panic: Unaligned free of ADDR from zone ADDR(mbuf) slab ADDR(NUM)
0 views
Skip to first unread message
syzbot
Apr 8, 2024, 6:28:21 PMApr 8
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d80a97def9a1 unix: new implementation of unix/stream & uni..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=13de81d3180000
dashboard link: https://syzkaller.appspot.com/bug?extid=4adf0b37849ea7723586
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4adf0b...@syzkaller.appspotmail.com
panic: Unaligned free of 0xfffffe006d3c19d0 from zone 0xfffffe00541b9600(mbuf) slab 0xfffffe006d3c1fd8(9)
cpuid = 1
time = 1712615232
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe006d3c11b0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe006d3c1310
vpanic() at vpanic+0x26a/frame 0xfffffe006d3c14d0
panic() at panic+0xb5/frame 0xfffffe006d3c15a0
uma_dbg_free() at uma_dbg_free+0x289/frame 0xfffffe006d3c15f0
item_dtor() at item_dtor+0x7a/frame 0xfffffe006d3c1630
uma_zfree_arg() at uma_zfree_arg+0x103/frame 0xfffffe006d3c16d0
m_free() at m_free+0x20a/frame 0xfffffe006d3c1710
m_freem() at m_freem+0x48/frame 0xfffffe006d3c1730
uipc_sosend_stream_or_seqpacket() at uipc_sosend_stream_or_seqpacket+0x1237/frame 0xfffffe006d3c19a0
sousrsend() at sousrsend+0x117/frame 0xfffffe006d3c1a30
kern_sendit() at kern_sendit+0x4fc/frame 0xfffffe006d3c1b90
sendit() at sendit+0x15f/frame 0xfffffe006d3c1bf0
sys_sendmsg() at sys_sendmsg+0x181/frame 0xfffffe006d3c1d10
amd64_syscall() at amd64_syscall+0x4cb/frame 0xfffffe006d3c1f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe006d3c1f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x2aeb2a, rsp = 0x823fe8f08, rbp = 0x823fe8f80 ---
KDB: enter: panic
[ thread pid 1138 tid 100399 ]
Stopped at kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe0070a00000
rdx 0x3ffff
rbx 0xffffffff826ed680 .str.27
rsp 0xfffffe006d3c12f0
rbp 0xfffffe006d3c1310
rsi 0x40001
rdi 0xffffffff815c0059 printf+0x149
r8 0
r9 0xffffffff
r10 0x1
r11 0xfffffe00742d8520
r12 0xfffffe00742d8000
r13 0xfffffffffffffffd
r14 0xffffffff826ed680 .str.27
r15 0
rip 0xffffffff815acc1e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> show proc
Process 1138 (syz-executor.3) at 0xfffffe007415e060:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 773 at 0xfffffe00579ef060
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: /root/syz-executor.3 exec
reaper: 0xfffffe005420b040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0058b21c08
(map 0xfffffe0058b21c08)
(map.pmap 0xfffffe0058b21cc8)
(pmap 0xfffffe0058b21d38)
threads: 2
100302 RunQ syz-executor.3
100399 Run CPU 1 syz-executor.3
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1140 771 771 0 R syz-executor.1
1138 773 773 0 R (threaded) syz-executor.3
100302 RunQ syz-executor.3
100399 Run CPU 1 syz-executor.3
1116 772 1116 0 Ss (threaded) syz-executor.2
100086 S nanslp 0xffffffff83956480 syz-executor.2
100377 S select 0xfffffe006cdf4940 syz-executor.2
100380 S uwait 0xfffffe006d666100 syz-executor.2
1112 1 1109 0 S uwait 0xfffffe00578ca900 syz-executor.1
1111 1 1108 0 S uwait 0xfffffe0074289400 syz-executor.2
1105 1 1104 0 S uwait 0xfffffe006d665e80 syz-executor.1
1103 1 1102 0 S uwait 0xfffffe006d666a00 syz-executor.1
1056 1047 1047 0 D tun_con 0xfffffe006cee56a8 ifconfig
1047 768 1047 0 Ss wait 0xfffffe006cec1000 syz-executor.0
1018 1 772 0 S uwait 0xfffffe006d665b00 syz-executor.2
1017 1 772 0 S uwait 0xfffffe0057370880 syz-executor.2
1009 1 770 0 SV uwait 0xfffffe0057370b80 syz-executor.0
1006 1 772 0 SV uwait 0xfffffe00578c9b80 syz-executor.2
987 1 772 0 SV uwait 0xfffffe006d666f00 syz-executor.2
959 1 771 0 SV uwait 0xfffffe0057370780 syz-executor.1
901 1 901 0 Ss select 0xfffffe006cdf4840 rtsol
900 1 900 0 Ss select 0xfffffe0007877040 rtsol
898 1 898 0 Ss select 0xfffffe0007877140 rtsol
893 786 424 0 S kqread 0xfffffe0007c82500 rtsol
818 0 0 0 DL aiordy 0xfffffe006d091b00 [aiod4]
817 0 0 0 DL aiordy 0xfffffe006d070580 [aiod3]
816 0 0 0 DL aiordy 0xfffffe006d070ae0 [aiod2]
815 0 0 0 DL aiordy 0xfffffe006d071040 [aiod1]
786 778 424 0 S wait 0xfffffe0007ce9040 sh
778 424 424 0 S wait 0xfffffe00579ee040 sh
773 768 773 0 Ss nanslp 0xffffffff83956481 syz-executor.3
772 768 772 0 Ss nanslp 0xffffffff83956480 syz-executor.2
771 768 771 0 Ss nanslp 0xffffffff83956481 syz-executor.1
768 766 766 0 S (threaded) syz-fuzzer
100087 S kqread 0xfffffe0007c82a00 syz-fuzzer
100116 S uwait 0xfffffe0007980700 syz-fuzzer
100117 S uwait 0xfffffe0007980800 syz-fuzzer
100118 S uwait 0xfffffe0007980900 syz-fuzzer
100119 S uwait 0xfffffe00578ca300 syz-fuzzer
100120 S uwait 0xfffffe00578ca400 syz-fuzzer
100121 S wait 0xfffffe005420c060 syz-fuzzer
100122 S uwait 0xfffffe00578ca600 syz-fuzzer
100123 S wait 0xfffffe005420c060 syz-fuzzer
100124 S uwait 0xfffffe00578ca800 syz-fuzzer
100125 S wait 0xfffffe005420c060 syz-fuzzer
100142 S wait 0xfffffe005420c060 syz-fuzzer
766 764 766 0 Ss pause 0xfffffe00579ef670 csh
764 682 764 0 Ss select 0xfffffe0007877340 sshd
750 1 750 0 Ss+ ttyin 0xfffffe0007d1e4b0 getty
749 1 749 0 Ss+ ttyin 0xfffffe00587720b0 getty
748 1 748 0 Ss+ ttyin 0xfffffe00587728b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0056ec00b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0056ec08b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00574c30b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0056ec10b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0056ec18b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0056ec20b0 getty
739 1 18 0 S+ piperd 0xfffffe0058b252d8 logger
738 737 18 0 S+ nanslp 0xffffffff83956480 sleep
737 1 18 0 S+ wait 0xfffffe006cec2580 sh
686 1 686 0 Ss nanslp 0xffffffff83956481 cron
682 1 682 0 Ss select 0xfffffe006cdf4e40 sshd
495 1 495 0 Ss select 0xfffffe00078778c0 syslogd
424 1 424 0 Ss wait 0xfffffe00579ed020 devd
423 1 423 65 Ss select 0xfffffe006cdf51c0 dhclient
338 1 338 0 Ss select 0xfffffe00078779c0 dhclient
335 1 335 0 Ss select 0xfffffe0007877b40 dhclient
17 0 0 0 DL syncer 0xffffffff83a73ba0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007cea060 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83a72180 [bufdaemon]
100082 D - 0xffffffff82e02140 [bufspacedaemon-0]
100093 D sdflush 0xfffffe0058a0ace8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83abb680 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83aa34f8 [dom0]
100080 D launds 0xffffffff83aa3504 [laundry: dom0]
100081 D umarcl 0xffffffff81d508d0 [uma]
7 0 0 0 DL - 0xffffffff836d3cb0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff842ffbb0 [pf purge]
5 0 0 0 DL waiting 0xffffffff84677760 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100044 D - 0xffffffff8369e340 [doneq0]
100045 D - 0xffffffff8369e2c0 [async]
100076 D - 0xffffffff8369e140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff83a9ed20 [crypto]
100042 D crypto_ 0xfffffe0007c85030 [crypto returns 0]
100043 D crypto_ 0xfffffe0007c85080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0056f60c88 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff838fee00 [g_event]
100036 D - 0xffffffff838fee20 [g_up]
100037 D - 0xffffffff838fee40 [g_down]
2 0 0 0 WL (threaded) [clock]
100029 I [clock (0)]
100030 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100012 I [swi6: task queue]
100013 I [swi6: Giant taskq]
100015 I [swi5: fast taskq]
100031 I [swi1: netisr 0]
100032 I [swi1: hpts]
100033 I [swi1: hpts]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq33: virtio_pci2]
100060 I [irq34: virtio_pci2]
100061 I [irq35: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe005420b040 [init]
10 0 0 0 DL audit_w 0xffffffff83a9f780 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff838ff7e0 [swapper]
100005 D - 0xfffffe00085f7d00 [softirq_0]
100006 D - 0xfffffe00085f7c00 [softirq_1]
100007 D - 0xfffffe00085f7b00 [if_io_tqg_0]
100008 D - 0xfffffe00085f7a00 [if_io_tqg_1]
100009 D - 0xfffffe00085f7900 [if_config_tqg_0]
100010 D - 0xfffffe00085f7800 [pci_hp taskq]
100011 D - 0xfffffe00085f7700 [kqueue_ctx taskq]
100014 D - 0xfffffe00085f7400 [thread taskq]
100016 D - 0xfffffe00085f7200 [aiod_kick taskq]
100017 D - 0xfffffe00085f7100 [deferred_unmount ta]
100018 D - 0xfffffe00085f7000 [inm_free taskq]
100019 D - 0xfffffe00085f6e00 [in6m_free taskq]
100020 D - 0xfffffe00085f6d00 [linuxkpi_irq_wq]
100021 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_0]
100022 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_1]
100023 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_2]
100024 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_3]
100025 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_0]
100026 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_1]
100027 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_2]
100028 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_3]
100034 D - 0xfffffe00085f6a00 [firmware taskq]
100039 D - 0xfffffe00085f6700 [crypto_0]
100040 D - 0xfffffe00085f6700 [crypto_1]
100055 D - 0xfffffe00085f6500 [vtnet0 rxq 0]
100056 D - 0xfffffe00085f6400 [vtnet0 txq 0]
100057 D - 0xfffffe00085f6300 [vtnet0 rxq 1]
100058 D - 0xfffffe00085f6200 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0007cbc380 [virtio_balloon]
100066 D - 0xffffffff826f28c1 [deadlkres]
100070 D - 0xfffffe005797ab00 [acpi_task_0]
100071 D - 0xfffffe005797ab00 [acpi_task_1]
100072 D - 0xfffffe005797ab00 [acpi_task_2]
100074 D - 0xfffffe00085f8100 [mca taskq]
100075 D - 0xfffffe00085f6600 [CAM taskq]
db> show all locks
Process 1056 (ifconfig) thread 0xfffffe006d6c4740 (100130)
exclusive sx ifnet_detach_sx (ifnet_detach_sx) r = 0 (0xffffffff83a74340) locked @ /syzkaller/managers/main/kernel/sys/net/if.c:3039
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
linker 371 4934K 489
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4217
sysctloid 34865 2055K 34936
vtbuf 24 1968K 46
kobj 326 1304K 488
newblk 767 1216K 1019
vfscache 3 1025K 3
pcb 48 691K 488
inodedep 227 597K 337
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 157 306K 1231
filedesc 38 297K 612
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 100 200K 100
acpica 1674 184K 60830
tidhash 3 141K 3
vmem 3 138K 5
pagedep 34 137K 239
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 109 109K 126
sem 4 106K 4
gtaskqueue 18 98K 18
bus 985 81K 5155
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
kdtrace 228 45K 1541
umtx 352 44K 352
dirrem 171 43K 276
temp 34 39K 1866
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 128 32K 138
msg 4 30K 4
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
routetbl 132 19K 407
ifaddr 66 19K 68
BPF 14 19K 14
freefile 144 18K 239
ufs_mount 4 17K 5
tcp_fsb_rack 8 17K 38
proc 3 17K 3
LRO 16 17K 16
tty 16 16K 16
ithread 97 16K 97
bus-sc 34 15K 1687
eventhandler 162 14K 162
lltable 43 14K 43
ifnet 7 13K 7
ether_multi 152 13K 162
kenv 95 12K 95
GEOM 61 11K 481
rman 86 11K 451
CAM queue 5 11K 1528
bmsafemap 4 9K 306
kqueue 72 9K 1160
in6_multi 65 9K 65
rpc 4 9K 4
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 5
filemon 1 8K 27
shmfd 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 238 8K 300
sctp_timw 27 7K 27
taskqueue 63 7K 63
sglist 6 7K 6
cred 24 6K 242
CAM DEV 3 6K 510
diradd 47 6K 306
plimit 22 6K 341
pfs_nodes 22 6K 22
sctp_atcl 14 6K 282
hhook 15 5K 17
pf_ifnet 13 5K 23
DEVFSP 75 5K 124
ufs_dirhash 24 5K 24
UMA 267 5K 267
pwddesc 68 5K 1152
session 33 5K 48
vt 11 5K 11
kcovinfo 65 5K 65
sctp_stro 4 4K 62
pf_table 2 4K 3
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
acpisem 28 4K 28
CC Mem 13 4K 65
proc-args 96 4K 2196
newdirblk 24 3K 229
mkdir 23 3K 458
freework 12 3K 244
freeblks 11 3K 243
terminal 11 3K 11
indirdep 10 3K 10
clone 9 3K 9
uidinfo 3 3K 16
selfd 34 3K 14731
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 14
Unitno 31 2K 49
lockf 16 2K 26
sctp_ifa 13 2K 14
CAM XPT 22 2K 543
msi 12 2K 12
in_multi 6 2K 8
tun 4 2K 4
select 12 2K 44
toponodes 6 2K 6
ipsecpolicy 2 2K 2
acpidev 20 2K 20
tcp_pcm_rack 4 1K 19
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 8
NFSD session 1 1K 1
CAM periph 4 1K 271
inpcbpolicy 25 1K 284
ipsec 3 1K 3
sctp_ifn 6 1K 14
mld 6 1K 6
igmp 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
sctp_atky 18 1K 356
crypto 4 1K 7
encap_export_host 12 1K 12
osd 18 1K 78
netlink 2 1K 28
procdesc 4 1K 10
cdev 2 1K 2
lkpikmalloc 8 1K 9
chacha20random 1 1K 1
biobuf 1 1K 1
vnodes 1 1K 2
iov 1 1K 14076
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
sctp_athm 14 1K 292
feeder 7 1K 7
cryptodev 3 1K 66
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
sctp_aadr 2 1K 3
sctp_map 8 1K 124
pf_rule 1 1K 1
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
aio 4 1K 4
soname 5 1K 3518
pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
filecaps 4 1K 78
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 39
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 117
sctp_iter 0 0K 11
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 3
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 11
sctp_stri 0 0K 20
mqdata 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
tcp_do_rack 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 17
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 5
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 5
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 6
statfs 0 0K 199
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 4
lio 0 0K 59
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 117
eventfd 0 0K 2
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 646
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8320 1078 21323 0 254 38494208 0
mbuf 256 8631 1032 39753 0 254 2473728 0
BUF TRIE 144 234 11554 575 0 62 1697472 0
malloc-4096 4096 404 4 2208 0 2 1671168 0
malloc-384 384 4234 56 4515 0 30 1647360 0
mbuf_cluster 2048 762 0 762 0 254 1560576 0
malloc-128 128 11449 145 11511 0 126 1484032 0
UMA Slabs 0 112 10906 32 10906 0 126 1225056 0
sctp_asoc 2256 4 506 62 0 254 1150560 0
RADIX NODE 144 6637 190 35711 0 62 983088 0
malloc-65536 65536 15 0 18 0 1 983040 0
vmem btag 56 16372 83 16372 0 254 921480 0
FFS inode 1168 549 32 790 0 8 678608 0
sctp_ep 1144 10 501 210 0 254 584584 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0
socket 960 53 455 1724 0 254 487680 0
malloc-16384 16384 22 2 308 0 1 393216 0
sctp_raddr 736 4 513 92 0 254 380512 0
VM OBJECT 264 1330 50 18155 0 30 364320 0
256 Bucket 2048 154 16 1083 0 8 348160 0
THREAD 1824 159 17 399 0 8 321024 0
VNODE 448 588 105 831 0 30 310464 0
malloc-64 64 3868 227 3880 0 254 262080 0
malloc-2048 2048 107 13 122 0 8 245760 0
malloc-16 16 14413 337 14565 0 254 236000 0
DEVCTL 1024 22 198 147 0 0 225280 0
malloc-256 256 778 92 1052 0 62 222720 0
malloc-32768 32768 3 3 9 0 1 196608 0
mbuf_packet 256 2 760 5874 0 254 195072 0
malloc-128 128 1304 215 29311 0 126 194432 0
UMA Zones 768 239 0 239 0 16 183552 0
malloc-32 32 5279 391 5310 0 254 181440 0
lkpimm 56 1 3095 1 0 254 173376 0
MAP ENTRY 96 1643 121 53058 0 126 169344 0
FPU_save_area 832 161 37 696 0 16 164736 0
malloc-1024 1024 141 19 235 0 16 163840 0
FFS2 dinode 256 549 81 789 0 62 161280 0
malloc-256 256 571 59 1584 0 62 161280 0
S VFS Cache 104 1021 383 1325 0 126 146016 0
malloc-65536 65536 0 2 74 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-2048 2048 13 51 1118 0 8 131072 0
unpcb 256 20 490 1204 0 254 130560 0
PROC 1376 67 21 1140 0 8 121088 0
ksiginfo 112 68 976 491 0 126 116928 0
malloc-128 128 798 101 1987 0 126 115072 0
tcp_log 416 0 261 7 0 254 108576 0
malloc-8192 8192 7 6 34 0 1 106496 0
malloc-384 384 239 31 349 0 30 103680 0
filedesc0 1072 68 16 1152 0 8 90048 0
UMA Kegs 384 226 7 226 0 30 89472 0
syncache 168 0 528 7 0 254 88704 0
128 Bucket 1024 53 30 266 0 16 84992 0
malloc-128 128 444 207 730 0 126 83328 0
malloc-8192 8192 9 1 11 0 1 81920 0
malloc-4096 4096 16 4 33 0 2 81920 0
sctp_chunk 152 4 516 44 0 254 79040 0
g_bio 408 0 180 5132 0 30 73440 0
malloc-64 64 645 426 15322 0 254 68544 0
malloc-128 128 321 206 699 0 126 67456 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 1 1 12 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
sctp_stream_msg_out 112 0 540 19 0 254 60480 0
malloc-4096 4096 10 4 23 0 2 57344 0
tcp_inpcb 1304 13 29 65 0 8 54768 0
udp_inpcb 416 7 119 192 0 30 52416 0
malloc-64 64 440 379 2832 0 254 52416 0
malloc-64 64 476 343 934 0 254 52416 0
malloc-256 256 97 98 1454 0 62 49920 0
malloc-256 256 74 121 202 0 62 49920 0
malloc-256 256 83 112 857 0 62 49920 0
32 Bucket 256 67 128 3734 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
NAMEI 1024 0 48 14277 0 16 49152 0
malloc-8192 8192 1 5 30 0 1 49152 0
malloc-2048 2048 15 9 31 0 8 49152 0
malloc-2048 2048 12 12 212 0 8 49152 0
malloc-1024 1024 10 38 1518 0 16 49152 0
malloc-384 384 90 30 433 0 30 46080 0
pcpu-8 8 4752 368 4938 0 254 40960 0
VMSPACE 616 47 19 1065 0 16 40656 0
pipe 728 22 33 352 0 16 40040 0
sctp_readq 152 0 260 11 0 254 39520 0
64 Bucket 512 63 9 1835 0 30 36864 0
malloc-64 64 46 521 14767 0 254 36288 0
malloc-64 64 99 468 730 0 254 36288 0
malloc-64 64 82 485 1166 0 254 36288 0
malloc-64 64 25 542 29 0 254 36288 0
tcp_bbr_map 128 0 279 11 0 126 35712 0
tcp_rack_map 128 9 270 47 0 126 35712 0
malloc-128 128 5 274 6 0 126 35712 0
malloc-128 128 57 222 3341 0 126 35712 0
malloc-128 128 65 214 81 0 126 35712 0
routing nhops 256 26 109 33 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-256 256 73 62 407 0 62 34560 0
malloc-256 256 48 87 495 0 62 34560 0
malloc-32768 32768 0 1 120 0 1 32768 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-8192 8192 3 1 29 0 1 32768 0
malloc-2048 2048 6 10 19 0 8 32768 0
malloc-2048 2048 3 13 194 0 8 32768 0
malloc-1024 1024 5 27 10 0 16 32768 0
malloc-512 512 9 55 127 0 30 32768 0
malloc-512 512 7 57 44 0 30 32768 0
malloc-512 512 4 60 34 0 30 32768 0
malloc-512 512 1 63 6 0 30 32768 0
malloc-512 512 4 60 55 0 30 32768 0
pcpu-64 64 488 24 488 0 254 32768 0
ertt_txseginfo 40 1 807 6527 0 254 32320 0
ttyinq 160 135 65 300 0 62 32000 0
Files 80 230 170 8125 0 126 32000 0
PGRP 120 33 231 48 0 126 31680 0
clpbuf 2624 0 12 26 0 4 31488 0
sctp_laddr 48 0 588 36 0 254 28224 0
malloc-32 32 277 605 3290 0 254 28224 0
16 Bucket 144 50 146 271 0 62 28224 0
4 Bucket 48 4 584 7 0 254 28224 0
AIO 208 0 133 68 0 62 27664 0
da_ccb 544 0 49 1415 0 16 26656 0
TURNSTILE 136 177 12 177 0 62 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-4096 4096 2 4 204 0 2 24576 0
tcp_rack_pcb 1216 4 16 19 0 8 24320 0
rl_entry 40 48 558 48 0 254 24240 0
PWD 40 26 580 312 0 254 24240 0
rtentry 168 29 115 33 0 62 24192 0
8 Bucket 80 53 247 340 0 126 24000 0
ripcb 384 5 55 26 0 30 23040 0
malloc-384 384 11 49 11 0 30 23040 0
malloc-384 384 1 59 3 0 30 23040 0
malloc-384 384 1 59 29 0 30 23040 0
malloc-384 384 21 39 24 0 30 23040 0
SLEEPQUEUE 88 177 79 177 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
udp_inpcb ports 32 3 627 36 0 254 20160 0
tcp_inpcb ports 32 6 624 31 0 254 20160 0
ertt 72 13 267 65 0 126 20160 0
malloc-32 32 82 548 85 0 254 20160 0
malloc-32 32 195 435 1746 0 254 20160 0
malloc-32 32 121 509 775 0 254 20160 0
malloc-32 32 31 599 448 0 254 20160 0
malloc-32 32 59 571 947 0 254 20160 0
malloc-32 32 34 596 76 0 254 20160 0
2 Bucket 32 55 575 388 0 254 20160 0
KNOTE 160 37 88 3571 0 62 20000 0
AIOCB 552 0 35 10 0 16 19320 0
malloc-256 256 19 56 194 0 62 19200 0
AIOLIO 272 0 70 59 0 30 19040 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 0 1 160 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 1 1 102 0 1 16384 0
malloc-4096 4096 3 1 3 0 2 16384 0
malloc-2048 2048 0 8 40 0 8 16384 0
malloc-1024 1024 2 14 42 0 16 16384 0
malloc-1024 1024 1 15 4 0 16 16384 0
malloc-1024 1024 10 6 175 0 16 16384 0
malloc-1024 1024 8 8 8 0 16 16384 0
SMR CPU 32 7 504 7 0 254 16352 0
sctp_asconf_ack 48 0 336 1 0 254 16128 0
malloc-16 16 234 766 4776 0 254 16000 0
kenv 258 17 43 1071 0 30 15480 0
tcp_bbr_pcb 832 0 18 10 0 16 14976 0
udplite_inpcb 416 0 36 1 0 30 14976 0
mqnode 416 3 33 3 0 30 14976 0
vmem 1856 1 7 1 0 8 14848 0
SMR SHARED 24 7 504 7 0 254 12264 0
malloc-16 16 28 722 67 0 254 12000 0
malloc-16 16 310 440 481 0 254 12000 0
malloc-16 16 64 686 560 0 254 12000 0
malloc-16 16 3 747 268 0 254 12000 0
malloc-16 16 28 722 27857 0 254 12000 0
malloc-16 16 16 734 17 0 254 12000 0
cryptop 280 0 42 1 0 30 11760 0
itimer 352 0 33 1 0 30 11616 0
Mountpoints 2816 2 2 2 0 4 11264 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 1 0 2 8192 0
vtnet_tx_hdr 24 0 334 10220 0 254 8016 0
pcpu-16 16 4 252 4 0 254 4096 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 360 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb ports 32 0 0 0 0 254 0 0
ripcb ports 32 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 232 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 144 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 104 0 0 0 0 126 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: d80a97def9a1 unix: new implementation of unix/stream & uni..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=13de81d3180000
dashboard link: https://syzkaller.appspot.com/bug?extid=4adf0b37849ea7723586
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4adf0b...@syzkaller.appspotmail.com
panic: Unaligned free of 0xfffffe006d3c19d0 from zone 0xfffffe00541b9600(mbuf) slab 0xfffffe006d3c1fd8(9)
cpuid = 1
time = 1712615232
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe006d3c11b0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe006d3c1310
vpanic() at vpanic+0x26a/frame 0xfffffe006d3c14d0
panic() at panic+0xb5/frame 0xfffffe006d3c15a0
uma_dbg_free() at uma_dbg_free+0x289/frame 0xfffffe006d3c15f0
item_dtor() at item_dtor+0x7a/frame 0xfffffe006d3c1630
uma_zfree_arg() at uma_zfree_arg+0x103/frame 0xfffffe006d3c16d0
m_free() at m_free+0x20a/frame 0xfffffe006d3c1710
m_freem() at m_freem+0x48/frame 0xfffffe006d3c1730
uipc_sosend_stream_or_seqpacket() at uipc_sosend_stream_or_seqpacket+0x1237/frame 0xfffffe006d3c19a0
sousrsend() at sousrsend+0x117/frame 0xfffffe006d3c1a30
kern_sendit() at kern_sendit+0x4fc/frame 0xfffffe006d3c1b90
sendit() at sendit+0x15f/frame 0xfffffe006d3c1bf0
sys_sendmsg() at sys_sendmsg+0x181/frame 0xfffffe006d3c1d10
amd64_syscall() at amd64_syscall+0x4cb/frame 0xfffffe006d3c1f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe006d3c1f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x2aeb2a, rsp = 0x823fe8f08, rbp = 0x823fe8f80 ---
KDB: enter: panic
[ thread pid 1138 tid 100399 ]
Stopped at kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe0070a00000
rdx 0x3ffff
rbx 0xffffffff826ed680 .str.27
rsp 0xfffffe006d3c12f0
rbp 0xfffffe006d3c1310
rsi 0x40001
rdi 0xffffffff815c0059 printf+0x149
r8 0
r9 0xffffffff
r10 0x1
r11 0xfffffe00742d8520
r12 0xfffffe00742d8000
r13 0xfffffffffffffffd
r14 0xffffffff826ed680 .str.27
r15 0
rip 0xffffffff815acc1e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> show proc
Process 1138 (syz-executor.3) at 0xfffffe007415e060:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 773 at 0xfffffe00579ef060
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: /root/syz-executor.3 exec
reaper: 0xfffffe005420b040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0058b21c08
(map 0xfffffe0058b21c08)
(map.pmap 0xfffffe0058b21cc8)
(pmap 0xfffffe0058b21d38)
threads: 2
100302 RunQ syz-executor.3
100399 Run CPU 1 syz-executor.3
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1140 771 771 0 R syz-executor.1
1138 773 773 0 R (threaded) syz-executor.3
100302 RunQ syz-executor.3
100399 Run CPU 1 syz-executor.3
1116 772 1116 0 Ss (threaded) syz-executor.2
100086 S nanslp 0xffffffff83956480 syz-executor.2
100377 S select 0xfffffe006cdf4940 syz-executor.2
100380 S uwait 0xfffffe006d666100 syz-executor.2
1112 1 1109 0 S uwait 0xfffffe00578ca900 syz-executor.1
1111 1 1108 0 S uwait 0xfffffe0074289400 syz-executor.2
1105 1 1104 0 S uwait 0xfffffe006d665e80 syz-executor.1
1103 1 1102 0 S uwait 0xfffffe006d666a00 syz-executor.1
1056 1047 1047 0 D tun_con 0xfffffe006cee56a8 ifconfig
1047 768 1047 0 Ss wait 0xfffffe006cec1000 syz-executor.0
1018 1 772 0 S uwait 0xfffffe006d665b00 syz-executor.2
1017 1 772 0 S uwait 0xfffffe0057370880 syz-executor.2
1009 1 770 0 SV uwait 0xfffffe0057370b80 syz-executor.0
1006 1 772 0 SV uwait 0xfffffe00578c9b80 syz-executor.2
987 1 772 0 SV uwait 0xfffffe006d666f00 syz-executor.2
959 1 771 0 SV uwait 0xfffffe0057370780 syz-executor.1
901 1 901 0 Ss select 0xfffffe006cdf4840 rtsol
900 1 900 0 Ss select 0xfffffe0007877040 rtsol
898 1 898 0 Ss select 0xfffffe0007877140 rtsol
893 786 424 0 S kqread 0xfffffe0007c82500 rtsol
818 0 0 0 DL aiordy 0xfffffe006d091b00 [aiod4]
817 0 0 0 DL aiordy 0xfffffe006d070580 [aiod3]
816 0 0 0 DL aiordy 0xfffffe006d070ae0 [aiod2]
815 0 0 0 DL aiordy 0xfffffe006d071040 [aiod1]
786 778 424 0 S wait 0xfffffe0007ce9040 sh
778 424 424 0 S wait 0xfffffe00579ee040 sh
773 768 773 0 Ss nanslp 0xffffffff83956481 syz-executor.3
772 768 772 0 Ss nanslp 0xffffffff83956480 syz-executor.2
771 768 771 0 Ss nanslp 0xffffffff83956481 syz-executor.1
768 766 766 0 S (threaded) syz-fuzzer
100087 S kqread 0xfffffe0007c82a00 syz-fuzzer
100116 S uwait 0xfffffe0007980700 syz-fuzzer
100117 S uwait 0xfffffe0007980800 syz-fuzzer
100118 S uwait 0xfffffe0007980900 syz-fuzzer
100119 S uwait 0xfffffe00578ca300 syz-fuzzer
100120 S uwait 0xfffffe00578ca400 syz-fuzzer
100121 S wait 0xfffffe005420c060 syz-fuzzer
100122 S uwait 0xfffffe00578ca600 syz-fuzzer
100123 S wait 0xfffffe005420c060 syz-fuzzer
100124 S uwait 0xfffffe00578ca800 syz-fuzzer
100125 S wait 0xfffffe005420c060 syz-fuzzer
100142 S wait 0xfffffe005420c060 syz-fuzzer
766 764 766 0 Ss pause 0xfffffe00579ef670 csh
764 682 764 0 Ss select 0xfffffe0007877340 sshd
750 1 750 0 Ss+ ttyin 0xfffffe0007d1e4b0 getty
749 1 749 0 Ss+ ttyin 0xfffffe00587720b0 getty
748 1 748 0 Ss+ ttyin 0xfffffe00587728b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0056ec00b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0056ec08b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00574c30b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0056ec10b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0056ec18b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0056ec20b0 getty
739 1 18 0 S+ piperd 0xfffffe0058b252d8 logger
738 737 18 0 S+ nanslp 0xffffffff83956480 sleep
737 1 18 0 S+ wait 0xfffffe006cec2580 sh
686 1 686 0 Ss nanslp 0xffffffff83956481 cron
682 1 682 0 Ss select 0xfffffe006cdf4e40 sshd
495 1 495 0 Ss select 0xfffffe00078778c0 syslogd
424 1 424 0 Ss wait 0xfffffe00579ed020 devd
423 1 423 65 Ss select 0xfffffe006cdf51c0 dhclient
338 1 338 0 Ss select 0xfffffe00078779c0 dhclient
335 1 335 0 Ss select 0xfffffe0007877b40 dhclient
17 0 0 0 DL syncer 0xffffffff83a73ba0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007cea060 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83a72180 [bufdaemon]
100082 D - 0xffffffff82e02140 [bufspacedaemon-0]
100093 D sdflush 0xfffffe0058a0ace8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83abb680 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83aa34f8 [dom0]
100080 D launds 0xffffffff83aa3504 [laundry: dom0]
100081 D umarcl 0xffffffff81d508d0 [uma]
7 0 0 0 DL - 0xffffffff836d3cb0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff842ffbb0 [pf purge]
5 0 0 0 DL waiting 0xffffffff84677760 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100044 D - 0xffffffff8369e340 [doneq0]
100045 D - 0xffffffff8369e2c0 [async]
100076 D - 0xffffffff8369e140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff83a9ed20 [crypto]
100042 D crypto_ 0xfffffe0007c85030 [crypto returns 0]
100043 D crypto_ 0xfffffe0007c85080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0056f60c88 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff838fee00 [g_event]
100036 D - 0xffffffff838fee20 [g_up]
100037 D - 0xffffffff838fee40 [g_down]
2 0 0 0 WL (threaded) [clock]
100029 I [clock (0)]
100030 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100012 I [swi6: task queue]
100013 I [swi6: Giant taskq]
100015 I [swi5: fast taskq]
100031 I [swi1: netisr 0]
100032 I [swi1: hpts]
100033 I [swi1: hpts]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq33: virtio_pci2]
100060 I [irq34: virtio_pci2]
100061 I [irq35: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe005420b040 [init]
10 0 0 0 DL audit_w 0xffffffff83a9f780 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff838ff7e0 [swapper]
100005 D - 0xfffffe00085f7d00 [softirq_0]
100006 D - 0xfffffe00085f7c00 [softirq_1]
100007 D - 0xfffffe00085f7b00 [if_io_tqg_0]
100008 D - 0xfffffe00085f7a00 [if_io_tqg_1]
100009 D - 0xfffffe00085f7900 [if_config_tqg_0]
100010 D - 0xfffffe00085f7800 [pci_hp taskq]
100011 D - 0xfffffe00085f7700 [kqueue_ctx taskq]
100014 D - 0xfffffe00085f7400 [thread taskq]
100016 D - 0xfffffe00085f7200 [aiod_kick taskq]
100017 D - 0xfffffe00085f7100 [deferred_unmount ta]
100018 D - 0xfffffe00085f7000 [inm_free taskq]
100019 D - 0xfffffe00085f6e00 [in6m_free taskq]
100020 D - 0xfffffe00085f6d00 [linuxkpi_irq_wq]
100021 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_0]
100022 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_1]
100023 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_2]
100024 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_3]
100025 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_0]
100026 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_1]
100027 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_2]
100028 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_3]
100034 D - 0xfffffe00085f6a00 [firmware taskq]
100039 D - 0xfffffe00085f6700 [crypto_0]
100040 D - 0xfffffe00085f6700 [crypto_1]
100055 D - 0xfffffe00085f6500 [vtnet0 rxq 0]
100056 D - 0xfffffe00085f6400 [vtnet0 txq 0]
100057 D - 0xfffffe00085f6300 [vtnet0 rxq 1]
100058 D - 0xfffffe00085f6200 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0007cbc380 [virtio_balloon]
100066 D - 0xffffffff826f28c1 [deadlkres]
100070 D - 0xfffffe005797ab00 [acpi_task_0]
100071 D - 0xfffffe005797ab00 [acpi_task_1]
100072 D - 0xfffffe005797ab00 [acpi_task_2]
100074 D - 0xfffffe00085f8100 [mca taskq]
100075 D - 0xfffffe00085f6600 [CAM taskq]
db> show all locks
Process 1056 (ifconfig) thread 0xfffffe006d6c4740 (100130)
exclusive sx ifnet_detach_sx (ifnet_detach_sx) r = 0 (0xffffffff83a74340) locked @ /syzkaller/managers/main/kernel/sys/net/if.c:3039
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
linker 371 4934K 489
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4217
sysctloid 34865 2055K 34936
vtbuf 24 1968K 46
kobj 326 1304K 488
newblk 767 1216K 1019
vfscache 3 1025K 3
pcb 48 691K 488
inodedep 227 597K 337
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 157 306K 1231
filedesc 38 297K 612
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 100 200K 100
acpica 1674 184K 60830
tidhash 3 141K 3
vmem 3 138K 5
pagedep 34 137K 239
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 109 109K 126
sem 4 106K 4
gtaskqueue 18 98K 18
bus 985 81K 5155
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
kdtrace 228 45K 1541
umtx 352 44K 352
dirrem 171 43K 276
temp 34 39K 1866
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 128 32K 138
msg 4 30K 4
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
routetbl 132 19K 407
ifaddr 66 19K 68
BPF 14 19K 14
freefile 144 18K 239
ufs_mount 4 17K 5
tcp_fsb_rack 8 17K 38
proc 3 17K 3
LRO 16 17K 16
tty 16 16K 16
ithread 97 16K 97
bus-sc 34 15K 1687
eventhandler 162 14K 162
lltable 43 14K 43
ifnet 7 13K 7
ether_multi 152 13K 162
kenv 95 12K 95
GEOM 61 11K 481
rman 86 11K 451
CAM queue 5 11K 1528
bmsafemap 4 9K 306
kqueue 72 9K 1160
in6_multi 65 9K 65
rpc 4 9K 4
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 5
filemon 1 8K 27
shmfd 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 238 8K 300
sctp_timw 27 7K 27
taskqueue 63 7K 63
sglist 6 7K 6
cred 24 6K 242
CAM DEV 3 6K 510
diradd 47 6K 306
plimit 22 6K 341
pfs_nodes 22 6K 22
sctp_atcl 14 6K 282
hhook 15 5K 17
pf_ifnet 13 5K 23
DEVFSP 75 5K 124
ufs_dirhash 24 5K 24
UMA 267 5K 267
pwddesc 68 5K 1152
session 33 5K 48
vt 11 5K 11
kcovinfo 65 5K 65
sctp_stro 4 4K 62
pf_table 2 4K 3
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
acpisem 28 4K 28
CC Mem 13 4K 65
proc-args 96 4K 2196
newdirblk 24 3K 229
mkdir 23 3K 458
freework 12 3K 244
freeblks 11 3K 243
terminal 11 3K 11
indirdep 10 3K 10
clone 9 3K 9
uidinfo 3 3K 16
selfd 34 3K 14731
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 14
Unitno 31 2K 49
lockf 16 2K 26
sctp_ifa 13 2K 14
CAM XPT 22 2K 543
msi 12 2K 12
in_multi 6 2K 8
tun 4 2K 4
select 12 2K 44
toponodes 6 2K 6
ipsecpolicy 2 2K 2
acpidev 20 2K 20
tcp_pcm_rack 4 1K 19
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 8
NFSD session 1 1K 1
CAM periph 4 1K 271
inpcbpolicy 25 1K 284
ipsec 3 1K 3
sctp_ifn 6 1K 14
mld 6 1K 6
igmp 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
sctp_atky 18 1K 356
crypto 4 1K 7
encap_export_host 12 1K 12
osd 18 1K 78
netlink 2 1K 28
procdesc 4 1K 10
cdev 2 1K 2
lkpikmalloc 8 1K 9
chacha20random 1 1K 1
biobuf 1 1K 1
vnodes 1 1K 2
iov 1 1K 14076
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
sctp_athm 14 1K 292
feeder 7 1K 7
cryptodev 3 1K 66
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
sctp_aadr 2 1K 3
sctp_map 8 1K 124
pf_rule 1 1K 1
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
aio 4 1K 4
soname 5 1K 3518
pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
filecaps 4 1K 78
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 39
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 117
sctp_iter 0 0K 11
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 3
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 11
sctp_stri 0 0K 20
mqdata 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
tcp_do_rack 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 17
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 5
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 5
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 6
statfs 0 0K 199
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 4
lio 0 0K 59
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 117
eventfd 0 0K 2
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 646
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8320 1078 21323 0 254 38494208 0
mbuf 256 8631 1032 39753 0 254 2473728 0
BUF TRIE 144 234 11554 575 0 62 1697472 0
malloc-4096 4096 404 4 2208 0 2 1671168 0
malloc-384 384 4234 56 4515 0 30 1647360 0
mbuf_cluster 2048 762 0 762 0 254 1560576 0
malloc-128 128 11449 145 11511 0 126 1484032 0
UMA Slabs 0 112 10906 32 10906 0 126 1225056 0
sctp_asoc 2256 4 506 62 0 254 1150560 0
RADIX NODE 144 6637 190 35711 0 62 983088 0
malloc-65536 65536 15 0 18 0 1 983040 0
vmem btag 56 16372 83 16372 0 254 921480 0
FFS inode 1168 549 32 790 0 8 678608 0
sctp_ep 1144 10 501 210 0 254 584584 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0
socket 960 53 455 1724 0 254 487680 0
malloc-16384 16384 22 2 308 0 1 393216 0
sctp_raddr 736 4 513 92 0 254 380512 0
VM OBJECT 264 1330 50 18155 0 30 364320 0
256 Bucket 2048 154 16 1083 0 8 348160 0
THREAD 1824 159 17 399 0 8 321024 0
VNODE 448 588 105 831 0 30 310464 0
malloc-64 64 3868 227 3880 0 254 262080 0
malloc-2048 2048 107 13 122 0 8 245760 0
malloc-16 16 14413 337 14565 0 254 236000 0
DEVCTL 1024 22 198 147 0 0 225280 0
malloc-256 256 778 92 1052 0 62 222720 0
malloc-32768 32768 3 3 9 0 1 196608 0
mbuf_packet 256 2 760 5874 0 254 195072 0
malloc-128 128 1304 215 29311 0 126 194432 0
UMA Zones 768 239 0 239 0 16 183552 0
malloc-32 32 5279 391 5310 0 254 181440 0
lkpimm 56 1 3095 1 0 254 173376 0
MAP ENTRY 96 1643 121 53058 0 126 169344 0
FPU_save_area 832 161 37 696 0 16 164736 0
malloc-1024 1024 141 19 235 0 16 163840 0
FFS2 dinode 256 549 81 789 0 62 161280 0
malloc-256 256 571 59 1584 0 62 161280 0
S VFS Cache 104 1021 383 1325 0 126 146016 0
malloc-65536 65536 0 2 74 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-2048 2048 13 51 1118 0 8 131072 0
unpcb 256 20 490 1204 0 254 130560 0
PROC 1376 67 21 1140 0 8 121088 0
ksiginfo 112 68 976 491 0 126 116928 0
malloc-128 128 798 101 1987 0 126 115072 0
tcp_log 416 0 261 7 0 254 108576 0
malloc-8192 8192 7 6 34 0 1 106496 0
malloc-384 384 239 31 349 0 30 103680 0
filedesc0 1072 68 16 1152 0 8 90048 0
UMA Kegs 384 226 7 226 0 30 89472 0
syncache 168 0 528 7 0 254 88704 0
128 Bucket 1024 53 30 266 0 16 84992 0
malloc-128 128 444 207 730 0 126 83328 0
malloc-8192 8192 9 1 11 0 1 81920 0
malloc-4096 4096 16 4 33 0 2 81920 0
sctp_chunk 152 4 516 44 0 254 79040 0
g_bio 408 0 180 5132 0 30 73440 0
malloc-64 64 645 426 15322 0 254 68544 0
malloc-128 128 321 206 699 0 126 67456 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 1 1 12 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
sctp_stream_msg_out 112 0 540 19 0 254 60480 0
malloc-4096 4096 10 4 23 0 2 57344 0
tcp_inpcb 1304 13 29 65 0 8 54768 0
udp_inpcb 416 7 119 192 0 30 52416 0
malloc-64 64 440 379 2832 0 254 52416 0
malloc-64 64 476 343 934 0 254 52416 0
malloc-256 256 97 98 1454 0 62 49920 0
malloc-256 256 74 121 202 0 62 49920 0
malloc-256 256 83 112 857 0 62 49920 0
32 Bucket 256 67 128 3734 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
NAMEI 1024 0 48 14277 0 16 49152 0
malloc-8192 8192 1 5 30 0 1 49152 0
malloc-2048 2048 15 9 31 0 8 49152 0
malloc-2048 2048 12 12 212 0 8 49152 0
malloc-1024 1024 10 38 1518 0 16 49152 0
malloc-384 384 90 30 433 0 30 46080 0
pcpu-8 8 4752 368 4938 0 254 40960 0
VMSPACE 616 47 19 1065 0 16 40656 0
pipe 728 22 33 352 0 16 40040 0
sctp_readq 152 0 260 11 0 254 39520 0
64 Bucket 512 63 9 1835 0 30 36864 0
malloc-64 64 46 521 14767 0 254 36288 0
malloc-64 64 99 468 730 0 254 36288 0
malloc-64 64 82 485 1166 0 254 36288 0
malloc-64 64 25 542 29 0 254 36288 0
tcp_bbr_map 128 0 279 11 0 126 35712 0
tcp_rack_map 128 9 270 47 0 126 35712 0
malloc-128 128 5 274 6 0 126 35712 0
malloc-128 128 57 222 3341 0 126 35712 0
malloc-128 128 65 214 81 0 126 35712 0
routing nhops 256 26 109 33 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-256 256 73 62 407 0 62 34560 0
malloc-256 256 48 87 495 0 62 34560 0
malloc-32768 32768 0 1 120 0 1 32768 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-8192 8192 3 1 29 0 1 32768 0
malloc-2048 2048 6 10 19 0 8 32768 0
malloc-2048 2048 3 13 194 0 8 32768 0
malloc-1024 1024 5 27 10 0 16 32768 0
malloc-512 512 9 55 127 0 30 32768 0
malloc-512 512 7 57 44 0 30 32768 0
malloc-512 512 4 60 34 0 30 32768 0
malloc-512 512 1 63 6 0 30 32768 0
malloc-512 512 4 60 55 0 30 32768 0
pcpu-64 64 488 24 488 0 254 32768 0
ertt_txseginfo 40 1 807 6527 0 254 32320 0
ttyinq 160 135 65 300 0 62 32000 0
Files 80 230 170 8125 0 126 32000 0
PGRP 120 33 231 48 0 126 31680 0
clpbuf 2624 0 12 26 0 4 31488 0
sctp_laddr 48 0 588 36 0 254 28224 0
malloc-32 32 277 605 3290 0 254 28224 0
16 Bucket 144 50 146 271 0 62 28224 0
4 Bucket 48 4 584 7 0 254 28224 0
AIO 208 0 133 68 0 62 27664 0
da_ccb 544 0 49 1415 0 16 26656 0
TURNSTILE 136 177 12 177 0 62 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-4096 4096 2 4 204 0 2 24576 0
tcp_rack_pcb 1216 4 16 19 0 8 24320 0
rl_entry 40 48 558 48 0 254 24240 0
PWD 40 26 580 312 0 254 24240 0
rtentry 168 29 115 33 0 62 24192 0
8 Bucket 80 53 247 340 0 126 24000 0
ripcb 384 5 55 26 0 30 23040 0
malloc-384 384 11 49 11 0 30 23040 0
malloc-384 384 1 59 3 0 30 23040 0
malloc-384 384 1 59 29 0 30 23040 0
malloc-384 384 21 39 24 0 30 23040 0
SLEEPQUEUE 88 177 79 177 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
udp_inpcb ports 32 3 627 36 0 254 20160 0
tcp_inpcb ports 32 6 624 31 0 254 20160 0
ertt 72 13 267 65 0 126 20160 0
malloc-32 32 82 548 85 0 254 20160 0
malloc-32 32 195 435 1746 0 254 20160 0
malloc-32 32 121 509 775 0 254 20160 0
malloc-32 32 31 599 448 0 254 20160 0
malloc-32 32 59 571 947 0 254 20160 0
malloc-32 32 34 596 76 0 254 20160 0
2 Bucket 32 55 575 388 0 254 20160 0
KNOTE 160 37 88 3571 0 62 20000 0
AIOCB 552 0 35 10 0 16 19320 0
malloc-256 256 19 56 194 0 62 19200 0
AIOLIO 272 0 70 59 0 30 19040 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 0 1 160 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 1 1 102 0 1 16384 0
malloc-4096 4096 3 1 3 0 2 16384 0
malloc-2048 2048 0 8 40 0 8 16384 0
malloc-1024 1024 2 14 42 0 16 16384 0
malloc-1024 1024 1 15 4 0 16 16384 0
malloc-1024 1024 10 6 175 0 16 16384 0
malloc-1024 1024 8 8 8 0 16 16384 0
SMR CPU 32 7 504 7 0 254 16352 0
sctp_asconf_ack 48 0 336 1 0 254 16128 0
malloc-16 16 234 766 4776 0 254 16000 0
kenv 258 17 43 1071 0 30 15480 0
tcp_bbr_pcb 832 0 18 10 0 16 14976 0
udplite_inpcb 416 0 36 1 0 30 14976 0
mqnode 416 3 33 3 0 30 14976 0
vmem 1856 1 7 1 0 8 14848 0
SMR SHARED 24 7 504 7 0 254 12264 0
malloc-16 16 28 722 67 0 254 12000 0
malloc-16 16 310 440 481 0 254 12000 0
malloc-16 16 64 686 560 0 254 12000 0
malloc-16 16 3 747 268 0 254 12000 0
malloc-16 16 28 722 27857 0 254 12000 0
malloc-16 16 16 734 17 0 254 12000 0
cryptop 280 0 42 1 0 30 11760 0
itimer 352 0 33 1 0 30 11616 0
Mountpoints 2816 2 2 2 0 4 11264 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 1 0 2 8192 0
vtnet_tx_hdr 24 0 334 10220 0 254 8016 0
pcpu-16 16 4 252 4 0 254 4096 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 360 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb ports 32 0 0 0 0 254 0 0
ripcb ports 32 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 232 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 144 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 104 0 0 0 0 126 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 8, 2024, 7:14:21 PMApr 8
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: d80a97def9a1 unix: new implementation of unix/stream & uni..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=1318df4b180000
dashboard link: https://syzkaller.appspot.com/bug?extid=4adf0b37849ea7723586
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=132693e3180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15aaa323180000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4adf0b...@syzkaller.appspotmail.com
panic: Unaligned free of 0xfffffe006d60d9d0 from zone 0xfffffe00541b9600(mbuf) slab 0xfffffe006d60dfd8(9)
cpuid = 1
time = 1712617917
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe006d60d1b0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe006d60d310
vpanic() at vpanic+0x26a/frame 0xfffffe006d60d4d0
panic() at panic+0xb5/frame 0xfffffe006d60d5a0
uma_dbg_free() at uma_dbg_free+0x289/frame 0xfffffe006d60d5f0
item_dtor() at item_dtor+0x7a/frame 0xfffffe006d60d630
uma_zfree_arg() at uma_zfree_arg+0x103/frame 0xfffffe006d60d6d0
m_free() at m_free+0x20a/frame 0xfffffe006d60d710
m_freem() at m_freem+0x48/frame 0xfffffe006d60d730
uipc_sosend_stream_or_seqpacket() at uipc_sosend_stream_or_seqpacket+0x1237/frame 0xfffffe006d60d9a0
sousrsend() at sousrsend+0x117/frame 0xfffffe006d60da30
kern_sendit() at kern_sendit+0x4fc/frame 0xfffffe006d60db90
sendit() at sendit+0x15f/frame 0xfffffe006d60dbf0
sys_sendmsg() at sys_sendmsg+0x181/frame 0xfffffe006d60dd10
amd64_syscall() at amd64_syscall+0x4cb/frame 0xfffffe006d60df30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe006d60df30
--- syscall (0, FreeBSD ELF64, syscall), rip = 0x233d9a, rsp = 0x82099e118, rbp = 0x82099e130 ---
KDB: enter: panic
[ thread pid 773 tid 100113 ]
rdx 0xdffff7c000000000
rbx 0xffffffff826ed680 .str.27
rsp 0xfffffe006d60d2f0
rbp 0xfffffe006d60d310
rsi 0
rdi 0xffffffff82e004b0 panicstr
r8 0
r9 0xffffffff
r10 0x2
r11 0xfffffe006cfe3520
r12 0xfffffe006cfe3000
ABI: FreeBSD ELF64
flag: 0x10004000 flag2: 0
arguments: ./syz-executor1867440497
(map 0xfffffe0058f4e738)
(map.pmap 0xfffffe0058f4e7f8)
(pmap 0xfffffe0058f4e868)
threads: 1
100113 Run CPU 1 syz-executor1867440
771 769 771 0 Ss pause 0xfffffe006d044110 csh
769 682 769 0 Rs sshd
748 1 748 0 Ss+ ttyin 0xfffffe0007d1e4b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe005874a8b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe005874b0b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe005874b8b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0056ec00b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0056ec08b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0056ec10b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0056ec18b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0056ec20b0 getty
738 1 18 0 S+ piperd 0xfffffe0058f4cc70 logger
737 736 18 0 S+ nanslp 0xffffffff83956480 sleep
736 1 18 0 S+ wait 0xfffffe006a8aa060 sh
495 1 495 0 Ss select 0xfffffe0007877940 syslogd
424 1 424 0 Ss select 0xfffffe006ce2ef40 devd
423 1 423 65 Ss select 0xfffffe0007877dc0 dhclient
338 1 338 0 Ss select 0xfffffe006ce2f1c0 dhclient
335 1 335 0 Ss select 0xfffffe006ce2f140 dhclient
5 0 0 0 DL waiting 0xffffffff8464d760 [sctp_iterator]
100029 Run CPU 0 [clock (0)]
100066 D - 0xffffffff826f28c0 [deadlkres]
shared rm hhook_head rm lock (hhook_head rm lock) r = 0 (0xfffffe0057964d90) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_hhook.c:101
exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe006d093aa0) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_rwlock.c:176
vfscache 3 1025K 3
pcb 23 669K 42
inodedep 50 531K 71
pagedep 14 132K 18
DEVFS1 105 105K 114
DEVFS3 124 31K 134
msg 4 30K 4
umtx 240 30K 240
ufs_mount 4 17K 5
proc 3 17K 3
ifaddr 30 12K 32
GEOM 61 11K 481
routetbl 50 11K 176
pfs_nodes 22 6K 22
hhook 15 5K 17
plimit 17 5K 322
ifnet 3 5K 3
vt 11 5K 11
diradd 25 4K 36
lltable 11 4K 11
pf_ifnet 5 3K 6
in6_multi 25 3K 25
terminal 11 3K 11
session 20 3K 31
kqueue 40 3K 776
pwddesc 40 3K 774
clone 9 3K 9
uidinfo 3 3K 8
proc-args 62 3K 1696
Unitno 27 2K 41
msi 12 2K 12
indirdep 3 1K 3
CC Mem 3 1K 7
nhops 6 1K 6
crypto 4 1K 4
ip6ndp 4 1K 5
encap_export_host 12 1K 12
newdirblk 4 1K 8
mkdir 4 1K 16
netlink 2 1K 12
in_multi 2 1K 4
sctp_ifn 2 1K 6
mld 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
tcpfunc 3 1K 3
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
filecaps 4 1K 66
iov 1 1K 13574
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 4
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 4
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
filemon 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
savedino 0 0K 16
freeblks 0 0K 25
freefrag 0 0K 6
ip6opt 0 0K 3
statfs 0 0K 195
aio 0 0K 0
lio 0 0K 0
eventfd 0 0K 0
mbuf_jumbo_page 4096 8320 1078 16104 0 254 38494208 0
mbuf 256 8578 1084 19221 0 254 2473472 0
BUF TRIE 144 227 11561 581 0 62 1697472 0
malloc-384 384 4200 30 4213 0 30 1624320 0
malloc-4096 4096 372 4 1822 0 2 1540096 0
malloc-128 128 11444 150 11505 0 126 1484032 0
UMA Slabs 0 112 10693 29 10693 0 126 1200864 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
FFS inode 1168 515 17 524 0 8 621376 0
socket 960 19 489 1313 0 254 487680 0
256 Bucket 2048 116 20 975 0 8 278528 0
VNODE 448 545 58 556 0 30 270144 0
malloc-64 64 3803 292 3815 0 254 262080 0
VM OBJECT 264 940 50 14133 0 30 261360 0
malloc-2048 2048 105 15 106 0 8 245760 0
malloc-256 256 865 65 903 0 62 238080 0
malloc-16 16 14403 347 14500 0 254 236000 0
DEVCTL 1024 0 220 123 0 0 225280 0
THREAD 1824 114 6 114 0 8 218880 0
malloc-2048 2048 9 87 1074 0 8 196608 0
malloc-128 128 1285 234 28869 0 126 194432 0
FFS2 dinode 256 515 55 524 0 62 145920 0
malloc-65536 65536 0 2 52 0 1 131072 0
mbuf_packet 256 0 508 117 0 254 130048 0
S VFS Cache 104 982 188 1021 0 126 121680 0
MAP ENTRY 96 893 367 40275 0 126 120960 0
ksiginfo 112 37 1007 52 0 126 116928 0
FPU_save_area 832 116 19 128 0 16 112320 0
malloc-128 128 600 175 1561 0 126 99200 0
malloc-32768 32768 3 0 3 0 1 98304 0
malloc-256 256 325 50 984 0 62 96000 0
PROC 1376 39 27 773 0 8 90816 0
malloc-4096 4096 16 2 30 0 2 73728 0
g_bio 408 0 180 4740 0 30 73440 0
128 Bucket 1024 44 23 233 0 16 68608 0
malloc-64 64 631 440 15008 0 254 68544 0
malloc-128 128 293 234 430 0 126 67456 0
malloc-16384 16384 4 0 5 0 1 65536 0
filedesc0 1072 40 16 774 0 8 60032 0
64 Bucket 512 63 41 1031 0 30 53248 0
malloc-64 64 467 352 895 0 254 52416 0
malloc-128 128 298 105 320 0 126 51584 0
malloc-256 256 65 130 730 0 62 49920 0
malloc-256 256 74 121 197 0 62 49920 0
32 Bucket 256 54 141 1037 0 62 49920 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-1024 1024 10 38 1375 0 16 49152 0
syncache 168 0 264 5 0 254 44352 0
malloc-4096 4096 9 1 18 0 2 40960 0
udp_inpcb 416 6 84 126 0 30 37440 0
pcpu-8 8 4278 330 4306 0 254 36864 0
malloc-64 64 39 528 13656 0 254 36288 0
malloc-64 64 53 514 629 0 254 36288 0
malloc-64 64 308 259 1854 0 254 36288 0
malloc-64 64 54 513 799 0 254 36288 0
malloc-128 128 67 212 72 0 126 35712 0
routing nhops 256 10 125 17 0 62 34560 0
malloc-384 384 68 22 411 0 30 34560 0
malloc-256 256 42 93 166 0 62 34560 0
malloc-256 256 7 128 108 0 62 34560 0
malloc-256 256 8 127 340 0 62 34560 0
malloc-256 256 66 69 626 0 62 34560 0
malloc-32768 32768 1 0 12 0 1 32768 0
malloc-2048 2048 7 9 23 0 8 32768 0
malloc-2048 2048 0 16 40 0 8 32768 0
malloc-1024 1024 5 27 9 0 16 32768 0
malloc-1024 1024 10 22 175 0 16 32768 0
malloc-512 512 4 60 14 0 30 32768 0
clpbuf 2624 0 12 28 0 4 31488 0
VMSPACE 616 23 25 758 0 16 29568 0
sctp_laddr 48 0 588 4 0 254 28224 0
malloc-32 32 269 613 3280 0 254 28224 0
16 Bucket 144 42 154 246 0 62 28224 0
4 Bucket 48 7 581 10 0 254 28224 0
da_ccb 544 0 49 1323 0 16 26656 0
TURNSTILE 136 121 68 121 0 62 25704 0
ertt_txseginfo 40 0 606 321 0 254 24240 0
rl_entry 40 29 577 29 0 254 24240 0
PWD 40 10 596 99 0 254 24240 0
rtentry 168 13 131 17 0 62 24192 0
pipe 728 7 26 282 0 16 24024 0
Files 80 72 228 6512 0 126 24000 0
8 Bucket 80 46 254 257 0 126 24000 0
tcp_inpcb 1304 3 15 7 0 8 23472 0
malloc-384 384 1 59 19 0 30 23040 0
malloc-384 384 9 51 12 0 30 23040 0
Mountpoints 2816 2 6 2 0 4 22528 0
SLEEPQUEUE 88 121 135 121 0 126 22528 0
ertt 72 3 277 7 0 126 20160 0
malloc-32 32 82 548 84 0 254 20160 0
malloc-32 32 102 528 1674 0 254 20160 0
malloc-32 32 69 561 179 0 254 20160 0
malloc-32 32 16 614 184 0 254 20160 0
malloc-32 32 59 571 951 0 254 20160 0
malloc-32 32 29 601 50 0 254 20160 0
2 Bucket 32 43 587 299 0 254 20160 0
KNOTE 160 0 75 7 0 62 12000 0
malloc-16 16 34 716 76 0 254 12000 0
malloc-16 16 2 748 91 0 254 12000 0
malloc-16 16 209 541 4340 0 254 12000 0
malloc-16 16 25 725 27775 0 254 12000 0
vtnet_tx_hdr 24 0 334 2132 0 254 8016 0
UMA Slabs 1 176 8 14 8 0 62 3872 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tcp_rack_pcb 1216 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_raddr 736 0 0 0 0 254 0 0
sctp_asoc 2256 0 0 0 0 254 0 0
sctp_ep 1144 0 0 0 0 254 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIO 208 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-2048 2048 0 0 0 0 8 0 0
malloc-1024 1024 0 0 0 0 16 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-384 384 0 0 0 0 30 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: d80a97def9a1 unix: new implementation of unix/stream & uni..
git tree: freebsd-src
dashboard link: https://syzkaller.appspot.com/bug?extid=4adf0b37849ea7723586
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=132693e3180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15aaa323180000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4adf0b...@syzkaller.appspotmail.com
cpuid = 1
time = 1712617917
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe006d60d1b0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe006d60d310
vpanic() at vpanic+0x26a/frame 0xfffffe006d60d4d0
panic() at panic+0xb5/frame 0xfffffe006d60d5a0
uma_dbg_free() at uma_dbg_free+0x289/frame 0xfffffe006d60d5f0
item_dtor() at item_dtor+0x7a/frame 0xfffffe006d60d630
uma_zfree_arg() at uma_zfree_arg+0x103/frame 0xfffffe006d60d6d0
m_free() at m_free+0x20a/frame 0xfffffe006d60d710
m_freem() at m_freem+0x48/frame 0xfffffe006d60d730
uipc_sosend_stream_or_seqpacket() at uipc_sosend_stream_or_seqpacket+0x1237/frame 0xfffffe006d60d9a0
sousrsend() at sousrsend+0x117/frame 0xfffffe006d60da30
kern_sendit() at kern_sendit+0x4fc/frame 0xfffffe006d60db90
sendit() at sendit+0x15f/frame 0xfffffe006d60dbf0
sys_sendmsg() at sys_sendmsg+0x181/frame 0xfffffe006d60dd10
amd64_syscall() at amd64_syscall+0x4cb/frame 0xfffffe006d60df30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe006d60df30
--- syscall (0, FreeBSD ELF64, syscall), rip = 0x233d9a, rsp = 0x82099e118, rbp = 0x82099e130 ---
KDB: enter: panic
[ thread pid 773 tid 100113 ]
Stopped at kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rdx 0xdffff7c000000000
rbx 0xffffffff826ed680 .str.27
rsp 0xfffffe006d60d2f0
rbp 0xfffffe006d60d310
rsi 0
rdi 0xffffffff82e004b0 panicstr
r8 0
r9 0xffffffff
r10 0x2
r11 0xfffffe006cfe3520
r12 0xfffffe006cfe3000
r13 0xfffffffffffffffd
r14 0xffffffff826ed680 .str.27
r15 0
rip 0xffffffff815acc1e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> show proc
Process 773 (syz-executor1867440) at 0xfffffe006d0445c0:
r14 0xffffffff826ed680 .str.27
r15 0
rip 0xffffffff815acc1e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> show proc
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 771 at 0xfffffe006d044060
uid: 0 gids: 0, 0, 5
ABI: FreeBSD ELF64
flag: 0x10004000 flag2: 0
arguments: ./syz-executor1867440497
reaper: 0xfffffe005420b040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0058f4e738
sigparent: 20
(map 0xfffffe0058f4e738)
(map.pmap 0xfffffe0058f4e7f8)
(pmap 0xfffffe0058f4e868)
threads: 1
100113 Run CPU 1 syz-executor1867440
db> ps
pid ppid pgrp uid state wmesg wchan cmd
773 771 771 0 R CPU 1 syz-executor1867440
pid ppid pgrp uid state wmesg wchan cmd
771 769 771 0 Ss pause 0xfffffe006d044110 csh
769 682 769 0 Rs sshd
748 1 748 0 Ss+ ttyin 0xfffffe0007d1e4b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe005874a8b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe005874b0b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe005874b8b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0056ec00b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0056ec08b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0056ec10b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0056ec18b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0056ec20b0 getty
738 1 18 0 S+ piperd 0xfffffe0058f4cc70 logger
737 736 18 0 S+ nanslp 0xffffffff83956480 sleep
736 1 18 0 S+ wait 0xfffffe006a8aa060 sh
686 1 686 0 Ss nanslp 0xffffffff83956481 cron
682 1 682 0 Ss select 0xfffffe006ce2edc0 sshd
495 1 495 0 Ss select 0xfffffe0007877940 syslogd
424 1 424 0 Ss select 0xfffffe006ce2ef40 devd
423 1 423 65 Ss select 0xfffffe0007877dc0 dhclient
338 1 338 0 Ss select 0xfffffe006ce2f1c0 dhclient
335 1 335 0 Ss select 0xfffffe006ce2f140 dhclient
17 0 0 0 DL syncer 0xffffffff83a73ba0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007ce9040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83a72180 [bufdaemon]
100082 D - 0xffffffff82e02140 [bufspacedaemon-0]
100095 D sdflush 0xfffffe0058a41ce8 [/ worker]
100079 D psleep 0xffffffff83a72180 [bufdaemon]
100082 D - 0xffffffff82e02140 [bufspacedaemon-0]
9 0 0 0 DL psleep 0xffffffff83abb680 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83aa34f8 [dom0]
100080 D launds 0xffffffff83aa3504 [laundry: dom0]
100081 D umarcl 0xffffffff81d508d0 [uma]
7 0 0 0 DL - 0xffffffff836d3cb0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff842eebb0 [pf purge]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83aa34f8 [dom0]
100080 D launds 0xffffffff83aa3504 [laundry: dom0]
100081 D umarcl 0xffffffff81d508d0 [uma]
7 0 0 0 DL - 0xffffffff836d3cb0 [rand_harvestq]
5 0 0 0 DL waiting 0xffffffff8464d760 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100044 D - 0xffffffff8369e340 [doneq0]
100045 D - 0xffffffff8369e2c0 [async]
100076 D - 0xffffffff8369e140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff83a9ed20 [crypto]
100042 D crypto_ 0xfffffe0007c85030 [crypto returns 0]
100043 D crypto_ 0xfffffe0007c85080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0056f60c88 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff838fee00 [g_event]
100036 D - 0xffffffff838fee20 [g_up]
100037 D - 0xffffffff838fee40 [g_down]
2 0 0 0 RL (threaded) [clock]
100044 D - 0xffffffff8369e340 [doneq0]
100045 D - 0xffffffff8369e2c0 [async]
100076 D - 0xffffffff8369e140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff83a9ed20 [crypto]
100042 D crypto_ 0xfffffe0007c85030 [crypto returns 0]
100043 D crypto_ 0xfffffe0007c85080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0056f60c88 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff838fee00 [g_event]
100036 D - 0xffffffff838fee20 [g_up]
100037 D - 0xffffffff838fee40 [g_down]
100029 Run CPU 0 [clock (0)]
100070 D - 0xfffffe005797ab00 [acpi_task_0]
100071 D - 0xfffffe005797ab00 [acpi_task_1]
100072 D - 0xfffffe005797ab00 [acpi_task_2]
100074 D - 0xfffffe00085f8100 [mca taskq]
100075 D - 0xfffffe00085f6600 [CAM taskq]
db> show all locks
Process 2 (clock) thread 0xfffffe00542d9740 (100029)
100071 D - 0xfffffe005797ab00 [acpi_task_1]
100072 D - 0xfffffe005797ab00 [acpi_task_2]
100074 D - 0xfffffe00085f8100 [mca taskq]
100075 D - 0xfffffe00085f6600 [CAM taskq]
db> show all locks
shared rm hhook_head rm lock (hhook_head rm lock) r = 0 (0xfffffe0057964d90) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_hhook.c:101
exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe006d093aa0) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_rwlock.c:176
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
linker 371 4934K 481
Type InUse MemUse Requests
pf_hash 5 11524K 5
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4217
sysctloid 34865 2055K 34936
vtbuf 24 1968K 46
kobj 326 1304K 488
newblk 854 1238K 871
devbuf 4192 4324K 4217
sysctloid 34865 2055K 34936
vtbuf 24 1968K 46
kobj 326 1304K 488
vfscache 3 1025K 3
pcb 23 669K 42
inodedep 50 531K 71
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 100 200K 100
subproc 107 186K 841
acpitask 1 224K 1
KTRACE 100 200K 100
acpica 1674 184K 60830
tidhash 3 141K 3
vmem 3 134K 4
tidhash 3 141K 3
pagedep 14 132K 18
tfo_ccache 1 128K 1
IP reass 1 128K 1
sem 4 106K 4
IP reass 1 128K 1
DEVFS1 105 105K 114
gtaskqueue 18 98K 18
bus 985 81K 5155
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
temp 18 37K 1564
bus 985 81K 5155
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
hostcache 1 32K 1
shm 1 32K 1
kdtrace 155 32K 889
shm 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
umtx 240 30K 240
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
BPF 10 18K 10
DEVFS_RULE 56 20K 56
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
ithread 97 16K 97
bus-sc 34 15K 1687
eventhandler 162 14K 162
kenv 95 12K 95
ithread 97 16K 97
bus-sc 34 15K 1687
eventhandler 162 14K 162
ifaddr 30 12K 32
GEOM 61 11K 481
routetbl 50 11K 176
rman 86 11K 451
CAM queue 5 11K 1528
bmsafemap 4 9K 39
CAM queue 5 11K 1528
rpc 4 9K 4
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 1
devstat 4 9K 4
UART 12 9K 12
shmfd 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 238 8K 300
pfs_vncache 1 8K 1
audit_evclass 238 8K 300
taskqueue 63 7K 63
sglist 6 7K 6
sglist 6 7K 6
CAM DEV 3 6K 510
cred 23 6K 274
pfs_nodes 22 6K 22
hhook 15 5K 17
ufs_dirhash 24 5K 24
UMA 267 5K 267
dirrem 17 5K 28
UMA 267 5K 267
plimit 17 5K 322
ifnet 3 5K 3
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
filedesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
acpisem 28 4K 28
ether_multi 40 4K 50
acpisem 28 4K 28
diradd 25 4K 36
lltable 11 4K 11
pf_ifnet 5 3K 6
in6_multi 25 3K 25
terminal 11 3K 11
session 20 3K 31
kqueue 40 3K 776
pwddesc 40 3K 774
clone 9 3K 9
uidinfo 3 3K 8
proc-args 62 3K 1696
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
selfd 27 2K 13620
io_apic 1 2K 1
ipsec-saq 2 2K 2
Unitno 27 2K 41
CAM XPT 22 2K 543
lockf 15 2K 22
msi 12 2K 12
toponodes 6 2K 6
ipsecpolicy 2 2K 2
acpidev 20 2K 20
ipsecpolicy 2 2K 2
acpidev 20 2K 20
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
vnodemarker 2 1K 8
NFSD session 1 1K 1
select 7 1K 29
NFSD session 1 1K 1
CAM periph 4 1K 271
ipsec 3 1K 3
indirdep 3 1K 3
CC Mem 3 1K 7
nhops 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
sctp_ifa 5 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
crypto 4 1K 4
ip6ndp 4 1K 5
encap_export_host 12 1K 12
newdirblk 4 1K 8
mkdir 4 1K 16
netlink 2 1K 12
in_multi 2 1K 4
cdev 2 1K 2
lkpikmalloc 8 1K 9
osd 8 1K 20
lkpikmalloc 8 1K 9
chacha20random 1 1K 1
biobuf 1 1K 1
inpcbpolicy 10 1K 137
biobuf 1 1K 1
sctp_ifn 2 1K 6
mld 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFSP 4 1K 9
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
CAM SIM 2 1K 2
tcpfunc 3 1K 3
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
procdesc 1 1K 6
apmdev 1 1K 1
atkbddev 2 1K 2
pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
soname 4 1K 3328
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
filecaps 4 1K 66
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 35
vnet 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
freework 1 1K 26
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
iov 1 1K 13574
p1003.1b 1 1K 1
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
mqdata 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 4
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 4
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
filemon 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
tcp_pcm_rack 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefile 0 0K 9
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 25
freefrag 0 0K 6
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
LRO 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
tun 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
statfs 0 0K 195
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 6
export_host 0 0K 0
aio 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 85
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 649
stack 0 0K 0
sbuf 0 0K 288
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
kcovinfo 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
mbuf 256 8578 1084 19221 0 254 2473472 0
BUF TRIE 144 227 11561 581 0 62 1697472 0
malloc-384 384 4200 30 4213 0 30 1624320 0
malloc-4096 4096 372 4 1822 0 2 1540096 0
malloc-128 128 11444 150 11505 0 126 1484032 0
UMA Slabs 0 112 10693 29 10693 0 126 1200864 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
malloc-65536 65536 15 0 18 0 1 983040 0
vmem btag 56 15401 118 15401 0 254 869064 0
FFS inode 1168 515 17 524 0 8 621376 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0
RADIX NODE 144 3427 180 24348 0 62 519408 0
pbuf 2624 0 198 0 0 2 519552 0
socket 960 19 489 1313 0 254 487680 0
256 Bucket 2048 116 20 975 0 8 278528 0
VNODE 448 545 58 556 0 30 270144 0
malloc-64 64 3803 292 3815 0 254 262080 0
VM OBJECT 264 940 50 14133 0 30 261360 0
malloc-2048 2048 105 15 106 0 8 245760 0
malloc-256 256 865 65 903 0 62 238080 0
malloc-16 16 14403 347 14500 0 254 236000 0
DEVCTL 1024 0 220 123 0 0 225280 0
THREAD 1824 114 6 114 0 8 218880 0
malloc-2048 2048 9 87 1074 0 8 196608 0
malloc-128 128 1285 234 28869 0 126 194432 0
UMA Zones 768 239 0 239 0 16 183552 0
malloc-32 32 5279 391 5310 0 254 181440 0
lkpimm 56 1 3095 1 0 254 173376 0
malloc-1024 1024 133 11 161 0 16 147456 0
malloc-32 32 5279 391 5310 0 254 181440 0
lkpimm 56 1 3095 1 0 254 173376 0
FFS2 dinode 256 515 55 524 0 62 145920 0
malloc-65536 65536 0 2 52 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
unpcb 256 8 502 1159 0 254 130560 0
mbuf_packet 256 0 508 117 0 254 130048 0
S VFS Cache 104 982 188 1021 0 126 121680 0
MAP ENTRY 96 893 367 40275 0 126 120960 0
ksiginfo 112 37 1007 52 0 126 116928 0
FPU_save_area 832 116 19 128 0 16 112320 0
malloc-128 128 600 175 1561 0 126 99200 0
malloc-32768 32768 3 0 3 0 1 98304 0
malloc-256 256 325 50 984 0 62 96000 0
PROC 1376 39 27 773 0 8 90816 0
UMA Kegs 384 226 7 226 0 30 89472 0
malloc-8192 8192 8 1 10 0 1 73728 0
malloc-4096 4096 16 2 30 0 2 73728 0
g_bio 408 0 180 4740 0 30 73440 0
128 Bucket 1024 44 23 233 0 16 68608 0
malloc-64 64 631 440 15008 0 254 68544 0
malloc-128 128 293 234 430 0 126 67456 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 0 2 120 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-16384 16384 4 0 5 0 1 65536 0
filedesc0 1072 40 16 774 0 8 60032 0
64 Bucket 512 63 41 1031 0 30 53248 0
malloc-64 64 467 352 895 0 254 52416 0
malloc-128 128 298 105 320 0 126 51584 0
malloc-256 256 65 130 730 0 62 49920 0
malloc-256 256 74 121 197 0 62 49920 0
32 Bucket 256 54 141 1037 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
NAMEI 1024 0 48 12092 0 16 49152 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-1024 1024 10 38 1375 0 16 49152 0
syncache 168 0 264 5 0 254 44352 0
malloc-4096 4096 9 1 18 0 2 40960 0
udp_inpcb 416 6 84 126 0 30 37440 0
pcpu-8 8 4278 330 4306 0 254 36864 0
malloc-64 64 39 528 13656 0 254 36288 0
malloc-64 64 53 514 629 0 254 36288 0
malloc-64 64 308 259 1854 0 254 36288 0
malloc-64 64 54 513 799 0 254 36288 0
malloc-64 64 25 542 29 0 254 36288 0
malloc-128 128 5 274 6 0 126 35712 0
malloc-128 128 38 241 3304 0 126 35712 0
malloc-128 128 67 212 72 0 126 35712 0
routing nhops 256 10 125 17 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 62 28 83 0 30 34560 0
malloc-384 384 68 22 411 0 30 34560 0
malloc-256 256 42 93 166 0 62 34560 0
malloc-256 256 7 128 108 0 62 34560 0
malloc-256 256 8 127 340 0 62 34560 0
malloc-256 256 66 69 626 0 62 34560 0
malloc-32768 32768 1 0 12 0 1 32768 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-16384 16384 0 2 160 0 1 32768 0
malloc-8192 8192 3 1 29 0 1 32768 0
malloc-2048 2048 4 12 16 0 8 32768 0
malloc-2048 2048 7 9 23 0 8 32768 0
malloc-2048 2048 0 16 40 0 8 32768 0
malloc-2048 2048 3 13 194 0 8 32768 0
malloc-1024 1024 2 30 42 0 16 32768 0
malloc-1024 1024 5 27 9 0 16 32768 0
malloc-1024 1024 10 22 175 0 16 32768 0
malloc-512 512 9 55 127 0 30 32768 0
malloc-512 512 2 62 22 0 30 32768 0
malloc-512 512 4 60 14 0 30 32768 0
malloc-512 512 4 60 55 0 30 32768 0
pcpu-64 64 488 24 488 0 254 32768 0
pcpu-64 64 488 24 488 0 254 32768 0
ttyinq 160 135 65 300 0 62 32000 0
PGRP 120 20 244 31 0 126 31680 0
clpbuf 2624 0 12 28 0 4 31488 0
VMSPACE 616 23 25 758 0 16 29568 0
sctp_laddr 48 0 588 4 0 254 28224 0
malloc-32 32 269 613 3280 0 254 28224 0
16 Bucket 144 42 154 246 0 62 28224 0
4 Bucket 48 7 581 10 0 254 28224 0
da_ccb 544 0 49 1323 0 16 26656 0
TURNSTILE 136 121 68 121 0 62 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 1 2 102 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-4096 4096 2 4 197 0 2 24576 0
ertt_txseginfo 40 0 606 321 0 254 24240 0
rl_entry 40 29 577 29 0 254 24240 0
PWD 40 10 596 99 0 254 24240 0
rtentry 168 13 131 17 0 62 24192 0
pipe 728 7 26 282 0 16 24024 0
Files 80 72 228 6512 0 126 24000 0
8 Bucket 80 46 254 257 0 126 24000 0
tcp_inpcb 1304 3 15 7 0 8 23472 0
malloc-384 384 11 49 11 0 30 23040 0
malloc-384 384 1 59 4 0 30 23040 0
malloc-384 384 1 59 19 0 30 23040 0
malloc-384 384 9 51 12 0 30 23040 0
Mountpoints 2816 2 6 2 0 4 22528 0
SLEEPQUEUE 88 121 135 121 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
udp_inpcb ports 32 3 627 40 0 254 20160 0
ertt 72 3 277 7 0 126 20160 0
malloc-32 32 82 548 84 0 254 20160 0
malloc-32 32 102 528 1674 0 254 20160 0
malloc-32 32 69 561 179 0 254 20160 0
malloc-32 32 16 614 184 0 254 20160 0
malloc-32 32 59 571 951 0 254 20160 0
malloc-32 32 29 601 50 0 254 20160 0
2 Bucket 32 43 587 299 0 254 20160 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 1 1 20 0 1 16384 0
malloc-4096 4096 3 1 3 0 2 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-1024 1024 1 15 4 0 16 16384 0
malloc-1024 1024 8 8 8 0 16 16384 0
malloc-512 512 1 31 1 0 30 16384 0
SMR CPU 32 7 504 7 0 254 16352 0
kenv 258 17 43 1069 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
vmem 1856 1 7 1 0 8 14848 0
SMR SHARED 24 7 504 7 0 254 12264 0
tcp_inpcb ports 32 1 377 1 0 254 12096 0
vmem 1856 1 7 1 0 8 14848 0
SMR SHARED 24 7 504 7 0 254 12264 0
KNOTE 160 0 75 7 0 62 12000 0
malloc-16 16 28 722 67 0 254 12000 0
malloc-16 16 292 458 456 0 254 12000 0
malloc-16 16 34 716 76 0 254 12000 0
malloc-16 16 2 748 91 0 254 12000 0
malloc-16 16 209 541 4340 0 254 12000 0
malloc-16 16 25 725 27775 0 254 12000 0
malloc-16 16 16 734 17 0 254 12000 0
ripcb 384 1 29 4 0 30 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 1 0 2 8192 0
pcpu-16 16 8 504 8 0 254 8192 0
malloc-4096 4096 1 1 1 0 2 8192 0
vtnet_tx_hdr 24 0 334 2132 0 254 8016 0
UMA Slabs 1 176 8 14 8 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 360 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 360 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tcp_rack_pcb 1216 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_raddr 736 0 0 0 0 254 0 0
sctp_asoc 2256 0 0 0 0 254 0 0
sctp_ep 1144 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb ports 32 0 0 0 0 254 0 0
udplite_inpcb 416 0 0 0 0 30 0 0
udplite_inpcb ports 32 0 0 0 0 254 0 0
ripcb ports 32 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 232 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
cryptop 280 0 0 0 0 30 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 232 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 144 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 104 0 0 0 0 126 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
linux_dma_pctrie 144 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 104 0 0 0 0 126 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-2048 2048 0 0 0 0 8 0 0
malloc-1024 1024 0 0 0 0 16 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-384 384 0 0 0 0 30 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages