panic: ASan: Invalid access, 1-byte write at ADDR, UMAUseAfterFree(fd)
4 views
Skip to first unread message
syzbot
Jul 7, 2021, 8:01:21 PM7/7/21
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: da2f833f MMCCAM: fix a panic after cam_sim_alloc_dev() rem..
git tree: https://github.com/freebsd/freebsd-src.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=145a7a9c300000
dashboard link: https://syzkaller.appspot.com/bug?extid=b0bb0e2ff6c6875647e8
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b0bb0e...@syzkaller.appspotmail.com
panic: ASan: Invalid access, 1-byte write at 0xfffffe0097a0f43e, UMAUseAfterFree(fd)
cpuid = 1
time = 1625699655
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe009790bb50
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe009790bcb0
vpanic() at vpanic+0x2c5/frame 0xfffffe009790bd90
panic() at panic+0xb5/frame 0xfffffe009790be50
__asan_store1_noabort() at __asan_store1_noabort+0x11a/frame 0xfffffe009790bf10
sctp_lower_sosend() at sctp_lower_sosend+0x6ee8/frame 0xfffffe009790c400
sctp_sosend() at sctp_sosend+0x729/frame 0xfffffe009790c6a0
sosend() at sosend+0x11e/frame 0xfffffe009790c710
kern_sendit() at kern_sendit+0x58d/frame 0xfffffe009790c880
sendit() at sendit+0x2b0/frame 0xfffffe009790c8d0
sys_sendto() at sys_sendto+0x182/frame 0xfffffe009790c9f0
amd64_syscall() at amd64_syscall+0x425/frame 0xfffffe009790cbf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe009790cbf0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x287eda, rsp = 0x7fffdfffdf08, rbp = 0x7fffdfffdf70 ---
KDB: enter: panic
[ thread pid 3344 tid 104388 ]
Stopped at kdb_enter+0x6b: movq $0,0x28f86da(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xb6470dc172f121f2
rdx 0x40001
rbx 0
rsp 0xfffffe009790bc90
rbp 0xfffffe009790bcb0
rsi 0
rdi 0xfffffe009ebb3ba8
r8 0x3
r9 0xfffffe009790b7e8
r10 0
r11 0xfffffe00a3cafa70
r12 0xfffffe00a3caf560
r13 0xfffffe009790bd01
r14 0xffffffff82c3df20 .str.18
r15 0xffffffff82c3df20 .str.18
rip 0xffffffff8178d35b kdb_enter+0x6b
rflags 0x46
kdb_enter+0x6b: movq $0,0x28f86da(%rip)
db> show proc
Process 3344 (syz-executor.2) at 0xfffffe00a75a1a70:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 802 at 0xfffffe0097b2ba70
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: /root/syz-executor.2
reaper: 0xfffffe0053d51538 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00a4e33000
(map 0xfffffe00a4e33000)
(map.pmap 0xfffffe00a4e330c0)
(pmap 0xfffffe00a4e33120)
threads: 3
101279 S nanslp 0xffffffff84052940 syz-executor.2
104388 Run CPU 1 syz-executor.2
104389 S uwait 0xfffffe00a756c400 syz-executor.2
db> ps
pid ppid pgrp uid state wmesg wchan cmd
3344 802 802 0 R (threaded) syz-executor.2
101279 S nanslp 0xffffffff84052940 syz-executor.2
104388 Run CPU 1 syz-executor.2
104389 S uwait 0xfffffe00a756c400 syz-executor.2
3342 784 784 0 R (threaded) syz-executor.1
103035 Run CPU 0 syz-executor.1
104386 S select 0xfffffe00a794eec0 syz-executor.1
104390 S select 0xfffffe00a794e9c0 syz-executor.1
3338 783 783 0 R (threaded) syz-executor.0
100111 RunQ syz-executor.0
104378 S sbwait 0xfffffe00a61571c4 syz-executor.0
104379 S sbwait 0xfffffe00a6155574 syz-executor.0
104381 S sbwait 0xfffffe00a61551c4 syz-executor.0
104382 S sbwait 0xfffffe00a612a1c4 syz-executor.0
104383 S uwait 0xfffffe00a4e49580 syz-executor.0
2181 1 2181 65 Ss select 0xfffffe009e6d7bc0 dhclient
1912 1 1912 0 Ss select 0xfffffe00a3cb5b40 dhclient
1909 1 1909 0 Ss select 0xfffffe00a3cb5ac0 dhclient
1882 1 1882 65 Ss select 0xfffffe00a756c040 dhclient
1701 1 784 0 S uwait 0xfffffe009eb88800 syz-executor.1
1699 1 784 0 S uwait 0xfffffe00a4ec2400 syz-executor.1
1697 1 784 0 S uwait 0xfffffe00a4e49a80 syz-executor.1
1690 1 783 0 S uwait 0xfffffe00a4e49480 syz-executor.0
1687 1 810 0 S uwait 0xfffffe009eb88180 syz-executor.3
1684 1 783 0 S uwait 0xfffffe00a4e49000 syz-executor.0
1681 1 810 0 S uwait 0xfffffe00a4e1d400 syz-executor.3
1678 1 783 0 S uwait 0xfffffe00a4ec2b80 syz-executor.0
1673 1 810 0 S uwait 0xfffffe009e5de480 syz-executor.3
1670 1 810 0 S uwait 0xfffffe00a4e1d000 syz-executor.3
1665 1 810 0 S uwait 0xfffffe00a4e49c80 syz-executor.3
1660 1 1660 0 Ss select 0xfffffe009e6d7140 dhclient
1657 1 1657 0 Ss select 0xfffffe009eb886c0 dhclient
1619 1 1619 65 Ss select 0xfffffe00a4e49ec0 dhclient
1581 0 0 0 DL mdwait 0xfffffe00a752c000 [md9]
1566 0 0 0 DL mdwait 0xfffffe00a751d000 [md8]
1558 0 0 0 DL mdwait 0xfffffe00a7510000 [md7]
1552 0 0 0 DL mdwait 0xfffffe00a7501000 [md6]
1547 0 0 0 DL mdwait 0xfffffe00a74f4000 [md5]
1433 1 1433 0 Ss select 0xfffffe00a3cb5e40 dhclient
1430 1 1430 0 Ss select 0xfffffe00a4e493c0 dhclient
1411 1 1411 65 Ss select 0xfffffe009e5de9c0 dhclient
1052 1 1052 0 Ss select 0xfffffe00a4e1dbc0 dhclient
1041 1 1041 0 Ss select 0xfffffe009eb88240 dhclient
984 0 0 0 DL aiordy 0xfffffe00a4f38a70 [aiod4]
983 0 0 0 DL aiordy 0xfffffe00a4e15538 [aiod3]
982 0 0 0 DL aiordy 0xfffffe0097a7a538 [aiod2]
981 0 0 0 DL aiordy 0xfffffe0097a7a000 [aiod1]
929 0 0 0 DL mdwait 0xfffffe00a4e9a000 [md4]
927 0 0 0 DL mdwait 0xfffffe00a4e98000 [md3]
923 0 0 0 DL mdwait 0xfffffe009ebc5000 [md2]
912 0 0 0 DL mdwait 0xfffffe00a4e86000 [md1]
909 0 0 0 DL mdwait 0xfffffe009ebed000 [md0]
810 780 810 0 Rs syz-executor.3
802 780 802 0 Rs syz-executor.2
784 780 784 0 Ss nanslp 0xffffffff84052940 syz-executor.1
783 780 783 0 Ss nanslp 0xffffffff84052940 syz-executor.0
780 778 778 0 S (threaded) syz-fuzzer
100114 S uwait 0xfffffe0097b29580 syz-fuzzer
100123 S uwait 0xfffffe009e5dec80 syz-fuzzer
100124 S kqread 0xfffffe009e6b3700 syz-fuzzer
100125 S uwait 0xfffffe009e55c000 syz-fuzzer
100126 S uwait 0xfffffe009e55c100 syz-fuzzer
100127 S uwait 0xfffffe009e55c200 syz-fuzzer
100128 S uwait 0xfffffe009eb88b00 syz-fuzzer
100130 S uwait 0xfffffe009eb88c00 syz-fuzzer
100131 S uwait 0xfffffe009eb88d00 syz-fuzzer
778 776 778 0 Ss pause 0xfffffe009e6d00b0 csh
776 694 776 0 Ss select 0xfffffe009e5de2c0 sshd
760 1 760 0 Ss+ ttyin 0xfffffe0056cbfcb0 getty
759 1 759 0 Ss+ ttyin 0xfffffe00580740b0 getty
758 1 758 0 Ss+ ttyin 0xfffffe00580744b0 getty
757 1 757 0 Ss+ ttyin 0xfffffe00580748b0 getty
756 1 756 0 Ss+ ttyin 0xfffffe0058074cb0 getty
755 1 755 0 Ss+ ttyin 0xfffffe0057fcc0b0 getty
754 1 754 0 Ss+ ttyin 0xfffffe0057fcc4b0 getty
753 1 753 0 Ss+ ttyin 0xfffffe0057fcc8b0 getty
752 1 752 0 Ss+ ttyin 0xfffffe0057fcccb0 getty
698 1 698 0 Ss nanslp 0xffffffff84052940 cron
694 1 694 0 Ss select 0xfffffe009e55cac0 sshd
507 1 507 0 Ss select 0xfffffe0097b29440 syslogd
436 1 436 0 Ss select 0xfffffe009e55cb40 devd
435 1 435 65 Ss select 0xfffffe009e55cc40 dhclient
350 1 350 0 Ss select 0xfffffe009e5dea40 dhclient
347 1 347 0 Ss select 0xfffffe009e55cbc0 dhclient
23 0 0 0 DL syncer 0xffffffff84178a40 [syncer]
22 0 0 0 DL vlruwt 0xfffffe005841fa70 [vnlru]
21 0 0 0 DL (threaded) [bufdaemon]
100081 D qsleep 0xffffffff84176940 [bufdaemon]
100086 D - 0xffffffff83411f80 [bufspacedaemon-0]
100099 D sdflush 0xfffffe0097b36ce8 [/ worker]
20 0 0 0 DL psleep 0xffffffff841aeac0 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100079 D psleep 0xffffffff841a25f8 [dom0]
100087 D launds 0xffffffff841a2604 [laundry: dom0]
100088 D umarcl 0xffffffff81e7afa0 [uma]
18 0 0 0 DL - 0xffffffff83e09ae0 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff848733c0 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff84d8bd00 [pf purge]
15 0 0 0 DL - 0xffffffff84171dc0 [soaiod4]
9 0 0 0 DL - 0xffffffff84171dc0 [soaiod3]
8 0 0 0 DL - 0xffffffff84171dc0 [soaiod2]
7 0 0 0 DL - 0xffffffff84171dc0 [soaiod1]
6 0 0 0 DL (threaded) [cam]
100044 D - 0xffffffff83c8f240 [doneq0]
100045 D - 0xffffffff83c8f1c0 [async]
100078 D - 0xffffffff83c8f040 [scanner]
14 0 0 0 DL seqstat 0xfffffe0053f8ec88 [sequencer 00]
5 0 0 0 DL crypto_ 0xfffffe0053e8ad80 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffffe0053e8ad30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff8419c6a0 [crypto]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff84025f00 [g_event]
100036 D - 0xffffffff84025f40 [g_up]
100037 D - 0xffffffff84025f80 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100028 D - 0xfffffe0053e16e00 [thr_0]
100029 D - 0xfffffe0053e16e80 [thr_1]
12 0 0 0 WL (threaded) [intr]
100011 I [swi6: task queue]
100012 I [swi6: Giant taskq]
100015 I [swi5: fast taskq]
100030 I [swi4: clock (0)]
100031 I [swi4: clock (1)]
100032 I [swi1: netisr 0]
100033 I [swi3: vm]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq10: virtio_pci2]
100061 I [irq1: atkbd0]
100062 I [irq12: psm0]
100063 I [swi0: uart uart++]
100071 I [swi1: pf send]
100084 I [swi1: hpts]
100085 I [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0053d51538 [init]
10 0 0 0 DL audit_w 0xffffffff8419d640 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff84026e00 [swapper]
100005 D - 0xfffffe0053c0d800 [if_config_tqg_0]
100006 D - 0xfffffe0053c0d600 [softirq_0]
100007 D - 0xfffffe0053c0d400 [softirq_1]
100008 D - 0xfffffe0053c0d200 [if_io_tqg_0]
100009 D - 0xfffffe0053c0d000 [if_io_tqg_1]
100010 D - 0xfffffe000791a700 [pci_hp taskq]
100013 D - 0xfffffe000791a400 [thread taskq]
100014 D - 0xfffffe000791a300 [inm_free taskq]
100016 D - 0xfffffe000791a100 [linuxkpi_irq_wq]
100017 D - 0xfffffe000791a000 [kqueue_ctx taskq]
100018 D - 0xfffffe0053df6e00 [in6m_free taskq]
100019 D - 0xfffffe0053df6d00 [aiod_kick taskq]
100020 D - 0xfffffe0053df6c00 [linuxkpi_short_wq_0]
100021 D - 0xfffffe0053df6c00 [linuxkpi_short_wq_1]
100022 D - 0xfffffe0053df6c00 [linuxkpi_short_wq_2]
100023 D - 0xfffffe0053df6c00 [linuxkpi_short_wq_3]
100024 D - 0xfffffe0053df6b00 [linuxkpi_long_wq_0]
100025 D - 0xfffffe0053df6b00 [linuxkpi_long_wq_1]
100026 D - 0xfffffe0053df6b00 [linuxkpi_long_wq_2]
100027 D - 0xfffffe0053df6b00 [linuxkpi_long_wq_3]
100034 D - 0xfffffe0053df6a00 [firmware taskq]
100038 D - 0xfffffe0053df6900 [crypto_0]
100039 D - 0xfffffe0053df6900 [crypto_1]
100055 D - 0xfffffe0053df6700 [vtnet0 rxq 0]
100056 D - 0xfffffe0053df6600 [vtnet0 txq 0]
100057 D - 0xfffffe0053df6500 [vtnet0 rxq 1]
100058 D - 0xfffffe0053df6400 [vtnet0 txq 1]
100060 D vtbslp 0xfffffe0056c9e480 [virtio_balloon]
100064 D - 0xfffffe0053df6300 [mca taskq]
100069 D - 0xffffffff82c44ea1 [deadlkres]
100074 D - 0xfffffe0057fcbe00 [acpi_task_0]
100075 D - 0xfffffe0057fcbe00 [acpi_task_1]
100076 D - 0xfffffe0057fcbe00 [acpi_task_2]
100077 D - 0xfffffe0053df6800 [CAM taskq]
db> show all locks
Process 3344 (syz-executor.2) thread 0xfffffe00a3caf560 (104388)
exclusive sleep mutex sctp-send-tcb (tcbs) r = 0 (0xfffffe00a4f338d0) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:13125
Process 3342 (syz-executor.1) thread 0xfffffe00a75f8c80 (103035)
exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff84071740) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:946
Process 3338 (syz-executor.0) thread 0xfffffe00a76b03a0 (104379)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe00a6155518) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:467
Process 3338 (syz-executor.0) thread 0xfffffe009e6d2560 (104381)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe00a6155168) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:467
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4216 4338K 4254
tcp_hpts 5 3201K 5
sysctloid 34858 2059K 34925
vtbuf 24 1968K 46
kobj 326 1304K 576
newblk 56 1038K 6943
vfscache 3 1025K 3
pcb 105 623K 6282
inodedep 194 585K 2585
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 190 387K 3452
filedesc 38 297K 4687
vmem 3 274K 5
acpica 1674 184K 54806
vnet_data 1 168K 1
tidhash 3 141K 3
linker 357 140K 397
pagedep 9 130K 2373
tfo_ccache 1 128K 1
sctp_stro 36 127K 1128
DEVFS1 117 117K 134
sem 4 106K 4
BPF 46 88K 55
bus 986 80K 3469
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 510 64K 510
umtx 418 53K 418
kdtrace 273 52K 7736
dirrem 183 46K 2420
md_disk 15 41K 15
temp 36 35K 2688
DEVFS3 136 34K 146
hostcache 1 32K 1
shm 1 32K 22
msg 4 30K 4
sctp_atcl 75 29K 3984
gtaskqueue 18 26K 18
freefile 185 24K 2408
kbdmux 6 22K 6
pf_rule 11 21K 54
md_sectors 5 20K 5
routetbl 144 20K 589
ifaddr 70 20K 72
DEVFS_RULE 56 20K 56
GEOM 130 20K 949
ufs_mount 5 17K 6
proc 3 17K 3
tty 16 16K 16
ithread 99 16K 99
bus-sc 33 14K 1684
lltable 44 14K 172
KTRACE 100 13K 100
ifnet 7 13K 7
ether_multi 152 13K 170
devstat 6 13K 6
kenv 95 12K 95
eventhandler 133 12K 133
