panic: Bad tailq NEXT(ADDR->tqh_last) != NULL (3)
8 views
Skip to first unread message
syzbot
Nov 23, 2020, 12:39:17 PM11/23/20
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 14b48c5d Make sbp(4) use xpt_alloc_ccb/xpt_free_ccb instea..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10cd3696500000
dashboard link: https://syzkaller.appspot.com/bug?extid=a0988828aafb00de7d68
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a09888...@syzkaller.appspotmail.com
panic: Bad tailq NEXT(0xfffff80004956e30->tqh_last) != NULL
cpuid = 1
time = 322
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe002ce6f140
vpanic() at vpanic+0x1c7/frame 0xfffffe002ce6f1a0
panic() at panic+0x43/frame 0xfffffe002ce6f200
pf_tagname2tag() at pf_tagname2tag+0x2b1/frame 0xfffffe002ce6f250
pfioctl() at pfioctl+0x773c/frame 0xfffffe002ce6f780
devfs_ioctl() at devfs_ioctl+0x14e/frame 0xfffffe002ce6f7e0
VOP_IOCTL_APV() at VOP_IOCTL_APV+0x78/frame 0xfffffe002ce6f810
vn_ioctl() at vn_ioctl+0x278/frame 0xfffffe002ce6f930
devfs_ioctl_f() at devfs_ioctl_f+0x47/frame 0xfffffe002ce6f970
kern_ioctl() at kern_ioctl+0x3cd/frame 0xfffffe002ce6f9e0
sys_ioctl() at sys_ioctl+0x265/frame 0xfffffe002ce6fab0
amd64_syscall() at amd64_syscall+0x247/frame 0xfffffe002ce6fbf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe002ce6fbf0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x2838ea, rsp = 0x7fffdffdcf08, rbp = 0x7fffdffdcf70 ---
KDB: enter: panic
[ thread pid 1924 tid 102194 ]
Stopped at kdb_enter+0x67: movq $0,0x1488216(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe002b000000
rdx 0x3ffff
rbx 0
rsp 0xfffffe002ce6f120
rbp 0xfffffe002ce6f140
rsi 0x40001
rdi 0xffffffff810def16 vprintf+0x176
r8 0
r9 0xffffffff
r10 0
r11 0xfffffe0025862a10
r12 0xffffffff820671c0 ddb_dbbe
r13 0
r14 0xffffffff819643fa
r15 0xffffffff819643fa
rip 0xffffffff810d33e7 kdb_enter+0x67
rflags 0x82
kdb_enter+0x67: movq $0,0x1488216(%rip)
db> show proc
Process 1924 (syz-executor.3) at 0xfffff8003f9d2a50:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 789 at 0xfffff8003f0be528
ABI: FreeBSD ELF64
arguments: /root/syz-executor.3
reaper: 0xfffff80004291528 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00257b23e0
(map 0xfffffe00257b23e0)
(map.pmap 0xfffffe00257b24a0)
(pmap 0xfffffe00257b2500)
threads: 4
102110 RunQ syz-executor.3
102192 S sbwait 0xfffff8003f9b8574 syz-executor.3
102194 Run CPU 1 syz-executor.3
102198 S sbwait 0xfffff8003fa1d1c4 syz-executor.3
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1930 766 766 0 R (threaded) syz-executor.1
100119 Run CPU 0 syz-executor.1
102215 S sbwait 0xfffff8003f72b1c4 syz-executor.1
1929 770 770 0 S (threaded) syz-executor.2
100248 S nanslp 0xffffffff8252ed91 syz-executor.2
102205 S sbwait 0xfffff8003fa3acd4 syz-executor.2
102207 S sbwait 0xfffff8003f9b8cd4 syz-executor.2
102209 S uwait 0xfffff8003f47a180 syz-executor.2
102211 S uwait 0xfffff8003f728e80 syz-executor.2
102213 S uwait 0xfffff8003f47a480 syz-executor.2
1928 765 765 0 R (threaded) syz-executor.0
100118 RunQ syz-executor.0
102204 S pipdwt 0xfffff80026fd0000 syz-executor.0
102206 S pipbww 0xfffff80026fd0000 syz-executor.0
102208 S sbwait 0xfffff8003f9dbcd4 syz-executor.0
102210 S sbwait 0xfffff8003fa4dcd4 syz-executor.0
102212 S uwait 0xfffff8003f834100 syz-executor.0
102214 S uwait 0xfffff8003f859400 syz-executor.0
1924 789 789 0 R (threaded) syz-executor.3
102110 RunQ syz-executor.3
102192 S sbwait 0xfffff8003f9b8574 syz-executor.3
102194 Run CPU 1 syz-executor.3
102198 S sbwait 0xfffff8003fa1d1c4 syz-executor.3
1648 1642 1648 0 Ss select 0xfffff8003f7287c0 dhclient
1645 1 1645 0 Ss select 0xfffff8003f7288c0 dhclient
1642 1635 424 65 S select 0xfffff8003f728ac0 dhclient
1635 424 424 0 S wait 0xfffff80004a85000 sh
1626 1 1626 65 Ss select 0xfffff8003f7289c0 dhclient
1021 1 1021 0 Ss select 0xfffff8003f47a8c0 dhclient
1018 1 1018 0 Ss select 0xfffff8003f834640 dhclient
789 762 789 0 Ss nanslp 0xffffffff8252ed90 syz-executor.3
770 762 770 0 Ss nanslp 0xffffffff8252ed91 syz-executor.2
766 762 766 0 Ss nanslp 0xffffffff8252ed90 syz-executor.1
765 762 765 0 Ss nanslp 0xffffffff8252ed91 syz-executor.0
762 760 760 0 S (threaded) syz-fuzzer
100107 S uwait 0xfffff80004b77100 syz-fuzzer
100108 S uwait 0xfffff80004a1b480 syz-fuzzer
100109 S uwait 0xfffff80004a1b580 syz-fuzzer
100110 S kqread 0xfffff80026f42800 syz-fuzzer
100111 S uwait 0xfffff80004b77200 syz-fuzzer
100112 S uwait 0xfffff80004b77300 syz-fuzzer
100113 S uwait 0xfffff80004b77400 syz-fuzzer
100114 S uwait 0xfffff8003f03cb80 syz-fuzzer
100115 S uwait 0xfffff8003f03c080 syz-fuzzer
760 758 760 0 Ss pause 0xfffff80004b63b00 csh
758 682 758 0 Ss select 0xfffff8003f03c7c0 sshd
742 1 742 0 Ss+ ttyin 0xfffff800046a1cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff800049a28b0 getty
740 1 740 0 Ss+ ttyin 0xfffff800049a2cb0 getty
739 1 739 0 Ss+ ttyin 0xfffff8000499a0b0 getty
738 1 738 0 Ss+ ttyin 0xfffff8000499a4b0 getty
737 1 737 0 Ss+ ttyin 0xfffff8000499a8b0 getty
736 1 736 0 Ss+ ttyin 0xfffff8000499acb0 getty
735 1 735 0 Ss+ ttyin 0xfffff8000493f0b0 getty
734 1 734 0 Ss+ ttyin 0xfffff8000493f4b0 getty
686 1 686 0 Ss nanslp 0xffffffff8252ed90 cron
682 1 682 0 Ss select 0xfffff80004b775c0 sshd
495 1 495 0 Ss select 0xfffff80004b77640 syslogd
424 1 424 0 Ss wait 0xfffff80004b55528 devd
423 1 423 65 Ss select 0xfffff80004b77840 dhclient
338 1 338 0 Ss select 0xfffff80004b778c0 dhclient
335 1 335 0 Ss select 0xfffff80004a67240 dhclient
23 0 0 0 DL vlruwt 0xfffff800049f5528 [vnlru]
22 0 0 0 DL syncer 0xffffffff8261c138 [syncer]
21 0 0 0 DL (threaded) [bufdaemon]
100070 D qsleep 0xffffffff8261b200 [bufdaemon]
100077 D - 0xffffffff8200ac80 [bufspacedaemon-0]
100088 D sdflush 0xfffff8000493c8e8 [/ worker]
20 0 0 0 DL psleep 0xffffffff826426c8 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100068 D psleep 0xffffffff82636b38 [dom0]
100075 D launds 0xffffffff82636b44 [laundry: dom0]
100076 D umarcl 0xffffffff814def40 [uma]
18 0 0 0 DL - 0xffffffff82363278 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff82c8a818 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff82d83390 [pf purge]
15 0 0 0 DL - 0xffffffff8261a7dc [soaiod4]
9 0 0 0 DL - 0xffffffff8261a7dc [soaiod3]
8 0 0 0 DL - 0xffffffff8261a7dc [soaiod2]
7 0 0 0 DL - 0xffffffff8261a7dc [soaiod1]
6 0 0 0 DL (threaded) [cam]
100034 D - 0xffffffff8223afc0 [doneq0]
100067 D - 0xffffffff8223ae90 [scanner]
5 0 0 0 DL crypto_ 0xfffff80004189c90 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff80004189c30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff82634030 [crypto]
14 0 0 0 DL seqstat 0xfffff80004300488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100025 D - 0xffffffff8250e620 [g_event]
100026 D - 0xffffffff8250e628 [g_up]
100027 D - 0xffffffff8250e630 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100018 D - 0xfffff800042b3300 [thr_0]
100019 D - 0xfffff800042b3380 [thr_1]
12 0 0 0 WL (threaded) [intr]
100011 I [swi5: fast taskq]
100014 I [swi6: task queue]
100015 I [swi6: Giant taskq]
100020 I [swi1: netisr 0]
100021 I [swi4: clock (0)]
100022 I [swi4: clock (1)]
100023 I [swi3: vm]
100035 I [irq24: virtio_pci0]
100036 I [irq25: virtio_pci0]
100037 I [irq26: virtio_pci0]
100038 I [irq27: virtio_pci0]
100039 I [irq28: virtio_pci1]
100040 I [irq29: virtio_pci1]
100041 I [irq30: virtio_pci1]
100042 I [irq31: virtio_pci1]
100043 I [irq32: virtio_pci1]
100048 I [irq10: virtio_pci2]
100050 I [irq1: atkbd0]
100051 I [irq12: psm0]
100052 I [swi0: uart uart++]
100060 I [swi1: pf send]
100073 I [swi1: hpts]
100074 I [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff80004291528 [init]
10 0 0 0 DL audit_w 0xffffffff82634550 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8250ebb0 [swapper]
100005 D - 0xfffff800042b8e00 [if_io_tqg_0]
100006 D - 0xfffff800042b8d00 [if_io_tqg_1]
100007 D - 0xfffff800042b8c00 [if_config_tqg_0]
100008 D - 0xfffff800042b8b00 [softirq_0]
100009 D - 0xfffff800042b8a00 [softirq_1]
100010 D - 0xfffff80004183200 [in6m_free taskq]
100012 D - 0xfffff800042bcd00 [kqueue_ctx taskq]
100013 D - 0xfffff800042bcb00 [inm_free taskq]
100016 D - 0xfffff800042bc500 [aiod_kick taskq]
