Fatal trap NUM: page fault in soisconnected
1 view
Skip to first unread message
syzbot
Apr 9, 2024, 2:36:24 PMApr 9
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: cce11997a052 mountd.8: Document the new -A mountd option
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=16977b55180000
dashboard link: https://syzkaller.appspot.com/bug?extid=bc625d5190443c1cde55
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bc625d...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x6a64ad10
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff8169276a
stack pointer = 0x28:0xfffffe0074d65700
frame pointer = 0x28:0xfffffe0074d65790
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
cu
rrent process = 1384 (syz-executor.2)
rdi: 000000006a64ad10 rsi: 0000000000000000 rdx: 000000000d4c95a3
rcx: fffffe00033eee30 r8: 0000000000000000 r9: 0000000000000000
rax: fffffe00033eee30 rbx: fffffe006a64b368 rbp: fffffe0074d65790
r10: 0000000000000000 r11: 000000000000001f r12: 000000006a64ad10
r13: fffffe006a64b360 r14: fffffe006a64ab40 r15: fffffe006a64ad18
trap number = 12
panic: page fault
cpuid = 1
time = 1712687729
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0074d64e30
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0074d64f90
vpanic() at vpanic+0x26a/frame 0xfffffe0074d65150
panic() at panic+0xb5/frame 0xfffffe0074d65210
trap_fatal() at trap_fatal+0x7f2/frame 0xfffffe0074d65330
trap_pfault() at trap_pfault+0x179/frame 0xfffffe0074d65450
trap() at trap+0x648/frame 0xfffffe0074d65630
calltrap() at calltrap+0x8/frame 0xfffffe0074d65630
--- trap 0xc, rip = 0xffffffff8169276a, rsp = 0xfffffe0074d65700, rbp = 0xfffffe0074d65790 ---
soisconnected() at soisconnected+0x58a/frame 0xfffffe0074d65790
unp_connectat() at unp_connectat+0xcd3/frame 0xfffffe0074d65b90
soconnectat() at soconnectat+0x1c8/frame 0xfffffe0074d65bf0
kern_connectat() at kern_connectat+0x300/frame 0xfffffe0074d65cd0
sys_connect() at sys_connect+0xf5/frame 0xfffffe0074d65d10
amd64_syscall() at amd64_syscall+0x4cb/frame 0xfffffe0074d65f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0074d65f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x2aeb2a, rsp = 0x822450f08, rbp = 0x822450f80 ---
KDB: enter: panic
[ thread pid 1384 tid 100665 ]
Stopped at kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
rdx 0
rbx 0xffffffff826ed6a0 .str.27
rsp 0xfffffe0074d64f70
rbp 0xfffffe0074d64f90
rsi 0
rdi 0xffffffff815c0059 printf+0x149
r8 0
r9 0xffffffff
r10 0
r11 0x17
r12 0xfffffe00747ee740
r13 0xfffffffffffffffd
r14 0xffffffff826ed6a0 .str.27
r15 0
rip 0xffffffff815acc1e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> show proc
Process 1384 (syz-executor.2) at 0xfffffe00747b1b00:
state: NORMAL
uid: 0 gids: 0
parent: pid 776 at 0xfffffe00579ee5a0
ABI: FreeBSD ELF64
flag: 0x10000180 flag2: 0
arguments: /root/syz-executor.2 exec
reaper: 0xfffffe005420b040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00747ba000
(map 0xfffffe00747ba000)
(map.pmap 0xfffffe00747ba0c0)
(pmap 0xfffffe00747ba130)
threads: 3
100635 RunQ syz-executor.2
100665 Run CPU 1 syz-executor.2
100666 S uwait 0xfffffe00578cc780 syz-executor.2
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1384 776 776 0 R (threaded) syz-executor.2
100635 RunQ syz-executor.2
100665 Run CPU 1 syz-executor.2
100666 S uwait 0xfffffe00578cc780 syz-executor.2
1383 1382 777 0 SV uwait 0xfffffe0074741c00 syz-executor.3
1382 777 777 0 T (threaded) syz-executor.3
100662 s syz-executor.3
100663 D ppwait 0xfffffe00747affc0 syz-executor.3
1381 1 777 0 S uwait 0xfffffe00578c9a80 syz-executor.3
1379 1 777 0 S uwait 0xfffffe0074741e80 syz-executor.3
1376 1374 772 0 SV uwait 0xfffffe0074742100 syz-executor.0
1374 772 772 0 T (threaded) syz-executor.0
100620 s syz-executor.0
100657 D ppwait 0xfffffe00747b0a80 syz-executor.0
1370 1369 773 0 SV uwait 0xfffffe00578ca680 syz-executor.1
1369 773 773 0 R (threaded) syz-executor.1
100639 RunQ syz-executor.1
100653 D ppwait 0xfffffe00747b1aa0 syz-executor.1
100655 S uwait 0xfffffe0074742500 syz-executor.1
1328 1 773 0 SV uwait 0xfffffe0074500100 syz-executor.1
1317 1 777 0 SV uwait 0xfffffe007436ab00 syz-executor.3
1292 1 776 0 SV uwait 0xfffffe00578ccc00 syz-executor.2
1288 1 772 0 SV connec 0xfffffe006a87a85a syz-executor.0
1286 1 777 0 SV uwait 0xfffffe007436a800 syz-executor.3
1273 1 772 0 SV uwait 0xfffffe0074742000 syz-executor.0
1272 1 772 0 SV uwait 0xfffffe0074503300 syz-executor.0
1257 1 773 0 SV uwait 0xfffffe0074500200 syz-executor.1
1256 1 773 0 SV connec 0xfffffe006a884c1a syz-executor.1
1247 1 772 -1 SV uwait 0xfffffe0074500500 syz-executor.0
1237 1 777 0 SV uwait 0xfffffe006d502080 syz-executor.3
1219 1 776 0 SV uwait 0xfffffe0057370680 syz-executor.2
1207 1 773 0 SV uwait 0xfffffe0057370980 syz-executor.1
1206 1 773 0 SV connec 0xfffffe006a881c1a syz-executor.1
1202 1 772 0 SV uwait 0xfffffe0074500300 syz-executor.0
1200 1199 777 0 SV uwait 0xfffffe0074500000 syz-executor.3
1199 1198 777 0 DV ppwait 0xfffffe00746db520 syz-executor.3
1198 1197 777 0 DV ppwait 0xfffffe00746dba80 syz-executor.3
1197 1196 777 0 DV ppwait 0xfffffe00746dbfe0 syz-executor.3
1196 1195 777 0 DV ppwait 0xfffffe00746dc540 syz-executor.3
1195 1194 777 0 DV ppwait 0xfffffe00746dcaa0 syz-executor.3
1194 1193 777 0 DV ppwait 0xfffffe007466b520 syz-executor.3
1193 1192 777 0 DV ppwait 0xfffffe007466ba80 syz-executor.3
1192 1191 777 0 DV ppwait 0xfffffe007466bfe0 syz-executor.3
1191 1190 777 0 DV ppwait 0xfffffe007466c540 syz-executor.3
1190 1189 777 0 DV ppwait 0xfffffe007466caa0 syz-executor.3
1189 1188 777 0 DV ppwait 0xfffffe007466d000 syz-executor.3
1188 1187 777 0 DV ppwait 0xfffffe007466d560 syz-executor.3
1187 1186 777 0 DV ppwait 0xfffffe007466dac0 syz-executor.3
1186 1185 777 0 DV ppwait 0xfffffe0074632540 syz-executor.3
1185 1183 777 0 DV ppwait 0xfffffe0074632aa0 syz-executor.3
1183 1182 777 0 DV ppwait 0xfffffe0074633000 syz-executor.3
1182 1181 777 0 DV ppwait 0xfffffe0074633ac0 syz-executor.3
1181 1180 777 0 DV ppwait 0xfffffe007466a500 syz-executor.3
1180 1179 777 0 DV ppwait 0xfffffe007466aa60 syz-executor.3
1179 1178 777 0 DV ppwait 0xfffffe007466afc0 syz-executor.3
1178 1177 777 0 DV ppwait 0xfffffe00745ba560 syz-executor.3
1177 1176 777 0 DV ppwait 0xfffffe00745baac0 syz-executor.3
1176 1175 777 0 DV ppwait 0xfffffe0074630500 syz-executor.3
1175 1174 777 0 DV ppwait 0xfffffe0074630a60 syz-executor.3
1174 1173 777 0 DV ppwait 0xfffffe0074630fc0 syz-executor.3
1173 1172 777 0 DV ppwait 0xfffffe0074631520 syz-executor.3
1172 1171 777 0 DV ppwait 0xfffffe0074631a80 syz-executor.3
1171 1170 777 0 DV ppwait 0xfffffe0074631fe0 syz-executor.3
1170 1169 777 0 DV ppwait 0xfffffe00745b7a60 syz-executor.3
1169 1168 777 0 DV ppwait 0xfffffe00745b7fc0 syz-executor.3
1168 1167 777 0 DV ppwait 0xfffffe00745b8520 syz-executor.3
1167 1166 777 0 DV ppwait 0xfffffe00745b8a80 syz-executor.3
1166 1165 777 0 DV ppwait 0xfffffe00745b8fe0 syz-executor.3
1165 1164 777 0 DV ppwait 0xfffffe00745b9540 syz-executor.3
1164 1163 777 0 DV ppwait 0xfffffe00745b9aa0 syz-executor.3
1163 1162 777 0 DV ppwait 0xfffffe00745ba000 syz-executor.3
1162 1161 777 0 DV ppwait 0xfffffe0074475ac0 syz-executor.3
1161 1160 777 0 DV ppwait 0xfffffe0074522500 syz-executor.3
1160 1159 777 0 DV ppwait 0xfffffe0074522a60 syz-executor.3
1159 1158 777 0 DV ppwait 0xfffffe0074522fc0 syz-executor.3
1158 1157 777 0 DV ppwait 0xfffffe0074523520 syz-executor.3
1157 1156 777 0 DV ppwait 0xfffffe0074523a80 syz-executor.3
1156 1155 777 0 DV ppwait 0xfffffe0074523fe0 syz-executor.3
1155 1154 777 0 DV ppwait 0xfffffe0074475560 syz-executor.3
1154 1153 777 0 DV ppwait 0xfffffe0074418a60 syz-executor.3
1153 1152 777 0 DV ppwait 0xfffffe0074473520 syz-executor.3
1152 1150 777 0 DV ppwait 0xfffffe007456cac0 syz-executor.3
1150 1149 777 0 DV ppwait 0xfffffe0074524540 syz-executor.3
1149 1148 777 0 RV syz-executor.3
1148 1147 777 0 RV syz-executor.3
1147 1146 777 0 RV syz-executor.3
1146 1145 777 0 RV syz-executor.3
1145 1144 777 0 RV syz-executor.3
1144 1143 777 0 DV ppwait 0xfffffe0074569a60 syz-executor.3
1143 1142 777 0 RV syz-executor.3
1142 1141 777 0 RV syz-executor.3
1141 1140 777 0 DV ppwait 0xfffffe0074419fe0 syz-executor.3
1140 1139 777 0 DV ppwait 0xfffffe007441a540 syz-executor.3
1139 1138 777 0 DV ppwait 0xfffffe007441aaa0 syz-executor.3
1138 1137 777 0 DV ppwait 0xfffffe007441b000 syz-executor.3
1137 1136 777 0 DV ppwait 0xfffffe007441b560 syz-executor.3
1136 1135 777 0 DV ppwait 0xfffffe007441bac0 syz-executor.3
1135 1134 777 0 DV ppwait 0xfffffe0074418fc0 syz-executor.3
1134 1 777 0 DV ppwait 0xfffffe0074472500 syz-executor.3
1128 1 776 0 SV uwait 0xfffffe006d503200 syz-executor.2
1100 1 772 0 SV uwait 0xfffffe006d501680 syz-executor.0
1096 0 0 0 DL mdwait 0xfffffe007451b000 [md1]
1081 1 777 0 SV uwait 0xfffffe0057370280 syz-executor.3
1069 1 773 0 S uwait 0xfffffe006d501900 syz-executor.1
1062 1 772 0 SV uwait 0xfffffe006d501780 syz-executor.0
1056 1 772 0 S uwait 0xfffffe006d501d00 syz-executor.0
1041 1 776 0 SV uwait 0xfffffe0057370780 syz-executor.2
1040 1 776 0 SV sbwait 0xfffffe006a87694c syz-executor.2
1038 1 1036 0 SV uwait 0xfffffe007436a380 syz-executor.3
1012 1 777 0 SV uwait 0xfffffe007436a480 syz-executor.3
1005 0 0 0 DL mdwait 0xfffffe007446d000 [md0]
1004 1 772 0 SV connec 0xfffffe006a88085a syz-executor.0
995 1 777 0 SV connec 0xfffffe006a87ac1a syz-executor.3
983 1 776 0 SV uwait 0xfffffe006d503d00 syz-executor.2
970 1 777 0 SV connec 0xfffffe006a87f85a syz-executor.3
963 1 776 0 SV uwait 0xfffffe0057370c80 syz-executor.2
962 1 776 0 SV uwait 0xfffffe006d503000 syz-executor.2
949 1 777 0 SV uwait 0xfffffe0057370380 syz-executor.3
943 1 773 0 SV uwait 0xfffffe006d502700 syz-executor.1
942 1 773 0 SV connec 0xfffffe006a88749a syz-executor.1
939 1 773 0 S uwait 0xfffffe006d502500 syz-executor.1
934 1 772 0 SV uwait 0xfffffe006d502d80 syz-executor.0
925 1 923 0 SV uwait 0xfffffe0007980400 syz-executor.3
917 1 772 0 SV uwait 0xfffffe006d502b80 syz-executor.0
916 1 772 0 SV connec 0xfffffe006a8890da syz-executor.0
914 1 773 0 SV uwait 0xfffffe006d503680 syz-executor.1
911 1 777 0 SV uwait 0xfffffe006d502a80 syz-executor.3
903 1 776 0 SV uwait 0xfffffe00578c9000 syz-executor.2
889 1 776 0 SV uwait 0xfffffe006d503880 syz-executor.2
886 1 773 0 SV uwait 0xfffffe006d502300 syz-executor.1
883 1 772 0 SV uwait 0xfffffe006d503100 syz-executor.0
879 1 772 0 SV uwait 0xfffffe006d503480 syz-executor.0
874 1 772 0 SV uwait 0xfffffe006d503980 syz-executor.0
870 1 773 0 SV uwait 0xfffffe006d502c80 syz-executor.1
859 1 776 0 SV fifoor 0xfffffe0058a2c028 syz-executor.2
857 1 777 0 SV uwait 0xfffffe0007980500 syz-executor.3
852 851 772 0 SV uwait 0xfffffe0057370d80 syz-executor.0
851 1 772 0 DV ppwait 0xfffffe00740b4a80 syz-executor.0
850 1 773 0 SV uwait 0xfffffe0057370a80 syz-executor.1
845 1 776 0 SV uwait 0xfffffe005736d400 syz-executor.2
838 818 838 0 Ss select 0xfffffe006ce72840 dhclient
835 1 835 0 Ss select 0xfffffe006ce72ac0 dhclient
818 795 424 65 S select 0xfffffe00078770c0 dhclient
817 0 0 0 DL aiordy 0xfffffe006cf52560 [aiod4]
816 0 0 0 DL aiordy 0xfffffe005420c5c0 [aiod3]
815 0 0 0 DL aiordy 0xfffffe0007ce7000 [aiod2]
814 0 0 0 DL aiordy 0xfffffe006d0f3040 [aiod1]
795 424 424 0 S wait 0xfffffe0007ce7560 sh
777 770 777 0 Rs syz-executor.3
776 770 776 0 Rs syz-executor.2
773 770 773 0 Rs syz-executor.1
772 770 772 0 Rs syz-executor.0
770 768 768 0 S (threaded) syz-fuzzer
100094 S uwait 0xfffffe005736ed00 syz-fuzzer
100120 S uwait 0xfffffe00578caf00 syz-fuzzer
100121 S wait 0xfffffe00579eeb00 syz-fuzzer
100122 S kqread 0xfffffe0007c82b00 syz-fuzzer
100123 S wait 0xfffffe00579eeb00 syz-fuzzer
100124 S uwait 0xfffffe006d504200 syz-fuzzer
100125 S uwait 0xfffffe00578ca180 syz-fuzzer
100126 S uwait 0xfffffe00578ca280 syz-fuzzer
100127 S wait 0xfffffe00579eeb00 syz-fuzzer
100128 S wait 0xfffffe00579eeb00 syz-fuzzer
100135 S uwait 0xfffffe0007980880 syz-fuzzer
100156 S uwait 0xfffffe0007980600 syz-fuzzer
768 766 768 0 Ss pause 0xfffffe006cf52b70 csh
766 682 766 0 Ss select 0xfffffe0007877540 sshd
748 1 748 0 Rs+ CPU 0 getty
747 1 747 0 Ss+ ttyin 0xfffffe00574c30b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe005874b0b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe005874b8b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0056ec00b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0056ec08b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0056ec10b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0056ec18b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0056ec20b0 getty
738 1 18 0 S+ piperd 0xfffffe006d0e3000 logger
737 736 18 0 S+ nanslp 0xffffffff83956481 sleep
736 1 18 0 S+ wait 0xfffffe00579ecac0 sh
686 1 686 0 Ss nanslp 0xffffffff83956480 cron
682 1 682 0 Ss select 0xfffffe006ce72d40 sshd
495 1 495 0 Ss select 0xfffffe0007877940 syslogd
424 1 424 0 Ss wait 0xfffffe0007ce7ac0 devd
423 1 423 65 Ss select 0xfffffe006ce73040 dhclient
338 1 338 0 Ss select 0xfffffe0007877ac0 dhclient
335 1 335 0 Ss select 0xfffffe006ce73140 dhclient
17 0 0 0 DL syncer 0xffffffff83a73ba0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007ce9040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83a72180 [bufdaemon]
100082 D - 0xffffffff82e02140 [bufspacedaemon-0]
100090 D sdflush 0xfffffe0058a88ce8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83abb680 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83aa34f8 [dom0]
100080 D launds 0xffffffff83aa3504 [laundry: dom0]
100081 D umarcl 0xffffffff81d50b90 [uma]
7 0 0 0 DL - 0xffffffff836d3cb0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff84502bb0 [pf purge]
5 0 0 0 DL waiting 0xffffffff842af760 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100044 D - 0xffffffff8369e340 [doneq0]
100045 D - 0xffffffff8369e2c0 [async]
100076 D - 0xffffffff8369e140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff83a9ed20 [crypto]
100042 D crypto_ 0xfffffe0007c85030 [crypto returns 0]
100043 D crypto_ 0xfffffe0007c85080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0056f60c88 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff838fee00 [g_event]
100036 D - 0xffffffff838fee20 [g_up]
100037 D - 0xffffffff838fee40 [g_down]
2 0 0 0 WL (threaded) [clock]
100029 I [clock (0)]
100030 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100012 I [swi6: task queue]
100013 I [swi6: Giant taskq]
100015 I [swi5: fast taskq]
100031 I [swi1: netisr 0]
100032 I [swi1: hpts]
100033 I [swi1: hpts]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq33: virtio_pci2]
100060 I [irq34: virtio_pci2]
100061 I [irq35: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe005420b040 [init]
10 0 0 0 DL audit_w 0xffffffff83a9f780 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff838ff7e0 [swapper]
100005 D - 0xfffffe00085f7d00 [softirq_0]
100006 D - 0xfffffe00085f7c00 [softirq_1]
100007 D - 0xfffffe00085f7b00 [if_io_tqg_0]
100008 D - 0xfffffe00085f7a00 [if_io_tqg_1]
100009 D - 0xfffffe00085f7900 [if_config_tqg_0]
100010 D - 0xfffffe00085f7800 [pci_hp taskq]
100011 D - 0xfffffe00085f7700 [kqueue_ctx taskq]
100014 D - 0xfffffe00085f7400 [thread taskq]
100016 D - 0xfffffe00085f7200 [aiod_kick taskq]
100017 D - 0xfffffe00085f7100 [deferred_unmount ta]
100018 D - 0xfffffe00085f7000 [inm_free taskq]
100019 D - 0xfffffe00085f6e00 [in6m_free taskq]
100020 D - 0xfffffe00085f6d00 [linuxkpi_irq_wq]
100021 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_0]
100022 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_1]
100023 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_2]
100024 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_3]
100025 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_0]
100026 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_1]
100027 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_2]
100028 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_3]
100034 D - 0xfffffe00085f6a00 [firmware taskq]
100039 D - 0xfffffe00085f6700 [crypto_0]
100040 D - 0xfffffe00085f6700 [crypto_1]
100055 D - 0xfffffe00085f6500 [vtnet0 rxq 0]
100056 D - 0xfffffe00085f6400 [vtnet0 txq 0]
100057 D - 0xfffffe00085f6300 [vtnet0 rxq 1]
100058 D - 0xfffffe00085f6200 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0007cbc380 [virtio_balloon]
100066 D - 0xffffffff826f28e0 [deadlkres]
100070 D - 0xfffffe005797ab00 [acpi_task_0]
100071 D - 0xfffffe005797ab00 [acpi_task_1]
100072 D - 0xfffffe005797ab00 [acpi_task_2]
100074 D - 0xfffffe00085f8100 [mca taskq]
100075 D - 0xfffffe00085f6600 [CAM taskq]
100349 D - 0xfffffe006a8dde00 [netlink_socket (PID]
1042 1041 776 0 Z syz-executor.2
1044 1041 776 0 Z syz-executor.2
1208 1207 773 0 Z syz-executor.1
1258 1257 773 0 Z syz-executor.1
1318 1317 777 0 Z syz-executor.3
1373 1369 773 0 Z syz-executor.1
1375 1374 772 0 Z syz-executor.0
880 879 772 0 Z syz-executor.0
882 879 772 0 Z syz-executor.0
918 917 772 0 Z syz-executor.0
944 943 773 0 Z syz-executor.1
950 949 777 0 Z syz-executor.3
951 949 777 0 Z syz-executor.3
952 949 777 0 Z syz-executor.3
996 995 777 0 Z syz-executor.3
997 995 777 0 Z syz-executor.3
db> show all locks
Process 1384 (syz-executor.2) thread 0xfffffe00747ee740 (100665)
exclusive sleep mutex socket (socket) r = 0 (0xfffffe006a64ab40) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:3924
exclusive sleep mutex socket (socket) r = 0 (0xfffffe006a64b000) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:3908
exclusive sleep mutex unp (unp) r = 0 (0xfffffe006ce6c600) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:2361
exclusive sleep mutex unp (unp) r = 0 (0xfffffe006ce6c200) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:359
exclusive sleep mutex sleep mtxpool (sleep mtxpool) r = 0 (0xfffffe000785f300) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:2322
shared lockmgr ufs (ufs) r = 0 (0xfffffe007433be70) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_subr.c:3298
Process 1040 (syz-executor.2) thread 0xfffffe00740ba740 (100348)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe006a876900) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4036
Process 748 (getty) thread 0xfffffe006d0fb000 (100117)
exclusive sleep mutex ttymtx (ttymtx) r = 0 (0xfffffe0007d1e408) locked @ /syzkaller/managers/main/kernel/sys/kern/tty.c:217
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
linker 371 4934K 485
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4219
sysctloid 34865 2055K 34936
filedesc 248 1980K 1170
vtbuf 24 1968K 46
kobj 326 1304K 506
newblk 80 1044K 1253
vfscache 3 1025K 3
pcb 258 930K 1428
subproc 409 871K 1600
inodedep 110 553K 445
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 101 201K 3186
acpica 1674 184K 60830
filemon 19 152K 61
tidhash 3 141K 3
vmem 3 138K 5
pagedep 36 137K 325
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 111 111K 128
sem 4 106K 4
gtaskqueue 18 98K 18
kdtrace 492 86K 2052
bus 985 81K 5155
umtx 608 76K 608
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
sctp_atcl 150 57K 756
temp 35 37K 1916
BPF 23 36K 39
sctp_stro 34 34K 81
tcp_fsb_rack 16 33K 90
DEVFS3 130 33K 140
hostcache 1 32K 1
shm 1 32K 2
msg 4 30K 4
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
dirrem 75 19K 356
ifaddr 67 19K 69
LRO 18 19K 18
ufs_mount 4 17K 5
proc 3 17K 3
lltable 51 17K 51
tty 16 16K 16
routetbl 130 16K 410
kqueue 203 16K 1406
ithread 97 16K 97
bus-sc 34 15K 1687
eventhandler 162 14K 162
GEOM 75 13K 525
ifnet 7 13K 7
ether_multi 152 13K 165
kenv 95 12K 95
pwddesc 182 12K 1418
rman 86 11K 451
CAM queue 5 11K 1528
in6_multi 65 9K 66
ksem 3 9K 34
rpc 4 9K 4
devstat 4 9K 4
UART 12 9K 12
bmsafemap 1 8K 400
shmfd 1 8K 1
pfs_vncache 1 8K 1
md_disk 2 8K 2
freefile 62 8K 293
cred 31 8K 290
audit_evclass 238 8K 300
CC Mem 28 7K 227
taskqueue 66 7K 81
sctp_atky 184 7K 843
sctp_timw 25 7K 25
DEVFSP 98 7K 289
sglist 6 7K 6
CAM DEV 3 6K 510
plimit 22 6K 365
pfs_nodes 22 6K 22
hhook 16 6K 18
ufs_dirhash 24 5K 24
proc-args 204 5K 2447
UMA 267 5K 267
pf_ifnet 10 5K 21
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
newdirblk 31 4K 309
session 28 4K 119
acpisem 28 4K 28
lockf 32 4K 66
kcovinfo 52 4K 52
freework 13 4K 271
freeblks 12 3K 270
terminal 11 3K 11
uidinfo 5 3K 15
sctp_athm 150 3K 766
clone 9 3K 9
tcp_pcm_rack 8 2K 45
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
selfd 31 2K 17105
ip6ndp 12 2K 13
sctp_ifa 13 2K 14
CAM XPT 22 2K 543
Unitno 25 2K 51
msi 12 2K 12
in_multi 6 2K 8
tun 4 2K 4
toponodes 6 2K 6
inpcbpolicy 44 2K 453
ipsecpolicy 2 2K 2
select 10 2K 40
acpidev 20 2K 20
cryptodev 18 2K 278
sctp_map 68 2K 160
softdep 1 1K 1
mkdir 8 1K 618
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 150
NFSD session 1 1K 1
diradd 7 1K 392
CAM periph 4 1K 271
osd 33 1K 233
ipsec 3 1K 3
sctp_ifn 6 1K 14
netlink 3 1K 29
mld 6 1K 6
igmp 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
crypto 4 1K 52
encap_export_host 12 1K 12
soname 15 1K 3804
cdev 2 1K 2
lkpikmalloc 8 1K 9
chacha20random 1 1K 1
biobuf 1 1K 1
vnodes 2 1K 4
