panic: Counter goes negative (3)

3 views
Skip to first unread message

syzbot

unread,
Mar 5, 2022, 7:47:25 AM3/5/22
to syzkaller-f...@googlegroups.com
Hello,

syzbot found the following issue on:

HEAD commit: d746ab215cc8 libbsddialog: Add _XOPEN_SOURCE_EXTENDED for ..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=151ead85700000
dashboard link: https://syzkaller.appspot.com/bug?extid=e256d42e9b390564530a
userspace arch: i386

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e256d4...@syzkaller.appspotmail.com

panic: Counter goes negative
cpuid = 0
time = 1646484396
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe0092bccff0
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe0092bcd150
vpanic() at vpanic+0x2b8/frame 0xfffffe0092bcd230
panic() at panic+0xb5/frame 0xfffffe0092bcd2f0
sctp_sorecvmsg() at sctp_sorecvmsg+0x303c/frame 0xfffffe0092bcd5a0
sctp_soreceive() at sctp_soreceive+0x247/frame 0xfffffe0092bcd8a0
soreceive() at soreceive+0xf6/frame 0xfffffe0092bcd910
kern_recvit() at kern_recvit+0x557/frame 0xfffffe0092bcdad0
freebsd32_recvmsg() at freebsd32_recvmsg+0x473/frame 0xfffffe0092bcdd30
ia32_syscall() at ia32_syscall+0x419/frame 0xfffffe0092bcdf30
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xfbfdbf78
KDB: enter: panic
[ thread pid 3313 tid 103152 ]
Stopped at kdb_enter+0x6b: movq $0,0x27098aa(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0
rax 0x12
rcx 0x9d93ce3c58341674
rdx 0x1
rbx 0
rsp 0xfffffe0092bcd130
rbp 0xfffffe0092bcd150
rsi 0
rdi 0xffffffff8177926a vprintf+0x35a
r8 0
r9 0xffffffff
r10 0
r11 0xfffffe0092dc7e10
r12 0xfffffe0092dc7900
r13 0xfffffe0092bcd101
r14 0xffffffff82bb5260 .str.26
r15 0xffffffff82bb5260 .str.26
rip 0xffffffff8176c7eb kdb_enter+0x6b
rflags 0x200046 kernload+0x46
kdb_enter+0x6b: movq $0,0x27098aa(%rip)
db> show proc
Process 3313 (syz-executor.1) at 0xfffffe0099a67548:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 782 at 0xfffffe0092db0000
ABI: FreeBSD ELF32
flag: 0x10000080 flag2: 0
arguments: /root/syz-executor.1 exec
reaper: 0xfffffe0053dda000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00999523f0
(map 0xfffffe00999523f0)
(map.pmap 0xfffffe00999524b0)
(pmap 0xfffffe0099952518)
threads: 4
103137 RunQ syz-executor.1
103148 S connec 0xfffffe0058c1049a syz-executor.1
103152 Run CPU 0 syz-executor.1
103153 D so_rcv_ 0xfffffe0058c10540 syz-executor.1
db> ps
pid ppid pgrp uid state wmesg wchan cmd
3313 782 782 0 R (threaded) syz-executor.1
103137 RunQ syz-executor.1
103148 S connec 0xfffffe0058c1049a syz-executor.1
103152 Run CPU 0 syz-executor.1
103153 D so_rcv_ 0xfffffe0058c10540 syz-executor.1
3312 784 784 0 R (threaded) syz-executor.2
103145 Run CPU 1 syz-executor.2
103150 RunQ syz-executor.2
3307 781 781 0 T (threaded) syz-executor.0
103131 D getblk 0xfffffe0007a9dd10 syz-executor.0
103147 s syz-executor.0
2534 2528 2534 0 Ss select 0xfffffe009962c540 dhclient
2531 1 2531 0 Ss select 0xfffffe009962c4c0 dhclient
2528 2521 430 65 S select 0xfffffe008fed0a40 dhclient
2521 430 430 0 S wait 0xfffffe008fe31a90 sh
2510 1 2510 65 Ss select 0xfffffe009962d2c0 dhclient
1233 0 0 0 DL aiordy 0xfffffe00999d9000 [aiod4]
1232 0 0 0 DL aiordy 0xfffffe00999d9548 [aiod3]
1231 0 0 0 DL aiordy 0xfffffe00999d9a90 [aiod2]
1230 0 0 0 DL aiordy 0xfffffe00999da000 [aiod1]
1190 1 782 0 SV uwait 0xfffffe009962ca00 syz-executor.1
1181 1 782 0 SV uwait 0xfffffe009962c600 syz-executor.1
1172 1 782 0 SV uwait 0xfffffe009962cb00 syz-executor.1
1164 1 782 0 SV uwait 0xfffffe008fed1980 syz-executor.1
1155 1 782 0 SV uwait 0xfffffe008fed1d80 syz-executor.1
1146 1 782 0 SV uwait 0xfffffe008fed1b80 syz-executor.1
1137 1 782 0 SV uwait 0xfffffe0057448800 syz-executor.1
1129 1 782 0 SV uwait 0xfffffe0057878480 syz-executor.1
1118 1 782 0 SV uwait 0xfffffe0057448900 syz-executor.1
1111 1 782 0 SV uwait 0xfffffe0057876d80 syz-executor.1
1101 1 782 0 SV uwait 0xfffffe0057877100 syz-executor.1
1097 1 781 0 SV uwait 0xfffffe009962cf00 syz-executor.0
1092 1 782 0 SV uwait 0xfffffe008fed2d80 syz-executor.1
1082 1 782 0 SV uwait 0xfffffe0057878000 syz-executor.1
1074 1 782 0 SV uwait 0xfffffe0057445300 syz-executor.1
1064 1 782 0 SV uwait 0xfffffe0057448b00 syz-executor.1
1058 1 1058 0 Ss select 0xfffffe008fed2340 dhclient
1055 1 1055 0 Ss select 0xfffffe009962d1c0 dhclient
1019 1 782 0 SV uwait 0xfffffe009962d500 syz-executor.1
1009 1 782 0 SV uwait 0xfffffe0057445500 syz-executor.1
997 1 782 0 SV uwait 0xfffffe0056f48f00 syz-executor.1
984 1 782 0 SV uwait 0xfffffe0056f48b00 syz-executor.1
974 1 782 0 SV uwait 0xfffffe0057876880 syz-executor.1
964 1 782 0 SV uwait 0xfffffe0057877200 syz-executor.1
951 1 782 0 SV uwait 0xfffffe0057876980 syz-executor.1
896 1 782 0 SV uwait 0xfffffe0057877300 syz-executor.1
886 1 782 0 SV uwait 0xfffffe0056f48e00 syz-executor.1
851 1 782 0 SV uwait 0xfffffe0057877600 syz-executor.1
800 774 800 0 Rs syz-executor.3
784 774 784 0 Ss nanslp 0xffffffff83e43740 syz-executor.2
782 774 782 0 Ss nanslp 0xffffffff83e43740 syz-executor.1
781 774 781 0 Rs syz-executor.0
774 772 772 0 S (threaded) syz-fuzzer
100115 S uwait 0xfffffe0057878200 syz-fuzzer
100117 S uwait 0xfffffe0057878400 syz-fuzzer
100118 S uwait 0xfffffe0057878580 syz-fuzzer
100119 S uwait 0xfffffe0057877800 syz-fuzzer
100120 S uwait 0xfffffe0057877900 syz-fuzzer
100121 S uwait 0xfffffe0057877a00 syz-fuzzer
100122 S uwait 0xfffffe0057877b00 syz-fuzzer
100124 S uwait 0xfffffe008fed2e80 syz-fuzzer
100768 S kqread 0xfffffe000796f900 syz-fuzzer
772 770 772 0 Ss pause 0xfffffe008fe2c0b0 csh
770 688 770 0 Ss select 0xfffffe008fed2cc0 sshd
755 1 755 0 Ss+ ttyin 0xfffffe0057466cb0 getty
754 1 754 0 Ss+ ttyin 0xfffffe00579a6cb0 getty
753 1 753 0 Ss+ ttyin 0xfffffe00579a70b0 getty
752 1 752 0 Ss+ ttyin 0xfffffe00579a74b0 getty
751 1 751 0 Ss+ ttyin 0xfffffe00579a78b0 getty
750 1 750 0 Ss+ ttyin 0xfffffe00579a7cb0 getty
749 1 749 0 Ss+ ttyin 0xfffffe00579a80b0 getty
748 1 748 0 Ss+ ttyin 0xfffffe0057465cb0 getty
747 1 747 0 Ss+ ttyin 0xfffffe00579a84b0 getty
692 1 692 0 Ss nanslp 0xffffffff83e43741 cron
688 1 688 0 Ss select 0xfffffe008fed2f40 sshd
501 1 501 0 Ss select 0xfffffe0057877bc0 syslogd
430 1 430 0 Ss wait 0xfffffe008fe30a90 devd
429 1 429 65 Ss select 0xfffffe008fed30c0 dhclient
344 1 344 0 Ss select 0xfffffe008fed3340 dhclient
341 1 341 0 Ss select 0xfffffe0057878640 dhclient
17 0 0 0 DL vlruwt 0xfffffe0056f7b548 [vnlru]
16 0 0 0 DL syncer 0xffffffff83f68f60 [syncer]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83f67560 [bufdaemon]
100083 D - 0xffffffff83211f80 [bufspacedaemon-0]
100094 D sdflush 0xfffffe0057464ce8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83f9afc0 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83f8ee78 [dom0]
100081 D launds 0xffffffff83f8ee84 [laundry: dom0]
100082 D umarcl 0xffffffff81ea1bb0 [uma]
7 0 0 0 DL - 0xffffffff83bff508 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff84b6a530 [pf purge]
5 0 0 0 DL waiting 0xffffffff8468e5a0 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100045 D - 0xffffffff83aa1440 [doneq0]
100046 D - 0xffffffff83aa13c0 [async]
100077 D - 0xffffffff83aa1240 [scanner]
14 0 0 0 DL seqstat 0xfffffe0053fbb488 [sequencer 00]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff83f8a6c0 [crypto]
100042 D crypto_ 0xfffffe0053c8ad30 [crypto returns 0]
100043 D crypto_ 0xfffffe0053c8ad80 [crypto returns 1]