100017 D - 0xfffff800042bc300 [thread taskq]
100024 D - 0xfffff800042cda00 [firmware taskq]
100029 D - 0xfffff800042cd300 [crypto_0]
100030 D - 0xfffff800042cd300 [crypto_1]
100044 D - 0xfffff80004342300 [vtnet0 rxq 0]
100045 D - 0xfffff80004342200 [vtnet0 txq 0]
100046 D - 0xfffff80004342100 [vtnet0 rxq 1]
100047 D - 0xfffff80004342000 [vtnet0 txq 1]
100049 D vtbslp 0xfffff80004486880 [virtio_balloon]
100053 D - 0xfffff800046ade00 [mca taskq]
100055 D - 0xffffffff81d0b210 [deadlkres]
100062 D - 0xfffff800048c9200 [acpi_task_0]
100063 D - 0xfffff800048c9200 [acpi_task_1]
100064 D - 0xfffff800048c9200 [acpi_task_2]
100066 D - 0xfffff80004342b00 [CAM taskq]
db> show all locks
Process 1924 (syz-executor.3) thread 0xfffffe0025862500 (102194)
exclusive rm pf rulesets (pf rulesets) r = 0 (0xffffffff82dd64b8) locked @ /syzkaller/managers/main/kernel/sys/netpfil/pf/pf_ioctl.c:1587
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4214 4339K 4242
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 29217 1704K 29281
kobj 336 1344K 496
newblk 10 1027K 2986
vfscache 3 1025K 3
pcb 26 539K 407
inodedep 9 515K 2085
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
pf_rule 267 267K 717
subproc 134 261K 2007
acpica 1674 184K 52503
vnet_data 1 168K 1
tidhash 3 141K 3
filedesc 18 137K 2071
pagedep 10 131K 2666
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 254 97K 294
bus 979 79K 3035
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 507 64K 507
BPF 30 53K 30
umtx 342 43K 342
kdtrace 194 38K 6002
temp 35 33K 5042
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
gtaskqueue 18 26K 18
pf_ifnet 93 25K 1260
vmem 3 22K 4
kbdmux 6 22K 6
ifaddr 74 22K 74
DEVFS_RULE 56 20K 56
ufs_mount 5 17K 6
proc 3 17K 3
tty 16 16K 16
ithread 99 16K 99
lltable 46 15K 48
ether_multi 172 14K 182
bus-sc 30 14K 1416
KTRACE 100 13K 100
ifnet 7 13K 7
kenv 92 12K 92
eventhandler 129 11K 129
in6_multi 89 11K 89
GEOM 60 10K 489
rman 82 10K 423
bmsafemap 3 9K 1486
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
sctp_timw 31 8K 31
pfs_nodes 20 8K 20
audit_evclass 233 8K 291
CAM DEV 3 6K 510
kqueue 60 6K 1937
plimit 22 6K 383
cred 22 6K 225
sglist 5 6K 5
CAM queue 5 6K 1528
taskqueue 48 6K 48
ufs_dirhash 24 5K 24
DEVFSP 74 5K 78
vt 11 5K 11
UMA 254 5K 254
memdesc 1 4K 1
MCA 32 4K 32
ioctlops 1 4K 1587
kcovinfo 64 4K 68
evdev 4 4K 4
routetbl 24 4K 4280
pwddesc 58 4K 1931
session 28 4K 42
pgrp 28 4K 42
hhook 13 4K 13
terminal 11 3K 11
acpisem 22 3K 22
lockf 24 3K 40
proc-args 47 3K 597
selfd 38 3K 22881
uidinfo 3 3K 11
sctp_ifa 17 3K 19
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 21
select 13 2K 44
CAM XPT 22 2K 543
in_multi 6 2K 8
Unitno 25 2K 45
ipsecpolicy 2 2K 2
acpidev 20 2K 20
msi 9 2K 9
clone 9 2K 9
tun 7 2K 7
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 28
NFSD session 1 1K 1
CAM periph 4 1K 271
ipsec 3 1K 3
sctp_ifn 6 1K 19
diradd 6 1K 1346
indirdep 3 1K 628
mld 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
inpcbpolicy 23 1K 2000
mount 16 1K 89
pci_link 10 1K 10
encap_export_host 12 1K 12
crypto 3 1K 3
mkdir 4 1K 2042
pfil 4 1K 4
CAM SIM 2 1K 2
cdev 2 1K 2
sctp_atcl 1 1K 295
newdirblk 3 1K 1021
chacha20random 1 1K 1
procdesc 3 1K 14
iov 4 1K 15432
osd 3 1K 9
dirrem 1 1K 1310
vnodes 1 1K 1
ktls 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 6
prison 6 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
freework 1 1K 1233
tcpfunc 2 1K 2
pmchooks 1 1K 1
soname 4 1K 3246
nexusdev 5 1K 5
sctp_vrf 1 1K 1
entropy 2 1K 40
vnet 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1
filecaps 3 1K 94
sctp_atky 1 1K 431
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
sctp_athm 1 1K 297
p1003.1b 1 1K 1
pf_table 0 0K 1064
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 36
sctp_iter 0 0K 9
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 9
sctp_aadr 0 0K 0
sctp_stro 0 0K 136
sctp_stri 0 0K 0
sctp_map 0 0K 272
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
pvscsi 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
USB 0 0K 0
xen_intr 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
twsbuf 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
vm_fictitious 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
UMAHash 0 0K 0
CAM CCB 0 0K 6596
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 1480
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 11
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefile 0 0K 1308
freeblks 0 0K 1232
freefrag 0 0K 9
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 6
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 1200
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 3
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MVS driver 0 0K 0
mbuf_tag 0 0K 118
accf 0 0K 0
pts 0 0K 0
Witness 0 0K 0
stack 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
sbuf 0 0K 288
mps_user 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
MPSSAS 0 0K 0
SWAP 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
sysctltmp 0 0K 633
sysctl 0 0K 1
MPRSAS 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
aacbuf 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
zstd 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_cluster 2048 9653 1 9653 0 254 19771392 0
mbuf_packet 256 8205 1320 909916 0 254 2438400 0
BUF TRIE 144 228 13240 5706 0 62 1939392 0
RADIX NODE 144 11839 170 81889 0 62 1729296 0
malloc-384 384 4138 12 4140 0 30 1593600 0
malloc-4096 4096 336 2 496 0 2 1384448 0
malloc-128 128 10501 39 10819 0 126 1349120 0
pbuf 832 0 969 0 0 2 806208 0
UMA Slabs 0 112 5942 31 5942 0 126 668976 0
mbuf_jumbo_page 4096 0 161 496 0 254 659456 0
FFS inode 1128 511 28 1819 0 8 607992 0
VM OBJECT 264 1188 57 30398 0 30 328680 0
malloc-65536 65536 3 2 11 0 1 327680 0
VNODE 488 547 85 1857 0 30 308416 0
THREAD 1792 153 18 2215 0 8 306432 0
malloc-1024 1024 273 7 2991 0 16 286720 0
malloc-4096 4096 62 4 3296 0 2 270336 0
malloc-65536 65536 4 0 4 0 1 262144 0
mbuf 256 475 515 451853 0 254 253440 0
256 Bucket 2048 116 4 7671 0 8 245760 0
malloc-2048 2048 2 110 6756 0 8 229376 0
DEVCTL 1024 8 200 125 0 0 212992 0
malloc-16384 16384 9 4 1034 0 1 212992 0
malloc-16 16 12220 280 12562 0 254 200000 0
socket 944 41 155 3287 0 254 185024 0
g_bio 408 0 440 24038 0 30 179520 0
malloc-64 64 2753 19 2799 0 254 177408 0
UMA Zones 768 226 3 226 0 16 175872 0
MAP ENTRY 96 1490 274 101654 0 126 169344 0
malloc-32 32 4793 247 7852 0 254 161280 0
malloc-256 256 165 450 4075 0 62 157440 0
malloc-128 128 1126 83 24452 0 126 154752 0
FFS2 dinode 256 511 89 1819 0 62 153600 0
S VFS Cache 104 1008 279 2707 0 126 133848 0
malloc-65536 65536 0 2 101 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-4096 4096 31 0 42 0 2 126976 0
malloc-1024 1024 117 7 135 0 16 126976 0
ksiginfo 112 60 984 1049 0 126 116928 0
VMSPACE 2544 35 10 1909 0 4 114480 0
vmem btag 56 1850 82 1850 0 254 108192 0
PROC 1320 57 18 1930 0 8 99000 0
malloc-256 256 206 124 8999 0 62 84480 0
filedesc0 1072 58 19 1931 0 8 82544 0
udplite_inpcb 488 14 154 1793 0 254 81984 0
UMA Kegs 384 212 1 212 0 30 81792 0
128 Bucket 1024 46 33 4237 0 16 80896 0
malloc-256 256 152 133 2104 0 62 72960 0
malloc-65536 65536 0 1 110 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-8192 8192 6 2 34 0 1 65536 0
malloc-128 128 308 188 1483 0 126 63488 0
malloc-128 128 156 278 4262 0 126 55552 0
64 Bucket 512 67 37 3327 0 30 53248 0
32 Bucket 256 62 133 1275 0 62 49920 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-16384 16384 2 1 5 0 1 49152 0
malloc-64 64 572 184 25781 0 254 48384 0
malloc-2048 2048 9 13 516 0 8 45056 0
pcpu-8 8 5041 591 21291 0 254 45056 0
malloc-64 64 523 170 1604 0 254 44352 0
malloc-128 128 135 206 1489 0 126 43648 0
malloc-384 384 96 14 406 0 30 42240 0
malloc-256 256 52 113 678 0 62 42240 0
malloc-256 256 27 138 4775 0 62 42240 0
Files 80 223 277 12385 0 126 40000 0
clpbuf 832 0 48 240 0 16 39936 0
DIRHASH 1024 34 2 34 0 16 36864 0
NAMEI 1024 0 36 19568 0 16 36864 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 0 1 112 0 1 32768 0
pcpu-64 64 452 60 452 0 254 32768 0
malloc-64 64 273 231 4081 0 254 32256 0
malloc-384 384 8 72 2084 0 30 30720 0
malloc-384 384 54 26 348 0 30 30720 0
malloc-256 256 13 107 1489 0 62 30720 0
TURNSTILE 136 172 38 172 0 62 28560 0
malloc-64 64 327 114 14857 0 254 28224 0
8 Bucket 80 61 289 22986 0 126 28000 0
pipe 744 22 13 419 0 16 26040 0
malloc-8192 8192 2 1 4 0 1 24576 0
malloc-8192 8192 2 1 4 0 1 24576 0
malloc-8192 8192 2 1 91 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
PWD 32 20 736 1111 0 254 24192 0
KNOTE 160 28 122 42187 0 62 24000 0
ttyinq 160 135 15 300 0 62 24000 0
malloc-128 128 142 44 495 0 126 23808 0
tcpcb 1048 4 18 17 0 254 23056 0
ttyoutq 256 72 18 160 0 62 23040 0
malloc-256 256 73 17 515 0 62 23040 0
sctp_asoc 2288 0 10 136 0 254 22880 0
malloc-4096 4096 4 1 7 0 2 20480 0
malloc-4096 4096 4 1 8 0 2 20480 0
malloc-2048 2048 3 7 1079 0 8 20480 0
malloc-2048 2048 3 7 1900 0 8 20480 0
malloc-2048 2048 5 5 261 0 8 20480 0
malloc-1024 1024 18 2 18 0 16 20480 0
16 Bucket 144 43 97 2015 0 62 20160 0
Mountpoints 2752 2 5 2 0 4 19264 0
sctp_ep 1280 1 14 159 0 254 19200 0
malloc-256 256 59 16 493 0 62 19200 0
SLEEPQUEUE 88 172 20 172 0 126 16896 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 0 1 136 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-2048 2048 7 1 7 0 8 16384 0
malloc-1024 1024 2 14 178 0 16 16384 0
malloc-1024 1024 14 2 14 0 16 16384 0
sctp_raddr 736 0 22 136 0 254 16192 0
malloc-32 32 322 182 749 0 254 16128 0
vtnet_tx_hdr 24 0 668 445306 0 254 16032 0
malloc-384 384 23 17 2154 0 30 15360 0
malloc-384 384 27 13 27 0 30 15360 0
malloc-4096 4096 1 2 1204 0 2 12288 0
malloc-2048 2048 3 3 194 0 8 12288 0
udpcb 32 16 362 1972 0 254 12096 0
2 Bucket 32 54 324 11824 0 254 12096 0
malloc-128 128 57 36 2977 0 126 11904 0
udp_inpcb 488 2 22 179 0 254 11712 0
routing nhops 256 28 17 39 0 62 11520 0
unpcb 256 14 31 1098 0 254 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 3 0 2 8192 0
malloc-2048 2048 1 3 591 0 8 8192 0
malloc-1024 1024 3 5 3 0 16 8192 0
malloc-1024 1024 4 4 144 0 16 8192 0
malloc-1024 1024 3 5 18 0 16 8192 0
malloc-512 512 1 15 119 0 30 8192 0
malloc-512 512 8 8 8 0 30 8192 0
malloc-512 512 2 14 510 0 30 8192 0
malloc-512 512 3 13 44 0 30 8192 0
malloc-512 512 2 14 28 0 30 8192 0
malloc-512 512 8 8 8 0 30 8192 0
pf tags 104 10 68 54 0 126 8112 0
rtentry 176 35 11 39 0 62 8096 0
rl_entry 40 77 125 77 0 254 8080 0
sctp_laddr 48 0 168 524 0 254 8064 0
malloc-64 64 75 51 92 0 254 8064 0
malloc-64 64 3 123 35 0 254 8064 0
malloc-64 64 36 90 197 0 254 8064 0
malloc-32 32 100 152 158 0 254 8064 0
malloc-32 32 78 174 2014 0 254 8064 0
malloc-32 32 57 195 828 0 254 8064 0
malloc-32 32 3 249 36 0 254 8064 0
malloc-32 32 30 222 2654 0 254 8064 0
4 Bucket 48 6 162 1133 0 254 8064 0
malloc-16 16 16 484 46 0 254 8000 0
malloc-16 16 28 472 826 0 254 8000 0
malloc-16 16 60 440 816 0 254 8000 0
malloc-16 16 183 317 1264 0 254 8000 0
malloc-16 16 8 492 8 0 254 8000 0
malloc-16 16 256 244 259 0 254 8000 0
malloc-16 16 27 473 23643 0 254 8000 0
malloc-128 128 17 45 436 0 126 7936 0
tcp_inpcb 488 4 12 17 0 254 7808 0
kenv 258 3 27 1008 0 30 7740 0
FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 7 55 7 0 126 6448 0
epoch_record pcpu 256 4 12 4 0 62 4096 0
malloc-512 512 1 7 2 0 30 4096 0
pcpu-16 16 7 249 7 0 254 4096 0
hostcache 96 1 41 1 0 254 4032 0
syncache 168 0 24 4 0 254 4032 0
malloc-32 32 8 118 29 0 254 4032 0
ripcb 488 3 5 11 0 254 3904 0
UMA Slabs 1 176 10 12 10 0 62 3872 0
malloc-384 384 1 9 1 0 30 3840 0
malloc-384 384 1 9 1 0 30 3840 0
KMAP ENTRY 96 12 27 12 0 0 3744 0
vmem 1856 1 1 1 0 8 3712 0
SMR CPU 32 2 29 2 0 254 992 0
SMR SHARED 24 2 29 2 0 254 744 0
FFS1 dinode 128 0 0 0 0 126 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 296 0 0 0 0 254 0 0
pf mtags 48 0 0 0 0 254 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
tcp_log_node 120 0 0 0 0 126 0 0
tcp_log_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
tcptw 88 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 744 0 0 0 0 16 0 0
AIOP 32 0 0 0 0 254 0 0
AIO 208 0 0 0 0 62 0 0
TMPFS node 224 0 0 0 0 62 0 0
NCLNODE 592 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
crypto_session 72 0 0 0 0 126 0 0
cryptop 280 0 0 0 0 30 0 0
IOMMU_MAP_ENTRY 120 0 0 0 0 126 0 0
ktls_session 192 0 0 0 0 62 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 832 0 0 0 0 62 0 0
mdpbuf 832 0 0 0 0 4 0 0
nfspbuf 832 0 0 0 0 16 0 0
swwbuf 832 0 0 0 0 8 0 0
swrbuf 832 0 0 0 0 16 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-512 512 0 0 0 0 30 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 14b48c5d Make sbp(4) use xpt_alloc_ccb/xpt_free_ccb instea..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10cd3696500000
dashboard link: https://syzkaller.appspot.com/bug?extid=a0988828aafb00de7d68
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a09888...@syzkaller.appspotmail.com
panic: Bad tailq NEXT(0xfffff80004956e30->tqh_last) != NULL
cpuid = 1
time = 322
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe002ce6f140
vpanic() at vpanic+0x1c7/frame 0xfffffe002ce6f1a0
panic() at panic+0x43/frame 0xfffffe002ce6f200
pf_tagname2tag() at pf_tagname2tag+0x2b1/frame 0xfffffe002ce6f250
pfioctl() at pfioctl+0x773c/frame 0xfffffe002ce6f780
devfs_ioctl() at devfs_ioctl+0x14e/frame 0xfffffe002ce6f7e0
VOP_IOCTL_APV() at VOP_IOCTL_APV+0x78/frame 0xfffffe002ce6f810
vn_ioctl() at vn_ioctl+0x278/frame 0xfffffe002ce6f930
devfs_ioctl_f() at devfs_ioctl_f+0x47/frame 0xfffffe002ce6f970
kern_ioctl() at kern_ioctl+0x3cd/frame 0xfffffe002ce6f9e0
sys_ioctl() at sys_ioctl+0x265/frame 0xfffffe002ce6fab0
amd64_syscall() at amd64_syscall+0x247/frame 0xfffffe002ce6fbf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe002ce6fbf0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x2838ea, rsp = 0x7fffdffdcf08, rbp = 0x7fffdffdcf70 ---
KDB: enter: panic
[ thread pid 1924 tid 102194 ]
Stopped at kdb_enter+0x67: movq $0,0x1488216(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe002b000000
rdx 0x3ffff
rbx 0
rsp 0xfffffe002ce6f120
rbp 0xfffffe002ce6f140
rsi 0x40001
rdi 0xffffffff810def16 vprintf+0x176
r8 0
r9 0xffffffff
r10 0
r11 0xfffffe0025862a10
r12 0xffffffff820671c0 ddb_dbbe
r13 0
r14 0xffffffff819643fa
r15 0xffffffff819643fa
rip 0xffffffff810d33e7 kdb_enter+0x67
rflags 0x82
kdb_enter+0x67: movq $0,0x1488216(%rip)
db> show proc
Process 1924 (syz-executor.3) at 0xfffff8003f9d2a50:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 789 at 0xfffff8003f0be528
ABI: FreeBSD ELF64
arguments: /root/syz-executor.3
reaper: 0xfffff80004291528 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00257b23e0
(map 0xfffffe00257b23e0)
(map.pmap 0xfffffe00257b24a0)
(pmap 0xfffffe00257b2500)
threads: 4
102110 RunQ syz-executor.3
102192 S sbwait 0xfffff8003f9b8574 syz-executor.3
102194 Run CPU 1 syz-executor.3
102198 S sbwait 0xfffff8003fa1d1c4 syz-executor.3
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1930 766 766 0 R (threaded) syz-executor.1
100119 Run CPU 0 syz-executor.1
102215 S sbwait 0xfffff8003f72b1c4 syz-executor.1
1929 770 770 0 S (threaded) syz-executor.2
100248 S nanslp 0xffffffff8252ed91 syz-executor.2
102205 S sbwait 0xfffff8003fa3acd4 syz-executor.2
102207 S sbwait 0xfffff8003f9b8cd4 syz-executor.2
102209 S uwait 0xfffff8003f47a180 syz-executor.2
102211 S uwait 0xfffff8003f728e80 syz-executor.2
102213 S uwait 0xfffff8003f47a480 syz-executor.2
1928 765 765 0 R (threaded) syz-executor.0
100118 RunQ syz-executor.0
102204 S pipdwt 0xfffff80026fd0000 syz-executor.0
102206 S pipbww 0xfffff80026fd0000 syz-executor.0
102208 S sbwait 0xfffff8003f9dbcd4 syz-executor.0
102210 S sbwait 0xfffff8003fa4dcd4 syz-executor.0
102212 S uwait 0xfffff8003f834100 syz-executor.0
102214 S uwait 0xfffff8003f859400 syz-executor.0
1924 789 789 0 R (threaded) syz-executor.3
102110 RunQ syz-executor.3
102192 S sbwait 0xfffff8003f9b8574 syz-executor.3
102194 Run CPU 1 syz-executor.3
102198 S sbwait 0xfffff8003fa1d1c4 syz-executor.3
1648 1642 1648 0 Ss select 0xfffff8003f7287c0 dhclient
1645 1 1645 0 Ss select 0xfffff8003f7288c0 dhclient
1642 1635 424 65 S select 0xfffff8003f728ac0 dhclient
1635 424 424 0 S wait 0xfffff80004a85000 sh
1626 1 1626 65 Ss select 0xfffff8003f7289c0 dhclient
1021 1 1021 0 Ss select 0xfffff8003f47a8c0 dhclient
1018 1 1018 0 Ss select 0xfffff8003f834640 dhclient
789 762 789 0 Ss nanslp 0xffffffff8252ed90 syz-executor.3
770 762 770 0 Ss nanslp 0xffffffff8252ed91 syz-executor.2
766 762 766 0 Ss nanslp 0xffffffff8252ed90 syz-executor.1
765 762 765 0 Ss nanslp 0xffffffff8252ed91 syz-executor.0
762 760 760 0 S (threaded) syz-fuzzer
100107 S uwait 0xfffff80004b77100 syz-fuzzer
100108 S uwait 0xfffff80004a1b480 syz-fuzzer
100109 S uwait 0xfffff80004a1b580 syz-fuzzer
100110 S kqread 0xfffff80026f42800 syz-fuzzer
100111 S uwait 0xfffff80004b77200 syz-fuzzer
100112 S uwait 0xfffff80004b77300 syz-fuzzer
100113 S uwait 0xfffff80004b77400 syz-fuzzer
100114 S uwait 0xfffff8003f03cb80 syz-fuzzer
100115 S uwait 0xfffff8003f03c080 syz-fuzzer
760 758 760 0 Ss pause 0xfffff80004b63b00 csh
758 682 758 0 Ss select 0xfffff8003f03c7c0 sshd
742 1 742 0 Ss+ ttyin 0xfffff800046a1cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff800049a28b0 getty
740 1 740 0 Ss+ ttyin 0xfffff800049a2cb0 getty
739 1 739 0 Ss+ ttyin 0xfffff8000499a0b0 getty
738 1 738 0 Ss+ ttyin 0xfffff8000499a4b0 getty
737 1 737 0 Ss+ ttyin 0xfffff8000499a8b0 getty
736 1 736 0 Ss+ ttyin 0xfffff8000499acb0 getty
735 1 735 0 Ss+ ttyin 0xfffff8000493f0b0 getty
734 1 734 0 Ss+ ttyin 0xfffff8000493f4b0 getty
686 1 686 0 Ss nanslp 0xffffffff8252ed90 cron
682 1 682 0 Ss select 0xfffff80004b775c0 sshd
495 1 495 0 Ss select 0xfffff80004b77640 syslogd
424 1 424 0 Ss wait 0xfffff80004b55528 devd
423 1 423 65 Ss select 0xfffff80004b77840 dhclient
338 1 338 0 Ss select 0xfffff80004b778c0 dhclient
335 1 335 0 Ss select 0xfffff80004a67240 dhclient
23 0 0 0 DL vlruwt 0xfffff800049f5528 [vnlru]
22 0 0 0 DL syncer 0xffffffff8261c138 [syncer]
21 0 0 0 DL (threaded) [bufdaemon]
100070 D qsleep 0xffffffff8261b200 [bufdaemon]
100077 D - 0xffffffff8200ac80 [bufspacedaemon-0]
100088 D sdflush 0xfffff8000493c8e8 [/ worker]
20 0 0 0 DL psleep 0xffffffff826426c8 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100068 D psleep 0xffffffff82636b38 [dom0]
100075 D launds 0xffffffff82636b44 [laundry: dom0]
100076 D umarcl 0xffffffff814def40 [uma]
18 0 0 0 DL - 0xffffffff82363278 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff82c8a818 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff82d83390 [pf purge]
15 0 0 0 DL - 0xffffffff8261a7dc [soaiod4]
9 0 0 0 DL - 0xffffffff8261a7dc [soaiod3]
8 0 0 0 DL - 0xffffffff8261a7dc [soaiod2]
7 0 0 0 DL - 0xffffffff8261a7dc [soaiod1]
6 0 0 0 DL (threaded) [cam]
100034 D - 0xffffffff8223afc0 [doneq0]
100067 D - 0xffffffff8223ae90 [scanner]
5 0 0 0 DL crypto_ 0xfffff80004189c90 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff80004189c30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff82634030 [crypto]
14 0 0 0 DL seqstat 0xfffff80004300488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100025 D - 0xffffffff8250e620 [g_event]
100026 D - 0xffffffff8250e628 [g_up]
100027 D - 0xffffffff8250e630 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100018 D - 0xfffff800042b3300 [thr_0]
100019 D - 0xfffff800042b3380 [thr_1]
12 0 0 0 WL (threaded) [intr]
100011 I [swi5: fast taskq]
100014 I [swi6: task queue]
100015 I [swi6: Giant taskq]
100020 I [swi1: netisr 0]
100021 I [swi4: clock (0)]
100022 I [swi4: clock (1)]
100023 I [swi3: vm]
100035 I [irq24: virtio_pci0]
100036 I [irq25: virtio_pci0]
100037 I [irq26: virtio_pci0]
100038 I [irq27: virtio_pci0]
100039 I [irq28: virtio_pci1]
100040 I [irq29: virtio_pci1]
100041 I [irq30: virtio_pci1]
100042 I [irq31: virtio_pci1]
100043 I [irq32: virtio_pci1]
100048 I [irq10: virtio_pci2]
100050 I [irq1: atkbd0]
100051 I [irq12: psm0]
100052 I [swi0: uart uart++]
100060 I [swi1: pf send]
100073 I [swi1: hpts]
100074 I [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff80004291528 [init]
10 0 0 0 DL audit_w 0xffffffff82634550 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8250ebb0 [swapper]
100005 D - 0xfffff800042b8e00 [if_io_tqg_0]
100006 D - 0xfffff800042b8d00 [if_io_tqg_1]
100007 D - 0xfffff800042b8c00 [if_config_tqg_0]
100008 D - 0xfffff800042b8b00 [softirq_0]
100009 D - 0xfffff800042b8a00 [softirq_1]
100010 D - 0xfffff80004183200 [in6m_free taskq]
100012 D - 0xfffff800042bcd00 [kqueue_ctx taskq]
100013 D - 0xfffff800042bcb00 [inm_free taskq]
100016 D - 0xfffff800042bc500 [aiod_kick taskq]
100017 D - 0xfffff800042bc300 [thread taskq]
100024 D - 0xfffff800042cda00 [firmware taskq]
100029 D - 0xfffff800042cd300 [crypto_0]
100030 D - 0xfffff800042cd300 [crypto_1]
100044 D - 0xfffff80004342300 [vtnet0 rxq 0]
100045 D - 0xfffff80004342200 [vtnet0 txq 0]
100046 D - 0xfffff80004342100 [vtnet0 rxq 1]
100047 D - 0xfffff80004342000 [vtnet0 txq 1]
100049 D vtbslp 0xfffff80004486880 [virtio_balloon]
100053 D - 0xfffff800046ade00 [mca taskq]
100055 D - 0xffffffff81d0b210 [deadlkres]
100062 D - 0xfffff800048c9200 [acpi_task_0]
100063 D - 0xfffff800048c9200 [acpi_task_1]
100064 D - 0xfffff800048c9200 [acpi_task_2]
100066 D - 0xfffff80004342b00 [CAM taskq]
db> show all locks
Process 1924 (syz-executor.3) thread 0xfffffe0025862500 (102194)
exclusive rm pf rulesets (pf rulesets) r = 0 (0xffffffff82dd64b8) locked @ /syzkaller/managers/main/kernel/sys/netpfil/pf/pf_ioctl.c:1587
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4214 4339K 4242
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 29217 1704K 29281
kobj 336 1344K 496
newblk 10 1027K 2986
vfscache 3 1025K 3
pcb 26 539K 407
inodedep 9 515K 2085
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
pf_rule 267 267K 717
subproc 134 261K 2007
acpica 1674 184K 52503
vnet_data 1 168K 1
tidhash 3 141K 3
filedesc 18 137K 2071
pagedep 10 131K 2666
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 254 97K 294
bus 979 79K 3035
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 507 64K 507
BPF 30 53K 30
umtx 342 43K 342
kdtrace 194 38K 6002
temp 35 33K 5042
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
gtaskqueue 18 26K 18
pf_ifnet 93 25K 1260
vmem 3 22K 4
kbdmux 6 22K 6
ifaddr 74 22K 74
DEVFS_RULE 56 20K 56
ufs_mount 5 17K 6
proc 3 17K 3
tty 16 16K 16
ithread 99 16K 99
lltable 46 15K 48
ether_multi 172 14K 182
bus-sc 30 14K 1416
KTRACE 100 13K 100
ifnet 7 13K 7
kenv 92 12K 92
eventhandler 129 11K 129
in6_multi 89 11K 89
GEOM 60 10K 489
rman 82 10K 423
bmsafemap 3 9K 1486
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
sctp_timw 31 8K 31
pfs_nodes 20 8K 20
audit_evclass 233 8K 291
CAM DEV 3 6K 510
kqueue 60 6K 1937
plimit 22 6K 383
cred 22 6K 225
sglist 5 6K 5
CAM queue 5 6K 1528
taskqueue 48 6K 48
ufs_dirhash 24 5K 24
DEVFSP 74 5K 78
vt 11 5K 11
UMA 254 5K 254
memdesc 1 4K 1
MCA 32 4K 32
ioctlops 1 4K 1587
kcovinfo 64 4K 68
evdev 4 4K 4
routetbl 24 4K 4280
pwddesc 58 4K 1931
session 28 4K 42
pgrp 28 4K 42
hhook 13 4K 13
terminal 11 3K 11
acpisem 22 3K 22
lockf 24 3K 40
proc-args 47 3K 597
selfd 38 3K 22881
uidinfo 3 3K 11
sctp_ifa 17 3K 19
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 21
select 13 2K 44
CAM XPT 22 2K 543
in_multi 6 2K 8
Unitno 25 2K 45
ipsecpolicy 2 2K 2
acpidev 20 2K 20
msi 9 2K 9
clone 9 2K 9
tun 7 2K 7
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 28
NFSD session 1 1K 1
CAM periph 4 1K 271
ipsec 3 1K 3
sctp_ifn 6 1K 19
diradd 6 1K 1346
indirdep 3 1K 628
mld 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
inpcbpolicy 23 1K 2000
mount 16 1K 89
pci_link 10 1K 10
encap_export_host 12 1K 12
crypto 3 1K 3
mkdir 4 1K 2042
pfil 4 1K 4
CAM SIM 2 1K 2
cdev 2 1K 2
sctp_atcl 1 1K 295
newdirblk 3 1K 1021
chacha20random 1 1K 1
procdesc 3 1K 14
iov 4 1K 15432
osd 3 1K 9
dirrem 1 1K 1310
vnodes 1 1K 1
ktls 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 6
prison 6 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
freework 1 1K 1233
tcpfunc 2 1K 2
pmchooks 1 1K 1
soname 4 1K 3246
nexusdev 5 1K 5
sctp_vrf 1 1K 1
entropy 2 1K 40
vnet 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1
filecaps 3 1K 94
sctp_atky 1 1K 431
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
sctp_athm 1 1K 297
p1003.1b 1 1K 1
pf_table 0 0K 1064
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 36
sctp_iter 0 0K 9
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 9
sctp_aadr 0 0K 0
sctp_stro 0 0K 136