freefrag 2 1K 10
indirdep 1 1K 12
ip6opt 1 1K 12
procdesc 2 1K 8
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
pf_osfp 2 1K 2
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
VN POLL 1 1K 1
aio 4 1K 4
pmchooks 1 1K 1
filecaps 5 1K 72
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
iov 1 1K 14621
pmc 1 1K 1
filedesc_to_leader 1 1K 3
entropy 2 1K 38
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
tcp_do_rack 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 7
pf_altq 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
mqdata 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 225
sctp_iter 0 0K 12
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 12
sctp_aadr 0 0K 2
sctp_stri 0 0K 14
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 33
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 27
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6_msource 0 0K 1
ip6_moptions 0 0K 7
in6_mfilter 0 0K 5
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
statfs 0 0K 198
namei_tracker 0 0K 7
export_host 0 0K 0
cl_savebuf 0 0K 6
lio 0 0K 218
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 10
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 191
eventfd 0 0K 7
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 312
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 663
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 84
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 6
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8321 1077 31248 0 254 38494208 0
mbuf 256 8971 692 68680 0 254 2473728 0
malloc-4096 4096 542 4 2500 0 2 2236416 0
malloc-16384 16384 127 4 588 0 1 2146304 0
BUF TRIE 144 235 11553 782 0 62 1697472 0
malloc-384 384 4378 32 4997 0 30 1693440 0
mbuf_cluster 2048 762 0 762 0 254 1560576 0
malloc-128 128 11450 144 11520 0 126 1484032 0
UMA Slabs 0 112 11349 21 11349 0 126 1273440 0
RADIX NODE 144 7906 181 36063 0 62 1164528 0
sctp_asoc 2256 34 476 80 0 254 1150560 0
malloc-65536 65536 15 2 23 0 1 1114112 0
vmem btag 56 17304 87 17304 0 254 973896 0
FFS inode 1168 585 17 884 0 8 703136 0
sctp_ep 1144 116 395 669 0 254 584584 0
THREAD 1824 293 11 666 0 8 554496 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0
malloc-2048 2048 12 228 1126 0 8 491520 0
socket 960 156 352 2425 0 254 487680 0
VM OBJECT 264 1753 47 18515 0 30 475200 0
sctp_raddr 736 34 483 92 0 254 380512 0
256 Bucket 2048 149 19 1175 0 8 344064 0
VNODE 448 624 69 925 0 30 310464 0
MAP ENTRY 96 2720 304 54858 0 126 290304 0
PROC 1376 197 12 1384 0 8 287584 0
FPU_save_area 832 295 29 2693 0 16 269568 0
malloc-2048 2048 118 10 671 0 8 262144 0
malloc-64 64 3856 239 3874 0 254 262080 0
malloc-2048 2048 106 14 183 0 8 245760 0
malloc-16 16 14432 318 14731 0 254 236000 0
DEVCTL 1024 25 195 152 0 0 225280 0
malloc-256 256 91 779 1302 0 62 222720 0
malloc-8192 8192 25 2 68 0 1 221184 0
filedesc0 1072 182 21 1418 0 8 217616 0
tcp_log 416 0 513 18 0 254 213408 0
malloc-1024 1024 173 19 257 0 16 196608 0
mbuf_packet 256 27 735 7717 0 254 195072 0
malloc-128 128 1289 230 29504 0 126 194432 0
UMA Zones 768 239 0 239 0 16 183552 0
malloc-32 32 5279 391 5310 0 254 181440 0
FFS2 dinode 256 585 105 884 0 62 176640 0
malloc-256 256 603 87 1954 0 62 176640 0
lkpimm 56 1 3095 1 0 254 173376 0
S VFS Cache 104 1032 372 1422 0 126 146016 0
malloc-65536 65536 0 2 66 0 1 131072 0
malloc-65536 65536 0 2 7 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-128 128 721 302 2127 0 126 130944 0
unpcb 256 17 493 1259 0 254 130560 0
ksiginfo 112 198 846 2595 0 126 116928 0
malloc-128 128 662 237 1102 0 126 115072 0
g_bio 408 0 270 6533 0 30 110160 0
ertt_txseginfo 40 0 2626 18916 0 254 105040 0
malloc-32768 32768 3 0 3 0 1 98304 0
malloc-32768 32768 1 2 13 0 1 98304 0
malloc-384 384 211 29 554 0 30 92160 0
UMA Kegs 384 226 7 226 0 30 89472 0
128 Bucket 1024 54 29 294 0 16 84992 0
malloc-8192 8192 9 1 12 0 1 81920 0
malloc-4096 4096 16 4 33 0 2 81920 0
malloc-256 256 190 125 1346 0 62 80640 0
sctp_chunk 152 84 436 100 0 254 79040 0
tcp_inpcb 1304 28 29 220 0 8 74328 0
VMSPACE 616 86 28 1096 0 16 70224 0
64 Bucket 512 84 52 1787 0 30 69632 0
malloc-384 384 123 57 458 0 30 69120 0
malloc-64 64 752 319 3665 0 254 68544 0
malloc-64 64 472 599 931 0 254 68544 0
malloc-64 64 644 427 15578 0 254 68544 0
tcp_bbr_map 128 6 521 1197 0 126 67456 0
malloc-128 128 333 194 807 0 126 67456 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 0 2 120 0 1 65536 0
sctp_stream_msg_out 112 8 532 32 0 254 60480 0
malloc-4096 4096 10 4 23 0 2 57344 0
malloc-64 64 43 776 17141 0 254 52416 0
Files 80 360 290 9631 0 126 52000 0
TURNSTILE 136 305 73 305 0 62 51408 0
malloc-256 256 79 116 512 0 62 49920 0
malloc-256 256 104 91 1679 0 62 49920 0
malloc-256 256 75 120 205 0 62 49920 0
32 Bucket 256 80 115 1819 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
NAMEI 1024 1 47 15204 0 16 49152 0
malloc-1024 1024 10 38 1534 0 16 49152 0
da_ccb 544 0 84 1764 0 16 45696 0
syncache 168 0 264 4 0 254 44352 0
malloc-8192 8192 3 2 29 0 1 40960 0
pcpu-8 8 4756 364 5119 0 254 40960 0
pipe 728 22 33 323 0 16 40040 0
udp_inpcb 416 8 82 171 0 30 37440 0
tcp_rack_pcb 1216 8 22 45 0 8 36480 0
malloc-64 64 99 468 764 0 254 36288 0
malloc-64 64 217 350 1945 0 254 36288 0
malloc-64 64 25 542 29 0 254 36288 0
tcp_rack_map 128 28 251 52 0 126 35712 0
malloc-128 128 5 274 6 0 126 35712 0
malloc-128 128 63 216 3450 0 126 35712 0
malloc-128 128 66 213 73 0 126 35712
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: cce11997a052 mountd.8: Document the new -A mountd option
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=16977b55180000
dashboard link: https://syzkaller.appspot.com/bug?extid=bc625d5190443c1cde55
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bc625d...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x6a64ad10
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff8169276a
stack pointer = 0x28:0xfffffe0074d65700
frame pointer = 0x28:0xfffffe0074d65790
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
cu
rrent process = 1384 (syz-executor.2)
rdi: 000000006a64ad10 rsi: 0000000000000000 rdx: 000000000d4c95a3
rcx: fffffe00033eee30 r8: 0000000000000000 r9: 0000000000000000
rax: fffffe00033eee30 rbx: fffffe006a64b368 rbp: fffffe0074d65790
r10: 0000000000000000 r11: 000000000000001f r12: 000000006a64ad10
r13: fffffe006a64b360 r14: fffffe006a64ab40 r15: fffffe006a64ad18
trap number = 12
panic: page fault
cpuid = 1
time = 1712687729
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0074d64e30
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0074d64f90
vpanic() at vpanic+0x26a/frame 0xfffffe0074d65150
panic() at panic+0xb5/frame 0xfffffe0074d65210
trap_fatal() at trap_fatal+0x7f2/frame 0xfffffe0074d65330
trap_pfault() at trap_pfault+0x179/frame 0xfffffe0074d65450
trap() at trap+0x648/frame 0xfffffe0074d65630
calltrap() at calltrap+0x8/frame 0xfffffe0074d65630
--- trap 0xc, rip = 0xffffffff8169276a, rsp = 0xfffffe0074d65700, rbp = 0xfffffe0074d65790 ---
soisconnected() at soisconnected+0x58a/frame 0xfffffe0074d65790
unp_connectat() at unp_connectat+0xcd3/frame 0xfffffe0074d65b90
soconnectat() at soconnectat+0x1c8/frame 0xfffffe0074d65bf0
kern_connectat() at kern_connectat+0x300/frame 0xfffffe0074d65cd0
sys_connect() at sys_connect+0xf5/frame 0xfffffe0074d65d10
amd64_syscall() at amd64_syscall+0x4cb/frame 0xfffffe0074d65f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0074d65f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x2aeb2a, rsp = 0x822450f08, rbp = 0x822450f80 ---
KDB: enter: panic
[ thread pid 1384 tid 100665 ]
Stopped at kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
rdx 0
rbx 0xffffffff826ed6a0 .str.27
rsp 0xfffffe0074d64f70
rbp 0xfffffe0074d64f90
rsi 0
rdi 0xffffffff815c0059 printf+0x149
r8 0
r9 0xffffffff
r10 0
r11 0x17
r12 0xfffffe00747ee740
r13 0xfffffffffffffffd
r14 0xffffffff826ed6a0 .str.27
r15 0
rip 0xffffffff815acc1e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> show proc
Process 1384 (syz-executor.2) at 0xfffffe00747b1b00:
state: NORMAL
uid: 0 gids: 0
parent: pid 776 at 0xfffffe00579ee5a0
ABI: FreeBSD ELF64
flag: 0x10000180 flag2: 0
arguments: /root/syz-executor.2 exec
reaper: 0xfffffe005420b040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00747ba000
(map 0xfffffe00747ba000)
(map.pmap 0xfffffe00747ba0c0)
(pmap 0xfffffe00747ba130)
threads: 3
100635 RunQ syz-executor.2
100665 Run CPU 1 syz-executor.2
100666 S uwait 0xfffffe00578cc780 syz-executor.2
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1384 776 776 0 R (threaded) syz-executor.2
100635 RunQ syz-executor.2
100665 Run CPU 1 syz-executor.2
100666 S uwait 0xfffffe00578cc780 syz-executor.2
1383 1382 777 0 SV uwait 0xfffffe0074741c00 syz-executor.3
1382 777 777 0 T (threaded) syz-executor.3
100662 s syz-executor.3
100663 D ppwait 0xfffffe00747affc0 syz-executor.3
1381 1 777 0 S uwait 0xfffffe00578c9a80 syz-executor.3
1379 1 777 0 S uwait 0xfffffe0074741e80 syz-executor.3
1376 1374 772 0 SV uwait 0xfffffe0074742100 syz-executor.0
1374 772 772 0 T (threaded) syz-executor.0
100620 s syz-executor.0
100657 D ppwait 0xfffffe00747b0a80 syz-executor.0
1370 1369 773 0 SV uwait 0xfffffe00578ca680 syz-executor.1
1369 773 773 0 R (threaded) syz-executor.1
100639 RunQ syz-executor.1
100653 D ppwait 0xfffffe00747b1aa0 syz-executor.1
100655 S uwait 0xfffffe0074742500 syz-executor.1
1328 1 773 0 SV uwait 0xfffffe0074500100 syz-executor.1
1317 1 777 0 SV uwait 0xfffffe007436ab00 syz-executor.3
1292 1 776 0 SV uwait 0xfffffe00578ccc00 syz-executor.2
1288 1 772 0 SV connec 0xfffffe006a87a85a syz-executor.0
1286 1 777 0 SV uwait 0xfffffe007436a800 syz-executor.3
1273 1 772 0 SV uwait 0xfffffe0074742000 syz-executor.0
1272 1 772 0 SV uwait 0xfffffe0074503300 syz-executor.0
1257 1 773 0 SV uwait 0xfffffe0074500200 syz-executor.1
1256 1 773 0 SV connec 0xfffffe006a884c1a syz-executor.1
1247 1 772 -1 SV uwait 0xfffffe0074500500 syz-executor.0
1237 1 777 0 SV uwait 0xfffffe006d502080 syz-executor.3
1219 1 776 0 SV uwait 0xfffffe0057370680 syz-executor.2
1207 1 773 0 SV uwait 0xfffffe0057370980 syz-executor.1
1206 1 773 0 SV connec 0xfffffe006a881c1a syz-executor.1
1202 1 772 0 SV uwait 0xfffffe0074500300 syz-executor.0
1200 1199 777 0 SV uwait 0xfffffe0074500000 syz-executor.3
1199 1198 777 0 DV ppwait 0xfffffe00746db520 syz-executor.3
1198 1197 777 0 DV ppwait 0xfffffe00746dba80 syz-executor.3
1197 1196 777 0 DV ppwait 0xfffffe00746dbfe0 syz-executor.3
1196 1195 777 0 DV ppwait 0xfffffe00746dc540 syz-executor.3
1195 1194 777 0 DV ppwait 0xfffffe00746dcaa0 syz-executor.3
1194 1193 777 0 DV ppwait 0xfffffe007466b520 syz-executor.3
1193 1192 777 0 DV ppwait 0xfffffe007466ba80 syz-executor.3
1192 1191 777 0 DV ppwait 0xfffffe007466bfe0 syz-executor.3
1191 1190 777 0 DV ppwait 0xfffffe007466c540 syz-executor.3
1190 1189 777 0 DV ppwait 0xfffffe007466caa0 syz-executor.3
1189 1188 777 0 DV ppwait 0xfffffe007466d000 syz-executor.3
1188 1187 777 0 DV ppwait 0xfffffe007466d560 syz-executor.3
1187 1186 777 0 DV ppwait 0xfffffe007466dac0 syz-executor.3
1186 1185 777 0 DV ppwait 0xfffffe0074632540 syz-executor.3
1185 1183 777 0 DV ppwait 0xfffffe0074632aa0 syz-executor.3
1183 1182 777 0 DV ppwait 0xfffffe0074633000 syz-executor.3
1182 1181 777 0 DV ppwait 0xfffffe0074633ac0 syz-executor.3
1181 1180 777 0 DV ppwait 0xfffffe007466a500 syz-executor.3
1180 1179 777 0 DV ppwait 0xfffffe007466aa60 syz-executor.3
1179 1178 777 0 DV ppwait 0xfffffe007466afc0 syz-executor.3
1178 1177 777 0 DV ppwait 0xfffffe00745ba560 syz-executor.3
1177 1176 777 0 DV ppwait 0xfffffe00745baac0 syz-executor.3
1176 1175 777 0 DV ppwait 0xfffffe0074630500 syz-executor.3
1175 1174 777 0 DV ppwait 0xfffffe0074630a60 syz-executor.3
1174 1173 777 0 DV ppwait 0xfffffe0074630fc0 syz-executor.3
1173 1172 777 0 DV ppwait 0xfffffe0074631520 syz-executor.3
1172 1171 777 0 DV ppwait 0xfffffe0074631a80 syz-executor.3
1171 1170 777 0 DV ppwait 0xfffffe0074631fe0 syz-executor.3
1170 1169 777 0 DV ppwait 0xfffffe00745b7a60 syz-executor.3
1169 1168 777 0 DV ppwait 0xfffffe00745b7fc0 syz-executor.3
1168 1167 777 0 DV ppwait 0xfffffe00745b8520 syz-executor.3
1167 1166 777 0 DV ppwait 0xfffffe00745b8a80 syz-executor.3
1166 1165 777 0 DV ppwait 0xfffffe00745b8fe0 syz-executor.3
1165 1164 777 0 DV ppwait 0xfffffe00745b9540 syz-executor.3
1164 1163 777 0 DV ppwait 0xfffffe00745b9aa0 syz-executor.3
1163 1162 777 0 DV ppwait 0xfffffe00745ba000 syz-executor.3
1162 1161 777 0 DV ppwait 0xfffffe0074475ac0 syz-executor.3
1161 1160 777 0 DV ppwait 0xfffffe0074522500 syz-executor.3
1160 1159 777 0 DV ppwait 0xfffffe0074522a60 syz-executor.3
1159 1158 777 0 DV ppwait 0xfffffe0074522fc0 syz-executor.3
1158 1157 777 0 DV ppwait 0xfffffe0074523520 syz-executor.3
1157 1156 777 0 DV ppwait 0xfffffe0074523a80 syz-executor.3
1156 1155 777 0 DV ppwait 0xfffffe0074523fe0 syz-executor.3
1155 1154 777 0 DV ppwait 0xfffffe0074475560 syz-executor.3
1154 1153 777 0 DV ppwait 0xfffffe0074418a60 syz-executor.3
1153 1152 777 0 DV ppwait 0xfffffe0074473520 syz-executor.3
1152 1150 777 0 DV ppwait 0xfffffe007456cac0 syz-executor.3
1150 1149 777 0 DV ppwait 0xfffffe0074524540 syz-executor.3
1149 1148 777 0 RV syz-executor.3
1148 1147 777 0 RV syz-executor.3
1147 1146 777 0 RV syz-executor.3
1146 1145 777 0 RV syz-executor.3
1145 1144 777 0 RV syz-executor.3
1144 1143 777 0 DV ppwait 0xfffffe0074569a60 syz-executor.3
1143 1142 777 0 RV syz-executor.3
1142 1141 777 0 RV syz-executor.3
1141 1140 777 0 DV ppwait 0xfffffe0074419fe0 syz-executor.3
1140 1139 777 0 DV ppwait 0xfffffe007441a540 syz-executor.3
1139 1138 777 0 DV ppwait 0xfffffe007441aaa0 syz-executor.3
1138 1137 777 0 DV ppwait 0xfffffe007441b000 syz-executor.3
1137 1136 777 0 DV ppwait 0xfffffe007441b560 syz-executor.3
1136 1135 777 0 DV ppwait 0xfffffe007441bac0 syz-executor.3
1135 1134 777 0 DV ppwait 0xfffffe0074418fc0 syz-executor.3
1134 1 777 0 DV ppwait 0xfffffe0074472500 syz-executor.3
1128 1 776 0 SV uwait 0xfffffe006d503200 syz-executor.2
1100 1 772 0 SV uwait 0xfffffe006d501680 syz-executor.0
1096 0 0 0 DL mdwait 0xfffffe007451b000 [md1]
1081 1 777 0 SV uwait 0xfffffe0057370280 syz-executor.3
1069 1 773 0 S uwait 0xfffffe006d501900 syz-executor.1
1062 1 772 0 SV uwait 0xfffffe006d501780 syz-executor.0
1056 1 772 0 S uwait 0xfffffe006d501d00 syz-executor.0
1041 1 776 0 SV uwait 0xfffffe0057370780 syz-executor.2
1040 1 776 0 SV sbwait 0xfffffe006a87694c syz-executor.2
1038 1 1036 0 SV uwait 0xfffffe007436a380 syz-executor.3
1012 1 777 0 SV uwait 0xfffffe007436a480 syz-executor.3
1005 0 0 0 DL mdwait 0xfffffe007446d000 [md0]
1004 1 772 0 SV connec 0xfffffe006a88085a syz-executor.0
995 1 777 0 SV connec 0xfffffe006a87ac1a syz-executor.3
983 1 776 0 SV uwait 0xfffffe006d503d00 syz-executor.2
970 1 777 0 SV connec 0xfffffe006a87f85a syz-executor.3
963 1 776 0 SV uwait 0xfffffe0057370c80 syz-executor.2
962 1 776 0 SV uwait 0xfffffe006d503000 syz-executor.2
949 1 777 0 SV uwait 0xfffffe0057370380 syz-executor.3
943 1 773 0 SV uwait 0xfffffe006d502700 syz-executor.1
942 1 773 0 SV connec 0xfffffe006a88749a syz-executor.1
939 1 773 0 S uwait 0xfffffe006d502500 syz-executor.1
934 1 772 0 SV uwait 0xfffffe006d502d80 syz-executor.0
925 1 923 0 SV uwait 0xfffffe0007980400 syz-executor.3
917 1 772 0 SV uwait 0xfffffe006d502b80 syz-executor.0
916 1 772 0 SV connec 0xfffffe006a8890da syz-executor.0
914 1 773 0 SV uwait 0xfffffe006d503680 syz-executor.1
911 1 777 0 SV uwait 0xfffffe006d502a80 syz-executor.3
903 1 776 0 SV uwait 0xfffffe00578c9000 syz-executor.2
889 1 776 0 SV uwait 0xfffffe006d503880 syz-executor.2
886 1 773 0 SV uwait 0xfffffe006d502300 syz-executor.1
883 1 772 0 SV uwait 0xfffffe006d503100 syz-executor.0
879 1 772 0 SV uwait 0xfffffe006d503480 syz-executor.0
874 1 772 0 SV uwait 0xfffffe006d503980 syz-executor.0
870 1 773 0 SV uwait 0xfffffe006d502c80 syz-executor.1
859 1 776 0 SV fifoor 0xfffffe0058a2c028 syz-executor.2
857 1 777 0 SV uwait 0xfffffe0007980500 syz-executor.3
852 851 772 0 SV uwait 0xfffffe0057370d80 syz-executor.0
851 1 772 0 DV ppwait 0xfffffe00740b4a80 syz-executor.0
850 1 773 0 SV uwait 0xfffffe0057370a80 syz-executor.1
845 1 776 0 SV uwait 0xfffffe005736d400 syz-executor.2
838 818 838 0 Ss select 0xfffffe006ce72840 dhclient
835 1 835 0 Ss select 0xfffffe006ce72ac0 dhclient
818 795 424 65 S select 0xfffffe00078770c0 dhclient
817 0 0 0 DL aiordy 0xfffffe006cf52560 [aiod4]
816 0 0 0 DL aiordy 0xfffffe005420c5c0 [aiod3]
815 0 0 0 DL aiordy 0xfffffe0007ce7000 [aiod2]
814 0 0 0 DL aiordy 0xfffffe006d0f3040 [aiod1]
795 424 424 0 S wait 0xfffffe0007ce7560 sh
777 770 777 0 Rs syz-executor.3
776 770 776 0 Rs syz-executor.2
773 770 773 0 Rs syz-executor.1
772 770 772 0 Rs syz-executor.0
770 768 768 0 S (threaded) syz-fuzzer
100094 S uwait 0xfffffe005736ed00 syz-fuzzer
100120 S uwait 0xfffffe00578caf00 syz-fuzzer
100121 S wait 0xfffffe00579eeb00 syz-fuzzer
100122 S kqread 0xfffffe0007c82b00 syz-fuzzer
100123 S wait 0xfffffe00579eeb00 syz-fuzzer
100124 S uwait 0xfffffe006d504200 syz-fuzzer
100125 S uwait 0xfffffe00578ca180 syz-fuzzer
100126 S uwait 0xfffffe00578ca280 syz-fuzzer
100127 S wait 0xfffffe00579eeb00 syz-fuzzer
100128 S wait 0xfffffe00579eeb00 syz-fuzzer
100135 S uwait 0xfffffe0007980880 syz-fuzzer
100156 S uwait 0xfffffe0007980600 syz-fuzzer
768 766 768 0 Ss pause 0xfffffe006cf52b70 csh
766 682 766 0 Ss select 0xfffffe0007877540 sshd
748 1 748 0 Rs+ CPU 0 getty
747 1 747 0 Ss+ ttyin 0xfffffe00574c30b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe005874b0b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe005874b8b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0056ec00b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0056ec08b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0056ec10b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0056ec18b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0056ec20b0 getty
738 1 18 0 S+ piperd 0xfffffe006d0e3000 logger
737 736 18 0 S+ nanslp 0xffffffff83956481 sleep
736 1 18 0 S+ wait 0xfffffe00579ecac0 sh
686 1 686 0 Ss nanslp 0xffffffff83956480 cron
682 1 682 0 Ss select 0xfffffe006ce72d40 sshd
495 1 495 0 Ss select 0xfffffe0007877940 syslogd
424 1 424 0 Ss wait 0xfffffe0007ce7ac0 devd
423 1 423 65 Ss select 0xfffffe006ce73040 dhclient
338 1 338 0 Ss select 0xfffffe0007877ac0 dhclient
335 1 335 0 Ss select 0xfffffe006ce73140 dhclient
17 0 0 0 DL syncer 0xffffffff83a73ba0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007ce9040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83a72180 [bufdaemon]
100082 D - 0xffffffff82e02140 [bufspacedaemon-0]
100090 D sdflush 0xfffffe0058a88ce8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83abb680 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83aa34f8 [dom0]
100080 D launds 0xffffffff83aa3504 [laundry: dom0]
100081 D umarcl 0xffffffff81d50b90 [uma]
7 0 0 0 DL - 0xffffffff836d3cb0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff84502bb0 [pf purge]
5 0 0 0 DL waiting 0xffffffff842af760 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100044 D - 0xffffffff8369e340 [doneq0]
100045 D - 0xffffffff8369e2c0 [async]
100076 D - 0xffffffff8369e140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100041 D crypto_ 0xffffffff83a9ed20 [crypto]
100042 D crypto_ 0xfffffe0007c85030 [crypto returns 0]
100043 D crypto_ 0xfffffe0007c85080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0056f60c88 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100035 D - 0xffffffff838fee00 [g_event]
100036 D - 0xffffffff838fee20 [g_up]
100037 D - 0xffffffff838fee40 [g_down]
2 0 0 0 WL (threaded) [clock]
100029 I [clock (0)]
100030 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100012 I [swi6: task queue]
100013 I [swi6: Giant taskq]
100015 I [swi5: fast taskq]
100031 I [swi1: netisr 0]
100032 I [swi1: hpts]
100033 I [swi1: hpts]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq33: virtio_pci2]
100060 I [irq34: virtio_pci2]
100061 I [irq35: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe005420b040 [init]
10 0 0 0 DL audit_w 0xffffffff83a9f780 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff838ff7e0 [swapper]
100005 D - 0xfffffe00085f7d00 [softirq_0]
100006 D - 0xfffffe00085f7c00 [softirq_1]
100007 D - 0xfffffe00085f7b00 [if_io_tqg_0]
100008 D - 0xfffffe00085f7a00 [if_io_tqg_1]
100009 D - 0xfffffe00085f7900 [if_config_tqg_0]
100010 D - 0xfffffe00085f7800 [pci_hp taskq]
100011 D - 0xfffffe00085f7700 [kqueue_ctx taskq]
100014 D - 0xfffffe00085f7400 [thread taskq]
100016 D - 0xfffffe00085f7200 [aiod_kick taskq]
100017 D - 0xfffffe00085f7100 [deferred_unmount ta]
100018 D - 0xfffffe00085f7000 [inm_free taskq]
100019 D - 0xfffffe00085f6e00 [in6m_free taskq]
100020 D - 0xfffffe00085f6d00 [linuxkpi_irq_wq]
100021 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_0]
100022 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_1]
100023 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_2]
100024 D - 0xfffffe00085f6c00 [linuxkpi_short_wq_3]
100025 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_0]
100026 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_1]
100027 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_2]
100028 D - 0xfffffe00085f6b00 [linuxkpi_long_wq_3]
100034 D - 0xfffffe00085f6a00 [firmware taskq]
100039 D - 0xfffffe00085f6700 [crypto_0]
100040 D - 0xfffffe00085f6700 [crypto_1]
100055 D - 0xfffffe00085f6500 [vtnet0 rxq 0]
100056 D - 0xfffffe00085f6400 [vtnet0 txq 0]
100057 D - 0xfffffe00085f6300 [vtnet0 rxq 1]
100058 D - 0xfffffe00085f6200 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0007cbc380 [virtio_balloon]
100066 D - 0xffffffff826f28e0 [deadlkres]
100070 D - 0xfffffe005797ab00 [acpi_task_0]
100071 D - 0xfffffe005797ab00 [acpi_task_1]
100072 D - 0xfffffe005797ab00 [acpi_task_2]
100074 D - 0xfffffe00085f8100 [mca taskq]
100075 D - 0xfffffe00085f6600 [CAM taskq]
100349 D - 0xfffffe006a8dde00 [netlink_socket (PID]
1042 1041 776 0 Z syz-executor.2
1044 1041 776 0 Z syz-executor.2
1208 1207 773 0 Z syz-executor.1
1258 1257 773 0 Z syz-executor.1
1318 1317 777 0 Z syz-executor.3
1373 1369 773 0 Z syz-executor.1
1375 1374 772 0 Z syz-executor.0
880 879 772 0 Z syz-executor.0
882 879 772 0 Z syz-executor.0
918 917 772 0 Z syz-executor.0
944 943 773 0 Z syz-executor.1
950 949 777 0 Z syz-executor.3
951 949 777 0 Z syz-executor.3
952 949 777 0 Z syz-executor.3
996 995 777 0 Z syz-executor.3
997 995 777 0 Z syz-executor.3
db> show all locks
Process 1384 (syz-executor.2) thread 0xfffffe00747ee740 (100665)
exclusive sleep mutex socket (socket) r = 0 (0xfffffe006a64ab40) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:3924
exclusive sleep mutex socket (socket) r = 0 (0xfffffe006a64b000) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:3908
exclusive sleep mutex unp (unp) r = 0 (0xfffffe006ce6c600) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:2361
exclusive sleep mutex unp (unp) r = 0 (0xfffffe006ce6c200) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:359
exclusive sleep mutex sleep mtxpool (sleep mtxpool) r = 0 (0xfffffe000785f300) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:2322
shared lockmgr ufs (ufs) r = 0 (0xfffffe007433be70) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_subr.c:3298
Process 1040 (syz-executor.2) thread 0xfffffe00740ba740 (100348)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe006a876900) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4036
Process 748 (getty) thread 0xfffffe006d0fb000 (100117)
exclusive sleep mutex ttymtx (ttymtx) r = 0 (0xfffffe0007d1e408) locked @ /syzkaller/managers/main/kernel/sys/kern/tty.c:217
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
linker 371 4934K 485
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4219
sysctloid 34865 2055K 34936
filedesc 248 1980K 1170
vtbuf 24 1968K 46
kobj 326 1304K 506
newblk 80 1044K 1253
vfscache 3 1025K 3
pcb 258 930K 1428
subproc 409 871K 1600
inodedep 110 553K 445
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 101 201K 3186
acpica 1674 184K 60830
filemon 19 152K 61
tidhash 3 141K 3
vmem 3 138K 5
pagedep 36 137K 325
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 111 111K 128
sem 4 106K 4
gtaskqueue 18 98K 18
kdtrace 492 86K 2052
bus 985 81K 5155
umtx 608 76K 608
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
sctp_atcl 150 57K 756
temp 35 37K 1916
BPF 23 36K 39
sctp_stro 34 34K 81
tcp_fsb_rack 16 33K 90
DEVFS3 130 33K 140
hostcache 1 32K 1
shm 1 32K 2
msg 4 30K 4
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
dirrem 75 19K 356
ifaddr 67 19K 69
LRO 18 19K 18
ufs_mount 4 17K 5
proc 3 17K 3
lltable 51 17K 51
tty 16 16K 16
routetbl 130 16K 410
kqueue 203 16K 1406
ithread 97 16K 97
bus-sc 34 15K 1687
eventhandler 162 14K 162
GEOM 75 13K 525
ifnet 7 13K 7
ether_multi 152 13K 165
kenv 95 12K 95
pwddesc 182 12K 1418
rman 86 11K 451
CAM queue 5 11K 1528
in6_multi 65 9K 66
ksem 3 9K 34
rpc 4 9K 4
devstat 4 9K 4
UART 12 9K 12
bmsafemap 1 8K 400
shmfd 1 8K 1
pfs_vncache 1 8K 1
md_disk 2 8K 2
freefile 62 8K 293
cred 31 8K 290
audit_evclass 238 8K 300
CC Mem 28 7K 227
taskqueue 66 7K 81
sctp_atky 184 7K 843
sctp_timw 25 7K 25
DEVFSP 98 7K 289
sglist 6 7K 6
CAM DEV 3 6K 510
plimit 22 6K 365
pfs_nodes 22 6K 22
hhook 16 6K 18
ufs_dirhash 24 5K 24
proc-args 204 5K 2447
UMA 267 5K 267
pf_ifnet 10 5K 21
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
newdirblk 31 4K 309
session 28 4K 119
acpisem 28 4K 28
lockf 32 4K 66
kcovinfo 52 4K 52
freework 13 4K 271
freeblks 12 3K 270
terminal 11 3K 11
uidinfo 5 3K 15
sctp_athm 150 3K 766
clone 9 3K 9
tcp_pcm_rack 8 2K 45
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
selfd 31 2K 17105
ip6ndp 12 2K 13
sctp_ifa 13 2K 14
CAM XPT 22 2K 543
Unitno 25 2K 51
msi 12 2K 12
in_multi 6 2K 8
tun 4 2K 4
toponodes 6 2K 6
inpcbpolicy 44 2K 453
ipsecpolicy 2 2K 2
select 10 2K 40
acpidev 20 2K 20
cryptodev 18 2K 278
sctp_map 68 2K 160
softdep 1 1K 1
mkdir 8 1K 618
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 150
NFSD session 1 1K 1
diradd 7 1K 392
CAM periph 4 1K 271
osd 33 1K 233
ipsec 3 1K 3
sctp_ifn 6 1K 14
netlink 3 1K 29
mld 6 1K 6
igmp 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
crypto 4 1K 52
encap_export_host 12 1K 12
soname 15 1K 3804
cdev 2 1K 2
lkpikmalloc 8 1K 9
chacha20random 1 1K 1
biobuf 1 1K 1
vnodes 2 1K 4
freefrag 2 1K 10
indirdep 1 1K 12
ip6opt 1 1K 12
procdesc 2 1K 8
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
pf_osfp 2 1K 2
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
VN POLL 1 1K 1
aio 4 1K 4
pmchooks 1 1K 1
filecaps 5 1K 72
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
iov 1 1K 14621
pmc 1 1K 1
filedesc_to_leader 1 1K 3
entropy 2 1K 38
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
tcp_do_rack 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 7
pf_altq 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
mqdata 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 225
sctp_iter 0 0K 12
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 12
sctp_aadr 0 0K 2
sctp_stri 0 0K 14
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 33
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 27
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6_msource 0 0K 1
ip6_moptions 0 0K 7
in6_mfilter 0 0K 5
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
statfs 0 0K 198
namei_tracker 0 0K 7
export_host 0 0K 0
cl_savebuf 0 0K 6
lio 0 0K 218
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 10
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 191
eventfd 0 0K 7
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 312
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 663
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 84
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 6
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8321 1077 31248 0 254 38494208 0
mbuf 256 8971 692 68680 0 254 2473728 0
malloc-4096 4096 542 4 2500 0 2 2236416 0
malloc-16384 16384 127 4 588 0 1 2146304 0
BUF TRIE 144 235 11553 782 0 62 1697472 0
malloc-384 384 4378 32 4997 0 30 1693440 0
mbuf_cluster 2048 762 0 762 0 254 1560576 0
malloc-128 128 11450 144 11520 0 126 1484032 0
UMA Slabs 0 112 11349 21 11349 0 126 1273440 0
RADIX NODE 144 7906 181 36063 0 62 1164528 0
sctp_asoc 2256 34 476 80 0 254 1150560 0
malloc-65536 65536 15 2 23 0 1 1114112 0
vmem btag 56 17304 87 17304 0 254 973896 0
FFS inode 1168 585 17 884 0 8 703136 0
sctp_ep 1144 116 395 669 0 254 584584 0
THREAD 1824 293 11 666 0 8 554496 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0
malloc-2048 2048 12 228 1126 0 8 491520 0
socket 960 156 352 2425 0 254 487680 0
VM OBJECT 264 1753 47 18515 0 30 475200 0
sctp_raddr 736 34 483 92 0 254 380512 0
256 Bucket 2048 149 19 1175 0 8 344064 0
VNODE 448 624 69 925 0 30 310464 0
MAP ENTRY 96 2720 304 54858 0 126 290304 0
PROC 1376 197 12 1384 0 8 287584 0
FPU_save_area 832 295 29 2693 0 16 269568 0
malloc-2048 2048 118 10 671 0 8 262144 0
malloc-64 64 3856 239 3874 0 254 262080 0
malloc-2048 2048 106 14 183 0 8 245760 0
malloc-16 16 14432 318 14731 0 254 236000 0
DEVCTL 1024 25 195 152 0 0 225280 0
malloc-256 256 91 779 1302 0 62 222720 0
malloc-8192 8192 25 2 68 0 1 221184 0
filedesc0 1072 182 21 1418 0 8 217616 0
tcp_log 416 0 513 18 0 254 213408 0
malloc-1024 1024 173 19 257 0 16 196608 0
mbuf_packet 256 27 735 7717 0 254 195072 0
malloc-128 128 1289 230 29504 0 126 194432 0
UMA Zones 768 239 0 239 0 16 183552 0
malloc-32 32 5279 391 5310 0 254 181440 0
FFS2 dinode 256 585 105 884 0 62 176640 0
malloc-256 256 603 87 1954 0 62 176640 0
lkpimm 56 1 3095 1 0 254 173376 0
S VFS Cache 104 1032 372 1422 0 126 146016 0
malloc-65536 65536 0 2 66 0 1 131072 0
malloc-65536 65536 0 2 7 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-128 128 721 302 2127 0 126 130944 0
unpcb 256 17 493 1259 0 254 130560 0
ksiginfo 112 198 846 2595 0 126 116928 0
malloc-128 128 662 237 1102 0 126 115072 0
g_bio 408 0 270 6533 0 30 110160 0
ertt_txseginfo 40 0 2626 18916 0 254 105040 0
malloc-32768 32768 3 0 3 0 1 98304 0
malloc-32768 32768 1 2 13 0 1 98304 0
malloc-384 384 211 29 554 0 30 92160 0
UMA Kegs 384 226 7 226 0 30 89472 0
128 Bucket 1024 54 29 294 0 16 84992 0
malloc-8192 8192 9 1 12 0 1 81920 0
malloc-4096 4096 16 4 33 0 2 81920 0
malloc-256 256 190 125 1346 0 62 80640 0
sctp_chunk 152 84 436 100 0 254 79040 0
tcp_inpcb 1304 28 29 220 0 8 74328 0
VMSPACE 616 86 28 1096 0 16 70224 0
64 Bucket 512 84 52 1787 0 30 69632 0
malloc-384 384 123 57 458 0 30 69120 0
malloc-64 64 752 319 3665 0 254 68544 0
malloc-64 64 472 599 931 0 254 68544 0
malloc-64 64 644 427 15578 0 254 68544 0
tcp_bbr_map 128 6 521 1197 0 126 67456 0
malloc-128 128 333 194 807 0 126 67456 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 0 2 120 0 1 65536 0
sctp_stream_msg_out 112 8 532 32 0 254 60480 0
malloc-4096 4096 10 4 23 0 2 57344 0
malloc-64 64 43 776 17141 0 254 52416 0
Files 80 360 290 9631 0 126 52000 0
TURNSTILE 136 305 73 305 0 62 51408 0
malloc-256 256 79 116 512 0 62 49920 0
malloc-256 256 104 91 1679 0 62 49920 0
malloc-256 256 75 120 205 0 62 49920 0
32 Bucket 256 80 115 1819 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
NAMEI 1024 1 47 15204 0 16 49152 0
malloc-1024 1024 10 38 1534 0 16 49152 0
da_ccb 544 0 84 1764 0 16 45696 0
syncache 168 0 264 4 0 254 44352 0
malloc-8192 8192 3 2 29 0 1 40960 0
pcpu-8 8 4756 364 5119 0 254 40960 0
pipe 728 22 33 323 0 16 40040 0
udp_inpcb 416 8 82 171 0 30 37440 0
tcp_rack_pcb 1216 8 22 45 0 8 36480 0
malloc-64 64 99 468 764 0 254 36288 0
malloc-64 64 217 350 1945 0 254 36288 0
malloc-64 64 25 542 29 0 254 36288 0
tcp_rack_map 128 28 251 52 0 126 35712 0
malloc-128 128 5 274 6 0 126 35712 0
malloc-128 128 63 216 3450 0 126 35712 0
malloc-128 128 66 213 73 0 126 35712
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 9, 2024, 3:12:28 PMApr 9
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: cce11997a052 mountd.8: Document the new -A mountd option
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=173caf9d180000
dashboard link: https://syzkaller.appspot.com/bug?extid=bc625d5190443c1cde55
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12751e13180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16c7425d180000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bc625d...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x6a618950
frame pointer = 0x28:0xfffffe006a5c8790
rdi: 000000006a618950 rsi: 0000000000000000 rdx: 000000000d4c312b
r10: 0000000000000000 r11: 000000000000001f r12: 000000006a618950
r13: fffffe006a856360 r14: fffffe006a618780 r15: fffffe006a618958
time = 1712689764
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe006a5c7e30
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe006a5c7f90
vpanic() at vpanic+0x26a/frame 0xfffffe006a5c8150
panic() at panic+0xb5/frame 0xfffffe006a5c8210
trap_fatal() at trap_fatal+0x7f2/frame 0xfffffe006a5c8330
trap_pfault() at trap_pfault+0x179/frame 0xfffffe006a5c8450
trap() at trap+0x648/frame 0xfffffe006a5c8630
calltrap() at calltrap+0x8/frame 0xfffffe006a5c8630
--- trap 0xc, rip = 0xffffffff8169276a, rsp = 0xfffffe006a5c8700, rbp = 0xfffffe006a5c8790 ---
soisconnected() at soisconnected+0x58a/frame 0xfffffe006a5c8790
unp_connectat() at unp_connectat+0xcd3/frame 0xfffffe006a5c8b90
soconnectat() at soconnectat+0x1c8/frame 0xfffffe006a5c8bf0
kern_connectat() at kern_connectat+0x300/frame 0xfffffe006a5c8cd0
sys_connect() at sys_connect+0xf5/frame 0xfffffe006a5c8d10
amd64_syscall() at amd64_syscall+0x4cb/frame 0xfffffe006a5c8f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe006a5c8f30
--- syscall (0, FreeBSD ELF64, syscall), rip = 0x233e9a, rsp = 0x82105c3e8, rbp = 0x82105c400 ---
KDB: enter: panic
[ thread pid 773 tid 100104 ]
rbx 0xffffffff826ed6a0 .str.27
rsp 0xfffffe006a5c7f70
rbp 0xfffffe006a5c7f90
rsi 0
rdi 0xffffffff82e004b0 panicstr
r13 0xfffffffffffffffe
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 771 at 0xfffffe006cf40ac0
ABI: FreeBSD ELF64
flag: 0x10004000 flag2: 0
arguments: ./syz-executor2415021334
(map 0xfffffe006d03c268)
(map.pmap 0xfffffe006d03c328)
(pmap 0xfffffe006d03c398)
threads: 1
100104 Run CPU 0 syz-executor2415021
771 769 771 0 Ss pause 0xfffffe006cf40b70 csh
769 682 769 0 Ss select 0xfffffe0007876e40 sshd
748 1 748 0 Rs+ CPU 1 getty
747 1 747 0 Ss+ ttyin 0xfffffe0056ec00b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe00574c10b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00574c18b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0056ec08b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0056ec10b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe00574c30b0 getty
737 736 18 0 S+ nanslp 0xffffffff83956480 sleep
736 1 18 0 S+ wait 0xfffffe006d093560 sh
495 1 495 0 Ds bo_wwai 0xfffffe006cf50da8 syslogd
424 1 424 0 Ss select 0xfffffe0007877940 devd
423 1 423 65 Ss select 0xfffffe0007877a40 dhclient
338 1 338 0 Ss select 0xfffffe0007877b40 dhclient
335 1 335 0 Ss select 0xfffffe0007877c40 dhclient
5 0 0 0 DL waiting 0xffffffff842c6760 [sctp_iterator]
4 0 0 0 RL (threaded) [cam]
100044 RunQ [doneq0]
100066 D - 0xffffffff826f28e1 [deadlkres]
Process 773 (syz-executor2415021) thread 0xfffffe006a814000 (100104)
exclusive sleep mutex socket (socket) r = 0 (0xfffffe006a618780) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:3924
exclusive sleep mutex socket (socket) r = 0 (0xfffffe006a856000) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:3908
exclusive sleep mutex unp (unp) r = 0 (0xfffffe006a8ade00) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:2361
exclusive sleep mutex unp (unp) r = 0 (0xfffffe006a8ae100) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:357
exclusive sleep mutex sleep mtxpool (sleep mtxpool) r = 0 (0xfffffe0007859c00) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:2322
shared lockmgr ufs (ufs) r = 0 (0xfffffe006d0693f0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_subr.c:3298
Process 495 (syslogd) thread 0xfffffe006a816740 (100099)
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006cf50cb0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3581
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4217
sysctloid 34865 2055K 34936
vtbuf 24 1968K 46
kobj 326 1304K 488
newblk 854 1238K 867
vfscache 3 1025K 3
pcb 23 669K 42
inodedep 49 530K 73
acpica 1674 184K 60830
subproc 96 181K 830
tidhash 3 141K 3
vmem 3 134K 4
pagedep 14 132K 18
DEVFS1 105 105K 114
gtaskqueue 18 98K 18
bus 985 81K 5155
hostcache 1 32K 1
shm 1 32K 1
kdtrace 157 32K 891
DEVFS3 124 31K 134
msg 4 30K 4
umtx 240 30K 240
ifaddr 30 12K 32
GEOM 61 11K 481
routetbl 50 11K 176
taskqueue 63 7K 63
dirrem 17 5K 28
plimit 17 5K 322
ifnet 3 5K 3
evdev 4 4K 4
acpisem 28 4K 28
diradd 26 4K 37
ether_multi 40 4K 50
lltable 11 4K 11
pf_ifnet 5 3K 6
in6_multi 25 3K 25
terminal 11 3K 11
session 20 3K 31
kqueue 40 3K 776
pwddesc 40 3K 774
clone 9 3K 9
uidinfo 3 3K 8
proc-args 62 3K 1696
msi 12 2K 12
toponodes 6 2K 6
selfd 22 2K 13044
ipsecpolicy 2 2K 2
acpidev 20 2K 20
softdep 1 1K 1
indirdep 3 1K 3
CC Mem 3 1K 7
nhops 6 1K 6
crypto 4 1K 4
ip6ndp 4 1K 5
encap_export_host 12 1K 12
newdirblk 4 1K 8
mkdir 4 1K 16
netlink 2 1K 12
in_multi 2 1K 4
soname 7 1K 3332
sctp_ifn 2 1K 6
mld 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
procdesc 1 1K 6
pmchooks 1 1K 1
entropy 2 1K 35
p1003.1b 1 1K 1
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
filemon 0 0K 0
sctp_iter 0 0K 4
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 4
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
savedino 0 0K 15
freeblks 0 0K 25
ip6opt 0 0K 3
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
statfs 0 0K 195
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 5
aio 0 0K 0
lio 0 0K 0
ioctlops 0 0K 86
eventfd 0 0K 0
tcp_log_dev 0 0K 0
md_disk 0 0K 0
mbuf_jumbo_page 4096 8320 1078 15747 0 254 38494208 0
mbuf 256 8577 1085 18761 0 254 2473472 0
BUF TRIE 144 224 11564 594 0 62 1697472 0
malloc-384 384 4200 30 4213 0 30 1624320 0
malloc-4096 4096 372 4 1822 0 2 1540096 0
malloc-128 128 11444 150 11505 0 126 1484032 0
UMA Slabs 0 112 10712 10 10712 0 126 1200864 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
malloc-65536 65536 15 0 18 0 1 983040 0
vmem btag 56 15441 150 15441 0 254 873096 0
FFS inode 1168 516 23 525 0 8 629552 0
RADIX NODE 144 3436 227 24220 0 62 527472 0
256 Bucket 2048 118 18 978 0 8 278528 0
VNODE 448 546 57 557 0 30 270144 0
VM OBJECT 264 940 80 14137 0 30 269280 0
malloc-2048 2048 9 119 1074 0 8 262144 0
malloc-64 64 3803 292 3815 0 254 262080 0
malloc-256 256 865 65 898 0 62 238080 0
malloc-16 16 14403 97 14500 0 254 232000 0
malloc-2048 2048 105 7 106 0 8 229376 0
DEVCTL 1024 0 220 123 0 0 225280 0
THREAD 1824 116 4 116 0 8 218880 0
malloc-128 128 1285 234 28869 0 126 194432 0
malloc-1024 1024 133 27 161 0 16 163840 0
FFS2 dinode 256 516 54 525 0 62 145920 0
malloc-65536 65536 0 2 54 0 1 131072 0
mbuf_packet 256 0 508 117 0 254 130048 0
S VFS Cache 104 983 187 1023 0 126 121680 0
MAP ENTRY 96 893 367 40285 0 126 120960 0
FPU_save_area 832 118 26 130 0 16 119808 0
ksiginfo 112 39 1005 54 0 126 116928 0
malloc-256 256 327 108 986 0 62 111360 0
malloc-128 128 601 174 1559 0 126 99200 0
PROC 1376 39 16 773 0 8 75680 0
malloc-8192 8192 8 1 10 0 1 73728 0
malloc-4096 4096 16 2 30 0 2 73728 0
128 Bucket 1024 41 26 240 0 16 68608 0
malloc-64 64 631 440 15008 0 254 68544 0
malloc-128 128 299 228 321 0 126 67456 0
malloc-128 128 293 234 430 0 126 67456 0
64 Bucket 512 67 37 1037 0 30 53248 0
filedesc0 1072 40 9 774 0 8 52528 0
malloc-64 64 308 511 1854 0 254 52416 0
malloc-64 64 467 352 895 0 254 52416 0
malloc-256 256 64 131 732 0 62 49920 0
malloc-256 256 74 121 197 0 62 49920 0
32 Bucket 256 55 140 1117 0 62 49920 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-1024 1024 10 38 1375 0 16 49152 0
syncache 168 0 264 5 0 254 44352 0
da_ccb 544 1 69 1336 0 16 38080 0
udp_inpcb 416 6 84 128 0 30 37440 0
pcpu-8 8 4281 327 4309 0 254 36864 0
malloc-64 64 34 533 13080 0 254 36288 0
malloc-64 64 53 514 620 0 254 36288 0
malloc-64 64 54 513 799 0 254 36288 0
malloc-128 128 67 212 72 0 126 35712 0
routing nhops 256 10 125 17 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 62 28 86 0 30 34560 0
malloc-384 384 57 33 400 0 30 34560 0
malloc-256 256 42 93 166 0 62 34560 0
malloc-256 256 7 128 108 0 62 34560 0
malloc-256 256 8 127 414 0 62 34560 0
malloc-256 256 66 69 626 0 62 34560 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-16384 16384 0 2 160 0 1 32768 0
malloc-2048 2048 4 12 16 0 8 32768 0
malloc-2048 2048 7 9 23 0 8 32768 0
malloc-2048 2048 0 16 40 0 8 32768 0
malloc-2048 2048 3 13 194 0 8 32768 0
malloc-1024 1024 2 30 42 0 16 32768 0
malloc-1024 1024 5 27 9 0 16 32768 0
malloc-1024 1024 10 22 175 0 16 32768 0
malloc-512 512 9 55 127 0 30 32768 0
malloc-512 512 2 62 22 0 30 32768 0
malloc-512 512 4 60 55 0 30 32768 0
pcpu-64 64 488 24 488 0 254 32768 0
ttyinq 160 135 65 300 0 62 32000 0
PGRP 120 20 244 31 0 126 31680 0
clpbuf 2624 0 12 30 0 4 31488 0
VMSPACE 616 23 25 758 0 16 29568 0
sctp_laddr 48 0 588 4 0 254 28224 0
malloc-32 32 269 613 3280 0 254 28224 0
16 Bucket 144 44 152 253 0 62 28224 0
4 Bucket 48 7 581 10 0 254 28224 0
TURNSTILE 136 121 68 121 0 62 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 1 2 102 0 1 24576 0
malloc-8192 8192 1 2 20 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-4096 4096 2 4 197 0 2 24576 0
ertt_txseginfo 40 0 606 303 0 254 24240 0
rl_entry 40 31 575 31 0 254 24240 0
PWD 40 10 596 99 0 254 24240 0
rtentry 168 13 131 17 0 62 24192 0
pipe 728 7 26 282 0 16 24024 0
Files 80 73 227 6517 0 126 24000 0
8 Bucket 80 49 251 250 0 126 24000 0
tcp_inpcb 1304 3 15 7 0 8 23472 0
ripcb 384 1 59 4 0 30 23040 0
malloc-384 384 11 49 11 0 30 23040 0
malloc-384 384 1 59 3 0 30 23040 0
malloc-384 384 1 59 20 0 30 23040 0
malloc-384 384 9 51 12 0 30 23040 0
Mountpoints 2816 2 6 2 0 4 22528 0
SLEEPQUEUE 88 121 135 121 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
udp_inpcb ports 32 3 627 40 0 254 20160 0
ertt 72 3 277 7 0 126 20160 0
malloc-32 32 82 548 84 0 254 20160 0
malloc-32 32 102 528 1682 0 254 20160 0
malloc-32 32 69 561 179 0 254 20160 0
malloc-32 32 16 614 186 0 254 20160 0
malloc-32 32 59 571 951 0 254 20160 0
malloc-32 32 29 601 50 0 254 20160 0
2 Bucket 32 46 584 302 0 254 20160 0
KNOTE 160 0 125 8 0 62 20000 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 3 1 3 0 2 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-1024 1024 1 15 4 0 16 16384 0
malloc-1024 1024 8 8 8 0 16 16384 0
malloc-512 512 4 28 14 0 30 16384 0
malloc-512 512 1 31 1 0 30 16384 0
SMR CPU 32 7 504 7 0 254 16352 0
kenv 258 17 43 1069 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
vmem 1856 1 7 1 0 8 14848 0
SMR SHARED 24 7 504 7 0 254 12264 0
tcp_inpcb ports 32 1 377 1 0 254 12096 0
malloc-16 16 28 722 67 0 254 12000 0
malloc-16 16 292 458 457 0 254 12000 0
malloc-16 16 34 716 76 0 254 12000 0
malloc-16 16 4 746 94 0 254 12000 0
malloc-16 16 209 541 4340 0 254 12000 0
malloc-16 16 24 726 27774 0 254 12000 0
malloc-16 16 16 734 17 0 254 12000 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 1 0 2 8192 0
pcpu-16 16 8 504 8 0 254 8192 0
vtnet_tx_hdr 24 0 334 2045 0 254 8016 0
UMA Slabs 1 176 8 14 8 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 360 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_rack_pcb 1216 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_raddr 736 0 0 0 0 254 0 0
sctp_asoc 2256 0 0 0 0 254 0 0
sctp_ep 1144 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb ports 32 0 0 0 0 254 0 0
udplite_inpcb 416 0 0 0 0 30 0 0
ripcb ports 32 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 232 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
cryptop 280 0 0 0 0 30 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 144 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 104 0 0 0 0 126 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-2048 2048 0 0 0 0 8 0 0
malloc-1024 1024 0 0 0 0 16 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-384 384 0 0 0 0 30 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: cce11997a052 mountd.8: Document the new -A mountd option
git tree: freebsd-src
dashboard link: https://syzkaller.appspot.com/bug?extid=bc625d5190443c1cde55
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12751e13180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16c7425d180000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bc625d...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x6a618950
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff8169276a
stack pointer = 0x28:0xfffffe006a5c8700
instruction pointer = 0x20:0xffffffff8169276a
frame pointer = 0x28:0xfffffe006a5c8790
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 773 (syz-executor2415021)
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
rdi: 000000006a618950 rsi: 0000000000000000 rdx: 000000000d4c312b
rcx: fffffe00033eee30 r8: 0000000000000000 r9: 0000000000000000
rax: fffffe00033eee30 rbx: fffffe006a856368 rbp: fffffe006a5c8790
r10: 0000000000000000 r11: 000000000000001f r12: 000000006a618950
r13: fffffe006a856360 r14: fffffe006a618780 r15: fffffe006a618958
trap number = 12
panic: page fault
cpuid = 0
panic: page fault
time = 1712689764
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe006a5c7e30
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe006a5c7f90
vpanic() at vpanic+0x26a/frame 0xfffffe006a5c8150
panic() at panic+0xb5/frame 0xfffffe006a5c8210
trap_fatal() at trap_fatal+0x7f2/frame 0xfffffe006a5c8330
trap_pfault() at trap_pfault+0x179/frame 0xfffffe006a5c8450
trap() at trap+0x648/frame 0xfffffe006a5c8630
calltrap() at calltrap+0x8/frame 0xfffffe006a5c8630
--- trap 0xc, rip = 0xffffffff8169276a, rsp = 0xfffffe006a5c8700, rbp = 0xfffffe006a5c8790 ---
soisconnected() at soisconnected+0x58a/frame 0xfffffe006a5c8790
unp_connectat() at unp_connectat+0xcd3/frame 0xfffffe006a5c8b90
soconnectat() at soconnectat+0x1c8/frame 0xfffffe006a5c8bf0
kern_connectat() at kern_connectat+0x300/frame 0xfffffe006a5c8cd0
sys_connect() at sys_connect+0xf5/frame 0xfffffe006a5c8d10
amd64_syscall() at amd64_syscall+0x4cb/frame 0xfffffe006a5c8f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe006a5c8f30
--- syscall (0, FreeBSD ELF64, syscall), rip = 0x233e9a, rsp = 0x82105c3e8, rbp = 0x82105c400 ---
KDB: enter: panic
[ thread pid 773 tid 100104 ]
Stopped at kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
rdx 0xdffff7c000000000
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
rbx 0xffffffff826ed6a0 .str.27
rsp 0xfffffe006a5c7f70
rbp 0xfffffe006a5c7f90
rsi 0
rdi 0xffffffff82e004b0 panicstr
r8 0
r9 0xffffffff
r10 0
r11 0x17
r12 0xfffffe006a814000
r9 0xffffffff
r10 0
r11 0x17
r13 0xfffffffffffffffe
r14 0xffffffff826ed6a0 .str.27
r15 0
rip 0xffffffff815acc1e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> show proc
Process 773 (syz-executor2415021) at 0xfffffe006cf41020:
r15 0
rip 0xffffffff815acc1e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23c8477(%rip)
db> show proc
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 771 at 0xfffffe006cf40ac0
ABI: FreeBSD ELF64
flag: 0x10004000 flag2: 0
arguments: ./syz-executor2415021334
reaper: 0xfffffe005420b040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe006d03c268
sigparent: 20
(map 0xfffffe006d03c268)
(map.pmap 0xfffffe006d03c328)
(pmap 0xfffffe006d03c398)
threads: 1
100104 Run CPU 0 syz-executor2415021
db> ps
pid ppid pgrp uid state wmesg wchan cmd
773 771 771 0 R CPU 0 syz-executor2415021
pid ppid pgrp uid state wmesg wchan cmd
771 769 771 0 Ss pause 0xfffffe006cf40b70 csh
769 682 769 0 Ss select 0xfffffe0007876e40 sshd
748 1 748 0 Rs+ CPU 1 getty
747 1 747 0 Ss+ ttyin 0xfffffe0056ec00b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe00574c10b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00574c18b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0056ec08b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0056ec10b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe00574c30b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0056ec18b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0056ec20b0 getty
738 1 18 0 S+ piperd 0xfffffe0058ace3e8 logger
740 1 740 0 Ss+ ttyin 0xfffffe0056ec20b0 getty
737 736 18 0 S+ nanslp 0xffffffff83956480 sleep
736 1 18 0 S+ wait 0xfffffe006d093560 sh
686 1 686 0 Ss nanslp 0xffffffff83956480 cron
682 1 682 0 Ss select 0xfffffe0007877640 sshd
495 1 495 0 Ds bo_wwai 0xfffffe006cf50da8 syslogd
424 1 424 0 Ss select 0xfffffe0007877940 devd
423 1 423 65 Ss select 0xfffffe0007877a40 dhclient
338 1 338 0 Ss select 0xfffffe0007877b40 dhclient
335 1 335 0 Ss select 0xfffffe0007877c40 dhclient
17 0 0 0 DL syncer 0xffffffff83a73ba0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007ce9040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83a72180 [bufdaemon]
100082 D - 0xffffffff82e02140 [bufspacedaemon-0]
100093 D sdflush 0xfffffe0058a43ce8 [/ worker]
16 0 0 0 DL vlruwt 0xfffffe0007ce9040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83a72180 [bufdaemon]
100082 D - 0xffffffff82e02140 [bufspacedaemon-0]
9 0 0 0 DL psleep 0xffffffff83abb680 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83aa34f8 [dom0]
100080 D launds 0xffffffff83aa3504 [laundry: dom0]
100081 D umarcl 0xffffffff81d50b90 [uma]
7 0 0 0 DL - 0xffffffff836d3cb0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff847bebb0 [pf purge]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83aa34f8 [dom0]
100080 D launds 0xffffffff83aa3504 [laundry: dom0]
100081 D umarcl 0xffffffff81d50b90 [uma]
7 0 0 0 DL - 0xffffffff836d3cb0 [rand_harvestq]
5 0 0 0 DL waiting 0xffffffff842c6760 [sctp_iterator]
4 0 0 0 RL (threaded) [cam]
100044 RunQ [doneq0]
100070 D - 0xfffffe005797ab00 [acpi_task_0]
100071 D - 0xfffffe005797ab00 [acpi_task_1]
100072 D - 0xfffffe005797ab00 [acpi_task_2]
100074 D - 0xfffffe00085f8100 [mca taskq]
100075 D - 0xfffffe00085f6600 [CAM taskq]
db> show all locks
100071 D - 0xfffffe005797ab00 [acpi_task_1]
100072 D - 0xfffffe005797ab00 [acpi_task_2]
100074 D - 0xfffffe00085f8100 [mca taskq]
100075 D - 0xfffffe00085f6600 [CAM taskq]
Process 773 (syz-executor2415021) thread 0xfffffe006a814000 (100104)
exclusive sleep mutex socket (socket) r = 0 (0xfffffe006a618780) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:3924
exclusive sleep mutex socket (socket) r = 0 (0xfffffe006a856000) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:3908
exclusive sleep mutex unp (unp) r = 0 (0xfffffe006a8ade00) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:2361
exclusive sleep mutex unp (unp) r = 0 (0xfffffe006a8ae100) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:357
exclusive sleep mutex sleep mtxpool (sleep mtxpool) r = 0 (0xfffffe0007859c00) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_usrreq.c:2322
shared lockmgr ufs (ufs) r = 0 (0xfffffe006d0693f0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_subr.c:3298
Process 495 (syslogd) thread 0xfffffe006a816740 (100099)
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006cf50cb0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3581
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
linker 371 4934K 481
Type InUse MemUse Requests
pf_hash 5 11524K 5
tcp_hpts 7 4801K 7
devbuf 4192 4324K 4217
sysctloid 34865 2055K 34936
vtbuf 24 1968K 46
kobj 326 1304K 488
newblk 854 1238K 867
vfscache 3 1025K 3
pcb 23 669K 42
inodedep 49 530K 73
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 100 200K 100
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
acpica 1674 184K 60830
subproc 96 181K 830
tidhash 3 141K 3
vmem 3 134K 4
pagedep 14 132K 18
tfo_ccache 1 128K 1
IP reass 1 128K 1
sem 4 106K 4
IP reass 1 128K 1
DEVFS1 105 105K 114
gtaskqueue 18 98K 18
bus 985 81K 5155
mtx_pool 2 72K 2
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
temp 18 37K 1567
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 513 65K 513
ddb_capture 1 64K 1
hostcache 1 32K 1
shm 1 32K 1
kdtrace 157 32K 891
DEVFS3 124 31K 134
msg 4 30K 4
umtx 240 30K 240
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
BPF 10 18K 10
DEVFS_RULE 56 20K 56
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
proc 3 17K 3
ithread 97 16K 97
bus-sc 34 15K 1687
eventhandler 162 14K 162
kenv 95 12K 95
bus-sc 34 15K 1687
eventhandler 162 14K 162
ifaddr 30 12K 32
GEOM 61 11K 481
routetbl 50 11K 176
rman 86 11K 451
CAM queue 5 11K 1528
bmsafemap 3 9K 42
CAM queue 5 11K 1528
rpc 4 9K 4
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 1
devstat 4 9K 4
UART 12 9K 12
shmfd 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 238 8K 300
pfs_vncache 1 8K 1
taskqueue 63 7K 63
sglist 6 7K 6
CAM DEV 3 6K 510
cred 23 6K 274
CAM DEV 3 6K 510
pfs_nodes 22 6K 22
hhook 16 6K 18
ufs_dirhash 24 5K 24
UMA 267 5K 267
hhook 16 6K 18
ufs_dirhash 24 5K 24
dirrem 17 5K 28
plimit 17 5K 322
ifnet 3 5K 3
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
filedesc 1 4K 1
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
acpisem 28 4K 28
diradd 26 4K 37
ether_multi 40 4K 50
lltable 11 4K 11
pf_ifnet 5 3K 6
in6_multi 25 3K 25
terminal 11 3K 11
session 20 3K 31
kqueue 40 3K 776
pwddesc 40 3K 774
clone 9 3K 9
uidinfo 3 3K 8
proc-args 62 3K 1696
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
Unitno 27 2K 41
io_apic 1 2K 1
ipsec-saq 2 2K 2
CAM XPT 22 2K 543
lockf 15 2K 22
msi 12 2K 12
toponodes 6 2K 6
selfd 22 2K 13044
ipsecpolicy 2 2K 2
acpidev 20 2K 20
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
vnodemarker 2 1K 8
secasvar 1 1K 1
NFSD session 1 1K 1
select 7 1K 29
CAM periph 4 1K 271
ipsec 3 1K 3
indirdep 3 1K 3
CC Mem 3 1K 7
nhops 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
sctp_ifa 5 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
crypto 4 1K 4
ip6ndp 4 1K 5
encap_export_host 12 1K 12
newdirblk 4 1K 8
mkdir 4 1K 16
netlink 2 1K 12
in_multi 2 1K 4
cdev 2 1K 2
lkpikmalloc 8 1K 9
osd 8 1K 20
lkpikmalloc 8 1K 9
chacha20random 1 1K 1
biobuf 1 1K 1
inpcbpolicy 10 1K 139
biobuf 1 1K 1
soname 7 1K 3332
sctp_ifn 2 1K 6
mld 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFSP 4 1K 9
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
tcpfunc 3 1K 3
CAM SIM 2 1K 2
feeder 7 1K 7
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
freefrag 1 1K 2
apmdev 1 1K 1
atkbddev 2 1K 2
procdesc 1 1K 6
pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
filecaps 4 1K 66
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
vnet 1 1K 1
entropy 2 1K 35
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
freework 1 1K 26
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
tcp_pcm_rack 0 0K 0
pf_temp 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
filemon 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
esp 0 0K 0
ah 0 0K 0
mqdata 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_mcore 0 0K 0
sctp_iter 0 0K 4
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 4
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefile 0 0K 9
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 25
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
LRO 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
tun 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
statfs 0 0K 195
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 5
aio 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
mbuf_tag 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
iov 0 0K 13647
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 86
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
stack 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 649
compressor 0 0K 0
SWAP 0 0K 0
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
kcovinfo 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
mbuf 256 8577 1085 18761 0 254 2473472 0
BUF TRIE 144 224 11564 594 0 62 1697472 0
malloc-384 384 4200 30 4213 0 30 1624320 0
malloc-4096 4096 372 4 1822 0 2 1540096 0
malloc-128 128 11444 150 11505 0 126 1484032 0
UMA Slabs 0 112 10712 10 10712 0 126 1200864 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
malloc-65536 65536 15 0 18 0 1 983040 0
vmem btag 56 15441 150 15441 0 254 873096 0
FFS inode 1168 516 23 525 0 8 629552 0
RADIX NODE 144 3436 227 24220 0 62 527472 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0
socket 960 21 487 1319 0 254 487680 0
pbuf 2624 0 198 0 0 2 519552 0
256 Bucket 2048 118 18 978 0 8 278528 0
VNODE 448 546 57 557 0 30 270144 0
VM OBJECT 264 940 80 14137 0 30 269280 0
malloc-2048 2048 9 119 1074 0 8 262144 0
malloc-64 64 3803 292 3815 0 254 262080 0
malloc-256 256 865 65 898 0 62 238080 0
malloc-16 16 14403 97 14500 0 254 232000 0
malloc-2048 2048 105 7 106 0 8 229376 0
DEVCTL 1024 0 220 123 0 0 225280 0
THREAD 1824 116 4 116 0 8 218880 0
malloc-128 128 1285 234 28869 0 126 194432 0
UMA Zones 768 239 0 239 0 16 183552 0
lkpimm 56 1 3095 1 0 254 173376 0
malloc-32 32 5279 139 5310 0 254 173376 0
malloc-1024 1024 133 27 161 0 16 163840 0
FFS2 dinode 256 516 54 525 0 62 145920 0
malloc-65536 65536 0 2 54 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
unpcb 256 10 500 1163 0 254 130560 0
mbuf_packet 256 0 508 117 0 254 130048 0
S VFS Cache 104 983 187 1023 0 126 121680 0
MAP ENTRY 96 893 367 40285 0 126 120960 0
FPU_save_area 832 118 26 130 0 16 119808 0
ksiginfo 112 39 1005 54 0 126 116928 0
malloc-256 256 327 108 986 0 62 111360 0
malloc-128 128 601 174 1559 0 126 99200 0
malloc-32768 32768 3 0 3 0 1 98304 0
UMA Kegs 384 226 7 226 0 30 89472 0
g_bio 408 4 206 4792 0 30 85680 0
PROC 1376 39 16 773 0 8 75680 0
malloc-8192 8192 8 1 10 0 1 73728 0
malloc-4096 4096 16 2 30 0 2 73728 0
128 Bucket 1024 41 26 240 0 16 68608 0
malloc-64 64 631 440 15008 0 254 68544 0
malloc-128 128 299 228 321 0 126 67456 0
malloc-128 128 293 234 430 0 126 67456 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 1 1 12 0 1 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-32768 32768 0 2 120 0 1 65536 0
malloc-16384 16384 4 0 5 0 1 65536 0
malloc-32768 32768 0 2 120 0 1 65536 0
64 Bucket 512 67 37 1037 0 30 53248 0
filedesc0 1072 40 9 774 0 8 52528 0
malloc-64 64 308 511 1854 0 254 52416 0
malloc-64 64 467 352 895 0 254 52416 0
malloc-256 256 64 131 732 0 62 49920 0
malloc-256 256 74 121 197 0 62 49920 0
32 Bucket 256 55 140 1117 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
NAMEI 1024 0 48 12094 0 16 49152 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-1024 1024 10 38 1375 0 16 49152 0
syncache 168 0 264 5 0 254 44352 0
malloc-8192 8192 3 2 29 0 1 40960 0
malloc-4096 4096 9 1 18 0 2 40960 0
da_ccb 544 1 69 1336 0 16 38080 0
udp_inpcb 416 6 84 128 0 30 37440 0
pcpu-8 8 4281 327 4309 0 254 36864 0
malloc-64 64 34 533 13080 0 254 36288 0
malloc-64 64 53 514 620 0 254 36288 0
malloc-64 64 54 513 799 0 254 36288 0
malloc-64 64 25 542 29 0 254 36288 0
malloc-128 128 5 274 6 0 126 35712 0
malloc-128 128 39 240 3305 0 126 35712 0
malloc-128 128 67 212 72 0 126 35712 0
routing nhops 256 10 125 17 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 62 28 86 0 30 34560 0
malloc-384 384 57 33 400 0 30 34560 0
malloc-256 256 42 93 166 0 62 34560 0
malloc-256 256 7 128 108 0 62 34560 0
malloc-256 256 8 127 414 0 62 34560 0
malloc-256 256 66 69 626 0 62 34560 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-16384 16384 0 2 160 0 1 32768 0
malloc-2048 2048 4 12 16 0 8 32768 0
malloc-2048 2048 7 9 23 0 8 32768 0
malloc-2048 2048 0 16 40 0 8 32768 0
malloc-2048 2048 3 13 194 0 8 32768 0
malloc-1024 1024 2 30 42 0 16 32768 0
malloc-1024 1024 5 27 9 0 16 32768 0
malloc-1024 1024 10 22 175 0 16 32768 0
malloc-512 512 9 55 127 0 30 32768 0
malloc-512 512 2 62 22 0 30 32768 0
malloc-512 512 4 60 55 0 30 32768 0
pcpu-64 64 488 24 488 0 254 32768 0
ttyinq 160 135 65 300 0 62 32000 0
PGRP 120 20 244 31 0 126 31680 0
clpbuf 2624 0 12 30 0 4 31488 0
VMSPACE 616 23 25 758 0 16 29568 0
sctp_laddr 48 0 588 4 0 254 28224 0
malloc-32 32 269 613 3280 0 254 28224 0
16 Bucket 144 44 152 253 0 62 28224 0
4 Bucket 48 7 581 10 0 254 28224 0
TURNSTILE 136 121 68 121 0 62 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 1 2 102 0 1 24576 0
malloc-8192 8192 1 2 20 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-4096 4096 2 4 197 0 2 24576 0
ertt_txseginfo 40 0 606 303 0 254 24240 0
rl_entry 40 31 575 31 0 254 24240 0
PWD 40 10 596 99 0 254 24240 0
rtentry 168 13 131 17 0 62 24192 0
pipe 728 7 26 282 0 16 24024 0
Files 80 73 227 6517 0 126 24000 0
8 Bucket 80 49 251 250 0 126 24000 0
tcp_inpcb 1304 3 15 7 0 8 23472 0
ripcb 384 1 59 4 0 30 23040 0
malloc-384 384 11 49 11 0 30 23040 0
malloc-384 384 1 59 3 0 30 23040 0
malloc-384 384 1 59 20 0 30 23040 0
malloc-384 384 9 51 12 0 30 23040 0
Mountpoints 2816 2 6 2 0 4 22528 0
SLEEPQUEUE 88 121 135 121 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
udp_inpcb ports 32 3 627 40 0 254 20160 0
ertt 72 3 277 7 0 126 20160 0
malloc-32 32 82 548 84 0 254 20160 0
malloc-32 32 102 528 1682 0 254 20160 0
malloc-32 32 69 561 179 0 254 20160 0
malloc-32 32 16 614 186 0 254 20160 0
malloc-32 32 59 571 951 0 254 20160 0
malloc-32 32 29 601 50 0 254 20160 0
2 Bucket 32 46 584 302 0 254 20160 0
KNOTE 160 0 125 8 0 62 20000 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 3 1 3 0 2 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-1024 1024 1 15 4 0 16 16384 0
malloc-1024 1024 8 8 8 0 16 16384 0
malloc-512 512 4 28 14 0 30 16384 0
malloc-512 512 1 31 1 0 30 16384 0
SMR CPU 32 7 504 7 0 254 16352 0
kenv 258 17 43 1069 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
vmem 1856 1 7 1 0 8 14848 0
SMR SHARED 24 7 504 7 0 254 12264 0
tcp_inpcb ports 32 1 377 1 0 254 12096 0
malloc-16 16 28 722 67 0 254 12000 0
malloc-16 16 292 458 457 0 254 12000 0
malloc-16 16 34 716 76 0 254 12000 0
malloc-16 16 4 746 94 0 254 12000 0
malloc-16 16 209 541 4340 0 254 12000 0
malloc-16 16 24 726 27774 0 254 12000 0
malloc-16 16 16 734 17 0 254 12000 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 1 0 2 8192 0
pcpu-16 16 8 504 8 0 254 8192 0
vtnet_tx_hdr 24 0 334 2045 0 254 8016 0
UMA Slabs 1 176 8 14 8 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 360 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_rack_pcb 1216 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_raddr 736 0 0 0 0 254 0 0
sctp_asoc 2256 0 0 0 0 254 0 0
sctp_ep 1144 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb ports 32 0 0 0 0 254 0 0
udplite_inpcb 416 0 0 0 0 30 0 0
ripcb ports 32 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 232 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
cryptop 280 0 0 0 0 30 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 144 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 104 0 0 0 0 126 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-2048 2048 0 0 0 0 8 0 0
malloc-1024 1024 0 0 0 0 16 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-384 384 0 0 0 0 30 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages