Fatal trap NUM: page fault in in6_unlink_ifa (4)
0 views
Skip to first unread message
syzbot
Mar 16, 2024, 5:09:18 PMMar 16
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 75464941dc17 kldxref: Fix bootstrapping on macOS with Clan..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=168889a5180000
dashboard link: https://syzkaller.appspot.com/bug?extid=0a2b4d3c77871a63383b
userspace arch: i386
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0a2b4d...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x28
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff81a0b27c
stack pointer = 0x28:0xfffffe0075f1d680
frame pointer = 0x28:0xfffffe0075f1d770
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 91597 (ifconfig)
rdi: 0000000000000028 rsi: 0000000000000000 rdx: 0000000000000000
rcx: fffffe00033eee30 r8: 0000000000000000 r9: 0000000000000001
rax: fffffe00033eee30 rbx: fffffe00742b4480 rbp: fffffe0075f1d770
FreeBSD/amd64r10: 0000000000000007 r11: 0000000000000006 r12: 0000000000000028
(ci-freebsd-i38r13: fffffe0073a711b8 r14: fffffe0073a71000 r15: 0000000000000000
6-0.c.syzkaller.trap number = 12
panic: page fault
cpuid = 0
time = 1710623318
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0075f1cdb0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0075f1cf10
vpanic() at vpanic+0x26a/frame 0xfffffe0075f1d0d0
panic() at panic+0xb5/frame 0xfffffe0075f1d190
trap_fatal() at trap_fatal+0x7f1/frame 0xfffffe0075f1d2b0
trap_pfault() at trap_pfault+0x179/frame 0xfffffe0075f1d3d0
trap() at trap+0x5f3/frame 0xfffffe0075f1d5b0
calltrap() at calltrap+0x8/frame 0xfffffe0075f1d5b0
--- trap 0xc, rip = 0xffffffff81a0b27c, rsp = 0xfffffe0075f1d680, rbp = 0xfffffe0075f1d770 ---
in6_unlink_ifa() at in6_unlink_ifa+0xdc/frame 0xfffffe0075f1d770
in6_purgeaddr() at in6_purgeaddr+0x7db/frame 0xfffffe0075f1da70
in6_update_ifa() at in6_update_ifa+0x2340/frame 0xfffffe0075f1e0d0
in6_ifattach() at in6_ifattach+0xc69/frame 0xfffffe0075f1e4d0
in6_if_up() at in6_if_up+0x194/frame 0xfffffe0075f1e590
if_up() at if_up+0x14d/frame 0xfffffe0075f1e5d0
ifhwioctl() at ifhwioctl+0x1f04/frame 0xfffffe0075f1e890
ifioctl() at ifioctl+0xd5e/frame 0xfffffe0075f1ead0
kern_ioctl() at kern_ioctl+0x4c3/frame 0xfffffe0075f1ebb0
sys_ioctl() at sys_ioctl+0x367/frame 0xfffffe0075f1ed10
amd64_syscall() at amd64_syscall+0x473/frame 0xfffffe0075f1ef30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0075f1ef30
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x82268c2ca, rsp = 0x8207b8678, rbp = 0x8207b86d0 ---
KDB: enter: panic
[ thread pid 91597 tid 122851 ]
Stopped at kdb_enter+0x6e: movq $0,0x2191ce7(%rip)
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
rdx 0
rbx 0xffffffff82702500 .str.27
rsp 0xfffffe0075f1cef0
rbp 0xfffffe0075f1cf10
rsi 0
rdi 0xffffffff815e2839 printf+0x149
r8 0
r9 0xffffffff
r10 0x1
r11 0x1
r12 0xfffffe0070008000
r13 0xfffffffffffffffe
r14 0xffffffff82702500 .str.27
r15 0
rip 0xffffffff815cf32e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x2191ce7(%rip)
db> show proc
Process 91597 (ifconfig) at 0xfffffe00700245a0:
state: NORMAL
uid: 0 gids: 0
parent: pid 91557 at 0xfffffe0070025060
ABI: FreeBSD ELF64
flag: 0x10004000 flag2: 0
arguments: /sbin/ifconfig tap0 up
reaper: 0xfffffe00541de040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0073a1c000
(map 0xfffffe0073a1c000)
(map.pmap 0xfffffe0073a1c0c0)
(pmap 0xfffffe0073a1c130)
threads: 1
122851 Run CPU 0 ifconfig
db> ps
pid ppid pgrp uid state wmesg wchan cmd
91605 91573 91573 0 RV syz-executor.2
91604 91585 91585 0 R sh
91599 91587 91587 0 R sh
91597 91557 424 0 R CPU 0 ifconfig
91587 768 91587 0 Ss wait 0xfffffe0070073060 syz-executor.0
91585 768 91585 0 Ss wait 0xfffffe0070070ac0 syz-executor.3
91573 768 91573 0 Ds ppwait 0xfffffe0070071a80 syz-executor.2
91557 91550 424 0 S wait 0xfffffe0070025060 sh
91550 424 424 0 S wait 0xfffffe006dca0ae0 sh
819 0 0 0 DL aiordy 0xfffffe0073a05580 [aiod4]
818 0 0 0 DL aiordy 0xfffffe0073a05ae0 [aiod3]
817 0 0 0 DL aiordy 0xfffffe0073a06040 [aiod2]
816 0 0 0 DL aiordy 0xfffffe0073a065a0 [aiod1]
768 766 766 0 S (threaded) syz-fuzzer
100090 S uwait 0xfffffe0057676180 syz-fuzzer
100114 S uwait 0xfffffe0057aa5880 syz-fuzzer
100115 S uwait 0xfffffe0057aa5980 syz-fuzzer
100116 S uwait 0xfffffe0057aa5a80 syz-fuzzer
100117 S wait 0xfffffe0057be8b00 syz-fuzzer
100118 S uwait 0xfffffe0057aa5c80 syz-fuzzer
100119 S kqread 0xfffffe0054093e00 syz-fuzzer
100120 S uwait 0xfffffe0057aa5e80 syz-fuzzer
100121 S uwait 0xfffffe0057674880 syz-fuzzer
100123 S uwait 0xfffffe0057674980 syz-fuzzer
100124 S wait 0xfffffe0057be8b00 syz-fuzzer
100125 S uwait 0xfffffe0057674b80 syz-fuzzer
104950 S wait 0xfffffe0057be8b00 syz-fuzzer
766 764 766 0 Ss pause 0xfffffe00541debb0 csh
764 682 764 0 Ss select 0xfffffe00079846c0 sshd
748 1 748 0 Ss+ ttyin 0xfffffe00576934b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe00576904b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0057bff4b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00576908b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0057690cb0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0057bff8b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0057bffcb0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0007c000b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0007c004b0 getty
686 1 686 0 Ss nanslp 0xffffffff83742401 cron
682 1 682 0 Ss select 0xfffffe006cc56440 sshd
495 1 495 0 Ds biowr 0xfffffe0007e0d6c8 syslogd
424 1 424 0 Ss wait 0xfffffe006a308020 devd
423 1 423 65 Ss select 0xfffffe005874f340 dhclient
338 1 338 0 Ss select 0xfffffe0007984440 dhclient
335 1 335 0 Ss select 0xfffffe0007984c40 dhclient
17 0 0 0 DL syncer 0xffffffff8385fb20 [syncer]
16 0 0 0 DL vlruwt 0xfffffe00571bd060 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff8385e100 [bufdaemon]
100082 D - 0xffffffff82c0a140 [bufspacedaemon-0]
100094 D sdflush 0xfffffe005406e0e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff838a7600 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff8388f478 [dom0]
100080 D launds 0xffffffff8388f484 [laundry: dom0]
100081 D umarcl 0xffffffff81d69380 [uma]
7 0 0 0 DL - 0xffffffff834bfc30 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff84257ea0 [pf purge]
