Fatal trap 12: page fault in in6_unlink_ifa (2)
5 views
Skip to first unread message
syzbot
Jun 7, 2020, 6:32:15 AM6/7/20
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 3e9c8066 [if_ath] Don't update the beacon bits from beacon..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=162e9096100000
dashboard link: https://syzkaller.appspot.com/bug?extid=3576cdb51f3125b671dd
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3576cd...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0xe8
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff813e55a0
stack pointer = 0x28:0xfffffe00255fb570
frame pointer = 0x28:0xfffffe00255fb5d0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 1195 (syz-executor.1)
trap number = 12
panic: page fault
cpuid = 1
time = 1591525866
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00255fb1c0
vpanic() at vpanic+0x1c7/frame 0xfffffe00255fb220
panic() at panic+0x43/frame 0xfffffe00255fb280
trap_fatal() at trap_fatal+0x4ca/frame 0xfffffe00255fb300
trap_pfault() at trap_pfault+0xdc/frame 0xfffffe00255fb380
trap() at trap+0x3f8/frame 0xfffffe00255fb4a0
calltrap() at calltrap+0x8/frame 0xfffffe00255fb4a0
--- trap 0xc, rip = 0xffffffff813e55a0, rsp = 0xfffffe00255fb570, rbp = 0xfffffe00255fb5d0 ---
in6_unlink_ifa() at in6_unlink_ifa+0x120/frame 0xfffffe00255fb5d0
in6_purgeaddr() at in6_purgeaddr+0x5b6/frame 0xfffffe00255fb6f0
if_purgeaddrs() at if_purgeaddrs+0x1b4/frame 0xfffffe00255fb7b0
tundtor() at tundtor+0x64a/frame 0xfffffe00255fb810
devfs_destroy_cdevpriv() at devfs_destroy_cdevpriv+0xc8/frame 0xfffffe00255fb840
devfs_close_f() at devfs_close_f+0x7a/frame 0xfffffe00255fb870
_fdrop() at _fdrop+0x38/frame 0xfffffe00255fb8a0
closef() at closef+0x28b/frame 0xfffffe00255fb930
fdescfree_fds() at fdescfree_fds+0xb4/frame 0xfffffe00255fb980
fdescfree() at fdescfree+0x582/frame 0xfffffe00255fba40
exit1() at exit1+0x6c5/frame 0xfffffe00255fbab0
sys_sys_exit() at sys_sys_exit+0xd/frame 0xfffffe00255fbac0
amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe00255fbbf0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe00255fbbf0
--- syscall (1, FreeBSD ELF64, sys_sys_exit), rip = 0x2e41ea, rsp = 0x7fffffffe198, rbp = 0x7fffffffe1a0 ---
KDB: enter: panic
[ thread pid 1195 tid 100116 ]
Stopped at kdb_enter+0x67: movq $0,0x14a7206(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0x80 ll+0x5f
rdx 0xffffffff81901452
rbx 0
rsp 0xfffffe00255fb1a0
rbp 0xfffffe00255fb1c0
rsi 0x1
rdi 0
r8 0
r9 0xffffffff
r10 0
r11 0x2
r12 0xffffffff82068e90 ddb_dbbe
r13 0
r14 0xffffffff819a566e
r15 0xffffffff819a566e
rip 0xffffffff810b3467 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x14a7206(%rip)
db> show proc
Process 1195 (syz-executor.1) at 0xfffff800134be520:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 768 at 0xfffff80013637000
ABI: FreeBSD ELF64
arguments: /root/syz-executor.1
reaper: 0xfffff8000331c000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0025854000
(map 0xfffffe0025854000)
(map.pmap 0xfffffe00258540c0)
(pmap 0xfffffe0025854120)
threads: 1
100116 Run CPU 1 syz-executor.1
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1214 768 766 0 R CPU 0 syz-fuzzer
1195 768 1195 0 REs CPU 1 syz-executor.1
1194 1 1194 0 Ss select 0xfffff80003352dc0 rtsol
1193 1 1193 0 Ss select 0xfffff80003350bc0 rtsol
1192 1 1192 0 Ss select 0xfffff8000334f040 rtsol
1189 1135 424 0 L *in6_ifa 0xfffff8001342c000 rtsol
1178 768 1178 0 Ss piperd 0xfffff800134d9000 syz-executor.2
1135 1130 424 0 S wait 0xfffff80013c2da40 sh
1130 424 424 0 S wait 0xfffff8001376b520 sh
768 766 766 0 R (threaded) syz-fuzzer
100106 S uwait 0xfffff80003824580 syz-fuzzer
100108 RunQ syz-fuzzer
100109 S uwait 0xfffff80003824a80 syz-fuzzer
100110 S uwait 0xfffff80003824b80 syz-fuzzer
100111 S uwait 0xfffff80003824c80 syz-fuzzer
100112 RunQ syz-fuzzer
100113 S uwait 0xfffff8000339ec80 syz-fuzzer
100114 S piperd 0xfffff80013d118e8 syz-fuzzer
100115 S kqread 0xfffff800033f3400 syz-fuzzer
100117 S uwait 0xfffff80003345380 syz-fuzzer
766 764 766 0 Ss pause 0xfffff800134beae8 csh
764 682 764 0 Ss select 0xfffff80003352c40 sshd
748 1 748 0 Ss+ ttyin 0xfffff8000382c0b0 getty
747 1 747 0 Ss+ ttyin 0xfffff80003b3a8b0 getty
746 1 746 0 Ss+ ttyin 0xfffff80003b390b0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b398b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b3c0b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b3c8b0 getty
742 1 742 0 Ss+ ttyin 0xfffff800038350b0 getty
741 1 741 0 Ss+ ttyin 0xfffff800038358b0 getty
740 1 740 0 Ss+ ttyin 0xfffff800038380b0 getty
686 1 686 0 Ss nanslp 0xffffffff8252efe1 cron
682 1 682 0 Ss select 0xfffff800033adb40 sshd
495 1 495 0 Ds getbuf 0xfffffe0003e4753c syslogd
424 1 424 0 Ss wait 0xfffff80003c6aa40 devd
423 1 423 65 Ss select 0xfffff800033ade40 dhclient
338 1 338 0 Ss select 0xfffff800033b0040 dhclient
335 1 335 0 Ss select 0xfffff800033adf40 dhclient
23 0 0 0 DL - 0xffffffff8261982c [soaiod4]
22 0 0 0 DL - 0xffffffff8261982c [soaiod3]
21 0 0 0 DL - 0xffffffff8261982c [soaiod2]
20 0 0 0 DL - 0xffffffff8261982c [soaiod1]
19 0 0 0 DL syncer 0xffffffff8261af18 [syncer]
18 0 0 0 DL vlruwt 0xfffff80003afd000 [vnlru]
17 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff8261a230 [bufdaemon]
100072 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100088 D sdflush 0xfffff80003cedce8 [/ worker]
16 0 0 0 DL psleep 0xffffffff82641248 [vmdaemon]
15 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff826356d8 [dom0]
100070 D launds 0xffffffff826356e4 [laundry: dom0]
100071 D umarcl 0xffffffff8154cf50 [uma]
9 0 0 0 DL - 0xffffffff82362c58 [rand_harvestq]
8 0 0 0 DL pftm 0xffffffff82c593a0 [pf purge]
7 0 0 0 DL waiting 0xffffffff8261d690 [sctp_iterator]
6 0 0 0 RL (threaded) [cam]
100033 RunQ [doneq0]
100062 D - 0xffffffff8223a890 [scanner]
5 0 0 0 DL crypto_ 0xfffff8000343a090 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff8000343a030 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff82632ec0 [crypto]
14 0 0 0 DL seqstat 0xfffff800033d8888 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100024 D - 0xffffffff8250df80 [g_event]
100025 D - 0xffffffff8250df88 [g_up]
100026 D - 0xffffffff8250df90 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100017 D - 0xfffff80003351e80 [thr_0]
100018 D - 0xfffff80003351ec0 [thr_1]
12 0 0 0 WL (threaded) [intr]
100012 I [swi6: task queue]
100013 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100019 I [swi4: clock (0)]
100020 I [swi4: clock (1)]
100021 I [swi1: netisr 0]
100022 I [swi3: vm]
100034 I [irq24: virtio_pci0]
100035 I [irq25: virtio_pci0]
100036 I [irq26: virtio_pci0]
100037 I [irq27: virtio_pci0]
100038 I [irq28: virtio_pci1]
100039 I [irq29: virtio_pci1]
100040 I [irq30: virtio_pci1]
100041 I [irq31: virtio_pci1]
100042 I [irq32: virtio_pci1]
100047 I [irq10: virtio_pci2]
100049 I [irq1: atkbd0]
100050 I [irq12: psm0]
100051 I [swi0: uart uart++]
100056 I [swi1: pf send]
100068 I [swi1: hpts]
100069 I [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff8000331c000 [init]
10 0 0 0 DL audit_w 0xffffffff82633398 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8250e510 [swapper]
100005 D - 0xfffff80003346100 [softirq_0]
100006 D - 0xfffff80003346000 [softirq_1]
100007 D - 0xfffff80003343e00 [if_io_tqg_0]
100008 D - 0xfffff80003343d00 [if_io_tqg_1]
100009 D - 0xfffff80003343c00 [if_config_tqg_0]
100010 D - 0xfffff8000334d100 [kqueue_ctx taskq]
100011 D - 0xfffff8000334d000 [aiod_kick taskq]
100014 D - 0xfffff8000334ec00 [in6m_free taskq]
100015 D - 0xfffff8000334eb00 [thread taskq]
100023 D - 0xfffff800033e2300 [firmware taskq]
100028 D - 0xfffff800033e2100 [crypto_0]
100029 D - 0xfffff800033e2100 [crypto_1]
100043 D - 0xfffff800033dd700 [vtnet0 rxq 0]
100044 D - 0xfffff800033dd600 [vtnet0 txq 0]
100045 D - 0xfffff800033dd500 [vtnet0 rxq 1]
100046 D - 0xfffff800033dd400 [vtnet0 txq 1]
100048 D vtbslp 0xfffff80003818800 [virtio_balloon]
100052 D - 0xfffff8000334d800 [mca taskq]
100053 D - 0xffffffff81d4a970 [deadlkres]
100058 D - 0xfffff8000334d600 [acpi_task_0]
100059 D - 0xfffff8000334d600 [acpi_task_1]
100060 D - 0xfffff8000334d600 [acpi_task_2]
100061 D - 0xfffff800033dfe00 [CAM taskq]
db> show all locks
Process 1214 (syz-fuzzer) thread 0xfffffe002588b500 (100204)
exclusive rw vm object (vm object) r = 0 (0xfffff80013c7d210) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_object.c:864
exclusive rw vm object (vm object) r = 0 (0xfffff800130f1840) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_object.c:578
Process 1195 (syz-executor.1) thread 0xfffffe0025844700 (100116)
exclusive rm in6_ifaddr_lock (in6_ifaddr_lock) r = 0 (0xffffffff826315e0) locked @ /syzkaller/managers/main/kernel/sys/netinet6/in6.c:1342
Process 495 (syslogd) thread 0xfffffe0023bf1c00 (100090)
exclusive lockmgr ufs (ufs) r = 0 (0xfffff80013285dc0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3431
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4213 4851K 4241
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 27849 1625K 27913
kobj 334 1336K 493
newblk 17 1028K 3802
vfscache 4 1025K 4
pcb 25 537K 254
inodedep 17 520K 424
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 125 245K 1288
acpica 1674 185K 52739
vnet_data 1 168K 1
pagedep 12 131K 264
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 239 96K 289
bus 1008 80K 3408
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 501 63K 501
filedesc 9 53K 545
umtx 342 43K 342
temp 35 33K 2210
hostcache 1 32K 1
shm 1 32K 1
kdtrace 167 32K 3631
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
vmem 3 26K 5
gtaskqueue 18 26K 18
ifaddr 75 26K 83
kbdmux 6 22K 6
BPF 14 19K 22
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 98 16K 98
bus-sc 30 14K 1439
KTRACE 100 13K 100
ifnet 7 13K 7
kenv 95 12K 99
eventhandler 132 12K 132
lltable 34 11K 64
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
ether_multi 113 10K 261
bmsafemap 3 9K 400
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
kqueue 56 8K 1223
select 59 8K 59
audit_evclass 233 8K 291
in6_multi 49 7K 134
CAM DEV 3 6K 510
vt 11 6K 11
cred 21 6K 229
sglist 5 6K 5
CAM queue 5 6K 1528
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
plimit 18 5K 398
pf_ifnet 10 5K 24
memdesc 1 4K 1
MCA 32 4K 32
UMA 248 4K 248
evdev 4 4K 4
routetbl 16 4K 26
hhook 13 4K 13
session 24 3K 45
pgrp 24 3K 47
acpisem 22 3K 22
terminal 11 3K 11
proc-args 44 3K 639
ip6ndp 14 3K 27
sctp_timw 9 3K 9
uidinfo 3 3K 8
local_apic 1 2K 1
io_apic 1 2K 1
CAM CCB 1 2K 6125
ipsec-saq 2 2K 2
lockf 17 2K 319
DEVFSP 27 2K 130
Unitno 28 2K 275
CAM XPT 22 2K 543
kcovinfo 23 2K 119
diradd 11 2K 342
mkdir 10 2K 490
acpidev 20 2K 20
msi 9 2K 9
tun 7 2K 7
softdep 1 1K 1
newdirblk 8 1K 245
indirdep 4 1K 544
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
sctp_ifa 8 1K 26
clone 8 1K 8
vnodemarker 2 1K 48
NFSD session 1 1K 1
CAM periph 4 1K 271
mld 6 1K 6
in_multi 3 1K 10
igmp 6 1K 6
nhops 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
crypto 3 1K 3
dirrem 2 1K 294
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
sctp_ifn 3 1K 9
freework 2 1K 649
ip_msource 5 1K 5
osd 3 1K 9
inpcbpolicy 9 1K 1394
freefile 2 1K 291
freeblks 1 1K 300
vnodes 1 1K 4
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
tcpfunc 2 1K 2
ktls 1 1K 1
pmchooks 1 1K 1
prison 4 1K 4
soname 4 1K 5914
nexusdev 5 1K 5
entropy 2 1K 41
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
filecaps 1 1K 102
pf_table 0 0K 0
pf_rule 0 0K 5
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
vtfont 0 0K 0
madt_table 0 0K 2
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
pvscsi 0 0K 0
smartpqi 0 0K 0
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 7
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
fpukern_ctx 0 0K 0
midi buffers 0 0K 0
xen_intr 0 0K 0
mixer 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
isci 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
vm_fictitious 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
UMAHash 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 238
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 23
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 14
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 6
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
lDevFlags * malloc 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 20
sctp_iter 0 0K 24
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 60
sctp_atky 0 0K 69
sctp_atcl 0 0K 58
sctp_a_it 0 0K 24
sctp_aadr 0 0K 0
sctp_stro 0 0K 11
sctp_stri 0 0K 0
sctp_map 0 0K 22
newreno data 0 0K 0
ip_moptions 0 0K 2
in_mfilter 0 0K 12
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
statfs 0 0K 424
export_host 0 0K 0
cl_savebuf 0 0K 5
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 256
accf 0 0K 0
pts 0 0K 0
iov 0 0K 15448
ioctlops 0 0K 145
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 605
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_cluster 2048 9780 126 9780 0 254 20287488 0
mbuf_packet 256 8192 1460 679189 0 254 2470912 0
512 512 4136 96 4555 0 30 2166784 0
BUF TRIE 144 363 13133 4473 0 62 1943424 0
RADIX NODE 144 10414 1679 91680 0 62 1741392 0
4096 4096 335 3 503 0 2 1384448 0
128 128 9435 175 9656 0 126 1230080 0
sctp_asoc 2288 0 510 11 0 254 1166880 0
mbuf_jumbo_page 4096 0 254 99 0 254 1040384 0
pbuf 832 0 953 0 0 2 792896 0
UMA Slabs 0 112 6794 4 6794 0 126 761376 0
sctp_ep 1280 0 510 47 0 254 652800 0
tcpcb 1032 4 513 91 0 254 533544 0
socket 904 25 488 2655 0 254 463752 0
65536 65536 6 0 6 0 1 393216 0
sctp_raddr 736 0 517 11 0 254 380512 0
VM OBJECT 264 1056 204 20123 0 30 332640 0
256 Bucket 2048 153 7 1052 0 8 327680 0
256 256 213 1032 5109 0 62 318720 0
THREAD 1776 130 41 1268 0 8 303696 0
4096 4096 58 14 1224 0 2 294912 0
VNODE 488 561 39 858 0 30 292800 0
mbuf 256 447 581 335352 0 254 263168 0
ripcb 488 3 509 31 0 254 249856 0
udplite_inpcb 488 0 512 1060 0 254 249856 0
tcp_inpcb 488 4 508 91 0 254 249856 0
udp_inpcb 488 2 510 212 0 254 249856 0
2048 2048 6 114 7084 0 8 245760 0
64 64 3190 401 3719 0 254 229824 0
16384 16384 3 10 269 0 1 212992 0
tcp_log 408 0 510 43 0 254 208080 0
32768 32768 0 6 478 0 1 196608 0
16 16 11891 359 13034 0 254 196000 0
g_bio 408 4 476 22154 0 30 195840 0
MAP ENTRY 96 1112 778 63432 0 126 181440 0
128 128 1173 222 24013 0 126 178560 0
UMA Zones 768 222 4 222 0 16 173568 0
32768 32768 1 4 5 0 1 163840 0
128 128 1106 165 7852 0 126 162688 0
32 32 4453 461 5269 0 254 157248 0
16384 16384 3 6 11 0 1 147456 0
1024 1024 129 15 146 0 16 147456 0
FFS2 dinode 256 524 46 818 0 62 145920 0
vmem btag 56 2197 166 2197 0 254 132328 0
65536 65536 0 2 105 0 1 131072 0
65536 65536 2 0 2 0 1 131072 0
65536 65536 1 1 113 0 1 131072 0
unpcb 256 14 496 1178 0 254 130560 0
ksiginfo 112 56 988 89 0 126 116928 0
VMSPACE 2536 29 16 1193 0 4 114120 0
256 256 214 161 2919 0 62 96000 0
PROC 1312 51 21 1214 0 8 94464 0
FFS inode 160 524 51 819 0 62 92000 0
4096 4096 19 3 33 0 2 90112 0
128 Bucket 1024 47 36 238 0 16 84992 0
filedesc0 1088 52 25 1215 0 8 83776 0
UMA Kegs 384 208 7 208 0 30 82560 0
8192 8192 8 2 36 0 1 81920 0
S VFS Cache 108 619 137 1502 0 126 81648 0
512 512 127 25 754 0 30 77824 0
1024 1024 5 63 291 0 16 69632 0
64 Bucket 512 107 29 1678 0 30 69632 0
64 64 515 556 1577 0 254 68544 0
65536 65536 0 1 8 0 1 65536 0
32768 32768 1 1 113 0 1 65536 0
clpbuf 832 0 64 1224 0 16 53248 0
256 256 43 152 581 0 62 49920 0
256 256 44 151 1248 0 62 49920 0
256 256 19 176 1653 0 62 49920 0
32 Bucket 256 50 145 694 0 62 49920 0
DIRHASH 1024 34 14 34 0 16 49152 0
NAMEI 1024 1 47 15088 0 16 49152 0
8192 8192 5 1 7 0 1 49152 0
2048 2048 6 18 53 0 8 49152 0
syncache 168 0 264 4 0 254 44352 0
8192 8192 4 1 85 0 1 40960 0
4096 4096 5 5 14 0 2 40960 0
pipe 760 15 35 456 0 16 38000 0
selfd 64 89 478 7435 0 254 36288 0
Files 72 137 367 9945 0 126 36288 0
64 64 49 518 368 0 254 36288 0
64 64 35 532 14587 0 254 36288 0
64 64 122 445 1395 0 254 36288 0
64 64 54 513 1242 0 254 36288 0
64 64 204 363 315 0 254 36288 0
64 64 122 445 225 0 254 36288 0
tcp_bbr_map 128 0 279 22 0 126 35712 0
128 128 64 215 425 0 126 35712 0
128 128 25 254 135 0 126 35712 0
128 128 119 160 954 0 126 35712 0
128 128 16 263 460 0 126 35712 0
128 128 53 226 53 0 126 35712 0
routing nhops 256 9 126 51 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
256 256 17 118 117 0 62 34560 0
256 256 49 86 687 0 62 34560 0
256 256 8 127 21 0 62 34560 0
TURNSTILE 136 172 80 172 0 62 34272 0
32768 32768 1 0 1 0 1 32768 0
16384 16384 2 0 3 0 1 32768 0
4096 4096 5 3 9 0 2 32768 0
2048 2048 2 14 19 0 8 32768 0
2048 2048 11 5 15 0 8 32768 0
2048 2048 3 13 3 0 8 32768 0
1024 1024 3 29 10 0 16 32768 0
1024 1024 8 24 20 0 16 32768 0
1024 1024 3 29 1238 0 16 32768 0
1024 1024 7 25 18 0 16 32768 0
1024 1024 11 21 11 0 16 32768 0
512 512 1 63 40 0 30 32768 0
512 512 21 43 109 0 30 32768 0
512 512 23 41 344 0 30 32768 0
512 512 39 25 94 0 30 32768 0
512 512 10 54 10 0 30 32768 0
mt_stats_zone 64 442 70 442 0 254 32768 0
64 pcpu 8 3734 362 3808 0 254 32768 0
KNOTE 160 27 173 25700 0 62 32000 0
ttyinq 160 135 65 300 0 62 32000 0
tcp_bbr_pcb 832 0 36 14 0 16 29952 0
cpuset 104 7 272 7 0 126 29016 0
4096 4096 2 5 876 0 2 28672 0
sctp_laddr 48 0 588 67 0 254 28224 0
hostcache 96 1 293 1 0 254 28224 0
32 32 350 532 1287 0 254 28224 0
4 Bucket 48 8 580 5528 0 254 28224 0
KMAP ENTRY 96 12 279 12 0 126 27936 0
rtentry 208 18 115 51 0 62 27664 0
rl_entry 40 71 535 81 0 254 24240 0
vtnet_tx_hdr 24 0 1002 329515 0 254 24048 0
8 Bucket 80 86 214 12090 0 126 24000 0
Mountpoints 2816 2 6 2 0 4 22528 0
SLEEPQUEUE 88 172 84 172 0 126 22528 0
udpcb 32 2 628 1272 0 254 20160 0
PWD 32 12 618 331 0 254 20160 0
32 32 36 594 444 0 254 20160 0
32 32 46 584 150 0 254 20160 0
32 32 36 594 1485 0 254 20160 0
32 32 28 602 361 0 254 20160 0
32 32 49 581 3955 0 254 20160 0
32 32 5 625 5 0 254 20160 0
16 Bucket 144 66 74 10582 0 62 20160 0
2 Bucket 32 79 551 11548 0 254 20160 0
procdesc 136 4 141 16 0 62 19720 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
16384 16384 1 0 1 0 1 16384 0
16384 16384 0 1 136 0 1 16384 0
16384 16384 1 0 1 0 1 16384 0
8192 8192 0 2 7 0 1 16384 0
8192 8192 2 0 2 0 1 16384 0
2048 2048 4 4 19 0 8 16384 0
2048 2048 2 6 2 0 8 16384 0
1024 1024 1 15 1 0 16 16384 0
512 512 1 31 2 0 30 16384 0
rentr 24 0 668 14 0 254 16032 0
mt_zone 24 442 226 442 0 254 16032 0
MAP 216 2 69 2 0 62 15336 0
vmem 1856 1 7 1 0 8 14848 0
16 16 0 750 5 0 254 12000 0
16 16 13 737 254 0 254 12000 0
16 16 75 675 698 0 254 12000 0
16 16 0 750 88 0 254 12000 0
16 16 17 733 159 0 254 12000 0
16 16 260 490 24184 0 254 12000 0
16 16 10 740 10 0 254 12000 0
8192 8192 1 0 1 0 1 8192 0
8192 8192 1 0 1 0 1 8192 0
SMR CPU 32 1 254 1 0 254 8160 0
SMR SHARED 24 1 254 1 0 254 6120 0
2048 2048 0 2 32 0 8 4096 0
UMA Slabs 1 176 8 14 8 0 62 3872 0
int pcpu 4 34 478 34 0 254 2048 0
FFS1 dinode 128 0 0 0 0 126 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 256 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 296 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 48 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
tcp_log_node 120 0 0 0 0 126 0 0
tcp_log_bucket 184 0 0 0 0 62 0 0
tcpreass 48 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
tcptw 88 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 280 0 0 0 0 30 0 0
AIOCB 752 0 0 0 0 16 0 0
AIOP 32 0 0 0 0 254 0 0
AIO 208 0 0 0 0 62 0 0
NCLNODE 592 0 0 0 0 16 0 0
LTS VFS Cache 368 0 0 0 0 30 0 0
L VFS Cache 328 0 0 0 0 30 0 0
STS VFS Cache 148 0 0 0 0 62 0 0
VNODEPOLL 120 0 0 0 0 126 0 0
crypto_session 72 0 0 0 0 126 0 0
cryptop 272 0 0 0 0 30 0 0
nvme_request 128 0 0 0 0 126 0 0
FPU_save_area 832 0 0 0 0 16 0 0
DMAR_MAP_ENTRY 128 0 0 0 0 126 0 0
ktls_session 192 0 0 0 0 62 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 832 0 0 0 0 62 0 0
mdpbuf 832 0 0 0 0 4 0 0
nfspbuf 832 0 0 0 0 16 0 0
swwbuf 832 0 0 0 0 8 0 0
swrbuf 832 0 0 0 0 16 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
65536 65536 0 0 0 0 1 0 0
65536 65536 0 0 0 0 1 0 0
65536 65536 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
16384 16384 0 0 0 0 1 0 0
16384 16384 0 0 0 0 1 0 0
8192 8192 0 0 0 0 1 0 0
4096 4096 0 0 0 0 2 0 0
4096 4096 0 0 0 0 2 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 3e9c8066 [if_ath] Don't update the beacon bits from beacon..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=162e9096100000
dashboard link: https://syzkaller.appspot.com/bug?extid=3576cdb51f3125b671dd
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3576cd...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0xe8
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff813e55a0
stack pointer = 0x28:0xfffffe00255fb570
frame pointer = 0x28:0xfffffe00255fb5d0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 1195 (syz-executor.1)
trap number = 12
panic: page fault
cpuid = 1
time = 1591525866
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00255fb1c0
vpanic() at vpanic+0x1c7/frame 0xfffffe00255fb220
panic() at panic+0x43/frame 0xfffffe00255fb280
trap_fatal() at trap_fatal+0x4ca/frame 0xfffffe00255fb300
trap_pfault() at trap_pfault+0xdc/frame 0xfffffe00255fb380
trap() at trap+0x3f8/frame 0xfffffe00255fb4a0
calltrap() at calltrap+0x8/frame 0xfffffe00255fb4a0
--- trap 0xc, rip = 0xffffffff813e55a0, rsp = 0xfffffe00255fb570, rbp = 0xfffffe00255fb5d0 ---
in6_unlink_ifa() at in6_unlink_ifa+0x120/frame 0xfffffe00255fb5d0
in6_purgeaddr() at in6_purgeaddr+0x5b6/frame 0xfffffe00255fb6f0
if_purgeaddrs() at if_purgeaddrs+0x1b4/frame 0xfffffe00255fb7b0
tundtor() at tundtor+0x64a/frame 0xfffffe00255fb810
devfs_destroy_cdevpriv() at devfs_destroy_cdevpriv+0xc8/frame 0xfffffe00255fb840
devfs_close_f() at devfs_close_f+0x7a/frame 0xfffffe00255fb870
_fdrop() at _fdrop+0x38/frame 0xfffffe00255fb8a0
closef() at closef+0x28b/frame 0xfffffe00255fb930
fdescfree_fds() at fdescfree_fds+0xb4/frame 0xfffffe00255fb980
fdescfree() at fdescfree+0x582/frame 0xfffffe00255fba40
exit1() at exit1+0x6c5/frame 0xfffffe00255fbab0
sys_sys_exit() at sys_sys_exit+0xd/frame 0xfffffe00255fbac0
amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe00255fbbf0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe00255fbbf0
--- syscall (1, FreeBSD ELF64, sys_sys_exit), rip = 0x2e41ea, rsp = 0x7fffffffe198, rbp = 0x7fffffffe1a0 ---
KDB: enter: panic
[ thread pid 1195 tid 100116 ]
Stopped at kdb_enter+0x67: movq $0,0x14a7206(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0x80 ll+0x5f
rdx 0xffffffff81901452
rbx 0
rsp 0xfffffe00255fb1a0
rbp 0xfffffe00255fb1c0
rsi 0x1
rdi 0
r8 0
r9 0xffffffff
r10 0
r11 0x2
r12 0xffffffff82068e90 ddb_dbbe
r13 0
r14 0xffffffff819a566e
r15 0xffffffff819a566e
rip 0xffffffff810b3467 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x14a7206(%rip)
db> show proc
Process 1195 (syz-executor.1) at 0xfffff800134be520:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 768 at 0xfffff80013637000
ABI: FreeBSD ELF64
arguments: /root/syz-executor.1
reaper: 0xfffff8000331c000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0025854000
(map 0xfffffe0025854000)
(map.pmap 0xfffffe00258540c0)
(pmap 0xfffffe0025854120)
threads: 1
100116 Run CPU 1 syz-executor.1
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1214 768 766 0 R CPU 0 syz-fuzzer
1195 768 1195 0 REs CPU 1 syz-executor.1
1194 1 1194 0 Ss select 0xfffff80003352dc0 rtsol
1193 1 1193 0 Ss select 0xfffff80003350bc0 rtsol
1192 1 1192 0 Ss select 0xfffff8000334f040 rtsol
1189 1135 424 0 L *in6_ifa 0xfffff8001342c000 rtsol
1178 768 1178 0 Ss piperd 0xfffff800134d9000 syz-executor.2
1135 1130 424 0 S wait 0xfffff80013c2da40 sh
1130 424 424 0 S wait 0xfffff8001376b520 sh
768 766 766 0 R (threaded) syz-fuzzer
100106 S uwait 0xfffff80003824580 syz-fuzzer
100108 RunQ syz-fuzzer
100109 S uwait 0xfffff80003824a80 syz-fuzzer
100110 S uwait 0xfffff80003824b80 syz-fuzzer
100111 S uwait 0xfffff80003824c80 syz-fuzzer
100112 RunQ syz-fuzzer
100113 S uwait 0xfffff8000339ec80 syz-fuzzer
100114 S piperd 0xfffff80013d118e8 syz-fuzzer
100115 S kqread 0xfffff800033f3400 syz-fuzzer
100117 S uwait 0xfffff80003345380 syz-fuzzer
766 764 766 0 Ss pause 0xfffff800134beae8 csh
764 682 764 0 Ss select 0xfffff80003352c40 sshd
748 1 748 0 Ss+ ttyin 0xfffff8000382c0b0 getty
747 1 747 0 Ss+ ttyin 0xfffff80003b3a8b0 getty
746 1 746 0 Ss+ ttyin 0xfffff80003b390b0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b398b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b3c0b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b3c8b0 getty
742 1 742 0 Ss+ ttyin 0xfffff800038350b0 getty
741 1 741 0 Ss+ ttyin 0xfffff800038358b0 getty
740 1 740 0 Ss+ ttyin 0xfffff800038380b0 getty
686 1 686 0 Ss nanslp 0xffffffff8252efe1 cron
682 1 682 0 Ss select 0xfffff800033adb40 sshd
495 1 495 0 Ds getbuf 0xfffffe0003e4753c syslogd
424 1 424 0 Ss wait 0xfffff80003c6aa40 devd
423 1 423 65 Ss select 0xfffff800033ade40 dhclient
338 1 338 0 Ss select 0xfffff800033b0040 dhclient
335 1 335 0 Ss select 0xfffff800033adf40 dhclient
23 0 0 0 DL - 0xffffffff8261982c [soaiod4]
22 0 0 0 DL - 0xffffffff8261982c [soaiod3]
21 0 0 0 DL - 0xffffffff8261982c [soaiod2]
20 0 0 0 DL - 0xffffffff8261982c [soaiod1]
19 0 0 0 DL syncer 0xffffffff8261af18 [syncer]
18 0 0 0 DL vlruwt 0xfffff80003afd000 [vnlru]
17 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff8261a230 [bufdaemon]
100072 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100088 D sdflush 0xfffff80003cedce8 [/ worker]
16 0 0 0 DL psleep 0xffffffff82641248 [vmdaemon]
15 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff826356d8 [dom0]
100070 D launds 0xffffffff826356e4 [laundry: dom0]
100071 D umarcl 0xffffffff8154cf50 [uma]
9 0 0 0 DL - 0xffffffff82362c58 [rand_harvestq]
8 0 0 0 DL pftm 0xffffffff82c593a0 [pf purge]
7 0 0 0 DL waiting 0xffffffff8261d690 [sctp_iterator]
6 0 0 0 RL (threaded) [cam]
100033 RunQ [doneq0]
100062 D - 0xffffffff8223a890 [scanner]
5 0 0 0 DL crypto_ 0xfffff8000343a090 [crypto returns 1]
4 0 0 0 DL crypto_ 0xfffff8000343a030 [crypto returns 0]
3 0 0 0 DL crypto_ 0xffffffff82632ec0 [crypto]
14 0 0 0 DL seqstat 0xfffff800033d8888 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100024 D - 0xffffffff8250df80 [g_event]
100025 D - 0xffffffff8250df88 [g_up]
100026 D - 0xffffffff8250df90 [g_down]
2 0 0 0 DL (threaded) [KTLS]
100017 D - 0xfffff80003351e80 [thr_0]
100018 D - 0xfffff80003351ec0 [thr_1]
12 0 0 0 WL (threaded) [intr]
100012 I [swi6: task queue]
100013 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100019 I [swi4: clock (0)]
100020 I [swi4: clock (1)]
100021 I [swi1: netisr 0]
100022 I [swi3: vm]
100034 I [irq24: virtio_pci0]
100035 I [irq25: virtio_pci0]
100036 I [irq26: virtio_pci0]
100037 I [irq27: virtio_pci0]
100038 I [irq28: virtio_pci1]
100039 I [irq29: virtio_pci1]
100040 I [irq30: virtio_pci1]
100041 I [irq31: virtio_pci1]
100042 I [irq32: virtio_pci1]
100047 I [irq10: virtio_pci2]
100049 I [irq1: atkbd0]
100050 I [irq12: psm0]
100051 I [swi0: uart uart++]
100056 I [swi1: pf send]
100068 I [swi1: hpts]
100069 I [swi1: hpts]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff8000331c000 [init]
10 0 0 0 DL audit_w 0xffffffff82633398 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8250e510 [swapper]
100005 D - 0xfffff80003346100 [softirq_0]
100006 D - 0xfffff80003346000 [softirq_1]
100007 D - 0xfffff80003343e00 [if_io_tqg_0]
100008 D - 0xfffff80003343d00 [if_io_tqg_1]
100009 D - 0xfffff80003343c00 [if_config_tqg_0]
100010 D - 0xfffff8000334d100 [kqueue_ctx taskq]
100011 D - 0xfffff8000334d000 [aiod_kick taskq]
100014 D - 0xfffff8000334ec00 [in6m_free taskq]
100015 D - 0xfffff8000334eb00 [thread taskq]
100023 D - 0xfffff800033e2300 [firmware taskq]
100028 D - 0xfffff800033e2100 [crypto_0]
100029 D - 0xfffff800033e2100 [crypto_1]
100043 D - 0xfffff800033dd700 [vtnet0 rxq 0]
100044 D - 0xfffff800033dd600 [vtnet0 txq 0]
100045 D - 0xfffff800033dd500 [vtnet0 rxq 1]
100046 D - 0xfffff800033dd400 [vtnet0 txq 1]
100048 D vtbslp 0xfffff80003818800 [virtio_balloon]
100052 D - 0xfffff8000334d800 [mca taskq]
100053 D - 0xffffffff81d4a970 [deadlkres]
100058 D - 0xfffff8000334d600 [acpi_task_0]
100059 D - 0xfffff8000334d600 [acpi_task_1]
100060 D - 0xfffff8000334d600 [acpi_task_2]
100061 D - 0xfffff800033dfe00 [CAM taskq]
db> show all locks
Process 1214 (syz-fuzzer) thread 0xfffffe002588b500 (100204)
exclusive rw vm object (vm object) r = 0 (0xfffff80013c7d210) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_object.c:864
exclusive rw vm object (vm object) r = 0 (0xfffff800130f1840) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_object.c:578
Process 1195 (syz-executor.1) thread 0xfffffe0025844700 (100116)
exclusive rm in6_ifaddr_lock (in6_ifaddr_lock) r = 0 (0xffffffff826315e0) locked @ /syzkaller/managers/main/kernel/sys/netinet6/in6.c:1342
Process 495 (syslogd) thread 0xfffffe0023bf1c00 (100090)
exclusive lockmgr ufs (ufs) r = 0 (0xfffff80013285dc0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3431
db> show malloc
Type InUse MemUse Requests
pf_hash 5 11524K 5
devbuf 4213 4851K 4241
tcp_hpts 5 3201K 5
vtbuf 24 1968K 46
sysctloid 27849 1625K 27913
kobj 334 1336K 493
newblk 17 1028K 3802
vfscache 4 1025K 4
pcb 25 537K 254
inodedep 17 520K 424
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 125 245K 1288
acpica 1674 185K 52739
vnet_data 1 168K 1
pagedep 12 131K 264
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 239 96K 289
bus 1008 80K 3408
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 501 63K 501
filedesc 9 53K 545
umtx 342 43K 342
temp 35 33K 2210
hostcache 1 32K 1
shm 1 32K 1
kdtrace 167 32K 3631
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
vmem 3 26K 5
gtaskqueue 18 26K 18
ifaddr 75 26K 83
kbdmux 6 22K 6
BPF 14 19K 22
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 98 16K 98
bus-sc 30 14K 1439
KTRACE 100 13K 100
ifnet 7 13K 7
kenv 95 12K 99
eventhandler 132 12K 132
lltable 34 11K 64
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
ether_multi 113 10K 261
bmsafemap 3 9K 400
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
kqueue 56 8K 1223
select 59 8K 59
audit_evclass 233 8K 291
in6_multi 49 7K 134
CAM DEV 3 6K 510
vt 11 6K 11
cred 21 6K 229
sglist 5 6K 5
CAM queue 5 6K 1528
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
plimit 18 5K 398
pf_ifnet 10 5K 24
memdesc 1 4K 1
MCA 32 4K 32
UMA 248 4K 248
evdev 4 4K 4
routetbl 16 4K 26
hhook 13 4K 13
session 24 3K 45
pgrp 24 3K 47
acpisem 22 3K 22
terminal 11 3K 11
proc-args 44 3K 639
ip6ndp 14 3K 27
sctp_timw 9 3K 9
uidinfo 3 3K 8
local_apic 1 2K 1
io_apic 1 2K 1
CAM CCB 1 2K 6125
ipsec-saq 2 2K 2
lockf 17 2K 319
DEVFSP 27 2K 130
Unitno 28 2K 275
CAM XPT 22 2K 543
kcovinfo 23 2K 119
diradd 11 2K 342
mkdir 10 2K 490
acpidev 20 2K 20
msi 9 2K 9
tun 7 2K 7
softdep 1 1K 1
newdirblk 8 1K 245
indirdep 4 1K 544
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
sctp_ifa 8 1K 26
clone 8 1K 8
vnodemarker 2 1K 48
NFSD session 1 1K 1
CAM periph 4 1K 271
mld 6 1K 6
in_multi 3 1K 10
igmp 6 1K 6
nhops 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
crypto 3 1K 3
dirrem 2 1K 294
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
sctp_ifn 3 1K 9
freework 2 1K 649
ip_msource 5 1K 5
osd 3 1K 9
inpcbpolicy 9 1K 1394
freefile 2 1K 291
freeblks 1 1K 300
vnodes 1 1K 4
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
tcpfunc 2 1K 2
ktls 1 1K 1
pmchooks 1 1K 1
prison 4 1K 4
soname 4 1K 5914
nexusdev 5 1K 5
entropy 2 1K 41
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
filecaps 1 1K 102
pf_table 0 0K 0
pf_rule 0 0K 5
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_temp 0 0K 0
vtfont 0 0K 0
madt_table 0 0K 2
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
pvscsi 0 0K 0
smartpqi 0 0K 0
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 7
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
fpukern_ctx 0 0K 0
midi buffers 0 0K 0
xen_intr 0 0K 0
mixer 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
isci 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
vm_fictitious 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
UMAHash 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 238
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 23
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 14
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 6
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
lDevFlags * malloc 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 20
sctp_iter 0 0K 24
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 60
sctp_atky 0 0K 69
sctp_atcl 0 0K 58
sctp_a_it 0 0K 24
sctp_aadr 0 0K 0
sctp_stro 0 0K 11
sctp_stri 0 0K 0
sctp_map 0 0K 22
newreno data 0 0K 0
ip_moptions 0 0K 2
in_mfilter 0 0K 12
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
statfs 0 0K 424
export_host 0 0K 0
cl_savebuf 0 0K 5
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 256
accf 0 0K 0
pts 0 0K 0
iov 0 0K 15448
ioctlops 0 0K 145
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 605
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_cluster 2048 9780 126 9780 0 254 20287488 0
mbuf_packet 256 8192 1460 679189 0 254 2470912 0
512 512 4136 96 4555 0 30 2166784 0
BUF TRIE 144 363 13133 4473 0 62 1943424 0
RADIX NODE 144 10414 1679 91680 0 62 1741392 0
4096 4096 335 3 503 0 2 1384448 0
128 128 9435 175 9656 0 126 1230080 0
sctp_asoc 2288 0 510 11 0 254 1166880 0
mbuf_jumbo_page 4096 0 254 99 0 254 1040384 0
pbuf 832 0 953 0 0 2 792896 0
UMA Slabs 0 112 6794 4 6794 0 126 761376 0
sctp_ep 1280 0 510 47 0 254 652800 0
tcpcb 1032 4 513 91 0 254 533544 0
socket 904 25 488 2655 0 254 463752 0
65536 65536 6 0 6 0 1 393216 0
sctp_raddr 736 0 517 11 0 254 380512 0
VM OBJECT 264 1056 204 20123 0 30 332640 0
256 Bucket 2048 153 7 1052 0 8 327680 0
256 256 213 1032 5109 0 62 318720 0
THREAD 1776 130 41 1268 0 8 303696 0
4096 4096 58 14 1224 0 2 294912 0
VNODE 488 561 39 858 0 30 292800 0
mbuf 256 447 581 335352 0 254 263168 0
ripcb 488 3 509 31 0 254 249856 0
udplite_inpcb 488 0 512 1060 0 254 249856 0
tcp_inpcb 488 4 508 91 0 254 249856 0
udp_inpcb 488 2 510 212 0 254 249856 0
2048 2048 6 114 7084 0 8 245760 0
64 64 3190 401 3719 0 254 229824 0
16384 16384 3 10 269 0 1 212992 0
tcp_log 408 0 510 43 0 254 208080 0
32768 32768 0 6 478 0 1 196608 0
16 16 11891 359 13034 0 254 196000 0
g_bio 408 4 476 22154 0 30 195840 0
MAP ENTRY 96 1112 778 63432 0 126 181440 0
128 128 1173 222 24013 0 126 178560 0
UMA Zones 768 222 4 222 0 16 173568 0
32768 32768 1 4 5 0 1 163840 0
128 128 1106 165 7852 0 126 162688 0
32 32 4453 461 5269 0 254 157248 0
16384 16384 3 6 11 0 1 147456 0
1024 1024 129 15 146 0 16 147456 0
FFS2 dinode 256 524 46 818 0 62 145920 0
vmem btag 56 2197 166 2197 0 254 132328 0
65536 65536 0 2 105 0 1 131072 0
65536 65536 2 0 2 0 1 131072 0
65536 65536 1 1 113 0 1 131072 0
unpcb 256 14 496 1178 0 254 130560 0
ksiginfo 112 56 988 89 0 126 116928 0
VMSPACE 2536 29 16 1193 0 4 114120 0
256 256 214 161 2919 0 62 96000 0
PROC 1312 51 21 1214 0 8 94464 0
FFS inode 160 524 51 819 0 62 92000 0
4096 4096 19 3 33 0 2 90112 0
128 Bucket 1024 47 36 238 0 16 84992 0
filedesc0 1088 52 25 1215 0 8 83776 0
UMA Kegs 384 208 7 208 0 30 82560 0
8192 8192 8 2 36 0 1 81920 0
S VFS Cache 108 619 137 1502 0 126 81648 0
512 512 127 25 754 0 30 77824 0
1024 1024 5 63 291 0 16 69632 0
64 Bucket 512 107 29 1678 0 30 69632 0
64 64 515 556 1577 0 254 68544 0
65536 65536 0 1 8 0 1 65536 0
32768 32768 1 1 113 0 1 65536 0
clpbuf 832 0 64 1224 0 16 53248 0
256 256 43 152 581 0 62 49920 0
256 256 44 151 1248 0 62 49920 0
256 256 19 176 1653 0 62 49920 0
32 Bucket 256 50 145 694 0 62 49920 0
DIRHASH 1024 34 14 34 0 16 49152 0
NAMEI 1024 1 47 15088 0 16 49152 0
8192 8192 5 1 7 0 1 49152 0
2048 2048 6 18 53 0 8 49152 0
syncache 168 0 264 4 0 254 44352 0
8192 8192 4 1 85 0 1 40960 0
4096 4096 5 5 14 0 2 40960 0
pipe 760 15 35 456 0 16 38000 0
selfd 64 89 478 7435 0 254 36288 0
Files 72 137 367 9945 0 126 36288 0
64 64 49 518 368 0 254 36288 0
64 64 35 532 14587 0 254 36288 0
64 64 122 445 1395 0 254 36288 0
64 64 54 513 1242 0 254 36288 0
64 64 204 363 315 0 254 36288 0
64 64 122 445 225 0 254 36288 0
tcp_bbr_map 128 0 279 22 0 126 35712 0
128 128 64 215 425 0 126 35712 0
128 128 25 254 135 0 126 35712 0
128 128 119 160 954 0 126 35712 0
128 128 16 263 460 0 126 35712 0
128 128 53 226 53 0 126 35712 0
routing nhops 256 9 126 51 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
256 256 17 118 117 0 62 34560 0
256 256 49 86 687 0 62 34560 0
256 256 8 127 21 0 62 34560 0
TURNSTILE 136 172 80 172 0 62 34272 0
32768 32768 1 0 1 0 1 32768 0
16384 16384 2 0 3 0 1 32768 0
4096 4096 5 3 9 0 2 32768 0
2048 2048 2 14 19 0 8 32768 0
2048 2048 11 5 15 0 8 32768 0
2048 2048 3 13 3 0 8 32768 0
1024 1024 3 29 10 0 16 32768 0
1024 1024 8 24 20 0 16 32768 0
1024 1024 3 29 1238 0 16 32768 0
1024 1024 7 25 18 0 16 32768 0
1024 1024 11 21 11 0 16 32768 0
512 512 1 63 40 0 30 32768 0
512 512 21 43 109 0 30 32768 0
512 512 23 41 344 0 30 32768 0
512 512 39 25 94 0 30 32768 0
512 512 10 54 10 0 30 32768 0
mt_stats_zone 64 442 70 442 0 254 32768 0
64 pcpu 8 3734 362 3808 0 254 32768 0
KNOTE 160 27 173 25700 0 62 32000 0
ttyinq 160 135 65 300 0 62 32000 0
tcp_bbr_pcb 832 0 36 14 0 16 29952 0
cpuset 104 7 272 7 0 126 29016 0
4096 4096 2 5 876 0 2 28672 0
sctp_laddr 48 0 588 67 0 254 28224 0
hostcache 96 1 293 1 0 254 28224 0
32 32 350 532 1287 0 254 28224 0
4 Bucket 48 8 580 5528 0 254 28224 0
KMAP ENTRY 96 12 279 12 0 126 27936 0
rtentry 208 18 115 51 0 62 27664 0
rl_entry 40 71 535 81 0 254 24240 0
vtnet_tx_hdr 24 0 1002 329515 0 254 24048 0
8 Bucket 80 86 214 12090 0 126 24000 0
Mountpoints 2816 2 6 2 0 4 22528 0
SLEEPQUEUE 88 172 84 172 0 126 22528 0
udpcb 32 2 628 1272 0 254 20160 0
PWD 32 12 618 331 0 254 20160 0
32 32 36 594 444 0 254 20160 0
32 32 46 584 150 0 254 20160 0
32 32 36 594 1485 0 254 20160 0
32 32 28 602 361 0 254 20160 0
32 32 49 581 3955 0 254 20160 0
32 32 5 625 5 0 254 20160 0
16 Bucket 144 66 74 10582 0 62 20160 0
2 Bucket 32 79 551 11548 0 254 20160 0
procdesc 136 4 141 16 0 62 19720 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
16384 16384 1 0 1 0 1 16384 0
16384 16384 0 1 136 0 1 16384 0
16384 16384 1 0 1 0 1 16384 0
8192 8192 0 2 7 0 1 16384 0
8192 8192 2 0 2 0 1 16384 0
2048 2048 4 4 19 0 8 16384 0
2048 2048 2 6 2 0 8 16384 0
1024 1024 1 15 1 0 16 16384 0
512 512 1 31 2 0 30 16384 0
rentr 24 0 668 14 0 254 16032 0
mt_zone 24 442 226 442 0 254 16032 0
MAP 216 2 69 2 0 62 15336 0
vmem 1856 1 7 1 0 8 14848 0
16 16 0 750 5 0 254 12000 0
16 16 13 737 254 0 254 12000 0
16 16 75 675 698 0 254 12000 0
16 16 0 750 88 0 254 12000 0
16 16 17 733 159 0 254 12000 0
16 16 260 490 24184 0 254 12000 0
16 16 10 740 10 0 254 12000 0
8192 8192 1 0 1 0 1 8192 0
8192 8192 1 0 1 0 1 8192 0
SMR CPU 32 1 254 1 0 254 8160 0
SMR SHARED 24 1 254 1 0 254 6120 0
2048 2048 0 2 32 0 8 4096 0
UMA Slabs 1 176 8 14 8 0 62 3872 0
int pcpu 4 34 478 34 0 254 2048 0
FFS1 dinode 128 0 0 0 0 126 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 144 0 0 0 0 62 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 256 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 62 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf source nodes 136 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 296 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 48 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
tcp_log_node 120 0 0 0 0 126 0 0
tcp_log_bucket 184 0 0 0 0 62 0 0
tcpreass 48 0 0 0 0 254 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
tcptw 88 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 280 0 0 0 0 30 0 0
AIOCB 752 0 0 0 0 16 0 0
AIOP 32 0 0 0 0 254 0 0
AIO 208 0 0 0 0 62 0 0
NCLNODE 592 0 0 0 0 16 0 0
LTS VFS Cache 368 0 0 0 0 30 0 0
L VFS Cache 328 0 0 0 0 30 0 0
STS VFS Cache 148 0 0 0 0 62 0 0
VNODEPOLL 120 0 0 0 0 126 0 0
crypto_session 72 0 0 0 0 126 0 0
cryptop 272 0 0 0 0 30 0 0
nvme_request 128 0 0 0 0 126 0 0
FPU_save_area 832 0 0 0 0 16 0 0
DMAR_MAP_ENTRY 128 0 0 0 0 126 0 0
ktls_session 192 0 0 0 0 62 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 832 0 0 0 0 62 0 0
mdpbuf 832 0 0 0 0 4 0 0
nfspbuf 832 0 0 0 0 16 0 0
swwbuf 832 0 0 0 0 8 0 0
swrbuf 832 0 0 0 0 16 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 144 0 0 0 0 62 0 0
65536 65536 0 0 0 0 1 0 0
65536 65536 0 0 0 0 1 0 0
65536 65536 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
32768 32768 0 0 0 0 1 0 0
16384 16384 0 0 0 0 1 0 0
16384 16384 0 0 0 0 1 0 0
8192 8192 0 0 0 0 1 0 0
4096 4096 0 0 0 0 2 0 0
4096 4096 0 0 0 0 2 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Oct 5, 2020, 7:29:23 AM10/5/20
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 33583454 lualoader: improve the design of the brand-/logo-..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1356804f900000
dashboard link: https://syzkaller.appspot.com/bug?extid=3576cdb51f3125b671dd
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=140b98e0500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
fault virtual address = 0xe0
stack pointer = 0x28:0xfffffe00255a9540
frame pointer = 0x28:0xfffffe00255a95a0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00255a91a0
vpanic() at vpanic+0x1c7/frame 0xfffffe00255a9200
panic() at panic+0x43/frame 0xfffffe00255a9260
trap_fatal() at trap_fatal+0x4cd/frame 0xfffffe00255a92e0
trap_pfault() at trap_pfault+0xd4/frame 0xfffffe00255a9350
trap() at trap+0x41d/frame 0xfffffe00255a9470
calltrap() at calltrap+0x8/frame 0xfffffe00255a9470
--- trap 0xc, rip = 0xffffffff8136ae00, rsp = 0xfffffe00255a9540, rbp = 0xfffffe00255a95a0 ---
in6_unlink_ifa() at in6_unlink_ifa+0x120/frame 0xfffffe00255a95a0
in6_purgeaddr() at in6_purgeaddr+0x5d6/frame 0xfffffe00255a96b0
if_purgeaddrs() at if_purgeaddrs+0x1b4/frame 0xfffffe00255a9770
tu
HEAD commit: 33583454 lualoader: improve the design of the brand-/logo-..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1356804f900000
dashboard link: https://syzkaller.appspot.com/bug?extid=3576cdb51f3125b671dd
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=140b98e0500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3576cd...@syzkaller.appspotmail.com
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xe0
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff8136ae00
stack pointer = 0x28:0xfffffe00255a9540
frame pointer = 0x28:0xfffffe00255a95a0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled,
resume, IOPL = 0
current process = 3790 (syz-executor.1)
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled,
resume, IOPL = 0
trap number = 12
panic: page fault
cpuid = 1
time = 1601896928
panic: page fault
cpuid = 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00255a91a0
vpanic() at vpanic+0x1c7/frame 0xfffffe00255a9200
panic() at panic+0x43/frame 0xfffffe00255a9260
trap_fatal() at trap_fatal+0x4cd/frame 0xfffffe00255a92e0
trap_pfault() at trap_pfault+0xd4/frame 0xfffffe00255a9350
trap() at trap+0x41d/frame 0xfffffe00255a9470
calltrap() at calltrap+0x8/frame 0xfffffe00255a9470
--- trap 0xc, rip = 0xffffffff8136ae00, rsp = 0xfffffe00255a9540, rbp = 0xfffffe00255a95a0 ---
in6_unlink_ifa() at in6_unlink_ifa+0x120/frame 0xfffffe00255a95a0
in6_purgeaddr() at in6_purgeaddr+0x5d6/frame 0xfffffe00255a96b0
if_purgeaddrs() at if_purgeaddrs+0x1b4/frame 0xfffffe00255a9770
tu
Mark Johnston
Sep 9, 2021, 9:22:15 AM9/9/21
to syzbot, syzkaller-f...@googlegroups.com
I can't reproduce this one. No new reports in a while, so let's close
this one and see if we can get a new reproducer.
Reply all
Reply to author
Forward
0 new messages