CAM queue 5 11K 1528
rman 84 10K 425
in6_multi 65 9K 65
bmsafemap 2 9K 2554
freework 33 9K 3001
UART 12 9K 12
ksem 1 8K 73
sctp_timw 32 8K 32
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
kqueue 89 8K 3372
pfs_nodes 20 8K 20
audit_evclass 236 8K 294
cred 26 7K 274
taskqueue 60 7K 60
sglist 5 7K 5
pf_table 3 6K 42
CAM DEV 3 6K 510
plimit 24 6K 481
pwddesc 87 6K 3355
DEVFSP 80 5K 450
pf_ifnet 13 5K 60
sctp_atky 115 5K 5284
ufs_dirhash 24 5K 24
UMA 275 5K 275
session 35 5K 70
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
kcovinfo 64 4K 68
acpisem 28 4K 28
selfd 55 4K 50853
lockf 32 4K 156
hhook 15 4K 17
fpukern_ctx 3 3K 3
proc-args 52 3K 693
terminal 11 3K 11
select 21 3K 182
uidinfo 3 3K 21
local_apic 1 2K 1
io_apic 1 2K 1
freeblks 8 2K 2426
ipsec-saq 2 2K 2
ip6ndp 12 2K 13
sctp_ifa 13 2K 14
Unitno 27 2K 47
CAM XPT 22 2K 543
in_multi 6 2K 12
ipsecpolicy 2 2K 2
acpidev 20 2K 20
sctp_athm 75 2K 4081
sctp_map 72 2K 2206
msi 9 2K 9
clone 9 2K 9
tun 7 2K 7
softdep 1 1K 1
mkdir 8 1K 4664
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 140
NFSD session 1 1K 1
CAM periph 4 1K 271
ipsec 3 1K 3
sctp_ifn 6 1K 14
mld 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
inpcbpolicy 21 1K 2291
crypto 4 1K 259
encap_export_host 12 1K 12
procdesc 5 1K 18
ip_msource 9 1K 57
sctp_stri 1 1K 208
newdirblk 4 1K 2332
diradd 4 1K 2460
indirdep 2 1K 813
pfil 4 1K 4
cdev 2 1K 2
osd 11 1K 865
chacha20random 1 1K 1
iov 2 1K 18064
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
vnodes 1 1K 1
CAM SIM 2 1K 2
ktls 1 1K 1
feeder 7 1K 7
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
lkpikmalloc 5 1K 6
aesni_data 2 1K 2
apmdev 1 1K 1
atkbddev 2 1K 2
CAM dev queue 2 1K 2
xform 2 1K 786
CAM I/O Scheduler 1 1K 1
CAM path 4 1K 1034
pmchooks 1 1K 1
nexusdev 7 1K 7
soname 4 1K 6847
filecaps 5 1K 123
sctp_vrf 1 1K 1
vnet 1 1K 1
entropy 2 1K 47
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
mqdata 0 0K 0
cdg data 0 0K 0
tcp_do 0 0K 0
tcp_fsb 0 0K 230
chd data 0 0K 0
htcp data 0 0K 0
dctcp data 0 0K 11
cubic data 0 0K 0
vegas data 0 0K 19
sctp_mcore 0 0K 0
sctp_socko 0 0K 1830
sctp_iter 0 0K 16
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 4
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 12
sctp_aadr 0 0K 17
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
axgbe 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
xen_intr 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
xenstore 0 0K 0
ciss_data 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
BACKLIGHT 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
xbd 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
vm_fictitious 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
pvscsi 0 0K 0
scsi_da 0 0K 69
UMAHash 0 0K 0
ata_da 0 0K 0
scsi_ch 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 1192
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 68
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 2
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
scsi_cd 0 0K 0
AHCI driver 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
ktls_ocf 0 0K 0
acpipwr 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
seq_file 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpifw 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 36
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
acpi_perf 0 0K 0
LRO 0 0K 0
newreno data 0 0K 0
ip_moptions 0 0K 25
in_mfilter 0 0K 100
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 5
VN POLL 0 0K 0
twsbuf 0 0K 0
statfs 0 0K 2531
namei_tracker 0 0K 5
export_host 0 0K 0
cl_savebuf 0 0K 30
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 146
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
CAM CCB 0 0K 8050
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 16
acl 0 0K 0
osti_cacheable 0 0K 0
mbuf_tag 0 0K 167
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
accf 0 0K 0
pts 0 0K 0
ioctlops 0 0K 346
eventfd 0 0K 4
Witness 0 0K 0
stack 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
sbuf 0 0K 408
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
malodev 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 965
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
cache 0 0K 0
iirbuf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 132
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWdirectio 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 10595 1 590448 0 254 43401216 0
tcp_log 416 5452 10361 153452 0 254 6578208 0
mbuf 256 11146 59 1289966 0 254 2868480 0
pbuf 2624 0 957 0 0 2 2511168 0
RADIX NODE 144 11544 1275 117573 0 62 1845936 0
BUF TRIE 144 356 11404 6060 0 62 1693440 0
malloc-384 384 4240 10 4372 0 30 1632000 0
malloc-128 128 11494 38 11730 0 126 1476096 0
malloc-4096 4096 327 5 663 0 2 1359872 0
UMA Slabs 0 112 12010 11 12010 0 126 1346352 0
mbuf_cluster 2048 600 2 600 0 254 1232896 0
vmem btag 56 20268 83 20268 0 254 1139656 0
tcp_bbr_map 128 0 6324 133679 0 126 809472 0
FFS inode 1160 526 27 2938 0 8 641480 0
256 Bucket 2048 221 21 17769 0 8 495616 0
malloc-4096 4096 110 9 3900 0 2 487424 0
ertt_txseginfo 40 0 12120 307846 0 254 484800 0
VM OBJECT 264 1447 128 50945 0 30 415800 0
malloc-16384 16384 19 5 2342 0 1 393216 0
THREAD 1808 185 24 4390 0 8 377872 0
lkpimm 160 1 2324 1 0 62 372000 0
lkpicurr 160 2 2323 2 0 62 372000 0
malloc-64 64 4249 350 55432 0 254 294336 0
VNODE 448 565 83 2979 0 30 290304 0
malloc-65536 65536 4 0 4 0 1 262144 0
MAP ENTRY 96 2225 337 189201 0 126 245952 0
malloc-16 16 14334 416 17795 0 254 236000 0
malloc-32768 32768 0 7 718 0 1 229376 0
DEVCTL 1024 0 220 173 0 0 225280 0
malloc-256 256 388 407 15153 0 62 203520 0
malloc-65536 65536 1 2 21 0 1 196608 0
UMA Zones 768 247 2 247 0 16 191232 0
malloc-32 32 5431 113 5723 0 254 177408 0
sctp_asoc 2288 36 39 1103 0 254 171600 0
malloc-128 128 1264 69 31664 0 126 170624 0
malloc-128 128 1210 61 7244 0 126 162688 0
mbuf_packet 256 89 511 10820 0 254 153600 0
VMSPACE 2544 50 10 3304 0 4 152640 0
socket 944 50 106 6553 0 254 147264 0
FFS2 dinode 256 526 29 2938 0 62 142080 0
128 Bucket 1024 102 33 2049 0 16 138240 0
S VFS Cache 104 1028 298 3558 0 126 137904 0
PROC 1336 86 16 3344 0 8 136272 0
malloc-384 384 193 157 2599 0 30 134400 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 0 2 414 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 0 2 22 0 1 131072 0
malloc-1024 1024 120 4 137 0 16 126976 0
clpbuf 2624 0 48 547 0 16 125952 0
malloc-2048 2048 40 20 2762 0 8 122880 0
ksiginfo 112 87 957 1762 0 126 116928 0
filedesc0 1072 87 18 3355 0 8 112560 0
sctp_ep 1280 38 49 2758 0 254 111360 0
malloc-2048 2048 4 46 511 0 8 102400 0
malloc-2048 2048 7 43 8078 0 8 102400 0
malloc-256 256 199 191 8705 0 62 99840 0
malloc-32768 32768 0 3 13 0 1 98304 0
malloc-16384 16384 4 2 179 0 1 98304 0
UMA Kegs 384 232 1 232 0 30 89472 0
malloc-128 128 488 163 2926 0 126 83328 0
malloc-8192 8192 5 5 214 0 1 81920 0
g_bio 408 0 190 24515 0 30 77520 0
sctp_raddr 736 36 63 1189 0 254 72864 0
malloc-1024 1024 43 25 1644 0 16 69632 0
malloc-32768 32768 0 2 130 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 0 2 2 0 1 65536 0
malloc-8192 8192 6 2 10 0 1 65536 0
64 Bucket 512 79 49 5225 0 30 65536 0
tcpcb 1080 7 49 854 0 254 60480 0
malloc-4096 4096 14 0 14 0 2 57344 0
malloc-4096 4096 12 2 17 0 2 57344 0
32 Bucket 256 72 138 15489 0 62 53760 0
malloc-4096 4096 12 1 23 0 2 53248 0
malloc-384 384 75 55 4000 0 30 49920 0
malloc-256 256 164 31 331 0 62 49920 0
malloc-256 256 144 51 1213 0 62 49920 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-8192 8192 4 2 8 0 1 49152 0
malloc-2048 2048 16 8 268 0 8 49152 0
pcpu-8 8 4877 755 6404 0 254 45056 0
malloc-64 64 599 94 21340 0 254 44352 0
malloc-8192 8192 5 0 5 0 1 40960 0
udplite_inpcb 488 3 77 1055 0 254 39040 0
tcp_inpcb 488 7 73 854 0 254 39040 0
malloc-384 384 81 19 218 0 30 38400 0
malloc-256 256 87 63 3256 0 62 38400 0
DIRHASH 1024 34 2 34 0 16 36864 0
NAMEI 1024 0 36 25545 0 16 36864 0
malloc-64 64 478 89 690 0 254 36288 0
Files 80 253 197 16933 0 126 36000 0
md9 512 64 0 64 0 30 32768 0
md8 512 64 0 64 0 30 32768 0
md7 512 64 0 64 0 30 32768 0
md6 512 64 0 64 0 30 32768 0
md5 512 64 0 64 0 30 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-1024 1024 13 19 1553 0 16 32768 0
pcpu-64 64 487 25 487 0 254 32768 0
TURNSTILE 136 210 21 210 0 62 31416 0
tcp_bbr_pcb 832 0 36 477 0 16 29952 0
malloc-4096 4096 4 3 2536 0 2 28672 0
malloc-2048 2048 12 2 208 0 8 28672 0
malloc-64 64 270 171 6859 0 254 28224 0
KNOTE 160 28 147 44970 0 62 28000 0
ttyinq 160 135 40 300 0 62 28000 0
malloc-256 256 29 76 2627 0 62 26880 0
pipe 744 23 12 444 0 16 26040 0
malloc-8192 8192 2 1 4 0 1 24576 0
malloc-2048 2048 5 7 44 0 8 24576 0
PWD 32 31 725 2410 0 254 24192 0
ttyoutq 256 72 18 160 0 62 23040 0
SLEEPQUEUE 88 210 46 210 0 126 22528 0
malloc-2048 2048 2 8 143 0 8 20480 0
malloc-1024 1024 17 3 17 0 16 20480 0
malloc-512 512 10 30 353 0 30 20480 0
8 Bucket 80 56 194 1526 0 126 20000 0
Mountpoints 2752 2 5 2 0 4 19264 0
malloc-384 384 35 15 37 0 30 19200 0
malloc-384 384 34 16 34 0 30 19200 0
malloc-256 256 45 30 347 0 62 19200 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 2 2 85 0 2 16384 0
malloc-1024 1024 11 5 11 0 16 16384 0
malloc-512 512 12 20 19 0 30 16384 0
malloc-64 64 158 94 224 0 254 16128 0
malloc-64 64 58 194 3126 0 254 16128 0
malloc-32 32 315 189 10417 0 254 16128 0
16 Bucket 144 56 56 569 0 62 16128 0
vtnet_tx_hdr 24 0 668 390969 0 254 16032 0
malloc-128 128 89 35 2503 0 126 15872 0
malloc-128 128 7 117 455 0 126 15872 0
sctp_chunk 152 23 81 317 0 254 15808 0
tcp_rack_pcb 832 0 18 230 0 16 14976 0
malloc-1024 1024 8 4 9 0 16 12288 0
malloc-32 32 160 218 281 0 254 12096 0
malloc-32 32 104 274 4446 0 254 12096 0
2 Bucket 32 64 314 955 0 254 12096 0
malloc-16 16 371 379 663 0 254 12000 0
udp_inpcb 488 6 18 282 0 254 11712 0
kenv 258 15 30 1042 0 30 11610 0
routing nhops 256 27 18 34 0 62 11520 0
unpcb 256 20 25 1462 0 254 11520 0
malloc-256 256 36 9 1433 0 62 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-1024 1024 2 6 15 0 16 8192 0
malloc-1024 1024 1 7 43 0 16 8192 0
malloc-512 512 3 13 141 0 30 8192 0
malloc-512 512 1 15 219 0 30 8192 0
pf tags 104 0 78 38 0 126 8112 0
rtentry 176 30 16 34 0 62 8096 0
tcptw 88 0 92 8 0 254 8096 0
PGRP 88 35 57 70 0 126 8096 0
rl_entry 40 84 118 84 0 254 8080 0
sctp_asconf_ack 48 0 168 10 0 254 8064 0
sctp_stream_msg_out 112 21 51 212 0 254 8064 0
sctp_laddr 48 16 152 815 0 254 8064 0
tcp_rack_map 112 0 72 518 0 126 8064 0
udpcb 32 9 243 1337 0 254 8064 0
ertt 72 7 105 854 0 126 8064 0
malloc-64 64 21 105 168 0 254 8064 0
malloc-64 64 87 39 457 0 254 8064 0
malloc-32 32 138 114 194 0 254 8064 0
malloc-32 32 22 230 64 0 254 8064 0
malloc-32 32 38 214 890 0 254 8064 0
4 Bucket 48 6 162 101 0 254 8064 0
malloc-16 16 9 491 861 0 254 8000 0
malloc-16 16 16 484 33 0 254 8000 0
malloc-16 16 187 313 1477 0 254 8000 0
malloc-16 16 30 470 27746 0 254 8000 0
malloc-16 16 83 417 4252 0 254 8000 0
malloc-128 128 25 37 124 0 126 7936 0
malloc-128 128 11 51 266 0 126 7936 0
sctp_readq 152 0 52 100 0 254 7904 0
AIO 208 0 38 26 0 62 7904 0
cryptop 280 0 28 68 0 30 7840 0
ripcb 488 5 11 100 0 254 7808 0
malloc-384 384 1 19 349 0 30 7680 0
AIOLIO 272 0 28 16 0 30 7616 0
FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 7 55 7 0 126 6448 0
epoch_record pcpu 256 4 12 4 0 62 4096 0
malloc-2048 2048 1 1 1 0 8 4096 0
malloc-512 512 1 7 12 0 30 4096 0
malloc-512 512 4 4 4 0 30 4096 0
pcpu-16 16 7 249 7 0 254 4096 0
sackhole 32 0 126 2 0 254 4032 0
hostcache 64 1 62 1 0 254 4032 0
syncache 168 0 24 4 0 254 4032 0
AIOP 32 4 122 4 0 254 4032 0
itimer 352 0 11 5 0 30 3872 0
UMA Slabs 1 176 10 12 10 0 62 3872 0
AIOCB 552 0 7 15 0 16 3864 0
malloc-384 384 1 9 2 0 30 3840 0
mqnode 416 3 6 3 0 30 3744 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
vmem 1856 1 1 1 0 8 3712 0
SMR CPU 32 3 60 3 0 254 2016 0
SMR SHARED 24 3 60 3 0 254 1512 0
FFS1 dinode 128 0 0 0 0 126 0 0
da_ccb 544 0 0 0 0 16 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf 40 0 0 0 0 254 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 304 0 0 0 0 254 0 0
pf mtags 48 0 0 0 0 254 0 0
tcp_log_node 120 0 0 0 0 126 0 0
tcp_log_bucket 176 0 0 0 0 62 0 0
tcpreass
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: da2f833f MMCCAM: fix a panic after cam_sim_alloc_dev() rem..
git tree: https://github.com/freebsd/freebsd-src.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=145a7a9c300000
dashboard link: https://syzkaller.appspot.com/bug?extid=b0bb0e2ff6c6875647e8
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b0bb0e...@syzkaller.appspotmail.com
panic: ASan: Invalid access, 1-byte write at 0xfffffe0097a0f43e, UMAUseAfterFree(fd)
cpuid = 1
time = 1625699655
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe009790bb50
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe009790bcb0
vpanic() at vpanic+0x2c5/frame 0xfffffe009790bd90
panic() at panic+0xb5/frame 0xfffffe009790be50
__asan_store1_noabort() at __asan_store1_noabort+0x11a/frame 0xfffffe009790bf10
sctp_lower_sosend() at sctp_lower_sosend+0x6ee8/frame 0xfffffe009790c400
sctp_sosend() at sctp_sosend+0x729/frame 0xfffffe009790c6a0
sosend() at sosend+0x11e/frame 0xfffffe009790c710
kern_sendit() at kern_sendit+0x58d/frame 0xfffffe009790c880
sendit() at sendit+0x2b0/frame 0xfffffe009790c8d0
sys_sendto() at sys_sendto+0x182/frame 0xfffffe009790c9f0
amd64_syscall() at amd64_syscall+0x425/frame 0xfffffe009790cbf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe009790cbf0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x287eda, rsp = 0x7fffdfffdf08, rbp = 0x7fffdfffdf70 ---
KDB: enter: panic
[ thread pid 3344 tid 104388 ]
Stopped at kdb_enter+0x6b: movq $0,0x28f86da(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xb6470dc172f121f2
rdx 0x40001
rbx 0
rsp 0xfffffe009790bc90
rbp 0xfffffe009790bcb0
rsi 0
rdi 0xfffffe009ebb3ba8
r8 0x3
r9 0xfffffe009790b7e8
r10 0
r11 0xfffffe00a3cafa70
r12 0xfffffe00a3caf560
r13 0xfffffe009790bd01
r14 0xffffffff82c3df20 .str.18
r15 0xffffffff82c3df20 .str.18
rip 0xffffffff8178d35b kdb_enter+0x6b
rflags 0x46
kdb_enter+0x6b: movq $0,0x28f86da(%rip)
db> show proc
Process 3344 (syz-executor.2) at 0xfffffe00a75a1a70:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 802 at 0xfffffe0097b2ba70
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: /root/syz-executor.2
reaper: 0xfffffe0053d51538 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00a4e33000
(map 0xfffffe00a4e33000)
(map.pmap 0xfffffe00a4e330c0)
(pmap 0xfffffe00a4e33120)
threads: 3
101279 S nanslp 0xffffffff84052940 syz-executor.2
104388 Run CPU 1 syz-executor.2
104389 S uwait 0xfffffe00a756c400 syz-executor.2
db> ps
pid ppid pgrp uid state wmesg wchan cmd
3344 802 802 0 R (threaded) syz-executor.2
101279 S nanslp 0xffffffff84052940 syz-executor.2
104388 Run CPU 1 syz-executor.2
104389 S uwait 0xfffffe00a756c400 syz-executor.2
3342 784 784 0 R (threaded) syz-executor.1
103035 Run CPU 0 syz-executor.1
104386 S select 0xfffffe00a794eec0 syz-executor.1
104390 S select 0xfffffe00a794e9c0 syz-executor.1
3338 783 783 0 R (threaded) syz-executor.0
100111 RunQ syz-executor.0
104378 S sbwait 0xfffffe00a61571c4 syz-executor.0
104379 S sbwait 0xfffffe00a6155574 syz-executor.0
104381 S sbwait 0xfffffe00a61551c4 syz-executor.0
104382 S sbwait 0xfffffe00a612a1c4 syz-executor.0
104383 S uwait 0xfffffe00a4e49580 syz-executor.0
2181 1 2181 65 Ss select 0xfffffe009e6d7bc0 dhclient
1912 1 1912 0 Ss select 0xfffffe00a3cb5b40 dhclient
1909 1 1909 0 Ss select 0xfffffe00a3cb5ac0 dhclient
1882 1 1882 65 Ss select 0xfffffe00a756c040 dhclient
1701 1 784 0 S uwait 0xfffffe009eb88800 syz-executor.1
1699 1 784 0 S uwait 0xfffffe00a4ec2400 syz-executor.1
1697 1 784 0 S uwait 0xfffffe00a4e49a80 syz-executor.1
1690 1 783 0 S uwait 0xfffffe00a4e49480 syz-executor.0
1687 1 810 0 S uwait 0xfffffe009eb88180 syz-executor.3
1684 1 783 0 S uwait 0xfffffe00a4e49000 syz-executor.0
1681 1 810 0 S uwait 0xfffffe00a4e1d400 syz-executor.3
1678 1 783 0 S uwait 0xfffffe00a4ec2b80 syz-executor.0
1673 1 810 0 S uwait 0xfffffe009e5de480 syz-executor.3
1670 1 810 0 S uwait 0xfffffe00a4e1d000 syz-executor.3
1665 1 810 0 S uwait 0xfffffe00a4e49c80 syz-executor.3
1660 1 1660 0 Ss select 0xfffffe009e6d7140 dhclient
1657 1 1657 0 Ss select 0xfffffe009eb886c0 dhclient
1619 1 1619 65 Ss select 0xfffffe00a4e49ec0 dhclient
1581 0 0 0 DL mdwait 0xfffffe00a752c000 [md9]
1566 0 0 0 DL mdwait 0xfffffe00a751d000 [md8]
1558 0 0 0 DL mdwait 0xfffffe00a7510000 [md7]
1552 0 0 0 DL mdwait 0xfffffe00a7501000 [md6]
1547 0 0 0 DL mdwait 0xfffffe00a74f4000 [md5]
1433 1 1433 0 Ss select 0xfffffe00a3cb5e40 dhclient
1430 1 1430 0 Ss select 0xfffffe00a4e493c0 dhclient
1411 1 1411 65 Ss select 0xfffffe009e5de9c0 dhclient
1052 1 1052 0 Ss select 0xfffffe00a4e1dbc0 dhclient
1041 1 1041 0 Ss select 0xfffffe009eb88240 dhclient
984 0 0 0 DL aiordy 0xfffffe00a4f38a70 [aiod4]
983 0 0 0 DL aiordy 0xfffffe00a4e15538 [aiod3]
982 0 0 0 DL aiordy 0xfffffe0097a7a538 [aiod2]
981 0 0 0 DL aiordy 0xfffffe0097a7a000 [aiod1]
929 0 0 0 DL mdwait 0xfffffe00a4e9a000 [md4]
927 0 0 0 DL mdwait 0xfffffe00a4e98000 [md3]
923 0 0 0 DL mdwait 0xfffffe009ebc5000 [md2]
912 0 0 0 DL mdwait 0xfffffe00a4e86000 [md1]
909 0 0 0 DL mdwait 0xfffffe009ebed000 [md0]
810 780 810 0 Rs syz-executor.3
802 780 802 0 Rs syz-executor.2
784 780 784 0 Ss nanslp 0xffffffff84052940 syz-executor.1
783 780 783 0 Ss nanslp 0xffffffff84052940 syz-executor.0
780 778 778 0 S (threaded) syz-fuzzer
100114 S uwait 0xfffffe0097b29580 syz-fuzzer
100123 S uwait 0xfffffe009e5dec80 syz-fuzzer
100124 S kqread 0xfffffe009e6b3700 syz-fuzzer
100125 S uwait 0xfffffe009e55c000 syz-fuzzer
100126 S uwait 0xfffffe009e55c100 syz-fuzzer
100127 S uwait 0xfffffe009e55c200 syz-fuzzer
100128 S uwait 0xfffffe009eb88b00 syz-fuzzer
100130 S uwait 0xfffffe009eb88c00 syz-fuzzer
100131 S uwait 0xfffffe009eb88d00 syz-fuzzer
778 776 778 0 Ss pause 0xfffffe009e6d00b0 csh
776 694 776 0 Ss select 0xfffffe009e5de2c0 sshd
760 1 760 0 Ss+ ttyin 0xfffffe0056cbfcb0 getty
759 1 759 0 Ss+ ttyin 0xfffffe00580740b0 getty
758 1 758 0 Ss+ ttyin 0xfffffe00580744b0 getty
757 1 757 0 Ss+ ttyin 0xfffffe00580748b0 getty
756 1 756 0 Ss+ ttyin 0xfffffe0058074cb0 getty
755 1 755 0 Ss+ ttyin 0xfffffe0057fcc0b0 getty
754 1 754 0 Ss+ ttyin 0xfffffe0057fcc4b0 getty
753 1 753 0 Ss+ ttyin 0xfffffe0057fcc8b0 getty
752 1 752 0 Ss+ ttyin 0xfffffe0057fcccb0 getty
698 1 698 0 Ss nanslp 0xffffffff84052940 cron
694 1 694 0 Ss select 0xfffffe009e55cac0 sshd
507 1 507 0 Ss select 0xfffffe0097b29440 syslogd
436 1 436 0 Ss select 0xfffffe009e55cb40 devd
435 1 435 65 Ss select 0xfffffe009e55cc40 dhclient
350 1 350 0 Ss select 0xfffffe009e5dea40 dhclient
347 1 347 0 Ss select 0xfffffe009e55cbc0 dhclient
23 0 0 0 DL syncer 0xffffffff84178a40 [syncer]
22 0 0 0 DL vlruwt 0xfffffe005841fa70 [vnlru]
21 0 0 0 DL (threaded) [bufdaemon]
100081 D qsleep 0xffffffff84176940 [bufdaemon]
100086 D - 0xffffffff83411f80 [bufspacedaemon-0]
100099 D sdflush 0xfffffe0097b36ce8 [/ worker]
20 0 0 0 DL psleep 0xffffffff841aeac0 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100079 D psleep 0xffffffff841a25f8 [dom0]
100087 D launds 0xffffffff841a2604 [laundry: dom0]
100088 D umarcl 0xffffffff81e7afa0 [uma]
18 0 0 0 DL - 0xffffffff83e09ae0 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff848733c0 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff84d8bd00 [pf purge]
15 0 0 0 DL - 0xffffffff84171dc0 [soaiod4]
9 0 0 0 DL - 0xffffffff84171dc0 [soaiod3]
8 0 0 0 DL - 0xffffffff84171dc0 [soaiod2]
7 0 0 0 DL - 0xffffffff84171dc0 [soaiod1]
6 0 0 0 DL (threaded) [cam]
100044 D - 0xffffffff83c8f240 [doneq0]
100045 D - 0xffffffff83c8f1c0 [async]
100078 D - 0xffffffff83c8f040 [scanner]
14 0 0 0 DL seqstat 0xfffffe0053f8ec88 [sequencer 00]
5 0 0 0 DL crypto_ 0xfffffe0053e8ad80 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffffe0053e8ad30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff8419c6a0 [crypto]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff84025f00 [g_event]
100036 D - 0xffffffff84025f40 [g_up]
100037 D - 0xffffffff84025f80 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100028 D - 0xfffffe0053e16e00 [thr_0]
100029 D - 0xfffffe0053e16e80 [thr_1]
12 0 0 0 WL (threaded) [intr]
100011 I [swi6: task queue]
100012 I [swi6: Giant taskq]
100015 I [swi5: fast taskq]
100030 I [swi4: clock (0)]
100031 I [swi4: clock (1)]
100032 I [swi1: netisr 0]
100033 I [swi3: vm]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq10: virtio_pci2]
100061 I [irq1: atkbd0]
100062 I [irq12: psm0]
100063 I [swi0: uart uart++]
100071 I [swi1: pf send]
100084 I [swi1: hpts]
100085 I [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0053d51538 [init]
10 0 0 0 DL audit_w 0xffffffff8419d640 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff84026e00 [swapper]
100005 D - 0xfffffe0053c0d800 [if_config_tqg_0]
100006 D - 0xfffffe0053c0d600 [softirq_0]
100007 D - 0xfffffe0053c0d400 [softirq_1]
100008 D - 0xfffffe0053c0d200 [if_io_tqg_0]
100009 D - 0xfffffe0053c0d000 [if_io_tqg_1]
100010 D - 0xfffffe000791a700 [pci_hp taskq]
100013 D - 0xfffffe000791a400 [thread taskq]
100014 D - 0xfffffe000791a300 [inm_free taskq]
100016 D - 0xfffffe000791a100 [linuxkpi_irq_wq]
100017 D - 0xfffffe000791a000 [kqueue_ctx taskq]
100018 D - 0xfffffe0053df6e00 [in6m_free taskq]
100019 D - 0xfffffe0053df6d00 [aiod_kick taskq]
100020 D - 0xfffffe0053df6c00 [linuxkpi_short_wq_0]
100021 D - 0xfffffe0053df6c00 [linuxkpi_short_wq_1]
100022 D - 0xfffffe0053df6c00 [linuxkpi_short_wq_2]
100023 D - 0xfffffe0053df6c00 [linuxkpi_short_wq_3]
100024 D - 0xfffffe0053df6b00 [linuxkpi_long_wq_0]
100025 D - 0xfffffe0053df6b00 [linuxkpi_long_wq_1]
100026 D - 0xfffffe0053df6b00 [linuxkpi_long_wq_2]
100027 D - 0xfffffe0053df6b00 [linuxkpi_long_wq_3]
100034 D - 0xfffffe0053df6a00 [firmware taskq]
100038 D - 0xfffffe0053df6900 [crypto_0]
100039 D - 0xfffffe0053df6900 [crypto_1]
100055 D - 0xfffffe0053df6700 [vtnet0 rxq 0]
100056 D - 0xfffffe0053df6600 [vtnet0 txq 0]
100057 D - 0xfffffe0053df6500 [vtnet0 rxq 1]
100058 D - 0xfffffe0053df6400 [vtnet0 txq 1]
100060 D vtbslp 0xfffffe0056c9e480 [virtio_balloon]
100064 D - 0xfffffe0053df6300 [mca taskq]
100069 D - 0xffffffff82c44ea1 [deadlkres]
100074 D - 0xfffffe0057fcbe00 [acpi_task_0]
100075 D - 0xfffffe0057fcbe00 [acpi_task_1]
100076 D - 0xfffffe0057fcbe00 [acpi_task_2]
100077 D - 0xfffffe0053df6800 [CAM taskq]
db> show all locks
Process 3344 (syz-executor.2) thread 0xfffffe00a3caf560 (104388)
exclusive sleep mutex sctp-send-tcb (tcbs) r = 0 (0xfffffe00a4f338d0) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:13125
Process 3342 (syz-executor.1) thread 0xfffffe00a75f8c80 (103035)
exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff84071740) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:946
Process 3338 (syz-executor.0) thread 0xfffffe00a76b03a0 (104379)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe00a6155518) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:467
Process 3338 (syz-executor.0) thread 0xfffffe009e6d2560 (104381)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe00a6155168) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:467
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4216 4338K 4254
tcp_hpts 5 3201K 5
sysctloid 34858 2059K 34925
vtbuf 24 1968K 46
kobj 326 1304K 576
newblk 56 1038K 6943
vfscache 3 1025K 3
pcb 105 623K 6282
inodedep 194 585K 2585
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 190 387K 3452
filedesc 38 297K 4687
vmem 3 274K 5
acpica 1674 184K 54806
vnet_data 1 168K 1
tidhash 3 141K 3
linker 357 140K 397
pagedep 9 130K 2373
tfo_ccache 1 128K 1
sctp_stro 36 127K 1128
DEVFS1 117 117K 134
sem 4 106K 4
BPF 46 88K 55
bus 986 80K 3469
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 510 64K 510
umtx 418 53K 418
kdtrace 273 52K 7736
dirrem 183 46K 2420
md_disk 15 41K 15
temp 36 35K 2688
DEVFS3 136 34K 146
hostcache 1 32K 1
shm 1 32K 22
msg 4 30K 4
sctp_atcl 75 29K 3984
gtaskqueue 18 26K 18
freefile 185 24K 2408
kbdmux 6 22K 6
pf_rule 11 21K 54
md_sectors 5 20K 5
routetbl 144 20K 589
ifaddr 70 20K 72
DEVFS_RULE 56 20K 56
GEOM 130 20K 949
ufs_mount 5 17K 6
proc 3 17K 3
tty 16 16K 16
ithread 99 16K 99
bus-sc 33 14K 1684
lltable 44 14K 172
KTRACE 100 13K 100
ifnet 7 13K 7
ether_multi 152 13K 170
devstat 6 13K 6
kenv 95 12K 95
eventhandler 133 12K 133
CAM queue 5 11K 1528
rman 84 10K 425
in6_multi 65 9K 65
bmsafemap 2 9K 2554
freework 33 9K 3001
UART 12 9K 12
ksem 1 8K 73
sctp_timw 32 8K 32
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
kqueue 89 8K 3372
pfs_nodes 20 8K 20
audit_evclass 236 8K 294
cred 26 7K 274
taskqueue 60 7K 60
sglist 5 7K 5
pf_table 3 6K 42
CAM DEV 3 6K 510
plimit 24 6K 481
pwddesc 87 6K 3355
DEVFSP 80 5K 450
pf_ifnet 13 5K 60
sctp_atky 115 5K 5284
ufs_dirhash 24 5K 24
UMA 275 5K 275
session 35 5K 70
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
kcovinfo 64 4K 68
acpisem 28 4K 28
selfd 55 4K 50853
lockf 32 4K 156
hhook 15 4K 17
fpukern_ctx 3 3K 3
proc-args 52 3K 693
terminal 11 3K 11
select 21 3K 182
uidinfo 3 3K 21
local_apic 1 2K 1
io_apic 1 2K 1
freeblks 8 2K 2426
ipsec-saq 2 2K 2
ip6ndp 12 2K 13
sctp_ifa 13 2K 14
Unitno 27 2K 47
CAM XPT 22 2K 543
in_multi 6 2K 12
ipsecpolicy 2 2K 2
acpidev 20 2K 20
sctp_athm 75 2K 4081
sctp_map 72 2K 2206
msi 9 2K 9
clone 9 2K 9
tun 7 2K 7
softdep 1 1K 1
mkdir 8 1K 4664
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 140
NFSD session 1 1K 1
CAM periph 4 1K 271
ipsec 3 1K 3
sctp_ifn 6 1K 14
mld 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
inpcbpolicy 21 1K 2291
crypto 4 1K 259
encap_export_host 12 1K 12
procdesc 5 1K 18
ip_msource 9 1K 57
sctp_stri 1 1K 208
newdirblk 4 1K 2332
diradd 4 1K 2460
indirdep 2 1K 813
pfil 4 1K 4
cdev 2 1K 2
osd 11 1K 865
chacha20random 1 1K 1
iov 2 1K 18064
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
vnodes 1 1K 1
CAM SIM 2 1K 2
ktls 1 1K 1
feeder 7 1K 7
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
lkpikmalloc 5 1K 6
aesni_data 2 1K 2
apmdev 1 1K 1
atkbddev 2 1K 2
CAM dev queue 2 1K 2
xform 2 1K 786
CAM I/O Scheduler 1 1K 1
CAM path 4 1K 1034
pmchooks 1 1K 1
nexusdev 7 1K 7
soname 4 1K 6847
filecaps 5 1K 123
sctp_vrf 1 1K 1
vnet 1 1K 1
entropy 2 1K 47
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
mqdata 0 0K 0
cdg data 0 0K 0
tcp_do 0 0K 0
tcp_fsb 0 0K 230
chd data 0 0K 0
htcp data 0 0K 0
dctcp data 0 0K 11
cubic data 0 0K 0
vegas data 0 0K 19
sctp_mcore 0 0K 0
sctp_socko 0 0K 1830
sctp_iter 0 0K 16
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 4
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 12
sctp_aadr 0 0K 17
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
axgbe 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
xen_intr 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
xenstore 0 0K 0
ciss_data 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
BACKLIGHT 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
xbd 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
vm_fictitious 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
pvscsi 0 0K 0
scsi_da 0 0K 69
UMAHash 0 0K 0
ata_da 0 0K 0
scsi_ch 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 1192
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 68
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 2
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
scsi_cd 0 0K 0
AHCI driver 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
ktls_ocf 0 0K 0
acpipwr 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
seq_file 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpifw 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 36
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
acpi_perf 0 0K 0
LRO 0 0K 0
newreno data 0 0K 0
ip_moptions 0 0K 25
in_mfilter 0 0K 100
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 5
VN POLL 0 0K 0
twsbuf 0 0K 0
statfs 0 0K 2531
namei_tracker 0 0K 5
export_host 0 0K 0
cl_savebuf 0 0K 30
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 146
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
CAM CCB 0 0K 8050
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 16
acl 0 0K 0
osti_cacheable 0 0K 0
mbuf_tag 0 0K 167
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
accf 0 0K 0
pts 0 0K 0
ioctlops 0 0K 346
eventfd 0 0K 4
Witness 0 0K 0
stack 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
sbuf 0 0K 408
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
malodev 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 965
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
cache 0 0K 0
iirbuf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 132
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWdirectio 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 10595 1 590448 0 254 43401216 0
tcp_log 416 5452 10361 153452 0 254 6578208 0
mbuf 256 11146 59 1289966 0 254 2868480 0
pbuf 2624 0 957 0 0 2 2511168 0
RADIX NODE 144 11544 1275 117573 0 62 1845936 0
BUF TRIE 144 356 11404 6060 0 62 1693440 0
malloc-384 384 4240 10 4372 0 30 1632000 0
malloc-128 128 11494 38 11730 0 126 1476096 0
malloc-4096 4096 327 5 663 0 2 1359872 0
UMA Slabs 0 112 12010 11 12010 0 126 1346352 0
mbuf_cluster 2048 600 2 600 0 254 1232896 0
vmem btag 56 20268 83 20268 0 254 1139656 0
tcp_bbr_map 128 0 6324 133679 0 126 809472 0
FFS inode 1160 526 27 2938 0 8 641480 0
256 Bucket 2048 221 21 17769 0 8 495616 0
malloc-4096 4096 110 9 3900 0 2 487424 0
ertt_txseginfo 40 0 12120 307846 0 254 484800 0
VM OBJECT 264 1447 128 50945 0 30 415800 0
malloc-16384 16384 19 5 2342 0 1 393216 0
THREAD 1808 185 24 4390 0 8 377872 0
lkpimm 160 1 2324 1 0 62 372000 0
lkpicurr 160 2 2323 2 0 62 372000 0
malloc-64 64 4249 350 55432 0 254 294336 0
VNODE 448 565 83 2979 0 30 290304 0
malloc-65536 65536 4 0 4 0 1 262144 0
MAP ENTRY 96 2225 337 189201 0 126 245952 0
malloc-16 16 14334 416 17795 0 254 236000 0
malloc-32768 32768 0 7 718 0 1 229376 0
DEVCTL 1024 0 220 173 0 0 225280 0
malloc-256 256 388 407 15153 0 62 203520 0
malloc-65536 65536 1 2 21 0 1 196608 0
UMA Zones 768 247 2 247 0 16 191232 0
malloc-32 32 5431 113 5723 0 254 177408 0
sctp_asoc 2288 36 39 1103 0 254 171600 0
malloc-128 128 1264 69 31664 0 126 170624 0
malloc-128 128 1210 61 7244 0 126 162688 0
mbuf_packet 256 89 511 10820 0 254 153600 0
VMSPACE 2544 50 10 3304 0 4 152640 0
socket 944 50 106 6553 0 254 147264 0
FFS2 dinode 256 526 29 2938 0 62 142080 0
128 Bucket 1024 102 33 2049 0 16 138240 0
S VFS Cache 104 1028 298 3558 0 126 137904 0
PROC 1336 86 16 3344 0 8 136272 0
malloc-384 384 193 157 2599 0 30 134400 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 0 2 414 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 0 2 22 0 1 131072 0
malloc-1024 1024 120 4 137 0 16 126976 0
clpbuf 2624 0 48 547 0 16 125952 0
malloc-2048 2048 40 20 2762 0 8 122880 0
ksiginfo 112 87 957 1762 0 126 116928 0
filedesc0 1072 87 18 3355 0 8 112560 0
sctp_ep 1280 38 49 2758 0 254 111360 0
malloc-2048 2048 4 46 511 0 8 102400 0
malloc-2048 2048 7 43 8078 0 8 102400 0
malloc-256 256 199 191 8705 0 62 99840 0
malloc-32768 32768 0 3 13 0 1 98304 0
malloc-16384 16384 4 2 179 0 1 98304 0
UMA Kegs 384 232 1 232 0 30 89472 0
malloc-128 128 488 163 2926 0 126 83328 0
malloc-8192 8192 5 5 214 0 1 81920 0
g_bio 408 0 190 24515 0 30 77520 0
sctp_raddr 736 36 63 1189 0 254 72864 0
malloc-1024 1024 43 25 1644 0 16 69632 0
malloc-32768 32768 0 2 130 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 0 2 2 0 1 65536 0
malloc-8192 8192 6 2 10 0 1 65536 0
64 Bucket 512 79 49 5225 0 30 65536 0
tcpcb 1080 7 49 854 0 254 60480 0
malloc-4096 4096 14 0 14 0 2 57344 0
malloc-4096 4096 12 2 17 0 2 57344 0
32 Bucket 256 72 138 15489 0 62 53760 0
malloc-4096 4096 12 1 23 0 2 53248 0
malloc-384 384 75 55 4000 0 30 49920 0
malloc-256 256 164 31 331 0 62 49920 0
malloc-256 256 144 51 1213 0 62 49920 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-8192 8192 4 2 8 0 1 49152 0
malloc-2048 2048 16 8 268 0 8 49152 0
pcpu-8 8 4877 755 6404 0 254 45056 0
malloc-64 64 599 94 21340 0 254 44352 0
malloc-8192 8192 5 0 5 0 1 40960 0
udplite_inpcb 488 3 77 1055 0 254 39040 0
tcp_inpcb 488 7 73 854 0 254 39040 0
malloc-384 384 81 19 218 0 30 38400 0
malloc-256 256 87 63 3256 0 62 38400 0
DIRHASH 1024 34 2 34 0 16 36864 0
NAMEI 1024 0 36 25545 0 16 36864 0
malloc-64 64 478 89 690 0 254 36288 0
Files 80 253 197 16933 0 126 36000 0
md9 512 64 0 64 0 30 32768 0
md8 512 64 0 64 0 30 32768 0
md7 512 64 0 64 0 30 32768 0
md6 512 64 0 64 0 30 32768 0
md5 512 64 0 64 0 30 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-1024 1024 13 19 1553 0 16 32768 0
pcpu-64 64 487 25 487 0 254 32768 0
TURNSTILE 136 210 21 210 0 62 31416 0
tcp_bbr_pcb 832 0 36 477 0 16 29952 0
malloc-4096 4096 4 3 2536 0 2 28672 0
malloc-2048 2048 12 2 208 0 8 28672 0
malloc-64 64 270 171 6859 0 254 28224 0
KNOTE 160 28 147 44970 0 62 28000 0
ttyinq 160 135 40 300 0 62 28000 0
malloc-256 256 29 76 2627 0 62 26880 0
pipe 744 23 12 444 0 16 26040 0
malloc-8192 8192 2 1 4 0 1 24576 0
malloc-2048 2048 5 7 44 0 8 24576 0
PWD 32 31 725 2410 0 254 24192 0
ttyoutq 256 72 18 160 0 62 23040 0
SLEEPQUEUE 88 210 46 210 0 126 22528 0
malloc-2048 2048 2 8 143 0 8 20480 0
malloc-1024 1024 17 3 17 0 16 20480 0
malloc-512 512 10 30 353 0 30 20480 0
8 Bucket 80 56 194 1526 0 126 20000 0
Mountpoints 2752 2 5 2 0 4 19264 0
malloc-384 384 35 15 37 0 30 19200 0
malloc-384 384 34 16 34 0 30 19200 0
malloc-256 256 45 30 347 0 62 19200 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 2 2 85 0 2 16384 0
malloc-1024 1024 11 5 11 0 16 16384 0
malloc-512 512 12 20 19 0 30 16384 0
malloc-64 64 158 94 224 0 254 16128 0
malloc-64 64 58 194 3126 0 254 16128 0
malloc-32 32 315 189 10417 0 254 16128 0
16 Bucket 144 56 56 569 0 62 16128 0
vtnet_tx_hdr 24 0 668 390969 0 254 16032 0
malloc-128 128 89 35 2503 0 126 15872 0
malloc-128 128 7 117 455 0 126 15872 0
sctp_chunk 152 23 81 317 0 254 15808 0
tcp_rack_pcb 832 0 18 230 0 16 14976 0
malloc-1024 1024 8 4 9 0 16 12288 0
malloc-32 32 160 218 281 0 254 12096 0
malloc-32 32 104 274 4446 0 254 12096 0
2 Bucket 32 64 314 955 0 254 12096 0
malloc-16 16 371 379 663 0 254 12000 0
udp_inpcb 488 6 18 282 0 254 11712 0
kenv 258 15 30 1042 0 30 11610 0
routing nhops 256 27 18 34 0 62 11520 0
unpcb 256 20 25 1462 0 254 11520 0
malloc-256 256 36 9 1433 0 62 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-1024 1024 2 6 15 0 16 8192 0
malloc-1024 1024 1 7 43 0 16 8192 0
malloc-512 512 3 13 141 0 30 8192 0
malloc-512 512 1 15 219 0 30 8192 0
pf tags 104 0 78 38 0 126 8112 0
rtentry 176 30 16 34 0 62 8096 0
tcptw 88 0 92 8 0 254 8096 0
PGRP 88 35 57 70 0 126 8096 0
rl_entry 40 84 118 84 0 254 8080 0
sctp_asconf_ack 48 0 168 10 0 254 8064 0
sctp_stream_msg_out 112 21 51 212 0 254 8064 0
sctp_laddr 48 16 152 815 0 254 8064 0
tcp_rack_map 112 0 72 518 0 126 8064 0
udpcb 32 9 243 1337 0 254 8064 0
ertt 72 7 105 854 0 126 8064 0
malloc-64 64 21 105 168 0 254 8064 0
malloc-64 64 87 39 457 0 254 8064 0
malloc-32 32 138 114 194 0 254 8064 0
malloc-32 32 22 230 64 0 254 8064 0
malloc-32 32 38 214 890 0 254 8064 0
4 Bucket 48 6 162 101 0 254 8064 0
malloc-16 16 9 491 861 0 254 8000 0
malloc-16 16 16 484 33 0 254 8000 0
malloc-16 16 187 313 1477 0 254 8000 0
malloc-16 16 30 470 27746 0 254 8000 0
malloc-16 16 83 417 4252 0 254 8000 0
malloc-128 128 25 37 124 0 126 7936 0
malloc-128 128 11 51 266 0 126 7936 0
sctp_readq 152 0 52 100 0 254 7904 0
AIO 208 0 38 26 0 62 7904 0
cryptop 280 0 28 68 0 30 7840 0
ripcb 488 5 11 100 0 254 7808 0
malloc-384 384 1 19 349 0 30 7680 0
AIOLIO 272 0 28 16 0 30 7616 0
FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 7 55 7 0 126 6448 0
epoch_record pcpu 256 4 12 4 0 62 4096 0
malloc-2048 2048 1 1 1 0 8 4096 0
malloc-512 512 1 7 12 0 30 4096 0
malloc-512 512 4 4 4 0 30 4096 0
pcpu-16 16 7 249 7 0 254 4096 0
sackhole 32 0 126 2 0 254 4032 0
hostcache 64 1 62 1 0 254 4032 0
syncache 168 0 24 4 0 254 4032 0
AIOP 32 4 122 4 0 254 4032 0
itimer 352 0 11 5 0 30 3872 0
UMA Slabs 1 176 10 12 10 0 62 3872 0
AIOCB 552 0 7 15 0 16 3864 0
malloc-384 384 1 9 2 0 30 3840 0
mqnode 416 3 6 3 0 30 3744 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
vmem 1856 1 1 1 0 8 3712 0
SMR CPU 32 3 60 3 0 254 2016 0
SMR SHARED 24 3 60 3 0 254 1512 0
FFS1 dinode 128 0 0 0 0 126 0 0
da_ccb 544 0 0 0 0 16 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf 40 0 0 0 0 254 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 304 0 0 0 0 254 0 0
pf mtags 48 0 0 0 0 254 0 0
tcp_log_node 120 0 0 0 0 126 0 0
tcp_log_bucket 176 0 0 0 0 62 0 0
tcpreass
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Aug 19, 2021, 7:29:22 PM8/19/21
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: a313b5240a47 dhclient: skip_to_semi() consumes semicolon a..
dashboard link: https://syzkaller.appspot.com/bug?extid=b0bb0e2ff6c6875647e8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=156bb731300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b0bb0e...@syzkaller.appspotmail.com
panic: ASan: Invalid access, 4-byte write at 0xfffffe009ea92398, UMAUseAfterFree(fd)
cpuid = 1
time = 1629413515
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe0053b65410
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe0053b65570
vpanic() at vpanic+0x2c5/frame 0xfffffe0053b65650
panic() at panic+0xb5/frame 0xfffffe0053b65720
kasan_atomic_fetchadd_int() at kasan_atomic_fetchadd_int+0x225/frame 0xfffffe0053b657e0
sctp_toss_old_asconf() at sctp_toss_old_asconf+0x35c/frame 0xfffffe0053b65870
sctp_handle_asconf_ack() at sctp_handle_asconf_ack+0x69e/frame 0xfffffe0053b65c30
sctp_process_control() at sctp_process_control+0x35a0/frame 0xfffffe0053b66300
sctp_common_input_processing() at sctp_common_input_processing+0xb26/frame 0xfffffe0053b66560
sctp6_input_with_port() at sctp6_input_with_port+0x5a1/frame 0xfffffe0053b66730
sctp6_input() at sctp6_input+0x1f/frame 0xfffffe0053b66750
ip6_input() at ip6_input+0x252d/frame 0xfffffe0053b669b0
swi_net() at swi_net+0x2e5/frame 0xfffffe0053b66a50
ithread_loop() at ithread_loop+0x4f1/frame 0xfffffe0053b66bb0
fork_exit() at fork_exit+0xd0/frame 0xfffffe0053b66bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0053b66bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100033 ]
Stopped at kdb_enter+0x6b: movq $0,0x28eb59a(%rip)
rdx 0xdffff7c000000000
rbx 0
rsp 0xfffffe0053b65550
rbp 0xfffffe0053b65570
rsi 0x1
rdi 0xffffffff840899c0 cov_trace_pc
r8 0x3
r9 0xfffffe0053b65088
r10 0
r11 0xbf
r12 0xfffffe0053e04900
r13 0xfffffe0053b65501
r14 0xffffffff82c669a0 .str.18
r15 0xffffffff82c669a0 .str.18
rip 0xffffffff817a0d9b kdb_enter+0x6b
rflags 0x46
kdb_enter+0x6b: movq $0,0x28eb59a(%rip)
db> show proc
Process 12 (intr) at 0xfffffe0053df6a70:
ABI: null
flag: 0x10000284 flag2: 0
reaper: 0xffffffff8402d6c0 reapsubtree: 12
sigparent: 20
vmspace: 0xffffffff8402e640
(map 0xffffffff8402e640)
(map.pmap 0xffffffff8402e700)
(pmap 0xffffffff8402e760)
threads: 23
100019 I [swi6: task queue]
100032 I [swi3: vm]
100033 Run CPU 1 [swi1: netisr 0]
100034 I [swi4: clock (0)]
100035 I [swi4: clock (1)]
100036 I [swi1: hpts]
100037 I [swi1: hpts]
100050 I [irq24: virtio_pci0]
100051 I [irq25: virtio_pci0]
100052 I [irq26: virtio_pci0]
100053 I [irq27: virtio_pci0]
100054 I [irq28: virtio_pci1]
100055 I [irq29: virtio_pci1]
100056 I [irq30: virtio_pci1]
100057 I [irq31: virtio_pci1]
100058 I [irq32: virtio_pci1]
100063 I [irq10: virtio_pci2]
100065 I [irq1: atkbd0]
100066 I [irq12: psm0]
100067 I [swi0: uart uart++]
100075 I [swi1: pf send]
100115 s syz-executor.2
100297 RunQ syz-executor.2
961 793 793 0 R (threaded) syz-executor.1
100116 RunQ syz-executor.1
100296 RunQ syz-executor.1
100298 RunQ syz-executor.1
958 790 790 0 R (threaded) syz-executor.0
100202 RunQ syz-executor.0
100291 RunQ syz-executor.0
943 1 943 0 Rs rtsol
942 1 942 0 Ss select 0xfffffe009ea8aac0 rtsol
939 1 939 0 Ss select 0xfffffe009ea865c0 rtsol
932 810 436 0 S select 0xfffffe009ea8ac40 rtsol
810 798 436 0 S wait 0xfffffe0058b01000 sh
798 436 436 0 S wait 0xfffffe009e9be000 sh
794 788 794 0 Rs syz-executor.2
793 788 793 0 Rs syz-executor.1
791 788 791 0 Rs syz-executor.3
790 788 790 0 Rs syz-executor.0
788 786 786 0 R (threaded) syz-execprog
100104 S uwait 0xfffffe0058785300 syz-execprog
100119 RunQ syz-execprog
100120 S kqread 0xfffffe009e3f1000 syz-execprog
100121 S uwait 0xfffffe009e9c4d80 syz-execprog
100122 S uwait 0xfffffe009e9c4e80 syz-execprog
100123 S uwait 0xfffffe009e2fa980 syz-execprog
100124 S uwait 0xfffffe005888e000 syz-execprog
100125 S uwait 0xfffffe005888e100 syz-execprog
100126 S uwait 0xfffffe005888ee80 syz-execprog
100128 S uwait 0xfffffe009e2faa80 syz-execprog
100127 S uwait 0xfffffe005888e480 syz-execprog
786 784 786 0 Ss pause 0xfffffe009e9beb20 csh
784 694 784 0 Ss select 0xfffffe005888e240 sshd
760 1 760 0 Ss+ ttyin 0xfffffe0057000cb0 getty
759 1 759 0 Ss+ ttyin 0xfffffe00575ee4b0 getty
758 1 758 0 Ss+ ttyin 0xfffffe00575ee8b0 getty
757 1 757 0 Ss+ ttyin 0xfffffe00575eecb0 getty
756 1 756 0 Ss+ ttyin 0xfffffe00583bd0b0 getty
755 1 755 0 Ss+ ttyin 0xfffffe00583bd4b0 getty
754 1 754 0 Ss+ ttyin 0xfffffe00583bd8b0 getty
753 1 753 0 Ss+ ttyin 0xfffffe00583bdcb0 getty
752 1 752 0 Ss+ ttyin 0xfffffe005746e0b0 getty
698 1 698 0 Ss nanslp 0xffffffff84059200 cron
694 1 694 0 Ss select 0xfffffe009e418640 sshd
507 1 507 0 Ss select 0xfffffe009e418740 syslogd
436 1 436 0 Ss wait 0xfffffe0058b3ea70 devd
435 1 435 65 Ss select 0xfffffe005888eb40 dhclient
350 1 350 0 Ss select 0xfffffe009e418940 dhclient
347 1 347 0 Ss select 0xfffffe005888ec40 dhclient
23 0 0 0 RL [syncer]
22 0 0 0 DL vlruwt 0xfffffe005875ea70 [vnlru]
21 0 0 0 RL (threaded) [bufdaemon]
100085 D qsleep 0xffffffff8417f2a0 [bufdaemon]
100088 D - 0xffffffff83411f80 [bufspacedaemon-0]
100097 RunQ [/ worker]
20 0 0 0 DL psleep 0xffffffff841b76c0 [vmdaemon]
100089 D launds 0xffffffff841ab204 [laundry: dom0]
100090 D umarcl 0xffffffff81e9d870 [uma]
18 0 0 0 DL - 0xffffffff83e10320 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff84d764e0 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff8475ae20 [pf purge]
15 0 0 0 DL - 0xffffffff8417a4c0 [soaiod4]
9 0 0 0 DL - 0xffffffff8417a4c0 [soaiod3]
8 0 0 0 DL - 0xffffffff8417a4c0 [soaiod2]
7 0 0 0 DL - 0xffffffff8417a4c0 [soaiod1]
100049 D - 0xffffffff83c95a40 [async]
100082 D - 0xffffffff83c958c0 [scanner]
14 0 0 0 DL seqstat 0xfffffe0056aba888 [sequencer 00]
5 0 0 0 DL crypto_ 0xfffffe0053c0cc80 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffffe0053c0cc30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff841a52a0 [crypto]
100040 D - 0xffffffff8402c800 [g_up]
100041 D - 0xffffffff8402c840 [g_down]
100030 D - 0xfffffe0053dff080 [thr_1]
100031 D - 0xffffffff8417b848 [alloc_0]
12 0 0 0 RL (threaded) [intr]
100019 I [swi6: task queue]
100032 I [swi3: vm]
100033 Run CPU 1 [swi1: netisr 0]
100034 I [swi4: clock (0)]
100035 I [swi4: clock (1)]
100036 I [swi1: hpts]
100037 I [swi1: hpts]
100050 I [irq24: virtio_pci0]
100051 I [irq25: virtio_pci0]
100052 I [irq26: virtio_pci0]
100053 I [irq27: virtio_pci0]
100054 I [irq28: virtio_pci1]
100055 I [irq29: virtio_pci1]
100056 I [irq30: virtio_pci1]
100057 I [irq31: virtio_pci1]
100058 I [irq32: virtio_pci1]
100063 I [irq10: virtio_pci2]
100065 I [irq1: atkbd0]
100066 I [irq12: psm0]
100067 I [swi0: uart uart++]
100075 I [swi1: pf send]
10 0 0 0 DL audit_w 0xffffffff841a6240 [audit]
0 0 0 0 RLs (threaded) [kernel]
100000 D swapin 0xffffffff8402d6c0 [swapper]
100005 D - 0xfffffe0053df0e00 [if_config_tqg_0]
100006 D - 0xfffffe0053df0d00 [softirq_0]
100007 D - 0xfffffe0053df0c00 [softirq_1]
100008 D - 0xfffffe0053df0b00 [if_io_tqg_0]
100009 D - 0xfffffe0053df0a00 [if_io_tqg_1]
100010 D - 0xfffffe0053c07c00 [in6m_free taskq]
100011 D - 0xfffffe0053c07b00 [deferred_unmount ta]
100013 Run CPU 0 [thread taskq]
100015 D - 0xfffffe0053c07700 [kqueue_ctx taskq]
100016 D - 0xfffffe0053c07600 [linuxkpi_irq_wq]
100017 D - 0xfffffe0053c07500 [pci_hp taskq]
100018 D - 0xfffffe0053c07400 [aiod_kick taskq]
100020 D - 0xfffffe0053c07200 [inm_free taskq]
100021 D - 0xfffffe0053c07100 [linuxkpi_short_wq_0]
100022 D - 0xfffffe0053c07100 [linuxkpi_short_wq_1]
100023 D - 0xfffffe0053c07100 [linuxkpi_short_wq_2]
100024 D - 0xfffffe0053c07100 [linuxkpi_short_wq_3]
100025 D - 0xfffffe0053c07000 [linuxkpi_long_wq_0]
100026 D - 0xfffffe0053c07000 [linuxkpi_long_wq_1]
100027 D - 0xfffffe0053c07000 [linuxkpi_long_wq_2]
100028 D - 0xfffffe0053c07000 [linuxkpi_long_wq_3]
100038 D - 0xfffffe0054189e00 [firmware taskq]
100042 D - 0xfffffe0054189d00 [crypto_0]
100043 D - 0xfffffe0054189d00 [crypto_1]
100059 D - 0xfffffe0054189900 [vtnet0 rxq 0]
100060 D - 0xfffffe0054189800 [vtnet0 txq 0]
100061 D - 0xfffffe0054189700 [vtnet0 rxq 1]
100062 D - 0xfffffe0054189600 [vtnet0 txq 1]
100064 D vtbslp 0xfffffe0056b1fa00 [virtio_balloon]
100068 D - 0xfffffe0054189400 [mca taskq]
100073 D - 0xffffffff82c6d921 [deadlkres]
100077 D - 0xfffffe0058345b00 [acpi_task_0]
100078 D - 0xfffffe0058345b00 [acpi_task_1]
100079 D - 0xfffffe0058345b00 [acpi_task_2]
100081 D - 0xfffffe0054189a00 [CAM taskq]
db> show all locks
Process 962 (syz-executor.2) thread 0xfffffe009ea593a0 (100297)
exclusive sleep mutex sctp-inp (inp) r = 0 (0xfffffe009ea95468) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:2510
Process 961 (syz-executor.1) thread 0xfffffe009e3ed3a0 (100116)
exclusive sx vm map (user) (vm map (user)) r = 0 (0xfffffe009eaaf060) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:2127
Process 943 (rtsol) thread 0xfffffe009e9e9ac0 (100133)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe009ea948c8) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:491