5 0 0 0 DL waiting 0xffffffff840995c0 [sctp_iterator]
4 0 0 0 RL (threaded) [cam]
100044 Run CPU 1 [doneq0]
100045 D - 0xffffffff8348a2c0 [async]
100076 D - 0xffffffff8348a140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff8388aca0 [crypto]
100042 D crypto_ 0xfffffe005710fe30 [crypto returns 0]
100043 D crypto_ 0xfffffe005710fe80 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe00085fc488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff836ead80 [g_event]
100036 D - 0xffffffff836eada0 [g_up]
100037 D - 0xffffffff836eadc0 [g_down]
2 0 0 0 WL (threaded) [clock]
100029 I [clock (0)]
100030 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100012 I [swi6: task queue]
100013 I [swi6: Giant taskq]
100015 I [swi5: fast taskq]
100031 I [swi1: netisr 0]
100032 I [swi1: hpts]
100033 I [swi1: hpts]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq33: virtio_pci2]
100060 I [irq34: virtio_pci2]
100061 I [irq35: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs nanslp 0xffffffff83742400 [init]
10 0 0 0 DL audit_w 0xffffffff8388b700 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff836eb760 [swapper]
100005 D - 0xfffffe005420e000 [softirq_0]
100006 D - 0xfffffe005420de00 [softirq_1]
100007 D - 0xfffffe005420dd00 [if_io_tqg_0]
100008 D - 0xfffffe005420dc00 [if_io_tqg_1]
100009 D - 0xfffffe005420db00 [if_config_tqg_0]
100010 D - 0xfffffe0007968200 [pci_hp taskq]
100011 D - 0xfffffe0007968100 [kqueue_ctx taskq]
100014 D - 0xfffffe0007967d00 [thread taskq]
100016 D - 0xfffffe0007967b00 [aiod_kick taskq]
100017 D - 0xfffffe0007967a00 [deferred_unmount ta]
100018 D - 0xfffffe0007967900 [inm_free taskq]
100019 D - 0xfffffe0007967800 [in6m_free taskq]
100020 D - 0xfffffe0007967700 [linuxkpi_irq_wq]
100021 D - 0xfffffe0007967600 [linuxkpi_short_wq_0]
100022 D - 0xfffffe0007967600 [linuxkpi_short_wq_1]
100023 D - 0xfffffe0007967600 [linuxkpi_short_wq_2]
100024 D - 0xfffffe0007967600 [linuxkpi_short_wq_3]
100025 D - 0xfffffe0007967500 [linuxkpi_long_wq_0]
100026 D - 0xfffffe0007967500 [linuxkpi_long_wq_1]
100027 D - 0xfffffe0007967500 [linuxkpi_long_wq_2]
100028 D - 0xfffffe0007967500 [linuxkpi_long_wq_3]
100034 D - 0xfffffe0007967200 [firmware taskq]
100039 D - 0xfffffe0007967000 [crypto_0]
100040 D - 0xfffffe0007967000 [crypto_1]
100055 D - 0xfffffe0007966d00 [vtnet0 rxq 0]
100056 D - 0xfffffe0007966c00 [vtnet0 txq 0]
100057 D - 0xfffffe0007966b00 [vtnet0 rxq 1]
100058 D - 0xfffffe0007966a00 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0007985b00 [virtio_balloon]
100066 D - 0xffffffff82707740 [deadlkres]
100070 D - 0xfffffe0057b2aa00 [acpi_task_0]
100071 D - 0xfffffe0057b2aa00 [acpi_task_1]
100072 D - 0xfffffe0057b2aa00 [acpi_task_2]
100074 D - 0xfffffe0007968300 [mca taskq]
100075 D - 0xfffffe0007966e00 [CAM taskq]
87048 1 86112 0 Z syz-executor.1
87052 1 86869 0 Z syz-executor.0
90128 1 90102 0 Z syz-executor.0
89114 1 424 0 Z rtsol
89115 1 424 0 Z rtsol
86043 1 85980 0 Z syz-executor.0
91164 1 91099 0 Z syz-executor.0
89116 1 89116 0 Z rtsol
91165 1 424 0 Z rtsol
89117 1 89117 0 Z rtsol
91166 1 424 0 Z rtsol
89118 1 89118 0 Z rtsol
91167 1 91167 0 Z rtsol
91168 1 91168 0 Z rtsol
91169 1 91169 0 Z rtsol
88098 1 424 0 Z dhclient
88099 1 424 0 Z dhclient
88101 1 88101 0 Z dhclient
86058 1 85979 0 Z syz-executor.1
89142 1 89119 0 Z syz-executor.2
91197 1 91170 0 Z syz-executor.1
89153 1 89130 0 Z syz-executor.0
85060 1 84982 0 Z syz-executor.3
89157 1 89128 0 Z syz-executor.1
89158 1 89131 0 Z syz-executor.3
85064 1 84981 0 Z syz-executor.1
86094 1 85988 0 Z syz-executor.2
85072 1 84985 0 Z syz-executor.0
85074 1 84984 0 Z syz-executor.2
91219 1 91171 0 Z syz-executor.3
86101 1 85987 0 Z syz-executor.3
91222 1 91173 0 Z syz-executor.2
90199 1 424 0 Z rtsol
90201 1 424 0 Z rtsol
86105 1 424 0 Z rtsol
86106 1 424 0 Z rtsol
90203 1 90203 0 Z rtsol
86107 1 86107 0 Z rtsol
90204 1 90204 0 Z rtsol
86108 1 86108 0 Z rtsol
90205 1 90205 0 Z rtsol
86109 1 86109 0 Z rtsol
91232 1 91200 0 Z syz-executor.0
90211 1 90164 0 Z syz-executor.3
89194 1 89159 0 Z syz-executor.2
90221 1 90174 0 Z syz-executor.1
89199 1 89162 0 Z syz-executor.0
89207 1 89166 0 Z syz-executor.1
88185 1 88185 0 Z dhclient
89211 1 89168 0 Z syz-executor.3
91261 1 91229 0 Z syz-executor.1
85118 1 85079 0 Z syz-executor.0
88197 1 88120 0 Z syz-executor.0
89223 1 424 0 Z dhclient
90248 1 90200 0 Z syz-executor.2
89224 1 424 0 Z dhclient
88200 1 87726 0 Z syz-executor.1
89225 1 89225 0 Z dhclient
85129 1 85077 0 Z syz-executor.1
91275 1 91231 0 Z syz-executor.3
90251 1 90216 0 Z syz-executor.0
91277 1 91233 0 Z syz-executor.2
90263 1 90253 0 Z syz-executor.3
90270 1 90257 0 Z syz-executor.1
89247 1 89226 0 Z syz-executor.2
89256 1 89233 0 Z syz-executor.3
89259 1 89228 0 Z syz-executor.0
89262 1 89231 0 Z syz-executor.1
85167 1 85082 0 Z syz-executor.2
85169 1 85076 0 Z syz-executor.3
90296 1 90269 0 Z syz-executor.0
90306 1 90268 0 Z syz-executor.2
89282 1 89263 0 Z syz-executor.2
90317 1 424 0 Z dhclient
91342 1 424 0 Z rtsol
90318 1 424 0 Z dhclient
91343 1 424 0 Z rtsol
91344 1 91344 0 Z rtsol
90320 1 90320 0 Z dhclient
89296 1 89267 0 Z syz-executor.3
91345 1 91345 0 Z rtsol
91346 1 91346 0 Z rtsol
89298 1 89270 0 Z syz-executor.1
89299 1 89269 0 Z syz-executor.0
90327 1 90304 0 Z syz-executor.3
85209 1 424 0 Z rtsol
85210 1 424 0 Z rtsol
85211 1 85211 0 Z rtsol
85212 1 85212 0 Z rtsol
90333 1 90322 0 Z syz-executor.1
85213 1 85213 0 Z rtsol
91369 1 91348 0 Z syz-executor.1
90346 1 90346 0 Z dhclient
89322 1 89300 0 Z syz-executor.2
91371 1 91282 0 Z syz-executor.0
90351 1 90334 0 Z syz-executor.0
91376 1 91358 0 Z syz-executor.2
91379 1 91355 0 Z syz-executor.3
89331 1 89307 0 Z syz-executor.0
89332 1 89304 0 Z syz-executor.1
89334 1 89302 0 Z syz-executor.3
90363 1 90337 0 Z syz-executor.2
85247 1 85214 0 Z syz-executor.0
89345 1 89335 0 Z syz-executor.2
85252 1 85225 0 Z syz-executor.2
90384 1 90359 0 Z syz-executor.1
90392 1 90353 0 Z syz-executor.3
89369 1 89344 0 Z syz-executor.1
85273 1 85215 0 Z syz-executor.1
85275 1 85233 0 Z syz-executor.3
89373 1 89342 0 Z syz-executor.3
90400 1 424 0 Z dhclient
89376 1 89340 0 Z syz-executor.0
90401 1 424 0 Z dhclient
90403 1 90403 0 Z dhclient
89384 1 89377 0 Z syz-executor.2
90409 1 90388 0 Z syz-executor.0
87344 1 424 0 Z dhclient
90417 1 90407 0 Z syz-executor.2
87345 1 424 0 Z dhclient
87346 1 87158 0 Z syz-executor.1
87347 1 87347 0 Z dhclient
91447 1 91381 0 Z syz-executor.1
88375 1 88335 0 Z syz-executor.0
90426 1 90418 0 Z syz-executor.1
88378 1 88336 0 Z syz-executor.1
87355 1 87355 0 Z dhclient
89409 1 89385 0 Z syz-executor.1
90437 1 90424 0 Z syz-executor.3
89414 1 89386 0 Z syz-executor.3
89418 1 89387 0 Z syz-executor.0
89419 1 89404 0 Z syz-executor.2
91469 1 91387 0 Z syz-executor.2
90448 1 90432 0 Z syz-executor.0
91473 1 424 0 Z dhclient
91474 1 424 0 Z dhclient
91476 1 91476 0 Z dhclient
90453 1 90439 0 Z syz-executor.2
91478 1 91391 0 Z syz-executor.3
89431 1 89431 0 Z dhclient
91482 1 91482 0 Z dhclient
91483 1 91384 0 Z syz-executor.0
90461 1 90454 0 Z syz-executor.1
90470 1 90462 0 Z syz-executor.3
89447 1 89420 0 Z syz-executor.1
91496 1 424 0 Z dhclient
91497 1 424 0 Z dhclient
91498 1 91498 0 Z dhclient
89451 1 89430 0 Z syz-executor.2
88429 1 88126 0 Z syz-executor.2
88436 1 87741 0 Z syz-executor.3
89464 1 89423 0 Z syz-executor.3
90489 1 90471 0 Z syz-executor.0
90492 1 90472 0 Z syz-executor.2
91517 1 91499 0 Z syz-executor.1
91518 1 91518 0 Z dhclient
90497 1 90484 0 Z syz-executor.1
90506 1 90498 0 Z syz-executor.3
91535 1 91504 0 Z syz-executor.2
91539 1 91508 0 Z syz-executor.3
91545 1 91510 0 Z syz-executor.0
90522 1 90507 0 Z syz-executor.0
90533 1 90511 0 Z syz-executor.1
90536 1 90508 0 Z syz-executor.2
85417 1 424 0 Z rtsol
85418 1 424 0 Z rtsol
85421 1 85421 0 Z rtsol
90542 1 90542 0 Z dhclient
85422 1 85422 0 Z rtsol
90544 1 90526 0 Z syz-executor.3
85424 1 85424 0 Z rtsol
88497 1 424 0 Z rtsol
88498 1 424 0 Z rtsol
88499 1 88499 0 Z rtsol
88500 1 88500 0 Z rtsol
88501 1 88501 0 Z rtsol
86460 1 424 0 Z dhclient
86462 1 424 0 Z dhclient
90560 1 424 0 Z dhclient
90561 1 424 0 Z dhclient
90562 1 90562 0 Z dhclient
88515 1 88502 0 Z syz-executor.0
86471 1 86471 0 Z dhclient
91594 1 91546 0 Z syz-executor.1
87498 1 87012 0 Z syz-executor.2
88523 1 88504 0 Z syz-executor.1
90575 1 90563 0 Z syz-executor.0
86482 1 86482 0 Z dhclient
89558 1 424 0 Z rtsol
89559 1 424 0 Z rtsol
90584 1 90584 0 Z dhclient
89560 1 89560 0 Z rtsol
89562 1 89562 0 Z rtsol
88539 1 88517 0 Z syz-executor.2
89564 1 89564 0 Z rtsol
90593 1 90569 0 Z syz-executor.1
90605 1 90571 0 Z syz-executor.2
90609 1 90576 0 Z syz-executor.3
88564 1 88518 0 Z syz-executor.3
87540 1 87520 0 Z syz-executor.1
88573 1 88565 0 Z syz-executor.0
84486 1 84486 0 Z rtsol
84487 1 84487 0 Z rtsol
84488 1 84488 0 Z rtsol
88591 1 88574 0 Z syz-executor.1
88597 1 88577 0 Z syz-executor.2
87582 1 87582 65 Z dhclient
89633 1 89600 0 Z syz-executor.2
85540 1 85285 0 Z syz-executor.2
84516 1 84489 0 Z syz-executor.3
89638 1 89596 0 Z syz-executor.1
85542 1 85288 0 Z syz-executor.1
84518 1 84491 0 Z syz-executor.0
87591 1 424 0 Z dhclient
87592 1 424 0 Z dhclient
89641 1 89608 0 Z syz-executor.3
87593 1 87593 0 Z dhclient
90666 1 424 0 Z rtsol
90667 1 424 0 Z rtsol
89643 1 89617 0 Z syz-executor.0
90668 1 90668 0 Z rtsol
87596 1 87596 0 Z dhclient
90669 1 90669 0 Z rtsol
90670 1 90670 0 Z rtsol
88629 1 88583 0 Z syz-executor.3
87607 1 87011 0 Z syz-executor.3
90682 1 90649 0 Z syz-executor.0
85567 1 85282 0 Z syz-executor.0
85568 1 85289 0 Z syz-executor.3
90693 1 90680 0 Z syz-executor.1
90707 1 90685 0 Z syz-executor.2
87635 1 87171 0 Z syz-executor.0
89684 1 89651 0 Z syz-executor.0
90709 1 90690 0 Z syz-executor.3
85589 1 85569 0 Z syz-executor.2
84569 1 84502 0 Z syz-executor.2
84571 1 84515 0 Z syz-executor.1
90718 1 90710 0 Z syz-executor.0
89694 1 89647 0 Z syz-executor.1
89695 1 89650 0 Z syz-executor.3
89697 1 89645 0 Z syz-executor.2
85602 1 85574 0 Z syz-executor.3
85604 1 85570 0 Z syz-executor.1
90732 1 90719 0 Z syz-executor.1
85632 1 424 0 Z dhclient
88705 1 424 0 Z rtsol
85633 1 424 0 Z dhclient
88706 1 424 0 Z rtsol
85634 1 85634 0 Z dhclient
88707 1 88707 0 Z rtsol
88709 1 88709 0 Z rtsol
88710 1 88710 0 Z rtsol
84614 1 84572 0 Z syz-executor.3
84617 1 84574 0 Z syz-executor.0
88726 1 88665 0 Z syz-executor.1
85659 1 85659 0 Z dhclient
88733 1 88609 0 Z syz-executor.0
90783 1 90733 0 Z syz-executor.2
84639 1 84611 0 Z syz-executor.1
89760 1 424 0 Z rtsol
89761 1 424 0 Z rtsol
89762 1 89762 0 Z rtsol
89763 1 89763 0 Z rtsol
84643 1 84609 0 Z syz-executor.2
89764 1 89764 0 Z rtsol
90791 1 90749 0 Z syz-executor.0
85672 1 85639 0 Z syz-executor.3
89783 1 89765 0 Z syz-executor.0
87736 1 424 0 Z rtsol
87737 1 424 0 Z rtsol
87738 1 87738 0 Z rtsol
87739 1 87739 0 Z rtsol
87740 1 87740 0 Z rtsol
89802 1 89777 0 Z syz-executor.3
89804 1 89767 0 Z syz-executor.1
88782 1 424 0 Z dhclient
88783 1 424 0 Z dhclient
88784 1 88784 0 Z dhclient
88787 1 88787 0 Z dhclient
90841 1 90789 0 Z syz-executor.1
90842 1 424 0 Z rtsol
90843 1 424 0 Z rtsol
90844 1 90844 0 Z rtsol
90845 1 90845 0 Z rtsol
90846 1 90846 0 Z rtsol
88799 1 88735 0 Z syz-executor.1
88804 1 88711 0 Z syz-executor.2
90864 1 90847 0 Z syz-executor.3
88816 1 424 0 Z dhclient
88817 1 424 0 Z dhclient
88818 1 88818 0 Z dhclient
85747 1 85635 0 Z syz-executor.2
88821 1 88821 0 Z dhclient
84725 1 424 0 Z rtsol
84726 1 424 0 Z rtsol
84727 1 84727 0 Z rtsol
85752 1 85705 0 Z syz-executor.0
84728 1 84728 0 Z rtsol
84729 1 84729 0 Z rtsol
90881 1 90848 0 Z syz-executor.2
88833 1 88822 0 Z syz-executor.3
90885 1 90866 0 Z syz-executor.1
90886 1 90852 0 Z syz-executor.0
88839 1 88826 0 Z syz-executor.2
88847 1 88840 0 Z syz-executor.0
86802 1 86445 0 Z syz-executor.0
90901 1 90887 0 Z syz-executor.3
85788 1 85641 0 Z syz-executor.1
90912 1 90891 0 Z syz-executor.2
90913 1 90895 0 Z syz-executor.1
88879 1 88848 0 Z syz-executor.3
86836 1 86122 0 Z syz-executor.3
86839 1 86119 0 Z syz-executor.2
88892 1 88880 0 Z syz-executor.0
88896 1 88851 0 Z syz-executor.2
85826 1 424 0 Z rtsol
85827 1 424 0 Z rtsol
85828 1 85828 0 Z rtsol
89925 1 89884 0 Z syz-executor.0
85829 1 85829 0 Z rtsol
85830 1 85830 0 Z rtsol
85839 1 85831 0 Z syz-executor.3
89942 1 89774 0 Z syz-executor.2
89947 1 89912 0 Z syz-executor.3
89951 1 89913 0 Z syz-executor.1
88954 1 424 0 Z rtsol
88955 1 424 0 Z rtsol
88956 1 88956 0 Z rtsol
88957 1 88957 0 Z rtsol
88958 1 88958 0 Z rtsol
91012 1 424 0 Z rtsol
91013 1 424 0 Z rtsol
91014 1 91014 0 Z rtsol
91015 1 91015 0 Z rtsol
91016 1 91016 0 Z rtsol
91022 1 90914 0 Z syz-executor.0
91028 1 90947 0 Z syz-executor.3
91033 1 90988 0 Z syz-executor.2
84889 1 84733 0 Z syz-executor.1
91036 1 90998 0 Z syz-executor.1
84892 1 84790 0 Z syz-executor.3
88989 1 88963 0 Z syz-executor.2
88991 1 88960 0 Z syz-executor.1
84895 1 84744 0 Z syz-executor.2
84897 1 84695 0 Z syz-executor.0
88994 1 88962 0 Z syz-executor.0
88997 1 88959 0 Z syz-executor.3
90023 1 424 0 Z rtsol
90024 1 424 0 Z rtsol
90025 1 90025 0 Z rtsol
91050 1 91038 0 Z syz-executor.0
90026 1 90026 0 Z rtsol
90027 1 90027 0 Z rtsol
87988 1 87760 0 Z syz-executor.0
90037 1 90028 0 Z syz-executor.0
87993 1 87572 0 Z syz-executor.2
85945 1 85846 0 Z syz-executor.1
89023 1 88999 0 Z syz-executor.2
85954 1 85841 0 Z syz-executor.0
91076 1 91048 0 Z syz-executor.1
91079 1 91043 0 Z syz-executor.3
91084 1 91046 0 Z syz-executor.2
90060 1 90038 0 Z syz-executor.3
85966 1 85912 0 Z syz-executor.3
89039 1 89000 0 Z syz-executor.1
90065 1 90034 0 Z syz-executor.2
90066 1 90039 0 Z syz-executor.1
89043 1 89002 0 Z syz-executor.0
85972 1 85840 0 Z syz-executor.2
89046 1 89004 0 Z syz-executor.3
90075 1 90067 0 Z syz-executor.0
90094 1 90076 0 Z syz-executor.3
87023 1 424 0 Z rtsol
87024 1 424 0 Z rtsol
84976 1 424 0 Z rtsol
90097 1 90080 0 Z syz-executor.1
84977 1 424 0 Z rtsol
87026 1 87026 0 Z rtsol
84978 1 84978 0 Z rtsol
87027 1 87027 0 Z rtsol
84979 1 84979 0 Z rtsol
84980 1 84980 0 Z rtsol
87029 1 87029 0 Z rtsol
90105 1 90078 0 Z syz-executor.2
db> show all locks
Process 91597 (ifconfig) thread 0xfffffe0070008000 (122851)
exclusive sleep mutex if_addr_lock (if_addr_lock) r = 0 (0xfffffe0073a711a0) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/in6.c:1444
Process 495 (syslogd) thread 0xfffffe0058bff000 (100102)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007e0d748) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_bio.c:4012
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0073b615b0) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_syscalls.c:3581
Process 4 (cam) thread 0xfffffe005715d000 (100044)
exclusive sleep mutex CAM device lock (CAM device lock) r = 0 (0xfffffe00571b7cd0) locked @ /syzkaller/managers/i386/kernel/sys/cam/scsi/scsi_da.c:4543
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
LRO 7858 7920K 14742
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4220
DEVFS1 3550 3550K 10449
routetbl 110332 3458K 423546
sysctloid 34865 2055K 34936
subproc 1084 1980K 93606
vtbuf 24 1968K 46
kobj 326 1304K 488
newblk 11 1027K 42204
vfscache 3 1025K 3
pcb 23 669K 12397
inodedep 117 556K 43581
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vmem 3 274K 7
vnet_data 2 224K 2
acpitask 1 224K 1
kdtrace 1158 209K 129825
umtx 1504 188K 1504
acpica 1674 184K 60830
tidhash 3 141K 3
pagedep 9 130K 42073
linker 352 130K 386
tfo_ccache 1 128K 1
IP reass 1 128K 1
sem 4 106K 4
filedesc 14 105K 119762
gtaskqueue 18 98K 18
ip6ndp 333 83K 7554
bus 985 81K 5155
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
plimit 255 64K 27475
session 338 43K 4816
temp 35 37K 224256
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 128 32K 3579
msg 4 30K 4
kqueue 436 30K 92254
kbdmux 6 28K 6
proc-args 457 25K 214755
DEVFS_RULE 56 20K 56
BPF 14 19K 8979
ufs_mount 4 17K 5
proc 3 17K 3
ifaddr 62 17K 31536
tty 16 16K 16
ithread 97 16K 97
bus-sc 34 15K 1687
ifnet 8 15K 3448
dirrem 56 14K 41651
eventhandler 161 14K 161
cred 53 14K 8311
KTRACE 100 13K 100
kenv 95 12K 95
freefile 83 11K 41610
GEOM 61 11K 481
rman 86 11K 451
CAM queue 5 11K 1528
pf_ifnet 30 10K 17224
lltable 31 9K 27888
bmsafemap 2 9K 42693
rpc 4 9K 4
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 1
shmfd 1 8K 598
pfs_vncache 1 8K 1
audit_evclass 238 8K 300
taskqueue 63 7K 63
sglist 6 7K 6
CAM DEV 3 6K 510
pfs_nodes 22 6K 22
ether_multi 65 6K 101124
hhook 15 5K 17
ufs_dirhash 24 5K 24
UMA 267 5K 267
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
in6_multi 28 4K 37089
acpisem 28 4K 28
pwddesc 50 4K 91606
DEVFSP 46 3K 61608
terminal 11 3K 11
kcovinfo 40 3K 44785
clone 9 3K 9
uidinfo 3 3K 104
lockf 20 3K 1316
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
savedino 7 2K 83677
Unitno 27 2K 14597
tun 7 2K 3448
CAM XPT 22 2K 543
msi 12 2K 12
mkdir 12 2K 82124
toponodes 6 2K 6
ipsecpolicy 2 2K 2
CC Mem 5 2K 2580
acpidev 20 2K 20
selfd 19 2K 907539
freework 5 2K 41271
softdep 1 1K 1
freeblks 4 1K 41258
sahead 1 1K 1
secasvar 1 1K 1
in_multi 4 1K 3491
vnodemarker 2 1K 5654
NFSD session 1 1K 1
sctp_ifa 7 1K 7217
select 7 1K 2866
CAM periph 4 1K 271
ipsec 3 1K 3
newdirblk 6 1K 41062
diradd 6 1K 41687
mld 6 1K 3447
igmp 6 1K 3447
nhops 6 1K 2918
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
crypto 4 1K 4
encap_export_host 12 1K 12
sctp_ifn 4 1K 7217
netlink 2 1K 17573
cdev 2 1K 2
lkpikmalloc 8 1K 9
osd 10 1K 2503
inpcbpolicy 13 1K 39696
chacha20random 1 1K 1
biobuf 1 1K 1
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
cryptodev 2 1K 9795
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
freefrag 1 1K 33
aio 4 1K 4
procdesc 1 1K 1660
pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
soname 4 1K 22216
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 3679
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
filecaps 1 1K 6965
mqdata 0 0K 0
tcp_pcm_rack 0 0K 79
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 158
filemon 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 864
sctp_iter 0 0K 12944
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 1974
sctp_atky 0 0K 1974
sctp_atcl 0 0K 1974
sctp_a_it 0 0K 12944
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2744
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
indirdep 0 0K 78
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 32
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 3244
namei_tracker 0 0K 178
export_host 0 0K 0
cl_savebuf 0 0K 10
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
iov 0 0K 541084
ioctlops 0 0K 16036
eventfd 0 0K 638
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 19590
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 75464941dc17 kldxref: Fix bootstrapping on macOS with Clan..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=168889a5180000
dashboard link: https://syzkaller.appspot.com/bug?extid=0a2b4d3c77871a63383b
userspace arch: i386
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0a2b4d...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x28
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff81a0b27c
stack pointer = 0x28:0xfffffe0075f1d680
frame pointer = 0x28:0xfffffe0075f1d770
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 91597 (ifconfig)
rdi: 0000000000000028 rsi: 0000000000000000 rdx: 0000000000000000
rcx: fffffe00033eee30 r8: 0000000000000000 r9: 0000000000000001
rax: fffffe00033eee30 rbx: fffffe00742b4480 rbp: fffffe0075f1d770
FreeBSD/amd64r10: 0000000000000007 r11: 0000000000000006 r12: 0000000000000028
(ci-freebsd-i38r13: fffffe0073a711b8 r14: fffffe0073a71000 r15: 0000000000000000
6-0.c.syzkaller.trap number = 12
panic: page fault
cpuid = 0
time = 1710623318
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0075f1cdb0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0075f1cf10
vpanic() at vpanic+0x26a/frame 0xfffffe0075f1d0d0
panic() at panic+0xb5/frame 0xfffffe0075f1d190
trap_fatal() at trap_fatal+0x7f1/frame 0xfffffe0075f1d2b0
trap_pfault() at trap_pfault+0x179/frame 0xfffffe0075f1d3d0
trap() at trap+0x5f3/frame 0xfffffe0075f1d5b0
calltrap() at calltrap+0x8/frame 0xfffffe0075f1d5b0
--- trap 0xc, rip = 0xffffffff81a0b27c, rsp = 0xfffffe0075f1d680, rbp = 0xfffffe0075f1d770 ---
in6_unlink_ifa() at in6_unlink_ifa+0xdc/frame 0xfffffe0075f1d770
in6_purgeaddr() at in6_purgeaddr+0x7db/frame 0xfffffe0075f1da70
in6_update_ifa() at in6_update_ifa+0x2340/frame 0xfffffe0075f1e0d0
in6_ifattach() at in6_ifattach+0xc69/frame 0xfffffe0075f1e4d0
in6_if_up() at in6_if_up+0x194/frame 0xfffffe0075f1e590
if_up() at if_up+0x14d/frame 0xfffffe0075f1e5d0
ifhwioctl() at ifhwioctl+0x1f04/frame 0xfffffe0075f1e890
ifioctl() at ifioctl+0xd5e/frame 0xfffffe0075f1ead0
kern_ioctl() at kern_ioctl+0x4c3/frame 0xfffffe0075f1ebb0
sys_ioctl() at sys_ioctl+0x367/frame 0xfffffe0075f1ed10
amd64_syscall() at amd64_syscall+0x473/frame 0xfffffe0075f1ef30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0075f1ef30
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x82268c2ca, rsp = 0x8207b8678, rbp = 0x8207b86d0 ---
KDB: enter: panic
[ thread pid 91597 tid 122851 ]
Stopped at kdb_enter+0x6e: movq $0,0x2191ce7(%rip)
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
rdx 0
rbx 0xffffffff82702500 .str.27
rsp 0xfffffe0075f1cef0
rbp 0xfffffe0075f1cf10
rsi 0
rdi 0xffffffff815e2839 printf+0x149
r8 0
r9 0xffffffff
r10 0x1
r11 0x1
r12 0xfffffe0070008000
r13 0xfffffffffffffffe
r14 0xffffffff82702500 .str.27
r15 0
rip 0xffffffff815cf32e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x2191ce7(%rip)
db> show proc
Process 91597 (ifconfig) at 0xfffffe00700245a0:
state: NORMAL
uid: 0 gids: 0
parent: pid 91557 at 0xfffffe0070025060
ABI: FreeBSD ELF64
flag: 0x10004000 flag2: 0
arguments: /sbin/ifconfig tap0 up
reaper: 0xfffffe00541de040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0073a1c000
(map 0xfffffe0073a1c000)
(map.pmap 0xfffffe0073a1c0c0)
(pmap 0xfffffe0073a1c130)
threads: 1
122851 Run CPU 0 ifconfig
db> ps
pid ppid pgrp uid state wmesg wchan cmd
91605 91573 91573 0 RV syz-executor.2
91604 91585 91585 0 R sh
91599 91587 91587 0 R sh
91597 91557 424 0 R CPU 0 ifconfig
91587 768 91587 0 Ss wait 0xfffffe0070073060 syz-executor.0
91585 768 91585 0 Ss wait 0xfffffe0070070ac0 syz-executor.3
91573 768 91573 0 Ds ppwait 0xfffffe0070071a80 syz-executor.2
91557 91550 424 0 S wait 0xfffffe0070025060 sh
91550 424 424 0 S wait 0xfffffe006dca0ae0 sh
819 0 0 0 DL aiordy 0xfffffe0073a05580 [aiod4]
818 0 0 0 DL aiordy 0xfffffe0073a05ae0 [aiod3]
817 0 0 0 DL aiordy 0xfffffe0073a06040 [aiod2]
816 0 0 0 DL aiordy 0xfffffe0073a065a0 [aiod1]
768 766 766 0 S (threaded) syz-fuzzer
100090 S uwait 0xfffffe0057676180 syz-fuzzer
100114 S uwait 0xfffffe0057aa5880 syz-fuzzer
100115 S uwait 0xfffffe0057aa5980 syz-fuzzer
100116 S uwait 0xfffffe0057aa5a80 syz-fuzzer
100117 S wait 0xfffffe0057be8b00 syz-fuzzer
100118 S uwait 0xfffffe0057aa5c80 syz-fuzzer
100119 S kqread 0xfffffe0054093e00 syz-fuzzer
100120 S uwait 0xfffffe0057aa5e80 syz-fuzzer
100121 S uwait 0xfffffe0057674880 syz-fuzzer
100123 S uwait 0xfffffe0057674980 syz-fuzzer
100124 S wait 0xfffffe0057be8b00 syz-fuzzer
100125 S uwait 0xfffffe0057674b80 syz-fuzzer
104950 S wait 0xfffffe0057be8b00 syz-fuzzer
766 764 766 0 Ss pause 0xfffffe00541debb0 csh
764 682 764 0 Ss select 0xfffffe00079846c0 sshd
748 1 748 0 Ss+ ttyin 0xfffffe00576934b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe00576904b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0057bff4b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00576908b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0057690cb0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0057bff8b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0057bffcb0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0007c000b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0007c004b0 getty
686 1 686 0 Ss nanslp 0xffffffff83742401 cron
682 1 682 0 Ss select 0xfffffe006cc56440 sshd
495 1 495 0 Ds biowr 0xfffffe0007e0d6c8 syslogd
424 1 424 0 Ss wait 0xfffffe006a308020 devd
423 1 423 65 Ss select 0xfffffe005874f340 dhclient
338 1 338 0 Ss select 0xfffffe0007984440 dhclient
335 1 335 0 Ss select 0xfffffe0007984c40 dhclient
17 0 0 0 DL syncer 0xffffffff8385fb20 [syncer]
16 0 0 0 DL vlruwt 0xfffffe00571bd060 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff8385e100 [bufdaemon]
100082 D - 0xffffffff82c0a140 [bufspacedaemon-0]
100094 D sdflush 0xfffffe005406e0e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff838a7600 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff8388f478 [dom0]
100080 D launds 0xffffffff8388f484 [laundry: dom0]
100081 D umarcl 0xffffffff81d69380 [uma]
7 0 0 0 DL - 0xffffffff834bfc30 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff84257ea0 [pf purge]
5 0 0 0 DL waiting 0xffffffff840995c0 [sctp_iterator]
4 0 0 0 RL (threaded) [cam]
100044 Run CPU 1 [doneq0]
100045 D - 0xffffffff8348a2c0 [async]
100076 D - 0xffffffff8348a140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff8388aca0 [crypto]
100042 D crypto_ 0xfffffe005710fe30 [crypto returns 0]
100043 D crypto_ 0xfffffe005710fe80 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe00085fc488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff836ead80 [g_event]
100036 D - 0xffffffff836eada0 [g_up]
100037 D - 0xffffffff836eadc0 [g_down]
2 0 0 0 WL (threaded) [clock]
100029 I [clock (0)]
100030 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100012 I [swi6: task queue]
100013 I [swi6: Giant taskq]
100015 I [swi5: fast taskq]
100031 I [swi1: netisr 0]
100032 I [swi1: hpts]
100033 I [swi1: hpts]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq33: virtio_pci2]
100060 I [irq34: virtio_pci2]
100061 I [irq35: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs nanslp 0xffffffff83742400 [init]
10 0 0 0 DL audit_w 0xffffffff8388b700 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff836eb760 [swapper]
100005 D - 0xfffffe005420e000 [softirq_0]
100006 D - 0xfffffe005420de00 [softirq_1]
100007 D - 0xfffffe005420dd00 [if_io_tqg_0]
100008 D - 0xfffffe005420dc00 [if_io_tqg_1]
100009 D - 0xfffffe005420db00 [if_config_tqg_0]
100010 D - 0xfffffe0007968200 [pci_hp taskq]
100011 D - 0xfffffe0007968100 [kqueue_ctx taskq]
100014 D - 0xfffffe0007967d00 [thread taskq]
100016 D - 0xfffffe0007967b00 [aiod_kick taskq]
100017 D - 0xfffffe0007967a00 [deferred_unmount ta]
100018 D - 0xfffffe0007967900 [inm_free taskq]
100019 D - 0xfffffe0007967800 [in6m_free taskq]
100020 D - 0xfffffe0007967700 [linuxkpi_irq_wq]
100021 D - 0xfffffe0007967600 [linuxkpi_short_wq_0]
100022 D - 0xfffffe0007967600 [linuxkpi_short_wq_1]
100023 D - 0xfffffe0007967600 [linuxkpi_short_wq_2]
100024 D - 0xfffffe0007967600 [linuxkpi_short_wq_3]
100025 D - 0xfffffe0007967500 [linuxkpi_long_wq_0]
100026 D - 0xfffffe0007967500 [linuxkpi_long_wq_1]
100027 D - 0xfffffe0007967500 [linuxkpi_long_wq_2]
100028 D - 0xfffffe0007967500 [linuxkpi_long_wq_3]
100034 D - 0xfffffe0007967200 [firmware taskq]
100039 D - 0xfffffe0007967000 [crypto_0]
100040 D - 0xfffffe0007967000 [crypto_1]
100055 D - 0xfffffe0007966d00 [vtnet0 rxq 0]
100056 D - 0xfffffe0007966c00 [vtnet0 txq 0]
100057 D - 0xfffffe0007966b00 [vtnet0 rxq 1]
100058 D - 0xfffffe0007966a00 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0007985b00 [virtio_balloon]
100066 D - 0xffffffff82707740 [deadlkres]
100070 D - 0xfffffe0057b2aa00 [acpi_task_0]
100071 D - 0xfffffe0057b2aa00 [acpi_task_1]
100072 D - 0xfffffe0057b2aa00 [acpi_task_2]
100074 D - 0xfffffe0007968300 [mca taskq]
100075 D - 0xfffffe0007966e00 [CAM taskq]
87048 1 86112 0 Z syz-executor.1
87052 1 86869 0 Z syz-executor.0
90128 1 90102 0 Z syz-executor.0
89114 1 424 0 Z rtsol
89115 1 424 0 Z rtsol
86043 1 85980 0 Z syz-executor.0
91164 1 91099 0 Z syz-executor.0
89116 1 89116 0 Z rtsol
91165 1 424 0 Z rtsol
89117 1 89117 0 Z rtsol
91166 1 424 0 Z rtsol
89118 1 89118 0 Z rtsol
91167 1 91167 0 Z rtsol
91168 1 91168 0 Z rtsol
91169 1 91169 0 Z rtsol
88098 1 424 0 Z dhclient
88099 1 424 0 Z dhclient
88101 1 88101 0 Z dhclient
86058 1 85979 0 Z syz-executor.1
89142 1 89119 0 Z syz-executor.2
91197 1 91170 0 Z syz-executor.1
89153 1 89130 0 Z syz-executor.0
85060 1 84982 0 Z syz-executor.3
89157 1 89128 0 Z syz-executor.1
89158 1 89131 0 Z syz-executor.3
85064 1 84981 0 Z syz-executor.1
86094 1 85988 0 Z syz-executor.2
85072 1 84985 0 Z syz-executor.0
85074 1 84984 0 Z syz-executor.2
91219 1 91171 0 Z syz-executor.3
86101 1 85987 0 Z syz-executor.3
91222 1 91173 0 Z syz-executor.2
90199 1 424 0 Z rtsol
90201 1 424 0 Z rtsol
86105 1 424 0 Z rtsol
86106 1 424 0 Z rtsol
90203 1 90203 0 Z rtsol
86107 1 86107 0 Z rtsol
90204 1 90204 0 Z rtsol
86108 1 86108 0 Z rtsol
90205 1 90205 0 Z rtsol
86109 1 86109 0 Z rtsol
91232 1 91200 0 Z syz-executor.0
90211 1 90164 0 Z syz-executor.3
89194 1 89159 0 Z syz-executor.2
90221 1 90174 0 Z syz-executor.1
89199 1 89162 0 Z syz-executor.0
89207 1 89166 0 Z syz-executor.1
88185 1 88185 0 Z dhclient
89211 1 89168 0 Z syz-executor.3
91261 1 91229 0 Z syz-executor.1
85118 1 85079 0 Z syz-executor.0
88197 1 88120 0 Z syz-executor.0
89223 1 424 0 Z dhclient
90248 1 90200 0 Z syz-executor.2
89224 1 424 0 Z dhclient
88200 1 87726 0 Z syz-executor.1
89225 1 89225 0 Z dhclient
85129 1 85077 0 Z syz-executor.1
91275 1 91231 0 Z syz-executor.3
90251 1 90216 0 Z syz-executor.0
91277 1 91233 0 Z syz-executor.2
90263 1 90253 0 Z syz-executor.3
90270 1 90257 0 Z syz-executor.1
89247 1 89226 0 Z syz-executor.2
89256 1 89233 0 Z syz-executor.3
89259 1 89228 0 Z syz-executor.0
89262 1 89231 0 Z syz-executor.1
85167 1 85082 0 Z syz-executor.2
85169 1 85076 0 Z syz-executor.3
90296 1 90269 0 Z syz-executor.0
90306 1 90268 0 Z syz-executor.2
89282 1 89263 0 Z syz-executor.2
90317 1 424 0 Z dhclient
91342 1 424 0 Z rtsol
90318 1 424 0 Z dhclient
91343 1 424 0 Z rtsol
91344 1 91344 0 Z rtsol
90320 1 90320 0 Z dhclient
89296 1 89267 0 Z syz-executor.3
91345 1 91345 0 Z rtsol
91346 1 91346 0 Z rtsol
89298 1 89270 0 Z syz-executor.1
89299 1 89269 0 Z syz-executor.0
90327 1 90304 0 Z syz-executor.3
85209 1 424 0 Z rtsol
85210 1 424 0 Z rtsol
85211 1 85211 0 Z rtsol
85212 1 85212 0 Z rtsol
90333 1 90322 0 Z syz-executor.1
85213 1 85213 0 Z rtsol
91369 1 91348 0 Z syz-executor.1
90346 1 90346 0 Z dhclient
89322 1 89300 0 Z syz-executor.2
91371 1 91282 0 Z syz-executor.0
90351 1 90334 0 Z syz-executor.0
91376 1 91358 0 Z syz-executor.2
91379 1 91355 0 Z syz-executor.3
89331 1 89307 0 Z syz-executor.0
89332 1 89304 0 Z syz-executor.1
89334 1 89302 0 Z syz-executor.3
90363 1 90337 0 Z syz-executor.2
85247 1 85214 0 Z syz-executor.0
89345 1 89335 0 Z syz-executor.2
85252 1 85225 0 Z syz-executor.2
90384 1 90359 0 Z syz-executor.1
90392 1 90353 0 Z syz-executor.3
89369 1 89344 0 Z syz-executor.1
85273 1 85215 0 Z syz-executor.1
85275 1 85233 0 Z syz-executor.3
89373 1 89342 0 Z syz-executor.3
90400 1 424 0 Z dhclient
89376 1 89340 0 Z syz-executor.0
90401 1 424 0 Z dhclient
90403 1 90403 0 Z dhclient
89384 1 89377 0 Z syz-executor.2
90409 1 90388 0 Z syz-executor.0
87344 1 424 0 Z dhclient
90417 1 90407 0 Z syz-executor.2
87345 1 424 0 Z dhclient
87346 1 87158 0 Z syz-executor.1
87347 1 87347 0 Z dhclient
91447 1 91381 0 Z syz-executor.1
88375 1 88335 0 Z syz-executor.0
90426 1 90418 0 Z syz-executor.1
88378 1 88336 0 Z syz-executor.1
87355 1 87355 0 Z dhclient
89409 1 89385 0 Z syz-executor.1
90437 1 90424 0 Z syz-executor.3
89414 1 89386 0 Z syz-executor.3
89418 1 89387 0 Z syz-executor.0
89419 1 89404 0 Z syz-executor.2
91469 1 91387 0 Z syz-executor.2
90448 1 90432 0 Z syz-executor.0
91473 1 424 0 Z dhclient
91474 1 424 0 Z dhclient
91476 1 91476 0 Z dhclient
90453 1 90439 0 Z syz-executor.2
91478 1 91391 0 Z syz-executor.3
89431 1 89431 0 Z dhclient
91482 1 91482 0 Z dhclient
91483 1 91384 0 Z syz-executor.0
90461 1 90454 0 Z syz-executor.1
90470 1 90462 0 Z syz-executor.3
89447 1 89420 0 Z syz-executor.1
91496 1 424 0 Z dhclient
91497 1 424 0 Z dhclient
91498 1 91498 0 Z dhclient
89451 1 89430 0 Z syz-executor.2
88429 1 88126 0 Z syz-executor.2
88436 1 87741 0 Z syz-executor.3
89464 1 89423 0 Z syz-executor.3
90489 1 90471 0 Z syz-executor.0
90492 1 90472 0 Z syz-executor.2
91517 1 91499 0 Z syz-executor.1
91518 1 91518 0 Z dhclient
90497 1 90484 0 Z syz-executor.1
90506 1 90498 0 Z syz-executor.3
91535 1 91504 0 Z syz-executor.2
91539 1 91508 0 Z syz-executor.3
91545 1 91510 0 Z syz-executor.0
90522 1 90507 0 Z syz-executor.0
90533 1 90511 0 Z syz-executor.1
90536 1 90508 0 Z syz-executor.2
85417 1 424 0 Z rtsol
85418 1 424 0 Z rtsol
85421 1 85421 0 Z rtsol
90542 1 90542 0 Z dhclient
85422 1 85422 0 Z rtsol
90544 1 90526 0 Z syz-executor.3
85424 1 85424 0 Z rtsol
88497 1 424 0 Z rtsol
88498 1 424 0 Z rtsol
88499 1 88499 0 Z rtsol
88500 1 88500 0 Z rtsol
88501 1 88501 0 Z rtsol
86460 1 424 0 Z dhclient
86462 1 424 0 Z dhclient
90560 1 424 0 Z dhclient
90561 1 424 0 Z dhclient
90562 1 90562 0 Z dhclient
88515 1 88502 0 Z syz-executor.0
86471 1 86471 0 Z dhclient
91594 1 91546 0 Z syz-executor.1
87498 1 87012 0 Z syz-executor.2
88523 1 88504 0 Z syz-executor.1
90575 1 90563 0 Z syz-executor.0
86482 1 86482 0 Z dhclient
89558 1 424 0 Z rtsol
89559 1 424 0 Z rtsol
90584 1 90584 0 Z dhclient
89560 1 89560 0 Z rtsol
89562 1 89562 0 Z rtsol
88539 1 88517 0 Z syz-executor.2
89564 1 89564 0 Z rtsol
90593 1 90569 0 Z syz-executor.1
90605 1 90571 0 Z syz-executor.2
90609 1 90576 0 Z syz-executor.3
88564 1 88518 0 Z syz-executor.3
87540 1 87520 0 Z syz-executor.1
88573 1 88565 0 Z syz-executor.0
84486 1 84486 0 Z rtsol
84487 1 84487 0 Z rtsol
84488 1 84488 0 Z rtsol
88591 1 88574 0 Z syz-executor.1
88597 1 88577 0 Z syz-executor.2
87582 1 87582 65 Z dhclient
89633 1 89600 0 Z syz-executor.2
85540 1 85285 0 Z syz-executor.2
84516 1 84489 0 Z syz-executor.3
89638 1 89596 0 Z syz-executor.1
85542 1 85288 0 Z syz-executor.1
84518 1 84491 0 Z syz-executor.0
87591 1 424 0 Z dhclient
87592 1 424 0 Z dhclient
89641 1 89608 0 Z syz-executor.3
87593 1 87593 0 Z dhclient
90666 1 424 0 Z rtsol
90667 1 424 0 Z rtsol
89643 1 89617 0 Z syz-executor.0
90668 1 90668 0 Z rtsol
87596 1 87596 0 Z dhclient
90669 1 90669 0 Z rtsol
90670 1 90670 0 Z rtsol
88629 1 88583 0 Z syz-executor.3
87607 1 87011 0 Z syz-executor.3
90682 1 90649 0 Z syz-executor.0
85567 1 85282 0 Z syz-executor.0
85568 1 85289 0 Z syz-executor.3
90693 1 90680 0 Z syz-executor.1
90707 1 90685 0 Z syz-executor.2
87635 1 87171 0 Z syz-executor.0
89684 1 89651 0 Z syz-executor.0
90709 1 90690 0 Z syz-executor.3
85589 1 85569 0 Z syz-executor.2
84569 1 84502 0 Z syz-executor.2
84571 1 84515 0 Z syz-executor.1
90718 1 90710 0 Z syz-executor.0
89694 1 89647 0 Z syz-executor.1
89695 1 89650 0 Z syz-executor.3
89697 1 89645 0 Z syz-executor.2
85602 1 85574 0 Z syz-executor.3
85604 1 85570 0 Z syz-executor.1
90732 1 90719 0 Z syz-executor.1
85632 1 424 0 Z dhclient
88705 1 424 0 Z rtsol
85633 1 424 0 Z dhclient
88706 1 424 0 Z rtsol
85634 1 85634 0 Z dhclient
88707 1 88707 0 Z rtsol
88709 1 88709 0 Z rtsol
88710 1 88710 0 Z rtsol
84614 1 84572 0 Z syz-executor.3
84617 1 84574 0 Z syz-executor.0
88726 1 88665 0 Z syz-executor.1
85659 1 85659 0 Z dhclient
88733 1 88609 0 Z syz-executor.0
90783 1 90733 0 Z syz-executor.2
84639 1 84611 0 Z syz-executor.1
89760 1 424 0 Z rtsol
89761 1 424 0 Z rtsol
89762 1 89762 0 Z rtsol
89763 1 89763 0 Z rtsol
84643 1 84609 0 Z syz-executor.2
89764 1 89764 0 Z rtsol
90791 1 90749 0 Z syz-executor.0
85672 1 85639 0 Z syz-executor.3
89783 1 89765 0 Z syz-executor.0
87736 1 424 0 Z rtsol
87737 1 424 0 Z rtsol
87738 1 87738 0 Z rtsol
87739 1 87739 0 Z rtsol
87740 1 87740 0 Z rtsol
89802 1 89777 0 Z syz-executor.3
89804 1 89767 0 Z syz-executor.1
88782 1 424 0 Z dhclient
88783 1 424 0 Z dhclient
88784 1 88784 0 Z dhclient
88787 1 88787 0 Z dhclient
90841 1 90789 0 Z syz-executor.1
90842 1 424 0 Z rtsol
90843 1 424 0 Z rtsol
90844 1 90844 0 Z rtsol
90845 1 90845 0 Z rtsol
90846 1 90846 0 Z rtsol
88799 1 88735 0 Z syz-executor.1
88804 1 88711 0 Z syz-executor.2
90864 1 90847 0 Z syz-executor.3
88816 1 424 0 Z dhclient
88817 1 424 0 Z dhclient
88818 1 88818 0 Z dhclient
85747 1 85635 0 Z syz-executor.2
88821 1 88821 0 Z dhclient
84725 1 424 0 Z rtsol
84726 1 424 0 Z rtsol
84727 1 84727 0 Z rtsol
85752 1 85705 0 Z syz-executor.0
84728 1 84728 0 Z rtsol
84729 1 84729 0 Z rtsol
90881 1 90848 0 Z syz-executor.2
88833 1 88822 0 Z syz-executor.3
90885 1 90866 0 Z syz-executor.1
90886 1 90852 0 Z syz-executor.0
88839 1 88826 0 Z syz-executor.2
88847 1 88840 0 Z syz-executor.0
86802 1 86445 0 Z syz-executor.0
90901 1 90887 0 Z syz-executor.3
85788 1 85641 0 Z syz-executor.1
90912 1 90891 0 Z syz-executor.2
90913 1 90895 0 Z syz-executor.1
88879 1 88848 0 Z syz-executor.3
86836 1 86122 0 Z syz-executor.3
86839 1 86119 0 Z syz-executor.2
88892 1 88880 0 Z syz-executor.0
88896 1 88851 0 Z syz-executor.2
85826 1 424 0 Z rtsol
85827 1 424 0 Z rtsol
85828 1 85828 0 Z rtsol
89925 1 89884 0 Z syz-executor.0
85829 1 85829 0 Z rtsol
85830 1 85830 0 Z rtsol
85839 1 85831 0 Z syz-executor.3
89942 1 89774 0 Z syz-executor.2
89947 1 89912 0 Z syz-executor.3
89951 1 89913 0 Z syz-executor.1
88954 1 424 0 Z rtsol
88955 1 424 0 Z rtsol
88956 1 88956 0 Z rtsol
88957 1 88957 0 Z rtsol
88958 1 88958 0 Z rtsol
91012 1 424 0 Z rtsol
91013 1 424 0 Z rtsol
91014 1 91014 0 Z rtsol
91015 1 91015 0 Z rtsol
91016 1 91016 0 Z rtsol
91022 1 90914 0 Z syz-executor.0
91028 1 90947 0 Z syz-executor.3
91033 1 90988 0 Z syz-executor.2
84889 1 84733 0 Z syz-executor.1
91036 1 90998 0 Z syz-executor.1
84892 1 84790 0 Z syz-executor.3
88989 1 88963 0 Z syz-executor.2
88991 1 88960 0 Z syz-executor.1
84895 1 84744 0 Z syz-executor.2
84897 1 84695 0 Z syz-executor.0
88994 1 88962 0 Z syz-executor.0
88997 1 88959 0 Z syz-executor.3
90023 1 424 0 Z rtsol
90024 1 424 0 Z rtsol
90025 1 90025 0 Z rtsol
91050 1 91038 0 Z syz-executor.0
90026 1 90026 0 Z rtsol
90027 1 90027 0 Z rtsol
87988 1 87760 0 Z syz-executor.0
90037 1 90028 0 Z syz-executor.0
87993 1 87572 0 Z syz-executor.2
85945 1 85846 0 Z syz-executor.1
89023 1 88999 0 Z syz-executor.2
85954 1 85841 0 Z syz-executor.0
91076 1 91048 0 Z syz-executor.1
91079 1 91043 0 Z syz-executor.3
91084 1 91046 0 Z syz-executor.2
90060 1 90038 0 Z syz-executor.3
85966 1 85912 0 Z syz-executor.3
89039 1 89000 0 Z syz-executor.1
90065 1 90034 0 Z syz-executor.2
90066 1 90039 0 Z syz-executor.1
89043 1 89002 0 Z syz-executor.0
85972 1 85840 0 Z syz-executor.2
89046 1 89004 0 Z syz-executor.3
90075 1 90067 0 Z syz-executor.0
90094 1 90076 0 Z syz-executor.3
87023 1 424 0 Z rtsol
87024 1 424 0 Z rtsol
84976 1 424 0 Z rtsol
90097 1 90080 0 Z syz-executor.1
84977 1 424 0 Z rtsol
87026 1 87026 0 Z rtsol
84978 1 84978 0 Z rtsol
87027 1 87027 0 Z rtsol
84979 1 84979 0 Z rtsol
84980 1 84980 0 Z rtsol
87029 1 87029 0 Z rtsol
90105 1 90078 0 Z syz-executor.2
db> show all locks
Process 91597 (ifconfig) thread 0xfffffe0070008000 (122851)
exclusive sleep mutex if_addr_lock (if_addr_lock) r = 0 (0xfffffe0073a711a0) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/in6.c:1444
Process 495 (syslogd) thread 0xfffffe0058bff000 (100102)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007e0d748) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_bio.c:4012
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0073b615b0) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_syscalls.c:3581
Process 4 (cam) thread 0xfffffe005715d000 (100044)
exclusive sleep mutex CAM device lock (CAM device lock) r = 0 (0xfffffe00571b7cd0) locked @ /syzkaller/managers/i386/kernel/sys/cam/scsi/scsi_da.c:4543
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
LRO 7858 7920K 14742
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4220
DEVFS1 3550 3550K 10449
routetbl 110332 3458K 423546
sysctloid 34865 2055K 34936
subproc 1084 1980K 93606
vtbuf 24 1968K 46
kobj 326 1304K 488
newblk 11 1027K 42204
vfscache 3 1025K 3
pcb 23 669K 12397
inodedep 117 556K 43581
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vmem 3 274K 7
vnet_data 2 224K 2
acpitask 1 224K 1
kdtrace 1158 209K 129825
umtx 1504 188K 1504
acpica 1674 184K 60830
tidhash 3 141K 3
pagedep 9 130K 42073
linker 352 130K 386
tfo_ccache 1 128K 1
IP reass 1 128K 1
sem 4 106K 4
filedesc 14 105K 119762
gtaskqueue 18 98K 18
ip6ndp 333 83K 7554
bus 985 81K 5155
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
plimit 255 64K 27475
session 338 43K 4816
temp 35 37K 224256
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 128 32K 3579
msg 4 30K 4
kqueue 436 30K 92254
kbdmux 6 28K 6
proc-args 457 25K 214755
DEVFS_RULE 56 20K 56
BPF 14 19K 8979
ufs_mount 4 17K 5
proc 3 17K 3
ifaddr 62 17K 31536
tty 16 16K 16
ithread 97 16K 97
bus-sc 34 15K 1687
ifnet 8 15K 3448
dirrem 56 14K 41651
eventhandler 161 14K 161
cred 53 14K 8311
KTRACE 100 13K 100
kenv 95 12K 95
freefile 83 11K 41610
GEOM 61 11K 481
rman 86 11K 451
CAM queue 5 11K 1528
pf_ifnet 30 10K 17224
lltable 31 9K 27888
bmsafemap 2 9K 42693
rpc 4 9K 4
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 1
shmfd 1 8K 598
pfs_vncache 1 8K 1
audit_evclass 238 8K 300
taskqueue 63 7K 63
sglist 6 7K 6
CAM DEV 3 6K 510
pfs_nodes 22 6K 22
ether_multi 65 6K 101124
hhook 15 5K 17
ufs_dirhash 24 5K 24
UMA 267 5K 267
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
in6_multi 28 4K 37089
acpisem 28 4K 28
pwddesc 50 4K 91606
DEVFSP 46 3K 61608
terminal 11 3K 11
kcovinfo 40 3K 44785
clone 9 3K 9
uidinfo 3 3K 104
lockf 20 3K 1316
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
savedino 7 2K 83677
Unitno 27 2K 14597
tun 7 2K 3448
CAM XPT 22 2K 543
msi 12 2K 12
mkdir 12 2K 82124
toponodes 6 2K 6
ipsecpolicy 2 2K 2
CC Mem 5 2K 2580
acpidev 20 2K 20
selfd 19 2K 907539
freework 5 2K 41271
softdep 1 1K 1
freeblks 4 1K 41258
sahead 1 1K 1
secasvar 1 1K 1
in_multi 4 1K 3491
vnodemarker 2 1K 5654
NFSD session 1 1K 1
sctp_ifa 7 1K 7217
select 7 1K 2866
CAM periph 4 1K 271
ipsec 3 1K 3
newdirblk 6 1K 41062
diradd 6 1K 41687
mld 6 1K 3447
igmp 6 1K 3447
nhops 6 1K 2918
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
crypto 4 1K 4
encap_export_host 12 1K 12
sctp_ifn 4 1K 7217
netlink 2 1K 17573
cdev 2 1K 2
lkpikmalloc 8 1K 9
osd 10 1K 2503
inpcbpolicy 13 1K 39696
chacha20random 1 1K 1
biobuf 1 1K 1
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
cryptodev 2 1K 9795
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
freefrag 1 1K 33
aio 4 1K 4
procdesc 1 1K 1660
pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
soname 4 1K 22216
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 3679
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
filecaps 1 1K 6965
mqdata 0 0K 0
tcp_pcm_rack 0 0K 79
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 158
filemon 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 864
sctp_iter 0 0K 12944
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 1974
sctp_atky 0 0K 1974
sctp_atcl 0 0K 1974
sctp_a_it 0 0K 12944
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2744
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
indirdep 0 0K 78
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 32
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 3244
namei_tracker 0 0K 178
export_host 0 0K 0
cl_savebuf 0 0K 10
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
iov 0 0K 541084
ioctlops 0 0K 16036
eventfd 0 0K 638
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 19590
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages