panic: tp:ADDR rc_sacked:LINE > out:LINE
3 views
Skip to first unread message
syzbot
May 5, 2020, 4:38:18 AM5/5/20
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: e4af2e7c Revert r360514, to avoid unnecessary churn of the..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1116cc88100000
dashboard link: https://syzkaller.appspot.com/bug?extid=b7d4a55089e63816d120
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b7d4a5...@syzkaller.appspotmail.com
panic: tp:0xfffffe002581c020 rc_sacked:2 > out:1
cpuid = 1
time = 1588667868
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00237445f0
vpanic() at vpanic+0x1c7/frame 0xfffffe0023744650
panic() at panic+0x43/frame 0xfffffe00237446b0
ctf_flight_size() at ctf_flight_size+0x5d/frame 0xfffffe00237446e0
bbr_output_wtime() at bbr_output_wtime+0x7677/frame 0xfffffe0023744990
bbr_output() at bbr_output+0x67/frame 0xfffffe00237449c0
tcp_hpts_thread() at tcp_hpts_thread+0xdf7/frame 0xfffffe0023744b10
ithread_loop() at ithread_loop+0x328/frame 0xfffffe0023744bb0
fork_exit() at fork_exit+0xb3/frame 0xfffffe0023744bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0023744bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100073 ]
Stopped at kdb_enter+0x67: movq $0,0x14a8fb6(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0xffffffff810b9600 vprintf+0x140
rdx 0x1
rbx 0
rsp 0xfffffe00237445d0
rbp 0xfffffe00237445f0
rsi 0
rdi 0xffffffff810b9636 vprintf+0x176
r8 0
r9 0xffffffff
r10 0x1
r11 0
r12 0xffffffff82068ec0 ddb_dbbe
r13 0
r14 0xffffffff81942eb6
r15 0xffffffff81942eb6
rip 0xffffffff810ae8b7 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x14a8fb6(%rip)
db> show proc
Process 12 (intr) at 0xfffff80003301520:
state: NORMAL
uid: 0 gids: 0
parent: pid 0 at 0xffffffff8250b710
ABI: null
reaper: 0xffffffff8250b710 reapsubtree: 12
sigparent: 20
vmspace: 0xffffffff8250c350
(map 0xffffffff8250c350)
(map.pmap 0xffffffff8250c410)
(pmap 0xffffffff8250c470)
threads: 23
100010 I [swi6: Giant taskq]
100013 I [swi5: fast taskq]
100016 I [swi6: task queue]
100019 I [swi3: vm]
100020 I [swi4: clock (0)]
100021 I [swi4: clock (1)]
100022 I [swi1: netisr 0]
100034 I [irq24: virtio_pci0]
100035 I [irq25: virtio_pci0]
100036 I [irq26: virtio_pci0]
100037 I [irq27: virtio_pci0]
100038 I [irq28: virtio_pci1]
100039 I [irq29: virtio_pci1]
100040 I [irq30: virtio_pci1]
100041 I [irq31: virtio_pci1]
100042 I [irq32: virtio_pci1]
100047 I [irq10: virtio_pci2]
100049 I [irq1: atkbd0]
100050 I [irq12: psm0]
100051 I [swi0: uart uart++]
100060 I [swi1: pf send]
100072 I [swi1: hpts]
100073 Run CPU 1 [swi1: hpts]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
2016 1441 1441 0 R (threaded) syz-executor.3
100314 Run CPU 0 syz-executor.3
100659 S lockf 0xfffff80003a4c100 syz-executor.3
100665 S sbwait 0xfffffe001cfbda8c syz-executor.3
100666 S uwait 0xfffff8001690b900 syz-executor.3
2015 1433 1433 0 R (threaded) syz-executor.2
100487 RunQ syz-executor.2
100658 S uwait 0xfffff80016909400 syz-executor.2
100661 S sbwait 0xfffffe00239f2ff4 syz-executor.2
100663 S sbwait 0xfffffe00239f7e14 syz-executor.2
100672 RunQ syz-executor.2
2014 1415 1415 0 R (threaded) syz-executor.1
100278 RunQ syz-executor.1
100647 S lockf 0xfffff80003a49d80 syz-executor.1
100653 S lockf 0xfffff80003a49e00 syz-executor.1
100656 S uwait 0xfffff8001690a900 syz-executor.1
100657 S uwait 0xfffff8001690a300 syz-executor.1
2013 1461 1461 0 R (threaded) syz-executor.0
100138 RunQ syz-executor.0
100646 S accept 0xfffffe00239f2878 syz-executor.0
100651 S uwait 0xfffff80016909900 syz-executor.0
100654 S uwait 0xfffff8001690ba00 syz-executor.0
100660 S uwait 0xfffff80016909700 syz-executor.0
1969 1963 1969 0 Ss select 0xfffff80003a37bc0 dhclient
1966 1 1966 0 Ss select 0xfffff8000380fac0 dhclient
1963 1956 424 65 S select 0xfffff8001690acc0 dhclient
1956 424 424 0 S wait 0xfffff80016a2aa40 sh
1947 1 1947 65 Ss select 0xfffff80016b9f940 dhclient
1461 768 1461 0 Ss nanslp 0xffffffff8252c1e1 syz-executor.0
1460 1 1460 0 Ss select 0xfffff8001690a1c0 dhclient
1441 768 1441 0 Ss nanslp 0xffffffff8252c1e1 syz-executor.3
1433 768 1433 0 Ss nanslp 0xffffffff8252c1e1 syz-executor.2
1415 768 1415 0 Rs syz-executor.1
1380 1 1380 0 Ss select 0xfffff800169104c0 dhclient
768 766 766 0 S (threaded) syz-fuzzer
100095 S uwait 0xfffff8000380d080 syz-fuzzer
100106 S uwait 0xfffff8000380eb00 syz-fuzzer
100107 S uwait 0xfffff8000380ec00 syz-fuzzer
100108 S uwait 0xfffff8000380ed00 syz-fuzzer
100109 S uwait 0xfffff80003522880 syz-fuzzer
100110 S kqread 0xfffff800164a6200 syz-fuzzer
100111 S uwait 0xfffff80003522a80 syz-fuzzer
100112 S uwait 0xfffff80003a38b00 syz-fuzzer
100113 S uwait 0xfffff80003a38c00 syz-fuzzer
100114 S uwait 0xfffff80003522c80 syz-fuzzer
766 764 766 0 Ss pause 0xfffff800164a20a8 csh
764 682 764 0 Ss select 0xfffff8000380d5c0 sshd
748 1 748 0 Ss+ ttyin 0xfffff80003807cb0 getty
747 1 747 0 Ss+ ttyin 0xfffff80003b068b0 getty
746 1 746 0 Ss+ ttyin 0xfffff80003b06cb0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b050b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b054b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b058b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003b05cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003b080b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003b084b0 getty
686 1 686 0 Ss nanslp 0xffffffff8252c1e1 cron
682 1 682 0 Ss select 0xfffff80003a35dc0 sshd
495 1 495 0 Ss select 0xfffff80003a35ec0 syslogd
424 1 424 0 Ss wait 0xfffff80003d3d000 devd
423 1 423 65 Ss select 0xfffff8000380e340 dhclient
338 1 338 0 Ss select 0xfffff8000380d640 dhclient
335 1 335 0 Ss select 0xfffff8000380e440 dhclient
23 0 0 0 DL vlruwt 0xfffff800033c6520 [vnlru]
22 0 0 0 DL syncer 0xffffffff82618118 [syncer]
21 0 0 0 DL (threaded) [bufdaemon]
100069 D qsleep 0xffffffff82617430 [bufdaemon]
100076 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100087 D sdflush 0xfffff80003808ce8 [/ worker]
20 0 0 0 DL psleep 0xffffffff8263e308 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100067 D psleep 0xffffffff826328d8 [dom0]
100074 D launds 0xffffffff826328e4 [laundry: dom0]
100075 D umarcl 0xffffffff81545120 [uma]
18 0 0 0 DL - 0xffffffff8235fe20 [rand_harvestq]
17 0 0 0 DL pftm 0xffffffff82b533a0 [pf purge]
16 0 0 0 DL waiting 0xffffffff8261a890 [sctp_iterator]
15 0 0 0 DL - 0xffffffff82616a2c [soaiod4]
9 0 0 0 DL - 0xffffffff82616a2c [soaiod3]
8 0 0 0 DL - 0xffffffff82616a2c [soaiod2]
7 0 0 0 DL - 0xffffffff82616a2c [soaiod1]
6 0 0 0 DL (threaded) [cam]
100033 D - 0xffffffff82237b40 [doneq0]
100066 D - 0xffffffff82237a10 [scanner]
5 0 0 0 DL crypto_ 0xfffff80003202d90 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff80003202d30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff826300c0 [crypto]
14 0 0 0 DL seqstat 0xfffff80003351488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100024 D - 0xffffffff8250b180 [g_event]
100025 D - 0xffffffff8250b188 [g_up]
100026 D - 0xffffffff8250b190 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100017 D - 0xfffff800032fac80 [thr_0]
100018 D - 0xfffff800032facc0 [thr_1]
12 0 0 0 RL (threaded) [intr]
100010 I [swi6: Giant taskq]
100013 I [swi5: fast taskq]
100016 I [swi6: task queue]
100019 I [swi3: vm]
100020 I [swi4: clock (0)]
100021 I [swi4: clock (1)]
100022 I [swi1: netisr 0]
100034 I [irq24: virtio_pci0]
100035 I [irq25: virtio_pci0]
100036 I [irq26: virtio_pci0]
100037 I [irq27: virtio_pci0]
100038 I [irq28: virtio_pci1]
100039 I [irq29: virtio_pci1]
100040 I [irq30: virtio_pci1]
100041 I [irq31: virtio_pci1]
100042 I [irq32: virtio_pci1]
100047 I [irq10: virtio_pci2]
100049 I [irq1: atkbd0]
100050 I [irq12: psm0]
100051 I [swi0: uart uart++]
100060 I [swi1: pf send]
100072 I [swi1: hpts]
100073 Run CPU 1 [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff80003304000 [init]
10 0 0 0 DL audit_w 0xffffffff82630598 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8250b710 [swapper]
100005 D - 0xfffff80003325000 [if_config_tqg_0]
100006 D - 0xfffff80003326e00 [softirq_0]
100007 D - 0xfffff80003326d00 [softirq_1]
100008 D - 0xfffff80003326c00 [if_io_tqg_0]
100009 D - 0xfffff80003326b00 [if_io_tqg_1]
100011 D - 0xfffff80003333600 [in6m_free taskq]
100012 D - 0xfffff80003333500 [thread taskq]
100014 D - 0xfffff80003333200 [kqueue_ctx taskq]
100015 D - 0xfffff80003333100 [aiod_kick taskq]
100023 D - 0xfffff80003334800 [firmware taskq]
100028 D - 0xfffff80003331c00 [crypto_0]
100029 D - 0xfffff80003331c00 [crypto_1]
100043 D - 0xfffff80003562c00 [vtnet0 rxq 0]
100044 D - 0xfffff80003562b00 [vtnet0 txq 0]
100045 D - 0xfffff80003562a00 [vtnet0 rxq 1]
100046 D - 0xfffff80003562900 [vtnet0 txq 1]
100048 D vtbslp 0xfffff80003522680 [virtio_balloon]
100052 D - 0xfffff80003335700 [mca taskq]
100057 D - 0xffffffff81ce6631 [deadlkres]
100061 D - 0xfffff80003331800 [acpi_task_0]
100062 D - 0xfffff80003331800 [acpi_task_1]
100063 D - 0xfffff80003331800 [acpi_task_2]
100065 D - 0xfffff80003331500 [CAM taskq]
db> show all locks
Process 2016 (syz-executor.3) thread 0xfffffe0025886500 (100314)
exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff825541b0) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:512
Process 2015 (syz-executor.2) thread 0xfffffe0025c20000 (100487)
exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff82550f10) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:512
Process 12 (intr) thread 0xfffffe0023b93100 (100073)
exclusive sleep mutex so_snd (so_snd) r = 0 (0xfffffe00239f2cf0) locked @ /syzkaller/managers/main/kernel/sys/modules/tcp/bbr/../../../netinet/tcp_stacks/bbr.c:12521
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff80003d53b90) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_hpts.c:1539
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
sctp_stro 5 10320K 188
devbuf 4213 4851K 4241
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 27747 1619K 27811
kobj 332 1328K 488
newblk 108 1051K 3603
vfscache 4 1025K 4
inodedep 136 580K 1323
pcb 43 551K 892
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 131 269K 2090
acpica 1674 185K 52709
vnet_data 1 168K 1
filedesc 22 153K 2142
pagedep 41 138K 1019
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 237 91K 310
bus 1008 80K 3420
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 496 62K 496
BPF 30 53K 46
umtx 342 43K 342
kdtrace 194 38K 6708
ifaddr 91 34K 109
temp 35 33K 3122
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
vmem 3 26K 5
gtaskqueue 18 26K 18
kbdmux 6 22K 6
dirrem 82 21K 1162
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
lltable 43 16K 105
ithread 98 16K 98
ether_multi 172 14K 465
bus-sc 30 14K 1431
KTRACE 100 13K 100
ifnet 7 13K 7
freework 47 12K 1770
kenv 95 12K 99
eventhandler 132 12K 132
freefile 83 11K 1158
in6_multi 89 11K 250