sctp_stri 0 0K 0
sctp_map 0 0K 272
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
pvscsi 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
USB 0 0K 0
xen_intr 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
twsbuf 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
vm_fictitious 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
UMAHash 0 0K 0
CAM CCB 0 0K 6596
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 1480
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 11
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefile 0 0K 1308
freeblks 0 0K 1232
freefrag 0 0K 9
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 6
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 1200
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 3
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MVS driver 0 0K 0
mbuf_tag 0 0K 118
accf 0 0K 0
pts 0 0K 0
Witness 0 0K 0
stack 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
sbuf 0 0K 288
mps_user 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
MPSSAS 0 0K 0
SWAP 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
sysctltmp 0 0K 633
sysctl 0 0K 1
MPRSAS 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
aacbuf 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
zstd 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_cluster 2048 9653 1 9653 0 254 19771392 0
mbuf_packet 256 8205 1320 909916 0 254 2438400 0
BUF TRIE 144 228 13240 5706 0 62 1939392 0
RADIX NODE 144 11839 170 81889 0 62 1729296 0
malloc-384 384 4138 12 4140 0 30 1593600 0
malloc-4096 4096 336 2 496 0 2 1384448 0
malloc-128 128 10501 39 10819 0 126 1349120 0
pbuf 832 0 969 0 0 2 806208 0
UMA Slabs 0 112 5942 31 5942 0 126 668976 0
mbuf_jumbo_page 4096 0 161 496 0 254 659456 0
FFS inode 1128 511 28 1819 0 8 607992 0
VM OBJECT 264 1188 57 30398 0 30 328680 0
malloc-65536 65536 3 2 11 0 1 327680 0
VNODE 488 547 85 1857 0 30 308416 0
THREAD 1792 153 18 2215 0 8 306432 0
malloc-1024 1024 273 7 2991 0 16 286720 0
malloc-4096 4096 62 4 3296 0 2 270336 0
malloc-65536 65536 4 0 4 0 1 262144 0
mbuf 256 475 515 451853 0 254 253440 0
256 Bucket 2048 116 4 7671 0 8 245760 0
malloc-2048 2048 2 110 6756 0 8 229376 0
DEVCTL 1024 8 200 125 0 0 212992 0
malloc-16384 16384 9 4 1034 0 1 212992 0
malloc-16 16 12220 280 12562 0 254 200000 0
socket 944 41 155 3287 0 254 185024 0
g_bio 408 0 440 24038 0 30 179520 0
malloc-64 64 2753 19 2799 0 254 177408 0
UMA Zones 768 226 3 226 0 16 175872 0
MAP ENTRY 96 1490 274 101654 0 126 169344 0
malloc-32 32 4793 247 7852 0 254 161280 0
malloc-256 256 165 450 4075 0 62 157440 0
malloc-128 128 1126 83 24452 0 126 154752 0
FFS2 dinode 256 511 89 1819 0 62 153600 0
S VFS Cache 104 1008 279 2707 0 126 133848 0
malloc-65536 65536 0 2 101 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-4096 4096 31 0 42 0 2 126976 0
malloc-1024 1024 117 7 135 0 16 126976 0
ksiginfo 112 60 984 1049 0 126 116928 0
VMSPACE 2544 35 10 1909 0 4 114480 0
vmem btag 56 1850 82 1850 0 254 108192 0
PROC 1320 57 18 1930 0 8 99000 0
malloc-256 256 206 124 8999 0 62 84480 0
filedesc0 1072 58 19 1931 0 8 82544 0
udplite_inpcb 488 14 154 1793 0 254 81984 0
UMA Kegs 384 212 1 212 0 30 81792 0
128 Bucket 1024 46 33 4237 0 16 80896 0
malloc-256 256 152 133 2104 0 62 72960 0
malloc-65536 65536 0 1 110 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-8192 8192 6 2 34 0 1 65536 0
malloc-128 128 308 188 1483 0 126 63488 0
malloc-128 128 156 278 4262 0 126 55552 0
64 Bucket 512 67 37 3327 0 30 53248 0
32 Bucket 256 62 133 1275 0 62 49920 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-16384 16384 2 1 5 0 1 49152 0
malloc-64 64 572 184 25781 0 254 48384 0
malloc-2048 2048 9 13 516 0 8 45056 0
pcpu-8 8 5041 591 21291 0 254 45056 0
malloc-64 64 523 170 1604 0 254 44352 0
malloc-128 128 135 206 1489 0 126 43648 0
malloc-384 384 96 14 406 0 30 42240 0
malloc-256 256 52 113 678 0 62 42240 0
malloc-256 256 27 138 4775 0 62 42240 0
Files 80 223 277 12385 0 126 40000 0
clpbuf 832 0 48 240 0 16 39936 0
DIRHASH 1024 34 2 34 0 16 36864 0
NAMEI 1024 0 36 19568 0 16 36864 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 0 1 112 0 1 32768 0
pcpu-64 64 452 60 452 0 254 32768 0
malloc-64 64 273 231 4081 0 254 32256 0
malloc-384 384 8 72 2084 0 30 30720 0
malloc-384 384 54 26 348 0 30 30720 0
malloc-256 256 13 107 1489 0 62 30720 0
TURNSTILE 136 172 38 172 0 62 28560 0
malloc-64 64 327 114 14857 0 254 28224 0
8 Bucket 80 61 289 22986 0 126 28000 0
pipe 744 22 13 419 0 16 26040 0
malloc-8192 8192 2 1 4 0 1 24576 0
malloc-8192 8192 2 1 4 0 1 24576 0
malloc-8192 8192 2 1 91 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
PWD 32 20 736 1111 0 254 24192 0
KNOTE 160 28 122 42187 0 62 24000 0
ttyinq 160 135 15 300 0 62 24000 0
malloc-128 128 142 44 495 0 126 23808 0
tcpcb 1048 4 18 17 0 254 23056 0
ttyoutq 256 72 18 160 0 62 23040 0
malloc-256 256 73 17 515 0 62 23040 0
sctp_asoc 2288 0 10 136 0 254 22880 0
malloc-4096 4096 4 1 7 0 2 20480 0
malloc-4096 4096 4 1 8 0 2 20480 0
malloc-2048 2048 3 7 1079 0 8 20480 0
malloc-2048 2048 3 7 1900 0 8 20480 0
malloc-2048 2048 5 5 261 0 8 20480 0
malloc-1024 1024 18 2 18 0 16 20480 0
16 Bucket 144 43 97 2015 0 62 20160 0
Mountpoints 2752 2 5 2 0 4 19264 0
sctp_ep 1280 1 14 159 0 254 19200 0
malloc-256 256 59 16 493 0 62 19200 0
SLEEPQUEUE 88 172 20 172 0 126 16896 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 0 1 136 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-2048 2048 7 1 7 0 8 16384 0
malloc-1024 1024 2 14 178 0 16 16384 0
malloc-1024 1024 14 2 14 0 16 16384 0
sctp_raddr 736 0 22 136 0 254 16192 0
malloc-32 32 322 182 749 0 254 16128 0
vtnet_tx_hdr 24 0 668 445306 0 254 16032 0
malloc-384 384 23 17 2154 0 30 15360 0
malloc-384 384 27 13 27 0 30 15360 0
malloc-4096 4096 1 2 1204 0 2 12288 0
malloc-2048 2048 3 3 194 0 8 12288 0
udpcb 32 16 362 1972 0 254 12096 0
2 Bucket 32 54 324 11824 0 254 12096 0
malloc-128 128 57 36 2977 0 126 11904 0
udp_inpcb 488 2 22 179 0 254 11712 0
routing nhops 256 28 17 39 0 62 11520 0
unpcb 256 14 31 1098 0 254 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 3 0 2 8192 0
malloc-2048 2048 1 3 591 0 8 8192 0
malloc-1024 1024 3 5 3 0 16 8192 0
malloc-1024 1024 4 4 144 0 16 8192 0
malloc-1024 1024 3 5 18 0 16 8192 0
malloc-512 512 1 15 119 0 30 8192 0
malloc-512 512 8 8 8 0 30 8192 0
malloc-512 512 2 14 510 0 30 8192 0
malloc-512 512 3 13 44 0 30 8192 0
malloc-512 512 2 14 28 0 30 8192 0
malloc-512 512 8 8 8 0 30 8192 0
pf tags 104 10 68 54 0 126 8112 0
rtentry 176 35 11 39 0 62 8096 0
rl_entry 40 77 125 77 0 254 8080 0
sctp_laddr 48 0 168 524 0 254 8064 0
malloc-64 64 75 51 92 0 254 8064 0
malloc-64 64 3 123 35 0 254 8064 0
malloc-64 64 36 90 197 0 254 8064 0
malloc-32 32 100 152 158 0 254 8064 0
malloc-32 32 78 174 2014 0 254 8064 0
malloc-32 32 57 195 828 0 254 8064 0
malloc-32 32 3 249 36 0 254 8064 0
malloc-32 32 30 222 2654 0 254 8064 0
4 Bucket 48 6 162 1133 0 254 8064 0
malloc-16 16 16 484 46 0 254 8000 0
malloc-16 16 28 472 826 0 254 8000 0
malloc-16 16 60 440 816 0 254 8000 0
malloc-16 16 183 317 1264 0 254 8000 0
malloc-16 16 8 492 8 0 254 8000 0
malloc-16 16 256 244 259 0 254 8000 0
malloc-16 16 27 473 23643 0 254 8000 0
malloc-128 128 17 45 436 0 126 7936 0
tcp_inpcb 488 4 12 17 0 254 7808 0
kenv 258 3 27 1008 0 30 7740 0
FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 7 55 7 0 126 6448 0
epoch_record pcpu 256 4 12 4 0 62 4096 0
malloc-512 512 1 7 2 0 30 4096 0
pcpu-16 16 7 249 7 0 254 4096 0
hostcache 96 1 41 1 0 254 4032 0
syncache 168 0 24 4 0 254 4032 0
malloc-32 32 8 118 29 0 254 4032 0
ripcb 488 3 5 11 0 254 3904 0
UMA Slabs 1 176 10 12 10 0 62 3872 0
malloc-384 384 1 9 1 0 30 3840 0
malloc-384 384 1 9 1 0 30 3840 0
KMAP ENTRY 96 12 27 12 0 0 3744 0
vmem 1856 1 1 1 0 8 3712 0
SMR CPU 32 2 29 2 0 254 992 0
SMR SHARED 24 2 29 2 0 254 744 0
FFS1 dinode 128 0 0 0 0 126 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 296 0 0 0 0 254 0 0
pf mtags 48 0 0 0 0 254 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
tcp_log_node 120 0 0 0 0 126 0 0
tcp_log_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
tcptw 88 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 744 0 0 0 0 16 0 0
AIOP 32 0 0 0 0 254 0 0
AIO 208 0 0 0 0 62 0 0
TMPFS node 224 0 0 0 0 62 0 0
NCLNODE 592 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
crypto_session 72 0 0 0 0 126 0 0
cryptop 280 0 0 0 0 30 0 0
IOMMU_MAP_ENTRY 120 0 0 0 0 126 0 0
ktls_session 192 0 0 0 0 62 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 832 0 0 0 0 62 0 0
mdpbuf 832 0 0 0 0 4 0 0
nfspbuf 832 0 0 0 0 16 0 0
swwbuf 832 0 0 0 0 8 0 0
swrbuf 832 0 0 0 0 16 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-512 512 0 0 0 0 30 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 23, 2020, 1:02:23 PM11/23/20
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 14b48c5d Make sbp(4) use xpt_alloc_ccb/xpt_free_ccb instea..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16f30e89500000
dashboard link: https://syzkaller.appspot.com/bug?extid=a0988828aafb00de7d68
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17414f05500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15762db9500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a09888...@syzkaller.appspotmail.com
panic: Bad tailq NEXT(0xfffff80004955a10->tqh_last) != NULL
cpuid = 1
time = 1606154409
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0025509140
vpanic() at vpanic+0x1c7/frame 0xfffffe00255091a0
panic() at panic+0x43/frame 0xfffffe0025509200
pf_tagname2tag() at pf_tagname2tag+0x2b1/frame 0xfffffe0025509250
pfioctl() at pfioctl+0x76e0/frame 0xfffffe0025509780
devfs_ioctl() at devfs_ioctl+0x14e/frame 0xfffffe00255097e0
VOP_IOCTL_APV() at VOP_IOCTL_APV+0x78/frame 0xfffffe0025509810
vn_ioctl() at vn_ioctl+0x278/frame 0xfffffe0025509930
devfs_ioctl_f() at devfs_ioctl_f+0x47/frame 0xfffffe0025509970
kern_ioctl() at kern_ioctl+0x3cd/frame 0xfffffe00255099e0
sys_ioctl() at sys_ioctl+0x265/frame 0xfffffe0025509ab0
amd64_syscall() at amd64_syscall+0x247/frame 0xfffffe0025509bf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0025509bf0
--- syscall (0, FreeBSD ELF64, nosys), rip = 0x2b4e3a, rsp = 0x7fffffffea18, rbp = 0x7fffffffea60 ---
KDB: enter: panic
[ thread pid 778 tid 100081 ]
rdx 0xffffffff818bcba0
rbx 0
rsp 0xfffffe0025509120
rbp 0xfffffe0025509140
rsi 0x1
rdi 0
ABI: FreeBSD ELF64
arguments: ./syz-executor616533862
(map 0xfffffe00257d03e0)
(map.pmap 0xfffffe00257d04a0)
(pmap 0xfffffe00257d0500)
threads: 1
100081 Run CPU 1 syz-executor6165338
775 773 773 0 S nanslp 0xffffffff8252ed90 syz-executor6165338
773 771 773 0 Ss pause 0xfffff80004a800b0 csh
771 682 771 0 Rs CPU 0 sshd
742 1 742 0 Ss+ ttyin 0xfffff800046a3cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff800049a18b0 getty
740 1 740 0 Ss+ ttyin 0xfffff800049a1cb0 getty
739 1 739 0 Ss+ ttyin 0xfffff800049990b0 getty
738 1 738 0 Ss+ ttyin 0xfffff800049994b0 getty
737 1 737 0 Ss+ ttyin 0xfffff800049998b0 getty
736 1 736 0 Ss+ ttyin 0xfffff80004999cb0 getty
735 1 735 0 Ss+ ttyin 0xfffff8000493b0b0 getty
734 1 734 0 Ss+ ttyin 0xfffff8000493b4b0 getty
732 1 24 0 S+ piperd 0xfffff80025eb22e8 logger
731 730 24 0 S+ nanslp 0xffffffff8252ed90 sleep
730 1 24 0 S+ wait 0xfffff80004b06a50 sh
495 1 495 0 Ss select 0xfffff80025ef0dc0 syslogd
424 1 424 0 Ss select 0xfffff80025ee1b40 devd
423 1 423 65 Ss select 0xfffff80025ee1bc0 dhclient
338 1 338 0 Ss select 0xfffff80025ee19c0 dhclient
335 1 335 0 Ss select 0xfffff80004a36140 dhclient
23 0 0 0 DL vlruwt 0xfffff800049f4528 [vnlru]
16 0 0 0 DL pftm 0xffffffff82e47390 [pf purge]
100024 D - 0xfffff800042cea00 [firmware taskq]
100029 D - 0xfffff800042ce300 [crypto_0]
100030 D - 0xfffff800042ce300 [crypto_1]
100055 D - 0xffffffff81d0b211 [deadlkres]
100062 D - 0xfffff800048c8200 [acpi_task_0]
100063 D - 0xfffff800048c8200 [acpi_task_1]
100064 D - 0xfffff800048c8200 [acpi_task_2]
exclusive rm pf rulesets (pf rulesets) r = 0 (0xffffffff82e9a4b8) locked @ /syzkaller/managers/main/kernel/sys/netpfil/pf/pf_ioctl.c:1587
vfscache 3 1025K 3
pcb 21 537K 75
inodedep 11 516K 91
linker 254 97K 282
DEVFS3 120 30K 130
umtx 234 30K 234
kdtrace 149 29K 1613
gtaskqueue 18 26K 18
BPF 10 18K 10
ifnet 3 5K 3
filedesc 1 4K 1
evdev 4 4K 4
pf_ifnet 7 4K 10
routetbl 15 4K 47
hhook 13 4K 13
ether_multi 40 4K 50
lltable 11 4K 11
in6_multi 25 3K 25
kqueue 47 3K 781
pwddesc 47 3K 779
pgrp 20 3K 34
uidinfo 3 3K 10
proc-args 39 2K 479
selfd 23 2K 10427
ipsec 3 1K 3
diradd 6 1K 40
indirdep 3 1K 3
nhops 6 1K 6
ip6ndp 4 1K 5
in_multi 2 1K 4
osd 3 1K 9
sctp_ifn 2 1K 7
mld 2 1K 2
igmp 2 1K 2
loginclass 3 1K 7
tcpfunc 2 1K 2
procdesc 1 1K 6
pmchooks 1 1K 1
DEVFSP 2 1K 2
soname 4 1K 3057
filecaps 4 1K 67
tun 3 1K 3
pf_table 0 0K 8
sctp_iter 0 0K 3
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 3
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
CAM CCB 0 0K 2008
mkdir 0 0K 16
freefile 0 0K 25
freeblks 0 0K 25
freefrag 0 0K 7
statfs 0 0K 199
mbuf_tag 0 0K 27
mbuf_cluster 2048 9098 2 9098 0 254 18636800 0
mbuf_packet 256 8192 778 25647 0 254 2296320 0
BUF TRIE 144 167 13301 658 0 62 1939392 0
pbuf 832 0 985 0 0 2 819520 0
UMA Slabs 0 112 5341 20 5341 0 126 600432 0
FFS inode 1128 489 15 515 0 8 568512 0
RADIX NODE 144 2059 178 19558 0 62 322128 0
VNODE 488 519 33 547 0 30 269376 0
VM OBJECT 264 900 45 12505 0 30 249480 0
256 Bucket 2048 99 19 5949 0 8 241664 0
malloc-4096 4096 51 2 1234 0 2 217088 0
DEVCTL 1024 0 208 109 0 0 212992 0
THREAD 1792 105 12 105 0 8 209664 0
malloc-16 16 12218 32 12280 0 254 196000 0
malloc-64 64 2751 84 2776 0 254 181440 0
malloc-65536 65536 0 2 45 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
mbuf 256 385 110 1898 0 254 126720 0
malloc-1024 1024 113 3 123 0 16 118784 0
ksiginfo 112 35 1009 51 0 126 116928 0
S VFS Cache 104 1015 77 1061 0 126 113568 0
MAP ENTRY 96 847 329 37440 0 126 112896 0
vmem btag 56 1654 62 1654 0 254 96096 0
malloc-4096 4096 23 0 34 0 2 94208 0
malloc-2048 2048 1 45 2009 0 8 94208 0
VMSPACE 2544 24 6 757 0 4 76320 0
malloc-8192 8192 6 3 34 0 1 73728 0
128 Bucket 1024 36 31 3189 0 16 68608 0
PROC 1320 46 5 778 0 8 67320 0
filedesc0 1072 47 9 779 0 8 60032 0
malloc-64 64 540 279 12103 0 254 52416 0
malloc-256 256 154 41 1239 0 62 49920 0
malloc-256 256 136 29 445 0 62 42240 0
NAMEI 1024 0 40 11900 0 16 40960 0
mbuf_jumbo_page 4096 0 10 10 0 254 40960 0
malloc-384 384 72 8 363 0 30 30720 0
64 Bucket 512 47 9 541 0 30 28672 0
malloc-384 384 10 60 90 0 30 26880 0
malloc-384 384 53 17 53 0 30 26880 0
malloc-256 256 25 80 692 0 62 26880 0
clpbuf 832 0 32 137 0 16 26624 0
socket 944 14 14 1190 0 254 26432 0
malloc-128 128 142 44 494 0 126 23808 0
tcpcb 1048 3 19 7 0 254 23056 0
malloc-64 64 198 117 1720 0 254 20160 0
8 Bucket 80 57 193 5674 0 126 20000 0
TURNSTILE 136 118 29 118 0 62 19992 0
malloc-1024 1024 7 9 876 0 16 16384 0
malloc-128 128 95 29 779 0 126 15872 0
malloc-256 256 52 8 53 0 62 15360 0
malloc-256 256 36 24 467 0 62 15360 0
pipe 744 7 13 285 0 16 14880 0
malloc-4096 4096 3 0 4 0 2 12288 0
malloc-512 512 1 23 119 0 30 12288 0
2 Bucket 32 51 327 8388 0 254 12096 0
Files 80 70 80 6412 0 126 12000 0
SLEEPQUEUE 88 118 10 118 0 126 11264 0
malloc-2048 2048 1 3 36 0 8 8192 0
malloc-2048 2048 3 1 3 0 8 8192 0
malloc-1024 1024 3 5 17 0 16 8192 0
malloc-512 512 4 12 4 0 30 8192 0
rl_entry 40 28 174 28 0 254 8080 0
sctp_laddr 48 0 168 4 0 254 8064 0
udpcb 32 2 250 120 0 254 8064 0
PWD 32 10 242 103 0 254 8064 0
malloc-64 64 11 115 24 0 254 8064 0
malloc-64 64 2 124 37 0 254 8064 0
malloc-64 64 28 98 49 0 254 8064 0
malloc-32 32 100 152 136 0 254 8064 0
malloc-32 32 46 206 1888 0 254 8064 0
malloc-32 32 57 195 811 0 254 8064 0
vtnet_tx_hdr 24 0 334 933 0 254 8016 0
malloc-16 16 39 461 495 0 254 8000 0
malloc-16 16 183 317 1238 0 254 8000 0
malloc-128 128 43 19 2952 0 126 7936 0
tcp_inpcb 488 3 13 7 0 254 7808 0
udp_inpcb 488 2 14 120 0 254 7808 0
kenv 258 3 27 998 0 30 7740 0
routing nhops 256 11 19 18 0 62 7680 0
unpcb 256 7 23 1042 0 254 7680 0
malloc-384 384 4 16 21 0 30 7680 0
malloc-384 384 9 11 9 0 30 7680 0
malloc-256 256 13 17 44 0 62 7680 0
KNOTE 160 0 25 8 0 62 4000 0
ripcb 488 1 7 4 0 254 3904 0
UMA Slabs 1 176 7 15 7 0 62 3872 0
sctp_asoc 2288 0 0 0 0 254 0 0
sctp_ep 1280 0 0 0 0 254 0 0
HEAD commit: 14b48c5d Make sbp(4) use xpt_alloc_ccb/xpt_free_ccb instea..
git tree: freebsd
dashboard link: https://syzkaller.appspot.com/bug?extid=a0988828aafb00de7d68
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17414f05500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15762db9500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a09888...@syzkaller.appspotmail.com
cpuid = 1
time = 1606154409
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0025509140
vpanic() at vpanic+0x1c7/frame 0xfffffe00255091a0
panic() at panic+0x43/frame 0xfffffe0025509200
pf_tagname2tag() at pf_tagname2tag+0x2b1/frame 0xfffffe0025509250
pfioctl() at pfioctl+0x76e0/frame 0xfffffe0025509780
devfs_ioctl() at devfs_ioctl+0x14e/frame 0xfffffe00255097e0
VOP_IOCTL_APV() at VOP_IOCTL_APV+0x78/frame 0xfffffe0025509810
vn_ioctl() at vn_ioctl+0x278/frame 0xfffffe0025509930
devfs_ioctl_f() at devfs_ioctl_f+0x47/frame 0xfffffe0025509970
kern_ioctl() at kern_ioctl+0x3cd/frame 0xfffffe00255099e0
sys_ioctl() at sys_ioctl+0x265/frame 0xfffffe0025509ab0
amd64_syscall() at amd64_syscall+0x247/frame 0xfffffe0025509bf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0025509bf0
--- syscall (0, FreeBSD ELF64, nosys), rip = 0x2b4e3a, rsp = 0x7fffffffea18, rbp = 0x7fffffffea60 ---
KDB: enter: panic
[ thread pid 778 tid 100081 ]
Stopped at kdb_enter+0x67: movq $0,0x1488216(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0x80
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rdx 0xffffffff818bcba0
rbx 0
rsp 0xfffffe0025509120
rbp 0xfffffe0025509140
rsi 0x1
rdi 0
r8 0
r9 0xffffffff
r10 0
r11 0xfffffe0019faac10
r9 0xffffffff
r10 0
r12 0xffffffff820671c0 ddb_dbbe
r13 0
r14 0xffffffff819643fa
r15 0xffffffff819643fa
rip 0xffffffff810d33e7 kdb_enter+0x67
rflags 0x82
kdb_enter+0x67: movq $0,0x1488216(%rip)
db> show proc
Process 778 (syz-executor6165338) at 0xfffff80004ab0a50:
r13 0
r14 0xffffffff819643fa
r15 0xffffffff819643fa
rip 0xffffffff810d33e7 kdb_enter+0x67
rflags 0x82
kdb_enter+0x67: movq $0,0x1488216(%rip)
db> show proc
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 775 at 0xfffff800049f4000
uid: 0 gids: 0, 0, 5
ABI: FreeBSD ELF64
arguments: ./syz-executor616533862
reaper: 0xfffff80004291528 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00257d03e0
sigparent: 20
(map 0xfffffe00257d03e0)
(map.pmap 0xfffffe00257d04a0)
(pmap 0xfffffe00257d0500)
threads: 1
100081 Run CPU 1 syz-executor6165338
db> ps
pid ppid pgrp uid state wmesg wchan cmd
778 775 773 0 R CPU 1 syz-executor6165338
pid ppid pgrp uid state wmesg wchan cmd
775 773 773 0 S nanslp 0xffffffff8252ed90 syz-executor6165338
773 771 773 0 Ss pause 0xfffff80004a800b0 csh
771 682 771 0 Rs CPU 0 sshd
742 1 742 0 Ss+ ttyin 0xfffff800046a3cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff800049a18b0 getty
740 1 740 0 Ss+ ttyin 0xfffff800049a1cb0 getty
739 1 739 0 Ss+ ttyin 0xfffff800049990b0 getty
738 1 738 0 Ss+ ttyin 0xfffff800049994b0 getty
737 1 737 0 Ss+ ttyin 0xfffff800049998b0 getty
736 1 736 0 Ss+ ttyin 0xfffff80004999cb0 getty
735 1 735 0 Ss+ ttyin 0xfffff8000493b0b0 getty
734 1 734 0 Ss+ ttyin 0xfffff8000493b4b0 getty
732 1 24 0 S+ piperd 0xfffff80025eb22e8 logger
731 730 24 0 S+ nanslp 0xffffffff8252ed90 sleep
730 1 24 0 S+ wait 0xfffff80004b06a50 sh
686 1 686 0 Ss nanslp 0xffffffff8252ed90 cron
682 1 682 0 Ss select 0xfffff80025ef0c40 sshd
495 1 495 0 Ss select 0xfffff80025ef0dc0 syslogd
424 1 424 0 Ss select 0xfffff80025ee1b40 devd
423 1 423 65 Ss select 0xfffff80025ee1bc0 dhclient
338 1 338 0 Ss select 0xfffff80025ee19c0 dhclient
335 1 335 0 Ss select 0xfffff80004a36140 dhclient
23 0 0 0 DL vlruwt 0xfffff800049f4528 [vnlru]
22 0 0 0 DL syncer 0xffffffff8261c138 [syncer]
21 0 0 0 DL (threaded) [bufdaemon]
100070 D qsleep 0xffffffff8261b200 [bufdaemon]
100077 D - 0xffffffff8200ac80 [bufspacedaemon-0]
100087 D sdflush 0xfffff800041818e8 [/ worker]
21 0 0 0 DL (threaded) [bufdaemon]
100070 D qsleep 0xffffffff8261b200 [bufdaemon]
100077 D - 0xffffffff8200ac80 [bufspacedaemon-0]
20 0 0 0 DL psleep 0xffffffff826426c8 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100068 D psleep 0xffffffff82636b38 [dom0]
100075 D launds 0xffffffff82636b44 [laundry: dom0]
100076 D umarcl 0xffffffff814def40 [uma]
18 0 0 0 DL - 0xffffffff82363278 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff82cd7818 [sctp_iterator]
19 0 0 0 DL (threaded) [pagedaemon]
100068 D psleep 0xffffffff82636b38 [dom0]
100075 D launds 0xffffffff82636b44 [laundry: dom0]
100076 D umarcl 0xffffffff814def40 [uma]
18 0 0 0 DL - 0xffffffff82363278 [rand_harvestq]
16 0 0 0 DL pftm 0xffffffff82e47390 [pf purge]
100029 D - 0xfffff800042ce300 [crypto_0]
100030 D - 0xfffff800042ce300 [crypto_1]
100044 D - 0xfffff80004342300 [vtnet0 rxq 0]
100045 D - 0xfffff80004342200 [vtnet0 txq 0]
100046 D - 0xfffff80004342100 [vtnet0 rxq 1]
100047 D - 0xfffff80004342000 [vtnet0 txq 1]
100049 D vtbslp 0xfffff80004486880 [virtio_balloon]
100053 D - 0xfffff800046afe00 [mca taskq]
100045 D - 0xfffff80004342200 [vtnet0 txq 0]
100046 D - 0xfffff80004342100 [vtnet0 rxq 1]
100047 D - 0xfffff80004342000 [vtnet0 txq 1]
100049 D vtbslp 0xfffff80004486880 [virtio_balloon]
100055 D - 0xffffffff81d0b211 [deadlkres]
100062 D - 0xfffff800048c8200 [acpi_task_0]
100063 D - 0xfffff800048c8200 [acpi_task_1]
100064 D - 0xfffff800048c8200 [acpi_task_2]
100066 D - 0xfffff80004342b00 [CAM taskq]
db> show all locks
Process 778 (syz-executor6165338) thread 0xfffffe0019faa700 (100081)
db> show all locks
exclusive rm pf rulesets (pf rulesets) r = 0 (0xffffffff82e9a4b8) locked @ /syzkaller/managers/main/kernel/sys/netpfil/pf/pf_ioctl.c:1587
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4214 4339K 4239
Type InUse MemUse Requests
pf_hash 5 11524K 5
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 29217 1704K 29281
kobj 336 1344K 496
newblk 524 1155K 585
vtbuf 24 1968K 46
sysctloid 29217 1704K 29281
kobj 336 1344K 496
vfscache 3 1025K 3
pcb 21 537K 75
inodedep 11 516K 91
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 99 208K 831
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
acpica 1674 184K 52503
vnet_data 1 168K 1
tidhash 3 141K 3
pagedep 9 130K 64
vnet_data 1 168K 1
tidhash 3 141K 3
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 101 101K 110
sem 4 106K 4
linker 254 97K 282
bus 979 79K 3035
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 507 64K 507
temp 18 33K 1544
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 507 64K 507
hostcache 1 32K 1
shm 1 32K 1
msg 4 30K 4
shm 1 32K 1
DEVFS3 120 30K 130
umtx 234 30K 234
kdtrace 149 29K 1613
gtaskqueue 18 26K 18
vmem 3 22K 4
kbdmux 6 22K 6
DEVFS_RULE 56 20K 56
kbdmux 6 22K 6
BPF 10 18K 10
ufs_mount 5 17K 6
proc 3 17K 3
tty 16 16K 16
ithread 99 16K 99
proc 3 17K 3
tty 16 16K 16
ithread 99 16K 99
bus-sc 30 14K 1416
KTRACE 100 13K 100
ifaddr 32 12K 32
KTRACE 100 13K 100
kenv 92 12K 92
eventhandler 129 11K 129
eventhandler 129 11K 129
GEOM 60 10K 489
rman 82 10K 423
bmsafemap 2 9K 47
rman 82 10K 423
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
pfs_nodes 20 8K 20
audit_evclass 233 8K 291
CAM DEV 3 6K 510
cred 21 6K 260
audit_evclass 233 8K 291
CAM DEV 3 6K 510
sglist 5 6K 5
CAM queue 5 6K 1528
taskqueue 48 6K 48
ufs_dirhash 24 5K 24
plimit 17 5K 367
CAM queue 5 6K 1528
taskqueue 48 6K 48
ufs_dirhash 24 5K 24
ifnet 3 5K 3
vt 11 5K 11
UMA 254 5K 254
memdesc 1 4K 1
MCA 32 4K 32
ioctlops 1 4K 90
UMA 254 5K 254
memdesc 1 4K 1
MCA 32 4K 32
filedesc 1 4K 1
evdev 4 4K 4
pf_ifnet 7 4K 10
routetbl 15 4K 47
hhook 13 4K 13
ether_multi 40 4K 50
lltable 11 4K 11
in6_multi 25 3K 25
kqueue 47 3K 781
pwddesc 47 3K 779
terminal 11 3K 11
acpisem 22 3K 22
session 20 3K 34
acpisem 22 3K 22
pgrp 20 3K 34
uidinfo 3 3K 10
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
lockf 16 2K 26
io_apic 1 2K 1
ipsec-saq 2 2K 2
proc-args 39 2K 479
CAM XPT 22 2K 543
Unitno 25 2K 37
selfd 23 2K 10427
ipsecpolicy 2 2K 2
acpidev 20 2K 20
msi 9 2K 9
clone 9 2K 9
pf_rule 1 1K 3
acpidev 20 2K 20
msi 9 2K 9
clone 9 2K 9
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
vnodemarker 2 1K 10
sahead 1 1K 1
secasvar 1 1K 1
NFSD session 1 1K 1
CAM periph 4 1K 271
select 7 1K 29
CAM periph 4 1K 271
ipsec 3 1K 3
diradd 6 1K 40
indirdep 3 1K 3
nhops 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
sctp_ifa 5 1K 7
pci_link 10 1K 10
ip6ndp 4 1K 5
encap_export_host 12 1K 12
crypto 3 1K 3
dirrem 2 1K 30
crypto 3 1K 3
in_multi 2 1K 4
pfil 4 1K 4
CAM SIM 2 1K 2
cdev 2 1K 2
chacha20random 1 1K 1
CAM SIM 2 1K 2
cdev 2 1K 2
osd 3 1K 9
sctp_ifn 2 1K 7
mld 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
ktls 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
inpcbpolicy 6 1K 131
ktls 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 7
prison 6 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
freework 1 1K 26
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
tcpfunc 2 1K 2
procdesc 1 1K 6
pmchooks 1 1K 1
DEVFSP 2 1K 2
soname 4 1K 3057
filecaps 4 1K 67
tun 3 1K 3
nexusdev 5 1K 5
sctp_vrf 1 1K 1
entropy 2 1K 37
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
pf_table 0 0K 8
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
sctp_mcore 0 0K 0
sctp_iter 0 0K 3
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 3
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 8
jblocks 0 0K 0
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 3
jfsync 0 0K 0
jtrunc 0 0K 0
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
newdirblk 0 0K 8
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
mkdir 0 0K 16
freefile 0 0K 25
freeblks 0 0K 25
freefrag 0 0K 7
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
accf 0 0K 0
pts 0 0K 0
iov 0 0K 13162
pts 0 0K 0
Witness 0 0K 0
stack 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
sbuf 0 0K 288
mps_user 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
MPSSAS 0 0K 0
SWAP 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
sysctltmp 0 0K 590
stack 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
sbuf 0 0K 288
mps_user 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
MPSSAS 0 0K 0
SWAP 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
sysctl 0 0K 1
MPRSAS 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
cache 0 0K 0
kcovinfo 0 0K 0
MPRSAS 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
cache 0 0K 0
mbuf_packet 256 8192 778 25647 0 254 2296320 0
BUF TRIE 144 167 13301 658 0 62 1939392 0
malloc-384 384 4138 12 4140 0 30 1593600 0
malloc-4096 4096 336 2 496 0 2 1384448 0
malloc-128 128 10361 24 10658 0 126 1329280 0
malloc-4096 4096 336 2 496 0 2 1384448 0
pbuf 832 0 985 0 0 2 819520 0
UMA Slabs 0 112 5341 20 5341 0 126 600432 0
FFS inode 1128 489 15 515 0 8 568512 0
RADIX NODE 144 2059 178 19558 0 62 322128 0
VNODE 488 519 33 547 0 30 269376 0
malloc-65536 65536 4 0 4 0 1 262144 0
malloc-65536 65536 3 1 11 0 1 262144 0
VM OBJECT 264 900 45 12505 0 30 249480 0
256 Bucket 2048 99 19 5949 0 8 241664 0
malloc-4096 4096 51 2 1234 0 2 217088 0
DEVCTL 1024 0 208 109 0 0 212992 0
THREAD 1792 105 12 105 0 8 209664 0
malloc-16 16 12218 32 12280 0 254 196000 0
malloc-64 64 2751 84 2776 0 254 181440 0
UMA Zones 768 226 3 226 0 16 175872 0
malloc-32 32 4771 143 4947 0 254 157248 0
malloc-128 128 1126 83 24452 0 126 154752 0
malloc-256 256 558 12 741 0 62 145920 0
malloc-65536 65536 0 2 45 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
FFS2 dinode 256 489 6 514 0 62 126720 0
mbuf 256 385 110 1898 0 254 126720 0
malloc-1024 1024 113 3 123 0 16 118784 0
ksiginfo 112 35 1009 51 0 126 116928 0
S VFS Cache 104 1015 77 1061 0 126 113568 0
MAP ENTRY 96 847 329 37440 0 126 112896 0
vmem btag 56 1654 62 1654 0 254 96096 0
malloc-4096 4096 23 0 34 0 2 94208 0
malloc-2048 2048 1 45 2009 0 8 94208 0
UMA Kegs 384 212 1 212 0 30 81792 0
g_bio 408 0 190 5683 0 30 77520 0
VMSPACE 2544 24 6 757 0 4 76320 0
malloc-8192 8192 6 3 34 0 1 73728 0
128 Bucket 1024 36 31 3189 0 16 68608 0
PROC 1320 46 5 778 0 8 67320 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 0 2 112 0 1 65536 0
filedesc0 1072 47 9 779 0 8 60032 0
malloc-64 64 540 279 12103 0 254 52416 0
malloc-256 256 154 41 1239 0 62 49920 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-16384 16384 2 1 5 0 1 49152 0
32 Bucket 256 48 132 802 0 62 46080 0
malloc-16384 16384 2 1 5 0 1 49152 0
malloc-2048 2048 9 13 516 0 8 45056 0
malloc-64 64 523 170 1604 0 254 44352 0
malloc-128 128 305 36 435 0 126 43648 0
malloc-256 256 136 29 445 0 62 42240 0
NAMEI 1024 0 40 11900 0 16 40960 0
mbuf_jumbo_page 4096 0 10 10 0 254 40960 0
DIRHASH 1024 34 2 34 0 16 36864 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-16384 16384 0 2 136 0 1 32768 0
pcpu-64 64 452 60 452 0 254 32768 0
pcpu-8 8 3862 234 3984 0 254 32768 0
malloc-384 384 72 8 363 0 30 30720 0
64 Bucket 512 47 9 541 0 30 28672 0
malloc-384 384 10 60 90 0 30 26880 0
malloc-384 384 53 17 53 0 30 26880 0
malloc-256 256 25 80 692 0 62 26880 0
clpbuf 832 0 32 137 0 16 26624 0
socket 944 14 14 1190 0 254 26432 0
malloc-8192 8192 2 1 4 0 1 24576 0
malloc-8192 8192 2 1 91 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
4 Bucket 48 9 495 7710 0 254 24192 0
malloc-8192 8192 2 1 91 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
ttyinq 160 135 15 300 0 62 24000 0
malloc-128 128 127 59 175 0 126 23808 0
malloc-128 128 142 44 494 0 126 23808 0
tcpcb 1048 3 19 7 0 254 23056 0
ttyoutq 256 72 18 160 0 62 23040 0
malloc-4096 4096 4 1 7 0 2 20480 0
malloc-2048 2048 3 7 23 0 8 20480 0
malloc-2048 2048 5 5 261 0 8 20480 0
malloc-1024 1024 18 2 18 0 16 20480 0
malloc-64 64 249 66 13095 0 254 20160 0
malloc-1024 1024 18 2 18 0 16 20480 0
malloc-64 64 198 117 1720 0 254 20160 0
8 Bucket 80 57 193 5674 0 126 20000 0
TURNSTILE 136 118 29 118 0 62 19992 0
Mountpoints 2752 2 5 2 0 4 19264 0
malloc-256 256 57 18 471 0 62 19200 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 1 3 204 0 2 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-1024 1024 7 9 876 0 16 16384 0
malloc-1024 1024 14 2 14 0 16 16384 0
malloc-32 32 277 227 404 0 254 16128 0
malloc-128 128 95 29 779 0 126 15872 0
malloc-256 256 52 8 53 0 62 15360 0
malloc-256 256 36 24 467 0 62 15360 0
pipe 744 7 13 285 0 16 14880 0
malloc-4096 4096 3 0 4 0 2 12288 0
malloc-2048 2048 3 3 194 0 8 12288 0
malloc-1024 1024 2 10 42 0 16 12288 0
malloc-512 512 1 23 119 0 30 12288 0
2 Bucket 32 51 327 8388 0 254 12096 0
Files 80 70 80 6412 0 126 12000 0
SLEEPQUEUE 88 118 10 118 0 126 11264 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 3 0 2 8192 0
malloc-2048 2048 2 2 14 0 8 8192 0
malloc-4096 4096 1 1 3 0 2 8192 0
malloc-2048 2048 1 3 36 0 8 8192 0
malloc-2048 2048 3 1 3 0 8 8192 0
malloc-1024 1024 3 5 3 0 16 8192 0
malloc-1024 1024 4 4 141 0 16 8192 0
malloc-1024 1024 3 5 17 0 16 8192 0
malloc-512 512 4 12 4 0 30 8192 0
malloc-512 512 2 14 510 0 30 8192 0
malloc-512 512 2 14 10 0 30 8192 0
malloc-512 512 8 8 8 0 30 8192 0
rtentry 176 14 32 18 0 62 8096 0
rl_entry 40 28 174 28 0 254 8080 0
sctp_laddr 48 0 168 4 0 254 8064 0
udpcb 32 2 250 120 0 254 8064 0
PWD 32 10 242 103 0 254 8064 0
malloc-64 64 11 115 24 0 254 8064 0
malloc-64 64 2 124 37 0 254 8064 0
malloc-64 64 28 98 49 0 254 8064 0
malloc-32 32 100 152 136 0 254 8064 0
malloc-32 32 46 206 1888 0 254 8064 0
malloc-32 32 57 195 811 0 254 8064 0
malloc-32 32 30 222 2654 0 254 8064 0
16 Bucket 144 37 19 196 0 62 8064 0
vtnet_tx_hdr 24 0 334 933 0 254 8016 0
malloc-16 16 16 484 46 0 254 8000 0
malloc-16 16 28 472 229 0 254 8000 0
malloc-16 16 39 461 495 0 254 8000 0
malloc-16 16 183 317 1238 0 254 8000 0
malloc-16 16 8 492 8 0 254 8000 0
malloc-16 16 252 248 254 0 254 8000 0
malloc-16 16 27 473 23643 0 254 8000 0
malloc-128 128 15 47 75 0 126 7936 0
malloc-128 128 43 19 2952 0 126 7936 0
tcp_inpcb 488 3 13 7 0 254 7808 0
udp_inpcb 488 2 14 120 0 254 7808 0
kenv 258 3 27 998 0 30 7740 0
routing nhops 256 11 19 18 0 62 7680 0
unpcb 256 7 23 1042 0 254 7680 0
malloc-384 384 4 16 21 0 30 7680 0
malloc-384 384 9 11 9 0 30 7680 0
malloc-256 256 13 17 44 0 62 7680 0
FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 7 55 7 0 126 6448 0
epoch_record pcpu 256 4 12 4 0 62 4096 0
malloc-512 512 1 7 2 0 30 4096 0
malloc-512 512 3 5 44 0 30 4096 0
cpuset 104 7 55 7 0 126 6448 0
epoch_record pcpu 256 4 12 4 0 62 4096 0
malloc-512 512 1 7 2 0 30 4096 0
pcpu-16 16 7 249 7 0 254 4096 0
pf tags 104 1 38 5 0 126 4056 0
hostcache 96 1 41 1 0 254 4032 0
syncache 168 0 24 5 0 254 4032 0
malloc-32 32 8 118 29 0 254 4032 0
malloc-32 32 1 125 20 0 254 4032 0
KNOTE 160 0 25 8 0 62 4000 0
ripcb 488 1 7 4 0 254 3904 0
UMA Slabs 1 176 7 15 7 0 62 3872 0
malloc-384 384 1 9 1 0 30 3840 0
malloc-384 384 1 9 1 0 30 3840 0
KMAP ENTRY 96 12 27 12 0 0 3744 0
vmem 1856 1 1 1 0 8 3712 0
SMR CPU 32 2 29 2 0 254 992 0
SMR SHARED 24 2 29 2 0 254 744 0
FFS1 dinode 128 0 0 0 0 126 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_raddr 736 0 0 0 0 254 0 0
malloc-384 384 1 9 1 0 30 3840 0
KMAP ENTRY 96 12 27 12 0 0 3744 0
vmem 1856 1 1 1 0 8 3712 0
SMR CPU 32 2 29 2 0 254 992 0
SMR SHARED 24 2 29 2 0 254 744 0
FFS1 dinode 128 0 0 0 0 126 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_asoc 2288 0 0 0 0 254 0 0
sctp_ep 1280 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 296 0 0 0 0 254 0 0
pf mtags 48 0 0 0 0 254 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
udplite_inpcb 488 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 296 0 0 0 0 254 0 0
pf mtags 48 0 0 0 0 254 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
Reply all
Reply to author
Forward
0 new messages