panic: Assertion owner->td_proc->p_magic == P_MAGIC failed at /syzkaller/managers/main/kernel/sys/kern/subr_turnstile.c:

0 views

Skip to first unread message

syzbot

unread,

Oct 27, 2020, 12:18:15 AM10/27/20

to syzkaller-f...@googlegroups.com

Hello,

syzbot found the following issue on:

HEAD commit: a395d120 riscv: make use of SBI legacy replacement extensi..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=110f4fd8500000
dashboard link: https://syzkaller.appspot.com/bug?extid=c8aa122fa2c6a4e2a28b

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c8aa12...@syzkaller.appspotmail.com

panic: Assertion owner->td_proc->p_magic == P_MAGIC failed at /syzkaller/managers/main/kernel/sys/kern/subr_turnstile.c:749
cpuid = 0
time = 233
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0003636030
vpanic() at vpanic+0x1c7/frame 0xfffffe0003636090
panic() at panic+0x43/frame 0xfffffe00036360f0
turnstile_wait() at turnstile_wait+0x4e6/frame 0xfffffe0003636150
__mtx_lock_sleep() at __mtx_lock_sleep+0x334/frame 0xfffffe00036361e0
__mtx_lock_flags() at __mtx_lock_flags+0x150/frame 0xfffffe0003636240
socantrcvmore() at socantrcvmore+0x2c/frame 0xfffffe0003636260
sctp_notify_assoc_change() at sctp_notify_assoc_change+0x5b8/frame 0xfffffe00036362d0
sctp_process_control() at sctp_process_control+0x8a2f/frame 0xfffffe0003636750
sctp_common_input_processing() at sctp_common_input_processing+0x7db/frame 0xfffffe00036368e0
sctp_input_with_port() at sctp_input_with_port+0x308/frame 0xfffffe00036369d0
sctp_input() at sctp_input+0x1f/frame 0xfffffe00036369f0
ip_input() at ip_input+0x388/frame 0xfffffe0003636a90
swi_net() at swi_net+0x20d/frame 0xfffffe0003636b10
ithread_loop() at ithread_loop+0x33f/frame 0xfffffe0003636bb0
fork_exit() at fork_exit+0xb3/frame 0xfffffe0003636bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0003636bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100020 ]
Stopped at kdb_enter+0x67: movq $0,0x14766e6(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xffffffff810e9210 vprintf+0x140
rdx 0x1
rbx 0
rsp 0xfffffe0003636010
rbp 0xfffffe0003636030
rsi 0
rdi 0xffffffff810e9246 vprintf+0x176
r8 0
r9 0xffffffff
r10 0xfffffe00036367dc
r11 0xbf
r12 0xffffffff82066b10 ddb_dbbe
r13 0
r14 0xffffffff8196bc1d
r15 0xffffffff8196bc1d
rip 0xffffffff810dd797 kdb_enter+0x67
rflags 0x82
kdb_enter+0x67: movq $0,0x14766e6(%rip)
db> show proc
Process 12 (intr) at 0xfffff800042a1a40:
state: NORMAL
uid: 0 gids: 0
parent: pid 0 at 0xffffffff82506ad0
ABI: null
reaper: 0xffffffff82506ad0 reapsubtree: 12
sigparent: 20
vmspace: 0xffffffff82507720
(map 0xffffffff82507720)
(map.pmap 0xffffffff825077e0)
(pmap 0xffffffff82507840)
threads: 23
100011 I [swi6: Giant taskq]
100013 I [swi5: fast taskq]
100017 I [swi6: task queue]
100020 Run CPU 0 [swi1: netisr 0]
100021 I [swi4: clock (0)]
100022 I [swi4: clock (1)]
100023 I [swi3: vm]
100035 I [irq24: virtio_pci0]
100036 I [irq25: virtio_pci0]
100037 I [irq26: virtio_pci0]
100038 I [irq27: virtio_pci0]
100039 I [irq28: virtio_pci1]
100040 I [irq29: virtio_pci1]
100041 I [irq30: virtio_pci1]
100042 I [irq31: virtio_pci1]
100043 I [irq32: virtio_pci1]
100048 I [irq10: virtio_pci2]
100050 I [irq1: atkbd0]
100051 I [irq12: psm0]
100052 I [swi0: uart uart++]
100060 I [swi1: pf send]
100073 I [swi1: hpts]
100074 I [swi1: hpts]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
5765 772 772 0 R (threaded) syz-executor.2
100405 Run CPU 1 syz-executor.2
100911 S uwait 0xfffff80031525200 syz-executor.2
100913 RunQ syz-executor.2
5763 765 765 0 S (threaded) syz-executor.1
101184 S nanslp 0xffffffff825275c1 syz-executor.1
100874 S sbwait 0xfffff800319afd14 syz-executor.1
100901 S sbwait 0xfffff8003179ed14 syz-executor.1
100926 S uwait 0xfffff80031092880 syz-executor.1
100941 S uwait 0xfffff80031904400 syz-executor.1
100948 S uwait 0xfffff80031904b00 syz-executor.1
5762 764 764 0 S (threaded) syz-executor.0
101180 S nanslp 0xffffffff825275c1 syz-executor.0
100912 S sbwait 0xfffff80031bda594 syz-executor.0
100936 S connec 0xfffff800318e5870 syz-executor.0
100937 S uwait 0xfffff80031904f00 syz-executor.0
100938 S uwait 0xfffff80031949880 syz-executor.0
2572 1 2572 65 Ss select 0xfffff80031a71840 dhclient
2015 1 2015 0 Ss select 0xfffff8003154f940 dhclient
2012 1 2012 0 Ss select 0xfffff8003195f4c0 dhclient
1992 1 1992 65 Ss select 0xfffff800319838c0 dhclient
1684 1 1684 0 Ss select 0xfffff8003198ddc0 dhclient
1681 1 1681 0 Ss select 0xfffff800046f9140 dhclient
1660 1 1660 65 Ss select 0xfffff8003195fc40 dhclient
1356 1 1356 0 Ss select 0xfffff80031a42940 dhclient
1353 1 1353 0 Ss select 0xfffff80031a711c0 dhclient
1333 1 1333 65 Ss select 0xfffff800311617c0 dhclient
1026 1 1026 0 Ss select 0xfffff80004aa2340 dhclient
1023 1 1023 0 Ss select 0xfffff80031679a40 dhclient
776 762 776 0 Ss piperd 0xfffff800316252f8 syz-executor.3
772 762 772 0 Rs syz-executor.2
765 762 765 0 Ss nanslp 0xffffffff825275c1 syz-executor.1
764 762 764 0 Ss nanslp 0xffffffff825275c0 syz-executor.0
762 760 760 0 S (threaded) syz-fuzzer
100103 S uwait 0xfffff80031092b80 syz-fuzzer
100105 S uwait 0xfffff80031092d80 syz-fuzzer
100106 S uwait 0xfffff80031092e80 syz-fuzzer
100107 S uwait 0xfffff80004937000 syz-fuzzer
100108 S uwait 0xfffff80031092780 syz-fuzzer
100109 S uwait 0xfffff80031525b80 syz-fuzzer
100110 S uwait 0xfffff80031525c80 syz-fuzzer
100112 S kqread 0xfffff80004ab7600 syz-fuzzer
100116 S uwait 0xfffff80031525a80 syz-fuzzer
760 758 760 0 Ss pause 0xfffff8003116f0a8 csh
758 682 758 0 Ss select 0xfffff800046f9040 sshd
742 1 742 0 Ss+ ttyin 0xfffff8000470a4b0 getty
741 1 741 0 Ss+ ttyin 0xfffff80004a0a0b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80004a0a4b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80004a0a8b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80004a0acb0 getty
737 1 737 0 Ss+ ttyin 0xfffff80004a040b0 getty
736 1 736 0 Ss+ ttyin 0xfffff80004a044b0 getty
735 1 735 0 Ss+ ttyin 0xfffff80004a048b0 getty
734 1 734 0 Ss+ ttyin 0xfffff80004a04cb0 getty
686 1 686 0 Ss nanslp 0xffffffff825275c1 cron
682 1 682 0 Ss select 0xfffff80004aa24c0 sshd
495 1 495 0 Ss select 0xfffff800046f9840 syslogd
424 1 424 0 Ss select 0xfffff800046f9540 devd
423 1 423 65 Ss select 0xfffff80004aa2540 dhclient
338 1 338 0 Ss select 0xfffff800046f95c0 dhclient
335 1 335 0 Ss select 0xfffff80004aa22c0 dhclient
23 0 0 0 DL syncer 0xffffffff82614978 [syncer]
22 0 0 0 DL vlruwt 0xfffff80004a27520 [vnlru]
21 0 0 0 DL (threaded) [bufdaemon]
100070 D qsleep 0xffffffff82613a50 [bufdaemon]
100075 D - 0xffffffff8200ac00 [bufspacedaemon-0]
100088 D sdflush 0xfffff800049874e8 [/ worker]
20 0 0 0 DL psleep 0xffffffff8263af08 [vmdaemon]
19 0 0 0 DL (threaded) [pagedaemon]
100068 D psleep 0xffffffff8262f378 [dom0]
100076 D launds 0xffffffff8262f384 [laundry: dom0]
100077 D umarcl 0xffffffff814e49f0 [uma]
18 0 0 0 DL - 0xffffffff8235b108 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff82e141d8 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff82b5a390 [pf purge]
15 0 0 0 DL - 0xffffffff8261302c [soaiod4]
9 0 0 0 DL - 0xffffffff8261302c [soaiod3]
8 0 0 0 DL - 0xffffffff8261302c [soaiod2]
7 0 0 0 DL - 0xffffffff8261302c [soaiod1]
6 0 0 0 DL (threaded) [cam]
100034 D - 0xffffffff82232e40 [doneq0]
100067 D - 0xffffffff82232d10 [scanner]
5 0 0 0 DL crypto_ 0xfffff80004326d90 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff80004326d30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff8262c870 [crypto]
14 0 0 0 DL seqstat 0xfffff800042ff888 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100025 D - 0xffffffff82506530 [g_event]
100026 D - 0xffffffff82506538 [g_up]
100027 D - 0xffffffff82506540 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100018 D - 0xfffff8000429a800 [thr_0]
100019 D - 0xfffff8000429a880 [thr_1]
12 0 0 0 RL (threaded) [intr]
100011 I [swi6: Giant taskq]
100013 I [swi5: fast taskq]
100017 I [swi6: task queue]
100020 Run CPU 0 [swi1: netisr 0]
100021 I [swi4: clock (0)]
100022 I [swi4: clock (1)]
100023 I [swi3: vm]
100035 I [irq24: virtio_pci0]
100036 I [irq25: virtio_pci0]
100037 I [irq26: virtio_pci0]
100038 I [irq27: virtio_pci0]
100039 I [irq28: virtio_pci1]
100040 I [irq29: virtio_pci1]
100041 I [irq30: virtio_pci1]
100042 I [irq31: virtio_pci1]
100043 I [irq32: virtio_pci1]
100048 I [irq10: virtio_pci2]
100050 I [irq1: atkbd0]
100051 I [irq12: psm0]
100052 I [swi0: uart uart++]
100060 I [swi1: pf send]
100073 I [swi1: hpts]
100074 I [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff80004284520 [init]
10 0 0 0 DL audit_w 0xffffffff8262cd90 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff82506ad0 [swapper]
100005 D - 0xfffff8000429ad00 [if_io_tqg_0]
100006 D - 0xfffff8000429ac00 [if_io_tqg_1]
100007 D - 0xfffff8000429ab00 [if_config_tqg_0]
100008 D - 0xfffff8000429aa00 [softirq_0]
100009 D - 0xfffff8000429a900 [softirq_1]
100010 D - 0xfffff80004087e00 [inm_free taskq]
100012 D - 0xfffff80004087a00 [thread taskq]
100014 D - 0xfffff80004087800 [kqueue_ctx taskq]
100015 D - 0xfffff80004087700 [in6m_free taskq]
100016 D - 0xfffff80004087600 [aiod_kick taskq]
100024 D - 0xfffff80004087400 [firmware taskq]
100029 D - 0xfffff80004087300 [crypto_0]
100030 D - 0xfffff80004087300 [crypto_1]
100044 D - 0xfffff80004087100 [vtnet0 rxq 0]
100045 D - 0xfffff80004087000 [vtnet0 txq 0]
100046 D - 0xfffff800046f2e00 [vtnet0 rxq 1]
100047 D - 0xfffff800046f2d00 [vtnet0 txq 1]
100049 D vtbslp 0xfffff800046f9e80 [virtio_balloon]
100053 D - 0xfffff800046f2c00 [mca taskq]
100058 D - 0xffffffff81d138f0 [deadlkres]
100062 D - 0xfffff800046f2800 [acpi_task_0]
100063 D - 0xfffff800046f2800 [acpi_task_1]
100064 D - 0xfffff800046f2800 [acpi_task_2]
100066 D - 0xfffff80004087200 [CAM taskq]
db> show all locks
Process 12 (intr) thread 0xfffffe00048b2a00 (100020)
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe002ac1e1a0) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:2143
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4214 4854K 4242
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 28902 1686K 28966
kobj 336 1344K 496
newblk 9 1026K 7027
vfscache 3 1025K 3
pcb 58 571K 10769
inodedep 109 566K 4978
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 141 288K 5845
acpica 1674 185K 52444
vnet_data 1 168K 1
filedesc 19 133K 9629
pagedep 9 130K 4824
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 254 99K 294
BPF 46 88K 46
bus 979 79K 3032
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 507 64K 507
umtx 360 45K 360
kdtrace 198 38K 32239
temp 35 33K 2283
hostcache 1 32K 1
shm 1 32K 11
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
ifaddr 76 26K 76
gtaskqueue 18 26K 18
dirrem 99 25K 4857
vmem 3 22K 5
kbdmux 6 22K 6
ufs_mount 5 17K 6
lltable 45 17K 71
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 99 16K 99
ether_multi 172 14K 182
bus-sc 30 14K 1413
KTRACE 100 13K 100
freefile 99 13K 4849
ifnet 7 13K 7
kenv 92 12K 92
eventhandler 132 12K 132
sctp_atcl 22 11K 6949
in6_multi 89 11K 89
pfs_nodes 20 10K 20
GEOM 60 10K 489
rman 82 10K 423
sctp_timw 37 10K 37
bmsafemap 2 9K 4936
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 30
pfs_vncache 1 8K 1
audit_evclass 233 8K 291
select 52 7K 52
cred 25 7K 290
kqueue 64 7K 5772
sctp_stro 6 6K 2157
CAM DEV 3 6K 510
plimit 24 6K 417
vt 11 6K 11
lockf 48 6K 108
sglist 5 6K 5
CAM queue 5 6K 1528
taskqueue 48 6K 48
DEVFSP 78 5K 82
ufs_dirhash 24 5K 24
session 35 5K 49
pgrp 35 5K 53
pf_ifnet 10 5K 19
UMA 251 5K 251
memdesc 1 4K 1
MCA 32 4K 32
kcovinfo 64 4K 68
evdev 4 4K 4
routetbl 24 4K 24
hhook 13 4K 13
proc-args 52 3K 652
terminal 11 3K 11
acpisem 22 3K 22
uidinfo 3 3K 26
sctp_ifa 17 3K 19
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 21
Unitno 33 2K 39266
CAM XPT 22 2K 543
in_multi 6 2K 8
ipsecpolicy 2 2K 2
acpidev 20 2K 20
msi 9 2K 9
freework 5 2K 4849
clone 9 2K 9
tun 7 2K 7
sctp_atky 28 2K 9049
softdep 1 1K 1
mkdir 8 1K 9604
freeblks 4 1K 4824
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 112
NFSD session 1 1K 1
CAM periph 4 1K 271
sctp_ifn 6 1K 19
ipsec 3 1K 3
inpcbpolicy 24 1K 21208
mld 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
encap_export_host 12 1K 12
crypto 3 1K 3
newdirblk 4 1K 4802
diradd 4 1K 4896
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
cdev 2 1K 2
sctp_athm 22 1K 6953
osd 3 1K 9
vnodes 1 1K 4
ktls 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
sctp_map 12 1K 4314
loginclass 3 1K 6
prison 6 1K 6
soname 6 1K 8674
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
tcpfunc 2 1K 2
pmchooks 1 1K 1
nexusdev 5 1K 5
filecaps 5 1K 116
sctp_vrf 1 1K 1
entropy 2 1K 43
vnet 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
iov 1 1K 25163
p1003.1b 1 1K 1
sctp_mcore 0 0K 0
sctp_socko 0 0K 2458
sctp_iter 0 0K 8
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 8
sctp_aadr 0 0K 1
sctp_stri 0 0K 175
pf_table 0 0K 0
pf_rule 0 0K 2
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
madt_table 0 0K 2
scsi_pass 0 0K 0
ciss_data 0 0K 0
smartpqi 0 0K 0
pvscsi 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
iavf 0 0K 0
ixl 0 0K 0
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
agp 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
nvme_da 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
twa_commands 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
vm_fictitious 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
CAM CCB 0 0K 3822
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 3885
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 55
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 8
allocindir 0 0K 0
indirdep 0 0K 63
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 32
ip6_msource 0 0K 0
ip6_moptions 0 0K 2
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
PUC 0 0K 0
LRO 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 6
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 2
ppbusdev 0 0K 0
statfs 0 0K 4988
export_host 0 0K 0
cl_savebuf 0 0K 3
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 135
accf 0 0K 0
pts 0 0K 0
ioctlops 0 0K 309
Witness 0 0K 0
stack 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
sbuf 0 0K 288
mps 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
mpr_user 0 0K 0
SWAP 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
sysctltmp 0 0K 703
sysctl 0 0K 1
mfibuf 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 2
rctl 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
cache 0 0K 0
ix_sriov 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 5
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
aacbuf 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
zstd 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_cluster 2048 9728 2 9728 0 254 19927040 0
mbuf_packet 256 8220 1380 956676 0 254 2457600 0
512 512 4149 19 4604 0 30 2134016 0
RADIX NODE 144 14003 190 208157 0 62 2043792 0
BUF TRIE 144 310 13158 2506 0 62 1939392 0
4096 4096 336 2 496 0 2 1384448 0
128 128 9467 81 23975 0 126 1222144 0
pbuf 832 0 953 0 0 2 792896 0
UMA Slabs 0 112 6475 2 6475 0 126 725424 0
VM OBJECT 264 1304 76 98609 0 30 364320 0
256 256 402 1008 52456 0 62 360960 0
65536 65536 4 1 114 0 1 327680 0
socket 960 57 279 27051 0 254 322560 0
THREAD 1792 152 28 20785 0 8 322560 0
VNODE 496 557 75 5412 0 30 313472 0
256 Bucket 2048 133 15 8016 0 8 303104 0
4096 4096 64 6 5768 0 2 286720 0
mbuf 256 520 530 492765 0 254 268800 0
mbuf_jumbo_page 4096 2 62 294 0 254 262144 0
16384 16384 11 5 4952 0 1 262144 0
2048 2048 2 120 3824 0 8 249856 0
DEVCTL 1024 0 208 125 0 0 212992 0
64 64 2959 128 8718 0 254 197568 0
32768 32768 1 5 41 0 1 196608 0
16 16 12098 152 12428 0 254 196000 0
g_bio 408 0 470 12942 0 30 191760 0
MAP ENTRY 96 1640 334 339035 0 126 189504 0
UMA Zones 768 226 1 226 0 16 174336 0
32 32 4730 310 26750 0 254 161280 0
512 512 120 192 5067 0 30 159744 0
128 128 1207 33 24484 0 126 158720 0
sctp_asoc 2288 6 59 2157 0 254 148720 0
FFS2 dinode 256 520 20 5373 0 62 138240 0
S VFS Cache 104 1009 317 6007 0 126 137904 0
1024 1024 120 12 314 0 16 135168 0
65536 65536 1 1 9 0 1 131072 0
65536 65536 2 0 2 0 1 131072 0
65536 65536 0 2 459 0 1 131072 0
VMSPACE 2536 39 12 5744 0 4 129336 0
ksiginfo 112 63 981 1395 0 126 116928 0
FFS inode 160 520 155 5373 0 62 108000 0
128 128 555 282 10273 0 126 107136 0
udplite_inpcb 488 10 206 18347 0 254 105408 0
vmem btag 56 1814 46 1814 0 254 104160 0
PROC 1312 61 17 5765 0 8 102336 0
filedesc0 1080 62 22 5766 0 8 90720 0
4096 4096 21 1 483 0 2 90112 0
4096 4096 22 0 22 0 2 90112 0
sctp_raddr 736 6 115 3022 0 254 89056 0
sctp_ep 1280 16 50 4532 0 254 84480 0
256 256 137 193 5688 0 62 84480 0
UMA Kegs 384 212 4 212 0 30 82944 0
512 512 104 56 7206 0 30 81920 0
128 128 520 69 4351 0 126 75392 0
8192 8192 9 0 9 0 1 73728 0
128 Bucket 1024 53 18 1654 0 16 72704 0
2048 2048 19 15 4727 0 8 69632 0
tcpcb 1040 7 59 2377 0 254 68640 0
65536 65536 1 0 1 0 1 65536 0
65536 65536 1 0 1 0 1 65536 0
512 512 104 16 214 0 30 61440 0
64 Bucket 512 75 45 7781 0 30 61440 0
128 128 443 22 1148 0 126 59520 0
clpbuf 832 0 64 557 0 16 53248 0
64 64 697 122 6657 0 254 52416 0
8192 8192 2 4 119 0 1 49152 0
2048 2048 4 20 511 0 8 49152 0
1024 1024 13 35 2159 0 16 49152 0
64 64 537 219 5534 0 254 48384 0
32 Bucket 256 55 125 1731 0 62 46080 0
8192 8192 4 1 6 0 1 40960 0
Files 80 251 249 39734 0 126 40000 0
pipe 760 23 27 509 0 16 38000 0
DIRHASH 1024 34 2 34 0 16 36864 0
NAMEI 1024 0 36 33894 0 16 36864 0
64 pcpu 8 4242 366 4252 0 254 36864 0
32768 32768 1 0 1 0 1 32768 0
32768 32768 0 1 112 0 1 32768 0
32768 32768 1 0 1 0 1 32768 0
16384 16384 2 0 5 0 1 32768 0
1024 1024 26 6 35 0 16 32768 0
tcp_inpcb 488 7 57 2377 0 254 31232 0
256 256 96 24 839 0 62 30720 0
256 256 63 57 4589 0 62 30720 0
tcp_bbr_pcb 832 0 36 404 0 16 29952 0
4096 4096 7 0 10 0 2 28672 0
2048 2048 10 4 62 0 8 28672 0
mt_stats_zone 64 446 2 446 0 254 28672 0
TURNSTILE 136 181 29 181 0 62 28560 0
KNOTE 160 28 147 107942 0 62 28000 0
8 Bucket 80 64 286 38752 0 126 28000 0
8192 8192 1 2 10 0 1 24576 0
8192 8192 3 0 3 0 1 24576 0
ttyinq 160 135 15 300 0 62 24000 0
128 128 178 8 673 0 126 23808 0
128 128 155 31 409 0 126 23808 0
ttyoutq 256 72 18 160 0 62 23040 0
256 256 15 75 2129 0 62 23040 0
Mountpoints 2816 2 6 2 0 4 22528 0
2048 2048 7 3 9 0 8 20480 0
PWD 32 21 609 4892 0 254 20160 0
64 64 226 89 271 0 254 20160 0
16 Bucket 144 57 83 9828 0 62 20160 0
sctp_chunk 152 4 126 958 0 254 19760 0
SLEEPQUEUE 88 181 11 181 0 126 16896 0
16384 16384 0 1 4 0 1 16384 0
16384 16384 1 0 1 0 1 16384 0
16384 16384 1 0 1 0 1 16384 0
4096 4096 2 2 5011 0 2 16384 0
2048 2048 2 6 15 0 8 16384 0
32 32 346 158 5909 0 254 16128 0
vtnet_tx_hdr 24 0 668 472345 0 254 16032 0
udp_inpcb 488 2 30 332 0 254 15616 0
unpcb 256 20 40 1273 0 254 15360 0
256 256 50 10 57 0 62 15360 0
256 256 25 35 6025 0 62 15360 0
2048 2048 3 3 11 0 8 12288 0
2048 2048 0 6 375 0 8 12288 0
1024 1024 8 4 23 0 16 12288 0
1024 1024 3 9 1216 0 16 12288 0
512 512 14 10 523 0 30 12288 0
selfd 64 101 88 39266 0 254 12096 0
sctp_laddr 48 0 252 6373 0 254 12096 0
udpcb 32 10 368 18679 0 254 12096 0
64 64 8 181 19331 0 254 12096 0
32 32 149 229 39535 0 254 12096 0
4 Bucket 48 8 244 5975 0 254 12096 0
2 Bucket 32 67 311 16890 0 254 12096 0
mt_zone 24 446 55 446 0 254 12024 0
16 16 466 284 1567 0 254 12000 0
ripcb 488 5 19 152 0 254 11712 0
8192 8192 1 0 1 0 1 8192 0
4096 4096 0 2 5 0 2 8192 0
4096 4096 1 1 4 0 2 8192 0
1024 1024 1 7 7 0 16 8192 0
1024 1024 0 8 32 0 16 8192 0
512 512 0 16 5 0 30 8192 0
512 512 10 6 11 0 30 8192 0
pf tags 104 0 78 4 0 126 8112 0
rtentry 176 35 11 39 0 62 8096 0
rl_entry 40 52 150 52 0 254 8080 0
sctp_stream_msg_out 112 2 70 155 0 254 8064 0
64 64 2 124 4 0 254 8064 0
64 64 27 99 357 0 254 8064 0
64 64 10 116 40 0 254 8064 0
32 32 9 243 992 0 254 8064 0
32 32 52 200 55 0 254 8064 0
32 32 55 197 9463 0 254 8064 0
32 32 32 220 192 0 254 8064 0
32 32 5 247 1176 0 254 8064 0
rentr 24 0 334 48 0 254 8016 0
16 16 10 490 7575 0 254 8000 0
16 16 33 467 185 0 254 8000 0
16 16 5 495 6 0 254 8000 0
16 16 46 454 30649 0 254 8000 0
16 16 1 499 6 0 254 8000 0
16 16 39 461 5649 0 254 8000 0
tcp_bbr_map 128 0 62 488 0 126 7936 0
128 128 0 62 88 0 126 7936 0
sctp_readq 152 0 52 88 0 254 7904 0
procdesc 136 5 53 18 0 62 7888 0
KMAP ENTRY 96 12 69 12 0 126 7776 0
kenv 258 3 27 1012 0 30 7740 0
routing nhops 256 28 2 39 0 62 7680 0
256 256 4 26 21 0 62 7680 0
FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 7 55 7 0 126 6448 0
epoch_record pcpu 256 4 12 4 0 62 4096 0
1024 1024 1 3 1 0 16 4096 0
512 512 1 7 1 0 30 4096 0
sctp_asconf_ack 48 0 84 1 0 254 4032 0
hostcache 96 1 41 1 0 254 4032 0
syncache 168 0 24 4 0 254 4032 0
VNODEPOLL 120 0 33 1 0 126 3960 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
vmem 1856 1 1 1 0 8 3712 0
int pcpu 4 34 478 34 0 254 2048 0
SMR CPU 32 2 29 2 0 254 992 0
SMR SHARED 24 2 29 2 0 254 744 0
FFS1 dinode 128 0 0 0 0 126 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
sctp_asconf 40 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 296 0 0 0 0 254 0 0
pf mtags 48 0 0 0 0 254 0 0
tcp_log_node 120 0 0 0 0 126 0 0
tcp_log_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
tcptw 88 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 280 0 0 0 0 30 0 0
AIOCB 752 0 0 0 0 16 0 0
AIOP 32 0 0 0 0 254 0 0
AIO 208 0 0 0 0 62 0 0
TMPFS node 232 0 0 0 0 62 0 0
TMPFS dirent 64 0 0 0 0 254 0 0
NCLNODE 592 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
crypto_session 72 0 0 0 0 126 0 0
cryptop 280 0 0 0 0 30 0 0
nvme_request 128 0 0 0 0 126 0 0
IOMMU_MAP_ENTRY 120 0 0 0 0 126 0 0
ktls_session 192 0 0 0 0 62 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 832 0 0 0 0 62 0 0
mdpbuf 832 0 0 0 0 4 0 0
nfspbuf 832 0 0 0 0 16 0 0
swwbuf 832 0 0 0 0 8 0 0
swrbuf 832 0 0 0 0 16 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
65536 65536 0 0 0 0 1 0 0
65536 65536 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
16384 16384 0 0 0 0 1 0 0
16384 16384 0 0 0 0 1 0 0
16384 16384 0 0 0 0 1 0 0
8192 8192 0 0 0 0 1 0 0
8192 8192 0 0 0 0 1 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,

Nov 7, 2020, 2:43:25 AM11/7/20

to syzkaller-f...@googlegroups.com

syzbot has found a reproducer for the following issue on:

HEAD commit: c4f7f2c1 binmiscctl(8): miscellaneous cleanup
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17137114500000
dashboard link: https://syzkaller.appspot.com/bug?extid=c8aa122fa2c6a4e2a28b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16040184500000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c8aa12...@syzkaller.appspotmail.com

login: panic: Assertion owner->td_proc->p_magic == P_MAGIC failed at /syzkaller/managers/main/kernel/sys/kern/subr_turnstile.c:749
cpuid = 1
time = 1604734850
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0003638030
vpanic() at vpanic+0x1c7/frame 0xfffffe0003638090
panic() at panic+0x43/frame 0xfffffe00036380f0
turnstile_wait() at turnstile_wait+0x4e6/frame 0xfffffe0003638150
__mtx_lock_sleep() at __mtx_lock_sleep+0x334/frame 0xfffffe00036381e0
__mtx_lock_flags() at __mtx_lock_flags+0x150/frame 0xfffffe0003638240
socantrcvmore() at socantrcvmore+0x2c/frame 0xfffffe0003638260
sctp_notify_assoc_change() at sctp_notify_assoc_change+0x5b8/frame 0xfffffe00036382d0
sctp_process_control() at sctp_process_control+0x8a2f/frame 0xfffffe0003638750
sctp_common_input_processing() at sctp_common_input_processing+0x7db/frame 0xfffffe00036388e0
sctp_input_with_port() at sctp_input_with_port+0x308/frame 0xfffffe00036389d0
sctp_input() at sctp_input+0x1f/frame 0xfffffe00036389f0
ip_input() at ip_input+0x388/frame 0xfffffe0003638a90
swi_net() at swi_net+0x20d/frame 0xfffffe0003638b10
ithread_loop() at ithread_loop+0x33f/frame 0xfffffe0003638bb0
fork_exit() at fork_exit+0xb3/frame 0xfffffe0003638bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0003638bf0

--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100020 ]

Stopped at kdb_enter+0x67: movq $0,0x147ce26(%rip)

db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12

rcx 0x80
rdx 0xffffffff818c5efd
rbx 0
rsp 0xfffffe0003638010
rbp 0xfffffe0003638030
rsi 0x1
rdi 0
r8 0
r9 0xffffffff
r10 0xfffffe00036387dc
r11 0xbf
r12 0xffffffff820671a0 ddb_dbbe
r13 0
r14 0xffffffff8196df21
r15 0xffffffff8196df21
rip 0xffffffff810df7d7 kdb_enter+0x67
rflags 0x82
kdb_enter+0x67: movq $0,0x147ce26(%rip)
db> show proc
Process 12 (intr) at 0xfffff800042a3a40:

state: NORMAL
uid: 0 gids: 0

parent: pid 0 at 0xffffffff8250ee70
ABI: null
reaper: 0xffffffff8250ee70 reapsubtree: 12
sigparent: 20
vmspace: 0xffffffff8250fac0
(map 0xffffffff8250fac0)
(map.pmap 0xffffffff8250fb80)
(pmap 0xffffffff8250fbe0)
threads: 23
100012 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100017 I [swi5: fast taskq]
100020 Run CPU 1 [swi1: netisr 0]
100021 I [swi3: vm]
100022 I [swi4: clock (0)]
100023 I [swi4: clock (1)]

100035 I [irq24: virtio_pci0]
100036 I [irq25: virtio_pci0]
100037 I [irq26: virtio_pci0]
100038 I [irq27: virtio_pci0]
100039 I [irq28: virtio_pci1]
100040 I [irq29: virtio_pci1]
100041 I [irq30: virtio_pci1]
100042 I [irq31: virtio_pci1]
100043 I [irq32: virtio_pci1]
100048 I [irq10: virtio_pci2]
100050 I [irq1: atkbd0]
100051 I [irq12: psm0]
100052 I [swi0: uart uart++]
100060 I [swi1: pf send]

100076 I [swi1: hpts]
100077 I [swi1: hpts]

db> ps
pid ppid pgrp uid state wmesg wchan cmd

798 769 769 0 RE CPU 0 syz-executor.0
797 791 797 0 Ss select 0xfffff8001efdce40 dhclient
794 1 794 0 Ss select 0xfffff8001ee80240 dhclient
791 784 424 0 D biowr 0xfffffe0003e45ac0 dhclient
784 424 424 0 S wait 0xfffff80031401520 sh
769 767 769 0 Ss nanslp 0xffffffff8252fd71 syz-executor.0
767 765 765 0 S (threaded) syz-execprog
100107 S uwait 0xfffff80004a77400 syz-execprog
100108 S uwait 0xfffff80004afe300 syz-execprog
100109 S uwait 0xfffff80004afe400 syz-execprog
100110 S uwait 0xfffff80004afe500 syz-execprog
100111 S kqread 0xfffff8001efbb800 syz-execprog
100112 S uwait 0xfffff80004a77100 syz-execprog
100113 S uwait 0xfffff8001eeed080 syz-execprog
765 763 765 0 Ss pause 0xfffff800311295c8 csh
763 682 763 0 Ss select 0xfffff8001efdccc0 sshd
742 1 742 0 Ss+ ttyin 0xfffff800046fe8b0 getty
741 1 741 0 Ss+ ttyin 0xfffff800049fd0b0 getty
740 1 740 0 Ss+ ttyin 0xfffff800049fd8b0 getty
739 1 739 0 Ss+ ttyin 0xfffff800049f80b0 getty
738 1 738 0 Ss+ ttyin 0xfffff800049f88b0 getty
737 1 737 0 Ss+ ttyin 0xfffff800049f40b0 getty
736 1 736 0 Ss+ ttyin 0xfffff800049f48b0 getty
735 1 735 0 Ss+ ttyin 0xfffff800049f30b0 getty
734 1 734 0 Ss+ ttyin 0xfffff800049f38b0 getty
732 1 24 0 S+ piperd 0xfffff8003102e5f0 logger
731 730 24 0 S+ nanslp 0xffffffff8252fd70 sleep
730 1 24 0 S+ wait 0xfffff80004b5ca40 sh
686 1 686 0 Ss nanslp 0xffffffff8252fd70 cron
682 1 682 0 Ss select 0xfffff80004b6f040 sshd
495 1 495 0 Ss select 0xfffff80004b6f7c0 syslogd
424 1 424 0 Ss wait 0xfffff80004b05000 devd
423 1 423 65 Ss select 0xfffff8001ee80bc0 dhclient
338 1 338 0 Ss select 0xfffff8001ee80740 dhclient
335 1 335 0 Ss select 0xfffff8001ee806c0 dhclient
23 0 0 0 DL syncer 0xffffffff8261d0f8 [syncer]
22 0 0 0 DL vlruwt 0xfffff80004a1b520 [vnlru]

21 0 0 0 DL (threaded) [bufdaemon]

100070 D qsleep 0xffffffff8261c1d0 [bufdaemon]
100073 D - 0xffffffff8200ac00 [bufspacedaemon-0]
100087 D sdflush 0xfffff800047078e8 [/ worker]
20 0 0 0 DL psleep 0xffffffff82643688 [vmdaemon]

19 0 0 0 DL (threaded) [pagedaemon]

100068 D psleep 0xffffffff82637af8 [dom0]
100074 D launds 0xffffffff82637b04 [laundry: dom0]
100075 D umarcl 0xffffffff814e7330 [uma]
18 0 0 0 DL - 0xffffffff823634f8 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff82d1e818 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff82b5b390 [pf purge]
15 0 0 0 DL - 0xffffffff8261b7a4 [soaiod4]
9 0 0 0 DL - 0xffffffff8261b7a4 [soaiod3]
8 0 0 0 DL - 0xffffffff8261b7a4 [soaiod2]
7 0 0 0 DL - 0xffffffff8261b7a4 [soaiod1]

6 0 0 0 DL (threaded) [cam]

100034 D - 0xffffffff8223b240 [doneq0]
100067 D - 0xffffffff8223b110 [scanner]
5 0 0 0 DL crypto_ 0xfffff8000432ad90 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff8000432ad30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff82634ff0 [crypto]
14 0 0 0 DL seqstat 0xfffff800042f7c88 [sequencer 00]

13 0 0 0 DL (threaded) [geom]

100025 D - 0xffffffff8250e8e0 [g_event]
100026 D - 0xffffffff8250e8e8 [g_up]
100027 D - 0xffffffff8250e8f0 [g_down]

2 0 0 0 DL (threaded) [KTLS]

100018 D - 0xfffff800042b3e00 [thr_0]
100019 D - 0xfffff800042b3e80 [thr_1]

12 0 0 0 RL (threaded) [intr]

100012 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100017 I [swi5: fast taskq]
100020 Run CPU 1 [swi1: netisr 0]
100021 I [swi3: vm]
100022 I [swi4: clock (0)]
100023 I [swi4: clock (1)]

100076 I [swi1: hpts]
100077 I [swi1: hpts]

11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]

1 0 1 0 SLs wait 0xfffff80004288520 [init]
10 0 0 0 DL audit_w 0xffffffff82635510 [audit]

0 0 0 0 DLs (threaded) [kernel]

100000 D swapin 0xffffffff8250ee70 [swapper]
100005 D - 0xfffff800042a0e00 [if_io_tqg_0]
100006 D - 0xfffff800042a0d00 [if_io_tqg_1]
100007 D - 0xfffff800042a0c00 [if_config_tqg_0]
100008 D - 0xfffff800042a0b00 [softirq_0]
100009 D - 0xfffff800042a0a00 [softirq_1]
100010 D - 0xfffff800042a0900 [inm_free taskq]
100011 D - 0xfffff800042a0800 [kqueue_ctx taskq]
100013 D - 0xfffff800042a0600 [aiod_kick taskq]
100015 D - 0xfffff800042a0400 [in6m_free taskq]
100016 D - 0xfffff800042a0300 [thread taskq]
100024 D - 0xfffff800042a0100 [firmware taskq]
100029 D - 0xfffff800042ed600 [crypto_0]
100030 D - 0xfffff800042ed600 [crypto_1]
100044 D - 0xfffff800046e8e00 [vtnet0 rxq 0]
100045 D - 0xfffff800046e8d00 [vtnet0 txq 0]
100046 D - 0xfffff800046e8c00 [vtnet0 rxq 1]
100047 D - 0xfffff800046e8b00 [vtnet0 txq 1]
100049 D vtbslp 0xfffff80004478980 [virtio_balloon]
100053 D - 0xfffff800046e8a00 [mca taskq]
100058 D - 0xffffffff81d15c41 [deadlkres]
100062 D - 0xfffff800046e8600 [acpi_task_0]
100063 D - 0xfffff800046e8600 [acpi_task_1]
100064 D - 0xfffff800046e8600 [acpi_task_2]
100066 D - 0xfffff800042ed000 [CAM taskq]
db> show all locks
Process 798 (syz-executor.0) thread 0xfffffe00239f2100 (100105)
exclusive sleep mutex sctp-it (iterator) r = 0 (0xffffffff82d1e7d8) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:3317
Process 791 (dhclient) thread 0xfffffe00239f0500 (100115)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003e45b40) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3875
exclusive lockmgr ufs (ufs) r = 0 (0xfffff80031418260) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3491

Process 12 (intr) thread 0xfffffe00048b2a00 (100020)

exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0025765c70) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:2143

db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5

devbuf 4214 4854K 4239

tcp_hpts 5 3201K 5
vtbuf 24 1968K 46

sysctloid 28272 1649K 28336
kobj 336 1344K 496
newblk 398 1124K 440
vfscache 3 1025K 3
pcb 25 541K 81
inodedep 56 540K 79

ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4

subproc 110 237K 857
acpica 1674 185K 52508
vnet_data 1 168K 1
pagedep 18 133K 22

tfo_ccache 1 128K 1
sem 4 106K 4

DEVFS1 102 102K 113
linker 254 99K 285
bus 979 79K 3033

mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 507 64K 507

filedesc 5 37K 17
BPF 19 36K 19
temp 23 33K 1629

hostcache 1 32K 1
shm 1 32K 1

kdtrace 167 32K 1661
umtx 252 32K 252
DEVFS3 121 31K 131

msg 4 30K 4
DEVFS_RULE 56 27K 56

gtaskqueue 18 26K 18

vmem 3 22K 5
kbdmux 6 22K 6
ufs_mount 5 17K 6

proc 3 17K 3
ifaddr 43 17K 43

tty 16 16K 16
tidhash 1 16K 1
ithread 99 16K 99

bus-sc 30 14K 1414
KTRACE 100 13K 100

kenv 92 12K 92
eventhandler 132 12K 132

pfs_nodes 20 10K 20
GEOM 60 10K 489
rman 82 10K 423

UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2

bmsafemap 1 8K 46
shmfd 1 8K 1

pfs_vncache 1 8K 1
audit_evclass 233 8K 291

lltable 20 7K 20
ifnet 4 7K 4

CAM DEV 3 6K 510

ether_multi 73 6K 83
kqueue 54 6K 803
vt 11 6K 11
cred 21 6K 233

sglist 5 6K 5
CAM queue 5 6K 1528
taskqueue 48 6K 48

in6_multi 41 5K 41
plimit 19 5K 344
ufs_dirhash 24 5K 24
dirrem 17 5K 28
diradd 33 5K 44

memdesc 1 4K 1
MCA 32 4K 32

evdev 4 4K 4
UMA 245 4K 245
routetbl 18 4K 18
pf_ifnet 7 4K 10
hhook 13 4K 13
session 23 3K 34
pgrp 23 3K 34

terminal 11 3K 11
acpisem 22 3K 22

selfd 40 3K 7350
select 19 3K 19
proc-args 44 3K 504
uidinfo 3 3K 8
lockf 21 3K 28

local_apic 1 2K 1
io_apic 1 2K 1

CAM CCB 1 2K 1772
ipsec-saq 2 2K 2

CAM XPT 22 2K 543

Unitno 26 2K 40
sctp_atcl 3 2K 4
ip6ndp 8 2K 9
mkdir 10 2K 22

ipsecpolicy 2 2K 2
acpidev 20 2K 20
msi 9 2K 9

clone 9 2K 9
sctp_ifa 8 1K 10
sctp_stro 1 1K 2
softdep 1 1K 1
indirdep 4 1K 4

sahead 1 1K 1
secasvar 1 1K 1

vnodemarker 2 1K 8

NFSD session 1 1K 1
CAM periph 4 1K 271

newdirblk 7 1K 11
ipsec 3 1K 3
in_multi 3 1K 5
nhops 6 1K 6

toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
encap_export_host 12 1K 12
crypto 3 1K 3

pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
cdev 2 1K 2

inpcbpolicy 13 1K 151
sctp_ifn 3 1K 10
mld 3 1K 3
igmp 3 1K 3
tun 4 1K 4
osd 3 1K 9
DEVFSP 5 1K 5
sctp_timw 1 1K 1
vnodes 1 1K 1

ktls 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7

loginclass 3 1K 7
prison 6 1K 6
sctp_atky 4 1K 6

CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034

freework 1 1K 26

tcpfunc 2 1K 2
pmchooks 1 1K 1

filecaps 5 1K 69
soname 4 1K 3075
nexusdev 5 1K 5
sctp_vrf 1 1K 1
entropy 2 1K 38

vnet 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1

sctp_athm 3 1K 4
sctp_map 2 1K 4

cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1

p1003.1b 1 1K 1
sctp_mcore 0 0K 0

sctp_socko 0 0K 0
sctp_iter 0 0K 5

sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0

sctp_a_it 0 0K 5
sctp_aadr 0 0K 0
sctp_stri 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0

UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0

savedino 0 0K 12

sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0

sbdep 0 0K 2

jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0

freefile 0 0K 9
freeblks 0 0K 25
freefrag 0 0K 5
allocindir 0 0K 0

allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3

ip6_msource 0 0K 0
ip6_moptions 0 0K 0

in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
PUC 0 0K 0
LRO 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0

ip_moptions 0 0K 0

in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0

fadvise 0 0K 0
VN POLL 0 0K 0
ppbusdev 0 0K 0
statfs 0 0K 195
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 2

agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0

mbuf_tag 0 0K 50

accf 0 0K 0
pts 0 0K 0

iov 0 0K 13383
ioctlops 0 0K 90

Witness 0 0K 0
stack 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
sbuf 0 0K 288
mps 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
mpr_user 0 0K 0
SWAP 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0

sysctltmp 0 0K 607

sysctl 0 0K 1
mfibuf 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0

sendfile 0 0K 0

rctl 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
cache 0 0K 0
ix_sriov 0 0K 0

kcovinfo 0 0K 0

prison_racct 0 0K 0
Fail Points 0 0K 0

sigio 0 0K 1

filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0

tmpfs dir 0 0K 0

mbuf_cluster 2048 9353 1 9353 0 254 19156992 0
mbuf_packet 256 8192 1033 23210 0 254 2361600 0
malloc-512 512 4121 7 4122 0 30 2113536 0
BUF TRIE 144 164 13304 450 0 62 1939392 0
malloc-4096 4096 355 1 530 0 2 1458176 0
malloc-128 128 9318 13 9362 0 126 1194368 0
pbuf 832 0 969 0 0 2 806208 0
UMA Slabs 0 112 6000 9 6000 0 126 673008 0
RADIX NODE 144 2164 325 20348 0 63 358416 0
VM OBJECT 264 1004 46 12985 0 30 277200 0
VNODE 496 538 14 550 0 30 273792 0
malloc-65536 65536 4 0 4 0 1 262144 0
256 Bucket 2048 101 17 6974 0 8 241664 0
THREAD 1792 118 8 118 0 8 225792 0
malloc-4096 4096 52 2 799 0 2 221184 0
DEVCTL 1024 0 208 113 0 0 212992 0
malloc-65536 65536 2 1 112 0 1 196608 0
malloc-16 16 11813 187 11867 0 254 192000 0
malloc-64 64 2691 81 10009 0 254 177408 0
UMA Zones 768 220 2 220 0 16 170496 0
malloc-256 256 578 52 827 0 62 161280 0
malloc-128 128 1199 41 24539 0 126 158720 0
malloc-32 32 4600 188 4628 0 254 153216 0
mbuf 256 399 141 1894 0 254 138240 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 0 2 63 0 1 131072 0
FFS2 dinode 256 507 3 516 0 62 130560 0
malloc-2048 2048 9 51 2544 0 8 122880 0
malloc-1024 1024 118 2 129 0 16 122880 0
ksiginfo 112 40 1004 59 0 126 116928 0
MAP ENTRY 96 1031 187 39000 0 126 116928 0
S VFS Cache 104 979 74 1024 0 126 109512 0
vmem btag 56 1606 38 1606 0 254 92064 0
VMSPACE 2536 29 7 777 0 4 91296 0
FFS inode 160 507 18 517 0 62 84000 0
malloc-128 128 619 32 3558 0 126 83328 0
UMA Kegs 384 206 0 206 0 30 79104 0
filedesc0 1080 52 18 799 0 8 75600 0
PROC 1312 51 6 798 0 8 74784 0
g_bio 408 4 176 4739 0 30 73440 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-16384 16384 2 2 144 0 1 65536 0
malloc-8192 8192 5 3 33 0 1 65536 0
malloc-512 512 114 6 139 0 30 61440 0
128 Bucket 1024 41 14 1386 0 16 56320 0
malloc-256 256 177 18 925 0 62 49920 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-16384 16384 3 0 6 0 1 49152 0
malloc-128 128 332 40 405 0 126 47616 0
malloc-64 64 553 140 1884 0 254 44352 0
mbuf_jumbo_page 4096 0 10 10 0 254 40960 0
clpbuf 832 0 48 99 0 16 39936 0
malloc-128 128 284 26 1065 0 126 39680 0
32 Bucket 256 35 115 876 0 62 38400 0

DIRHASH 1024 34 2 34 0 16 36864 0

NAMEI 1024 0 36 12019 0 16 36864 0
malloc-4096 4096 9 0 11 0 2 36864 0
malloc-64 64 456 111 664 0 254 36288 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 0 1 112 0 1 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-8192 8192 3 1 92 0 1 32768 0
malloc-512 512 57 7 689 0 30 32768 0
mt_stats_zone 64 450 62 450 0 254 32768 0
pcpu-8 8 3906 190 3910 0 254 32768 0
socket 960 23 9 1226 0 254 30720 0
malloc-256 256 98 22 283 0 62 30720 0
malloc-4096 4096 5 2 649 0 2 28672 0
64 Bucket 512 46 10 305 0 30 28672 0
ttyinq 160 135 40 300 0 62 28000 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-8192 8192 2 1 4 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-64 64 358 20 1171 0 254 24192 0
8 Bucket 80 54 246 6596 0 126 24000 0
tcpcb 1048 3 19 7 0 254 23056 0

ttyoutq 256 72 18 160 0 62 23040 0

malloc-256 256 59 31 1229 0 62 23040 0

Mountpoints 2816 2 6 2 0 4 22528 0

malloc-4096 4096 4 1 6 0 2 20480 0
malloc-2048 2048 8 2 8 0 8 20480 0
malloc-1024 1024 17 3 31 0 16 20480 0
malloc-512 512 26 14 27 0 30 20480 0
TURNSTILE 136 127 20 127 0 62 19992 0
malloc-128 128 101 54 598 0 126 19840 0
malloc-128 128 129 26 139 0 126 19840 0
pipe 760 12 13 293 0 16 19000 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-1024 1024 4 12 48 0 16 16384 0
malloc-512 512 20 12 20 0 30 16384 0
malloc-32 32 290 214 3129 0 254 16128 0
SLEEPQUEUE 88 127 33 127 0 126 14080 0
malloc-2048 2048 5 1 5 0 8 12288 0
malloc-2048 2048 3 3 194 0 8 12288 0
malloc-1024 1024 8 4 9 0 16 12288 0
malloc-1024 1024 12 0 12 0 16 12288 0
malloc-512 512 21 3 21 0 30 12288 0
4 Bucket 48 10 242 3018 0 254 12096 0
2 Bucket 32 48 330 13111 0 254 12096 0
Files 80 102 48 6624 0 126 12000 0
malloc-256 256 21 24 332 0 62 11520 0
sctp_asoc 2288 1 4 2 0 254 11440 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 2 0 2 8192 0
malloc-2048 2048 3 1 17 0 8 8192 0
malloc-2048 2048 3 1 3 0 8 8192 0
malloc-1024 1024 4 4 143 0 16 8192 0
malloc-1024 1024 1 7 912 0 16 8192 0
malloc-512 512 4 12 339 0 30 8192 0
malloc-512 512 12 4 13 0 30 8192 0
sctp_raddr 736 1 10 2 0 254 8096 0
rtentry 176 20 26 24 0 62 8096 0
rl_entry 40 33 169 33 0 254 8080 0
sctp_laddr 48 0 168 7 0 254 8064 0
udpcb 32 4 248 139 0 254 8064 0
PWD 32 12 240 102 0 254 8064 0
malloc-64 64 26 100 27 0 254 8064 0
malloc-64 64 52 74 13128 0 254 8064 0
malloc-64 64 74 52 858 0 254 8064 0
malloc-64 64 11 115 25 0 254 8064 0
malloc-32 32 3 249 67 0 254 8064 0
malloc-32 32 101 151 128 0 254 8064 0
malloc-32 32 55 197 843 0 254 8064 0
malloc-32 32 79 173 261 0 254 8064 0
malloc-32 32 19 233 1064 0 254 8064 0
16 Bucket 144 33 23 211 0 62 8064 0
vtnet_tx_hdr 24 0 334 844 0 254 8016 0
KNOTE 160 8 42 53 0 62 8000 0
malloc-16 16 29 471 181 0 254 8000 0
malloc-16 16 42 458 548 0 254 8000 0
malloc-16 16 193 307 1248 0 254 8000 0
malloc-16 16 21 479 36 0 254 8000 0
malloc-16 16 253 247 23955 0 254 8000 0
malloc-16 16 18 482 66 0 254 8000 0
malloc-128 128 21 41 26 0 126 7936 0
procdesc 136 2 56 8 0 62 7888 0
tcp_inpcb 488 3 13 7 0 254 7808 0
udp_inpcb 488 4 12 135 0 254 7808 0

KMAP ENTRY 96 12 69 12 0 126 7776 0

kenv 258 3 27 1000 0 30 7740 0
routing nhops 256 16 14 24 0 62 7680 0
unpcb 256 11 19 1054 0 254 7680 0
malloc-256 256 15 15 27 0 62 7680 0
malloc-256 256 7 23 294 0 62 7680 0
malloc-256 256 14 16 60 0 62 7680 0

FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 7 55 7 0 126 6448 0
epoch_record pcpu 256 4 12 4 0 62 4096 0

malloc-4096 4096 1 0 1 0 2 4096 0
malloc-2048 2048 1 1 1 0 8 4096 0
malloc-2048 2048 0 2 32 0 8 4096 0

hostcache 96 1 41 1 0 254 4032 0

syncache 168 0 24 5 0 254 4032 0
malloc-32 32 40 86 700 0 254 4032 0
ripcb 488 2 6 5 0 254 3904 0
udplite_inpcb 488 4 4 4 0 254 3904 0
UMA Slabs 1 176 8 14 8 0 62 3872 0
sctp_ep 1280 2 1 2 0 254 3840 0

vmem 1856 1 1 1 0 8 3712 0

pcpu-4 4 34 478 34 0 254 2048 0

SMR CPU 32 2 29 2 0 254 992 0
SMR SHARED 24 2 29 2 0 254 744 0
FFS1 dinode 128 0 0 0 0 126 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0

sctp_asconf_ack 48 0 0 0 0 254 0 0

sctp_asconf 40 0 0 0 0 254 0 0

sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0

pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 248 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 296 0 0 0 0 254 0 0

pf tags 104 0 0 0 0 126 0 0

pf mtags 48 0 0 0 0 254 0 0

tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0

tcp_log_node 120 0 0 0 0 126 0 0
tcp_log_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
tcptw 88 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 280 0 0 0 0 30 0 0
AIOCB 752 0 0 0 0 16 0 0
AIOP 32 0 0 0 0 254 0 0
AIO 208 0 0 0 0 62 0 0

NCLNODE 592 0 0 0 0 16 0 0

TMPFS node 224 0 0 0 0 62 0 0

LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
crypto_session 72 0 0 0 0 126 0 0
cryptop 280 0 0 0 0 30 0 0

IOMMU_MAP_ENTRY 120 0 0 0 0 126 0 0
ktls_session 192 0 0 0 0 62 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 832 0 0 0 0 62 0 0
mdpbuf 832 0 0 0 0 4 0 0
nfspbuf 832 0 0 0 0 16 0 0
swwbuf 832 0 0 0 0 8 0 0
swrbuf 832 0 0 0 0 16 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0

syzbot

unread,

Jun 4, 2021, 8:39:25 PM6/4/21

to syzkaller-f...@googlegroups.com

syzbot has found a reproducer for the following issue on:

HEAD commit: f13d72fd cxgb(4): Report proper TSO limits.
git tree: https://github.com/freebsd/freebsd-src.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=14b18b3dd00000
dashboard link: https://syzkaller.appspot.com/bug?extid=c8aa122fa2c6a4e2a28b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14aa5997d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b0521fd00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c8aa12...@syzkaller.appspotmail.com

login: panic: Assertion owner->td_proc->p_magic == P_MAGIC failed at /syzkaller/managers/main/kernel/sys/kern/subr_turnstile.c:749
cpuid = 1
time = 1622853413
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0051728740
vpanic() at vpanic+0x1c7/frame 0xfffffe00517287a0
panic() at panic+0x43/frame 0xfffffe0051728800
turnstile_wait() at turnstile_wait+0x4e6/frame 0xfffffe0051728860
__mtx_lock_sleep() at __mtx_lock_sleep+0x334/frame 0xfffffe00517288f0
__mtx_lock_flags() at __mtx_lock_flags+0x150/frame 0xfffffe0051728950
soo_aio_cancel() at soo_aio_cancel+0x81/frame 0xfffffe0051728990
aio_cancel_job() at aio_cancel_job+0xc7/frame 0xfffffe00517289d0
aio_proc_rundown() at aio_proc_rundown+0xd7/frame 0xfffffe0051728a30
exit1() at exit1+0x4cb/frame 0xfffffe0051728aa0
sys_sys_exit() at sys_sys_exit+0xd/frame 0xfffffe0051728ab0
amd64_syscall() at amd64_syscall+0x247/frame 0xfffffe0051728bf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0051728bf0
--- syscall (1, FreeBSD ELF64, sys_sys_exit), rip = 0x290fda, rsp = 0x7fffffffea68, rbp = 0x7fffffffea80 ---
KDB: enter: panic
[ thread pid 785 tid 100120 ]
Stopped at kdb_enter+0x67: movq $0,0x163613e(%rip)

db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12

rcx 0x80
rdx 0xffffffff819cacda
rbx 0
rsp 0xfffffe0051728720
rbp 0xfffffe0051728740

rsi 0x1
rdi 0
r8 0

r9 0x8080808080808080
r10 0xfffffe0051728610
r11 0x1ffaefff59c
r12 0xffffffff82267b90 ddb_dbbe
r13 0
r14 0xffffffff81a7c9c8
r15 0xffffffff81a7c9c8
rip 0xffffffff81133047 kdb_enter+0x67
rflags 0x82
kdb_enter+0x67: movq $0,0x163613e(%rip)
db> show proc
Process 785 (syz-executor8232694) at 0xfffff8005186aa60:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 783 at 0xfffff80015d87a60
ABI: FreeBSD ELF64
flag: 0x10006000 flag2: 0
arguments: ./syz-executor823269463
reaper: 0xfffff80004bd7530 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0094ffc9f0
(map 0xfffffe0094ffc9f0)
(map.pmap 0xfffffe0094ffcab0)
(pmap 0xfffffe0094ffcb10)
threads: 1
100120 Run CPU 1 syz-executor8232694

db> ps
pid ppid pgrp uid state wmesg wchan cmd

789 0 0 0 DL aiordy 0xfffff8005186a530 [aiod4]
788 0 0 0 DL aiordy 0xfffff80015df6a60 [aiod3]
787 0 0 0 DL aiordy 0xfffff80015df6530 [aiod2]
786 0 0 0 DL aiordy 0xfffff80015df6000 [aiod1]
785 783 783 0 RE CPU 1 syz-executor8232694
783 781 783 0 Ss pause 0xfffff80015d87b10 csh
781 694 781 0 Ss select 0xfffff80051505a40 sshd
760 1 760 0 Ss+ ttyin 0xfffff800153ddcb0 getty
759 1 759 0 Ss+ ttyin 0xfffff80015aa64b0 getty
758 1 758 0 Ss+ ttyin 0xfffff80015aa6cb0 getty
757 1 757 0 Ss+ ttyin 0xfffff80015aaa4b0 getty
756 1 756 0 Ss+ ttyin 0xfffff80015aaacb0 getty
755 1 755 0 Ss+ ttyin 0xfffff80015aad4b0 getty
754 1 754 0 Ss+ ttyin 0xfffff80015aadcb0 getty
753 1 753 0 Ss+ ttyin 0xfffff80015a364b0 getty
752 1 752 0 Ss+ ttyin 0xfffff80015a36cb0 getty
750 1 24 0 S+ piperd 0xfffff80051176000 logger
749 748 24 0 S+ nanslp 0xffffffff8273c8e0 sleep
748 1 24 0 S+ wait 0xfffff8005122fa60 sh
698 1 698 0 Ss nanslp 0xffffffff8273c8e0 cron
694 1 694 0 Ss select 0xfffff80051365d40 sshd
507 1 507 0 Ss select 0xfffff80051309440 syslogd
436 1 436 0 Ss select 0xfffff800513018c0 devd
435 1 435 65 Ss select 0xfffff80051301bc0 dhclient
350 1 350 0 Ss select 0xfffff80051301740 dhclient
347 1 347 0 Ss select 0xfffff800511ef2c0 dhclient
23 0 0 0 DL vlruwt 0xfffff80015a8c000 [vnlru]
22 0 0 0 DL syncer 0xffffffff8282bcd0 [syncer]

21 0 0 0 DL (threaded) [bufdaemon]

100081 D qsleep 0xffffffff8282ada0 [bufdaemon]
100088 D - 0xffffffff8220aec0 [bufspacedaemon-0]
100098 D sdflush 0xfffff80015d3fce8 [/ worker]
20 0 0 0 DL psleep 0xffffffff82852c08 [vmdaemon]

19 0 0 0 DL (threaded) [pagedaemon]

100079 D psleep 0xffffffff82847078 [dom0]
100086 D launds 0xffffffff82847084 [laundry: dom0]
100087 D umarcl 0xffffffff815d0830 [uma]
18 0 0 0 DL - 0xffffffff82570c88 [rand_harvestq]
17 0 0 0 DL waiting 0xffffffff82fec828 [sctp_iterator]
16 0 0 0 DL pftm 0xffffffff82e243c0 [pf purge]
15 0 0 0 DL - 0xffffffff8282845c [soaiod4]
9 0 0 0 DL - 0xffffffff8282845c [soaiod3]
8 0 0 0 DL - 0xffffffff8282845c [soaiod2]
7 0 0 0 DL - 0xffffffff8282845c [soaiod1]

6 0 0 0 DL (threaded) [cam]

100044 D - 0xffffffff82448140 [doneq0]
100045 D - 0xffffffff824480c0 [async]
100078 D - 0xffffffff82447f90 [scanner]
14 0 0 0 DL seqstat 0xfffff80004dcc488 [sequencer 00]
5 0 0 0 DL crypto_ 0xfffff80004d9cd80 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff80004d9cd30 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff82844560 [crypto]

13 0 0 0 DL (threaded) [geom]

100035 D - 0xffffffff8271c120 [g_event]
100036 D - 0xffffffff8271c128 [g_up]
100037 D - 0xffffffff8271c130 [g_down]

2 0 0 0 DL (threaded) [KTLS]

100028 D - 0xfffff80004cbdd00 [thr_0]
100029 D - 0xfffff80004cbdd80 [thr_1]
12 0 0 0 WL (threaded) [intr]
100011 I [swi5: fast taskq]
100014 I [swi6: task queue]
100016 I [swi6: Giant taskq]
100030 I [swi3: vm]
100031 I [swi4: clock (0)]
100032 I [swi4: clock (1)]
100033 I [swi1: netisr 0]
100046 I [irq24: virtio_pci0]
100047 I [irq25: virtio_pci0]
100048 I [irq26: virtio_pci0]
100049 I [irq27: virtio_pci0]
100050 I [irq28: virtio_pci1]
100051 I [irq29: virtio_pci1]
100052 I [irq30: virtio_pci1]
100053 I [irq31: virtio_pci1]
100054 I [irq32: virtio_pci1]
100059 I [irq10: virtio_pci2]
100061 I [irq1: atkbd0]
100062 I [irq12: psm0]
100063 I [swi0: uart uart++]
100071 I [swi1: pf send]
100084 I [swi1: hpts]
100085 I [swi1: hpts]

11 0 0 0 RL (threaded) [idle]

100003 Run CPU 0 [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff80004bd7530 [init]
10 0 0 0 DL audit_w 0xffffffff82844a70 [audit]

0 0 0 0 DLs (threaded) [kernel]

100000 D swapin 0xffffffff8271c6b0 [swapper]
100005 D - 0xfffff8000443a500 [if_io_tqg_0]
100006 D - 0xfffff8000443a100 [if_io_tqg_1]
100007 D - 0xfffff80004c73d00 [if_config_tqg_0]
100008 D - 0xfffff80004c73900 [softirq_0]
100009 D - 0xfffff80004c73500 [softirq_1]
100010 D - 0xfffff80004c73100 [aiod_kick taskq]
100012 D - 0xfffff80004c70900 [kqueue_ctx taskq]
100013 D - 0xfffff80004c70500 [pci_hp taskq]
100015 D - 0xfffff80004c66d00 [inm_free taskq]
100017 D - 0xfffff80004c66500 [linuxkpi_irq_wq]
100018 D - 0xfffff80004c66100 [thread taskq]
100019 D - 0xfffff80004c63d00 [in6m_free taskq]
100020 D - 0xfffff80004c63900 [linuxkpi_short_wq_0]
100021 D - 0xfffff80004c63900 [linuxkpi_short_wq_1]
100022 D - 0xfffff80004c63900 [linuxkpi_short_wq_2]
100023 D - 0xfffff80004c63900 [linuxkpi_short_wq_3]
100024 D - 0xfffff80004c63500 [linuxkpi_long_wq_0]
100025 D - 0xfffff80004c63500 [linuxkpi_long_wq_1]
100026 D - 0xfffff80004c63500 [linuxkpi_long_wq_2]
100027 D - 0xfffff80004c63500 [linuxkpi_long_wq_3]
100034 D - 0xfffff80004cecd00 [firmware taskq]
100038 D - 0xfffff80004cec900 [crypto_0]
100039 D - 0xfffff80004cec900 [crypto_1]
100055 D - 0xfffff800153bed00 [vtnet0 rxq 0]
100056 D - 0xfffff800153be900 [vtnet0 txq 0]
100057 D - 0xfffff800153be500 [vtnet0 rxq 1]
100058 D - 0xfffff800153be100 [vtnet0 txq 1]
100060 D vtbslp 0xfffff80015352500 [virtio_balloon]
100064 D - 0xfffff800153aed00 [mca taskq]
100065 D - 0xffffffff81e298a0 [deadlkres]
100074 D - 0xfffff80015a40500 [acpi_task_0]
100075 D - 0xfffff80015a40500 [acpi_task_1]
100076 D - 0xfffff80015a40500 [acpi_task_2]
100077 D - 0xfffff80004cec100 [CAM taskq]
db> show all locks

db> show malloc
Type InUse MemUse Requests

sysctloid 34288 12858K 34355
pf_hash 5 11560K 5
devbuf 4216 6982K 4241
tcp_hpts 5 3219K 5
kobj 328 2624K 488
vtbuf 24 2064K 46
newblk 586 1325K 604
vfscache 3 1035K 3
acpica 1674 649K 54692
pcb 24 613K 78
inodedep 49 568K 71
callout 2 528K 2
ufs_quota 1 520K 1
vfs_hash 1 520K 1
intr 4 480K 4
subproc 108 458K 848
bus 990 378K 3485
linker 348 270K 397
DEVFS1 103 206K 112
module 512 192K 512
vnet_data 1 176K 1
tidhash 3 164K 3
pagedep 14 143K 18
kdtrace 172 141K 912
tfo_ccache 1 136K 1
sem 4 120K 4
umtx 264 116K 264
UMA 270 102K 270
audit_evclass 236 89K 294
mtx_pool 2 80K 2
syncache 1 76K 1
temp 18 71K 1613
msg 4 68K 4
BPF 10 68K 10

acpitask 1 64K 1
ddb_capture 1 64K 1

DEVFS3 122 61K 132
gtaskqueue 18 57K 18
vmem 3 56K 4
DEVFS_RULE 56 54K 56
kenv 95 52K 95
eventhandler 133 50K 133
ithread 99 43K 99
rman 84 42K 425
ifaddr 30 40K 32
KTRACE 100 38K 100
taskqueue 60 36K 60
proc 3 34K 3
ufs_mount 5 34K 6
bus-sc 33 34K 1696
routetbl 50 34K 176
devstat 4 33K 4
hostcache 1 32K 1
tty 16 32K 16
shm 1 32K 1
GEOM 60 29K 489
kbdmux 6 28K 6
cred 23 23K 234
CAM queue 5 21K 1528
pfs_nodes 20 20K 20
kqueue 50 19K 792
pwddesc 50 19K 790
UART 12 18K 12
bmsafemap 3 17K 40
plimit 17 17K 322
ksem 1 16K 1
rpc 2 16K 2
shmfd 1 16K 1
pfs_vncache 1 16K 1
ether_multi 40 15K 50
proc-args 39 15K 488
ufs_dirhash 24 14K 24
sglist 5 13K 5
MCA 32 12K 32
CAM DEV 3 12K 510
vt 11 11K 11
in6_multi 25 11K 25
acpisem 28 11K 28
CAM XPT 22 11K 543
selfd 27 11K 9256
Unitno 27 11K 39
session 20 10K 31
diradd 25 10K 36
lltable 11 9K 11
uidinfo 3 9K 8
dirrem 17 9K 28
ifnet 3 9K 3
memdesc 1 8K 1
ipsec-saq 2 8K 2
evdev 4 8K 4
filedesc 1 8K 1
acpidev 20 8K 20
hhook 15 8K 17
mount 16 7K 90
pf_ifnet 5 6K 6
fpukern_ctx 3 6K 3
lockf 15 6K 22
terminal 11 6K 11
ipsecpolicy 2 5K 2
encap_export_host 12 5K 12
clone 9 5K 9
inpcbpolicy 11 5K 138
local_apic 1 4K 1
io_apic 1 4K 1
sahead 1 4K 1
secasvar 1 4K 1
pci_link 10 4K 10
msi 9 4K 9
DEVFS 9 4K 10
osd 8 4K 20
ipsec 3 3K 3
nhops 6 3K 6
nexusdev 7 3K 7
feeder 7 3K 7
select 7 3K 29
toponodes 6 3K 6
prison 6 3K 6
isadev 6 3K 6
softdep 1 2K 1
vnodemarker 2 2K 8
NFSD session 1 2K 1
sctp_ifa 5 2K 6
linux 5 2K 6
CAM periph 4 2K 271
crypto 4 2K 4
ip6ndp 4 2K 5
DEVFSP 4 2K 9
newdirblk 4 2K 8
mkdir 4 2K 16
indirdep 3 2K 3
pfil 4 2K 4
CAM path 4 2K 1034
soname 4 2K 3231
filecaps 4 2K 66
tcpfunc 3 2K 3
tun 3 2K 3
loginclass 3 2K 7
in_multi 2 1K 4
chacha20random 1 1K 1
vnodes 1 1K 1

CAM SIM 2 1K 2

ktls 1 1K 1
cdev 2 1K 2
aesni_data 2 1K 2
sctp_ifn 2 1K 6
cpus 2 1K 2
atkbddev 2 1K 2

CAM dev queue 2 1K 2

xform 2 1K 49
mld 2 1K 2
igmp 2 1K 2
entropy 2 1K 35

NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1

procdesc 1 1K 6
pmchooks 1 1K 1
sctp_vrf 1 1K 1
apmdev 1 1K 1
freework 1 1K 26

CAM I/O Scheduler 1 1K 1

vnet_data_free 1 1K 1
vnet 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
mqdata 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 3
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0

sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0

sctp_athm 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 3
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
cubic data 0 0K 0
chd data 0 0K 0
dctcp data 0 0K 0
htcp data 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0

pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0

cdg data 0 0K 0
vegas data 0 0K 0
tcp_do 0 0K 0
tcp_fsb 0 0K 0

NFSCL lckown 0 0K 0
NFSCL client 0 0K 0

madt_table 0 0K 2
smartpqi 0 0K 0

NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0

iavf 0 0K 0
ixl 0 0K 0

NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0

ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
axgbe 0 0K 0

DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0

xen_intr 0 0K 0
xenstore 0 0K 0
ciss_data 0 0K 0

xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0

BACKLIGHT 0 0K 0
xnb 0 0K 0

dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0

xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0

isci 0 0K 0
iommu_dmamap 0 0K 0

sysmouse 0 0K 0

hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0

vtfont 0 0K 0
vm_fictitious 0 0K 0

ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0

pvscsi 0 0K 0
scsi_da 0 0K 69

ata_da 0 0K 0
scsi_ch 0 0K 0

UMAHash 0 0K 0
scsi_cd 0 0K 0

AHCI driver 0 0K 0

vm_pgdata 0 0K 0
jblocks 0 0K 0

savedino 0 0K 16

sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0

sbdep 0 0K 2

jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0

freefile 0 0K 9
freeblks 0 0K 25

freefrag 0 0K 7
allocindir 0 0K 0

USBdev 0 0K 0
USB 0 0K 0

agp 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
ktls_ocf 0 0K 0
twsbuf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
seq_file 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpifw 0 0K 0

NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3

ip6_msource 0 0K 0
ip6_moptions 0 0K 0

in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0

tcp_hwpace 0 0K 0
twe_commands 0 0K 0

LRO 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0

ip_moptions 0 0K 0

fadvise 0 0K 0
VN POLL 0 0K 0
twa_commands 0 0K 0

statfs 0 0K 195
namei_tracker 0 0K 0

export_host 0 0K 0
cl_savebuf 0 0K 6

tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0

ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0

acpicmbat 0 0K 0
SIIS driver 0 0K 0

CAM CCB 0 0K 1745
PUC 0 0K 0
ppbusdev 0 0K 0

agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0

biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0

tempbuff 0 0K 0
mbuf_tag 0 0K 27

ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0

CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0

accf 0 0K 0
pts 0 0K 0

iov 0 0K 13512
ioctlops 0 0K 86
eventfd 0 0K 0

Witness 0 0K 0
stack 0 0K 0

MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0

MPRSAS 0 0K 0
mpr 0 0K 0

mfibuf 0 0K 0
sbuf 0 0K 288
md_sectors 0 0K 0

firmware 0 0K 0
compressor 0 0K 0

md_disk 0 0K 0
SWAP 0 0K 0

malodev 0 0K 0
LED 0 0K 0

sysctltmp 0 0K 618
sysctl 0 0K 3

ekcd 0 0K 0
dumper 0 0K 0

sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0

ix 0 0K 0
ipsbuf 0 0K 0

cache 0 0K 0
iirbuf 0 0K 0
kcovinfo 0 0K 0

prison_racct 0 0K 0
Fail Points 0 0K 0

sigio 0 0K 1

filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0

aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0

nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0

scsi_pass 0 0K 0

isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0

tmpfs dir 0 0K 0

tmpfs name 0 0K 0
tmpfs mount 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0

NFSCL diroff 0 0K 0

NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0

db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree

mbuf_jumbo_page 4096 8320 772 13319 0 254 37240832 0
malloc-384 384 35242 28 35491 0 30 13543680 0
malloc-1024 1024 4165 15 4186 0 16 4280320 0
malloc-8192 8192 379 1 1279 0 1 3112960 0
pbuf 2624 0 973 0 0 2 2553152 0
mbuf 256 8578 737 15367 0 254 2384640 0
BUF TRIE 144 172 13296 425 0 62 1939392 0
UMA Slabs 0 112 11271 30 11271 0 126 1265712 0
malloc-384 384 1696 34 53644 0 30 664320 0
FFS inode 1160 499 19 508 0 8 600880 0
malloc-384 384 1006 14 3198 0 30 391680 0
lkpimm 160 1 2324 1 0 62 372000 0
lkpicurr 160 2 2323 2 0 62 372000 0
RADIX NODE 144 2130 163 20295 0 62 330192 0
malloc-512 512 626 6 796 0 30 323584 0

malloc-65536 65536 4 0 4 0 1 262144 0

VM OBJECT 264 893 52 12717 0 30 249480 0
VNODE 448 529 20 540 0 30 245952 0
THREAD 1808 121 11 121 0 8 238656 0
malloc-2048 2048 116 0 125 0 8 237568 0
DEVCTL 1024 0 216 116 0 0 221184 0
malloc-384 384 500 60 26334 0 30 215040 0
malloc-65536 65536 1 2 177 0 1 196608 0
malloc-384 384 483 17 1684 0 30 192000 0
UMA Zones 768 242 2 242 0 16 187392 0
malloc-384 384 437 43 4838 0 30 184320 0
malloc-16384 16384 6 5 40 0 1 180224 0
malloc-16384 16384 11 0 11 0 1 180224 0
malloc-4096 4096 2 39 1787 0 2 167936 0
malloc-16384 16384 9 1 13 0 1 163840 0
malloc-1024 1024 146 10 453 0 16 159744 0
256 Bucket 2048 58 12 9903 0 8 143360 0
malloc-8192 8192 16 1 43 0 1 139264 0
vmem btag 56 2316 120 2316 0 254 136416 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
FFS2 dinode 256 499 11 508 0 62 130560 0
ksiginfo 112 44 1000 59 0 126 116928 0
MAP ENTRY 96 836 340 38043 0 126 112896 0
S VFS Cache 104 966 87 1005 0 126 109512 0
malloc-32768 32768 3 0 18 0 1 98304 0
UMA Kegs 384 227 6 227 0 30 89472 0
malloc-1024 1024 70 14 100 0 16 86016 0
malloc-384 384 196 24 449 0 30 84480 0
clpbuf 2624 0 32 19 0 16 83968 0
VMSPACE 2544 23 10 764 0 4 83952 0
malloc-512 512 150 10 448 0 30 81920 0
malloc-512 512 150 2 215 0 30 77824 0
g_bio 408 0 190 4442 0 30 77520 0
PROC 1328 49 8 789 0 8 75696 0
malloc-8192 8192 9 0 9 0 1 73728 0
malloc-1024 1024 59 9 306 0 16 69632 0
malloc-1024 1024 62 6 653 0 16 69632 0
malloc-1024 1024 65 3 65 0 16 69632 0
filedesc0 1072 50 13 790 0 8 67536 0
mbuf_cluster 2048 30 2 30 0 254 65536 0
malloc-65536 65536 0 1 1 0 1 65536 0
malloc-32768 32768 0 2 130 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-2048 2048 11 21 1391 0 8 65536 0
malloc-4096 4096 8 7 531 0 2 61440 0
malloc-512 512 72 40 334 0 30 57344 0
malloc-512 512 104 8 475 0 30 57344 0
128 Bucket 1024 22 29 144 0 16 52224 0
32 Bucket 256 62 133 10726 0 62 49920 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-16384 16384 1 2 232 0 1 49152 0
malloc-4096 4096 7 5 36 0 2 49152 0
DIRHASH 1024 34 6 34 0 16 40960 0
NAMEI 1024 0 40 11991 0 16 40960 0
malloc-8192 8192 3 2 198 0 1 40960 0
malloc-512 512 68 12 268 0 30 40960 0
pcpu-8 8 4220 388 4248 0 254 36864 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-8192 8192 2 2 613 0 1 32768 0
malloc-2048 2048 16 0 16 0 8 32768 0
malloc-512 512 14 50 1412 0 30 32768 0
pcpu-64 64 487 25 487 0 254 32768 0
malloc-384 384 50 30 228 0 30 30720 0
malloc-4096 4096 2 5 11 0 2 28672 0
malloc-4096 4096 6 1 10 0 2 28672 0
64 Bucket 512 44 12 1347 0 30 28672 0
socket 944 19 9 1254 0 254 26432 0
malloc-4096 4096 6 0 6 0 2 24576 0
malloc-4096 4096 3 3 450 0 2 24576 0
malloc-2048 2048 3 9 152 0 8 24576 0
malloc-512 512 33 15 44 0 30 24576 0

ttyinq 160 135 15 300 0 62 24000 0

ttyoutq 256 72 18 160 0 62 23040 0

TURNSTILE 136 133 35 133 0 62 22848 0
2 Bucket 32 84 546 1162 0 254 20160 0
Mountpoints 2752 2 5 2 0 4 19264 0
SLEEPQUEUE 88 133 59 133 0 126 16896 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-2048 2048 4 4 167 0 8 16384 0
malloc-2048 2048 8 0 8 0 8 16384 0
tcpcb 1064 4 10 8 0 254 14896 0
pipe 744 7 13 284 0 16 14880 0
malloc-1024 1024 7 5 12 0 16 12288 0
udp_inpcb 488 6 18 126 0 254 11712 0
kenv 258 15 30 1032 0 30 11610 0
unpcb 256 7 38 1099 0 254 11520 0
malloc-8192 8192 0 1 12 0 1 8192 0
malloc-8192 8192 1 0 2 0 1 8192 0
malloc-4096 4096 2 0 2 0 2 8192 0
malloc-2048 2048 2 2 2 0 8 8192 0
malloc-1024 1024 3 5 428 0 16 8192 0
rtentry 176 13 33 17 0 62 8096 0
PGRP 88 20 72 31 0 126 8096 0
ertt_txseginfo 40 1 201 210 0 254 8080 0
rl_entry 40 32 170 32 0 254 8080 0
udpcb 32 6 246 126 0 254 8064 0
ertt 72 4 108 8 0 126 8064 0
PWD 32 10 242 100 0 254 8064 0
16 Bucket 144 38 18 1311 0 62 8064 0
4 Bucket 48 6 162 52 0 254 8064 0
vtnet_tx_hdr 24 0 334 1215 0 254 8016 0
Files 80 72 28 6501 0 126 8000 0
8 Bucket 80 33 67 311 0 126 8000 0
ripcb 488 1 15 4 0 254 7808 0
tcp_inpcb 488 4 12 8 0 254 7808 0
routing nhops 256 10 20 17 0 62 7680 0
mbuf_packet 256 0 30 93 0 254 7680 0

FPU_save_area 832 1 8 1 0 16 7488 0
cpuset 104 7 55 7 0 126 6448 0
epoch_record pcpu 256 4 12 4 0 62 4096 0

pcpu-16 16 7 249 7 0 254 4096 0
sctp_laddr 48 0 84 4 0 254 4032 0
hostcache 64 1 62 1 0 254 4032 0

syncache 168 0 24 5 0 254 4032 0

AIOP 32 4 122 4 0 254 4032 0
KNOTE 160 0 25 8 0 62 4000 0
AIO 208 1 18 1 0 62 3952 0

UMA Slabs 1 176 8 14 8 0 62 3872 0

AIOCB 552 1 6 1 0 16 3864 0
mqnode 416 3 6 3 0 30 3744 0
KMAP ENTRY 96 12 27 12 0 0 3744 0

vmem 1856 1 1 1 0 8 3712 0

SMR CPU 32 3 60 3 0 254 2016 0
SMR SHARED 24 3 60 3 0 254 1512 0

FFS1 dinode 128 0 0 0 0 126 0 0

da_ccb 544 0 0 0 0 16 0 0
ada_ccb 272 0 0 0 0 30 0 0

swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0

cdg_qdiffsample 16 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0

sctp_asconf 40 0 0 0 0 254 0 0

sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_raddr 736 0 0 0 0 254 0 0
sctp_asoc 2288 0 0 0 0 254 0 0
sctp_ep 1280 0 0 0 0 254 0 0

pf states 304 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0

pf mtags 48 0 0 0 0 254 0 0

tcp_bbr_pcb 832 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tcp_rack_pcb 832 0 0 0 0 16 0 0
tcp_rack_map 112 0 0 0 0 126 0 0
udplite_inpcb 488 0 0 0 0 254 0 0

AIOLIO 272 0 0 0 0 30 0 0
TMPFS node 224 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
NCLNODE 584 0 0 0 0 16 0 0

LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0

cryptop 280 0 0 0 0 30 0 0

linux_dma_object 24 0 0 0 0 254 0 0
linux_dma_pctrie 144 0 0 0 0 62 0 0

IOMMU_MAP_ENTRY 120 0 0 0 0 126 0 0

ktls_session 128 0 0 0 0 126 0 0

mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0

vnpbuf 2624 0 0 0 0 64 0 0
mdpbuf 2624 0 0 0 0 3 0 0
nfspbuf 2624 0 0 0 0 16 0 0
swwbuf 2624 0 0 0 0 8 0 0
swrbuf 2624 0 0 0 0 16 0 0

umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0

malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-8192 8192 0 0 0 0 1 0 0
malloc-2048 2048 0 0 0 0 8 0 0
malloc-256 256 0 0 0 0 62 0 0
malloc-256 256 0 0 0 0 62 0 0
malloc-256 256 0 0 0 0 62 0 0
malloc-256 256 0 0 0 0 62 0 0
malloc-256 256 0 0 0 0 62 0 0
malloc-256 256 0 0 0 0 62 0 0
malloc-256 256 0 0 0 0 62 0 0
malloc-256 256 0 0 0 0 62 0 0
malloc-128 128 0 0 0 0 126 0 0
malloc-128 128 0 0 0 0 126 0 0
malloc-128 128 0 0 0 0 126 0 0
malloc-128 128 0 0 0 0 126 0 0
malloc-128 128 0 0 0 0 126 0 0
malloc-128 128 0 0 0 0 126 0 0
malloc-128 128 0 0 0 0 126 0 0
malloc-128 128 0 0 0 0 126 0 0
malloc-64 64 0 0 0 0 254 0 0
malloc-64 64 0 0 0 0 254 0 0
malloc-64 64 0 0 0 0 254 0 0
malloc-64 64 0 0 0 0 254 0 0
malloc-64 64 0 0 0 0 254 0 0
malloc-64 64 0 0 0 0 254 0 0
malloc-64 64 0 0 0 0 254 0 0
malloc-64 64 0 0 0 0 254 0 0
malloc-32 32 0 0 0 0 254 0 0
malloc-32 32 0 0 0 0 254 0 0
malloc-32 32 0 0 0 0 254 0 0
malloc-32 32 0 0 0 0 254 0 0
malloc-32 32 0 0 0 0 254 0 0
malloc-32 32 0 0 0 0 254 0 0
malloc-32 32 0 0 0 0 254 0 0
malloc-32 32 0 0 0 0 254 0 0
malloc-16 16 0 0 0 0 254 0 0
malloc-16 16 0 0 0 0 254 0 0
malloc-16 16 0 0 0 0 254 0 0
malloc-16 16 0 0 0 0 254 0 0
malloc-16 16 0 0 0 0 254 0 0
malloc-16 16 0 0 0 0 254 0 0
malloc-16 16 0 0 0 0 254 0 0
malloc-16 16 0 0 0 0 254 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0

Reply all

Reply to author

Forward

0 new messages