Process 791 (syz-executor.3) thread 0xfffffe0057001000 (100093)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007a3ed60) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3937
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0058b123f0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_subr.c:3009
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe009e9cfcb0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_cache.c:4488
Process 23 (syncer) thread 0xfffffe00587641e0 (100087)
exclusive lockmgr mntfs (mntfs) r = 0 (0xfffffe0058776770) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_subr.c:2617
Process 12 (intr) thread 0xfffffe0053e04900 (100033)
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe009ea9cc70) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:2143
Process 0 (kernel) thread 0xfffffe0053df9ac0 (100013)
exclusive sleep mutex kernel arena (kernel arena) r = 0 (0xffffffff840afc80) locked @ /syzkaller/managers/main/kernel/sys/kern/subr_vmem.c:789
exclusive sleep mutex vmem list lock (vmem list lock) r = 0 (0xffffffff83409bc0) locked @ /syzkaller/managers/main/kernel/sys/kern/subr_vmem.c:784
tcp_hpts 6 3201K 6
sysctloid 34389 2031K 34460
vtbuf 24 1968K 46
kobj 327 1308K 486
newblk 30 1032K 703
vfscache 3 1025K 3
pcb 42 553K 886
inodedep 101 550K 172
acpica 1674 184K 55620
vnet_data 1 168K 1
vmem 3 146K 4
tidhash 3 141K 3
linker 356 140K 396
pagedep 14 132K 108
tfo_ccache 1 128K 1
filedesc 16 121K 224
DEVFS1 108 108K 125
sem 4 106K 4
bus 989 81K 3488
kdtrace 200 40K 1264
temp 35 33K 1915
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 127 32K 137
msg 4 30K 4
gtaskqueue 18 26K 18
kbdmux 6 22K 6
DEVFS_RULE 56 20K 56
dirrem 77 20K 105
ifaddr 66 19K 68
BPF 14 19K 14
ufs_mount 4 17K 5
ithread 99 16K 99
bus-sc 34 15K 1691
lltable 43 14K 43
rman 84 10K 425
freefile 77 10K 103
in6_multi 65 9K 65
bmsafemap 2 9K 143
UART 12 9K 12
devstat 4 9K 4
sctp_timw 32 8K 32
ksem 1 8K 1
pfs_vncache 1 8K 1
pfs_nodes 20 8K 20
audit_evclass 237 8K 295
taskqueue 63 7K 63
sglist 5 7K 5
sctp_atcl 16 6K 799
plimit 20 5K 366
ufs_dirhash 24 5K 24
UMA 270 5K 270
pf_ifnet 10 5K 19
vt 11 5K 11
sctp_stro 4 4K 161
acpisem 28 4K 28
pwddesc 56 4K 963
hhook 15 4K 17
session 26 4K 39
diradd 25 4K 137
mkdir 24 3K 194
terminal 11 3K 11
proc-args 46 3K 568
uidinfo 3 3K 9
sctp_stri 4 2K 160
indirdep 8 2K 10
ipsec-saq 2 2K 2
selfd 32 2K 9586
ip6ndp 12 2K 14
Unitno 30 2K 47
lockf 16 2K 26
sctp_ifa 13 2K 14
in_multi 6 2K 8
sctp_atky 24 2K 1196
select 11 2K 35
ipsec 3 1K 3
encap_export_host 12 1K 12
DEVFSP 8 1K 13
pfil 4 1K 4
procdesc 4 1K 10
cdev 2 1K 2
inpcbpolicy 14 1K 186
chacha20random 1 1K 1
osd 7 1K 18
sctp_athm 16 1K 799
sctp_map 8 1K 322
nexusdev 8 1K 8
p1003.1b 1 1K 1
filecaps 1 1K 78
sctp_socko 0 0K 158
sctp_iter 0 0K 11
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_aadr 0 0K 158
tcp_fsb 0 0K 0
vegas data 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0
NEWNFSnode 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
xenstore 0 0K 0
vtfont 0 0K 0
freefrag 0 0K 6
ip_moptions 0 0K 0
in_mfilter 0 0K 0
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 4
ioctlops 0 0K 98
eventfd 0 0K 0
md_sectors 0 0K 0
raid_data 0 0K 72
pbuf 2624 0 989 0 0 2 2595136 0
mbuf 256 8650 920 19769 0 254 2449920 0
BUF TRIE 144 180 11580 543 0 62 1693440 0
malloc-384 384 4162 8 4163 0 30 1601280 0
malloc-4096 4096 384 4 1452 0 2 1589248 0
malloc-128 128 12200 45 12271 0 126 1567360 0
UMA Slabs 0 112 10156 29 10156 0 126 1140720 0
vmem btag 56 15623 120 15623 0 254 881608 0
FFS inode 1160 507 18 610 0 8 609000 0
RADIX NODE 144 3369 154 26271 0 62 507312 0
lkpimm 168 1 2327 1 0 62 391104 0
lkpicurr 168 2 2326 2 0 62 391104 0
THREAD 1808 143 22 300 0 8 298320 0
VM OBJECT 264 1058 52 15573 0 30 293040 0
VNODE 448 542 70 647 0 30 274176 0
256 Bucket 2048 120 4 10886 0 8 253952 0
malloc-16 16 14022 228 14097 0 254 228000 0
DEVCTL 1024 22 198 150 0 0 225280 0
malloc-65536 65536 1 2 137 0 1 196608 0
malloc-16384 16384 7 5 269 0 1 196608 0
UMA Zones 768 242 2 242 0 16 187392 0
malloc-32 32 5303 367 6356 0 254 181440 0
malloc-256 256 102 528 988 0 62 161280 0
malloc-128 128 1184 56 25932 0 126 158720 0
FFS2 dinode 256 507 18 610 0 62 134400 0
MAP ENTRY 96 1123 263 45193 0 126 133056 0
malloc-65536 65536 0 2 72 0 1 131072 0
S VFS Cache 104 1010 160 1125 0 126 121680 0
ksiginfo 112 44 1000 80 0 126 116928 0
malloc-2048 2048 8 46 1085 0 8 110592 0
VMSPACE 2544 33 9 941 0 4 106848 0
malloc-4096 4096 26 0 37 0 2 106496 0
mbuf_cluster 2048 45 1 45 0 254 94208 0
UMA Kegs 384 227 6 227 0 30 89472 0
PROC 1336 55 8 962 0 8 84168 0
filedesc0 1072 56 21 963 0 8 82544 0
malloc-8192 8192 7 3 35 0 1 81920 0
socket 944 38 38 1827 0 254 71744 0
g_bio 408 0 170 5022 0 30 69360 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
128 Bucket 1024 39 20 636 0 16 60416 0
malloc-2048 2048 9 19 424 0 8 57344 0
sctp_asoc 2288 4 21 161 0 254 57200 0
malloc-384 384 90 50 873 0 30 53760 0
malloc-256 256 177 33 336 0 62 53760 0
malloc-128 128 344 28 598 0 126 47616 0
malloc-256 256 168 12 512 0 62 46080 0
malloc-1024 1024 6 38 1536 0 16 45056 0
malloc-64 64 537 156 1656 0 254 44352 0
malloc-384 384 100 10 172 0 30 42240 0
32 Bucket 256 52 113 4807 0 62 42240 0
clpbuf 2624 0 16 21 0 16 41984 0
malloc-8192 8192 4 1 6 0 1 40960 0
pcpu-8 8 4638 482 4794 0 254 40960 0
64 Bucket 512 65 7 1406 0 30 36864 0
malloc-64 64 157 410 1649 0 254 36288 0
malloc-64 64 499 68 10519 0 254 36288 0
malloc-128 128 84 195 1239 0 126 35712 0
da_ccb 544 0 63 1370 0 16 34272 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-8192 8192 2 2 103 0 1 32768 0
malloc-256 256 94 26 697 0 62 30720 0
malloc-4096 4096 4 3 639 0 2 28672 0
malloc-1024 1024 6 22 203 0 16 28672 0
malloc-384 384 67 3 88 0 30 26880 0
TURNSTILE 136 166 23 166 0 62 25704 0
malloc-1024 1024 18 6 22 0 16 24576 0
sctp_raddr 736 3 30 161 0 254 24288 0
ttyinq 160 135 15 300 0 62 24000 0
malloc-128 128 137 49 345 0 126 23808 0
malloc-128 128 145 41 815 0 126 23808 0
malloc-256 256 78 12 472 0 62 23040 0
malloc-256 256 61 29 911 0 62 23040 0
pipe 744 19 11 344 0 16 22320 0
malloc-1024 1024 19 1 19 0 16 20480 0
malloc-512 512 12 28 168 0 30 20480 0
malloc-64 64 259 56 13970 0 254 20160 0
Files 80 134 116 8016 0 126 20000 0
SLEEPQUEUE 88 166 58 166 0 126 19712 0
malloc-2048 2048 4 4 16 0 8 16384 0
malloc-2048 2048 7 1 7 0 8 16384 0
malloc-2048 2048 7 1 7 0 8 16384 0
malloc-2048 2048 7 1 7 0 8 16384 0
malloc-32 32 49 455 565 0 254 16128 0
malloc-32 32 301 203 1361 0 254 16128 0
16 Bucket 144 44 68 305 0 62 16128 0
malloc-384 384 20 20 367 0 30 15360 0
tcpcb 1080 3 11 7 0 254 15120 0
malloc-4096 4096 1 2 285 0 2 12288 0
malloc-512 512 1 23 119 0 30 12288 0
ertt_txseginfo 40 0 303 237 0 254 12120 0
8 Bucket 80 44 106 662 0 126 12000 0
udp_inpcb 496 8 16 173 0 254 11904 0
malloc-128 128 73 20 123 0 126 11904 0
malloc-128 128 62 31 3386 0 126 11904 0
kenv 258 15 30 1028 0 30 11610 0
routing nhops 256 26 19 33 0 62 11520 0
unpcb 256 14 31 1215 0 254 11520 0
mbuf_packet 256 0 45 677 0 254 11520 0
malloc-384 384 20 10 22 0 30 11520 0
malloc-4096 4096 1 1 3 0 2 8192 0
malloc-2048 2048 0 4 40 0 8 8192 0
malloc-2048 2048 1 3 192 0 8 8192 0
malloc-1024 1024 3 5 163 0 16 8192 0
malloc-1024 1024 2 6 23 0 16 8192 0
malloc-512 512 7 9 7 0 30 8192 0
malloc-512 512 2 14 61 0 30 8192 0
rtentry 176 29 17 33 0 62 8096 0
PGRP 88 26 66 39 0 126 8096 0
rl_entry 40 38 164 38 0 254 8080 0
sctp_asconf_ack 48 1 167 158 0 254 8064 0
sctp_laddr 48 12 156 492 0 254 8064 0
udpcb 32 6 246 173 0 254 8064 0
ertt 72 3 109 7 0 126 8064 0
PWD 32 17 235 191 0 254 8064 0
malloc-64 64 74 52 91 0 254 8064 0
malloc-64 64 12 114 261 0 254 8064 0
malloc-64 64 51 75 364 0 254 8064 0
malloc-32 32 42 210 63 0 254 8064 0
malloc-32 32 129 123 563 0 254 8064 0
malloc-32 32 98 154 125 0 254 8064 0
malloc-32 32 87 165 758 0 254 8064 0
malloc-32 32 60 192 2981 0 254 8064 0
4 Bucket 48 6 162 60 0 254 8064 0
2 Bucket 32 47 205 533 0 254 8064 0
vtnet_tx_hdr 24 0 334 1680 0 254 8016 0
KNOTE 160 28 22 693 0 62 8000 0
malloc-16 16 22 478 54 0 254 8000 0
malloc-16 16 51 449 295 0 254 8000 0
malloc-16 16 83 417 1073 0 254 8000 0
malloc-16 16 191 309 1429 0 254 8000 0
malloc-16 16 9 491 9 0 254 8000 0
malloc-16 16 282 218 597 0 254 8000 0
malloc-16 16 14 486 25288 0 254 8000 0
ripcb 496 3 13 6 0 254 7936 0
tcp_inpcb 496 3 13 7 0 254 7936 0
sctp_chunk 152 4 48 160 0 254 7904 0
malloc-384 384 1 19 27 0 30 7680 0
malloc-1024 1024 2 2 2 0 16 4096 0
malloc-512 512 2 6 40 0 30 4096 0
malloc-512 512 1 7 1 0 30 4096 0
malloc-512 512 0 8 1 0 30 4096 0
malloc-512 512 1 7 1 0 30 4096 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
sctp_readq 152 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
tcp_rack_map 112 0 0 0 0 126 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
udplite_inpcb 496 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
tcptw 88 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0
HEAD commit: a313b5240a47 dhclient: skip_to_semi() consumes semicolon a..
git tree: https://github.com/freebsd/freebsd-src.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=13f51e0e300000
dashboard link: https://syzkaller.appspot.com/bug?extid=b0bb0e2ff6c6875647e8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=156bb731300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b0bb0e...@syzkaller.appspotmail.com
cpuid = 1
time = 1629413515
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe0053b65410
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe0053b65570
vpanic() at vpanic+0x2c5/frame 0xfffffe0053b65650
panic() at panic+0xb5/frame 0xfffffe0053b65720
kasan_atomic_fetchadd_int() at kasan_atomic_fetchadd_int+0x225/frame 0xfffffe0053b657e0
sctp_toss_old_asconf() at sctp_toss_old_asconf+0x35c/frame 0xfffffe0053b65870
sctp_handle_asconf_ack() at sctp_handle_asconf_ack+0x69e/frame 0xfffffe0053b65c30
sctp_process_control() at sctp_process_control+0x35a0/frame 0xfffffe0053b66300
sctp_common_input_processing() at sctp_common_input_processing+0xb26/frame 0xfffffe0053b66560
sctp6_input_with_port() at sctp6_input_with_port+0x5a1/frame 0xfffffe0053b66730
sctp6_input() at sctp6_input+0x1f/frame 0xfffffe0053b66750
ip6_input() at ip6_input+0x252d/frame 0xfffffe0053b669b0
swi_net() at swi_net+0x2e5/frame 0xfffffe0053b66a50
ithread_loop() at ithread_loop+0x4f1/frame 0xfffffe0053b66bb0
fork_exit() at fork_exit+0xd0/frame 0xfffffe0053b66bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0053b66bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100033 ]
Stopped at kdb_enter+0x6b: movq $0,0x28eb59a(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xb5f74366256f869e
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rdx 0xdffff7c000000000
rbx 0
rsp 0xfffffe0053b65550
rbp 0xfffffe0053b65570
rsi 0x1
rdi 0xffffffff840899c0 cov_trace_pc
r8 0x3
r9 0xfffffe0053b65088
r10 0
r11 0xbf
r12 0xfffffe0053e04900
r13 0xfffffe0053b65501
r14 0xffffffff82c669a0 .str.18
r15 0xffffffff82c669a0 .str.18
rip 0xffffffff817a0d9b kdb_enter+0x6b
rflags 0x46
kdb_enter+0x6b: movq $0,0x28eb59a(%rip)
db> show proc
Process 12 (intr) at 0xfffffe0053df6a70:
state: NORMAL
uid: 0 gids: 0
parent: pid 0 at 0xffffffff8402d6c0
uid: 0 gids: 0
ABI: null
flag: 0x10000284 flag2: 0
reaper: 0xffffffff8402d6c0 reapsubtree: 12
sigparent: 20
vmspace: 0xffffffff8402e640
(map 0xffffffff8402e640)
(map.pmap 0xffffffff8402e700)
(pmap 0xffffffff8402e760)
threads: 23
100012 I [swi6: Giant taskq]
100014 I [swi5: fast taskq]
100019 I [swi6: task queue]
100032 I [swi3: vm]
100033 Run CPU 1 [swi1: netisr 0]
100034 I [swi4: clock (0)]
100035 I [swi4: clock (1)]
100036 I [swi1: hpts]
100037 I [swi1: hpts]
100050 I [irq24: virtio_pci0]
100051 I [irq25: virtio_pci0]
100052 I [irq26: virtio_pci0]
100053 I [irq27: virtio_pci0]
100054 I [irq28: virtio_pci1]
100055 I [irq29: virtio_pci1]
100056 I [irq30: virtio_pci1]
100057 I [irq31: virtio_pci1]
100058 I [irq32: virtio_pci1]
100063 I [irq10: virtio_pci2]
100065 I [irq1: atkbd0]
100066 I [irq12: psm0]
100067 I [swi0: uart uart++]
100075 I [swi1: pf send]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
962 794 794 0 T (threaded) syz-executor.2
pid ppid pgrp uid state wmesg wchan cmd
100115 s syz-executor.2
100297 RunQ syz-executor.2
961 793 793 0 R (threaded) syz-executor.1
100116 RunQ syz-executor.1
100296 RunQ syz-executor.1
100298 RunQ syz-executor.1
958 790 790 0 R (threaded) syz-executor.0
100202 RunQ syz-executor.0
100291 RunQ syz-executor.0
943 1 943 0 Rs rtsol
942 1 942 0 Ss select 0xfffffe009ea8aac0 rtsol
939 1 939 0 Ss select 0xfffffe009ea865c0 rtsol
932 810 436 0 S select 0xfffffe009ea8ac40 rtsol
810 798 436 0 S wait 0xfffffe0058b01000 sh
798 436 436 0 S wait 0xfffffe009e9be000 sh
794 788 794 0 Rs syz-executor.2
793 788 793 0 Rs syz-executor.1
791 788 791 0 Rs syz-executor.3
790 788 790 0 Rs syz-executor.0
788 786 786 0 R (threaded) syz-execprog
100104 S uwait 0xfffffe0058785300 syz-execprog
100119 RunQ syz-execprog
100120 S kqread 0xfffffe009e3f1000 syz-execprog
100121 S uwait 0xfffffe009e9c4d80 syz-execprog
100122 S uwait 0xfffffe009e9c4e80 syz-execprog
100123 S uwait 0xfffffe009e2fa980 syz-execprog
100124 S uwait 0xfffffe005888e000 syz-execprog
100125 S uwait 0xfffffe005888e100 syz-execprog
100126 S uwait 0xfffffe005888ee80 syz-execprog
100128 S uwait 0xfffffe009e2faa80 syz-execprog
100127 S uwait 0xfffffe005888e480 syz-execprog
786 784 786 0 Ss pause 0xfffffe009e9beb20 csh
784 694 784 0 Ss select 0xfffffe005888e240 sshd
760 1 760 0 Ss+ ttyin 0xfffffe0057000cb0 getty
759 1 759 0 Ss+ ttyin 0xfffffe00575ee4b0 getty
758 1 758 0 Ss+ ttyin 0xfffffe00575ee8b0 getty
757 1 757 0 Ss+ ttyin 0xfffffe00575eecb0 getty
756 1 756 0 Ss+ ttyin 0xfffffe00583bd0b0 getty
755 1 755 0 Ss+ ttyin 0xfffffe00583bd4b0 getty
754 1 754 0 Ss+ ttyin 0xfffffe00583bd8b0 getty
753 1 753 0 Ss+ ttyin 0xfffffe00583bdcb0 getty
752 1 752 0 Ss+ ttyin 0xfffffe005746e0b0 getty
698 1 698 0 Ss nanslp 0xffffffff84059200 cron
694 1 694 0 Ss select 0xfffffe009e418640 sshd
507 1 507 0 Ss select 0xfffffe009e418740 syslogd
436 1 436 0 Ss wait 0xfffffe0058b3ea70 devd
435 1 435 65 Ss select 0xfffffe005888eb40 dhclient
350 1 350 0 Ss select 0xfffffe009e418940 dhclient
347 1 347 0 Ss select 0xfffffe005888ec40 dhclient
23 0 0 0 RL [syncer]
22 0 0 0 DL vlruwt 0xfffffe005875ea70 [vnlru]
21 0 0 0 RL (threaded) [bufdaemon]
100085 D qsleep 0xffffffff8417f2a0 [bufdaemon]
100088 D - 0xffffffff83411f80 [bufspacedaemon-0]
100097 RunQ [/ worker]
20 0 0 0 DL psleep 0xffffffff841b76c0 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100083 D psleep 0xffffffff841ab1f8 [dom0]
100089 D launds 0xffffffff841ab204 [laundry: dom0]
100090 D umarcl 0xffffffff81e9d870 [uma]
18 0 0 0 DL - 0xffffffff83e10320 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff84d764e0 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff8475ae20 [pf purge]
15 0 0 0 DL - 0xffffffff8417a4c0 [soaiod4]
9 0 0 0 DL - 0xffffffff8417a4c0 [soaiod3]
8 0 0 0 DL - 0xffffffff8417a4c0 [soaiod2]
7 0 0 0 DL - 0xffffffff8417a4c0 [soaiod1]
6 0 0 0 DL (threaded) [cam]
100048 D - 0xffffffff83c95ac0 [doneq0]
100049 D - 0xffffffff83c95a40 [async]
100082 D - 0xffffffff83c958c0 [scanner]
14 0 0 0 DL seqstat 0xfffffe0056aba888 [sequencer 00]
5 0 0 0 DL crypto_ 0xfffffe0053c0cc80 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffffe0053c0cc30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff841a52a0 [crypto]
13 0 0 0 DL (threaded) [geom]
100039 D - 0xffffffff8402c7c0 [g_event]
100040 D - 0xffffffff8402c800 [g_up]
100041 D - 0xffffffff8402c840 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100029 D - 0xfffffe0053dff000 [thr_0]
100030 D - 0xfffffe0053dff080 [thr_1]
100031 D - 0xffffffff8417b848 [alloc_0]
12 0 0 0 RL (threaded) [intr]
100012 I [swi6: Giant taskq]
100014 I [swi5: fast taskq]
100019 I [swi6: task queue]
100032 I [swi3: vm]
100033 Run CPU 1 [swi1: netisr 0]
100034 I [swi4: clock (0)]
100035 I [swi4: clock (1)]
100036 I [swi1: hpts]
100037 I [swi1: hpts]
100050 I [irq24: virtio_pci0]
100051 I [irq25: virtio_pci0]
100052 I [irq26: virtio_pci0]
100053 I [irq27: virtio_pci0]
100054 I [irq28: virtio_pci1]
100055 I [irq29: virtio_pci1]
100056 I [irq30: virtio_pci1]
100057 I [irq31: virtio_pci1]
100058 I [irq32: virtio_pci1]
100063 I [irq10: virtio_pci2]
100065 I [irq1: atkbd0]
100066 I [irq12: psm0]
100067 I [swi0: uart uart++]
100075 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0053d54538 [init]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
10 0 0 0 DL audit_w 0xffffffff841a6240 [audit]
0 0 0 0 RLs (threaded) [kernel]
100000 D swapin 0xffffffff8402d6c0 [swapper]
100005 D - 0xfffffe0053df0e00 [if_config_tqg_0]
100006 D - 0xfffffe0053df0d00 [softirq_0]
100007 D - 0xfffffe0053df0c00 [softirq_1]
100008 D - 0xfffffe0053df0b00 [if_io_tqg_0]
100009 D - 0xfffffe0053df0a00 [if_io_tqg_1]
100010 D - 0xfffffe0053c07c00 [in6m_free taskq]
100011 D - 0xfffffe0053c07b00 [deferred_unmount ta]
100013 Run CPU 0 [thread taskq]
100015 D - 0xfffffe0053c07700 [kqueue_ctx taskq]
100016 D - 0xfffffe0053c07600 [linuxkpi_irq_wq]
100017 D - 0xfffffe0053c07500 [pci_hp taskq]
100018 D - 0xfffffe0053c07400 [aiod_kick taskq]
100020 D - 0xfffffe0053c07200 [inm_free taskq]
100021 D - 0xfffffe0053c07100 [linuxkpi_short_wq_0]
100022 D - 0xfffffe0053c07100 [linuxkpi_short_wq_1]
100023 D - 0xfffffe0053c07100 [linuxkpi_short_wq_2]
100024 D - 0xfffffe0053c07100 [linuxkpi_short_wq_3]
100025 D - 0xfffffe0053c07000 [linuxkpi_long_wq_0]
100026 D - 0xfffffe0053c07000 [linuxkpi_long_wq_1]
100027 D - 0xfffffe0053c07000 [linuxkpi_long_wq_2]
100028 D - 0xfffffe0053c07000 [linuxkpi_long_wq_3]
100038 D - 0xfffffe0054189e00 [firmware taskq]
100042 D - 0xfffffe0054189d00 [crypto_0]
100043 D - 0xfffffe0054189d00 [crypto_1]
100059 D - 0xfffffe0054189900 [vtnet0 rxq 0]
100060 D - 0xfffffe0054189800 [vtnet0 txq 0]
100061 D - 0xfffffe0054189700 [vtnet0 rxq 1]
100062 D - 0xfffffe0054189600 [vtnet0 txq 1]
100064 D vtbslp 0xfffffe0056b1fa00 [virtio_balloon]
100068 D - 0xfffffe0054189400 [mca taskq]
100073 D - 0xffffffff82c6d921 [deadlkres]
100077 D - 0xfffffe0058345b00 [acpi_task_0]
100078 D - 0xfffffe0058345b00 [acpi_task_1]
100079 D - 0xfffffe0058345b00 [acpi_task_2]
100081 D - 0xfffffe0054189a00 [CAM taskq]
db> show all locks
Process 962 (syz-executor.2) thread 0xfffffe009ea593a0 (100297)
exclusive sleep mutex sctp-inp (inp) r = 0 (0xfffffe009ea95468) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:2510
Process 961 (syz-executor.1) thread 0xfffffe009e3ed3a0 (100116)
exclusive sx vm map (user) (vm map (user)) r = 0 (0xfffffe009eaaf060) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:2127
Process 943 (rtsol) thread 0xfffffe009e9e9ac0 (100133)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe009ea948c8) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:491
Process 791 (syz-executor.3) thread 0xfffffe0057001000 (100093)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007a3ed60) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3937
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0058b123f0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_subr.c:3009
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe009e9cfcb0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_cache.c:4488
Process 23 (syncer) thread 0xfffffe00587641e0 (100087)
exclusive lockmgr mntfs (mntfs) r = 0 (0xfffffe0058776770) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_subr.c:2617
Process 12 (intr) thread 0xfffffe0053e04900 (100033)
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe009ea9cc70) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:2143
Process 0 (kernel) thread 0xfffffe0053df9ac0 (100013)
exclusive sleep mutex kernel arena (kernel arena) r = 0 (0xffffffff840afc80) locked @ /syzkaller/managers/main/kernel/sys/kern/subr_vmem.c:789
exclusive sleep mutex vmem list lock (vmem list lock) r = 0 (0xffffffff83409bc0) locked @ /syzkaller/managers/main/kernel/sys/kern/subr_vmem.c:784
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4217 4339K 4245
Type InUse MemUse Requests
pf_hash 5 11524K 5
tcp_hpts 6 3201K 6
sysctloid 34389 2031K 34460
vtbuf 24 1968K 46
kobj 327 1308K 486
newblk 30 1032K 703
vfscache 3 1025K 3
pcb 42 553K 886
inodedep 101 550K 172
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 120 248K 1027
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
acpica 1674 184K 55620
vnet_data 1 168K 1
vmem 3 146K 4
tidhash 3 141K 3
linker 356 140K 396
pagedep 14 132K 108
tfo_ccache 1 128K 1
filedesc 16 121K 224
DEVFS1 108 108K 125
sem 4 106K 4
bus 989 81K 3488
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 510 64K 510
umtx 330 42K 330
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 510 64K 510
kdtrace 200 40K 1264
temp 35 33K 1915
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 127 32K 137
msg 4 30K 4
gtaskqueue 18 26K 18
kbdmux 6 22K 6
DEVFS_RULE 56 20K 56
dirrem 77 20K 105
ifaddr 66 19K 68
BPF 14 19K 14
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
routetbl 126 16K 401
tty 16 16K 16
ithread 99 16K 99
bus-sc 34 15K 1691
lltable 43 14K 43
KTRACE 100 13K 100
ifnet 7 13K 7
ether_multi 152 13K 162
ifnet 7 13K 7
kenv 95 12K 95
eventhandler 133 12K 133
CAM queue 5 11K 1528
GEOM 61 10K 490
eventhandler 133 12K 133
CAM queue 5 11K 1528
rman 84 10K 425
freefile 77 10K 103
in6_multi 65 9K 65
bmsafemap 2 9K 143
UART 12 9K 12
devstat 4 9K 4
sctp_timw 32 8K 32
ksem 1 8K 1
rpc 2 8K 2
shmfd 1 8K 1
kqueue 60 8K 969
shmfd 1 8K 1
pfs_vncache 1 8K 1
pfs_nodes 20 8K 20
audit_evclass 237 8K 295
taskqueue 63 7K 63
sglist 5 7K 5
sctp_atcl 16 6K 799
CAM DEV 3 6K 510
cred 23 6K 245
plimit 20 5K 366
ufs_dirhash 24 5K 24
UMA 270 5K 270
pf_ifnet 10 5K 19
vt 11 5K 11
sctp_stro 4 4K 161
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
savedino 14 4K 33
MCA 32 4K 32
evdev 4 4K 4
acpisem 28 4K 28
pwddesc 56 4K 963
hhook 15 4K 17
session 26 4K 39
diradd 25 4K 137
mkdir 24 3K 194
terminal 11 3K 11
proc-args 46 3K 568
uidinfo 3 3K 9
sctp_stri 4 2K 160
local_apic 1 2K 1
io_apic 1 2K 1
fpukern_ctx 2 2K 2
io_apic 1 2K 1
indirdep 8 2K 10
ipsec-saq 2 2K 2
selfd 32 2K 9586
ip6ndp 12 2K 14
Unitno 30 2K 47
lockf 16 2K 26
sctp_ifa 13 2K 14
CAM XPT 22 2K 543
newdirblk 12 2K 97
in_multi 6 2K 8
sctp_atky 24 2K 1196
select 11 2K 35
ipsecpolicy 2 2K 2
acpidev 20 2K 20
acpidev 20 2K 20
msi 9 2K 9
clone 9 2K 9
tun 7 2K 7
softdep 1 1K 1
clone 9 2K 9
tun 7 2K 7
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 26
secasvar 1 1K 1
nhops 6 1K 8
NFSD session 1 1K 1
CAM periph 4 1K 271
sctp_ifn 6 1K 14
CAM periph 4 1K 271
ipsec 3 1K 3
mld 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
crypto 4 1K 4
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
encap_export_host 12 1K 12
DEVFSP 8 1K 13
pfil 4 1K 4
procdesc 4 1K 10
cdev 2 1K 2
inpcbpolicy 14 1K 186
chacha20random 1 1K 1
osd 7 1K 18
sctp_athm 16 1K 799
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
vnodes 1 1K 1
CAM SIM 2 1K 2
ktls 1 1K 1
feeder 7 1K 7
tcpfunc 3 1K 3
loginclass 3 1K 7
NFSD V4client 1 1K 1
DEVFS 9 1K 10
vnodes 1 1K 1
CAM SIM 2 1K 2
ktls 1 1K 1
feeder 7 1K 7
tcpfunc 3 1K 3
prison 6 1K 6
lkpikmalloc 5 1K 6
aesni_data 2 1K 2
soname 5 1K 3881
lkpikmalloc 5 1K 6
aesni_data 2 1K 2
sctp_map 8 1K 322
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
CAM dev queue 2 1K 2
xform 2 1K 49
atkbddev 2 1K 2
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
CAM path 4 1K 1034
pmchooks 1 1K 1
CAM path 4 1K 1034
pmchooks 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
entropy 2 1K 42
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
freework 1 1K 103
pmc 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
filecaps 1 1K 78
chd data 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 158
sctp_iter 0 0K 11
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 11
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_aadr 0 0K 158
htcp data 0 0K 0
tcp_do 0 0K 0
tcp_fsb 0 0K 0
mqdata 0 0K 0
cdg data 0 0K 0
cdg data 0 0K 0
cubic data 0 0K 0
dctcp data 0 0K 0
vegas data 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
NEWdirectio 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
NEWNFSnode 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
NFSCL lck 0 0K 0
smartpqi 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
NFSD usrgroup 0 0K 0
ixl 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
axgbe 0 0K 0
msdosfs_fat 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
axgbe 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
xen_intr 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
evtchn_dev 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
xenstore 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
ciss_data 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
BACKLIGHT 0 0K 0
xnb 0 0K 0
xnb 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
xbbd 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
xbd 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vm_fictitious 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
pvscsi 0 0K 0
scsi_da 0 0K 69
UMAHash 0 0K 0
ata_da 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
pvscsi 0 0K 0
scsi_da 0 0K 69
UMAHash 0 0K 0
ata_da 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
jblocks 0 0K 0
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 6
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 6
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 102
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 6
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
scsi_ch 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
scsi_cd 0 0K 0
AHCI driver 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
ktls_ocf 0 0K 0
AHCI driver 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
ktls_ocf 0 0K 0
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
acpipwr 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
acpi_perf 0 0K 0
LRO 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0
LRO 0 0K 0
newreno data 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
VN POLL 0 0K 0
twsbuf 0 0K 0
statfs 0 0K 284
twsbuf 0 0K 0
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 4
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
twa_commands 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
CAM CCB 0 0K 523
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
acl 0 0K 0
osti_cacheable 0 0K 0
mbuf_tag 0 0K 95
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
accf 0 0K 0
pts 0 0K 0
iov 0 0K 14065
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
accf 0 0K 0
pts 0 0K 0
ioctlops 0 0K 98
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
sbuf 0 0K 288
stack 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
md_disk 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
malodev 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 667
malodev 0 0K 0
LED 0 0K 0
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
cache 0 0K 0
iirbuf 0 0K 0
kcovinfo 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
cache 0 0K 0
iirbuf 0 0K 0
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8320 986 13362 0 254 38117376 0
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
pbuf 2624 0 989 0 0 2 2595136 0
mbuf 256 8650 920 19769 0 254 2449920 0
BUF TRIE 144 180 11580 543 0 62 1693440 0
malloc-384 384 4162 8 4163 0 30 1601280 0
malloc-4096 4096 384 4 1452 0 2 1589248 0
malloc-128 128 12200 45 12271 0 126 1567360 0
UMA Slabs 0 112 10156 29 10156 0 126 1140720 0
vmem btag 56 15623 120 15623 0 254 881608 0
FFS inode 1160 507 18 610 0 8 609000 0
RADIX NODE 144 3369 154 26271 0 62 507312 0
lkpimm 168 1 2327 1 0 62 391104 0
lkpicurr 168 2 2326 2 0 62 391104 0
THREAD 1808 143 22 300 0 8 298320 0
VM OBJECT 264 1058 52 15573 0 30 293040 0
VNODE 448 542 70 647 0 30 274176 0
malloc-65536 65536 4 0 4 0 1 262144 0
malloc-64 64 3964 131 5810 0 254 262080 0
256 Bucket 2048 120 4 10886 0 8 253952 0
malloc-16 16 14022 228 14097 0 254 228000 0
DEVCTL 1024 22 198 150 0 0 225280 0
malloc-65536 65536 1 2 137 0 1 196608 0
malloc-16384 16384 7 5 269 0 1 196608 0
UMA Zones 768 242 2 242 0 16 187392 0
malloc-32 32 5303 367 6356 0 254 181440 0
malloc-256 256 102 528 988 0 62 161280 0
malloc-128 128 1184 56 25932 0 126 158720 0
FFS2 dinode 256 507 18 610 0 62 134400 0
MAP ENTRY 96 1123 263 45193 0 126 133056 0
malloc-65536 65536 0 2 72 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-1024 1024 118 6 136 0 16 126976 0
S VFS Cache 104 1010 160 1125 0 126 121680 0
ksiginfo 112 44 1000 80 0 126 116928 0
malloc-2048 2048 8 46 1085 0 8 110592 0
VMSPACE 2544 33 9 941 0 4 106848 0
malloc-4096 4096 26 0 37 0 2 106496 0
mbuf_cluster 2048 45 1 45 0 254 94208 0
UMA Kegs 384 227 6 227 0 30 89472 0
PROC 1336 55 8 962 0 8 84168 0
filedesc0 1072 56 21 963 0 8 82544 0
malloc-8192 8192 7 3 35 0 1 81920 0
socket 944 38 38 1827 0 254 71744 0
g_bio 408 0 170 5022 0 30 69360 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 0 2 130 0 1 65536 0
sctp_ep 1280 9 39 399 0 254 61440 0
malloc-32768 32768 0 2 130 0 1 65536 0
128 Bucket 1024 39 20 636 0 16 60416 0
malloc-2048 2048 9 19 424 0 8 57344 0
sctp_asoc 2288 4 21 161 0 254 57200 0
malloc-384 384 90 50 873 0 30 53760 0
malloc-256 256 177 33 336 0 62 53760 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-8192 8192 6 0 6 0 1 49152 0
malloc-128 128 344 28 598 0 126 47616 0
malloc-256 256 168 12 512 0 62 46080 0
malloc-1024 1024 6 38 1536 0 16 45056 0
malloc-64 64 537 156 1656 0 254 44352 0
malloc-384 384 100 10 172 0 30 42240 0
32 Bucket 256 52 113 4807 0 62 42240 0
clpbuf 2624 0 16 21 0 16 41984 0
malloc-8192 8192 4 1 6 0 1 40960 0
pcpu-8 8 4638 482 4794 0 254 40960 0
DIRHASH 1024 34 2 34 0 16 36864 0
NAMEI 1024 0 36 13770 0 16 36864 0
64 Bucket 512 65 7 1406 0 30 36864 0
malloc-64 64 157 410 1649 0 254 36288 0
malloc-64 64 499 68 10519 0 254 36288 0
malloc-128 128 84 195 1239 0 126 35712 0
da_ccb 544 0 63 1370 0 16 34272 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-16384 16384 2 0 17 0 1 32768 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-8192 8192 2 2 103 0 1 32768 0
pcpu-64 64 487 25 487 0 254 32768 0
malloc-256 256 69 51 749 0 62 30720 0
malloc-256 256 94 26 697 0 62 30720 0
malloc-4096 4096 4 3 639 0 2 28672 0
malloc-1024 1024 6 22 203 0 16 28672 0
malloc-384 384 67 3 88 0 30 26880 0
TURNSTILE 136 166 23 166 0 62 25704 0
malloc-1024 1024 18 6 22 0 16 24576 0
sctp_raddr 736 3 30 161 0 254 24288 0
ttyinq 160 135 15 300 0 62 24000 0
malloc-128 128 137 49 345 0 126 23808 0
malloc-128 128 145 41 815 0 126 23808 0
ttyoutq 256 72 18 160 0 62 23040 0
malloc-256 256 70 20 616 0 62 23040 0
malloc-256 256 78 12 472 0 62 23040 0
malloc-256 256 61 29 911 0 62 23040 0
pipe 744 19 11 344 0 16 22320 0
malloc-1024 1024 19 1 19 0 16 20480 0
malloc-512 512 12 28 168 0 30 20480 0
malloc-64 64 259 56 13970 0 254 20160 0
Files 80 134 116 8016 0 126 20000 0
SLEEPQUEUE 88 166 58 166 0 126 19712 0
Mountpoints 2752 2 5 2 0 4 19264 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 3 1 6 0 2 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-2048 2048 4 4 16 0 8 16384 0
malloc-2048 2048 7 1 7 0 8 16384 0
malloc-2048 2048 7 1 7 0 8 16384 0
malloc-2048 2048 7 1 7 0 8 16384 0
malloc-32 32 49 455 565 0 254 16128 0
malloc-32 32 301 203 1361 0 254 16128 0
16 Bucket 144 44 68 305 0 62 16128 0
malloc-384 384 20 20 367 0 30 15360 0
tcpcb 1080 3 11 7 0 254 15120 0
malloc-4096 4096 1 2 285 0 2 12288 0
malloc-512 512 1 23 119 0 30 12288 0
ertt_txseginfo 40 0 303 237 0 254 12120 0
8 Bucket 80 44 106 662 0 126 12000 0
udp_inpcb 496 8 16 173 0 254 11904 0
malloc-128 128 73 20 123 0 126 11904 0
malloc-128 128 62 31 3386 0 126 11904 0
kenv 258 15 30 1028 0 30 11610 0
routing nhops 256 26 19 33 0 62 11520 0
unpcb 256 14 31 1215 0 254 11520 0
mbuf_packet 256 0 45 677 0 254 11520 0
malloc-384 384 20 10 22 0 30 11520 0
malloc-4096 4096 1 1 3 0 2 8192 0
malloc-2048 2048 0 4 40 0 8 8192 0
malloc-2048 2048 1 3 192 0 8 8192 0
malloc-1024 1024 3 5 163 0 16 8192 0
malloc-1024 1024 2 6 23 0 16 8192 0
malloc-512 512 7 9 7 0 30 8192 0
malloc-512 512 2 14 61 0 30 8192 0
rtentry 176 29 17 33 0 62 8096 0
PGRP 88 26 66 39 0 126 8096 0
rl_entry 40 38 164 38 0 254 8080 0
sctp_asconf_ack 48 1 167 158 0 254 8064 0
sctp_laddr 48 12 156 492 0 254 8064 0
udpcb 32 6 246 173 0 254 8064 0
ertt 72 3 109 7 0 126 8064 0
PWD 32 17 235 191 0 254 8064 0
malloc-64 64 74 52 91 0 254 8064 0
malloc-64 64 12 114 261 0 254 8064 0
malloc-64 64 51 75 364 0 254 8064 0
malloc-32 32 42 210 63 0 254 8064 0
malloc-32 32 129 123 563 0 254 8064 0
malloc-32 32 98 154 125 0 254 8064 0
malloc-32 32 87 165 758 0 254 8064 0
malloc-32 32 60 192 2981 0 254 8064 0
4 Bucket 48 6 162 60 0 254 8064 0
2 Bucket 32 47 205 533 0 254 8064 0
vtnet_tx_hdr 24 0 334 1680 0 254 8016 0
KNOTE 160 28 22 693 0 62 8000 0
malloc-16 16 22 478 54 0 254 8000 0
malloc-16 16 51 449 295 0 254 8000 0
malloc-16 16 83 417 1073 0 254 8000 0
malloc-16 16 191 309 1429 0 254 8000 0
malloc-16 16 9 491 9 0 254 8000 0
malloc-16 16 282 218 597 0 254 8000 0
malloc-16 16 14 486 25288 0 254 8000 0
ripcb 496 3 13 6 0 254 7936 0
tcp_inpcb 496 3 13 7 0 254 7936 0
sctp_chunk 152 4 48 160 0 254 7904 0
malloc-384 384 1 19 27 0 30 7680 0
FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 8 54 8 0 126 6448 0
epoch_record pcpu 256 4 12 4 0 62 4096 0
malloc-4096 4096 0 1 4 0 2 4096 0
malloc-1024 1024 2 2 2 0 16 4096 0
malloc-512 512 2 6 40 0 30 4096 0
malloc-512 512 1 7 1 0 30 4096 0
malloc-512 512 0 8 1 0 30 4096 0
malloc-512 512 1 7 1 0 30 4096 0
pcpu-16 16 7 249 7 0 254 4096 0
hostcache 64 1 62 1 0 254 4032 0
syncache 168 0 24 5 0 254 4032 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
mqnode 416 3 6 3 0 30 3744 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
vmem 1856 1 1 1 0 8 3712 0
SMR CPU 32 3 60 3 0 254 2016 0
SMR SHARED 24 3 60 3 0 254 1512 0
FFS1 dinode 128 0 0 0 0 126 0 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
vmem 1856 1 1 1 0 8 3712 0
SMR CPU 32 3 60 3 0 254 2016 0
SMR SHARED 24 3 60 3 0 254 1512 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 312 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 48 0 0 0 0 254 0 0
tcp_rack_pcb 832 0 0 0 0 16 0 0
tcp_rack_map 112 0 0 0 0 126 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
udplite_inpcb 496 0 0 0 0 254 0 0
tcp_log_node 120 0 0 0 0 126 0 0
tcp_log_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcp_log_bucket 176 0 0 0 0 62 0 0
tcpreass 48 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
tcptw 88 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0
Mark Johnston
Sep 7, 2021, 7:38:17 PM9/7/21
to syzbot, syzkaller-f...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages