panic: mtx_lock() of spin mutex (null) @ /syzkaller/managers/i386/kernel/sys/modules/tcp/rack/../../../netinet/tcp_stack
0 views
Skip to first unread message
syzbot
Jan 5, 2021, 1:45:17 PM1/5/21
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 225afb6c Improve readability of the options list
git tree: https://github.com/freebsd/freebsd-src.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=138364c7500000
dashboard link: https://syzkaller.appspot.com/bug?extid=03158b32b90fc8ed499e
userspace arch: i386
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+03158b...@syzkaller.appspotmail.com
panic: mtx_lock() of spin mutex (null) @ /syzkaller/managers/i386/kernel/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:12282
cpuid = 0
time = 2000000015
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe005170f5c0
vpanic() at vpanic+0x1c7/frame 0xfffffe005170f620
panic() at panic+0x43/frame 0xfffffe005170f680
__mtx_lock_flags() at __mtx_lock_flags+0x202/frame 0xfffffe005170f6e0
rack_output() at rack_output+0x2764/frame 0xfffffe005170f9c0
tcp_hpts_thread() at tcp_hpts_thread+0xe34/frame 0xfffffe005170fb10
ithread_loop() at ithread_loop+0x33f/frame 0xfffffe005170fbb0
fork_exit() at fork_exit+0xb3/frame 0xfffffe005170fbf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe005170fbf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100076 ]
Stopped at kdb_enter+0x67: movq $0,0x1452086(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0
rax 0x12
rcx 0xffffffff81116360 vprintf+0x140
rdx 0x1
rbx 0
rsp 0xfffffe005170f5a0
rbp 0xfffffe005170f5c0
rsi 0
rdi 0xffffffff81116396 vprintf+0x176
r8 0
r9 0xffffffff
r10 0x74b420a
r11 0xa62a688c
r12 0xffffffff82067600 ddb_dbbe
r13 0
r14 0xffffffff819ab4c9
r15 0xffffffff819ab4c9
rip 0xffffffff8110a6f7 kdb_enter+0x67
rflags 0x86
kdb_enter+0x67: movq $0,0x1452086(%rip)
db> show proc
Process 12 (intr) at 0xfffff8000446ca50:
state: NORMAL
uid: 0 gids: 0
parent: pid 0 at 0xffffffff8250fcf0
ABI: null
flag: 0x10000284 flag2: 0
reaper: 0xffffffff8250fcf0 reapsubtree: 12
sigparent: 20
vmspace: 0xffffffff82510940
(map 0xffffffff82510940)
(map.pmap 0xffffffff82510a00)
(pmap 0xffffffff82510a60)
threads: 23
100011 I [swi6: Giant taskq]
100014 I [swi5: fast taskq]
100017 I [swi6: task queue]
100020 I [swi3: vm]
100021 I [swi4: clock (0)]
100022 I [swi4: clock (1)]
100023 I [swi1: netisr 0]
100035 I [irq24: virtio_pci0]
100036 I [irq25: virtio_pci0]
100037 I [irq26: virtio_pci0]
100038 I [irq27: virtio_pci0]
100039 I [irq28: virtio_pci1]
100040 I [irq29: virtio_pci1]
100041 I [irq30: virtio_pci1]
100042 I [irq31: virtio_pci1]
100043 I [irq32: virtio_pci1]
100048 I [irq10: virtio_pci2]
100050 I [irq1: atkbd0]
100051 I [irq12: psm0]
100052 I [swi0: uart uart++]
100060 I [swi1: pf send]
100076 Run CPU 0 [swi1: hpts]
100077 Run CPU 1 [swi1: hpts]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
35959 21582 21582 0 R syz-executor.0
35957 777 777 0 R (threaded) syz-executor.1
100091 RunQ syz-executor.1
155452 S select 0xfffff800163a6ac0 syz-executor.1
35954 21631 21631 0 R (threaded) syz-executor.3
155432 RunQ syz-executor.3
155448 S connec 0xfffff8003ecb0bf0 syz-executor.3
22848 1 22848 65 Ss select 0xfffff80016d850c0 dhclient
22205 1 22205 0 Ss select 0xfffff8000434a140 dhclient
22202 1 22202 0 Ss select 0xfffff800163a6cc0 dhclient
22191 1 22191 65 Ss select 0xfffff800163a6740 dhclient
21631 774 21631 0 Rs syz-executor.3
21606 1 21606 0 Ss select 0xfffff80016d85340 dhclient
21602 1 21602 0 Ss select 0xfffff80016bff640 dhclient
21582 774 21582 0 Rs syz-executor.0
3012 1 3012 65 Ss select 0xfffff8000434a240 dhclient
2406 1 2406 0 Ss select 0xfffff80016e280c0 dhclient
2403 1 2403 0 Ss select 0xfffff80016e28040 dhclient
2384 1 2384 65 Ss select 0xfffff80016e28340 dhclient
1764 1 1764 0 Ss select 0xfffff80016bff840 dhclient
1761 1 1761 0 Ss select 0xfffff80016e11bc0 dhclient
808 774 808 0 Rs syz-executor.2
777 774 777 0 Rs syz-executor.1
774 772 772 0 R (threaded) syz-fuzzer
100107 RunQ syz-fuzzer
100108 RunQ syz-fuzzer
100109 S uwait 0xfffff8001638e500 syz-fuzzer
100110 S uwait 0xfffff8001638e600 syz-fuzzer
100111 S uwait 0xfffff8001638e400 syz-fuzzer
100112 S uwait 0xfffff8001638e700 syz-fuzzer
100113 S uwait 0xfffff8001638e800 syz-fuzzer
100114 S uwait 0xfffff800167f7e80 syz-fuzzer
100735 RunQ syz-fuzzer
772 770 772 0 Ss pause 0xfffff80004e31b00 csh
770 694 770 0 Rs sshd
754 1 754 0 Ss+ ttyin 0xfffff800048e10b0 getty
753 1 753 0 Ss+ ttyin 0xfffff80004c134b0 getty
752 1 752 0 Ss+ ttyin 0xfffff80004c13cb0 getty
751 1 751 0 Ss+ ttyin 0xfffff80004c164b0 getty
750 1 750 0 Ss+ ttyin 0xfffff80004c16cb0 getty
749 1 749 0 Ss+ ttyin 0xfffff80004c1b4b0 getty
748 1 748 0 Ss+ ttyin 0xfffff80004c1bcb0 getty
747 1 747 0 Ss+ ttyin 0xfffff80004aea4b0 getty
746 1 746 0 Ss+ ttyin 0xfffff80004aeacb0 getty
698 1 698 0 Ss nanslp 0xffffffff8252fee1 cron
694 1 694 0 Ss select 0xfffff800163a6b40 sshd
507 1 507 0 Ss select 0xfffff8000434a0c0 syslogd
436 1 436 0 Ss select 0xfffff8000434a8c0 devd
435 1 435 65 Ss select 0xfffff8000434a540 dhclient
350 1 350 0 Ss select 0xfffff8000434a740 dhclient
347 1 347 0 Ss select 0xfffff8000434ab40 dhclient
23 0 0 0 DL syncer 0xffffffff8261f2b8 [syncer]
22 0 0 0 DL vlruwt 0xfffff80004bbd528 [vnlru]
21 0 0 0 DL (threaded) [bufdaemon]
100070 D qsleep 0xffffffff8261e3a0 [bufdaemon]
100075 D - 0xffffffff8200ac80 [bufspacedaemon-0]
100087 D sdflush 0xfffff800048ed0e8 [/ worker]
20 0 0 0 DL psleep 0xffffffff82645888 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100068 D psleep 0xffffffff82639cf8 [dom0]
100071 D launds 0xffffffff82639d04 [laundry: dom0]
100072 D umarcl 0xffffffff81524430 [uma]
18 0 0 0 DL - 0xffffffff823642d8 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff82e28818 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff82c63390 [pf purge]
15 0 0 0 DL - 0xffffffff8261b95c [soaiod4]
9 0 0 0 DL - 0xffffffff8261b95c [soaiod3]
8 0 0 0 DL - 0xffffffff8261b95c [soaiod2]
7 0 0 0 DL - 0xffffffff8261b95c [soaiod1]
6 0 0 0 DL (threaded) [cam]
100034 D - 0xffffffff8223c040 [doneq0]
100067 D - 0xffffffff8223bf10 [scanner]
5 0 0 0 DL crypto_ 0xfffff80004532d90 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff80004532d30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff82637210 [crypto]
14 0 0 0 DL seqstat 0xfffff800044a8c88 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100025 D - 0xffffffff8250f760 [g_event]
100026 D - 0xffffffff8250f768 [g_up]
100027 D - 0xffffffff8250f770 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100018 D - 0xfffff8000446aa00 [thr_0]
100019 D - 0xfffff8000446aa80 [thr_1]
12 0 0 0 RL (threaded) [intr]
100011 I [swi6: Giant taskq]
100014 I [swi5: fast taskq]
100017 I [swi6: task queue]
100020 I [swi3: vm]
100021 I [swi4: clock (0)]
100022 I [swi4: clock (1)]
100023 I [swi1: netisr 0]
100035 I [irq24: virtio_pci0]
100036 I [irq25: virtio_pci0]
100037 I [irq26: virtio_pci0]
100038 I [irq27: virtio_pci0]
100039 I [irq28: virtio_pci1]
100040 I [irq29: virtio_pci1]
100041 I [irq30: virtio_pci1]
100042 I [irq31: virtio_pci1]
100043 I [irq32: virtio_pci1]
100048 I [irq10: virtio_pci2]
100050 I [irq1: atkbd0]
100051 I [irq12: psm0]
100052 I [swi0: uart uart++]
100060 I [swi1: pf send]
100076 Run CPU 0 [swi1: hpts]
100077 Run CPU 1 [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff8000448c528 [init]
10 0 0 0 DL audit_w 0xffffffff82637730 [audit]
0 0 0 0 RLs (threaded) [kernel]
100000 D swapin 0xffffffff8250fcf0 [swapper]
100005 D - 0xfffff8000446fe00 [if_io_tqg_0]
100006 D - 0xfffff8000446fd00 [if_io_tqg_1]
100007 D - 0xfffff8000446fc00 [if_config_tqg_0]
100008 RunQ [softirq_0]
100009 D - 0xfffff8000446fa00 [softirq_1]
100010 D - 0xfffff8000446f900 [inm_free taskq]
100012 D - 0xfffff8000446f700 [thread taskq]
100013 D - 0xfffff8000446f600 [aiod_kick taskq]
100015 D - 0xfffff8000446f400 [kqueue_ctx taskq]
100016 D - 0xfffff8000446f300 [in6m_free taskq]
100024 D - 0xfffff8000446f100 [firmware taskq]
100029 D - 0xfffff80004531e00 [crypto_0]
100030 D - 0xfffff80004531e00 [crypto_1]
100044 D - 0xfffff8000468e100 [vtnet0 rxq 0]
100045 D - 0xfffff8000468e000 [vtnet0 txq 0]
100046 D - 0xfffff800048f2e00 [vtnet0 rxq 1]
100047 D - 0xfffff800048f2d00 [vtnet0 txq 1]
100049 D vtbslp 0xfffff800048f1300 [virtio_balloon]
100053 D - 0xfffff800048cde00 [mca taskq]
100058 D - 0xffffffff81d53f61 [deadlkres]
100063 D - 0xfffff800048cdb00 [acpi_task_0]
100064 D - 0xfffff800048cdb00 [acpi_task_1]
100065 D - 0xfffff800048cdb00 [acpi_task_2]
100066 D - 0xfffff80004531c00 [CAM taskq]
db> show all locks
Process 770 (sshd) thread 0xfffffe0088746700 (100088)
exclusive sleep mutex vtnet0-tx0 (vtnet0-tx0) r = 0 (0xfffff800048f5e00) locked @ /syzkaller/managers/i386/kernel/sys/dev/virtio/network/if_vtnet.c:2468
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8001629ab90) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_usrreq.c:984
exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffff80004edf9e0) locked @ /syzkaller/managers/i386/kernel/sys/kern/uipc_sockbuf.c:467
Process 12 (intr) thread 0xfffffe0051c5d700 (100076)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8003eea3208) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_hpts.c:1536
Process 12 (intr) thread 0xfffffe0051c5d000 (100077)
exclusive sleep mutex tcp_hpts_lck (hpts) r = 0 (0xfffff80004bd1c00) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_hpts.c:1662
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4216 4339K 4244
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 30512 1790K 30577
kobj 334 1336K 492
pcb 625 1198K 62262
newblk 9 1026K 67838
vfscache 3 1025K 3
inodedep 16 518K 54813
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
sctp_stro 299 510K 12910
intr 4 472K 4
subproc 144 279K 36065
sctp_atcl 604 227K 42901
acpica 1674 184K 58033
vnet_data 1 168K 1
tidhash 3 141K 3
pagedep 12 131K 75421
tfo_ccache 1 128K 1
filedesc 16 121K 69420
sem 4 106K 4
DEVFS1 105 105K 122
linker 275 100K 329
BPF 46 88K 94
bus 986 80K 3353
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 508 64K 508
umtx 342 43K 342
kdtrace 209 41K 91414
sctp_atky 908 39K 58227
temp 35 33K 7619
hostcache 1 32K 1
shm 1 32K 104
DEVFS3 124 31K 134
msg 4 30K 4
vmem 3 26K 6
gtaskqueue 18 26K 18
ifaddr 85 26K 101
kbdmux 6 22K 6
DEVFS_RULE 56 20K 56
ufs_mount 5 17K 6
proc 3 17K 3
sctp_timw 64 16K 64
tty 16 16K 16
lltable 50 16K 990
ithread 99 16K 99
bus-sc 31 14K 1593
ether_multi 162 13K 371
KTRACE 100 13K 100
ifnet 7 13K 7
ksem 10 12K 671
kenv 92 12K 92
eventhandler 129 11K 129
GEOM 60 10K 486
rman 82 10K 423
sctp_athm 604 10K 44447
in6_multi 77 10K 164
sctp_map 598 10K 25354
pf_ifnet 27 9K 786
bmsafemap 3 9K 39587
cred 34 9K 966
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 20
pfs_vncache 1 8K 1
pfs_nodes 20 8K 20
audit_evclass 236 8K 294
kqueue 64 7K 36432
sglist 5 7K 5
CAM DEV 3 6K 510
plimit 24 6K 982
pf_osfp 47 6K 47
CAM queue 5 6K 1528
taskqueue 48 6K 48
DEVFSP 78 5K 220
ufs_dirhash 24 5K 24
session 35 5K 85
pgrp 35 5K 155
UMA 260 5K 260
vt 11 5K 11
sctp_stri 8 4K 4005
memdesc 1 4K 1
MCA 32 4K 32
kcovinfo 64 4K 187
evdev 4 4K 4
pwddesc 62 4K 35960
routetbl 22 4K 2888
lockf 33 4K 8441
hhook 13 4K 13
selfd 50 4K 468317
dirrem 12 3K 37628
sctp_ifa 23 3K 37
proc-args 52 3K 994
terminal 11 3K 11
acpisem 22 3K 22
select 20 3K 1603
uidinfo 3 3K 166
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 28
CAM XPT 22 2K 543
Unitno 26 2K 58
freefile 12 2K 37562
in_multi 6 2K 29
ipsecpolicy 2 2K 2
acpidev 20 2K 20
msi 9 2K 9
clone 9 2K 9
tun 7 2K 7
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 972
NFSD session 1 1K 1
CAM periph 4 1K 271
inpcbpolicy 25 1K 14941
sctp_ifn 6 1K 37
sctp_aadr 12 1K 851
ipsec 3 1K 3
mld 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
freework 3 1K 49501
mkdir 5 1K 69842
diradd 5 1K 37700
encap_export_host 12 1K 12
procdesc 5 1K 30
crypto 3 1K 3
newdirblk 4 1K 34921
freeblks 2 1K 37138
pfil 4 1K 4
CAM SIM 2 1K 2
cdev 2 1K 2
chacha20random 1 1K 1
ip_msource 5 1K 18
osd 3 1K 10
vnodes 1 1K 253
ktls 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
frag6 2 1K 9
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
soname 5 1K 34111
pmchooks 1 1K 1
nexusdev 5 1K 5
filecaps 5 1K 241
sctp_vrf 1 1K 1
entropy 2 1K 64
vnet 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
mqdata 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 20496
sctp_iter 0 0K 148
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 120
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 38
pf_table 0 0K 714
pf_rule 0 0K 562
pf_altq 0 0K 0
pf_temp 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
pvscsi 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
USB 0 0K 0
xen_intr 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
twsbuf 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 208
vm_fictitious 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
UMAHash 0 0K 0
CAM CCB 0 0K 156662
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 114653
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 479
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 216
allocindir 0 0K 0
indirdep 0 0K 17167
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 412
ip6_msource 0 0K 0
ip6_moptions 0 0K 10
in6_mfilter 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
LRO 0 0K 0
newreno data 0 0K 0
ip_moptions 0 0K 60
in_mfilter 0 0K 85
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
VN POLL 0 0K 17
statfs 0 0K 35320
namei_tracker 0 0K 758
export_host 0 0K 0
cl_savebuf 0 0K 195
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MVS driver 0 0K 0
mbuf_tag 0 0K 777
accf 0 0K 0
pts 0 0K 0
iov 0 0K 38558
ioctlops 0 0K 1977
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
sbuf 0 0K 288
mps_user 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
MPSSAS 0 0K 0
SWAP 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
sysctltmp 0 0K 977
sysctl 0 0K 1
MPRSAS 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 274
rctl 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 30
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
aacbuf 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
zstd 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_cluster 2048 9728 2 9728 0 254 19927040 0
mbuf 256 922 36188 4353215 0 254 9500160 0
tcp_log 416 0 20007 587197 0 254 8322912 0
mbuf_jumbo_page 4096 68 1345 40006 0 254 5787648 0
RADIX NODE 144 11396 9433 1529922 0 65 2999376 0
mbuf_packet 256 8340 1260 1337520 0 254 2457600 0
pbuf 2632 0 762 0 0 2 2005584 0
BUF TRIE 144 235 13233 133405 0 62 1939392 0
malloc-384 384 4169 41 4495 0 30 1616640 0
sctp_asoc 2288 298 347 12672 0 254 1475760 0
malloc-4096 4096 335 4 834 0 2 1388544 0
malloc-128 128 10325 91 14854 0 126 1333248 0
sctp_chunk 152 212 7432 86123 0 254 1161888 0
256 Bucket 2048 411 17 18531 0 8 876544 0
UMA Slabs 0 112 7642 23 7642 0 126 858480 0
sctp_ep 1280 298 347 27200 0 254 825600 0
tcp_bbr_map 128 0 6169 916433 0 126 789632 0
FFS inode 1128 551 30 38401 0 8 655368 0
malloc-2048 2048 299 21 27920 0 8 655360 0
sctp_raddr 736 333 415 20578 0 254 550528 0
VM OBJECT 264 1495 140 530297 0 30 431640 0
malloc-65536 65536 6 0 6 0 1 393216 0
socket 944 46 310 51038 0 254 336064 0
VNODE 488 588 92 38440 0 30 331840 0
malloc-1024 1024 302 18 12598 0 16 327680 0
malloc-4096 4096 69 9 35979 0 2 319488 0
THREAD 1792 146 25 55453 0 8 306432 0
malloc-384 384 657 93 100124 0 30 288000 0
malloc-65536 65536 1 3 581 0 1 262144 0
malloc-32768 32768 0 8 15677 0 1 262144 0
malloc-64 64 3604 239 8498 0 254 245952 0
malloc-16384 16384 9 5 34712 0 1 229376 0
malloc-256 256 213 657 108803 0 62 222720 0
128 Bucket 1024 176 39 22637 0 16 220160 0
DEVCTL 1024 0 212 142 0 0 217088 0
malloc-16 16 12840 410 14070 0 254 212000 0
malloc-128 128 1281 362 135076 0 126 210304 0
MAP ENTRY 96 1629 429 2066987 0 126 197568 0
malloc-32768 32768 1 5 73 0 1 196608 0
malloc-2048 2048 12 76 158529 0 8 180224 0
UMA Zones 768 232 2 232 0 16 179712 0
FFS2 dinode 256 551 139 38400 0 62 176640 0
malloc-32 32 4818 96 5819 0 254 157248 0
tcp_inpcb 488 26 286 10625 0 254 152256 0
malloc-128 128 1053 125 6832 0 126 150784 0
S VFS Cache 104 1032 372 39708 0 126 146016 0
malloc-1024 1024 130 6 147 0 16 139264 0
malloc-65536 65536 0 2 2 0 1 131072 0
malloc-65536 65536 0 2 525 0 1 131072 0
VMSPACE 2544 39 12 35950 0 4 129744 0
tcpcb 1048 11 110 10625 0 254 126808 0
clpbuf 2632 0 48 145 0 16 126336 0
vmem btag 56 2144 76 2144 0 254 124320 0
g_bio 408 0 300 623791 0 30 122400 0
ksiginfo 112 66 978 2392 0 126 116928 0
malloc-4096 4096 23 4 89 0 2 110592 0
malloc-256 256 357 63 28182 0 62 107520 0
PROC 1320 61 20 35959 0 8 106920 0
malloc-256 256 273 132 97098 0 62 103680 0
malloc-16384 16384 3 3 13 0 1 98304 0
malloc-4096 4096 18 5 51 0 2 94208 0
filedesc0 1072 62 22 35960 0 8 90048 0
UMA Kegs 384 218 5 218 0 30 85632 0
64 Bucket 512 86 66 21734 0 30 77824 0
malloc-8192 8192 5 4 41 0 1 73728 0
malloc-8192 8192 8 1 99 0 1 73728 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 0 1 124 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 1 1 127 0 1 65536 0
malloc-64 64 445 563 89602 0 254 64512 0
malloc-256 256 42 198 38557 0 62 61440 0
malloc-384 384 134 6 173 0 30 53760 0
32 Bucket 256 72 138 20193 0 62 53760 0
malloc-16384 16384 1 2 5 0 1 49152 0
malloc-8192 8192 0 6 22 0 1 49152 0
malloc-8192 8192 5 1 7 0 1 49152 0
malloc-256 256 30 150 125238 0 62 46080 0
pipe 744 23 37 3038 0 16 44640 0
malloc-64 64 158 535 492745 0 254 44352 0
malloc-64 64 574 119 1850 0 254 44352 0
malloc-128 128 85 256 35638 0 126 43648 0
unpcb 256 21 144 8698 0 254 42240 0
DIRHASH 1024 34 6 34 0 16 40960 0
pcpu-8 8 4504 616 15319 0 254 40960 0
malloc-64 64 88 542 36816 0 254 40320 0
Files 80 235 265 112817 0 126 40000 0
malloc-128 128 46 264 40037 0 126 39680 0
malloc-256 256 81 69 3687 0 62 38400 0
tcp_bbr_pcb 832 0 45 2530 0 16 37440 0
NAMEI 1024 0 36 176999 0 16 36864 0
malloc-512 512 8 64 3973 0 30 36864 0
sctp_laddr 48 418 338 7050 0 254 36288 0
udplite_inpcb 488 2 70 2482 0 254 35136 0
malloc-256 256 2 133 114756 0 62 34560 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-8192 8192 1 3 11 0 1 32768 0
pcpu-64 64 456 56 456 0 254 32768 0
tcp_rack_pcb 704 2 42 421 0 16 30976 0
malloc-4096 4096 2 5 35906 0 2 28672 0
malloc-1024 1024 6 22 2211 0 16 28672 0
malloc-32 32 613 269 41541 0 254 28224 0
16 Bucket 144 69 127 2632 0 62 28224 0
4 Bucket 48 7 581 1068 0 254 28224 0
KNOTE 160 27 148 382086 0 62 28000 0
8 Bucket 80 50 300 14341 0 126 28000 0
TURNSTILE 136 172 17 172 0 62 25704 0
malloc-2048 2048 4 8 29 0 8 24576 0
sctp_stream_msg_out 112 160 56 3320 0 254 24192 0
PWD 32 20 736 34828 0 254 24192 0
malloc-64 64 212 166 7684 0 254 24192 0
ttyinq 160 135 15 300 0 62 24000 0
ttyoutq 256 72 18 160 0 62 23040 0
malloc-1024 1024 9 11 61 0 16 20480 0
malloc-512 512 2 38 724 0 30 20480 0
malloc-32 32 105 525 52021 0 254 20160 0
2 Bucket 32 80 550 9648 0 254 20160 0
vtnet_tx_hdr 24 1 834 2708211 0 254 20040 0
malloc-128 128 37 118 1619 0 126 19840 0
malloc-128 128 113 42 511 0 126 19840 0
SLEEPQUEUE 88 172 52 172 0 126 19712 0
ripcb 488 7 33 899 0 254 19520 0
itimer 352 0 55 136 0 30 19360 0
Mountpoints 2752 2 5 2 0 4 19264 0
malloc-256 256 57 18 3520 0 62 19200 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 0 1 153 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 0 2 18 0 1 16384 0
malloc-4096 4096 0 4 13 0 2 16384 0
malloc-1024 1024 11 5 13 0 16 16384 0
malloc-512 512 4 28 974 0 30 16384 0
malloc-64 64 203 49 433 0 254 16128 0
malloc-32 32 326 178 19237 0 254 16128 0
malloc-16 16 650 350 41936 0 254 16000 0
malloc-16 16 609 391 44878 0 254 16000 0
udp_inpcb 488 2 30 935 0 254 15616 0
malloc-4096 4096 0 3 5 0 2 12288 0
malloc-2048 2048 4 2 1252 0 8 12288 0
malloc-2048 2048 3 3 9 0 8 12288 0
malloc-1024 1024 8 4 305 0 16 12288 0
malloc-512 512 11 13 23 0 30 12288 0
rtentry 176 31 38 68 0 62 12144 0
malloc-64 64 60 129 583 0 254 12096 0
sctp_readq 152 1 77 1558 0 254 11856 0
routing nhops 256 26 19 73 0 62 11520 0
malloc-384 384 20 10 328 0 30 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 0 2 5 0 2 8192 0
malloc-2048 2048 2 2 193 0 8 8192 0
malloc-1024 1024 0 8 222 0 16 8192 0
malloc-1024 1024 1 7 500 0 16 8192 0
malloc-512 512 0 16 14 0 30 8192 0
malloc-512 512 0 16 5 0 30 8192 0
malloc-512 512 8 8 70 0 30 8192 0
tcptw 88 0 92 8 0 254 8096 0
rl_entry 40 88 114 6685 0 254 8080 0
sctp_asconf_ack 48 0 168 124 0 254 8064 0
syncache 168 0 48 14 0 254 8064 0
udpcb 32 4 248 3417 0 254 8064 0
ipq 56 0 144 2 0 254 8064 0
malloc-32 32 29 223 298 0 254 8064 0
malloc-32 32 68 184 1848 0 254 8064 0
malloc-32 32 37 215 427 0 254 8064 0
malloc-32 32 32 220 898 0 254 8064 0
malloc-16 16 25 475 8159 0 254 8000 0
malloc-16 16 25 475 177 0 254 8000 0
malloc-16 16 285 215 26612 0 254 8000 0
malloc-16 16 11 489 14855 0 254 8000 0
malloc-128 128 18 44 383 0 126 7936 0
tcp_rack_map 120 4 62 412 0 126 7920 0
kenv 258 3 27 1059 0 30 7740 0
L VFS Cache 320 0 24 2 0 30 7680 0
malloc-384 384 0 20 90 0 30 7680 0
malloc-384 384 0 20 34 0 30 7680 0
malloc-384 384 2 18 10 0 30 7680 0
malloc-384 384 1 19 31 0 30 7680 0
FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 7 55 37 0 126 6448 0
domainset 40 0 126 24 0 254 5040 0
epoch_record pcpu 256 4 12 4 0 62 4096 0
malloc-2048 2048 0 2 36 0 8 4096 0
malloc-2048 2048 2 0 2 0 8 4096 0
malloc-512 512 4 4 50 0 30 4096 0
pcpu-16 16 7 249 7 0 254 4096 0
tcp_log_bucket 176 0 23 6 0 62 4048 0
hostcache 96 1 41 1 0 254 4032 0
malloc-16 16 0 250 6 0 254 4000 0
tcp_log_node 120 0 33 8 0 126 3960 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
mqnode 416 3 6 3 0 30 3744 0
KMAP ENTRY 96 12 27 12 0 0 3744 0
vmem 1856 1 1 1 0 8 3712 0
SMR CPU 32 2 29 2 0 254 992 0
SMR SHARED 24 2 29 2 0 254 744 0
FFS1 dinode 128 0 0 0 0 126 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf 40 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 296 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 48 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIOP 32 0 0 0 0 254 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 224 0 0 0 0 62 0 0
NCLNODE 592 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
crypto_session 72 0 0 0 0 126 0 0
cryptop 280 0 0 0 0 30 0 0
IOMMU_MAP_ENTRY 120 0 0 0 0 126 0 0
ktls_session 192 0 0 0 0 62 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2632 0 0 0 0 64 0 0
mdpbuf 2632 0 0 0 0 3 0 0
nfspbuf 2632 0 0 0 0 16 0 0
swwbuf 2632 0 0 0 0 8 0 0
swrbuf 2632 0 0 0 0 16 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 225afb6c Improve readability of the options list
git tree: https://github.com/freebsd/freebsd-src.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=138364c7500000
dashboard link: https://syzkaller.appspot.com/bug?extid=03158b32b90fc8ed499e
userspace arch: i386
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+03158b...@syzkaller.appspotmail.com
panic: mtx_lock() of spin mutex (null) @ /syzkaller/managers/i386/kernel/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:12282
cpuid = 0
time = 2000000015
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe005170f5c0
vpanic() at vpanic+0x1c7/frame 0xfffffe005170f620
panic() at panic+0x43/frame 0xfffffe005170f680
__mtx_lock_flags() at __mtx_lock_flags+0x202/frame 0xfffffe005170f6e0
rack_output() at rack_output+0x2764/frame 0xfffffe005170f9c0
tcp_hpts_thread() at tcp_hpts_thread+0xe34/frame 0xfffffe005170fb10
ithread_loop() at ithread_loop+0x33f/frame 0xfffffe005170fbb0
fork_exit() at fork_exit+0xb3/frame 0xfffffe005170fbf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe005170fbf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100076 ]
Stopped at kdb_enter+0x67: movq $0,0x1452086(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0
rax 0x12
rcx 0xffffffff81116360 vprintf+0x140
rdx 0x1
rbx 0
rsp 0xfffffe005170f5a0
rbp 0xfffffe005170f5c0
rsi 0
rdi 0xffffffff81116396 vprintf+0x176
r8 0
r9 0xffffffff
r10 0x74b420a
r11 0xa62a688c
r12 0xffffffff82067600 ddb_dbbe
r13 0
r14 0xffffffff819ab4c9
r15 0xffffffff819ab4c9
rip 0xffffffff8110a6f7 kdb_enter+0x67
rflags 0x86
kdb_enter+0x67: movq $0,0x1452086(%rip)
db> show proc
Process 12 (intr) at 0xfffff8000446ca50:
state: NORMAL
uid: 0 gids: 0
parent: pid 0 at 0xffffffff8250fcf0
ABI: null
flag: 0x10000284 flag2: 0
reaper: 0xffffffff8250fcf0 reapsubtree: 12
sigparent: 20
vmspace: 0xffffffff82510940
(map 0xffffffff82510940)
(map.pmap 0xffffffff82510a00)
(pmap 0xffffffff82510a60)
threads: 23
100011 I [swi6: Giant taskq]
100014 I [swi5: fast taskq]
100017 I [swi6: task queue]
100020 I [swi3: vm]
100021 I [swi4: clock (0)]
100022 I [swi4: clock (1)]
100023 I [swi1: netisr 0]
100035 I [irq24: virtio_pci0]
100036 I [irq25: virtio_pci0]
100037 I [irq26: virtio_pci0]
100038 I [irq27: virtio_pci0]
100039 I [irq28: virtio_pci1]
100040 I [irq29: virtio_pci1]
100041 I [irq30: virtio_pci1]
100042 I [irq31: virtio_pci1]
100043 I [irq32: virtio_pci1]
100048 I [irq10: virtio_pci2]
100050 I [irq1: atkbd0]
100051 I [irq12: psm0]
100052 I [swi0: uart uart++]
100060 I [swi1: pf send]
100076 Run CPU 0 [swi1: hpts]
100077 Run CPU 1 [swi1: hpts]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
35959 21582 21582 0 R syz-executor.0
35957 777 777 0 R (threaded) syz-executor.1
100091 RunQ syz-executor.1
155452 S select 0xfffff800163a6ac0 syz-executor.1
35954 21631 21631 0 R (threaded) syz-executor.3
155432 RunQ syz-executor.3
155448 S connec 0xfffff8003ecb0bf0 syz-executor.3
22848 1 22848 65 Ss select 0xfffff80016d850c0 dhclient
22205 1 22205 0 Ss select 0xfffff8000434a140 dhclient
22202 1 22202 0 Ss select 0xfffff800163a6cc0 dhclient
22191 1 22191 65 Ss select 0xfffff800163a6740 dhclient
21631 774 21631 0 Rs syz-executor.3
21606 1 21606 0 Ss select 0xfffff80016d85340 dhclient
21602 1 21602 0 Ss select 0xfffff80016bff640 dhclient
21582 774 21582 0 Rs syz-executor.0
3012 1 3012 65 Ss select 0xfffff8000434a240 dhclient
2406 1 2406 0 Ss select 0xfffff80016e280c0 dhclient
2403 1 2403 0 Ss select 0xfffff80016e28040 dhclient
2384 1 2384 65 Ss select 0xfffff80016e28340 dhclient
1764 1 1764 0 Ss select 0xfffff80016bff840 dhclient
1761 1 1761 0 Ss select 0xfffff80016e11bc0 dhclient
808 774 808 0 Rs syz-executor.2
777 774 777 0 Rs syz-executor.1
774 772 772 0 R (threaded) syz-fuzzer
100107 RunQ syz-fuzzer
100108 RunQ syz-fuzzer
100109 S uwait 0xfffff8001638e500 syz-fuzzer
100110 S uwait 0xfffff8001638e600 syz-fuzzer
100111 S uwait 0xfffff8001638e400 syz-fuzzer
100112 S uwait 0xfffff8001638e700 syz-fuzzer
100113 S uwait 0xfffff8001638e800 syz-fuzzer
100114 S uwait 0xfffff800167f7e80 syz-fuzzer
100735 RunQ syz-fuzzer
772 770 772 0 Ss pause 0xfffff80004e31b00 csh
770 694 770 0 Rs sshd
754 1 754 0 Ss+ ttyin 0xfffff800048e10b0 getty
753 1 753 0 Ss+ ttyin 0xfffff80004c134b0 getty
752 1 752 0 Ss+ ttyin 0xfffff80004c13cb0 getty
751 1 751 0 Ss+ ttyin 0xfffff80004c164b0 getty
750 1 750 0 Ss+ ttyin 0xfffff80004c16cb0 getty
749 1 749 0 Ss+ ttyin 0xfffff80004c1b4b0 getty
748 1 748 0 Ss+ ttyin 0xfffff80004c1bcb0 getty
747 1 747 0 Ss+ ttyin 0xfffff80004aea4b0 getty
746 1 746 0 Ss+ ttyin 0xfffff80004aeacb0 getty
698 1 698 0 Ss nanslp 0xffffffff8252fee1 cron
694 1 694 0 Ss select 0xfffff800163a6b40 sshd
507 1 507 0 Ss select 0xfffff8000434a0c0 syslogd
436 1 436 0 Ss select 0xfffff8000434a8c0 devd
435 1 435 65 Ss select 0xfffff8000434a540 dhclient
350 1 350 0 Ss select 0xfffff8000434a740 dhclient
347 1 347 0 Ss select 0xfffff8000434ab40 dhclient
23 0 0 0 DL syncer 0xffffffff8261f2b8 [syncer]
22 0 0 0 DL vlruwt 0xfffff80004bbd528 [vnlru]
21 0 0 0 DL (threaded) [bufdaemon]
100070 D qsleep 0xffffffff8261e3a0 [bufdaemon]
100075 D - 0xffffffff8200ac80 [bufspacedaemon-0]
100087 D sdflush 0xfffff800048ed0e8 [/ worker]
20 0 0 0 DL psleep 0xffffffff82645888 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100068 D psleep 0xffffffff82639cf8 [dom0]
100071 D launds 0xffffffff82639d04 [laundry: dom0]
100072 D umarcl 0xffffffff81524430 [uma]
18 0 0 0 DL - 0xffffffff823642d8 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff82e28818 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff82c63390 [pf purge]
15 0 0 0 DL - 0xffffffff8261b95c [soaiod4]
9 0 0 0 DL - 0xffffffff8261b95c [soaiod3]
8 0 0 0 DL - 0xffffffff8261b95c [soaiod2]
7 0 0 0 DL - 0xffffffff8261b95c [soaiod1]
6 0 0 0 DL (threaded) [cam]
100034 D - 0xffffffff8223c040 [doneq0]
100067 D - 0xffffffff8223bf10 [scanner]
5 0 0 0 DL crypto_ 0xfffff80004532d90 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff80004532d30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff82637210 [crypto]
14 0 0 0 DL seqstat 0xfffff800044a8c88 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100025 D - 0xffffffff8250f760 [g_event]
100026 D - 0xffffffff8250f768 [g_up]
100027 D - 0xffffffff8250f770 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100018 D - 0xfffff8000446aa00 [thr_0]
100019 D - 0xfffff8000446aa80 [thr_1]
12 0 0 0 RL (threaded) [intr]
100011 I [swi6: Giant taskq]
100014 I [swi5: fast taskq]
100017 I [swi6: task queue]
100020 I [swi3: vm]
100021 I [swi4: clock (0)]
100022 I [swi4: clock (1)]
100023 I [swi1: netisr 0]
100035 I [irq24: virtio_pci0]
100036 I [irq25: virtio_pci0]
100037 I [irq26: virtio_pci0]
100038 I [irq27: virtio_pci0]
100039 I [irq28: virtio_pci1]
100040 I [irq29: virtio_pci1]
100041 I [irq30: virtio_pci1]
100042 I [irq31: virtio_pci1]
100043 I [irq32: virtio_pci1]
100048 I [irq10: virtio_pci2]
100050 I [irq1: atkbd0]
100051 I [irq12: psm0]
100052 I [swi0: uart uart++]
100060 I [swi1: pf send]
100076 Run CPU 0 [swi1: hpts]
100077 Run CPU 1 [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff8000448c528 [init]
10 0 0 0 DL audit_w 0xffffffff82637730 [audit]
0 0 0 0 RLs (threaded) [kernel]
100000 D swapin 0xffffffff8250fcf0 [swapper]
100005 D - 0xfffff8000446fe00 [if_io_tqg_0]
100006 D - 0xfffff8000446fd00 [if_io_tqg_1]
100007 D - 0xfffff8000446fc00 [if_config_tqg_0]
100008 RunQ [softirq_0]
100009 D - 0xfffff8000446fa00 [softirq_1]
100010 D - 0xfffff8000446f900 [inm_free taskq]
100012 D - 0xfffff8000446f700 [thread taskq]
100013 D - 0xfffff8000446f600 [aiod_kick taskq]
100015 D - 0xfffff8000446f400 [kqueue_ctx taskq]
100016 D - 0xfffff8000446f300 [in6m_free taskq]
100024 D - 0xfffff8000446f100 [firmware taskq]
100029 D - 0xfffff80004531e00 [crypto_0]
100030 D - 0xfffff80004531e00 [crypto_1]
100044 D - 0xfffff8000468e100 [vtnet0 rxq 0]
100045 D - 0xfffff8000468e000 [vtnet0 txq 0]
100046 D - 0xfffff800048f2e00 [vtnet0 rxq 1]
100047 D - 0xfffff800048f2d00 [vtnet0 txq 1]
100049 D vtbslp 0xfffff800048f1300 [virtio_balloon]
100053 D - 0xfffff800048cde00 [mca taskq]
100058 D - 0xffffffff81d53f61 [deadlkres]
100063 D - 0xfffff800048cdb00 [acpi_task_0]
100064 D - 0xfffff800048cdb00 [acpi_task_1]
100065 D - 0xfffff800048cdb00 [acpi_task_2]
100066 D - 0xfffff80004531c00 [CAM taskq]
db> show all locks
Process 770 (sshd) thread 0xfffffe0088746700 (100088)
exclusive sleep mutex vtnet0-tx0 (vtnet0-tx0) r = 0 (0xfffff800048f5e00) locked @ /syzkaller/managers/i386/kernel/sys/dev/virtio/network/if_vtnet.c:2468
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8001629ab90) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_usrreq.c:984
exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffff80004edf9e0) locked @ /syzkaller/managers/i386/kernel/sys/kern/uipc_sockbuf.c:467
Process 12 (intr) thread 0xfffffe0051c5d700 (100076)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8003eea3208) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_hpts.c:1536
Process 12 (intr) thread 0xfffffe0051c5d000 (100077)
exclusive sleep mutex tcp_hpts_lck (hpts) r = 0 (0xfffff80004bd1c00) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_hpts.c:1662
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4216 4339K 4244
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 30512 1790K 30577
kobj 334 1336K 492
pcb 625 1198K 62262
newblk 9 1026K 67838
vfscache 3 1025K 3
inodedep 16 518K 54813
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
sctp_stro 299 510K 12910
intr 4 472K 4
subproc 144 279K 36065
sctp_atcl 604 227K 42901
acpica 1674 184K 58033
vnet_data 1 168K 1
tidhash 3 141K 3
pagedep 12 131K 75421
tfo_ccache 1 128K 1
filedesc 16 121K 69420
sem 4 106K 4
DEVFS1 105 105K 122
linker 275 100K 329
BPF 46 88K 94
bus 986 80K 3353
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 508 64K 508
umtx 342 43K 342
kdtrace 209 41K 91414
sctp_atky 908 39K 58227
temp 35 33K 7619
hostcache 1 32K 1
shm 1 32K 104
DEVFS3 124 31K 134
msg 4 30K 4
vmem 3 26K 6
gtaskqueue 18 26K 18
ifaddr 85 26K 101
kbdmux 6 22K 6
DEVFS_RULE 56 20K 56
ufs_mount 5 17K 6
proc 3 17K 3
sctp_timw 64 16K 64
tty 16 16K 16
lltable 50 16K 990
ithread 99 16K 99
bus-sc 31 14K 1593
ether_multi 162 13K 371
KTRACE 100 13K 100
ifnet 7 13K 7
ksem 10 12K 671
kenv 92 12K 92
eventhandler 129 11K 129
GEOM 60 10K 486
rman 82 10K 423
sctp_athm 604 10K 44447
in6_multi 77 10K 164
sctp_map 598 10K 25354
pf_ifnet 27 9K 786
bmsafemap 3 9K 39587
cred 34 9K 966
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 20
pfs_vncache 1 8K 1
pfs_nodes 20 8K 20
audit_evclass 236 8K 294
kqueue 64 7K 36432
sglist 5 7K 5
CAM DEV 3 6K 510
plimit 24 6K 982
pf_osfp 47 6K 47
CAM queue 5 6K 1528
taskqueue 48 6K 48
DEVFSP 78 5K 220
ufs_dirhash 24 5K 24
session 35 5K 85
pgrp 35 5K 155
UMA 260 5K 260
vt 11 5K 11
sctp_stri 8 4K 4005
memdesc 1 4K 1
MCA 32 4K 32
kcovinfo 64 4K 187
evdev 4 4K 4
pwddesc 62 4K 35960
routetbl 22 4K 2888
lockf 33 4K 8441
hhook 13 4K 13
selfd 50 4K 468317
dirrem 12 3K 37628
sctp_ifa 23 3K 37
proc-args 52 3K 994
terminal 11 3K 11
acpisem 22 3K 22
select 20 3K 1603
uidinfo 3 3K 166
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 28
CAM XPT 22 2K 543
Unitno 26 2K 58
freefile 12 2K 37562
in_multi 6 2K 29
ipsecpolicy 2 2K 2
acpidev 20 2K 20
msi 9 2K 9
clone 9 2K 9
tun 7 2K 7
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 972
NFSD session 1 1K 1
CAM periph 4 1K 271
inpcbpolicy 25 1K 14941
sctp_ifn 6 1K 37
sctp_aadr 12 1K 851
ipsec 3 1K 3
mld 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
freework 3 1K 49501
mkdir 5 1K 69842
diradd 5 1K 37700
encap_export_host 12 1K 12
procdesc 5 1K 30
crypto 3 1K 3
newdirblk 4 1K 34921
freeblks 2 1K 37138
pfil 4 1K 4
CAM SIM 2 1K 2
cdev 2 1K 2
chacha20random 1 1K 1
ip_msource 5 1K 18
osd 3 1K 10
vnodes 1 1K 253
ktls 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
frag6 2 1K 9
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
soname 5 1K 34111
pmchooks 1 1K 1
nexusdev 5 1K 5
filecaps 5 1K 241
sctp_vrf 1 1K 1
entropy 2 1K 64
vnet 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
mqdata 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 20496
sctp_iter 0 0K 148
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 120
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 38
pf_table 0 0K 714
pf_rule 0 0K 562
pf_altq 0 0K 0
pf_temp 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
pvscsi 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
USB 0 0K 0
xen_intr 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
twsbuf 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 208
vm_fictitious 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
UMAHash 0 0K 0
CAM CCB 0 0K 156662
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 114653
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 479
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 216
allocindir 0 0K 0
indirdep 0 0K 17167
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 412
ip6_msource 0 0K 0
ip6_moptions 0 0K 10
in6_mfilter 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
LRO 0 0K 0
newreno data 0 0K 0
ip_moptions 0 0K 60
in_mfilter 0 0K 85
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
VN POLL 0 0K 17
statfs 0 0K 35320
namei_tracker 0 0K 758
export_host 0 0K 0
cl_savebuf 0 0K 195
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MVS driver 0 0K 0
mbuf_tag 0 0K 777
accf 0 0K 0
pts 0 0K 0
iov 0 0K 38558
ioctlops 0 0K 1977
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
sbuf 0 0K 288
mps_user 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
MPSSAS 0 0K 0
SWAP 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
sysctltmp 0 0K 977
sysctl 0 0K 1
MPRSAS 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 274
rctl 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 30
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
aacbuf 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
zstd 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_cluster 2048 9728 2 9728 0 254 19927040 0
mbuf 256 922 36188 4353215 0 254 9500160 0
tcp_log 416 0 20007 587197 0 254 8322912 0
mbuf_jumbo_page 4096 68 1345 40006 0 254 5787648 0
RADIX NODE 144 11396 9433 1529922 0 65 2999376 0
mbuf_packet 256 8340 1260 1337520 0 254 2457600 0
pbuf 2632 0 762 0 0 2 2005584 0
BUF TRIE 144 235 13233 133405 0 62 1939392 0
malloc-384 384 4169 41 4495 0 30 1616640 0
sctp_asoc 2288 298 347 12672 0 254 1475760 0
malloc-4096 4096 335 4 834 0 2 1388544 0
malloc-128 128 10325 91 14854 0 126 1333248 0
sctp_chunk 152 212 7432 86123 0 254 1161888 0
256 Bucket 2048 411 17 18531 0 8 876544 0
UMA Slabs 0 112 7642 23 7642 0 126 858480 0
sctp_ep 1280 298 347 27200 0 254 825600 0
tcp_bbr_map 128 0 6169 916433 0 126 789632 0
FFS inode 1128 551 30 38401 0 8 655368 0
malloc-2048 2048 299 21 27920 0 8 655360 0
sctp_raddr 736 333 415 20578 0 254 550528 0
VM OBJECT 264 1495 140 530297 0 30 431640 0
malloc-65536 65536 6 0 6 0 1 393216 0
socket 944 46 310 51038 0 254 336064 0
VNODE 488 588 92 38440 0 30 331840 0
malloc-1024 1024 302 18 12598 0 16 327680 0
malloc-4096 4096 69 9 35979 0 2 319488 0
THREAD 1792 146 25 55453 0 8 306432 0
malloc-384 384 657 93 100124 0 30 288000 0
malloc-65536 65536 1 3 581 0 1 262144 0
malloc-32768 32768 0 8 15677 0 1 262144 0
malloc-64 64 3604 239 8498 0 254 245952 0
malloc-16384 16384 9 5 34712 0 1 229376 0
malloc-256 256 213 657 108803 0 62 222720 0
128 Bucket 1024 176 39 22637 0 16 220160 0
DEVCTL 1024 0 212 142 0 0 217088 0
malloc-16 16 12840 410 14070 0 254 212000 0
malloc-128 128 1281 362 135076 0 126 210304 0
MAP ENTRY 96 1629 429 2066987 0 126 197568 0
malloc-32768 32768 1 5 73 0 1 196608 0
malloc-2048 2048 12 76 158529 0 8 180224 0
UMA Zones 768 232 2 232 0 16 179712 0
FFS2 dinode 256 551 139 38400 0 62 176640 0
malloc-32 32 4818 96 5819 0 254 157248 0
tcp_inpcb 488 26 286 10625 0 254 152256 0
malloc-128 128 1053 125 6832 0 126 150784 0
S VFS Cache 104 1032 372 39708 0 126 146016 0
malloc-1024 1024 130 6 147 0 16 139264 0
malloc-65536 65536 0 2 2 0 1 131072 0
malloc-65536 65536 0 2 525 0 1 131072 0
VMSPACE 2544 39 12 35950 0 4 129744 0
tcpcb 1048 11 110 10625 0 254 126808 0
clpbuf 2632 0 48 145 0 16 126336 0
vmem btag 56 2144 76 2144 0 254 124320 0
g_bio 408 0 300 623791 0 30 122400 0
ksiginfo 112 66 978 2392 0 126 116928 0
malloc-4096 4096 23 4 89 0 2 110592 0
malloc-256 256 357 63 28182 0 62 107520 0
PROC 1320 61 20 35959 0 8 106920 0
malloc-256 256 273 132 97098 0 62 103680 0
malloc-16384 16384 3 3 13 0 1 98304 0
malloc-4096 4096 18 5 51 0 2 94208 0
filedesc0 1072 62 22 35960 0 8 90048 0
UMA Kegs 384 218 5 218 0 30 85632 0
64 Bucket 512 86 66 21734 0 30 77824 0
malloc-8192 8192 5 4 41 0 1 73728 0
malloc-8192 8192 8 1 99 0 1 73728 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 0 1 124 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 1 1 127 0 1 65536 0
malloc-64 64 445 563 89602 0 254 64512 0
malloc-256 256 42 198 38557 0 62 61440 0
malloc-384 384 134 6 173 0 30 53760 0
32 Bucket 256 72 138 20193 0 62 53760 0
malloc-16384 16384 1 2 5 0 1 49152 0
malloc-8192 8192 0 6 22 0 1 49152 0
malloc-8192 8192 5 1 7 0 1 49152 0
malloc-256 256 30 150 125238 0 62 46080 0
pipe 744 23 37 3038 0 16 44640 0
malloc-64 64 158 535 492745 0 254 44352 0
malloc-64 64 574 119 1850 0 254 44352 0
malloc-128 128 85 256 35638 0 126 43648 0
unpcb 256 21 144 8698 0 254 42240 0
DIRHASH 1024 34 6 34 0 16 40960 0
pcpu-8 8 4504 616 15319 0 254 40960 0
malloc-64 64 88 542 36816 0 254 40320 0
Files 80 235 265 112817 0 126 40000 0
malloc-128 128 46 264 40037 0 126 39680 0
malloc-256 256 81 69 3687 0 62 38400 0
tcp_bbr_pcb 832 0 45 2530 0 16 37440 0
NAMEI 1024 0 36 176999 0 16 36864 0
malloc-512 512 8 64 3973 0 30 36864 0
sctp_laddr 48 418 338 7050 0 254 36288 0
udplite_inpcb 488 2 70 2482 0 254 35136 0
malloc-256 256 2 133 114756 0 62 34560 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-8192 8192 1 3 11 0 1 32768 0
pcpu-64 64 456 56 456 0 254 32768 0
tcp_rack_pcb 704 2 42 421 0 16 30976 0
malloc-4096 4096 2 5 35906 0 2 28672 0
malloc-1024 1024 6 22 2211 0 16 28672 0
malloc-32 32 613 269 41541 0 254 28224 0
16 Bucket 144 69 127 2632 0 62 28224 0
4 Bucket 48 7 581 1068 0 254 28224 0
KNOTE 160 27 148 382086 0 62 28000 0
8 Bucket 80 50 300 14341 0 126 28000 0
TURNSTILE 136 172 17 172 0 62 25704 0
malloc-2048 2048 4 8 29 0 8 24576 0
sctp_stream_msg_out 112 160 56 3320 0 254 24192 0
PWD 32 20 736 34828 0 254 24192 0
malloc-64 64 212 166 7684 0 254 24192 0
ttyinq 160 135 15 300 0 62 24000 0
ttyoutq 256 72 18 160 0 62 23040 0
malloc-1024 1024 9 11 61 0 16 20480 0
malloc-512 512 2 38 724 0 30 20480 0
malloc-32 32 105 525 52021 0 254 20160 0
2 Bucket 32 80 550 9648 0 254 20160 0
vtnet_tx_hdr 24 1 834 2708211 0 254 20040 0
malloc-128 128 37 118 1619 0 126 19840 0
malloc-128 128 113 42 511 0 126 19840 0
SLEEPQUEUE 88 172 52 172 0 126 19712 0
ripcb 488 7 33 899 0 254 19520 0
itimer 352 0 55 136 0 30 19360 0
Mountpoints 2752 2 5 2 0 4 19264 0
malloc-256 256 57 18 3520 0 62 19200 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 0 1 153 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 0 2 18 0 1 16384 0
malloc-4096 4096 0 4 13 0 2 16384 0
malloc-1024 1024 11 5 13 0 16 16384 0
malloc-512 512 4 28 974 0 30 16384 0
malloc-64 64 203 49 433 0 254 16128 0
malloc-32 32 326 178 19237 0 254 16128 0
malloc-16 16 650 350 41936 0 254 16000 0
malloc-16 16 609 391 44878 0 254 16000 0
udp_inpcb 488 2 30 935 0 254 15616 0
malloc-4096 4096 0 3 5 0 2 12288 0
malloc-2048 2048 4 2 1252 0 8 12288 0
malloc-2048 2048 3 3 9 0 8 12288 0
malloc-1024 1024 8 4 305 0 16 12288 0
malloc-512 512 11 13 23 0 30 12288 0
rtentry 176 31 38 68 0 62 12144 0
malloc-64 64 60 129 583 0 254 12096 0
sctp_readq 152 1 77 1558 0 254 11856 0
routing nhops 256 26 19 73 0 62 11520 0
malloc-384 384 20 10 328 0 30 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 0 2 5 0 2 8192 0
malloc-2048 2048 2 2 193 0 8 8192 0
malloc-1024 1024 0 8 222 0 16 8192 0
malloc-1024 1024 1 7 500 0 16 8192 0
malloc-512 512 0 16 14 0 30 8192 0
malloc-512 512 0 16 5 0 30 8192 0
malloc-512 512 8 8 70 0 30 8192 0
tcptw 88 0 92 8 0 254 8096 0
rl_entry 40 88 114 6685 0 254 8080 0
sctp_asconf_ack 48 0 168 124 0 254 8064 0
syncache 168 0 48 14 0 254 8064 0
udpcb 32 4 248 3417 0 254 8064 0
ipq 56 0 144 2 0 254 8064 0
malloc-32 32 29 223 298 0 254 8064 0
malloc-32 32 68 184 1848 0 254 8064 0
malloc-32 32 37 215 427 0 254 8064 0
malloc-32 32 32 220 898 0 254 8064 0
malloc-16 16 25 475 8159 0 254 8000 0
malloc-16 16 25 475 177 0 254 8000 0
malloc-16 16 285 215 26612 0 254 8000 0
malloc-16 16 11 489 14855 0 254 8000 0
malloc-128 128 18 44 383 0 126 7936 0
tcp_rack_map 120 4 62 412 0 126 7920 0
kenv 258 3 27 1059 0 30 7740 0
L VFS Cache 320 0 24 2 0 30 7680 0
malloc-384 384 0 20 90 0 30 7680 0
malloc-384 384 0 20 34 0 30 7680 0
malloc-384 384 2 18 10 0 30 7680 0
malloc-384 384 1 19 31 0 30 7680 0
FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 7 55 37 0 126 6448 0
domainset 40 0 126 24 0 254 5040 0
epoch_record pcpu 256 4 12 4 0 62 4096 0
malloc-2048 2048 0 2 36 0 8 4096 0
malloc-2048 2048 2 0 2 0 8 4096 0
malloc-512 512 4 4 50 0 30 4096 0
pcpu-16 16 7 249 7 0 254 4096 0
tcp_log_bucket 176 0 23 6 0 62 4048 0
hostcache 96 1 41 1 0 254 4032 0
malloc-16 16 0 250 6 0 254 4000 0
tcp_log_node 120 0 33 8 0 126 3960 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
mqnode 416 3 6 3 0 30 3744 0
KMAP ENTRY 96 12 27 12 0 0 3744 0
vmem 1856 1 1 1 0 8 3712 0
SMR CPU 32 2 29 2 0 254 992 0
SMR SHARED 24 2 29 2 0 254 744 0
FFS1 dinode 128 0 0 0 0 126 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf 40 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 296 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 48 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIOP 32 0 0 0 0 254 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 224 0 0 0 0 62 0 0
NCLNODE 592 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
crypto_session 72 0 0 0 0 126 0 0
cryptop 280 0 0 0 0 30 0 0
IOMMU_MAP_ENTRY 120 0 0 0 0 126 0 0
ktls_session 192 0 0 0 0 62 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2632 0 0 0 0 64 0 0
mdpbuf 2632 0 0 0 0 3 0 0
nfspbuf 2632 0 0 0 0 16 0 0
swwbuf 2632 0 0 0 0 8 0 0
swrbuf 2632 0 0 0 0 16 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Mark Johnston
Sep 18, 2021, 11:57:03 AM9/18/21
to syzbot, syzkaller-f...@googlegroups.com
On Tue, Jan 05, 2021 at 10:45:16AM -0800, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 225afb6c Improve readability of the options list
> git tree: https://github.com/freebsd/freebsd-src.git main
> console output: https://syzkaller.appspot.com/x/log.txt?x=138364c7500000
> dashboard link: https://syzkaller.appspot.com/bug?extid=03158b32b90fc8ed499e
> userspace arch: i386
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+03158b...@syzkaller.appspotmail.com
>
> panic: mtx_lock() of spin mutex (null) @ /syzkaller/managers/i386/kernel/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:12282
> cpuid = 0
> time = 2000000015
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe005170f5c0
> vpanic() at vpanic+0x1c7/frame 0xfffffe005170f620
> panic() at panic+0x43/frame 0xfffffe005170f680
> __mtx_lock_flags() at __mtx_lock_flags+0x202/frame 0xfffffe005170f6e0
> rack_output() at rack_output+0x2764/frame 0xfffffe005170f9c0
> tcp_hpts_thread() at tcp_hpts_thread+0xe34/frame 0xfffffe005170fb10
> ithread_loop() at ithread_loop+0x33f/frame 0xfffffe005170fbb0
> fork_exit() at fork_exit+0xb3/frame 0xfffffe005170fbf0
> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe005170fbf0
#syz dup: panic: mtx_lock() of spin mutex (null) @ /syzkaller/managers/main/kernel/sys/netinet/tcp_output.c:LINE
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 225afb6c Improve readability of the options list
> git tree: https://github.com/freebsd/freebsd-src.git main
> console output: https://syzkaller.appspot.com/x/log.txt?x=138364c7500000
> dashboard link: https://syzkaller.appspot.com/bug?extid=03158b32b90fc8ed499e
> userspace arch: i386
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+03158b...@syzkaller.appspotmail.com
>
> panic: mtx_lock() of spin mutex (null) @ /syzkaller/managers/i386/kernel/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:12282
> cpuid = 0
> time = 2000000015
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe005170f5c0
> vpanic() at vpanic+0x1c7/frame 0xfffffe005170f620
> panic() at panic+0x43/frame 0xfffffe005170f680
> __mtx_lock_flags() at __mtx_lock_flags+0x202/frame 0xfffffe005170f6e0
> rack_output() at rack_output+0x2764/frame 0xfffffe005170f9c0
> tcp_hpts_thread() at tcp_hpts_thread+0xe34/frame 0xfffffe005170fb10
> ithread_loop() at ithread_loop+0x33f/frame 0xfffffe005170fbb0
> fork_exit() at fork_exit+0xb3/frame 0xfffffe005170fbf0
> fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe005170fbf0
Reply all
Reply to author
Forward
0 new messages