffffff82707560 .str.27
r15 0
rip 0xffffffff815d1dae kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x21912e7(%rip)
db> show proc
Process 1239 (syz-executor.0) at 0xfffffe007430e040:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 770 at 0xfffffe006d20dae0
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: /root/syz-executor.0 exec
reaper: 0xfffffe00541f7040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00743b0000
(map 0xfffffe00743b0000)
(map.pmap 0xfffffe00743b00c0)
(pmap 0xfffffe00743b0130)
threads: 2
100520 RunQ syz-executor.0
100570 Run CPU 1 syz-executor.0
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1239 770 770 0 R (threaded) syz-executor.0
100520 RunQ syz-executor.0
100570 Run CPU 1 syz-executor.0
1237 774 774 0 S (threaded) syz-executor.2
100475 S nanslp 0xffffffff83744480 syz-executor.2
100564 S connec 0xfffffe006a83c49a syz-executor.2
100567 S uwait 0xfffffe00743d0900 syz-executor.2
1234 771 771 0 R (threaded) syz-executor.1
100552 Run CPU 0 syz-executor.1
100562 S connec 0xfffffe006a83c0da syz-executor.1
100566 D biowr 0xfffffe0007f450f8 syz-executor.1
100569 RunQ syz-executor.1
1213 775 775 0 S (threaded) syz-executor.3
100532 S nanslp 0xffffffff83744480 syz-executor.3
100539 S connec 0xfffffe006a83b0da syz-executor.3
100540 S uwait 0xfffffe006a62a680 syz-executor.3
1192 1 1188 0 S umtxn 0xfffffe006a62a480 syz-executor.3
1190 1 1190 0 S uwait 0xfffffe00743d0a00 syz-executor.3
1174 1 1172 0 S uwait 0xfffffe006a629c00 syz-executor.3
1173 1 1173 0 S uwait 0xfffffe006a629100 syz-executor.3
1130 1 1128 0 S uwait 0xfffffe006a62a980 syz-executor.1
1129 1 1129 0 S uwait 0xfffffe0057ab0f00 syz-executor.1
1107 1 1104 0 S uwait 0xfffffe006a628380 syz-executor.3
1106 1 1106 0 S uwait 0xfffffe006a628280 syz-executor.3
1098 1 1095 0 S uwait 0xfffffe006a629700 syz-executor.0
1096 1 1096 0 S uwait 0xfffffe005754bb00 syz-executor.0
1087 1 1085 0 S uwait 0xfffffe006a62a380 syz-executor.0
1086 1 1086 0 S uwait 0xfffffe006a629900 syz-executor.0
1083 1 1079 0 S uwait 0xfffffe006a629300 syz-executor.0
1081 1 1081 0 S uwait 0xfffffe006a629500 syz-executor.0
1067 1 1063 0 S uwait 0xfffffe006a628b80 syz-executor.0
1066 1 1066 0 S uwait 0xfffffe006a629600 syz-executor.0
1038 1 1034 0 S uwait 0xfffffe006a629d00 syz-executor.1
1037 1 1034 0 S uwait 0xfffffe006a629a00 syz-executor.1
1026 1 1020 0 S uwait 0xfffffe005754b700 syz-executor.3
1025 1 1016 0 S uwait 0xfffffe006a62a580 syz-executor.0
1024 1 1020 0 S uwait 0xfffffe006a62a780 syz-executor.3
1022 1 1022 0 S uwait 0xfffffe0057aad080 syz-executor.0
1003 1 999 0 S uwait 0xfffffe0057aadb80 syz-executor.2
1002 1 1002 0 S uwait 0xfffffe005754ba00 syz-executor.2
988 1 986 0 S uwait 0xfffffe0057aad780 syz-executor.0
987 1 987 0 S uwait 0xfffffe0057aad980 syz-executor.0
985 1 982 0 S uwait 0xfffffe0057aad180 syz-executor.0
984 1 984 0 S uwait 0xfffffe005754b800 syz-executor.0
956 1 952 0 S uwait 0xfffffe0057aad280 syz-executor.0
955 1 955 0 S uwait 0xfffffe0057aadc80 syz-executor.0
945 1 941 0 S uwait 0xfffffe0057aad480 syz-executor.0
944 1 944 0 S uwait 0xfffffe005754b900 syz-executor.0
934 1 928 0 S uwait 0xfffffe005754be00 syz-executor.2
932 1 932 0 S uwait 0xfffffe00542add00 syz-executor.2
920 1 917 0 S uwait 0xfffffe0057aad380 syz-executor.1
919 1 919 0 S umtxn 0xfffffe005754bf00 syz-executor.1
899 1 894 0 S uwait 0xfffffe0057549d80 syz-executor.3
898 1 898 0 S uwait 0xfffffe005754a000 syz-executor.3
876 1 873 0 S uwait 0xfffffe0057aada80 syz-executor.3
875 1 875 0 S uwait 0xfffffe0057aae380 syz-executor.3
868 1 868 0 Ss select 0xfffffe00589110c0 rtsol
867 1 867 0 Ss select 0xfffffe0058911140 rtsol
866 1 866 0 Ss select 0xfffffe00589111c0 rtsol
863 788 424 0 S kqread 0xfffffe0058a18400 rtsol
788 776 424 0 S wait 0xfffffe006a8615a0 sh
776 424 424 0 S wait 0xfffffe006d20eb00 sh
775 768 775 0 Ss nanslp 0xffffffff83744481 syz-executor.3
774 768 774 0 Ss nanslp 0xffffffff83744481 syz-executor.2
771 768 771 0 Ss nanslp 0xffffffff83744480 syz-executor.1
770 768 770 0 Ss nanslp 0xffffffff83744481 syz-executor.0
768 766 766 0 S (threaded) syz-fuzzer
100115 S uwait 0xfffffe0057aaec00 syz-fuzzer
100118 S uwait 0xfffffe0057aade00 syz-fuzzer
100119 S uwait 0xfffffe0057aadf00 syz-fuzzer
100120 S uwait 0xfffffe0057aae080 syz-fuzzer
100121 S uwait 0xfffffe006a62b780 syz-fuzzer
100122 S uwait 0xfffffe006a62b880 syz-fuzzer
100123 S wait 0xfffffe006d20f060 syz-fuzzer
100126 S wait 0xfffffe006d20f060 syz-fuzzer
100128 S wait 0xfffffe006d20f060 syz-fuzzer
100129 S wait 0xfffffe006d20f060 syz-fuzzer
100130 S uwait 0xfffffe0057aad580 syz-fuzzer
100138 S kqread 0xfffffe00589e4500 syz-fuzzer
100196 S uwait 0xfffffe005754bd00 syz-fuzzer
766 764 766 0 Ss pause 0xfffffe006d20e650 csh
764 682 764 0 Ss select 0xfffffe0058912a40 sshd
748 1 748 0 Ss+ ttyin 0xfffffe00576904b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe00587f08b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe00587f10b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00587f18b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe00543410b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe00543418b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe00543420b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe00543428b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe00543430b0 getty
738 1 18 0 S+ piperd 0xfffffe0058f466c0 logger
737 736 18 0 S+ nanslp 0xffffffff83744480 sleep
736 1 18 0 S+ wait 0xfffffe00571b8040 sh
686 1 686 0 Ss nanslp 0xffffffff83744481 cron
682 1 682 0 Ss select 0xfffffe00589123c0 sshd
495 1 495 0 Ss select 0xfffffe0058912b40 syslogd
424 1 424 0 Ss wait 0xfffffe0057be3b00 devd
423 1 423 65 Ss select 0xfffffe0058a25b40 dhclient
338 1 338 0 Ss select 0xfffffe0058a25c40 dhclient
335 1 335 0 Ss select 0xfffffe0058a25cc0 dhclient
17 0 0 0 DL syncer 0xffffffff83861ba0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe00571b9060 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83860180 [bufdaemon]
100082 D - 0xffffffff82c0a140 [bufspacedaemon-0]
100093 D sdflush 0xfffffe006a635ce8 [/ worker]
9 0 0 0 DL psleep 0xffffffff838a9680 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff838914f8 [dom0]
100080 D launds 0xffffffff83891504 [laundry: dom0]
100081 D umarcl 0xffffffff81d6cf60 [uma]
7 0 0 0 DL - 0xffffffff834c1cb0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff84148ea0 [pf purge]
5 0 0 0 DL waiting 0xffffffff844955c0 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100044 D - 0xffffffff8348c340 [doneq0]
100045 D - 0xffffffff8348c2c0 [async]
100076 D - 0xffffffff8348c140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff8388cd20 [crypto]
100042 D crypto_ 0xfffffe00085e8830 [crypto returns 0]
100043 D crypto_ 0xfffffe00085e8880 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe00085fe488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff836ece00 [g_event]
100036 D - 0xffffffff836ece20 [g_up]
100037 D - 0xffffffff836ece40 [g_down]
2 0 0 0 WL (threaded) [clock]
100029 I [clock (0)]
100030 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100012 I [swi6: task queue]
100013 I [swi6: Giant taskq]
100015 I [swi5: fast taskq]
100031 I [swi1: netisr 0]
100032 I [swi1: hpts]
100033 I [swi1: hpts]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq33: virtio_pci2]
100060 I [irq34: virtio_pci2]
100061 I [irq35: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe00541f7040 [init]
10 0 0 0 DL audit_w 0xffffffff8388d780 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff836ed7e0 [swapper]
100005 D - 0xfffffe00079e3000 [softirq_0]
100006 D - 0xfffffe00079e2e00 [softirq_1]
100007 D - 0xfffffe00079e2d00 [if_io_tqg_0]
100008 D - 0xfffffe00079e2c00 [if_io_tqg_1]
100009 D - 0xfffffe00079e2b00 [if_config_tqg_0]
100010 D - 0xfffffe00079e2a00 [pci_hp taskq]
100011 D - 0xfffffe00079e2900 [kqueue_ctx taskq]
100014 D - 0xfffffe00079e2600 [thread taskq]
100016 D - 0xfffffe00079e2400 [aiod_kick taskq]
100017 D - 0xfffffe00079e2300 [deferred_unmount ta]
100018 D - 0xfffffe00079e2200 [inm_free taskq]
100019 D - 0xfffffe00079e2100 [in6m_free taskq]
100020 D - 0xfffffe00079e2000 [linuxkpi_irq_wq]
100021 D - 0xfffffe00079e1e00 [linuxkpi_short_wq_0]
100022 D - 0xfffffe00079e1e00 [linuxkpi_short_wq_1]
100023 D - 0xfffffe00079e1e00 [linuxkpi_short_wq_2]
100024 D - 0xfffffe00079e1e00 [linuxkpi_short_wq_3]
100025 D - 0xfffffe00079e1d00 [linuxkpi_long_wq_0]
100026 D - 0xfffffe00079e1d00 [linuxkpi_long_wq_1]
100027 D - 0xfffffe00079e1d00 [linuxkpi_long_wq_2]
100028 D - 0xfffffe00079e1d00 [linuxkpi_long_wq_3]
100034 D - 0xfffffe00079e1c00 [firmware taskq]
100039 D - 0xfffffe00079e1100 [crypto_0]
100040 D - 0xfffffe00079e1100 [crypto_1]
100055 D - 0xfffffe00079e0900 [vtnet0 rxq 0]
100056 D - 0xfffffe00079e0800 [vtnet0 txq 0]
100057 D - 0xfffffe00079e0700 [vtnet0 rxq 1]
100058 D - 0xfffffe00079e0600 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0057178280 [virtio_balloon]
100066 D - 0xffffffff8270c7a0 [deadlkres]
100070 D - 0xfffffe00079e0b00 [acpi_task_0]
100071 D - 0xfffffe00079e0b00 [acpi_task_1]
100072 D - 0xfffffe00079e0b00 [acpi_task_2]
100074 D - 0xfffffe00079e3100 [mca taskq]
100075 D - 0xfffffe00079e0a00 [CAM taskq]
db> show all locks
Process 1239 (syz-executor.0) thread 0xfffffe00743cc000 (100570)
exclusive sleep mutex vtnet0-tx1 (vtnet0-tx1) r = 0 (0xfffffe0057555b00) locked @ /syzkaller/managers/main/kernel/sys/dev/virtio/network/if_vtnet.c:2778
exclusive rw udpinp (udpinp) r = 0 (0xfffffe006d1cde20) locked @ /syzkaller/managers/main/kernel/sys/netinet/udp_usrreq.c:1129
Process 1234 (syz-executor.1) thread 0xfffffe00743cb740 (100566)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007f45178) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:1741
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe00741fce70) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1176
Process 1234 (syz-executor.1) thread 0xfffffe0074395740 (100569)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007f3f7c0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:1741
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe00741fbaf0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1176
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
linker 371 4922K 481
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4217
sysctloid 34865 2055K 34936
vtbuf 24 1968K 46
kobj 326 1304K 488
newblk 800 1224K 1701
vfscache 3 1025K 3
filedesc 98 778K 817
pcb 107 759K 818
inodedep 141 565K 442
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 205 418K 1351
vnet_data 2 224K 2
acpitask 1 224K 1
acpica 1674 184K 60830
tidhash 3 141K 3
pagedep 46 140K 363
vmem 3 134K 4
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 109 109K 126
sem 4 106K 4
gtaskqueue 18 98K 18
bus 985 81K 5155
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
kdtrace 282 53K 1811
umtx 400 50K 400
sctp_stro 40 40K 102
temp 35 37K 1845
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 128 32K 138
sctp_atcl 80 30K 501
msg 4 30K 4
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
ifaddr 66 19K 68
BPF 14 19K 14
dirrem 71 18K 376
ufs_mount 4 17K 5
proc 3 17K 3
LRO 16 17K 16
tty 16 16K 16
ithread 97 16K 97
routetbl 124 16K 395
bus-sc 34 15K 1687
eventhandler 162 14K 162
crypto 44 14K 52
lltable 43 14K 46
KTRACE 100 13K 100
ifnet 7 13K 7
ether_multi 152 13K 162
kenv 95 12K 95
kqueue 98 11K 1260
GEOM 61 11K 481
rman 86 11K 451
CAM queue 5 11K 1528
in6_multi 65 9K 65
bmsafemap 3 9K 423
rpc 4 9K 4
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 31
shmfd 1 8K 2
pfs_vncache 1 8K 1
audit_evclass 238 8K 300
taskqueue 63 7K 63
freefile 51 7K 337
sctp_timw 25 7K 25
diradd 50 7K 409
sglist 6 7K 6
cred 24 6K 230
CAM DEV 3 6K 510
pwddesc 94 6K 1248
pfs_nodes 22 6K 22
plimit 21 6K 333
DEVFSP 81 6K 131
sctp_atky 120 5K 631
hhook 15 5K 17
ufs_dirhash 24 5K 24
newdirblk 36 5K 353
UMA 267 5K 267
pf_ifnet 10 5K 19
cryptodev 63 5K 177
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
proc-args 125 4K 2294
mkdir 28 4K 706
acpisem 28 4K 28
session 27 4K 37
kcovinfo 52 4K 52
terminal 11 3K 11
indirdep 10 3K 328
clone 9 3K 9
uidinfo 3 3K 7
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
CC Mem 8 2K 111
selfd 32 2K 16496
ip6ndp 12 2K 14
Unitno 29 2K 49
sctp_ifa 13 2K 14
tun 7 2K 7
CAM XPT 22 2K 543
lockf 15 2K 22
msi 12 2K 12
in_multi 6 2K 8
toponodes 6 2K 6
select 11 2K 32
sctp_athm 80 2K 525
sctp_map 80 2K 204
ipsecpolicy 2 2K 2
acpidev 20 2K 20
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 8
NFSD session 1 1K 1
CAM periph 4 1K 271
ipsec 3 1K 3
sctp_ifn 6 1K 14
mld 6 1K 6
igmp 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
encap_export_host 12 1K 12
inpcbpolicy 19 1K 318
netlink 2 1K 31
procdesc 4 1K 10
osd 13 1K 124
cdev 2 1K 2
lkpikmalloc 8 1K 9
chacha20random 1 1K 1
biobuf 1 1K 1
vnodes 1 1K 1
iov 4 1K 14127
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
pf_osfp 2 1K 2
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
soname 7 1K 3793
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
filecaps 4 1K 78
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 38
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
freework 1 1K 604
p1003.1b 1 1K 1
filemon 0 0K 3
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 615
sctp_iter 0 0K 10
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 10
sctp_aadr 0 0K 0
sctp_stri 0 0K 48
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
mqdata 0 0K 0
tcp_pcm_rack 0 0K 37
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 72
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 438
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 367
freefrag 0 0K 5
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 11
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 199
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 5
aio 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 129
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 646
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 28
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8326 1072 24997 0 254 38494208 0
mbuf 256 8651 1012 45749 0 254 2473728 0
BUF TRIE 144 239 11577 971 0 62 1701504 0
malloc-384 384 4262 88 4564 0 30 1670400 0
mbuf_cluster 2048 762 0 762 0 254 1560576 0
malloc-128 128 11548 170 12627 0 126 1499904 0
malloc-4096 4096 328 4 495 0 2 1359872 0
UMA Slabs 0 112 11026 20 11026 0 126 1237152 0
sctp_asoc 2256 40 470 102 0 254 1150560 0
RADIX NODE 144 7338 245 37456 0 62 1091952 0
vmem btag 56 16624 119 16624 0 254 937608 0
malloc-16384 16384 49 4 407 0 1 868352 0
FFS inode 1168 557 31 895 0 8 686784 0
malloc-65536 65536 10 0 13 0 1 655360 0
sctp_ep 1176 40 470 375 0 254 599760 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0
socket 960 36 472 1902 0 254 487680 0
VM OBJECT 264 1588 62 19799 0 30 435600 0
malloc-4096 4096 102 4 1248 0 2 434176 0
malloc-2048 2048 5 203 1228 0 8 425984 0
malloc-65536 65536 6 0 6 0 1 393216 0
sctp_raddr 736 40 477 102 0 254 380512 0
THREAD 1824 187 13 570 0 8 364800 0
256 Bucket 2048 149 3 1085 0 8 311296 0
VNODE 448 596 97 936 0 30 310464 0
malloc-256 256 996 189 2168 0 62 303360 0
malloc-64 64 3924 423 21547 0 254 278208 0
MAP ENTRY 96 2445 201 56596 0 126 254016 0
malloc-16 16 14390 360 14553 0 254 236000 0
DEVCTL 1024 22 198 147 0 0 225280 0
tcp_log 416 29 484 223 0 254 213408 0
malloc-32768 32768 0 6 301 0 1 196608 0
malloc-32768 32768 6 0 6 0 1 196608 0
mbuf_packet 256 46 716 1965 0 254 195072 0
UMA Zones 768 239 0 239 0 16 183552 0
malloc-32 32 5294 376 5327 0 254 181440 0
FPU_save_area 832 189 27 1371 0 16 179712 0
malloc-128 128 1144 251 5358 0 126 178560 0
malloc-128 128 1178 217 28711 0 126 178560 0
lkpimm 56 1 3095 1 0 254 173376 0
malloc-1024 1024 134 26 151 0 16 163840 0
FFS2 dinode 256 557 73 894 0 62 161280 0
PROC 1376 93 17 1239 0 8 151360 0
S VFS Cache 104 1018 386 1438 0 126 146016 0
malloc-65536 65536 0 2 62 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-2048 2048 47 17 398 0 8 131072 0
unpcb 256 14 496 1183 0 254 130560 0
ksiginfo 112 90 954 940 0 126 116928 0
filedesc0 1072 94 11 1248 0 8 112560 0
malloc-256 256 307 68 1673 0 62 96000 0
malloc-8192 8192 10 1 12 0 1 90112 0
malloc-4096 4096 20 2 40 0 2 90112 0
UMA Kegs 384 226 7 226 0 30 89472 0
g_bio 408 4 206 9260 0 30 85680 0
128 Bucket 1024 53 30 280 0 16 84992 0
malloc-256 256 175 140 1213 0 62 80640 0
sctp_readq 152 0 520 18 0 254 79040 0
sctp_chunk 152 33 487 75 0 254 79040 0
64 Bucket 512 75 61 1827 0 30 69632 0
malloc-384 384 164 16 165 0 30 69120 0
malloc-64 64 537 534 741 0 254 68544 0
malloc-64 64 577 494 2102 0 254 68544 0
malloc-128 128 350 177 503 0 126 67456 0
DIRHASH 1024 35 29 35 0 16 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 0 1 8 0 1 65536 0
malloc-1024 1024 44 20 271 0 16 65536 0
malloc-256 256 94 161 1609 0 62 65280 0
32 Bucket 256 69 186 1482 0 62 65280 0
sctp_stream_msg_out 112 9 531 63 0 254 60480 0
VMSPACE 616 77 19 1224 0 16 59136 0
malloc-128 128 118 285 874 0 126 51584 0
malloc-256 256 52 143 1346 0 62 49920 0
NAMEI 1024 0 48 14592 0 16 49152 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-8192 8192 6 0 32 0 1 49152 0
malloc-1024 1024 7 41 1546 0 16 49152 0
malloc-384 384 81 39 502 0 30 46080 0
da_ccb 544 1 83 2447 0 16 45696 0
syncache 168 0 264 4 0 254 44352 0
tcp_inpcb 1312 8 25 111 0 8 43296 0
TURNSTILE 136 201 114 201 0 62 42840 0
pcpu-8 8 4725 395 4881 0 254 40960 0
udp_inpcb 424 7 83 167 0 30 38160 0
malloc-64 64 159 408 1416 0 254 36288 0
malloc-64 64 12 555 13616 0 254 36288 0
malloc-64 64 120 447 1905 0 254 36288 0
malloc-64 64 223 344 267 0 254 36288 0
malloc-64 64 255 312 309 0 254 36288 0
tcp_bbr_map 128 0 279 6 0 126 35712 0
tcp_rack_map 128 0 279 156 0 126 35712 0
malloc-128 128 46 233 165 0 126 35712 0
malloc-128 128 29 250 77 0 126 35712 0
malloc-128 128 112 167 116 0 126 35712 0
routing nhops 256 26 109 33 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 46 44 61 0 30 34560 0
malloc-256 256 65 70 204 0 62 34560 0
malloc-256 256 29 106 349 0 62 34560 0
malloc-256 256 7 128 37 0 62 34560 0
SLEEPQUEUE 88 201 183 201 0 126 33792 0
malloc-32768 32768 0 1 120 0 1 32768 0
malloc-32768 32768 1 0 12 0 1 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-8192 8192 3 1 104 0 1 32768 0
malloc-4096 4096 2 6 791 0 2 32768 0
malloc-2048 2048 11 5 52 0 8 32768 0
malloc-2048 2048 11 5 11 0 8 32768 0
malloc-2048 2048 4 12 63 0 8 32768 0
malloc-1024 1024 3 29 12 0 16 32768 0
malloc-1024 1024 9 23 10 0 16 32768 0
malloc-1024 1024 5 27 20 0 16 32768 0
malloc-1024 1024 10 22 13 0 16 32768 0
malloc-512 512 5 59 31 0 30 32768 0
malloc-512 512 0 64 132 0 30 32768 0
malloc-512 512 10 54 110 0 30 32768 0
malloc-512 512 2 62 6 0 30 32768 0
pcpu-64 64 488 24 488 0 254 32768 0
ertt_txseginfo 40 1 807 3119 0 254 32320 0
KNOTE 160 33 167 4358 0 62 32000 0
ttyinq 160 135 65 300 0 62 32000 0
Files 80 213 187 8343 0 126 32000 0
PGRP 120 65 199 104 0 126 31680 0
clpbuf 2624 0 12 26 0 4 31488 0
tcp_bbr_pcb 832 0 36 24 0 16 29952 0
sctp_laddr 48 0 588 21 0 254 28224 0
malloc-32 32 276 606 1290 0 254 28224 0
16 Bucket 144 67 129 353 0 62 28224 0
4 Bucket 48 5 583 8 0 254 28224 0
udplite_inpcb 424 0 63 19 0 30 26712 0
cpuset 200 7 121 7 0 62 25600 0
ripcb 392 4 59 21 0 30 24696 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-8192 8192 1 2 4 0 1 24576 0
malloc-4096 4096 5 1 8 0 2 24576 0
tcp_rack_pcb 1216 0 20 36 0 8 24320 0
rl_entry 40 48 558 48 0 254 24240 0
PWD 40 38 568 440 0 254 24240 0
rtentry 168 29 115 33 0 62 24192 0
pipe 728 20 13 336 0 16 24024 0
8 Bucket 80 72 228 396 0 126 24000 0
malloc-384 384 34 26 65 0 30 23040 0
malloc-384 384 30 30 33 0 30 23040 0
hostcache 64 2 313 2 0 254 20160 0
udp_inpcb ports 32 4 626 34 0 254 20160 0
tcp_inpcb ports 32 6 624 53 0 254 20160 0
ertt 72 8 272 111 0 126 20160 0
malloc-32 32 102 528 167 0 254 20160 0
malloc-32 32 26 604 113 0 254 20160 0
malloc-32 32 54 576 119 0 254 20160 0
malloc-32 32 207 423 5104 0 254 20160 0
malloc-32 32 49 581 348 0 254 20160 0
2 Bucket 32 61 569 471 0 254 20160 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 0 1 160 0 1 16384 0
malloc-16384 16384 0 1 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 1 1 20 0 1 16384 0
malloc-4096 4096 2 2 5 0 2 16384 0
malloc-2048 2048 3 5 3 0 8 16384 0
malloc-2048 2048 0 8 40 0 8 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-1024 1024 1 15 1 0 16 16384 0
malloc-512 512 4 28 4 0 30 16384 0
malloc-512 512 0 32 1 0 30 16384 0
SMR CPU 32 7 504 7 0 254 16352 0
tcpreass 48 0 336 1 0 254 16128 0
kenv 258 17 43 1071 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
vmem 1856 1 7 1 0 8 14848 0
domainset 40 0 315 2 0 254 12600 0
SMR SHARED 24 7 504 7 0 254 12264 0
malloc-32 32 157 221 922 0 254 12096 0
vtnet_tx_hdr 24 1 500 9416 0 254 12024 0
malloc-16 16 28 722 44 0 254 12000 0
malloc-16 16 15 735 164 0 254 12000 0
malloc-16 16 89 661 475 0 254 12000 0
malloc-16 16 278 472 3707 0 254 12000 0
malloc-16 16 36 714 164 0 254 12000 0
malloc-16 16 432 318 30294 0 254 12000 0
malloc-16 16 14 736 17 0 254 12000 0
malloc-384 384 0 30 343 0 30 11520 0
malloc-384 384 2 28 2 0 30 11520 0
Mountpoints 2816 2 2 2 0 4 11264 0
malloc-8192 8192 1 0 1 0 1 8192 0
pcpu-16 16 4 252 4 0 254 4096 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: 6baddb6b1176 release.sh: Don't install git if already pres..
git tree: freebsd-src

console output: https://syzkaller.appspot.com/x/log.txt?x=10583ae5180000
dashboard link: https://syzkaller.appspot.com/bug?extid=59122d2e848087d3355a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=142ba6e5180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17526019180000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+59122d...@syzkaller.appspotmail.com

panic: vtnet_txq_offload_ctx: mbuf 0xfffffe006d408800 start 14 offset 14 proto -1
cpuid = 1
time = 1711740019
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe006a5d08b0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe006a5d0a10
vpanic() at vpanic+0x26a/frame 0xfffffe006a5d0bd0
panic() at panic+0xb5/frame 0xfffffe006a5d0c90
vtnet_txq_encap() at vtnet_txq_encap+0xaae/frame 0xfffffe006a5d0e10
vtnet_txq_mq_start_locked() at vtnet_txq_mq_start_locked+0x2e0/frame 0xfffffe006a5d0f10
vtnet_txq_mq_start() at vtnet_txq_mq_start+0xd9/frame 0xfffffe006a5d0f50
ether_output_frame() at ether_output_frame+0x37d/frame 0xfffffe006a5d1030
ether_output() at ether_output+0x11b3/frame 0xfffffe006a5d11a0
ip_output_send() at ip_output_send+0x301/frame 0xfffffe006a5d1210
ip_output() at ip_output+0x2ba9/frame 0xfffffe006a5d1410
udp_send() at udp_send+0x1ad8/frame 0xfffffe006a5d1650
udp6_send() at udp6_send+0x609/frame 0xfffffe006a5d1930
sosend_dgram() at sosend_dgram+0x667/frame 0xfffffe006a5d19a0
sousrsend() at sousrsend+0x116/frame 0xfffffe006a5d1a30
kern_sendit() at kern_sendit+0x5b5/frame 0xfffffe006a5d1ba0
sendit() at sendit+0x157/frame 0xfffffe006a5d1bf0
sys_sendto() at sys_sendto+0x181/frame 0xfffffe006a5d1d10
amd64_syscall() at amd64_syscall+0x473/frame 0xfffffe006a5d1f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe006a5d1f30
--- syscall (0, FreeBSD ELF64, syscall), rip = 0x233eca, rsp = 0x820943d58, rbp = 0x820943d70 ---
KDB: enter: panic
[ thread pid 773 tid 100115 ]

Stopped at kdb_enter+0x6e: movq $0,0x21912e7(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12

rcx 0xfffffe00033eee30
rdx 0xdffff7c000000000
rbx 0xffffffff82707560 .str.27
rsp 0xfffffe006a5d09f0
rbp 0xfffffe006a5d0a10
rsi 0
rdi 0xffffffff82c084b0 panicstr

r8 0
r9 0xffffffff
r10 0x1
r11 0

r12 0xfffffe005898d000

r13 0xfffffffffffffffd
r14 0xffffffff82707560 .str.27
r15 0
rip 0xffffffff815d1dae kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x21912e7(%rip)
db> show proc

Process 773 (syz-executor1679261) at 0xfffffe006aaa1b00:

state: NORMAL
uid: 0 gids: 0, 0, 5

parent: pid 771 at 0xfffffe006aaa25c0
ABI: FreeBSD ELF64
flag: 0x10004000 flag2: 0
arguments: ./syz-executor1679261526

reaper: 0xfffffe00541f7040 reapsubtree: 1
sigparent: 20

vmspace: 0xfffffe006aa6b000
(map 0xfffffe006aa6b000)
(map.pmap 0xfffffe006aa6b0c0)
(pmap 0xfffffe006aa6b130)
threads: 1
100115 Run CPU 1 syz-executor1679261

db> ps
pid ppid pgrp uid state wmesg wchan cmd

773 771 771 0 R CPU 1 syz-executor1679261
771 769 771 0 Ss pause 0xfffffe006aaa2670 csh
769 682 769 0 Ss select 0xfffffe006d22e740 sshd

748 1 748 0 Ss+ ttyin 0xfffffe00576904b0 getty

747 1 747 0 Ss+ ttyin 0xfffffe00587f14b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe00587f1cb0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00576a74b0 getty

744 1 744 0 Ss+ ttyin 0xfffffe00543410b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe00543418b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe00543420b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe00543428b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe00543430b0 getty

738 1 18 0 S+ piperd 0xfffffe0058f34b60 logger

737 736 18 0 S+ nanslp 0xffffffff83744480 sleep

736 1 18 0 S+ wait 0xfffffe006aaa1040 sh
686 1 686 0 Ss nanslp 0xffffffff83744480 cron
682 1 682 0 Ss select 0xfffffe0058a00ac0 sshd
495 1 495 0 Ss select 0xfffffe006d22ef40 syslogd
424 1 424 0 Ss select 0xfffffe005892e5c0 devd
423 1 423 65 Ss select 0xfffffe0058920e40 dhclient
338 1 338 0 Ss select 0xfffffe005892e040 dhclient
335 1 335 0 Ss select 0xfffffe0058920f40 dhclient

17 0 0 0 DL syncer 0xffffffff83861ba0 [syncer]

16 0 0 0 DL vlruwt 0xfffffe00571b8040 [vnlru]

15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83860180 [bufdaemon]

100080 D - 0xffffffff82c0a140 [bufspacedaemon-0]
100095 D sdflush 0xfffffe006a810ce8 [/ worker]

9 0 0 0 DL psleep 0xffffffff838a9680 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff838914f8 [dom0]

100081 D launds 0xffffffff83891504 [laundry: dom0]
100082 D umarcl 0xffffffff81d6cf60 [uma]

7 0 0 0 DL - 0xffffffff834c1cb0 [rand_harvestq]

6 0 0 0 DL pftm 0xffffffff843c7ea0 [pf purge]
5 0 0 0 DL waiting 0xffffffff841d15c0 [sctp_iterator]

4 0 0 0 DL (threaded) [cam]
100044 D - 0xffffffff8348c340 [doneq0]
100045 D - 0xffffffff8348c2c0 [async]
100076 D - 0xffffffff8348c140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff8388cd20 [crypto]
100042 D crypto_ 0xfffffe00085e8830 [crypto returns 0]
100043 D crypto_ 0xfffffe00085e8880 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe00085fe488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff836ece00 [g_event]
100036 D - 0xffffffff836ece20 [g_up]
100037 D - 0xffffffff836ece40 [g_down]
2 0 0 0 WL (threaded) [clock]
100029 I [clock (0)]
100030 I [clock (1)]

12 0 0 0 RL (threaded) [intr]

100012 I [swi6: task queue]
100013 I [swi6: Giant taskq]
100015 I [swi5: fast taskq]

100031 RunQ [swi1: netisr 0]

100032 I [swi1: hpts]
100033 I [swi1: hpts]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq33: virtio_pci2]
100060 I [irq34: virtio_pci2]
100061 I [irq35: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]

100003 Run CPU 0 [idle: cpu0]

100066 D - 0xffffffff8270c7a1 [deadlkres]

100070 D - 0xfffffe00079e0b00 [acpi_task_0]
100071 D - 0xfffffe00079e0b00 [acpi_task_1]
100072 D - 0xfffffe00079e0b00 [acpi_task_2]
100074 D - 0xfffffe00079e3100 [mca taskq]
100075 D - 0xfffffe00079e0a00 [CAM taskq]
db> show all locks

Process 773 (syz-executor1679261) thread 0xfffffe005898d000 (100115)

exclusive sleep mutex vtnet0-tx1 (vtnet0-tx1) r = 0 (0xfffffe0057555b00) locked @ /syzkaller/managers/main/kernel/sys/dev/virtio/network/if_vtnet.c:2778

exclusive rw udpinp (udpinp) r = 0 (0xfffffe0058fe6720) locked @ /syzkaller/managers/main/kernel/sys/netinet/udp_usrreq.c:1129

db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
linker 371 4922K 481
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4217
sysctloid 34865 2055K 34936
vtbuf 24 1968K 46
kobj 326 1304K 488

newblk 856 1238K 874
vfscache 3 1025K 3
pcb 23 669K 42
inodedep 50 531K 71

ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4

vnet_data 2 224K 2
acpitask 1 224K 1
acpica 1674 184K 60830

subproc 96 181K 830
tidhash 3 141K 3
vmem 3 134K 4
pagedep 14 132K 18

tfo_ccache 1 128K 1
IP reass 1 128K 1

sem 4 106K 4
DEVFS1 105 105K 114

gtaskqueue 18 98K 18
bus 985 81K 5155
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1

temp 18 37K 1566

hostcache 1 32K 1
shm 1 32K 1

kdtrace 156 32K 890
DEVFS3 124 31K 134
msg 4 30K 4
umtx 240 30K 240

kbdmux 6 28K 6
DEVFS_RULE 56 20K 56

BPF 10 18K 10

ufs_mount 4 17K 5
proc 3 17K 3

tty 16 16K 16
ithread 97 16K 97

bus-sc 34 15K 1687
eventhandler 162 14K 162

KTRACE 100 13K 100
kenv 95 12K 95
ifaddr 30 12K 32
GEOM 61 11K 481
routetbl 50 11K 176

rman 86 11K 451
CAM queue 5 11K 1528

bmsafemap 3 9K 40

rpc 4 9K 4
devstat 4 9K 4
UART 12 9K 12

ksem 1 8K 1
shmfd 1 8K 1

pfs_vncache 1 8K 1
audit_evclass 238 8K 300
taskqueue 63 7K 63

sglist 6 7K 6

CAM DEV 3 6K 510

cred 23 6K 274
pfs_nodes 22 6K 22

hhook 15 5K 17
ufs_dirhash 24 5K 24

UMA 267 5K 267
dirrem 17 5K 28
plimit 17 5K 322
ifnet 3 5K 3

vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32

filedesc 1 4K 1
evdev 4 4K 4
acpisem 28 4K 28
ether_multi 40 4K 50
diradd 25 4K 36
lltable 11 4K 11
pf_ifnet 5 3K 6
in6_multi 25 3K 25
terminal 11 3K 11
session 20 3K 31
kqueue 40 3K 776
pwddesc 40 3K 774
clone 9 3K 9
uidinfo 3 3K 8
proc-args 62 3K 1696

local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2

selfd 27 2K 13045
Unitno 27 2K 41

CAM XPT 22 2K 543
lockf 15 2K 22
msi 12 2K 12

toponodes 6 2K 6

ipsecpolicy 2 2K 2
acpidev 20 2K 20
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1

vnodemarker 2 1K 8
NFSD session 1 1K 1

select 7 1K 29

CAM periph 4 1K 271
ipsec 3 1K 3

indirdep 3 1K 3
CC Mem 3 1K 7
nhops 6 1K 6

pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10

sctp_ifa 5 1K 6
crypto 4 1K 4
ip6ndp 4 1K 5
encap_export_host 12 1K 12
newdirblk 4 1K 8
mkdir 4 1K 16
netlink 2 1K 12
in_multi 2 1K 4

cdev 2 1K 2
lkpikmalloc 8 1K 9

osd 8 1K 20

chacha20random 1 1K 1
biobuf 1 1K 1

inpcbpolicy 11 1K 140
sctp_ifn 2 1K 6
mld 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1

NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1

DEVFSP 4 1K 9

DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7

tcpfunc 3 1K 3
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49

nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2

procdesc 1 1K 6

pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1

soname 4 1K 3330
filecaps 4 1K 66
tun 3 1K 3

sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1

entropy 2 1K 35

acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1

freework 1 1K 26
p1003.1b 1 1K 1

ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0

tcp_pcm_rack 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0

pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0

pf_osfp 0 0K 0

pf_krule_item 0 0K 0
pf_temp 0 0K 0
mqdata 0 0K 0

sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 4
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0

sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0

sctp_athm 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 4
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
filemon 0 0K 0

savedino 0 0K 13

sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0

freefile 0 0K 9
freeblks 0 0K 25
freefrag 0 0K 7

ip6opt 0 0K 3

ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0

LRO 0 0K 0

ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 0

statfs 0 0K 195

namei_tracker 0 0K 0
export_host 0 0K 0

cl_savebuf 0 0K 7

aio 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0

iov 0 0K 13575
ioctlops 0 0K 86

eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0

sysctltmp 0 0K 649

sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0

kcovinfo 0 0K 0

tcp_log_dev 0 0K 0

mbuf_jumbo_page 4096 8320 1078 16120 0 254 38494208 0
mbuf 256 8580 1082 19866 0 254 2473472 0
BUF TRIE 144 228 11588 583 0 62 1701504 0
malloc-384 384 4167 33 4189 0 30 1612800 0
malloc-128 128 11491 227 11557 0 126 1499904 0
malloc-4096 4096 327 3 490 0 2 1351680 0
UMA Slabs 0 112 10656 30 10656 0 126 1196832 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 15372 75 15372 0 254 865032 0
malloc-65536 65536 10 1 13 0 1 720896 0
FFS inode 1168 515 17 524 0 8 621376 0

lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0

RADIX NODE 144 3429 122 23965 0 62 511344 0
socket 960 19 489 1315 0 254 487680 0

malloc-65536 65536 6 0 6 0 1 393216 0

malloc-256 256 1048 77 1219 0 62 288000 0
256 Bucket 2048 116 20 970 0 8 278528 0
malloc-64 64 3865 230 17627 0 254 262080 0
VM OBJECT 264 940 50 14135 0 30 261360 0
VNODE 448 545 31 556 0 30 258048 0
malloc-16 16 14385 365 14449 0 254 236000 0
DEVCTL 1024 0 220 123 0 0 225280 0
THREAD 1824 115 5 115 0 8 218880 0
malloc-4096 4096 48 4 782 0 2 212992 0

malloc-32768 32768 6 0 6 0 1 196608 0

UMA Zones 768 239 0 239 0 16 183552 0

malloc-32 32 5294 376 5325 0 254 181440 0
malloc-128 128 1178 217 28688 0 126 178560 0

lkpimm 56 1 3095 1 0 254 173376 0

malloc-1024 1024 130 14 139 0 16 147456 0
malloc-128 128 977 170 5129 0 126 146816 0
FFS2 dinode 256 515 55 524 0 62 145920 0
malloc-65536 65536 0 2 46 0 1 131072 0

malloc-65536 65536 0 2 110 0 1 131072 0

unpcb 256 7 503 1158 0 254 130560 0
mbuf_packet 256 0 508 117 0 254 130048 0
S VFS Cache 104 982 188 1023 0 126 121680 0
MAP ENTRY 96 893 367 40293 0 126 120960 0
ksiginfo 112 38 1006 53 0 126 116928 0
malloc-2048 2048 5 51 1228 0 8 114688 0
FPU_save_area 832 117 18 129 0 16 112320 0

malloc-8192 8192 10 1 12 0 1 90112 0
malloc-4096 4096 20 2 40 0 2 90112 0
UMA Kegs 384 226 7 226 0 30 89472 0

g_bio 408 0 210 4745 0 30 85680 0
128 Bucket 1024 38 45 249 0 16 84992 0
PROC 1376 39 16 773 0 8 75680 0
malloc-64 64 530 541 1904 0 254 68544 0
malloc-128 128 338 189 421 0 126 67456 0

malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 0 1 8 0 1 65536 0

malloc-32768 32768 0 2 120 0 1 65536 0
malloc-32768 32768 1 1 12 0 1 65536 0
malloc-256 256 190 65 1166 0 62 65280 0
filedesc0 1072 40 16 774 0 8 60032 0
64 Bucket 512 65 39 991 0 30 53248 0
malloc-64 64 485 334 689 0 254 52416 0
malloc-256 256 94 101 321 0 62 49920 0
32 Bucket 256 61 134 906 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
NAMEI 1024 0 48 12092 0 16 49152 0

malloc-16384 16384 3 0 3 0 1 49152 0
malloc-8192 8192 6 0 32 0 1 49152 0

malloc-1024 1024 7 41 1411 0 16 49152 0
malloc-384 384 109 11 110 0 30 46080 0
da_ccb 544 0 84 1325 0 16 45696 0
syncache 168 0 264 5 0 254 44352 0
malloc-8192 8192 3 2 104 0 1 40960 0
udp_inpcb 424 7 83 129 0 30 38160 0
pcpu-8 8 4281 327 4309 0 254 36864 0
malloc-64 64 83 484 851 0 254 36288 0
malloc-64 64 7 560 13286 0 254 36288 0
malloc-64 64 65 502 1365 0 254 36288 0
malloc-64 64 215 352 260 0 254 36288 0
malloc-64 64 130 437 139 0 254 36288 0
malloc-128 128 22 257 69 0 126 35712 0
malloc-128 128 24 255 34 0 126 35712 0
malloc-128 128 32 247 199 0 126 35712 0
malloc-128 128 68 211 72 0 126 35712 0
routing nhops 256 10 125 17 0 62 34560 0

ttyoutq 256 72 63 160 0 62 34560 0

malloc-256 256 42 93 132 0 62 34560 0
malloc-256 256 13 122 297 0 62 34560 0
malloc-256 256 45 90 351 0 62 34560 0
malloc-256 256 19 116 565 0 62 34560 0
malloc-256 256 3 132 4 0 62 34560 0

malloc-32768 32768 1 0 1 0 1 32768 0

malloc-16384 16384 0 2 160 0 1 32768 0
malloc-2048 2048 4 12 13 0 8 32768 0
malloc-2048 2048 7 9 7 0 8 32768 0
malloc-2048 2048 2 14 39 0 8 32768 0
malloc-2048 2048 0 16 40 0 8 32768 0
malloc-2048 2048 7 9 23 0 8 32768 0
malloc-1024 1024 3 29 11 0 16 32768 0

malloc-1024 1024 9 23 10 0 16 32768 0
malloc-1024 1024 5 27 20 0 16 32768 0

malloc-1024 1024 4 28 169 0 16 32768 0

malloc-1024 1024 10 22 13 0 16 32768 0

malloc-512 512 4 60 20 0 30 32768 0
malloc-512 512 4 60 4 0 30 32768 0
malloc-512 512 0 64 127 0 30 32768 0
malloc-512 512 10 54 61 0 30 32768 0

malloc-512 512 2 62 6 0 30 32768 0
pcpu-64 64 488 24 488 0 254 32768 0

ttyinq 160 135 65 300 0 62 32000 0

PGRP 120 20 244 31 0 126 31680 0
clpbuf 2624 0 12 29 0 4 31488 0
VMSPACE 616 23 25 758 0 16 29568 0
sctp_laddr 48 0 588 4 0 254 28224 0
malloc-32 32 276 606 1128 0 254 28224 0
16 Bucket 144 51 145 263 0 62 28224 0
4 Bucket 48 6 582 8 0 254 28224 0
TURNSTILE 136 121 68 121 0 62 25704 0

cpuset 200 7 121 7 0 62 25600 0

malloc-8192 8192 3 0 3 0 1 24576 0

malloc-8192 8192 1 2 20 0 1 24576 0

malloc-4096 4096 5 1 8 0 2 24576 0

ertt_txseginfo 40 1 605 295 0 254 24240 0
rl_entry 40 31 575 31 0 254 24240 0
PWD 40 10 596 99 0 254 24240 0
rtentry 168 13 131 17 0 62 24192 0
pipe 728 7 26 282 0 16 24024 0
Files 80 72 228 6514 0 126 24000 0
8 Bucket 80 42 258 249 0 126 24000 0
tcp_inpcb 1312 3 15 7 0 8 23616 0
malloc-384 384 14 46 34 0 30 23040 0
malloc-384 384 14 46 14 0 30 23040 0
malloc-384 384 0 60 343 0 30 23040 0
malloc-384 384 34 26 49 0 30 23040 0
Mountpoints 2816 2 6 2 0 4 22528 0
SLEEPQUEUE 88 121 135 121 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
udp_inpcb ports 32 4 626 41 0 254 20160 0
ertt 72 3 277 7 0 126 20160 0
malloc-32 32 31 599 73 0 254 20160 0
malloc-32 32 26 604 52 0 254 20160 0
malloc-32 32 46 584 89 0 254 20160 0
malloc-32 32 79 551 4222 0 254 20160 0
malloc-32 32 21 609 150 0 254 20160 0
2 Bucket 32 52 578 304 0 254 20160 0
KNOTE 160 0 125 8 0 62 20000 0

epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0

malloc-16384 16384 0 1 1 0 1 16384 0

malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0

malloc-4096 4096 2 2 751 0 2 16384 0

malloc-2048 2048 3 5 3 0 8 16384 0

malloc-2048 2048 2 6 2 0 8 16384 0
malloc-1024 1024 1 15 1 0 16 16384 0

malloc-512 512 0 32 1 0 30 16384 0
SMR CPU 32 7 504 7 0 254 16352 0

malloc-16 16 297 703 29226 0 254 16000 0
kenv 258 17 43 1069 0 30 15480 0

mqnode 416 3 33 3 0 30 14976 0
vmem 1856 1 7 1 0 8 14848 0

ripcb 392 1 35 4 0 30 14112 0

SMR SHARED 24 7 504 7 0 254 12264 0

tcp_inpcb ports 32 1 377 1 0 254 12096 0
malloc-32 32 136 242 674 0 254 12096 0
malloc-16 16 0 750 16 0 254 12000 0
malloc-16 16 15 735 48 0 254 12000 0
malloc-16 16 71 679 277 0 254 12000 0
malloc-16 16 198 552 3132 0 254 12000 0
malloc-16 16 32 718 160 0 254 12000 0
malloc-16 16 10 740 13 0 254 12000 0
malloc-384 384 1 29 1 0 30 11520 0

malloc-384 384 2 28 2 0 30 11520 0

malloc-8192 8192 1 0 1 0 1 8192 0
malloc-8192 8192 1 0 1 0 1 8192 0

malloc-4096 4096 1 1 1 0 2 8192 0
pcpu-16 16 8 504 8 0 254 8192 0
vtnet_tx_hdr 24 1 333 2793 0 254 8016 0
UMA Slabs 1 176 8 14 8 0 62 3872 0

KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0

pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 360 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_rack_pcb 1216 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_raddr 736 0 0 0 0 254 0 0
sctp_asoc 2256 0 0 0 0 254 0 0
sctp_ep 1176 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb ports 32 0 0 0 0 254 0 0
udplite_inpcb 424 0 0 0 0 30 0 0
ripcb ports 32 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 232 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
cryptop 280 0 0 0 0 30 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 144 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 104 0 0 0 0 126 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-8192 8192 0 0 0 0 1 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.