13 0 0 0 DL (threaded) [geom]
100036 D - 0xffffffff83e18d00 [g_event]
100037 D - 0xffffffff83e18d20 [g_up]
100038 D - 0xffffffff83e18d40 [g_down]
2 0 0 0 WL (threaded) [clock]
100030 I [clock (0)]
100031 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100010 I [swi6: task queue]
100011 I [swi6: Giant taskq]
100018 I [swi5: fast taskq]
100029 I [swi1: netisr 0]
100032 I [swi3: busdma]
100033 I [swi1: hpts]
100034 I [swi1: hpts]
100047 I [irq24: virtio_pci0]
100048 I [irq25: virtio_pci0]
100049 I [irq26: virtio_pci0]
100050 I [irq27: virtio_pci0]
100051 I [irq28: virtio_pci1]
100052 I [irq29: virtio_pci1]
100053 I [irq30: virtio_pci1]
100054 I [irq31: virtio_pci1]
100055 I [irq32: virtio_pci1]
100060 I [irq33: virtio_pci2]
100061 I [irq34: virtio_pci2]
100062 I [irq35: virtio_pci2]
100064 I [irq1: atkbd0]
100065 I [irq12: psm0]
100066 I [swi0: uart uart++]
100070 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0053dda000 [init]
10 0 0 0 DL audit_w 0xffffffff83f8b1c0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff83e19740 [swapper]
100005 D - 0xfffffe0053e01000 [if_config_tqg_0]
100006 D - 0xfffffe0053e00e00 [softirq_0]
100007 D - 0xfffffe0053e00d00 [softirq_1]
100008 D - 0xfffffe0053e00c00 [if_io_tqg_0]
100009 D - 0xfffffe0053e00b00 [if_io_tqg_1]
100012 D - 0xfffffe000796d200 [aiod_kick taskq]
100013 D - 0xfffffe000796d000 [inm_free taskq]
100014 D - 0xfffffe000796cd00 [linuxkpi_irq_wq]
100015 D - 0xfffffe000796cb00 [in6m_free taskq]
100016 D - 0xfffffe000796c900 [deferred_unmount ta]
100017 D - 0xfffffe000796c700 [thread taskq]
100019 D - 0xfffffe000796c300 [kqueue_ctx taskq]
100020 D - 0xfffffe000796c100 [pci_hp taskq]
100021 D - 0xfffffe000796be00 [linuxkpi_short_wq_0]
100022 D - 0xfffffe000796be00 [linuxkpi_short_wq_1]
100023 D - 0xfffffe000796be00 [linuxkpi_short_wq_2]
100024 D - 0xfffffe000796be00 [linuxkpi_short_wq_3]
100025 D - 0xfffffe000796b900 [linuxkpi_long_wq_0]
100026 D - 0xfffffe000796b900 [linuxkpi_long_wq_1]
100027 D - 0xfffffe000796b900 [linuxkpi_long_wq_2]
100028 D - 0xfffffe000796b900 [linuxkpi_long_wq_3]
100035 D - 0xfffffe0053ed0200 [firmware taskq]
100039 D - 0xfffffe0053ecfc00 [crypto_0]
100040 D - 0xfffffe0053ecfc00 [crypto_1]
100056 D - 0xfffffe0053eced00 [vtnet0 rxq 0]
100057 D - 0xfffffe0053ecec00 [vtnet0 txq 0]
100058 D - 0xfffffe0053eceb00 [vtnet0 rxq 1]
100059 D - 0xfffffe0053ecea00 [vtnet0 txq 1]
100063 D vtbslp 0xfffffe0053fdc380 [virtio_balloon]
100067 D - 0xffffffff82bbb0e1 [deadlkres]
100071 D - 0xfffffe005787d100 [acpi_task_0]
100072 D - 0xfffffe005787d100 [acpi_task_1]
100073 D - 0xfffffe005787d100 [acpi_task_2]
100074 D - 0xfffffe000796e200 [mca taskq]
100076 D - 0xfffffe0053ecf500 [CAM taskq]
3315 800 800 0 Z syz-executor.3
db> show all locks
Process 3313 (syz-executor.1) thread 0xfffffe0092dc7900 (103152)
exclusive sleep mutex sctp-read (inpr) r = 0 (0xfffffe009967ea20) locked @ /syzkaller/managers/i386/kernel/sys/netinet/sctputil.c:6028
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe0058c10540) locked @ /syzkaller/managers/i386/kernel/sys/kern/uipc_socket.c:4181
Process 3312 (syz-executor.2) thread 0xfffffe00999fbac0 (103150)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe00079defe8) locked @ /syzkaller/managers/i386/kernel/sys/ufs/ffs/ffs_softdep.c:14720
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007a9dd10) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_bio.c:3988
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe009994de70) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_vnops.c:1164
Process 3307 (syz-executor.0) thread 0xfffffe00999f9000 (103131)
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe009994e770) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_vnops.c:1164
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
tcp_hpts 6 4801K 6
devbuf 4217 4323K 4245
sysctloid 35306 2080K 35377
vtbuf 24 1968K 46
kobj 327 1308K 488
newblk 97 1048K 7625
vfscache 3 1025K 3
pcb 37 555K 620
inodedep 79 542K 2634
filedesc 68 538K 4801
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 179 365K 3413
vmem 3 274K 6
acpica 1674 184K 56014
vnet_data 1 168K 1
tidhash 3 141K 3
linker 358 134K 386
pagedep 15 132K 2379
tfo_ccache 1 128K 1
DEVFS1 109 109K 126
sem 4 106K 4
bus 991 81K 5140
mtx_pool 2 72K 2
syncache 1 68K 1
module 512 64K 512
acpitask 1 64K 1
ddb_capture 1 64K 1
BPF 30 53K 30
umtx 418 53K 418
kdtrace 261 50K 6470
temp 34 33K 2954
DEVFS3 128 32K 138
hostcache 1 32K 1
shm 1 32K 1
msg 4 30K 4
gtaskqueue 18 26K 18
kbdmux 6 22K 6
DEVFS_RULE 56 20K 56
ifaddr 69 20K 71
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
ithread 100 16K 100
routetbl 137 16K 429
lltable 47 15K 51
bus-sc 34 15K 1651
ether_multi 157 13K 167
KTRACE 100 13K 100
ifnet 7 13K 7
dirrem 48 12K 2539
kenv 95 12K 95
eventhandler 133 12K 133
freework 45 12K 4407
rman 88 11K 429
GEOM 61 11K 490
CAM queue 5 11K 1528
in6_multi 71 9K 71
bmsafemap 2 9K 2684
UART 12 9K 12
devstat 4 9K 4
ksem 1 8K 44
sctp_timw 32 8K 32
rpc 2 8K 2
shmfd 1 8K 9
pfs_vncache 1 8K 1
pfs_nodes 20 8K 20
audit_evclass 237 8K 296
kqueue 84 8K 3322
sctp_stro 7 7K 171
freefile 53 7K 2511
taskqueue 63 7K 63
sglist 5 7K 5
CAM DEV 3 6K 510
cred 24 6K 229
sctp_atcl 15 6K 454
plimit 22 6K 394
pwddesc 81 6K 3316
ufs_dirhash 24 5K 24
UMA 272 5K 272
pf_ifnet 10 5K 19
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
DEVFSP 64 4K 68
evdev 4 4K 4
acpisem 28 4K 28
session 28 4K 43
proc-args 107 4K 4529
hhook 15 4K 17
kcovinfo 52 4K 52
terminal 11 3K 11
lockf 24 3K 40
selfd 38 3K 56249
diradd 18 3K 2580
uidinfo 3 3K 9
local_apic 1 2K 1
io_apic 1 2K 1
fpukern_ctx 2 2K 2
freeblks 8 2K 2596
ipsec-saq 2 2K 2
ip6ndp 12 2K 15
sctp_ifa 14 2K 15
Unitno 31 2K 4293
select 13 2K 43
CAM XPT 22 2K 543
msi 12 2K 12
in_multi 6 2K 8
ipsecpolicy 2 2K 2
acpidev 20 2K 20
clone 9 2K 9
tun 7 2K 7
softdep 1 1K 1
mkdir 8 1K 4726
indirdep 4 1K 2751
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 22
NFSD session 1 1K 1
sctp_atky 22 1K 625
CAM periph 4 1K 271
ipsec 3 1K 3
sctp_ifn 6 1K 15
mld 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
crypto 4 1K 4
encap_export_host 12 1K 12
newdirblk 4 1K 2363
pfil 4 1K 4
cdev 2 1K 2
inpcbpolicy 15 1K 2952
osd 10 1K 2665
CC Mem 6 1K 2654
chacha20random 1 1K 1
procdesc 3 1K 14
iov 5 1K 15938
tcp_fsb 2 1K 1369
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
vnodes 1 1K 1
CAM SIM 2 1K 2
sctp_athm 15 1K 454
sctp_map 14 1K 342
feeder 7 1K 7
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
lkpikmalloc 5 1K 6
aesni_data 2 1K 2
soname 5 1K 7184
cryptodev 2 1K 42
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
CAM path 4 1K 1034
pmchooks 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
entropy 2 1K 41
pmc 1 1K 1
acpiintr 1 1K 1
filecaps 3 1K 101
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
tcp_do 0 0K 0
mqdata 0 0K 0
filemon 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 272
sctp_iter 0 0K 13
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 13
sctp_aadr 0 0K 0
sctp_stri 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
ixl 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
xen_intr 0 0K 0
NFSD srvcache 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
msdosfs_node 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
DEVFS4 0 0K 0
xenbus 0 0K 0
DEVFS2 0 0K 0
vm_fictitious 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
UMAHash 0 0K 0
vtfont 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 2746
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 9
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 2
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
pvscsi 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
ktls_ocf 0 0K 0
AHCI driver 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 6
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
LRO 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
VN POLL 0 0K 0
agp 0 0K 0
statfs 0 0K 2546
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 3
nvme_da 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
tcp_log_dev 0 0K 13
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
CAM CCB 0 0K 523
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 111
ktls 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
accf 0 0K 0
pts 0 0K 0
ioctlops 0 0K 118
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
sbuf 0 0K 288
mpr_user 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
MPRSAS 0 0K 0
SWAP 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
sysctltmp 0 0K 707
sysctl 0 0K 3
md_sectors 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
cache 0 0K 0
aacraidcam 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
boottrace 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8320 1078 1172795 0 254 38494208 0
mbuf 256 8684 979 1793439 0 254 2473728 0
tcp_log 416 0 5337 25134 0 254 2220192 0
pbuf 2624 0 778 0 0 2 2041472 0
RADIX NODE 144 13429 230 110216 0 62 1966896 0
BUF TRIE 144 190 11598 5858 0 62 1697472 0
malloc-384 384 4117 53 4597 0 30 1601280 0
mbuf_cluster 2048 762 0 762 0 254 1560576 0
malloc-128 128 11689 184 11817 0 126 1519744 0
malloc-4096 4096 327 3 492 0 2 1351680 0
UMA Slabs 0 112 10872 30 10872 0 126 1221024 0
sctp_asoc 2288 7 503 171 0 254 1166880 0
vmem btag 56 18193 62 18193 0 254 1022280 0
malloc-16384 16384 38 5 2578 0 1 704512 0
FFS inode 1160 543 31 3055 0 8 665840 0
VM OBJECT 264 2314 86 63172 0 30 633600 0
sctp_ep 1208 8 502 283 0 254 616080 0
tcpcb 1104 6 505 2654 0 254 564144 0
malloc-65536 65536 4 4 250 0 1 524288 0
socket 960 34 474 4568 0 254 487680 0
256 Bucket 2048 217 17 5061 0 8 479232 0
lkpimm 168 1 2327 1 0 62 391104 0
lkpicurr 168 2 2326 2 0 62 391104 0
sctp_raddr 736 7 510 171 0 254 380512 0
THREAD 1808 178 31 3153 0 8 377872 0
malloc-4096 4096 82 4 3318 0 2 352256 0
MAP ENTRY 96 3026 376 172216 0 126 326592 0
VNODE 448 581 85 3095 0 30 298368 0
malloc-384 384 93 627 2670 0 30 276480 0
malloc-64 64 3871 224 3940 0 254 262080 0
malloc-16 16 14613 387 14683 0 254 240000 0
malloc-256 256 398 532 8315 0 62 238080 0
malloc-256 256 269 661 8483 0 62 238080 0
malloc-32768 32768 0 7 2594 0 1 229376 0
DEVCTL 1024 19 201 153 0 0 225280 0
mbuf_packet 256 5 757 3809 0 254 195072 0
UMA Zones 768 244 0 244 0 16 187392 0
FPU_save_area 832 180 45 7481 0 16 187200 0
VMSPACE 2552 60 12 3275 0 4 183744 0
malloc-32 32 5399 271 5547 0 254 181440 0
malloc-128 128 1222 173 26203 0 126 178560 0
malloc-2048 2048 11 69 1000 0 8 163840 0
FFS2 dinode 256 543 87 3054 0 62 161280 0
malloc-1024 1024 125 19 1450 0 16 147456 0
tcp_bbr_map 128 0 1147 6732 0 126 146816 0
S VFS Cache 104 1020 384 3617 0 126 146016 0
ertt_txseginfo 40 0 3636 23096 0 254 145440 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 1 1 9 0 1 131072 0
malloc-32768 32768 0 4 120 0 1 131072 0
malloc-128 128 925 98 2147 0 126 130944 0
unpcb 256 14 496 1303 0 254 130560 0
PROC 1352 81 15 3315 0 8 129792 0
ksiginfo 112 87 957 4495 0 126 116928 0
malloc-128 128 155 744 12277 0 126 115072 0
128 Bucket 1024 74 37 671 0 16 113664 0
filedesc0 1072 81 24 3316 0 8 112560 0
malloc-128 128 519 256 3873 0 126 99200 0
malloc-4096 4096 18 4 656 0 2 90112 0
UMA Kegs 384 230 3 230 0 30 89472 0
64 Bucket 512 96 72 5170 0 30 86016 0
g_bio 408 0 210 41850 0 30 85680 0
clpbuf 2624 0 32 21 0 16 83968 0
malloc-256 256 90 225 4941 0 62 80640 0
sctp_readq 152 1 519 154 0 254 79040 0
sctp_chunk 152 9 511 9 0 254 79040 0
malloc-8192 8192 9 0 9 0 1 73728 0
malloc-64 64 729 342 5116 0 254 68544 0
malloc-64 64 525 546 4265 0 254 68544 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-8192 8192 6 2 136 0 1 65536 0
malloc-2048 2048 4 28 535 0 8 65536 0
malloc-1024 1024 14 50 522 0 16 65536 0
malloc-256 256 60 195 6275 0 62 65280 0
32 Bucket 256 95 160 12966 0 62 65280 0
sctp_stream_msg_out 112 0 540 10 0 254 60480 0
malloc-384 384 121 29 125 0 30 57600 0
malloc-4096 4096 14 0 14 0 2 57344 0
tcp_inpcb 424 6 120 2654 0 30 53424 0
malloc-64 64 235 584 56470 0 254 52416 0
malloc-64 64 380 439 7399 0 254 52416 0
ttyoutq 256 72 123 160 0 62 49920 0
DIRHASH 1024 34 14 34 0 16 49152 0
NAMEI 1024 0 48 24130 0 16 49152 0
malloc-2048 2048 10 14 12 0 8 49152 0
malloc-1024 1024 8 40 179 0 16 49152 0
tcp_rack_pcb 896 2 52 1369 0 16 48384 0
malloc-384 384 15 105 490 0 30 46080 0
malloc-384 384 94 26 96 0 30 46080 0
syncache 168 0 264 4 0 254 44352 0
Files 80 200 350 14083 0 126 44000 0
malloc-8192 8192 5 0 5 0 1 40960 0
pcpu-8 8 4669 451 4825 0 254 40960 0
udplite_inpcb 424 0 90 41 0 30 38160 0
udp_inpcb 424 6 84 248 0 30 38160 0
da_ccb 544 0 70 10574 0 16 38080 0
PWD 32 45 1089 2454 0 254 36288 0
malloc-64 64 11 556 15405 0 254 36288 0
malloc-64 64 4 563 21 0 254 36288 0
malloc-64 64 6 561 10 0 254 36288 0
16 Bucket 144 76 176 700 0 62 36288 0
malloc-128 128 79 200 1453 0 126 35712 0
malloc-128 128 2 277 144 0 126 35712 0
malloc-128 128 20 259 281 0 126 35712 0
routing nhops 256 27 108 35 0 62 34560 0
malloc-256 256 37 98 2733 0 62 34560 0
malloc-256 256 16 119 294 0 62 34560 0
malloc-256 256 50 85 257 0 62 34560 0
malloc-256 256 18 117 535 0 62 34560 0
TURNSTILE 136 210 42 210 0 62 34272 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-4096 4096 3 5 2553 0 2 32768 0
malloc-2048 2048 3 13 6 0 8 32768 0
malloc-2048 2048 3 13 3 0 8 32768 0
malloc-2048 2048 9 7 125 0 8 32768 0
malloc-1024 1024 4 28 15 0 16 32768 0
malloc-1024 1024 19 13 40 0 16 32768 0
malloc-1024 1024 8 24 11 0 16 32768 0
malloc-512 512 4 60 188 0 30 32768 0
malloc-512 512 9 55 9 0 30 32768 0
malloc-512 512 2 62 22 0 30 32768 0
malloc-512 512 6 58 7 0 30 32768 0
pcpu-64 64 492 20 492 0 254 32768 0
ipq 56 0 576 3 0 254 32256 0
KNOTE 160 28 172 47693 0 62 32000 0
ttyinq 160 135 65 300 0 62 32000 0
tcp_rack_map 120 4 260 2531 0 126 31680 0
tcp_bbr_pcb 832 0 36 928 0 16 29952 0
cpuset 104 10 269 8553 0 126 29016 0
sctp_laddr 48 0 588 13 0 254 28224 0
tcp_inpcb ports 32 4 878 1360 0 254 28224 0
malloc-32 32 277 605 4131 0 254 28224 0
malloc-32 32 305 577 3586 0 254 28224 0
4 Bucket 48 6 582 102 0 254 28224 0
2 Bucket 32 56 826 1067 0 254 28224 0
AIO 208 0 133 3 0 62 27664 0
ripcb 424 3 60 9 0 30 26712 0
pipe 744 21 14 389 0 16 26040 0
malloc-8192 8192 2 1 4 0 1 24576 0
malloc-4096 4096 6 0 6 0 2 24576 0
rtentry 176 31 107 35 0 62 24288 0
PGRP 88 28 248 43 0 126 24288 0
rl_entry 40 74 532 74 0 254 24240 0
8 Bucket 80 52 248 1101 0 126 24000 0
domainset 40 0 567 6420 0 254 22680 0
SLEEPQUEUE 88 210 46 210 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
udpcb 32 6 624 289 0 254 20160 0
udplite_inpcb ports 32 0 630 3 0 254 20160 0
udp_inpcb ports 32 3 627 33 0 254 20160 0
ertt 72 6 274 2654 0 126 20160 0
malloc-32 32 17 613 4281 0 254 20160 0
malloc-32 32 32 598 2766 0 254 20160 0
malloc-32 32 12 618 25 0 254 20160 0
malloc-32 32 65 565 1667 0 254 20160 0
malloc-32 32 14 616 23 0 254 20160 0
malloc-16 16 579 671 7737 0 254 20000 0
AIOCB 552 0 35 4 0 16 19320 0
Mountpoints 2752 2 5 2 0 4 19264 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-2048 2048 1 7 3 0 8 16384 0
malloc-1024 1024 1 15 1 0 16 16384 0
malloc-512 512 0 32 1 0 30 16384 0
malloc-512 512 1 31 1 0 30 16384 0
SMR CPU 32 7 504 7 0 254 16352 0
vtnet_tx_hdr 24 0 668 585693 0 254 16032 0
kenv 258 15 45 1033 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
vmem 1856 1 7 1 0 8 14848 0
SMR SHARED 24 7 504 7 0 254 12264 0
AIOP 32 4 374 4 0 254 12096 0
malloc-16 16 18 732 4366 0 254 12000 0
malloc-16 16 25 725 64 0 254 12000 0
malloc-16 16 29 721 28115 0 254 12000 0
malloc-16 16 8 742 120 0 254 12000 0
malloc-16 16 61 689 87 0 254 12000 0
malloc-16 16 5 745 274 0 254 12000 0
malloc-384 384 1 29 1 0 30 11520 0
malloc-384 384 27 3 27 0 30 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 1 0 2 8192 0
malloc-4096 4096 1 1 1 0 2 8192 0
pcpu-16 16 7 249 7 0 254 4096 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 312 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 56 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
tcptw 72 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
tcp_log_node 120 0 0 0 0 126 0 0
tcp_log_bucket 176 0 0 0 0 62 0 0
tcpreass 48 0 0 0 0 254 0 0
ripcb ports 32 0

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,
Apr 5, 2022, 11:46:20 AM4/5/22
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:

HEAD commit: 6e671ec1e64c svc_vc_rendezvous_stat: eliminiate write only..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=122e9d5f700000
dashboard link: https://syzkaller.appspot.com/bug?extid=e256d42e9b390564530a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15cfd208f00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e256d4...@syzkaller.appspotmail.com

panic: Counter goes negative
cpuid = 0
time = 1649173025
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe0092b02110
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe0092b02270
vpanic() at vpanic+0x2b8/frame 0xfffffe0092b02350
panic() at panic+0xb5/frame 0xfffffe0092b02410
sctp_sorecvmsg() at sctp_sorecvmsg+0x303c/frame 0xfffffe0092b026c0
sctp_soreceive() at sctp_soreceive+0x247/frame 0xfffffe0092b029c0
soreceive() at soreceive+0xf6/frame 0xfffffe0092b02a30
kern_recvit() at kern_recvit+0x557/frame 0xfffffe0092b02bf0
sys_recvmsg() at sys_recvmsg+0x1bf/frame 0xfffffe0092b02d30
amd64_syscall() at amd64_syscall+0x40c/frame 0xfffffe0092b02f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0092b02f30
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x28a42a, rsp = 0x82e278f08, rbp = 0x82e278f70 ---
KDB: enter: panic
[ thread pid 2660 tid 102788 ]
Stopped at kdb_enter+0x6b: movq $0,0x270936a(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0x72025e6156aba0da
rdx 0xdffff7c000000000
rbx 0
rsp 0xfffffe0092b02250
rbp 0xfffffe0092b02270
rsi 0x1
rdi 0
r8 0x3
r9 0xffffffff
r10 0
r11 0xfffffe0093125510
r12 0xfffffe0093125000
r13 0xfffffe0092b02201
r14 0xffffffff82bbc060 .str.26
r15 0xffffffff82bbc060 .str.26
rip 0xffffffff8176eeab kdb_enter+0x6b
rflags 0x46
kdb_enter+0x6b: movq $0,0x270936a(%rip)
db> show proc
Process 2660 (syz-executor.2) at 0xfffffe0093152548:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 783 at 0xfffffe0092d9fa90
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: /root/syz-executor.2 exec
reaper: 0xfffffe0053ddc000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0092de49f8
(map 0xfffffe0092de49f8)
(map.pmap 0xfffffe0092de4ab8)
(pmap 0xfffffe0092de4b20)
threads: 3
101277 S nanslp 0xffffffff83e458c0 syz-executor.2
102788 Run CPU 0 syz-executor.2
102789 Run CPU 1 syz-executor.2
db> ps
pid ppid pgrp uid state wmesg wchan cmd
2661 782 782 0 R syz-executor.0
2660 783 783 0 R (threaded) syz-executor.2
101277 S nanslp 0xffffffff83e458c0 syz-executor.2
102788 Run CPU 0 syz-executor.2
102789 Run CPU 1 syz-executor.2
2657 781 781 0 T (threaded) syz-executor.1
100238 RunQ syz-executor.1
836 819 836 0 Ss select 0xfffffe00570365c0 dhclient
827 1 827 0 Ss select 0xfffffe00570368c0 dhclient
819 803 430 65 S select 0xfffffe0057036a40 dhclient
803 430 430 0 S wait 0xfffffe0053ddaa90 sh
784 779 784 0 Rs syz-executor.3
783 779 783 0 Ss nanslp 0xffffffff83e458c0 syz-executor.2
782 779 782 0 Rs syz-executor.0
781 779 781 0 Ss nanslp 0xffffffff83e458c1 syz-executor.1
779 777 777 0 S (threaded) syz-execprog
100113 S uwait 0xfffffe0058df6b00 syz-execprog
100117 S uwait 0xfffffe0057a74280 syz-execprog
100118 S uwait 0xfffffe0057a74380 syz-execprog
100119 S kqread 0xfffffe0007971d00 syz-execprog
100120 S uwait 0xfffffe0057a74580 syz-execprog
100122 S uwait 0xfffffe0007975000 syz-execprog
100123 S uwait 0xfffffe0057a74780 syz-execprog
100124 S uwait 0xfffffe0058df6380 syz-execprog
100125 S uwait 0xfffffe0058df6600 syz-execprog
100126 S uwait 0xfffffe0007975100 syz-execprog
100127 S uwait 0xfffffe0007975200 syz-execprog
777 775 777 0 Ss pause 0xfffffe008fe0b5f8 csh
775 688 775 0 Ss select 0xfffffe0053dd1ac0 sshd
754 1 754 0 Ss+ ttyin 0xfffffe0056fe74b0 getty
753 1 753 0 Ss+ ttyin 0xfffffe0056fe4cb0 getty
752 1 752 0 Ss+ ttyin 0xfffffe0056fe50b0 getty
751 1 751 0 Ss+ ttyin 0xfffffe0056fe54b0 getty
750 1 750 0 Ss+ ttyin 0xfffffe00081f18b0 getty
749 1 749 0 Ss+ ttyin 0xfffffe0056fe58b0 getty
748 1 748 0 Ss+ ttyin 0xfffffe0056fe5cb0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0056fe60b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0056fe64b0 getty
744 1 18 0 S+ piperd 0xfffffe0058b30ba0 logger
743 742 18 0 S+ nanslp 0xffffffff83e458c1 sleep
742 1 18 0 S+ wait 0xfffffe0053ee9a90 sh
692 1 692 0 Ss nanslp 0xffffffff83e458c0 cron
688 1 688 0 Ss select 0xfffffe0053dd2340 sshd
501 1 501 0 Ss select 0xfffffe0053dd25c0 syslogd
430 1 430 0 Ss wait 0xfffffe008fe09a90 devd
429 1 429 65 Ss select 0xfffffe0053dd28c0 dhclient
344 1 344 0 Ss select 0xfffffe0053dd2740 dhclient
341 1 341 0 Ss select 0xfffffe005700e4c0 dhclient
17 0 0 0 DL syncer 0xffffffff83f6b0e0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe00587b2a90 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83f696e0 [bufdaemon]
100083 D - 0xffffffff83211f80 [bufspacedaemon-0]
100095 D sdflush 0xfffffe0053f6a0e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83f9d1c0 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83f91078 [dom0]
100081 D launds 0xffffffff83f91084 [laundry: dom0]
100082 D umarcl 0xffffffff81ea6bb0 [uma]
7 0 0 0 DL - 0xffffffff83c01688 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff84b59530 [pf purge]
5 0 0 0 DL waiting 0xffffffff8468f4a0 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100045 D - 0xffffffff83aa35c0 [doneq0]
100046 D - 0xffffffff83aa3540 [async]
100077 D - 0xffffffff83aa33c0 [scanner]
14 0 0 0 DL seqstat 0xfffffe0056f1ac88 [sequencer 00]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff83f8c880 [crypto]
100042 D crypto_ 0xfffffe0053effd30 [crypto returns 0]
100043 D crypto_ 0xfffffe0053effd80 [crypto returns 1]
13 0 0 0 DL (threaded) [geom]
100036 D - 0xffffffff83e1ae80 [g_event]
100037 D - 0xffffffff83e1aea0 [g_up]
100038 D - 0xffffffff83e1aec0 [g_down]
2 0 0 0 WL (threaded) [clock]
100030 I [clock (0)]
100031 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100010 I [swi6: Giant taskq]
100017 I [swi5: fast taskq]
100020 I [swi6: task queue]
100029 I [swi1: netisr 0]
100032 I [swi3: busdma]
100033 I [swi1: hpts]
100034 I [swi1: hpts]
100047 I [irq24: virtio_pci0]
100048 I [irq25: virtio_pci0]
100049 I [irq26: virtio_pci0]
100050 I [irq27: virtio_pci0]
100051 I [irq28: virtio_pci1]
100052 I [irq29: virtio_pci1]
100053 I [irq30: virtio_pci1]
100054 I [irq31: virtio_pci1]
100055 I [irq32: virtio_pci1]
100060 I [irq33: virtio_pci2]
100061 I [irq34: virtio_pci2]
100062 I [irq35: virtio_pci2]
100064 I [irq1: atkbd0]
100065 I [irq12: psm0]
100066 I [swi0: uart uart++]
100070 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0053ddc000 [init]
10 0 0 0 DL audit_w 0xffffffff83f8d380 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff83e1b8c0 [swapper]
100005 D - 0xfffffe0007973100 [softirq_0]
100006 D - 0xfffffe0007973000 [softirq_1]
100007 D - 0xfffffe0007972e00 [if_io_tqg_0]
100008 D - 0xfffffe0007972d00 [if_io_tqg_1]
100009 D - 0xfffffe0007972c00 [if_config_tqg_0]
100011 D - 0xfffffe0007972a00 [aiod_kick taskq]
100012 D - 0xfffffe0007972900 [inm_free taskq]
100013 D - 0xfffffe0007972800 [linuxkpi_irq_wq]
100014 D - 0xfffffe0007972700 [in6m_free taskq]
100015 D - 0xfffffe0007972600 [deferred_unmount ta]
100016 D - 0xfffffe0007972500 [thread taskq]
100018 D - 0xfffffe0007972300 [kqueue_ctx taskq]
100019 D - 0xfffffe0007972200 [pci_hp taskq]
100021 D - 0xfffffe0007972000 [linuxkpi_short_wq_0]
100022 D - 0xfffffe0007972000 [linuxkpi_short_wq_1]
100023 D - 0xfffffe0007972000 [linuxkpi_short_wq_2]
100024 D - 0xfffffe0007972000 [linuxkpi_short_wq_3]
100025 D - 0xfffffe0007971e00 [linuxkpi_long_wq_0]
100026 D - 0xfffffe0007971e00 [linuxkpi_long_wq_1]
100027 D - 0xfffffe0007971e00 [linuxkpi_long_wq_2]
100028 D - 0xfffffe0007971e00 [linuxkpi_long_wq_3]
100035 D - 0xfffffe0053f21300 [firmware taskq]
100039 D - 0xfffffe0053f21100 [crypto_0]
100040 D - 0xfffffe0053f21100 [crypto_1]
100056 D - 0xfffffe0053f1e000 [vtnet0 rxq 0]
100057 D - 0xfffffe0007974e00 [vtnet0 txq 0]
100058 D - 0xfffffe0007974d00 [vtnet0 rxq 1]
100059 D - 0xfffffe0007974c00 [vtnet0 txq 1]
100063 D vtbslp 0xfffffe005700e800 [virtio_balloon]
100067 D - 0xffffffff82bc1ee1 [deadlkres]
100071 D - 0xfffffe0007973200 [mca taskq]
100073 D - 0xfffffe00574c1200 [acpi_task_0]
100074 D - 0xfffffe00574c1200 [acpi_task_1]
100075 D - 0xfffffe00574c1200 [acpi_task_2]
100076 D - 0xfffffe0053f20e00 [CAM taskq]
db> show all locks
Process 2660 (syz-executor.2) thread 0xfffffe0093125000 (102788)
exclusive sleep mutex sctp-read (inpr) r = 0 (0xfffffe0092f60918) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctputil.c:6028
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe0058bd9900) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4193
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
tcp_hpts 6 4801K 6
devbuf 4217 4323K 4242
sysctloid 35306 2080K 35377
vtbuf 24 1968K 46
kobj 327 1308K 488
inodedep 1899 1224K 1923
newblk 590 1172K 2457
vfscache 3 1025K 3
pcb 28 546K 3707
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
dirrem 1845 462K 1856
subproc 124 232K 2735
freefile 1828 229K 1837
acpica 1674 184K 56014
vnet_data 1 168K 1
vmem 3 146K 5
tidhash 3 141K 3
pagedep 26 135K 1859
linker 358 134K 386
tfo_ccache 1 128K 1
filedesc 16 121K 3724
DEVFS1 109 109K 126
sem 4 106K 4
bus 991 81K 5140
mtx_pool 2 72K 2
syncache 1 68K 1
module 512 64K 512
acpitask 1 64K 1
ddb_capture 1 64K 1
umtx 352 44K 352
kdtrace 207 43K 5452
BPF 22 36K 22
sctp_timw 138 35K 138
temp 34 33K 1887
DEVFS3 128 32K 138
hostcache 1 32K 1
shm 1 32K 1
msg 4 30K 4
gtaskqueue 18 26K 18
kbdmux 6 22K 6
DEVFS_RULE 56 20K 56
ifaddr 67 19K 69
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
ithread 100 16K 100
routetbl 130 16K 410
bus-sc 34 15K 1651
lltable 43 14K 43
KTRACE 100 13K 100
ifnet 7 13K 7
ether_multi 152 13K 162
kenv 95 12K 95
eventhandler 134 12K 134
rman 88 11K 431
GEOM 61 11K 490
CAM queue 5 11K 1528
in6_multi 65 9K 65
bmsafemap 2 9K 1889
UART 12 9K 12
devstat 4 9K 4
ksem 1 8K 1
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
cred 30 8K 240
pfs_nodes 20 8K 20
audit_evclass 237 8K 296
taskqueue 63 7K 63
diradd 50 7K 1890
sglist 5 7K 5
CAM DEV 3 6K 510
plimit 22 6K 365
kqueue 53 6K 2666
ufs_dirhash 24 5K 24
UMA 272 5K 272
pf_ifnet 10 5K 19
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
mkdir 28 4K 3696
acpisem 28 4K 28
hhook 15 4K 17
session 26 4K 37
pwddesc 51 4K 2662
proc-args 81 4K 3755
terminal 11 3K 11
indirdep 10 3K 10
uidinfo 3 3K 8
local_apic 1 2K 1
io_apic 1 2K 1
fpukern_ctx 2 2K 2
newdirblk 16 2K 1848
ipsec-saq 2 2K 2
lockf 19 2K 29
selfd 31 2K 9572
sctp_atcl 5 2K 3660
ip6ndp 12 2K 13
Unitno 31 2K 47
sctp_ifa 13 2K 14
CAM XPT 22 2K 543
msi 12 2K 12
in_multi 6 2K 8
ipsecpolicy 2 2K 2
acpidev 20 2K 20
select 10 2K 34
clone 9 2K 9
tun 7 2K 7
sctp_stro 1 1K 1830
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 10
NFSD session 1 1K 1
CAM periph 4 1K 271
ipsec 3 1K 3
sctp_ifn 6 1K 14
mld 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
DEVFSP 10 1K 15
crypto 4 1K 4
encap_export_host 12 1K 12
pfil 4 1K 4
cdev 2 1K 2
chacha20random 1 1K 1
osd 7 1K 18
inpcbpolicy 11 1K 175
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
freework 1 1K 1854
vnodes 1 1K 1
CAM SIM 2 1K 2
procdesc 2 1K 8
sctp_atky 6 1K 5490
feeder 7 1K 7
tcpfunc 3 1K 3
CC Mem 3 1K 7
loginclass 3 1K 7
prison 6 1K 6
lkpikmalloc 5 1K 6
aesni_data 2 1K 2
cryptodev 2 1K 49
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
CAM path 4 1K 1034
pmchooks 1 1K 1
filecaps 5 1K 72
soname 4 1K 66301
sctp_athm 5 1K 3660
sctp_vrf 1 1K 1
vnet 1 1K 1
entropy 2 1K 42
pmc 1 1K 1
acpiintr 1 1K 1
sctp_map 2 1K 3660
cpus 2 1K 2
vnet_data_free 1 1K 1
iov 1 1K 134891
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
tcp_do 0 0K 0
tcp_fsb 0 0K 0
mqdata 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
filemon 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 1830
sctp_iter 0 0K 10
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 10
savedino 0 0K 15
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 3
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 1853
ip6opt 0 0K 3
statfs 0 0K 2024
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 2
nvme_da 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
CAM CCB 0 0K 523
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 97
ioctlops 0 0K 96
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
sbuf 0 0K 288
mpr_user 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
MPRSAS 0 0K 0
SWAP 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
sysctltmp 0 0K 681
sysctl 0 0K 3
md_sectors 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
cache 0 0K 0
aacraidcam 0 0K 0
kcovinfo 0 0K 0
mbuf_jumbo_page 4096 8320 1078 13417 0 254 38494208 0
mbuf 256 8666 996 26646 0 254 2473472 0
pbuf 2624 0 778 0 0 2 2041472 0
sctp_asoc 2288 1 764 1830 0 254 1750320 0
BUF TRIE 144 191 11597 487 0 62 1697472 0
malloc-384 384 4165 5 4165 0 30 1601280 0
malloc-4096 4096 379 5 3234 0 2 1572864 0
malloc-128 128 11634 84 11640 0 126 1499904 0
UMA Slabs 0 112 10633 17 10633 0 126 1192800 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 17266 53 17266 0 254 969864 0
malloc-384 384 1898 52 1946 0 30 748800 0
FFS inode 1160 522 31 2359 0 8 641480 0
sctp_ep 1208 4 506 1830 0 254 616080 0
RADIX NODE 144 3817 238 59164 0 62 583920 0
sctp_raddr 736 1 769 1830 0 254 566720 0
tcpcb 1104 3 508 7 0 254 564144 0
malloc-256 256 2092 83 2775 0 62 556800 0
VM OBJECT 264 1749 171 65656 0 31 506880 0
socket 960 26 482 3237 0 254 487680 0
lkpicurr 168 2 2350 2 0 62 395136 0
lkpimm 168 1 2327 1 0 62 391104 0
256 Bucket 2048 154 16 1082 0 8 348160 0
malloc-65536 65536 5 0 5 0 1 327680 0
THREAD 1808 155 21 2789 0 8 318208 0
VNODE 448 557 109 2396 0 30 298368 0
malloc-64 64 3865 482 3867 0 254 278208 0
malloc-128 128 1829 217 1840 0 126 261888 0
MAP ENTRY 96 2199 321 163581 0 126 241920 0
malloc-16 16 14605 395 14671 0 254 240000 0
DEVCTL 1024 21 199 151 0 0 225280 0
malloc-16384 16384 8 5 1860 0 1 212992 0
malloc-256 256 678 132 2641 0 62 207360 0
malloc-65536 65536 3 0 3 0 1 196608 0
malloc-128 128 1369 150 30455 0 126 194432 0
UMA Zones 768 244 0 244 0 16 187392 0
malloc-32 32 5317 353 5326 0 254 181440 0
FPU_save_area 832 157 41 3066 0 16 164736 0
S VFS Cache 104 999 405 2869 0 126 146016 0
FFS2 dinode 256 522 48 2359 0 62 145920 0
malloc-65536 65536 0 2 60 0 1 131072 0
malloc-65536 65536 0 2 144 0 1 131072 0
malloc-1024 1024 120 8 290 0 16 131072 0
unpcb 256 11 499 1206 0 254 130560 0
malloc-256 256 334 176 5431 0 62 130560 0
mbuf_packet 256 2 506 1931 0 254 130048 0
ksiginfo 112 63 981 342 0 126 116928 0
malloc-128 128 673 226 3982 0 126 115072 0
VMSPACE 2552 34 11 2646 0 4 114840 0
malloc-2048 2048 13 43 3112 0 8 114688 0
malloc-128 128 710 65 4977 0 126 99200 0
PROC 1352 50 22 2661 0 8 97344 0
UMA Kegs 384 230 3 230 0 30 89472 0
128 Bucket 1024 45 38 600 0 16 84992 0
malloc-64 64 784 539 13732 0 254 84672 0
malloc-64 64 585 738 6135 0 254 84672 0
clpbuf 2624 0 32 18 0 16 83968 0
filedesc0 1072 51 26 2662 0 8 82544 0
sctp_readq 152 1 519 2420 0 254 79040 0
malloc-8192 8192 9 0 9 0 1 73728 0
malloc-8192 8192 7 2 110 0 1 73728 0
g_bio 408 0 180 4654 0 30 73440 0
64 Bucket 512 72 64 3125 0 30 69632 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 0 2 120 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-16384 16384 4 0 4 0 1 65536 0
malloc-4096 4096 15

syzbot

unread,
May 24, 2022, 8:34:37 AM5/24/22
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:

HEAD commit: 81cea61f3b3a bin/sleep: document more non-standard features
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=14459203f00000
dashboard link: https://syzkaller.appspot.com/bug?extid=e256d42e9b390564530a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1624c7c5f00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=134b79c5f00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e256d4...@syzkaller.appspotmail.com

login: panic: Counter goes negative
cpuid = 1
time = 1653395535
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe00540a1390
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe00540a14f0
vpanic() at vpanic+0x2b8/frame 0xfffffe00540a15d0
panic() at panic+0xb5/frame 0xfffffe00540a1690
sctp_sorecvmsg() at sctp_sorecvmsg+0x30ea/frame 0xfffffe00540a1940
sctp_soreceive() at sctp_soreceive+0x242/frame 0xfffffe00540a1c40
soreceive() at soreceive+0xf6/frame 0xfffffe00540a1cb0
soaio_process_sb() at soaio_process_sb+0xa03/frame 0xfffffe00540a1ea0
soaio_kproc_loop() at soaio_kproc_loop+0x180/frame 0xfffffe00540a1ef0
fork_exit() at fork_exit+0xd0/frame 0xfffffe00540a1f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00540a1f30
--- trap 0xc, rip = 0x8227b693a, rsp = 0x820728f88, rbp = 0x820729070 ---
KDB: enter: panic
[ thread pid 796 tid 100091 ]
Stopped at kdb_enter+0x6b: movq $0,0x275ac7a(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0
rax 0x12
rcx 0xfffffe00033eee30
rdx 0xdffff7c000000000
rbx 0
rsp 0xfffffe00540a14d0
rbp 0xfffffe00540a14f0
rsi 0x1
rdi 0
r8 0x3
r9 0xffffffff
r10 0
r11 0xfffffe0058bbc8b0
r12 0xfffffe0058bbc3a0
r13 0xfffffe00540a1501
r14 0xffffffff82b56680 .str.26
r15 0xffffffff82b56680 .str.26
rip 0xffffffff8171a91b kdb_enter+0x6b
rflags 0x46
kdb_enter+0x6b: movq $0,0x275ac7a(%rip)
db> show proc
Process 796 (soaiod4) at 0xfffffe0053de1a90:
state: NORMAL
uid: 0 gids: 0
parent: pid 0 at 0xffffffff83e18c00
ABI: null
flag: 0x10000204 flag2: 0
reaper: 0xffffffff83e18c00 reapsubtree: 796
sigparent: 20
vmspace: 0xfffffe0092ffb000
(map 0xfffffe0092ffb000)
(map.pmap 0xfffffe0092ffb0c0)
(pmap 0xfffffe0092ffb128)
threads: 1
100091 Run CPU 1 [soaiod4]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
900 783 777 0 R syz-executor3365552
899 781 777 0 R syz-executor3365552
898 784 777 0 R syz-executor3365552
897 780 777 0 R CPU 0 syz-executor3365552
796 0 0 0 RL CPU 1 [soaiod4]
795 0 0 0 DL - 0xffffffff83f62940 [soaiod3]
794 0 0 0 DL - 0xffffffff83f62940 [soaiod2]
793 0 0 0 DL - 0xffffffff83f62940 [soaiod1]
792 0 0 0 DL aiordy 0xfffffe0092d5d000 [aiod5]
791 0 0 0 DL aiordy 0xfffffe0092d5d548 [aiod4]
790 0 0 0 DL aiordy 0xfffffe0092d5da90 [aiod3]
789 0 0 0 DL aiordy 0xfffffe0092d5e000 [aiod2]
786 0 0 0 DL aiordy 0xfffffe008fe74000 [aiod1]
784 779 777 0 S nanslp 0xffffffff83e42c01 syz-executor3365552
783 779 777 0 S nanslp 0xffffffff83e42c01 syz-executor3365552
781 779 777 0 R syz-executor3365552
780 779 777 0 R syz-executor3365552
779 777 777 0 S nanslp 0xffffffff83e42c01 syz-executor3365552
777 775 777 0 Ss pause 0xfffffe008fe700b0 csh
775 688 775 0 Ss select 0xfffffe0056f6aa40 sshd
754 1 754 0 Ss+ ttyin 0xfffffe00574764b0 getty
753 1 753 0 Ss+ ttyin 0xfffffe00579c58b0 getty
752 1 752 0 Ss+ ttyin 0xfffffe00579c5cb0 getty
751 1 751 0 Ss+ ttyin 0xfffffe00579c60b0 getty
750 1 750 0 Ss+ ttyin 0xfffffe00579c64b0 getty
749 1 749 0 Ss+ ttyin 0xfffffe00579c68b0 getty
748 1 748 0 Ss+ ttyin 0xfffffe00579c6cb0 getty
747 1 747 0 Ss+ ttyin 0xfffffe00579c70b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe00579c74b0 getty
744 1 18 0 S+ piperd 0xfffffe0058b385d0 logger
743 742 18 0 S+ nanslp 0xffffffff83e42c00 sleep
742 1 18 0 S+ wait 0xfffffe0092643548 sh
692 1 692 0 Ss nanslp 0xffffffff83e42c01 cron
688 1 688 0 Ss select 0xfffffe0056f6ac40 sshd
501 1 501 0 Ss select 0xfffffe0056f6b040 syslogd
430 1 430 0 Ss select 0xfffffe0056f6bf40 devd
429 1 429 65 Ss select 0xfffffe0056f6b3c0 dhclient
344 1 344 0 Ss select 0xfffffe0056f6b140 dhclient
341 1 341 0 Ss select 0xfffffe0056f6b340 dhclient
17 0 0 0 DL syncer 0xffffffff83f68460 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0056fa0a90 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83f66a60 [bufdaemon]
100082 D - 0xffffffff83211f80 [bufspacedaemon-0]
100095 D sdflush 0xfffffe00574728e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83f9a500 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83f8e3b8 [dom0]
100080 D launds 0xffffffff83f8e3c4 [laundry: dom0]
100081 D umarcl 0xffffffff81e481e0 [uma]
7 0 0 0 DL - 0xffffffff83bff228 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff84696550 [pf purge]
5 0 0 0 DL waiting 0xffffffff849c94a0 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100044 D - 0xffffffff83aa21c0 [doneq0]
100045 D - 0xffffffff83aa2140 [async]
100076 D - 0xffffffff83aa1fc0 [scanner]
14 0 0 0 DL seqstat 0xfffffe0053fd7488 [sequencer 00]
3 0 0 0 DL (threaded) [crypto]
100040 D crypto_ 0xffffffff83f89be0 [crypto]
100041 D crypto_ 0xfffffe0053ecd830 [crypto returns 0]
100042 D crypto_ 0xfffffe0053ecd880 [crypto returns 1]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff83e18200 [g_event]
100036 D - 0xffffffff83e18220 [g_up]
100037 D - 0xffffffff83e18240 [g_down]
2 0 0 0 WL (threaded) [clock]
100029 I [clock (0)]
100030 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100015 I [swi5: fast taskq]
100018 I [swi6: task queue]
100019 I [swi6: Giant taskq]
100031 I [swi1: netisr 0]
100032 I [swi1: hpts]
100033 I [swi1: hpts]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq33: virtio_pci2]
100060 I [irq34: virtio_pci2]
100061 I [irq35: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0053de1000 [init]
10 0 0 0 DL audit_w 0xffffffff83f8a6c0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff83e18c00 [swapper]
100005 D - 0xfffffe0053e84100 [if_config_tqg_0]
100006 D - 0xfffffe0053e84000 [softirq_0]
100007 D - 0xfffffe0053e83e00 [softirq_1]
100008 D - 0xfffffe0053e83d00 [if_io_tqg_0]
100009 D - 0xfffffe0053e83c00 [if_io_tqg_1]
100010 D - 0xfffffe000795a100 [inm_free taskq]
100011 D - 0xfffffe000795a000 [linuxkpi_irq_wq]
100012 D - 0xfffffe0007959e00 [in6m_free taskq]
100013 D - 0xfffffe0007959d00 [deferred_unmount ta]
100014 D - 0xfffffe0007959c00 [thread taskq]
100016 D - 0xfffffe0007959a00 [kqueue_ctx taskq]
100017 D - 0xfffffe0007959900 [pci_hp taskq]
100020 D - 0xfffffe0007959600 [aiod_kick taskq]
100021 D - 0xfffffe0007959500 [linuxkpi_short_wq_0]
100022 D - 0xfffffe0007959500 [linuxkpi_short_wq_1]
100023 D - 0xfffffe0007959500 [linuxkpi_short_wq_2]
100024 D - 0xfffffe0007959500 [linuxkpi_short_wq_3]
100025 D - 0xfffffe0007959400 [linuxkpi_long_wq_0]
100026 D - 0xfffffe0007959400 [linuxkpi_long_wq_1]
100027 D - 0xfffffe0007959400 [linuxkpi_long_wq_2]
100028 D - 0xfffffe0007959400 [linuxkpi_long_wq_3]
100034 D - 0xfffffe0007959300 [firmware taskq]
100038 D - 0xfffffe0007959200 [crypto_0]
100039 D - 0xfffffe0007959200 [crypto_1]
100055 D - 0xfffffe0007959000 [vtnet0 rxq 0]
100056 D - 0xfffffe0007958e00 [vtnet0 txq 0]
100057 D - 0xfffffe0007958d00 [vtnet0 rxq 1]
100058 D - 0xfffffe0007958c00 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0056f6c000 [virtio_balloon]
100066 D - 0xffffffff82b5c501 [deadlkres]
100070 D - 0xfffffe000795a200 [mca taskq]
100071 D - 0xfffffe00585ef600 [acpi_task_0]
100072 D - 0xfffffe00585ef600 [acpi_task_1]
100073 D - 0xfffffe00585ef600 [acpi_task_2]
100075 D - 0xfffffe0007959100 [CAM taskq]
db> show all locks
Process 900 (syz-executor3365552) thread 0xfffffe0058dfc560 (100098)
exclusive rw vm object (vm object) r = 0 (0xfffffe009278dd68) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_fault.c:1495
shared sx vm map (user) (vm map (user)) r = 0 (0xfffffe0092ffc450) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:4934
Process 796 (soaiod4) thread 0xfffffe0058bbc3a0 (100091)
exclusive sleep mutex sctp-read (inpr) r = 0 (0xfffffe0092dab0b0) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctputil.c:6037
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe008fe62cc0) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4165
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
tcp_hpts 7 4801K 7
devbuf 4217 4323K 4242
sysctloid 35322 2081K 35393
vtbuf 24 1968K 46
kobj 328 1312K 490
newblk 564 1165K 591
vfscache 3 1025K 3
pcb 25 543K 456
inodedep 44 529K 71
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 115 250K 959
acpica 1674 184K 57552
vnet_data 1 168K 1
tidhash 3 141K 3
vmem 3 138K 4
linker 358 134K 386
pagedep 14 132K 18
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 114
bus 995 81K 5208
mtx_pool 2 72K 2
syncache 1 68K 1
module 514 65K 514
acpitask 1 64K 1
ddb_capture 1 64K 1
kdtrace 182 35K 1026
umtx 264 33K 264
temp 17 33K 1606
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
gtaskqueue 18 26K 18
kbdmux 6 22K 6
DEVFS_RULE 56 20K 56
BPF 10 18K 10
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
ithread 97 16K 97
bus-sc 34 15K 1681
KTRACE 100 13K 100
eventhandler 136 12K 136
kenv 95 12K 95
ifaddr 30 12K 32
rman 88 11K 431
GEOM 61 11K 490
routetbl 50 11K 176
CAM queue 5 11K 1528
cred 36 9K 234
UART 12 9K 12
devstat 4 9K 4
ksem 1 8K 1
rpc 2 8K 2
bmsafemap 1 8K 40
shmfd 1 8K 1
pfs_vncache 1 8K 1
sctp_timw 30 8K 30
pfs_nodes 20 8K 20
audit_evclass 237 8K 296
taskqueue 63 7K 63
sglist 5 7K 5
CAM DEV 3 6K 510
ufs_dirhash 24 5K 24
UMA 272 5K 272
dirrem 17 5K 28
plimit 17 5K 322
vt 11 5K 11
ifnet 3 5K 3
memdesc 1 4K 1
MCA 32 4K 32
filedesc 1 4K 1
evdev 4 4K 4
kqueue 57 4K 903
pwddesc 57 4K 901
acpisem 28 4K 28
hhook 15 4K 17
ether_multi 40 4K 50
diradd 25 4K 36
lltable 11 4K 11
pf_ifnet 5 3K 6
in6_multi 25 3K 25
terminal 11 3K 11
session 20 3K 31
proc-args 70 3K 1832
uidinfo 3 3K 8
local_apic 1 2K 1
io_apic 1 2K 1
fpukern_ctx 2 2K 2
ipsec-saq 2 2K 2
sctp_atcl 5 2K 419
selfd 27 2K 10428
Unitno 27 2K 39
CAM XPT 22 2K 543
lockf 15 2K 22
msi 12 2K 12
ipsecpolicy 2 2K 2
acpidev 20 2K 20
clone 9 2K 9
sctp_stro 1 1K 105
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
vnodemarker 2 1K 10
NFSD session 1 1K 1
CAM periph 4 1K 271
select 7 1K 29
ipsec 3 1K 3
indirdep 3 1K 3
nhops 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
sctp_ifa 5 1K 6
crypto 4 1K 4
ip6ndp 4 1K 5
encap_export_host 12 1K 12
sctp_stri 1 1K 210
newdirblk 4 1K 8
mkdir 4 1K 16
in_multi 2 1K 4
pfil 4 1K 4
cdev 2 1K 2
chacha20random 1 1K 1
osd 7 1K 18
inpcbpolicy 10 1K 139
sctp_ifn 2 1K 6
sctp_atky 6 1K 629
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFSP 4 1K 9
DEVFS 9 1K 10
freework 1 1K 26
mld 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
CAM SIM 2 1K 2
feeder 7 1K 7
tcpfunc 3 1K 3
CC Mem 3 1K 7
loginclass 3 1K 7
prison 6 1K 6
lkpikmalloc 5 1K 6
aesni_data 2 1K 2
cryptodev 2 1K 49
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
CAM path 4 1K 1034
procdesc 1 1K 6
pmchooks 1 1K 1
soname 4 1K 3681
filecaps 4 1K 66
tun 3 1K 3
sctp_athm 5 1K 524
sctp_vrf 1 1K 1
vnet 1 1K 1
entropy 2 1K 35
pmc 1 1K 1
acpiintr 1 1K 1
sctp_map 2 1K 210
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
mqdata 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 104
sctp_iter 0 0K 4
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 4
sctp_aadr 0 0K 0
filemon 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
tcp_do 0 0K 0
tcp_fsb 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
ixl 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
xen_intr 0 0K 0
NFSD V4state 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
DEVFS4 0 0K 0
vm_fictitious 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
UMAHash 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 18
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 3
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefile 0 0K 9
freeblks 0 0K 25
freefrag 0 0K 1
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
vtfont 0 0K 0
ip6opt 0 0K 3
statfs 0 0K 196
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 3
nvme_da 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
CAM CCB 0 0K 523
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 27
iov 0 0K 13602
ioctlops 0 0K 86
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
sbuf 0 0K 288
mpr_user 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
MPRSAS 0 0K 0
SWAP 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
sysctltmp 0 0K 658
sysctl 0 0K 3
md_sectors 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
cache 0 0K 0
aacraidcam 0 0K 0
kcovinfo 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8320 1078 13497 0 254 38494208 0
mbuf 256 8579 1083 20190 0 254 2473472 0
pbuf 2624 0 794 0 0 2 2083456 0
BUF TRIE 144 172 11616 447 0 62 1697472 0
malloc-384 384 4169 31 4509 0 30 1612800 0
malloc-128 128 11647 226 11681 0 126 1519744 0
malloc-4096 4096 328 2 493 0 2 1351680 0
UMA Slabs 0 112 10575 3 10575 0 126 1184736 0
sctp_asoc 2256 1 509 105 0 254 1150560 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 16568 31 16568 0 254 929544 0
sctp_ep 1208 3 507 209 0 254 616080 0
FFS inode 1160 499 19 508 0 8 600880 0
tcpcb 1104 3 508 7 0 254 564144 0
RADIX NODE 144 3314 181 20387 0 62 503280 0
socket 960 19 489 1544 0 254 487680 0
VM OBJECT 264 1457 73 25313 0 30 403920 0
lkpimm 168 1 2327 1 0 62 391104 0
lkpicurr 168 2 2326 2 0 62 391104 0
sctp_raddr 736 1 516 105 0 254 380512 0
malloc-65536 65536 4 1 140 0 1 327680 0
256 Bucket 2048 150 10 911 0 8 327680 0
malloc-64 64 4130 217 5493 0 254 278208 0
malloc-4096 4096 63 1 907 0 2 262144 0
VNODE 448 529 47 540 0 30 258048 0
malloc-16 16 14655 345 14729 0 254 240000 0
THREAD 1808 124 8 124 0 8 238656 0
malloc-256 256 807 123 1191 0 62 238080 0
DEVCTL 1024 0 220 126 0 0 225280 0
MAP ENTRY 96 1720 296 86554 0 126 193536 0
malloc-32 32 5361 561 5938 0 254 189504 0
UMA Zones 768 244 0 244 0 16 187392 0
malloc-128 128 1203 192 26870 0 126 178560 0
malloc-2048 2048 5 75 1061 0 8 163840 0
malloc-1024 1024 117 27 325 0 16 147456 0
FFS2 dinode 256 499 71 508 0 62 145920 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 0 2 54 0 1 131072 0
unpcb 256 7 503 1179 0 254 130560 0
mbuf_packet 256 0 508 1417 0 254 130048 0
S VFS Cache 104 966 204 1003 0 126 121680 0
FPU_save_area 832 126 18 139 0 16 119808 0
ksiginfo 112 47 997 63 0 126 116928 0
VMSPACE 2552 31 11 876 0 4 107184 0
malloc-128 128 525 250 3836 0 126 99200 0
UMA Kegs 384 230 3 230 0 30 89472 0
128 Bucket 1024 42 41 468 0 16 84992 0
filedesc0 1072 57 20 901 0 8 82544 0
sctp_readq 152 1 519 204 0 254 79040 0
sctp_chunk 152 2 518 313 0 254 79040 0
PROC 1352 56 1 900 0 8 77064 0
malloc-8192 8192 7 2 136 0 1 73728 0
g_bio 408 0 180 4622 0 30 73440 0
64 Bucket 512 65 71 1579 0 30 69632 0
malloc-64 64 522 549 1929 0 254 68544 0
malloc-128 128 330 197 480 0 126 67456 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 0 2 120 0 1 65536 0
malloc-16384 16384 3 1 163 0 1 65536 0
malloc-4096 4096 13 3 27 0 2 65536 0
malloc-2048 2048 7 25 404 0 8 65536 0
malloc-256 256 171 84 184 0 62 65280 0
sctp_stream_msg_out 112 0 540 209 0 254 60480 0
malloc-64 64 504 315 740 0 254 52416 0
malloc-128 128 152 251 639 0 126 51584 0
malloc-128 128 288 115 1062 0 126 51584 0
malloc-256 256 73 122 798 0 62 49920 0
32 Bucket 256 60 135 11305 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
NAMEI 1024 0 48 12233 0 16 49152 0
malloc-8192 8192 6 0 6 0 1 49152 0
syncache 168 0 264 5 0 254 44352 0
clpbuf 2624 0 16 19 0 16 41984 0
malloc-8192 8192 4 1 6 0 1 40960 0
malloc-8192 8192 5 0 5 0 1 40960 0
Mountpoints 2752 2 12 2 0 4 38528 0
udp_inpcb 424 6 84 128 0 30 38160 0
da_ccb 544 0 70 1267 0 16 38080 0
pcpu-8 8 4223 385 4251 0 254 36864 0
malloc-64 64 0 567 13178 0 254 36288 0
malloc-64 64 136 431 155 0 254 36288 0
malloc-64 64 107 460 11408 0 254 36288 0
malloc-64 64 78 489 1174 0 254 36288 0
malloc-64 64 13 554 31 0 254 36288 0
malloc-128 128 137 142 189 0 126 35712 0
malloc-128 128 35 244 111 0 126 35712 0
routing nhops 256 10 125 17 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 56 34 112 0 30 34560 0
malloc-384 384 58 32 59 0 30 34560 0
malloc-256 256 2 133 285 0 62 34560 0
malloc-256 256 18 117 23 0 62 34560 0
malloc-256 256 57 78 655 0 62 34560 0
malloc-256 256 53 82 265 0 62 34560 0
malloc-256 256 10 125 565 0 62 34560 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-16384 16384 2 0 17 0 1 32768 0
malloc-2048 2048 3 13 65 0 8 32768 0
malloc-2048 2048 4 12 13 0 8 32768 0
malloc-2048 2048 9 7 10 0 8 32768 0
malloc-1024 1024 27 5 38 0 16 32768 0
malloc-1024 1024 8 24 112 0 16 32768 0
malloc-1024 1024 6 26 530 0 16 32768 0
malloc-1024 1024 6 26 874 0 16 32768 0
malloc-512 512 11 53 19 0 30 32768 0
malloc-512 512 3 61 170 0 30 32768 0
malloc-512 512 2 62 12 0 30 32768 0
pcpu-64 64 493 19 493 0 254 32768 0
ttyinq 160 135 65 300 0 62 32000 0
cpuset 104 7 272 7 0 126 29016 0
malloc-32 32 269 613 3406 0 254 28224 0
16 Bucket 144 44 152 226 0 62 28224 0
4 Bucket 48 6 582 58 0 254 28224 0
AIO 208 1 132 105 0 62 27664 0
tcp_inpcb 424 3 60 7 0 30 26712 0
ripcb 424 1 62 4 0 30 26712 0
pipe 744 7 28 284 0 16 26040 0
TURNSTILE 136 133 56 133 0 62 25704 0
malloc-4096 4096 4 2 630 0 2 24576 0
malloc-4096 4096 6 0 6 0 2 24576 0
rtentry 176 13 125 17 0 62 24288 0
PGRP 88 20 256 31 0 126 24288 0
ertt_txseginfo 40 0 606 315 0 254 24240 0
rl_entry 40 30 576 30 0 254 24240 0
Files 80 72 228 6790 0 126 24000 0
8 Bucket 80 42 258 485 0 126 24000 0
malloc-384 384 27 33 29 0 30 23040 0
malloc-384 384 7 53 421 0 30 23040 0
malloc-384 384 30 30 30 0 30 23040 0
SLEEPQUEUE 88 133 123 133 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
udpcb 32 6 624 128 0 254 20160 0
udp_inpcb ports 32 3 627 40 0 254 20160 0
AIOP 32 5 625 5 0 254 20160 0
ertt 72 3 277 7 0 126 20160 0
PWD 32 10 620 100 0 254 20160 0
malloc-32 32 5 625 223 0 254 20160 0
malloc-32 32 116 514 297 0 254 20160 0
malloc-32 32 33 597 35 0 254 20160 0
malloc-32 32 63 567 345 0 254 20160 0
malloc-32 32 23 607 1072 0 254 20160 0
2 Bucket 32 45 585 292 0 254 20160 0
AIOCB 552 1 34 105 0 16 19320 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 1 3 197 0 2 16384 0
malloc-4096 4096 3 1 3 0 2 16384 0
malloc-2048 2048 3 5 3 0 8 16384 0
malloc-2048 2048 1 7 1 0 8 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-1024 1024 4 12 4 0 16 16384 0
malloc-1024 1024 1 15 1 0 16 16384 0
malloc-512 512 0 32 1 0 30 16384 0
malloc-512 512 3 29 212 0 30 16384 0
SMR CPU 32 7 504 7 0 254 16352 0
sctp_laddr 48 0 336 4 0 254 16128 0
malloc-16 16 478 522 3438 0 254 16000 0
kenv 258 15 45 1037 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
vmem 1856 1 7 1 0 8 14848 0
SMR SHARED 24 7 504 7 0 254 12264 0
tcp_inpcb ports 32 1 377 1 0 254 12096 0
malloc-32 32 81 297 892 0 254 12096 0
KNOTE 160 0 75 8 0 62 12000 0
malloc-16 16 9 741 402 0 254 12000 0
malloc-16 16 18 732 131 0 254 12000 0
malloc-16 16 16 734 56 0 254 12000 0
malloc-16 16 39 711 26776 0 254 12000 0
malloc-16 16 23 727 1251 0 254 12000 0
malloc-16 16 13 737 269 0 254 12000 0
malloc-384 384 0 30 1 0 30 11520 0
malloc-384 384 1 29 1 0 30 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-8192 8192 1 0 1 0 1 8192 0
pcpu-16 16 14 498 14 0 254 8192 0
vtnet_tx_hdr 24 1 333 1766 0 254 8016 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
pcpu-4 4 1 511 1 0 254 2048 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 312 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tcp_rack_pcb 896 0 0 0 0 16 0 0
tcp_rack_map 120 0 0 0 0 126 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
tcptw 72 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb ports 32 0 0 0 0 254 0 0
udplite_inpcb 424 0 0 0 0 30 0 0
ripcb ports 32 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 224 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
cryptop 280 0 0 0 0 30 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 144 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 120 0 0 0 0 126 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 64 0 0
mdpbuf 2624 0 0 0 0 3 0 0
nfspbuf 2624 0 0 0 0 16 0 0
swwbuf 2624 0 0 0 0 8 0 0
swrbuf 2624 0 0 0 0 16 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-8192 8192 0 0 0 0 1 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-1024 1024 0 0
Reply all
Reply to author
Forward
0 new messages