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 2 9K 1361
UART 12 9K 12
devstat 4 9K 4
pf_rule 8 8K 52
rpc 2 8K 2
sctp_timw 32 8K 32
shmfd 1 8K 1
pfs_vncache 1 8K 1
select 59 8K 59
audit_evclass 233 8K 291
routetbl 50 7K 275
CAM DEV 3 6K 510
diradd 48 6K 1245
kqueue 60 6K 2023
vt 11 6K 11
sctp_atcl 11 6K 425
plimit 22 6K 471
cred 22 6K 222
sglist 5 6K 5
CAM queue 5 6K 1528
lockf 51 5K 974
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
DEVFSP 74 5K 280
mkdir 35 5K 1992
pf_ifnet 10 5K 89
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
kcovinfo 64 4K 255
UMA 247 4K 247
newdirblk 31 4K 996
session 28 4K 56
pgrp 28 4K 56
hhook 13 4K 13
acpisem 22 3K 22
terminal 11 3K 11
proc-args 47 3K 795
freeblks 10 3K 1121
uidinfo 3 3K 7
sctp_ifa 17 3K 50
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 44
Unitno 32 2K 3191
CAM XPT 22 2K 543
in_multi 6 2K 18
acpidev 20 2K 20
msi 9 2K 9
tun 7 2K 7
softdep 1 1K 1
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 16
NFSD session 1 1K 1
CAM periph 4 1K 271
inpcbpolicy 28 1K 2894
indirdep 3 1K 1250
mld 6 1K 6
sctp_ifn 6 1K 17
igmp 6 1K 6
nhops 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
sctp_atky 16 1K 608
crypto 3 1K 3
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
vnodes 1 1K 28
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 6
sctp_athm 11 1K 425
sctp_map 10 1K 366
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
tcpfunc 2 1K 2
ktls 1 1K 1
pmchooks 1 1K 1
prison 4 1K 4
soname 4 1K 6362
nexusdev 5 1K 5
entropy 2 1K 52
sctp_vrf 1 1K 1
ip_msource 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
filecaps 3 1K 109
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_table 0 0K 39
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
ath_hal 0 0K 0
madt_table 0 0K 2
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
fpukern_ctx 0 0K 0
mixer 0 0K 0
xen_intr 0 0K 0
ac97 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
SIIS driver 0 0K 0
vm_fictitious 0 0K 0
CAM CCB 0 0K 6622
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
UMAHash 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 758
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 7
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 36
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 37
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
lDevFlags * malloc 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 133
sctp_iter 0 0K 38
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 38
sctp_aadr 0 0K 0
sctp_stri 0 0K 0
newreno data 0 0K 0
ip_moptions 0 0K 8
in_mfilter 0 0K 16
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
statfs 0 0K 1151
export_host 0 0K 0
cl_savebuf 0 0K 13
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 475
accf 0 0K 0
pts 0 0K 0
iov 0 0K 17603
ioctlops 0 0K 256
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 682
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
db> show ktr
No such command; use "help" to list available commands
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: e4af2e7c Revert r360514, to avoid unnecessary churn of the..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1116cc88100000
dashboard link: https://syzkaller.appspot.com/bug?extid=b7d4a55089e63816d120
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b7d4a5...@syzkaller.appspotmail.com
panic: tp:0xfffffe002581c020 rc_sacked:2 > out:1
cpuid = 1
time = 1588667868
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00237445f0
vpanic() at vpanic+0x1c7/frame 0xfffffe0023744650
panic() at panic+0x43/frame 0xfffffe00237446b0
ctf_flight_size() at ctf_flight_size+0x5d/frame 0xfffffe00237446e0
bbr_output_wtime() at bbr_output_wtime+0x7677/frame 0xfffffe0023744990
bbr_output() at bbr_output+0x67/frame 0xfffffe00237449c0
tcp_hpts_thread() at tcp_hpts_thread+0xdf7/frame 0xfffffe0023744b10
ithread_loop() at ithread_loop+0x328/frame 0xfffffe0023744bb0
fork_exit() at fork_exit+0xb3/frame 0xfffffe0023744bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0023744bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100073 ]
Stopped at kdb_enter+0x67: movq $0,0x14a8fb6(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0xffffffff810b9600 vprintf+0x140
rdx 0x1
rbx 0
rsp 0xfffffe00237445d0
rbp 0xfffffe00237445f0
rsi 0
rdi 0xffffffff810b9636 vprintf+0x176
r8 0
r9 0xffffffff
r10 0x1
r11 0
r12 0xffffffff82068ec0 ddb_dbbe
r13 0
r14 0xffffffff81942eb6
r15 0xffffffff81942eb6
rip 0xffffffff810ae8b7 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x14a8fb6(%rip)
db> show proc
Process 12 (intr) at 0xfffff80003301520:
state: NORMAL
uid: 0 gids: 0
parent: pid 0 at 0xffffffff8250b710
ABI: null
reaper: 0xffffffff8250b710 reapsubtree: 12
sigparent: 20
vmspace: 0xffffffff8250c350
(map 0xffffffff8250c350)
(map.pmap 0xffffffff8250c410)
(pmap 0xffffffff8250c470)
threads: 23
100010 I [swi6: Giant taskq]
100013 I [swi5: fast taskq]
100016 I [swi6: task queue]
100019 I [swi3: vm]
100020 I [swi4: clock (0)]
100021 I [swi4: clock (1)]
100022 I [swi1: netisr 0]
100034 I [irq24: virtio_pci0]
100035 I [irq25: virtio_pci0]
100036 I [irq26: virtio_pci0]
100037 I [irq27: virtio_pci0]
100038 I [irq28: virtio_pci1]
100039 I [irq29: virtio_pci1]
100040 I [irq30: virtio_pci1]
100041 I [irq31: virtio_pci1]
100042 I [irq32: virtio_pci1]
100047 I [irq10: virtio_pci2]
100049 I [irq1: atkbd0]
100050 I [irq12: psm0]
100051 I [swi0: uart uart++]
100060 I [swi1: pf send]
100072 I [swi1: hpts]
100073 Run CPU 1 [swi1: hpts]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
2016 1441 1441 0 R (threaded) syz-executor.3
100314 Run CPU 0 syz-executor.3
100659 S lockf 0xfffff80003a4c100 syz-executor.3
100665 S sbwait 0xfffffe001cfbda8c syz-executor.3
100666 S uwait 0xfffff8001690b900 syz-executor.3
2015 1433 1433 0 R (threaded) syz-executor.2
100487 RunQ syz-executor.2
100658 S uwait 0xfffff80016909400 syz-executor.2
100661 S sbwait 0xfffffe00239f2ff4 syz-executor.2
100663 S sbwait 0xfffffe00239f7e14 syz-executor.2
100672 RunQ syz-executor.2
2014 1415 1415 0 R (threaded) syz-executor.1
100278 RunQ syz-executor.1
100647 S lockf 0xfffff80003a49d80 syz-executor.1
100653 S lockf 0xfffff80003a49e00 syz-executor.1
100656 S uwait 0xfffff8001690a900 syz-executor.1
100657 S uwait 0xfffff8001690a300 syz-executor.1
2013 1461 1461 0 R (threaded) syz-executor.0
100138 RunQ syz-executor.0
100646 S accept 0xfffffe00239f2878 syz-executor.0
100651 S uwait 0xfffff80016909900 syz-executor.0
100654 S uwait 0xfffff8001690ba00 syz-executor.0
100660 S uwait 0xfffff80016909700 syz-executor.0
1969 1963 1969 0 Ss select 0xfffff80003a37bc0 dhclient
1966 1 1966 0 Ss select 0xfffff8000380fac0 dhclient
1963 1956 424 65 S select 0xfffff8001690acc0 dhclient
1956 424 424 0 S wait 0xfffff80016a2aa40 sh
1947 1 1947 65 Ss select 0xfffff80016b9f940 dhclient
1461 768 1461 0 Ss nanslp 0xffffffff8252c1e1 syz-executor.0
1460 1 1460 0 Ss select 0xfffff8001690a1c0 dhclient
1441 768 1441 0 Ss nanslp 0xffffffff8252c1e1 syz-executor.3
1433 768 1433 0 Ss nanslp 0xffffffff8252c1e1 syz-executor.2
1415 768 1415 0 Rs syz-executor.1
1380 1 1380 0 Ss select 0xfffff800169104c0 dhclient
768 766 766 0 S (threaded) syz-fuzzer
100095 S uwait 0xfffff8000380d080 syz-fuzzer
100106 S uwait 0xfffff8000380eb00 syz-fuzzer
100107 S uwait 0xfffff8000380ec00 syz-fuzzer
100108 S uwait 0xfffff8000380ed00 syz-fuzzer
100109 S uwait 0xfffff80003522880 syz-fuzzer
100110 S kqread 0xfffff800164a6200 syz-fuzzer
100111 S uwait 0xfffff80003522a80 syz-fuzzer
100112 S uwait 0xfffff80003a38b00 syz-fuzzer
100113 S uwait 0xfffff80003a38c00 syz-fuzzer
100114 S uwait 0xfffff80003522c80 syz-fuzzer
766 764 766 0 Ss pause 0xfffff800164a20a8 csh
764 682 764 0 Ss select 0xfffff8000380d5c0 sshd
748 1 748 0 Ss+ ttyin 0xfffff80003807cb0 getty
747 1 747 0 Ss+ ttyin 0xfffff80003b068b0 getty
746 1 746 0 Ss+ ttyin 0xfffff80003b06cb0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b050b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b054b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b058b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003b05cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003b080b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003b084b0 getty
686 1 686 0 Ss nanslp 0xffffffff8252c1e1 cron
682 1 682 0 Ss select 0xfffff80003a35dc0 sshd
495 1 495 0 Ss select 0xfffff80003a35ec0 syslogd
424 1 424 0 Ss wait 0xfffff80003d3d000 devd
423 1 423 65 Ss select 0xfffff8000380e340 dhclient
338 1 338 0 Ss select 0xfffff8000380d640 dhclient
335 1 335 0 Ss select 0xfffff8000380e440 dhclient
23 0 0 0 DL vlruwt 0xfffff800033c6520 [vnlru]
22 0 0 0 DL syncer 0xffffffff82618118 [syncer]
21 0 0 0 DL (threaded) [bufdaemon]
100069 D qsleep 0xffffffff82617430 [bufdaemon]
100076 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100087 D sdflush 0xfffff80003808ce8 [/ worker]
20 0 0 0 DL psleep 0xffffffff8263e308 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100067 D psleep 0xffffffff826328d8 [dom0]
100074 D launds 0xffffffff826328e4 [laundry: dom0]
100075 D umarcl 0xffffffff81545120 [uma]
18 0 0 0 DL - 0xffffffff8235fe20 [rand_harvestq]
17 0 0 0 DL pftm 0xffffffff82b533a0 [pf purge]
16 0 0 0 DL waiting 0xffffffff8261a890 [sctp_iterator]
15 0 0 0 DL - 0xffffffff82616a2c [soaiod4]
9 0 0 0 DL - 0xffffffff82616a2c [soaiod3]
8 0 0 0 DL - 0xffffffff82616a2c [soaiod2]
7 0 0 0 DL - 0xffffffff82616a2c [soaiod1]
6 0 0 0 DL (threaded) [cam]
100033 D - 0xffffffff82237b40 [doneq0]
100066 D - 0xffffffff82237a10 [scanner]
5 0 0 0 DL crypto_ 0xfffff80003202d90 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff80003202d30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff826300c0 [crypto]
14 0 0 0 DL seqstat 0xfffff80003351488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100024 D - 0xffffffff8250b180 [g_event]
100025 D - 0xffffffff8250b188 [g_up]
100026 D - 0xffffffff8250b190 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100017 D - 0xfffff800032fac80 [thr_0]
100018 D - 0xfffff800032facc0 [thr_1]
12 0 0 0 RL (threaded) [intr]
100010 I [swi6: Giant taskq]
100013 I [swi5: fast taskq]
100016 I [swi6: task queue]
100019 I [swi3: vm]
100020 I [swi4: clock (0)]
100021 I [swi4: clock (1)]
100022 I [swi1: netisr 0]
100034 I [irq24: virtio_pci0]
100035 I [irq25: virtio_pci0]
100036 I [irq26: virtio_pci0]
100037 I [irq27: virtio_pci0]
100038 I [irq28: virtio_pci1]
100039 I [irq29: virtio_pci1]
100040 I [irq30: virtio_pci1]
100041 I [irq31: virtio_pci1]
100042 I [irq32: virtio_pci1]
100047 I [irq10: virtio_pci2]
100049 I [irq1: atkbd0]
100050 I [irq12: psm0]
100051 I [swi0: uart uart++]
100060 I [swi1: pf send]
100072 I [swi1: hpts]
100073 Run CPU 1 [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff80003304000 [init]
10 0 0 0 DL audit_w 0xffffffff82630598 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8250b710 [swapper]
100005 D - 0xfffff80003325000 [if_config_tqg_0]
100006 D - 0xfffff80003326e00 [softirq_0]
100007 D - 0xfffff80003326d00 [softirq_1]
100008 D - 0xfffff80003326c00 [if_io_tqg_0]
100009 D - 0xfffff80003326b00 [if_io_tqg_1]
100011 D - 0xfffff80003333600 [in6m_free taskq]
100012 D - 0xfffff80003333500 [thread taskq]
100014 D - 0xfffff80003333200 [kqueue_ctx taskq]
100015 D - 0xfffff80003333100 [aiod_kick taskq]
100023 D - 0xfffff80003334800 [firmware taskq]
100028 D - 0xfffff80003331c00 [crypto_0]
100029 D - 0xfffff80003331c00 [crypto_1]
100043 D - 0xfffff80003562c00 [vtnet0 rxq 0]
100044 D - 0xfffff80003562b00 [vtnet0 txq 0]
100045 D - 0xfffff80003562a00 [vtnet0 rxq 1]
100046 D - 0xfffff80003562900 [vtnet0 txq 1]
100048 D vtbslp 0xfffff80003522680 [virtio_balloon]
100052 D - 0xfffff80003335700 [mca taskq]
100057 D - 0xffffffff81ce6631 [deadlkres]
100061 D - 0xfffff80003331800 [acpi_task_0]
100062 D - 0xfffff80003331800 [acpi_task_1]
100063 D - 0xfffff80003331800 [acpi_task_2]
100065 D - 0xfffff80003331500 [CAM taskq]
db> show all locks
Process 2016 (syz-executor.3) thread 0xfffffe0025886500 (100314)
exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff825541b0) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:512
Process 2015 (syz-executor.2) thread 0xfffffe0025c20000 (100487)
exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff82550f10) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:512
Process 12 (intr) thread 0xfffffe0023b93100 (100073)
exclusive sleep mutex so_snd (so_snd) r = 0 (0xfffffe00239f2cf0) locked @ /syzkaller/managers/main/kernel/sys/modules/tcp/bbr/../../../netinet/tcp_stacks/bbr.c:12521
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff80003d53b90) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_hpts.c:1539
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
sctp_stro 5 10320K 188
devbuf 4213 4851K 4241
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 27747 1619K 27811
kobj 332 1328K 488
newblk 108 1051K 3603
vfscache 4 1025K 4
inodedep 136 580K 1323
pcb 43 551K 892
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 131 269K 2090
acpica 1674 185K 52709
vnet_data 1 168K 1
filedesc 22 153K 2142
pagedep 41 138K 1019
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 237 91K 310
bus 1008 80K 3420
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 496 62K 496
BPF 30 53K 46
umtx 342 43K 342
kdtrace 194 38K 6708
ifaddr 91 34K 109
temp 35 33K 3122
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
vmem 3 26K 5
gtaskqueue 18 26K 18
kbdmux 6 22K 6
dirrem 82 21K 1162
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
lltable 43 16K 105
ithread 98 16K 98
ether_multi 172 14K 465
bus-sc 30 14K 1431
KTRACE 100 13K 100
ifnet 7 13K 7
freework 47 12K 1770
kenv 95 12K 99
eventhandler 132 12K 132
freefile 83 11K 1158
in6_multi 89 11K 250
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 2 9K 1361
UART 12 9K 12
devstat 4 9K 4
pf_rule 8 8K 52
rpc 2 8K 2
sctp_timw 32 8K 32
shmfd 1 8K 1
pfs_vncache 1 8K 1
select 59 8K 59
audit_evclass 233 8K 291
routetbl 50 7K 275
CAM DEV 3 6K 510
diradd 48 6K 1245
kqueue 60 6K 2023
vt 11 6K 11
sctp_atcl 11 6K 425
plimit 22 6K 471
cred 22 6K 222
sglist 5 6K 5
CAM queue 5 6K 1528
lockf 51 5K 974
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
DEVFSP 74 5K 280
mkdir 35 5K 1992
pf_ifnet 10 5K 89
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
kcovinfo 64 4K 255
UMA 247 4K 247
newdirblk 31 4K 996
session 28 4K 56
pgrp 28 4K 56
hhook 13 4K 13
acpisem 22 3K 22
terminal 11 3K 11
proc-args 47 3K 795
freeblks 10 3K 1121
uidinfo 3 3K 7
sctp_ifa 17 3K 50
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 44
Unitno 32 2K 3191
CAM XPT 22 2K 543
in_multi 6 2K 18
acpidev 20 2K 20
msi 9 2K 9
tun 7 2K 7
softdep 1 1K 1
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 16
NFSD session 1 1K 1
CAM periph 4 1K 271
inpcbpolicy 28 1K 2894
indirdep 3 1K 1250
mld 6 1K 6
sctp_ifn 6 1K 17
igmp 6 1K 6
nhops 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
sctp_atky 16 1K 608
crypto 3 1K 3
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
vnodes 1 1K 28
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 6
sctp_athm 11 1K 425
sctp_map 10 1K 366
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
tcpfunc 2 1K 2
ktls 1 1K 1
pmchooks 1 1K 1
prison 4 1K 4
soname 4 1K 6362
nexusdev 5 1K 5
entropy 2 1K 52
sctp_vrf 1 1K 1
ip_msource 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
filecaps 3 1K 109
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_table 0 0K 39
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
ath_hal 0 0K 0
madt_table 0 0K 2
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
fpukern_ctx 0 0K 0
mixer 0 0K 0
xen_intr 0 0K 0
ac97 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
SIIS driver 0 0K 0
vm_fictitious 0 0K 0
CAM CCB 0 0K 6622
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
UMAHash 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 758
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 7
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 36
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 37
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
lDevFlags * malloc 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 133
sctp_iter 0 0K 38
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 38
sctp_aadr 0 0K 0
sctp_stri 0 0K 0
newreno data 0 0K 0
ip_moptions 0 0K 8
in_mfilter 0 0K 16
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
statfs 0 0K 1151
export_host 0 0K 0
cl_savebuf 0 0K 13
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 475
accf 0 0K 0
pts 0 0K 0
iov 0 0K 17603
ioctlops 0 0K 256
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 682
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
db> show ktr
No such command; use "help" to list available commands
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 5, 2020, 12:28:15 PM5/5/20
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: e4af2e7c Revert r360514, to avoid unnecessary churn of the..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15a82cf4100000
dashboard link: https://syzkaller.appspot.com/bug?extid=b7d4a55089e63816d120
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b78482100000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16c817f8100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b7d4a5...@syzkaller.appspotmail.com
login: panic: tp:0xfffffe0025849000 rc_sacked:1432 > out:1
cpuid = 0
time = 1588695883
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00037ff5f0
vpanic() at vpanic+0x1c7/frame 0xfffffe00037ff650
panic() at panic+0x43/frame 0xfffffe00037ff6b0
ctf_flight_size() at ctf_flight_size+0x5d/frame 0xfffffe00037ff6e0
bbr_output_wtime() at bbr_output_wtime+0x9801/frame 0xfffffe00037ff990
bbr_output() at bbr_output+0x67/frame 0xfffffe00037ff9c0
tcp_hpts_thread() at tcp_hpts_thread+0xdf7/frame 0xfffffe00037ffb10
ithread_loop() at ithread_loop+0x328/frame 0xfffffe00037ffbb0
fork_exit() at fork_exit+0xb3/frame 0xfffffe00037ffbf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00037ffbf0
rdx 0xffffffff818a2f1a
rbx 0
rsp 0xfffffe00037ff5d0
rbp 0xfffffe00037ff5f0
rsi 0x1
rdi 0
100072 Run CPU 0 [swi1: hpts]
100073 I [swi1: hpts]
773 771 771 0 R syz-executor7370366
771 769 771 0 Ss pause 0xfffff800111cc5c8 csh
769 682 769 0 Ss select 0xfffff800110c44c0 sshd
748 1 748 0 Ss+ ttyin 0xfffff8000380ccb0 getty
747 1 747 0 Ss+ ttyin 0xfffff800038078b0 getty
746 1 746 0 Ss+ ttyin 0xfffff80003807cb0 getty
745 1 745 0 Ss+ ttyin 0xfffff8000380a0b0 getty
744 1 744 0 Ss+ ttyin 0xfffff8000380a4b0 getty
743 1 743 0 Ss+ ttyin 0xfffff8000380a8b0 getty
742 1 742 0 Ss+ ttyin 0xfffff8000380acb0 getty
741 1 741 0 Ss+ ttyin 0xfffff800038090b0 getty
740 1 740 0 Ss+ ttyin 0xfffff800038094b0 getty
738 1 24 0 S+ piperd 0xfffff80003c782f8 logger
737 736 24 0 S+ nanslp 0xffffffff8252c1e0 sleep
736 1 24 0 S+ wait 0xfffff80003cd5520 sh
686 1 686 0 Ss nanslp 0xffffffff8252c1e0 cron
682 1 682 0 Ss select 0xfffff80003be66c0 sshd
495 1 495 0 Ss select 0xfffff80003be67c0 syslogd
424 1 424 0 Ss select 0xfffff8000308ecc0 devd
423 1 423 65 Ss select 0xfffff800034bc6c0 dhclient
338 1 338 0 Ss select 0xfffff8000308ed40 dhclient
335 1 335 0 Ss select 0xfffff800034bc640 dhclient
23 0 0 0 DL vlruwt 0xfffff80003368a40 [vnlru]
16 0 0 0 DL - 0xffffffff82616a2c [soaiod3]
15 0 0 0 DL - 0xffffffff82616a2c [soaiod2]
9 0 0 0 DL - 0xffffffff82616a2c [soaiod1]
8 0 0 0 DL pftm 0xffffffff82c4e3a0 [pf purge]
7 0 0 0 DL waiting 0xffffffff8261a890 [sctp_iterator]
4 0 0 0 DL crypto_ 0xfffff800033f2230 [crypto returns 0]
100072 Run CPU 0 [swi1: hpts]
100073 I [swi1: hpts]
100028 D - 0xfffff80003383200 [crypto_0]
100029 D - 0xfffff80003383200 [crypto_1]
100043 D - 0xfffff800037dc400 [vtnet0 rxq 0]
100044 D - 0xfffff800037dc300 [vtnet0 txq 0]
100045 D - 0xfffff800037dc200 [vtnet0 rxq 1]
100046 D - 0xfffff800037dc100 [vtnet0 txq 1]
100048 D vtbslp 0xfffff800035b1780 [virtio_balloon]
100052 D - 0xfffff800037dae00 [mca taskq]
100053 D - 0xffffffff81ce6631 [deadlkres]
100061 D - 0xfffff800037dac00 [acpi_task_0]
100062 D - 0xfffff800037dac00 [acpi_task_1]
100063 D - 0xfffff800037dac00 [acpi_task_2]
100065 D - 0xfffff80003384a00 [CAM taskq]
db> show all locks
Process 1581 (syz-executor7370366) thread 0xfffffe001d9f2e00 (100105)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8001187b020) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:1756
Process 12 (intr) thread 0xfffffe001d9f3c00 (100072)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff800115333f0) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_hpts.c:1539
vfscache 4 1025K 4
pcb 828 587K 882
inodedep 26 525K 71
linker 237 91K 265
bus 964 78K 3344
DEVFS3 120 30K 130
umtx 234 30K 234
kdtrace 148 29K 3218
DEVFS_RULE 56 27K 56
gtaskqueue 18 26K 18
inpcbpolicy 814 26K 937
vmem 3 22K 4
kbdmux 6 22K 6
BPF 10 18K 10
bus-sc 30 14K 1431
ifaddr 32 13K 32
KTRACE 100 13K 100
cred 21 6K 234
plimit 17 5K 322
ifnet 3 5K 3
UMA 247 4K 247
lltable 11 4K 11
hhook 13 4K 13
ether_multi 40 4K 45
pf_ifnet 5 3K 6
in6_multi 25 3K 25
kqueue 47 3K 1584
pgrp 20 3K 31
uidinfo 3 3K 8
proc-args 39 2K 472
freefile 13 2K 22
Unitno 25 2K 37
dirrem 4 1K 28
indirdep 3 1K 3
sctp_ifa 5 1K 5
crypto 3 1K 3
newdirblk 4 1K 8
mkdir 4 1K 16
in_multi 2 1K 3
sctp_ifn 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
soname 4 1K 6595
filecaps 4 1K 66
tun 3 1K 3
nexusdev 5 1K 5
entropy 2 1K 35
freework 1 1K 26
sctp_vrf 1 1K 1
pf_rule 0 0K 0
CAM CCB 0 0K 1824
freefrag 0 0K 7
sctp_iter 0 0K 3
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 3
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 3
ioctlops 0 0K 85
HEAD commit: e4af2e7c Revert r360514, to avoid unnecessary churn of the..
git tree: freebsd
dashboard link: https://syzkaller.appspot.com/bug?extid=b7d4a55089e63816d120
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b78482100000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16c817f8100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b7d4a5...@syzkaller.appspotmail.com
cpuid = 0
time = 1588695883
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00037ff5f0
vpanic() at vpanic+0x1c7/frame 0xfffffe00037ff650
panic() at panic+0x43/frame 0xfffffe00037ff6b0
ctf_flight_size() at ctf_flight_size+0x5d/frame 0xfffffe00037ff6e0
bbr_output_wtime() at bbr_output_wtime+0x9801/frame 0xfffffe00037ff990
bbr_output() at bbr_output+0x67/frame 0xfffffe00037ff9c0
tcp_hpts_thread() at tcp_hpts_thread+0xdf7/frame 0xfffffe00037ffb10
ithread_loop() at ithread_loop+0x328/frame 0xfffffe00037ffbb0
fork_exit() at fork_exit+0xb3/frame 0xfffffe00037ffbf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00037ffbf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100072 ]
KDB: enter: panic
Stopped at kdb_enter+0x67: movq $0,0x14a8fb6(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0x80 ll+0x5f
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rdx 0xffffffff818a2f1a
rbx 0
rsp 0xfffffe00037ff5d0
rbp 0xfffffe00037ff5f0
rsi 0x1
rdi 0
r8 0
r9 0xffffffff
r10 0
r11 0x2b15173f
r9 0xffffffff
r10 0
100073 I [swi1: hpts]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1581 773 771 0 R CPU 1 syz-executor7370366
pid ppid pgrp uid state wmesg wchan cmd
773 771 771 0 R syz-executor7370366
771 769 771 0 Ss pause 0xfffff800111cc5c8 csh
769 682 769 0 Ss select 0xfffff800110c44c0 sshd
748 1 748 0 Ss+ ttyin 0xfffff8000380ccb0 getty
747 1 747 0 Ss+ ttyin 0xfffff800038078b0 getty
746 1 746 0 Ss+ ttyin 0xfffff80003807cb0 getty
745 1 745 0 Ss+ ttyin 0xfffff8000380a0b0 getty
744 1 744 0 Ss+ ttyin 0xfffff8000380a4b0 getty
743 1 743 0 Ss+ ttyin 0xfffff8000380a8b0 getty
742 1 742 0 Ss+ ttyin 0xfffff8000380acb0 getty
741 1 741 0 Ss+ ttyin 0xfffff800038090b0 getty
740 1 740 0 Ss+ ttyin 0xfffff800038094b0 getty
738 1 24 0 S+ piperd 0xfffff80003c782f8 logger
737 736 24 0 S+ nanslp 0xffffffff8252c1e0 sleep
736 1 24 0 S+ wait 0xfffff80003cd5520 sh
686 1 686 0 Ss nanslp 0xffffffff8252c1e0 cron
682 1 682 0 Ss select 0xfffff80003be66c0 sshd
495 1 495 0 Ss select 0xfffff80003be67c0 syslogd
424 1 424 0 Ss select 0xfffff8000308ecc0 devd
423 1 423 65 Ss select 0xfffff800034bc6c0 dhclient
338 1 338 0 Ss select 0xfffff8000308ed40 dhclient
335 1 335 0 Ss select 0xfffff800034bc640 dhclient
23 0 0 0 DL vlruwt 0xfffff80003368a40 [vnlru]
22 0 0 0 DL syncer 0xffffffff82618118 [syncer]
21 0 0 0 DL (threaded) [bufdaemon]
100069 D qsleep 0xffffffff82617430 [bufdaemon]
100076 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100084 D sdflush 0xfffff80003ce1ce8 [/ worker]
21 0 0 0 DL (threaded) [bufdaemon]
100069 D qsleep 0xffffffff82617430 [bufdaemon]
100076 D - 0xffffffff8200aa00 [bufspacedaemon-0]
20 0 0 0 DL psleep 0xffffffff8263e308 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100067 D psleep 0xffffffff826328d8 [dom0]
100074 D launds 0xffffffff826328e4 [laundry: dom0]
100075 D umarcl 0xffffffff81545120 [uma]
18 0 0 0 DL - 0xffffffff8235fe20 [rand_harvestq]
17 0 0 0 DL - 0xffffffff82616a2c [soaiod4]
19 0 0 0 DL (threaded) [pagedaemon]
100067 D psleep 0xffffffff826328d8 [dom0]
100074 D launds 0xffffffff826328e4 [laundry: dom0]
100075 D umarcl 0xffffffff81545120 [uma]
18 0 0 0 DL - 0xffffffff8235fe20 [rand_harvestq]
16 0 0 0 DL - 0xffffffff82616a2c [soaiod3]
15 0 0 0 DL - 0xffffffff82616a2c [soaiod2]
9 0 0 0 DL - 0xffffffff82616a2c [soaiod1]
8 0 0 0 DL pftm 0xffffffff82c4e3a0 [pf purge]
7 0 0 0 DL waiting 0xffffffff8261a890 [sctp_iterator]
6 0 0 0 DL (threaded) [cam]
100033 D - 0xffffffff82237b40 [doneq0]
100066 D - 0xffffffff82237a10 [scanner]
5 0 0 0 DL crypto_ 0xfffff800033f2290 [crypto returns 1]
100033 D - 0xffffffff82237b40 [doneq0]
100066 D - 0xffffffff82237a10 [scanner]
4 0 0 0 DL crypto_ 0xfffff800033f2230 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff826300c0 [crypto]
14 0 0 0 DL seqstat 0xfffff80003390488 [sequencer 00]
100073 I [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff80003304000 [init]
10 0 0 0 DL audit_w 0xffffffff82630598 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8250b710 [swapper]
100005 D - 0xfffff80003325000 [if_config_tqg_0]
100006 D - 0xfffff80003326e00 [softirq_0]
100007 D - 0xfffff80003326d00 [softirq_1]
100008 D - 0xfffff80003326c00 [if_io_tqg_0]
100009 D - 0xfffff80003326b00 [if_io_tqg_1]
100011 D - 0xfffff80003333600 [in6m_free taskq]
100012 D - 0xfffff80003333500 [thread taskq]
100014 D - 0xfffff80003333200 [kqueue_ctx taskq]
100015 D - 0xfffff80003333100 [aiod_kick taskq]
100023 D - 0xfffff80003383d00 [firmware taskq]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff80003304000 [init]
10 0 0 0 DL audit_w 0xffffffff82630598 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8250b710 [swapper]
100005 D - 0xfffff80003325000 [if_config_tqg_0]
100006 D - 0xfffff80003326e00 [softirq_0]
100007 D - 0xfffff80003326d00 [softirq_1]
100008 D - 0xfffff80003326c00 [if_io_tqg_0]
100009 D - 0xfffff80003326b00 [if_io_tqg_1]
100011 D - 0xfffff80003333600 [in6m_free taskq]
100012 D - 0xfffff80003333500 [thread taskq]
100014 D - 0xfffff80003333200 [kqueue_ctx taskq]
100015 D - 0xfffff80003333100 [aiod_kick taskq]
100028 D - 0xfffff80003383200 [crypto_0]
100029 D - 0xfffff80003383200 [crypto_1]
100043 D - 0xfffff800037dc400 [vtnet0 rxq 0]
100044 D - 0xfffff800037dc300 [vtnet0 txq 0]
100045 D - 0xfffff800037dc200 [vtnet0 rxq 1]
100046 D - 0xfffff800037dc100 [vtnet0 txq 1]
100048 D vtbslp 0xfffff800035b1780 [virtio_balloon]
100052 D - 0xfffff800037dae00 [mca taskq]
100053 D - 0xffffffff81ce6631 [deadlkres]
100061 D - 0xfffff800037dac00 [acpi_task_0]
100062 D - 0xfffff800037dac00 [acpi_task_1]
100063 D - 0xfffff800037dac00 [acpi_task_2]
100065 D - 0xfffff80003384a00 [CAM taskq]
db> show all locks
Process 1581 (syz-executor7370366) thread 0xfffffe001d9f2e00 (100105)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8001187b020) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:1756
Process 12 (intr) thread 0xfffffe001d9f3c00 (100072)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff800115333f0) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_hpts.c:1539
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4213 4851K 4238
Type InUse MemUse Requests
pf_hash 5 11524K 5
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 27747 1619K 27811
kobj 332 1328K 488
newblk 451 1137K 508
vtbuf 24 1968K 46
sysctloid 27747 1619K 27811
kobj 332 1328K 488
vfscache 4 1025K 4
pcb 828 587K 882
inodedep 26 525K 71
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 114 222K 1649
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
acpica 1674 185K 52709
vnet_data 1 168K 1
pagedep 8 130K 18
vnet_data 1 168K 1
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 101 101K 110
sem 4 106K 4
linker 237 91K 265
bus 964 78K 3344
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 496 62K 496
temp 18 33K 1534
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 496 62K 496
hostcache 1 32K 1
shm 1 32K 1
msg 4 30K 4
shm 1 32K 1
DEVFS3 120 30K 130
umtx 234 30K 234
kdtrace 148 29K 3218
DEVFS_RULE 56 27K 56
gtaskqueue 18 26K 18
inpcbpolicy 814 26K 937
vmem 3 22K 4
kbdmux 6 22K 6
BPF 10 18K 10
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 98 16K 98
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
bus-sc 30 14K 1431
ifaddr 32 13K 32
KTRACE 100 13K 100
kenv 95 12K 99
eventhandler 132 12K 132
eventhandler 132 12K 132
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 2 9K 41
GEOM 60 10K 487
rman 82 10K 423
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
devstat 4 9K 4
shmfd 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 233 8K 291
pfs_vncache 1 8K 1
CAM DEV 3 6K 510
vt 11 6K 11
cred 21 6K 234
sglist 5 6K 5
CAM queue 5 6K 1528
CAM queue 5 6K 1528
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
routetbl 28 5K 32
ufs_dirhash 24 5K 24
plimit 17 5K 322
ifnet 3 5K 3
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
filedesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
UMA 247 4K 247
lltable 11 4K 11
hhook 13 4K 13
ether_multi 40 4K 45
pf_ifnet 5 3K 6
in6_multi 25 3K 25
kqueue 47 3K 1584
acpisem 22 3K 22
terminal 11 3K 11
session 20 3K 31
terminal 11 3K 11
pgrp 20 3K 31
uidinfo 3 3K 8
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
select 15 2K 15
io_apic 1 2K 1
ipsec-saq 2 2K 2
proc-args 39 2K 472
freefile 13 2K 22
CAM XPT 22 2K 543
lockf 15 2K 22
Unitno 25 2K 37
acpidev 20 2K 20
msi 9 2K 9
softdep 1 1K 1
msi 9 2K 9
dirrem 4 1K 28
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 8
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
NFSD session 1 1K 1
CAM periph 4 1K 271
diradd 7 1K 36
CAM periph 4 1K 271
indirdep 3 1K 3
nhops 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
ip6ndp 4 1K 5
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
sctp_ifa 5 1K 5
crypto 3 1K 3
newdirblk 4 1K 8
mkdir 4 1K 16
in_multi 2 1K 3
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
mld 2 1K 2
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
sctp_ifn 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 7
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
tcpfunc 2 1K 2
ktls 1 1K 1
pmchooks 1 1K 1
prison 4 1K 4
DEVFSP 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
tcpfunc 2 1K 2
ktls 1 1K 1
pmchooks 1 1K 1
prison 4 1K 4
soname 4 1K 6595
filecaps 4 1K 66
tun 3 1K 3
nexusdev 5 1K 5
entropy 2 1K 35
freework 1 1K 26
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_table 0 0K 0
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_rule 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
UMAHash 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 12
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
UMAHash 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 3
jfsync 0 0K 0
jtrunc 0 0K 0
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 25
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 7
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
lDevFlags * malloc 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
lDevFlags * malloc 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_iter 0 0K 3
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 3
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
statfs 0 0K 196
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 3
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 25
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
accf 0 0K 0
pts 0 0K 0
iov 0 0K 12966
pts 0 0K 0
ioctlops 0 0K 85
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 574
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
kcovinfo 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
Mark Johnston
Dec 22, 2020, 6:24:55 PM12/22/20
to syzbot, syzkaller-f...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages