panic: nl_buf_alloc: invalid length ADDR
1 view
Skip to first unread message
syzbot
Feb 28, 2025, 1:17:27 AM2/28/25
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 2980318b2747 sh.1: extend the section about getopts
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=12fd08b7980000
dashboard link: https://syzkaller.appspot.com/bug?extid=eb5db60d36b005dbccf5
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+eb5db6...@syzkaller.appspotmail.com
panic: nl_buf_alloc: invalid length 4294968096
cpuid = 1
time = 1740723398
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00577ab510
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00577ab670
vpanic() at vpanic+0x257/frame 0xfffffe00577ab830
panic() at panic+0xb5/frame 0xfffffe00577ab900
nl_buf_alloc() at nl_buf_alloc+0xb7/frame 0xfffffe00577ab930
nl_sosend() at nl_sosend+0x11e/frame 0xfffffe00577ab9a0
sousrsend() at sousrsend+0x112/frame 0xfffffe00577aba30
kern_sendit() at kern_sendit+0x4fe/frame 0xfffffe00577abb90
sendit() at sendit+0x15f/frame 0xfffffe00577abbf0
sys_sendto() at sys_sendto+0x181/frame 0xfffffe00577abd10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe00577abf30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00577abf30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x8274c9f08, rbp = 0x8274c9f80 ---
KDB: enter: panic
[ thread pid 949 tid 100347 ]
Stopped at kdb_enter+0x6e: movq $0,0x23eaac7(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe006ec00000
rdx 0x7ffff
rbx 0xffffffff8274a640 .str.27
rsp 0xfffffe00577ab650
rbp 0xfffffe00577ab670
rsi 0x80001
rdi 0xffffffff815d7bc9 printf+0x149
r8 0
r9 0xffffffff
r10 0xc6
r11 0xfffffe005495e520
r12 0xfffffe005495e000
r13 0xfffffffffffffffd
r14 0xffffffff8274a640 .str.27
r15 0
rip 0xffffffff815c254e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23eaac7(%rip)
db> show proc
Process 949 (syz-executor) at 0xfffffe0054959040:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 764 at 0xfffffe00548f3b00
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0008007040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00549366d8
(map 0xfffffe00549366d8)
(map.pmap 0xfffffe0054936778)
(pmap 0xfffffe00549367e8)
threads: 4
100346 RunQ syz-executor
100347 Run CPU 1 syz-executor
100352 RunQ syz-executor
100354 S uwait 0xfffffe0058a88700 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
951 765 765 0 T (threaded) syz-executor
100328 s syz-executor
100349 RunQ syz-executor
100351 D ranged1 0xfffffe0077f2a870 syz-executor
949 764 764 0 R (threaded) syz-executor
100346 RunQ syz-executor
100347 Run CPU 1 syz-executor
100352 RunQ syz-executor
100354 S uwait 0xfffffe0058a88700 syz-executor
946 1 765 0 S uwait 0xfffffe00546dfe80 syz-executor
945 1 765 0 S uwait 0xfffffe0077de0880 syz-executor
943 766 766 0 D (threaded) syz-executor
100279 S nanslp 0xffffffff8398e3c1 syz-executor
100338 D getblk 0xfffffe0008402948 syz-executor
100341 D ranged1 0xfffffe0077f2bd98 syz-executor
100343 S uwait 0xfffffe0077de0a80 syz-executor
940 1 767 0 S uwait 0xfffffe006eb3be80 syz-executor
937 1 767 0 S uwait 0xfffffe006eb3b700 syz-executor
932 1 765 0 S uwait 0xfffffe006eb3a980 syz-executor
930 929 766 0 SV uwait 0xfffffe0077de0780 syz-executor
929 928 766 0 DV ppwait 0xfffffe0054943560 syz-executor
928 927 766 0 DV ppwait 0xfffffe0054943ac0 syz-executor
927 926 766 0 DV ppwait 0xfffffe005494f500 syz-executor
926 925 766 0 DV ppwait 0xfffffe005494fa60 syz-executor
925 924 766 0 DV ppwait 0xfffffe005494ffc0 syz-executor
924 923 766 0 DV ppwait 0xfffffe0054950520 syz-executor
923 922 766 0 DV ppwait 0xfffffe0054950a80 syz-executor
922 921 766 0 DV ppwait 0xfffffe0054900560 syz-executor
921 920 766 0 DV ppwait 0xfffffe0054900ac0 syz-executor
920 919 766 0 DV ppwait 0xfffffe0054929500 syz-executor
919 918 766 0 DV ppwait 0xfffffe0054929a60 syz-executor
918 917 766 0 DV ppwait 0xfffffe0054929fc0 syz-executor
917 916 766 0 DV ppwait 0xfffffe005492a520 syz-executor
916 915 766 0 DV ppwait 0xfffffe00548fe520 syz-executor
915 914 766 0 DV ppwait 0xfffffe0054931a60 syz-executor
914 913 766 0 DV ppwait 0xfffffe0054940500 syz-executor
913 912 766 0 DV ppwait 0xfffffe0054940a60 syz-executor
912 911 766 0 DV ppwait 0xfffffe0054940fc0 syz-executor
911 910 766 0 DV ppwait 0xfffffe0054941520 syz-executor
910 909 766 0 DV ppwait 0xfffffe0054941a80 syz-executor
909 908 766 0 DV ppwait 0xfffffe0054941fe0 syz-executor
908 906 766 0 DV ppwait 0xfffffe0054942540 syz-executor
906 905 766 0 DV ppwait 0xfffffe0054942aa0 syz-executor
905 904 766 0 DV ppwait 0xfffffe0054805ac0 syz-executor
904 903 766 0 DV ppwait 0xfffffe0054932a80 syz-executor
903 902 766 0 DV ppwait 0xfffffe0054932fe0 syz-executor
902 901 766 0 DV ppwait 0xfffffe0054933540 syz-executor
901 900 766 0 DV ppwait 0xfffffe0054933aa0 syz-executor
900 899 766 0 DV ppwait 0xfffffe0054934000 syz-executor
899 898 766 0 DV ppwait 0xfffffe0054934560 syz-executor
898 897 766 0 DV ppwait 0xfffffe0054934ac0 syz-executor
897 1 766 0 DV ppwait 0xfffffe005492b540 syz-executor
891 1 766 0 S uwait 0xfffffe0058ce1380 syz-executor
887 1 765 0 S uwait 0xfffffe006eb3b500 syz-executor
881 1 765 0 S uwait 0xfffffe0058a86880 syz-executor
879 1 765 0 S uwait 0xfffffe0058ce3380 syz-executor
865 1 766 0 S uwait 0xfffffe0058a86180 syz-executor
845 1 767 0 S umtxn 0xfffffe0058ce1080 syz-executor
841 1 767 0 S uwait 0xfffffe006eb3ba00 syz-executor
836 1 765 0 SV uwait 0xfffffe0058ce2180 syz-executor
831 1 765 0 S uwait 0xfffffe0058a86080 syz-executor
830 1 765 0 S uwait 0xfffffe0058a85b00 syz-executor
829 1 765 0 S uwait 0xfffffe0058a85c00 syz-executor
827 1 765 0 S uwait 0xfffffe0058ce3e00 syz-executor
822 815 822 0 Ss select 0xfffffe0058a88b40 dhclient
818 1 818 0 Ss select 0xfffffe006eb3bcc0 dhclient
815 792 424 65 S select 0xfffffe006eb3bdc0 dhclient
813 0 0 0 DL aiordy 0xfffffe00548fe580 [aiod4]
812 0 0 0 DL aiordy 0xfffffe00548feae0 [aiod3]
811 0 0 0 DL aiordy 0xfffffe00548ff040 [aiod2]
810 0 0 0 DL aiordy 0xfffffe0054805060 [aiod1]
792 424 424 0 S wait 0xfffffe00548ffb00 sh
767 763 767 0 R CPU 0 syz-executor
766 763 766 0 S nanslp 0xffffffff8398e3c1 syz-executor
765 763 765 0 S nanslp 0xffffffff8398e3c1 syz-executor
764 763 764 0 S nanslp 0xffffffff8398e3c1 syz-executor
763 761 761 0 S select 0xfffffe00546dfcc0 syz-executor
761 759 761 0 Ss pause 0xfffffe00548f30f0 csh
759 682 759 0 Ss select 0xfffffe00546dfdc0 sshd
750 1 750 0 Ss+ ttyin 0xfffffe0058a7dcb0 getty
749 1 749 0 Ss+ ttyin 0xfffffe0058dca8b0 getty
748 1 748 0 Ss+ ttyin 0xfffffe0058dcacb0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0058dcc0b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0058dcc4b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe0058dcc8b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0058dcccb0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0058dcd0b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0058dcd4b0 getty
740 1 18 0 S+ piperd 0xfffffe006bc11b80 logger
739 738 18 0 S+ nanslp 0xffffffff8398e3c0 sleep
738 1 18 0 S+ wait 0xfffffe0008025ae0 sh
687 1 687 0 Ss nanslp 0xffffffff8398e3c1 cron
682 1 682 0 Ss select 0xfffffe0058a85140 sshd
495 1 495 0 Ss select 0xfffffe0058a87240 syslogd
424 1 424 0 Ss wait 0xfffffe0054802ac0 devd
423 1 423 65 Ss select 0xfffffe0058ce2c40 dhclient
338 1 338 0 Ss select 0xfffffe0058a86cc0 dhclient
335 1 335 0 Ss select 0xfffffe0058ce35c0 dhclient
17 0 0 0 DL syncer 0xffffffff83aabc20 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0008024000 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83aaa1e0 [bufdaemon]
100083 D - 0xffffffff82e02140 [bufspacedaemon-0]
100094 D sdflush 0xfffffe0058dc94e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83af50e0 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83adb078 [dom0]
100081 D launds 0xffffffff83adb084 [laundry: dom0]
100082 D umarcl 0xffffffff81d83e80 [uma]
7 0 0 0 DL - 0xffffffff8370bbf0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff846355d0 [pf purge]
5 0 0 0 DL waiting 0xffffffff84509580 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff836d6340 [doneq0]
100047 D - 0xffffffff836d62c0 [async]
100076 D - 0xffffffff836d6140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ad68a0 [crypto]
100044 D crypto_ 0xfffffe005855e030 [crypto returns 0]
100045 D crypto_ 0xfffffe005855e080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0008bfc488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83936dc0 [g_event]
100038 D - 0xffffffff83936de0 [g_up]
100039 D - 0xffffffff83936e00 [g_down]
2 0 0 0 WL (threaded) [clock]
100031 I [clock (0)]
100032 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 TLs [init]
10 0 0 0 DL audit_w 0xffffffff83ad7340 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84a0fff0 [swapper]
100005 D - 0xfffffe0007f6a200 [softirq_0]
100006 D - 0xfffffe0007f6a100 [softirq_1]
100007 D - 0xfffffe0007f6a000 [if_io_tqg_0]
100008 D - 0xfffffe0007f69e00 [if_io_tqg_1]
100009 D - 0xfffffe0007f69d00 [if_config_tqg_0]
100010 D - 0xfffffe0007f69c00 [pci_hp taskq]
100011 D - 0xfffffe0007f69b00 [kqueue_ctx taskq]
100012 D - 0xfffffe0007f69a00 [jail_remove taskq]
100015 D - 0xfffffe0007f69700 [thread taskq]
100017 D - 0xfffffe0007f69500 [aiod_kick taskq]
100018 D - 0xfffffe0007f69400 [deferred_unmount ta]
100019 D - 0xfffffe0007f69300 [inm_free taskq]
100020 D - 0xfffffe0007f69200 [in6m_free taskq]
100021 D - 0xfffffe0007f69100 [linuxkpi_irq_wq]
100022 D - 0xfffffe0007f69000 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0007f69000 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0007f69000 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0007f69000 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0007f68e00 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0007f68e00 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0007f68e00 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0007f68e00 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0007f68b00 [firmware taskq]
100041 D - 0xfffffe0007f68a00 [crypto_0]
100042 D - 0xfffffe0007f68a00 [crypto_1]
100057 D - 0xfffffe0007f68800 [vtnet0 rxq 0]
100058 D - 0xfffffe0007f68700 [vtnet0 txq 0]
100059 D - 0xfffffe0007f68600 [vtnet0 rxq 1]
100060 D - 0xfffffe0007f68500 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe00546dc080 [virtio_balloon]
100066 D - 0xffffffff8274f8e1 [deadlkres]
100070 D - 0xfffffe0059bf6300 [acpi_task_0]
100071 D - 0xfffffe0059bf6300 [acpi_task_1]
100072 D - 0xfffffe0059bf6300 [acpi_task_2]
100074 D - 0xfffffe0007f6ad00 [mca taskq]
100075 D - 0xfffffe0007f68900 [CAM taskq]
100077 D - 0xfffffe0007f68300 [ipsec_offload]
100356 D - 0xfffffe0059bf6000 [netlink_socket (PID]
842 1 767 0 Z syz-executor
847 1 766 0 Z syz-executor
883 1 0 0 ZL [accounting]
db> show all locks
Process 951 (syz-executor) thread 0xfffffe0054922740 (100349)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0008402948) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:4023
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0077f2a750) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1176
Process 949 (syz-executor) thread 0xfffffe005495e000 (100347)
exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe006beeb180) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4826
Process 943 (syz-executor) thread 0xfffffe005491d000 (100338)
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0077f2bc78) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1176
Process 767 (syz-executor) thread 0xfffffe00548ad740 (100090)
exclusive sleep mutex ktrace (ktrace) r = 0 (0xffffffff8393ad40) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_ktrace.c:435
exclusive sx ktrace_sx (ktrace_sx) r = 0 (0xffffffff8393ad80) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_ktrace.c:716
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 375 5015K 485
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4213
sysctloid 35205 2074K 35280
vtbuf 24 1968K 46
kobj 330 1320K 494
newblk 28 1031K 1137
vfscache 3 1025K 3
filedesc 108 858K 321
pcb 40 683K 251
inodedep 21 520K 269
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
subproc 230 478K 1079
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 102 201K 8581
acpica 1674 184K 54408
vmem 5 144K 7
tidhash 3 141K 3
pagedep 17 132K 128
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 109 109K 126
sem 4 106K 4
gtaskqueue 18 98K 18
bus 994 81K 5040
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 519 65K 519
ddb_capture 1 64K 1
kdtrace 295 54K 1310
umtx 400 50K 400
temp 35 37K 1940
BPF 22 36K 27
shm 2 34K 2
hostcache 1 32K 1
DEVFS3 128 32K 138
msg 4 30K 4
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
ifaddr 67 19K 69
LRO 18 19K 18
ufs_mount 4 17K 5
proc 3 17K 3
filemon 2 16K 4
tty 16 16K 16
routetbl 130 16K 410
ithread 90 15K 90
bus-sc 34 15K 1637
lltable 45 14K 46
eventhandler 163 14K 163
ifnet 7 13K 7
ether_multi 152 13K 182
kenv 95 12K 95
GEOM 61 11K 477
CAM queue 5 11K 1528
rman 82 10K 437
ksem 5 10K 9
shmfd 4 10K 9
rpc 8 9K 8
plimit 23 9K 333
in6_multi 65 9K 65
bmsafemap 2 9K 224
devstat 4 9K 4
UART 12 9K 12
pfs_vncache 1 8K 1
audit_evclass 239 8K 301
taskqueue 72 8K 75
cred 27 7K 210
kqueue 108 7K 1040
pwddesc 105 7K 963
sglist 6 7K 6
CAM DEV 3 6K 510
pfs_nodes 22 6K 22
ufs_dirhash 24 5K 24
pf_ifnet 11 5K 20
UMA 269 5K 269
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
acpisem 28 4K 28
proc-args 131 4K 1998
DEVFSP 53 4K 83
selfd 48 3K 29552
lockf 27 3K 82
terminal 11 3K 11
session 22 3K 35
acpidev 20 3K 20
uidinfo 4 3K 13
hhook 8 3K 10
sctp_atcl 6 3K 103
clone 9 3K 9
kcovinfo 36 3K 36
sctp_timw 8 2K 8
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 13
Unitno 31 2K 50
sctp_ifa 13 2K 14
CAM XPT 22 2K 543
newdirblk 12 2K 107
CC Mem 12 2K 60
in_multi 6 2K 12
tun 4 2K 4
toponodes 6 2K 6
diradd 11 2K 205
ipsecpolicy 2 2K 2
select 11 2K 44
indirdep 5 2K 112
msi 9 2K 9
netlink 2 2K 73
softdep 1 1K 1
dirrem 4 1K 182
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 22
NFSD session 1 1K 1
mkdir 7 1K 214
CAM periph 4 1K 271
sctp_ifn 6 1K 14
ipsec 3 1K 3
inpcbpolicy 24 1K 263
mld 6 1K 6
igmp 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 148
pci_link 10 1K 10
crypto 4 1K 28
encap_export_host 12 1K 12
osd 17 1K 73
freefile 4 1K 146
cdev 2 1K 2
lkpikmalloc 8 1K 9
cryptodev 7 1K 103
chacha20random 1 1K 1
biobuf 1 1K 1
ip6opt 2 1K 12
ip_msource 5 1K 7
iov 5 1K 13957
freefrag 2 1K 53
vnodes 1 1K 1
procdesc 2 1K 8
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
pf_osfp 2 1K 2
sctp_atky 6 1K 116
tcpfunc 3 1K 3
loginclass 3 1K 5
prison 6 1K 6
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
ip6_msource 2 1K 2
aio 4 1K 5
pmchooks 1 1K 1
filecaps 5 1K 72
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
soname 4 1K 3442
sctp_athm 6 1K 105
in_mfilter 2 1K 15
sctp_vrf 1 1K 1
ip_moptions 1 1K 11
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 33
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
freework 1 1K 236
p1003.1b 1 1K 1
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 32
sctp_iter 0 0K 12
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 12
sctp_aadr 0 0K 0
sctp_stro 0 0K 11
sctp_stri 0 0K 4
sctp_map 0 0K 22
mqdata 0 0K 0
tcp_pcm_rack 0 0K 7
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 14
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
NMI handlers 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
amdiommu_dom 0 0K 0
amdiommu_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 99
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 9
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 134
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6_moptions 0 0K 1
in6_mfilter 0 0K 3
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 248
namei_tracker 0 0K 3
export_host 0 0K 0
cl_savebuf 0 0K 26
lio 0 0K 3
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 1
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 175
eventfd 0 0K 6
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 296
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 650
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 3
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8320 1078 12860 0 254 38494208 0
mbuf 256 8672 990 26853 0 254 2473472 0
BUF TRIE 152 231 11573 905 0 62 1794208 0
malloc-384 384 4118 52 4118 0 30 1601280 0
malloc-128 128 11597 121 11753 0 126 1499904 0
malloc-4096 4096 331 3 500 0 2 1368064 0
UMA Slabs 0 112 11039 7 11039 0 126 1237152 0
sctp_asoc 2256 0 510 11 0 254 1150560 0
RADIX NODE 152 6946 381 31267 0 62 1113704 0
malloc-64 64 121 16952 29695 0 254 1092672 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 16701 114 16701 0 254 941640 0
malloc-16384 16384 53 3 158 0 1 917504 0
malloc-65536 65536 9 1 12 0 1 655360 0
FFS inode 1168 541 19 688 0 8 654080 0
sctp_ep 1152 6 505 90 0 254 588672 0
socket 1024 44 464 1569 0 254 520192 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 194 0 0 2 509056 0
256 Bucket 2048 226 14 1220 0 8 491520 0
malloc-4096 4096 108 2 953 0 2 450560 0
sctp_raddr 736 0 517 16 0 254 380512 0
THREAD 1824 186 14 356 0 8 364800 0
VM OBJECT 264 1307 43 14522 0 30 356400 0
malloc-64 64 4143 456 4464 0 254 294336 0
VNODE 440 580 86 729 0 30 293040 0
malloc-65536 65536 0 4 173 0 1 262144 0
malloc-65536 65536 4 0 4 0 1 262144 0
malloc-32768 32768 6 2 17 0 1 262144 0
malloc-2048 2048 107 13 307 0 8 245760 0
malloc-16 16 14644 356 16124 0 254 240000 0
DEVCTL 1024 21 199 148 0 0 225280 0
tcp_log 416 7 506 116 0 254 213408 0
malloc-256 256 346 404 2362 0 62 192000 0
UMA Zones 768 241 3 241 0 16 187392 0
malloc-32 32 5432 238 5583 0 254 181440 0
MAP ENTRY 96 1787 103 46500 0 126 181440 0
FPU_save_area 832 188 28 444 0 16 179712 0
malloc-128 128 1194 201 28968 0 126 178560 0
lkpimm 56 1 3095 1 0 254 173376 0
PROC 1376 107 14 952 0 8 166496 0
unpcb 320 11 505 1184 0 254 165120 0
malloc-32768 32768 0 5 76 0 1 163840 0
malloc-128 128 1154 117 2375 0 126 162688 0
FFS2 dinode 256 541 89 688 0 62 161280 0
ertt_txseginfo 40 1 3635 8378 0 254 145440 0
S VFS Cache 104 999 288 1185 0 126 133848 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 0 2 12 0 1 131072 0
malloc-1024 1024 110 18 135 0 16 131072 0
mbuf_packet 256 7 501 1649 0 254 130048 0
filedesc0 1072 105 7 963 0 8 120064 0
ksiginfo 112 100 944 139 0 126 116928 0
malloc-2048 2048 13 35 1133 0 8 98304 0
g_bio 408 0 240 7199 0 30 97920 0
UMA Kegs 384 227 6 227 0 30 89472 0
malloc-16384 16384 3 2 183 0 1 81920 0
sctp_chunk 152 0 520 6 0 254 79040 0
malloc-8192 8192 9 0 118 0 1 73728 0
malloc-4096 4096 15 3 109 0 2 73728 0
malloc-384 384 128 52 227 0 30 69120 0
128 Bucket 1024 52 15 253 0 16 68608 0
malloc-64 64 569 502 1655 0 254 68544 0
malloc-64 64 521 550 20665 0 254 68544 0
tcp_bbr_map 128 2 525 1386 0 126 67456 0
malloc-128 128 338 189 681 0 126 67456 0
malloc-32768 32768 0 2 123 0 1 65536 0
malloc-4096 4096 13 3 18 0 2 65536 0
malloc-256 256 167 88 232 0 62 65280 0
32 Bucket 256 83 172 1811 0 62 65280 0
malloc-384 384 72 78 321 0 30 57600 0
64 Bucket 512 77 27 1806 0 30 53248 0
malloc-128 128 15 388 293 0 126 51584 0
malloc-256 256 27 168 775 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-4096 4096 11 1 493 0 2 49152 0
malloc-1024 1024 11 37 535 0 16 49152 0
da_ccb 544 0 84 1912 0 16 45696 0
syncache 168 0 264 3 0 254 44352 0
tcp_inpcb 1312 12 21 60 0 8 43296 0
clpbuf 2624 0 16 39 0 4 41984 0
pcpu-8 8 4745 375 4938 0 254 40960 0
VMSPACE 584 52 18 897 0 16 40880 0
sctp_readq 152 0 260 4 0 254 39520 0
udp_inpcb 416 6 84 159 0 30 37440 0
hostcache 64 2 565 2 0 254 36288 0
malloc-64 64 10 557 68 0 254 36288 0
malloc-64 64 189 378 1084 0 254 36288 0
malloc-64 64 259 308 1121 0 254 36288 0
malloc-64 64 20 547 730 0 254 36288 0
tcp_rack_map 128 0 279 539 0 126 35712 0
malloc-128 128 23 256 140 0 126 35712 0
malloc-128 128 7 272 16 0 126 35712 0
malloc-128 128 80 199 187 0 126 35712 0
routing nhops 256 27 108 36 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-256 256 64 71 195 0 62 34560 0
malloc-256 256 62 73 474 0 62 34560 0
malloc-256 256 16 119 94 0 62 34560 0
malloc-256 256 51 84 705 0 62 34560 0
malloc-256 256 25 110 650 0 62 34560 0
TURNSTILE 136 201 51 201 0 62 34272 0
NAMEI 1024 0 32 13417 0 16 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-8192 8192 2 2 4 0 1 32768 0
malloc-8192 8192 3 1 4 0 1 32768 0
malloc-2048 2048 1 15 97 0 8 32768 0
malloc-2048 2048 10 6 128 0 8 32768 0
malloc-2048 2048 11 5 11 0 8 32768 0
malloc-2048 2048 6 10 22 0 8 32768 0
malloc-1024 1024 2 30 11 0 16 32768 0
malloc-1024 1024 13 19 1199 0 16 32768 0
malloc-1024 1024 19 13 19 0 16 32768 0
malloc-1024 1024 9 23 10 0 16 32768 0
malloc-1024 1024 9 23 24 0 16 32768 0
malloc-512 512 3 61 27 0 30 32768 0
malloc-512 512 1 63 2 0 30 32768 0
malloc-512 512 2 62 197 0 30 32768 0
malloc-512 512 8 56 33 0 30 32768 0
malloc-512 512 8 56 13 0 30 32768 0
pcpu-64 64 495 17 495 0 254 32768 0
tcp_bbr_pcb 896 3 33 14 0 16 32256 0
sctp_stream_msg_out 112 0 288 1 0 254 32256 0
ttyinq 160 135 65 300 0 62 32000 0
Files 80 206 194 7422 0 126 32000 0
PGRP 120 26 238 39 0 126 31680 0
rl_entry 48 2 586 3 0 254 28224 0
malloc-32 32 283 599 615 0 254 28224 0
16 Bucket 144 61 135 305 0 62 28224 0
4 Bucket 48 6 582 11 0 254 28224 0
udplite_inpcb 416 0 63 8 0 30 26208 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 1 2 20 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-4096 4096 2 4 34 0 2 24576 0
pipe 736 21 12 299 0 16 24288 0
PWD 40 31 575 181 0 254 24240 0
tcp_rack_pcb 1152 0 21 7 0 8 24192 0
rtentry 168 30 114 36 0 62 24192 0
8 Bucket 80 47 253 358 0 126 24000 0
itimer 352 0 66 4 0 30 23232 0
ripcb 384 6 54 36 0 30 23040 0
malloc-384 384 7 53 32 0 30 23040 0
malloc-384 384 24 36 678 0 30 23040 0
malloc-384 384 36 24 38 0 30 23040 0
malloc-384 384 26 34 37 0 30 23040 0
malloc-384 384 22 38 34 0 30 23040 0
SLEEPQUEUE 88 201 55 201 0 126 22528 0
udp_inpcb ports 32 3 627 30 0 254 20160 0
tcp_inpcb ports 32 4 626 23 0 254 20160 0
ertt 72 12 268 60 0 126 20160 0
malloc-32 32 135 495 143 0 254 20160 0
malloc-32 32 59 571 748 0 254 20160 0
malloc-32 32 93 537 5475 0 254 20160 0
malloc-32 32 34 596 555 0 254 20160 0
2 Bucket 32 61 569 431 0 254 20160 0
KNOTE 160 0 125 35 0 62 20000 0
cryptop 280 0 70 6 0 30 19600 0
L VFS Cache 320 0 60 6 0 30 19200 0
AIOLIO 272 0 70 3 0 30 19040 0
vmem 1856 2 7 2 0 8 16704 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 2 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 2 2 292 0 2 16384 0
malloc-2048 2048 1 7 4 0 8 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-1024 1024 4 12 25 0 16 16384 0
malloc-512 512 2 30 7 0 30 16384 0
malloc-512 512 0 32 5 0 30 16384 0
SMR CPU 32 8 503 8 0 254 16352 0
sctp_laddr 48 0 336 29 0 254 16128 0
vtnet_tx_hdr 24 0 668 7961 0 254 16032 0
malloc-16 16 326 674 534 0 254 16000 0
AIO 208 0 76 12 0 62 15808 0
kenv 258 17 43 1066 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
malloc-32 32 0 378 8 0 254 12096 0
malloc-32 32 135 243 246 0 254 12096 0
malloc-16 16 14 736 69 0 254 12000 0
malloc-16 16 18 732 84 0 254 12000 0
malloc-16 16 19 731 24 0 254 12000 0
malloc-16 16 183 567 3015 0 254 12000 0
malloc-16 16 21 729 26352 0 254 12000 0
malloc-16 16 21 729 182 0 254 12000 0
AIOCB 552 0 21 15 0 16 11592 0
Mountpoints 2816 2 2 2 0 4 11264 0
malloc-8192 8192 1 0 1 0 1 8192 0
pcpu-16 16 4 252 4 0 254 4096 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 2980318b2747 sh.1: extend the section about getopts
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=12fd08b7980000
dashboard link: https://syzkaller.appspot.com/bug?extid=eb5db60d36b005dbccf5
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+eb5db6...@syzkaller.appspotmail.com
panic: nl_buf_alloc: invalid length 4294968096
cpuid = 1
time = 1740723398
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00577ab510
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00577ab670
vpanic() at vpanic+0x257/frame 0xfffffe00577ab830
panic() at panic+0xb5/frame 0xfffffe00577ab900
nl_buf_alloc() at nl_buf_alloc+0xb7/frame 0xfffffe00577ab930
nl_sosend() at nl_sosend+0x11e/frame 0xfffffe00577ab9a0
sousrsend() at sousrsend+0x112/frame 0xfffffe00577aba30
kern_sendit() at kern_sendit+0x4fe/frame 0xfffffe00577abb90
sendit() at sendit+0x15f/frame 0xfffffe00577abbf0
sys_sendto() at sys_sendto+0x181/frame 0xfffffe00577abd10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe00577abf30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00577abf30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x8274c9f08, rbp = 0x8274c9f80 ---
KDB: enter: panic
[ thread pid 949 tid 100347 ]
Stopped at kdb_enter+0x6e: movq $0,0x23eaac7(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe006ec00000
rdx 0x7ffff
rbx 0xffffffff8274a640 .str.27
rsp 0xfffffe00577ab650
rbp 0xfffffe00577ab670
rsi 0x80001
rdi 0xffffffff815d7bc9 printf+0x149
r8 0
r9 0xffffffff
r10 0xc6
r11 0xfffffe005495e520
r12 0xfffffe005495e000
r13 0xfffffffffffffffd
r14 0xffffffff8274a640 .str.27
r15 0
rip 0xffffffff815c254e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23eaac7(%rip)
db> show proc
Process 949 (syz-executor) at 0xfffffe0054959040:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 764 at 0xfffffe00548f3b00
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0008007040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00549366d8
(map 0xfffffe00549366d8)
(map.pmap 0xfffffe0054936778)
(pmap 0xfffffe00549367e8)
threads: 4
100346 RunQ syz-executor
100347 Run CPU 1 syz-executor
100352 RunQ syz-executor
100354 S uwait 0xfffffe0058a88700 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
951 765 765 0 T (threaded) syz-executor
100328 s syz-executor
100349 RunQ syz-executor
100351 D ranged1 0xfffffe0077f2a870 syz-executor
949 764 764 0 R (threaded) syz-executor
100346 RunQ syz-executor
100347 Run CPU 1 syz-executor
100352 RunQ syz-executor
100354 S uwait 0xfffffe0058a88700 syz-executor
946 1 765 0 S uwait 0xfffffe00546dfe80 syz-executor
945 1 765 0 S uwait 0xfffffe0077de0880 syz-executor
943 766 766 0 D (threaded) syz-executor
100279 S nanslp 0xffffffff8398e3c1 syz-executor
100338 D getblk 0xfffffe0008402948 syz-executor
100341 D ranged1 0xfffffe0077f2bd98 syz-executor
100343 S uwait 0xfffffe0077de0a80 syz-executor
940 1 767 0 S uwait 0xfffffe006eb3be80 syz-executor
937 1 767 0 S uwait 0xfffffe006eb3b700 syz-executor
932 1 765 0 S uwait 0xfffffe006eb3a980 syz-executor
930 929 766 0 SV uwait 0xfffffe0077de0780 syz-executor
929 928 766 0 DV ppwait 0xfffffe0054943560 syz-executor
928 927 766 0 DV ppwait 0xfffffe0054943ac0 syz-executor
927 926 766 0 DV ppwait 0xfffffe005494f500 syz-executor
926 925 766 0 DV ppwait 0xfffffe005494fa60 syz-executor
925 924 766 0 DV ppwait 0xfffffe005494ffc0 syz-executor
924 923 766 0 DV ppwait 0xfffffe0054950520 syz-executor
923 922 766 0 DV ppwait 0xfffffe0054950a80 syz-executor
922 921 766 0 DV ppwait 0xfffffe0054900560 syz-executor
921 920 766 0 DV ppwait 0xfffffe0054900ac0 syz-executor
920 919 766 0 DV ppwait 0xfffffe0054929500 syz-executor
919 918 766 0 DV ppwait 0xfffffe0054929a60 syz-executor
918 917 766 0 DV ppwait 0xfffffe0054929fc0 syz-executor
917 916 766 0 DV ppwait 0xfffffe005492a520 syz-executor
916 915 766 0 DV ppwait 0xfffffe00548fe520 syz-executor
915 914 766 0 DV ppwait 0xfffffe0054931a60 syz-executor
914 913 766 0 DV ppwait 0xfffffe0054940500 syz-executor
913 912 766 0 DV ppwait 0xfffffe0054940a60 syz-executor
912 911 766 0 DV ppwait 0xfffffe0054940fc0 syz-executor
911 910 766 0 DV ppwait 0xfffffe0054941520 syz-executor
910 909 766 0 DV ppwait 0xfffffe0054941a80 syz-executor
909 908 766 0 DV ppwait 0xfffffe0054941fe0 syz-executor
908 906 766 0 DV ppwait 0xfffffe0054942540 syz-executor
906 905 766 0 DV ppwait 0xfffffe0054942aa0 syz-executor
905 904 766 0 DV ppwait 0xfffffe0054805ac0 syz-executor
904 903 766 0 DV ppwait 0xfffffe0054932a80 syz-executor
903 902 766 0 DV ppwait 0xfffffe0054932fe0 syz-executor
902 901 766 0 DV ppwait 0xfffffe0054933540 syz-executor
901 900 766 0 DV ppwait 0xfffffe0054933aa0 syz-executor
900 899 766 0 DV ppwait 0xfffffe0054934000 syz-executor
899 898 766 0 DV ppwait 0xfffffe0054934560 syz-executor
898 897 766 0 DV ppwait 0xfffffe0054934ac0 syz-executor
897 1 766 0 DV ppwait 0xfffffe005492b540 syz-executor
891 1 766 0 S uwait 0xfffffe0058ce1380 syz-executor
887 1 765 0 S uwait 0xfffffe006eb3b500 syz-executor
881 1 765 0 S uwait 0xfffffe0058a86880 syz-executor
879 1 765 0 S uwait 0xfffffe0058ce3380 syz-executor
865 1 766 0 S uwait 0xfffffe0058a86180 syz-executor
845 1 767 0 S umtxn 0xfffffe0058ce1080 syz-executor
841 1 767 0 S uwait 0xfffffe006eb3ba00 syz-executor
836 1 765 0 SV uwait 0xfffffe0058ce2180 syz-executor
831 1 765 0 S uwait 0xfffffe0058a86080 syz-executor
830 1 765 0 S uwait 0xfffffe0058a85b00 syz-executor
829 1 765 0 S uwait 0xfffffe0058a85c00 syz-executor
827 1 765 0 S uwait 0xfffffe0058ce3e00 syz-executor
822 815 822 0 Ss select 0xfffffe0058a88b40 dhclient
818 1 818 0 Ss select 0xfffffe006eb3bcc0 dhclient
815 792 424 65 S select 0xfffffe006eb3bdc0 dhclient
813 0 0 0 DL aiordy 0xfffffe00548fe580 [aiod4]
812 0 0 0 DL aiordy 0xfffffe00548feae0 [aiod3]
811 0 0 0 DL aiordy 0xfffffe00548ff040 [aiod2]
810 0 0 0 DL aiordy 0xfffffe0054805060 [aiod1]
792 424 424 0 S wait 0xfffffe00548ffb00 sh
767 763 767 0 R CPU 0 syz-executor
766 763 766 0 S nanslp 0xffffffff8398e3c1 syz-executor
765 763 765 0 S nanslp 0xffffffff8398e3c1 syz-executor
764 763 764 0 S nanslp 0xffffffff8398e3c1 syz-executor
763 761 761 0 S select 0xfffffe00546dfcc0 syz-executor
761 759 761 0 Ss pause 0xfffffe00548f30f0 csh
759 682 759 0 Ss select 0xfffffe00546dfdc0 sshd
750 1 750 0 Ss+ ttyin 0xfffffe0058a7dcb0 getty
749 1 749 0 Ss+ ttyin 0xfffffe0058dca8b0 getty
748 1 748 0 Ss+ ttyin 0xfffffe0058dcacb0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0058dcc0b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0058dcc4b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe0058dcc8b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0058dcccb0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0058dcd0b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0058dcd4b0 getty
740 1 18 0 S+ piperd 0xfffffe006bc11b80 logger
739 738 18 0 S+ nanslp 0xffffffff8398e3c0 sleep
738 1 18 0 S+ wait 0xfffffe0008025ae0 sh
687 1 687 0 Ss nanslp 0xffffffff8398e3c1 cron
682 1 682 0 Ss select 0xfffffe0058a85140 sshd
495 1 495 0 Ss select 0xfffffe0058a87240 syslogd
424 1 424 0 Ss wait 0xfffffe0054802ac0 devd
423 1 423 65 Ss select 0xfffffe0058ce2c40 dhclient
338 1 338 0 Ss select 0xfffffe0058a86cc0 dhclient
335 1 335 0 Ss select 0xfffffe0058ce35c0 dhclient
17 0 0 0 DL syncer 0xffffffff83aabc20 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0008024000 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83aaa1e0 [bufdaemon]
100083 D - 0xffffffff82e02140 [bufspacedaemon-0]
100094 D sdflush 0xfffffe0058dc94e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83af50e0 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83adb078 [dom0]
100081 D launds 0xffffffff83adb084 [laundry: dom0]
100082 D umarcl 0xffffffff81d83e80 [uma]
7 0 0 0 DL - 0xffffffff8370bbf0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff846355d0 [pf purge]
5 0 0 0 DL waiting 0xffffffff84509580 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff836d6340 [doneq0]
100047 D - 0xffffffff836d62c0 [async]
100076 D - 0xffffffff836d6140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ad68a0 [crypto]
100044 D crypto_ 0xfffffe005855e030 [crypto returns 0]
100045 D crypto_ 0xfffffe005855e080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0008bfc488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83936dc0 [g_event]
100038 D - 0xffffffff83936de0 [g_up]
100039 D - 0xffffffff83936e00 [g_down]
2 0 0 0 WL (threaded) [clock]
100031 I [clock (0)]
100032 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 TLs [init]
10 0 0 0 DL audit_w 0xffffffff83ad7340 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84a0fff0 [swapper]
100005 D - 0xfffffe0007f6a200 [softirq_0]
100006 D - 0xfffffe0007f6a100 [softirq_1]
100007 D - 0xfffffe0007f6a000 [if_io_tqg_0]
100008 D - 0xfffffe0007f69e00 [if_io_tqg_1]
100009 D - 0xfffffe0007f69d00 [if_config_tqg_0]
100010 D - 0xfffffe0007f69c00 [pci_hp taskq]
100011 D - 0xfffffe0007f69b00 [kqueue_ctx taskq]
100012 D - 0xfffffe0007f69a00 [jail_remove taskq]
100015 D - 0xfffffe0007f69700 [thread taskq]
100017 D - 0xfffffe0007f69500 [aiod_kick taskq]
100018 D - 0xfffffe0007f69400 [deferred_unmount ta]
100019 D - 0xfffffe0007f69300 [inm_free taskq]
100020 D - 0xfffffe0007f69200 [in6m_free taskq]
100021 D - 0xfffffe0007f69100 [linuxkpi_irq_wq]
100022 D - 0xfffffe0007f69000 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0007f69000 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0007f69000 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0007f69000 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0007f68e00 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0007f68e00 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0007f68e00 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0007f68e00 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0007f68b00 [firmware taskq]
100041 D - 0xfffffe0007f68a00 [crypto_0]
100042 D - 0xfffffe0007f68a00 [crypto_1]
100057 D - 0xfffffe0007f68800 [vtnet0 rxq 0]
100058 D - 0xfffffe0007f68700 [vtnet0 txq 0]
100059 D - 0xfffffe0007f68600 [vtnet0 rxq 1]
100060 D - 0xfffffe0007f68500 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe00546dc080 [virtio_balloon]
100066 D - 0xffffffff8274f8e1 [deadlkres]
100070 D - 0xfffffe0059bf6300 [acpi_task_0]
100071 D - 0xfffffe0059bf6300 [acpi_task_1]
100072 D - 0xfffffe0059bf6300 [acpi_task_2]
100074 D - 0xfffffe0007f6ad00 [mca taskq]
100075 D - 0xfffffe0007f68900 [CAM taskq]
100077 D - 0xfffffe0007f68300 [ipsec_offload]
100356 D - 0xfffffe0059bf6000 [netlink_socket (PID]
842 1 767 0 Z syz-executor
847 1 766 0 Z syz-executor
883 1 0 0 ZL [accounting]
db> show all locks
Process 951 (syz-executor) thread 0xfffffe0054922740 (100349)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0008402948) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:4023
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0077f2a750) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1176
Process 949 (syz-executor) thread 0xfffffe005495e000 (100347)
exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe006beeb180) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4826
Process 943 (syz-executor) thread 0xfffffe005491d000 (100338)
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0077f2bc78) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1176
Process 767 (syz-executor) thread 0xfffffe00548ad740 (100090)
exclusive sleep mutex ktrace (ktrace) r = 0 (0xffffffff8393ad40) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_ktrace.c:435
exclusive sx ktrace_sx (ktrace_sx) r = 0 (0xffffffff8393ad80) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_ktrace.c:716
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 375 5015K 485
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4213
sysctloid 35205 2074K 35280
vtbuf 24 1968K 46
kobj 330 1320K 494
newblk 28 1031K 1137
vfscache 3 1025K 3
filedesc 108 858K 321
pcb 40 683K 251
inodedep 21 520K 269
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
subproc 230 478K 1079
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 102 201K 8581
acpica 1674 184K 54408
vmem 5 144K 7
tidhash 3 141K 3
pagedep 17 132K 128
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 109 109K 126
sem 4 106K 4
gtaskqueue 18 98K 18
bus 994 81K 5040
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 519 65K 519
ddb_capture 1 64K 1
kdtrace 295 54K 1310
umtx 400 50K 400
temp 35 37K 1940
BPF 22 36K 27
shm 2 34K 2
hostcache 1 32K 1
DEVFS3 128 32K 138
msg 4 30K 4
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
ifaddr 67 19K 69
LRO 18 19K 18
ufs_mount 4 17K 5
proc 3 17K 3
filemon 2 16K 4
tty 16 16K 16
routetbl 130 16K 410
ithread 90 15K 90
bus-sc 34 15K 1637
lltable 45 14K 46
eventhandler 163 14K 163
ifnet 7 13K 7
ether_multi 152 13K 182
kenv 95 12K 95
GEOM 61 11K 477
CAM queue 5 11K 1528
rman 82 10K 437
ksem 5 10K 9
shmfd 4 10K 9
rpc 8 9K 8
plimit 23 9K 333
in6_multi 65 9K 65
bmsafemap 2 9K 224
devstat 4 9K 4
UART 12 9K 12
pfs_vncache 1 8K 1
audit_evclass 239 8K 301
taskqueue 72 8K 75
cred 27 7K 210
kqueue 108 7K 1040
pwddesc 105 7K 963
sglist 6 7K 6
CAM DEV 3 6K 510
pfs_nodes 22 6K 22
ufs_dirhash 24 5K 24
pf_ifnet 11 5K 20
UMA 269 5K 269
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
acpisem 28 4K 28
proc-args 131 4K 1998
DEVFSP 53 4K 83
selfd 48 3K 29552
lockf 27 3K 82
terminal 11 3K 11
session 22 3K 35
acpidev 20 3K 20
uidinfo 4 3K 13
hhook 8 3K 10
sctp_atcl 6 3K 103
clone 9 3K 9
kcovinfo 36 3K 36
sctp_timw 8 2K 8
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 13
Unitno 31 2K 50
sctp_ifa 13 2K 14
CAM XPT 22 2K 543
newdirblk 12 2K 107
CC Mem 12 2K 60
in_multi 6 2K 12
tun 4 2K 4
toponodes 6 2K 6
diradd 11 2K 205
ipsecpolicy 2 2K 2
select 11 2K 44
indirdep 5 2K 112
msi 9 2K 9
netlink 2 2K 73
softdep 1 1K 1
dirrem 4 1K 182
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 22
NFSD session 1 1K 1
mkdir 7 1K 214
CAM periph 4 1K 271
sctp_ifn 6 1K 14
ipsec 3 1K 3
inpcbpolicy 24 1K 263
mld 6 1K 6
igmp 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 148
pci_link 10 1K 10
crypto 4 1K 28
encap_export_host 12 1K 12
osd 17 1K 73
freefile 4 1K 146
cdev 2 1K 2
lkpikmalloc 8 1K 9
cryptodev 7 1K 103
chacha20random 1 1K 1
biobuf 1 1K 1
ip6opt 2 1K 12
ip_msource 5 1K 7
iov 5 1K 13957
freefrag 2 1K 53
vnodes 1 1K 1
procdesc 2 1K 8
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
pf_osfp 2 1K 2
sctp_atky 6 1K 116
tcpfunc 3 1K 3
loginclass 3 1K 5
prison 6 1K 6
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
ip6_msource 2 1K 2
aio 4 1K 5
pmchooks 1 1K 1
filecaps 5 1K 72
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
soname 4 1K 3442
sctp_athm 6 1K 105
in_mfilter 2 1K 15
sctp_vrf 1 1K 1
ip_moptions 1 1K 11
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 33
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
freework 1 1K 236
p1003.1b 1 1K 1
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 32
sctp_iter 0 0K 12
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 12
sctp_aadr 0 0K 0
sctp_stro 0 0K 11
sctp_stri 0 0K 4
sctp_map 0 0K 22
mqdata 0 0K 0
tcp_pcm_rack 0 0K 7
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 14
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
NMI handlers 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
amdiommu_dom 0 0K 0
amdiommu_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 99
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 9
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 134
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6_moptions 0 0K 1
in6_mfilter 0 0K 3
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 248
namei_tracker 0 0K 3
export_host 0 0K 0
cl_savebuf 0 0K 26
lio 0 0K 3
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 1
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 175
eventfd 0 0K 6
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 296
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 650
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 3
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
md_disk 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8320 1078 12860 0 254 38494208 0
mbuf 256 8672 990 26853 0 254 2473472 0
BUF TRIE 152 231 11573 905 0 62 1794208 0
malloc-384 384 4118 52 4118 0 30 1601280 0
malloc-128 128 11597 121 11753 0 126 1499904 0
malloc-4096 4096 331 3 500 0 2 1368064 0
UMA Slabs 0 112 11039 7 11039 0 126 1237152 0
sctp_asoc 2256 0 510 11 0 254 1150560 0
RADIX NODE 152 6946 381 31267 0 62 1113704 0
malloc-64 64 121 16952 29695 0 254 1092672 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 16701 114 16701 0 254 941640 0
malloc-16384 16384 53 3 158 0 1 917504 0
malloc-65536 65536 9 1 12 0 1 655360 0
FFS inode 1168 541 19 688 0 8 654080 0
sctp_ep 1152 6 505 90 0 254 588672 0
socket 1024 44 464 1569 0 254 520192 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 194 0 0 2 509056 0
256 Bucket 2048 226 14 1220 0 8 491520 0
malloc-4096 4096 108 2 953 0 2 450560 0
sctp_raddr 736 0 517 16 0 254 380512 0
THREAD 1824 186 14 356 0 8 364800 0
VM OBJECT 264 1307 43 14522 0 30 356400 0
malloc-64 64 4143 456 4464 0 254 294336 0
VNODE 440 580 86 729 0 30 293040 0
malloc-65536 65536 0 4 173 0 1 262144 0
malloc-65536 65536 4 0 4 0 1 262144 0
malloc-32768 32768 6 2 17 0 1 262144 0
malloc-2048 2048 107 13 307 0 8 245760 0
malloc-16 16 14644 356 16124 0 254 240000 0
DEVCTL 1024 21 199 148 0 0 225280 0
tcp_log 416 7 506 116 0 254 213408 0
malloc-256 256 346 404 2362 0 62 192000 0
UMA Zones 768 241 3 241 0 16 187392 0
malloc-32 32 5432 238 5583 0 254 181440 0
MAP ENTRY 96 1787 103 46500 0 126 181440 0
FPU_save_area 832 188 28 444 0 16 179712 0
malloc-128 128 1194 201 28968 0 126 178560 0
lkpimm 56 1 3095 1 0 254 173376 0
PROC 1376 107 14 952 0 8 166496 0
unpcb 320 11 505 1184 0 254 165120 0
malloc-32768 32768 0 5 76 0 1 163840 0
malloc-128 128 1154 117 2375 0 126 162688 0
FFS2 dinode 256 541 89 688 0 62 161280 0
ertt_txseginfo 40 1 3635 8378 0 254 145440 0
S VFS Cache 104 999 288 1185 0 126 133848 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 0 2 12 0 1 131072 0
malloc-1024 1024 110 18 135 0 16 131072 0
mbuf_packet 256 7 501 1649 0 254 130048 0
filedesc0 1072 105 7 963 0 8 120064 0
ksiginfo 112 100 944 139 0 126 116928 0
malloc-2048 2048 13 35 1133 0 8 98304 0
g_bio 408 0 240 7199 0 30 97920 0
UMA Kegs 384 227 6 227 0 30 89472 0
malloc-16384 16384 3 2 183 0 1 81920 0
sctp_chunk 152 0 520 6 0 254 79040 0
malloc-8192 8192 9 0 118 0 1 73728 0
malloc-4096 4096 15 3 109 0 2 73728 0
malloc-384 384 128 52 227 0 30 69120 0
128 Bucket 1024 52 15 253 0 16 68608 0
malloc-64 64 569 502 1655 0 254 68544 0
malloc-64 64 521 550 20665 0 254 68544 0
tcp_bbr_map 128 2 525 1386 0 126 67456 0
malloc-128 128 338 189 681 0 126 67456 0
malloc-32768 32768 0 2 123 0 1 65536 0
malloc-4096 4096 13 3 18 0 2 65536 0
malloc-256 256 167 88 232 0 62 65280 0
32 Bucket 256 83 172 1811 0 62 65280 0
malloc-384 384 72 78 321 0 30 57600 0
64 Bucket 512 77 27 1806 0 30 53248 0
malloc-128 128 15 388 293 0 126 51584 0
malloc-256 256 27 168 775 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-4096 4096 11 1 493 0 2 49152 0
malloc-1024 1024 11 37 535 0 16 49152 0
da_ccb 544 0 84 1912 0 16 45696 0
syncache 168 0 264 3 0 254 44352 0
tcp_inpcb 1312 12 21 60 0 8 43296 0
clpbuf 2624 0 16 39 0 4 41984 0
pcpu-8 8 4745 375 4938 0 254 40960 0
VMSPACE 584 52 18 897 0 16 40880 0
sctp_readq 152 0 260 4 0 254 39520 0
udp_inpcb 416 6 84 159 0 30 37440 0
hostcache 64 2 565 2 0 254 36288 0
malloc-64 64 10 557 68 0 254 36288 0
malloc-64 64 189 378 1084 0 254 36288 0
malloc-64 64 259 308 1121 0 254 36288 0
malloc-64 64 20 547 730 0 254 36288 0
tcp_rack_map 128 0 279 539 0 126 35712 0
malloc-128 128 23 256 140 0 126 35712 0
malloc-128 128 7 272 16 0 126 35712 0
malloc-128 128 80 199 187 0 126 35712 0
routing nhops 256 27 108 36 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-256 256 64 71 195 0 62 34560 0
malloc-256 256 62 73 474 0 62 34560 0
malloc-256 256 16 119 94 0 62 34560 0
malloc-256 256 51 84 705 0 62 34560 0
malloc-256 256 25 110 650 0 62 34560 0
TURNSTILE 136 201 51 201 0 62 34272 0
NAMEI 1024 0 32 13417 0 16 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-8192 8192 2 2 4 0 1 32768 0
malloc-8192 8192 3 1 4 0 1 32768 0
malloc-2048 2048 1 15 97 0 8 32768 0
malloc-2048 2048 10 6 128 0 8 32768 0
malloc-2048 2048 11 5 11 0 8 32768 0
malloc-2048 2048 6 10 22 0 8 32768 0
malloc-1024 1024 2 30 11 0 16 32768 0
malloc-1024 1024 13 19 1199 0 16 32768 0
malloc-1024 1024 19 13 19 0 16 32768 0
malloc-1024 1024 9 23 10 0 16 32768 0
malloc-1024 1024 9 23 24 0 16 32768 0
malloc-512 512 3 61 27 0 30 32768 0
malloc-512 512 1 63 2 0 30 32768 0
malloc-512 512 2 62 197 0 30 32768 0
malloc-512 512 8 56 33 0 30 32768 0
malloc-512 512 8 56 13 0 30 32768 0
pcpu-64 64 495 17 495 0 254 32768 0
tcp_bbr_pcb 896 3 33 14 0 16 32256 0
sctp_stream_msg_out 112 0 288 1 0 254 32256 0
ttyinq 160 135 65 300 0 62 32000 0
Files 80 206 194 7422 0 126 32000 0
PGRP 120 26 238 39 0 126 31680 0
rl_entry 48 2 586 3 0 254 28224 0
malloc-32 32 283 599 615 0 254 28224 0
16 Bucket 144 61 135 305 0 62 28224 0
4 Bucket 48 6 582 11 0 254 28224 0
udplite_inpcb 416 0 63 8 0 30 26208 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 1 2 20 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-4096 4096 2 4 34 0 2 24576 0
pipe 736 21 12 299 0 16 24288 0
PWD 40 31 575 181 0 254 24240 0
tcp_rack_pcb 1152 0 21 7 0 8 24192 0
rtentry 168 30 114 36 0 62 24192 0
8 Bucket 80 47 253 358 0 126 24000 0
itimer 352 0 66 4 0 30 23232 0
ripcb 384 6 54 36 0 30 23040 0
malloc-384 384 7 53 32 0 30 23040 0
malloc-384 384 24 36 678 0 30 23040 0
malloc-384 384 36 24 38 0 30 23040 0
malloc-384 384 26 34 37 0 30 23040 0
malloc-384 384 22 38 34 0 30 23040 0
SLEEPQUEUE 88 201 55 201 0 126 22528 0
udp_inpcb ports 32 3 627 30 0 254 20160 0
tcp_inpcb ports 32 4 626 23 0 254 20160 0
ertt 72 12 268 60 0 126 20160 0
malloc-32 32 135 495 143 0 254 20160 0
malloc-32 32 59 571 748 0 254 20160 0
malloc-32 32 93 537 5475 0 254 20160 0
malloc-32 32 34 596 555 0 254 20160 0
2 Bucket 32 61 569 431 0 254 20160 0
KNOTE 160 0 125 35 0 62 20000 0
cryptop 280 0 70 6 0 30 19600 0
L VFS Cache 320 0 60 6 0 30 19200 0
AIOLIO 272 0 70 3 0 30 19040 0
vmem 1856 2 7 2 0 8 16704 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 2 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 2 2 292 0 2 16384 0
malloc-2048 2048 1 7 4 0 8 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-1024 1024 4 12 25 0 16 16384 0
malloc-512 512 2 30 7 0 30 16384 0
malloc-512 512 0 32 5 0 30 16384 0
SMR CPU 32 8 503 8 0 254 16352 0
sctp_laddr 48 0 336 29 0 254 16128 0
vtnet_tx_hdr 24 0 668 7961 0 254 16032 0
malloc-16 16 326 674 534 0 254 16000 0
AIO 208 0 76 12 0 62 15808 0
kenv 258 17 43 1066 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
malloc-32 32 0 378 8 0 254 12096 0
malloc-32 32 135 243 246 0 254 12096 0
malloc-16 16 14 736 69 0 254 12000 0
malloc-16 16 18 732 84 0 254 12000 0
malloc-16 16 19 731 24 0 254 12000 0
malloc-16 16 183 567 3015 0 254 12000 0
malloc-16 16 21 729 26352 0 254 12000 0
malloc-16 16 21 729 182 0 254 12000 0
AIOCB 552 0 21 15 0 16 11592 0
Mountpoints 2816 2 2 2 0 4 11264 0
malloc-8192 8192 1 0 1 0 1 8192 0
pcpu-16 16 4 252 4 0 254 4096 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Feb 28, 2025, 1:59:29 AM2/28/25
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 2980318b2747 sh.1: extend the section about getopts
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=173af064580000
dashboard link: https://syzkaller.appspot.com/bug?extid=eb5db60d36b005dbccf5
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=148b85a8580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=147297b8580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+eb5db6...@syzkaller.appspotmail.com
panic: nl_buf_alloc: invalid length 4294968096
cpuid = 1
time = 1740725927
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0057582510
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057582670
vpanic() at vpanic+0x257/frame 0xfffffe0057582830
panic() at panic+0xb5/frame 0xfffffe0057582900
nl_buf_alloc() at nl_buf_alloc+0xb7/frame 0xfffffe0057582930
nl_sosend() at nl_sosend+0x11e/frame 0xfffffe00575829a0
sousrsend() at sousrsend+0x112/frame 0xfffffe0057582a30
kern_sendit() at kern_sendit+0x4fe/frame 0xfffffe0057582b90
sendit() at sendit+0x15f/frame 0xfffffe0057582bf0
sys_sendto() at sys_sendto+0x181/frame 0xfffffe0057582d10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe0057582f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0057582f30
--- syscall (0, FreeBSD ELF64, syscall), rip = 0x233daa, rsp = 0x820a641a8, rbp = 0x820a641c0 ---
KDB: enter: panic
[ thread pid 774 tid 100101 ]
rdx 0xdffff7c000000000
rbx 0xffffffff8274a640 .str.27
rsp 0xfffffe0057582650
rbp 0xfffffe0057582670
rsi 0
rdi 0xffffffff82e004c0 panicstr
r12 0xfffffe00548d3740
ABI: FreeBSD ELF64
flag: 0x10004000 flag2: 0
arguments: ./syz-executor3839528570
(map 0xfffffe000800f248)
(map.pmap 0xfffffe000800f2e8)
(pmap 0xfffffe000800f358)
threads: 1
100101 Run CPU 1 syz-executor3839528
772 770 772 0 Ss pause 0xfffffe00548c7630 csh
770 682 770 0 Rs CPU 0 sshd
748 1 748 0 Ss+ ttyin 0xfffffe0058a7dcb0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0058dca8b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0058dcacb0 getty
745 1 745 0 Ss+ ttyin 0xfffffe0058dcc0b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0058dcc4b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0058dcc8b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0058dcccb0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0058dcd0b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0058dcd4b0 getty
686 1 686 0 Ss nanslp 0xffffffff8398e3c1 cron
682 1 682 0 Ss select 0xfffffe0058ce26c0 sshd
495 1 495 0 Ss select 0xfffffe0058a85740 syslogd
424 1 424 0 Ss select 0xfffffe0058ce29c0 devd
423 1 423 65 Ss select 0xfffffe0058ce27c0 dhclient
338 1 338 0 Ss select 0xfffffe0058ce2940 dhclient
335 1 335 0 Ss select 0xfffffe0058a856c0 dhclient
5 0 0 0 DL waiting 0xffffffff845de580 [sctp_iterator]
1 0 1 0 SLs wait 0xfffffe0008007040 [init]
100074 D - 0xfffffe0007f6ae00 [mca taskq]
100110 D - 0xfffffe0007f68400 [netlink_socket (PID]
db> show all locks
Process 774 (syz-executor3839528) thread 0xfffffe00548d3740 (100101)
exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe005a1f4180) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4826
kobj 330 1320K 494
vfscache 3 1025K 3
pcb 24 669K 43
inodedep 4 514K 71
acpica 1674 184K 54408
subproc 93 169K 831
vmem 5 144K 6
tidhash 3 141K 3
pagedep 2 129K 18
DEVFS1 105 105K 114
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
kdtrace 147 30K 886
umtx 224 28K 224
kenv 95 12K 95
ifaddr 30 12K 32
GEOM 61 11K 477
routetbl 50 11K 176
bmsafemap 3 9K 40
shmfd 1 8K 1
sglist 6 7K 6
plimit 16 6K 323
ifnet 3 5K 3
lltable 11 4K 11
pf_ifnet 5 3K 6
in6_multi 25 3K 25
terminal 11 3K 11
acpidev 20 3K 20
session 19 3K 31
hhook 8 3K 10
kqueue 37 3K 777
pwddesc 37 3K 775
clone 9 3K 9
uidinfo 3 3K 8
Unitno 28 2K 42
toponodes 6 2K 6
ipsecpolicy 2 2K 2
selfd 21 2K 29402
msi 9 2K 9
netlink 2 2K 48
softdep 1 1K 1
indirdep 3 1K 3
nhops 6 1K 6
pci_link 10 1K 10
sctp_ifa 5 1K 6
crypto 4 1K 4
ip6ndp 4 1K 5
encap_export_host 12 1K 12
in_multi 2 1K 4
diradd 3 1K 36
CC Mem 3 1K 7
sctp_ifn 2 1K 6
mld 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
pmchooks 1 1K 1
sctp_vrf 1 1K 1
p1003.1b 1 1K 1
filecaps 1 1K 66
tcp_pcm_rack 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 4
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 4
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
mqdata 0 0K 0
savedino 0 0K 15
dirrem 0 0K 28
mkdir 0 0K 16
freefile 0 0K 26
freeblks 0 0K 25
freefrag 0 0K 38
ip6opt 0 0K 3
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 35
aio 0 0K 0
lio 0 0K 0
ioctlops 0 0K 86
eventfd 0 0K 0
tcp_log_dev 0 0K 0
mbuf_jumbo_page 4096 8320 1078 26075 0 254 38494208 0
mbuf 256 8577 1085 34402 0 254 2473472 0
BUF TRIE 152 298 11506 973 0 62 1794208 0
malloc-4096 4096 330 2 495 0 2 1359872 0
UMA Slabs 0 112 10852 14 10852 0 126 1216992 0
RADIX NODE 152 3888 215 23355 0 62 623656 0
FFS inode 1168 499 33 525 0 8 621376 0
malloc-65536 65536 9 0 12 0 1 589824 0
malloc-256 256 2145 30 2551 0 62 556800 0
socket 1024 19 489 1315 0 254 520192 0
malloc-64 64 4098 249 4376 0 254 278208 0
VM OBJECT 264 869 61 12727 0 30 245520 0
malloc-16 16 14579 171 15857 0 254 236000 0
malloc-32768 32768 6 1 17 0 1 229376 0
malloc-2048 2048 107 5 298 0 8 229376 0
DEVCTL 1024 0 220 123 0 0 225280 0
malloc-2048 2048 7 97 1039 0 8 212992 0
THREAD 1824 109 3 110 0 8 204288 0
malloc-32 32 5426 496 5590 0 254 189504 0
malloc-4096 4096 37 3 775 0 2 163840 0
FFS2 dinode 256 499 71 525 0 62 145920 0
malloc-1024 1024 105 23 117 0 16 131072 0
malloc-128 128 917 106 1923 0 126 130944 0
mbuf_packet 256 0 508 117 0 254 130048 0
S VFS Cache 104 986 184 1024 0 126 121680 0
MAP ENTRY 96 792 468 39418 0 126 120960 0
ksiginfo 112 31 1013 50 0 126 116928 0
FPU_save_area 832 111 24 128 0 16 112320 0
malloc-8192 8192 7 2 114 0 1 73728 0
malloc-4096 4096 15 3 107 0 2 73728 0
g_bio 408 0 180 5356 0 30 73440 0
128 Bucket 1024 43 24 236 0 16 68608 0
malloc-64 64 515 556 15976 0 254 68544 0
malloc-128 128 326 201 535 0 126 67456 0
malloc-32768 32768 0 2 120 0 1 65536 0
filedesc0 1072 37 12 775 0 8 52528 0
malloc-64 64 498 321 1475 0 254 52416 0
malloc-256 256 146 49 165 0 62 49920 0
32 Bucket 256 58 137 2153 0 62 49920 0
syncache 168 0 264 5 0 254 44352 0
clpbuf 2624 0 16 77 0 4 41984 0
malloc-4096 4096 7 3 489 0 2 40960 0
udp_inpcb 416 6 84 128 0 30 37440 0
pcpu-8 8 4296 312 4324 0 254 36864 0
64 Bucket 512 62 10 1249 0 30 36864 0
malloc-64 64 7 560 36 0 254 36288 0
malloc-64 64 39 528 29450 0 254 36288 0
malloc-64 64 65 502 831 0 254 36288 0
malloc-64 64 183 384 921 0 254 36288 0
malloc-64 64 15 552 605 0 254 36288 0
malloc-128 128 15 264 63 0 126 35712 0
malloc-128 128 7 272 8 0 126 35712 0
malloc-128 128 68 211 88 0 126 35712 0
malloc-128 128 17 262 276 0 126 35712 0
routing nhops 256 10 125 17 0 62 34560 0
malloc-256 256 42 93 132 0 62 34560 0
malloc-256 256 47 88 320 0 62 34560 0
malloc-256 256 8 127 86 0 62 34560 0
malloc-256 256 51 84 698 0 62 34560 0
malloc-256 256 12 123 384 0 62 34560 0
malloc-2048 2048 6 10 93 0 8 32768 0
malloc-2048 2048 5 11 21 0 8 32768 0
malloc-1024 1024 2 30 10 0 16 32768 0
malloc-1024 1024 13 19 1069 0 16 32768 0
malloc-512 512 2 62 12 0 30 32768 0
malloc-512 512 2 62 168 0 30 32768 0
malloc-512 512 6 58 22 0 30 32768 0
malloc-512 512 8 56 9 0 30 32768 0
VMSPACE 584 20 29 759 0 16 28616 0
sctp_laddr 48 0 588 4 0 254 28224 0
malloc-32 32 262 620 479 0 254 28224 0
16 Bucket 144 49 147 334 0 62 28224 0
4 Bucket 48 8 580 14 0 254 28224 0
da_ccb 544 0 49 1572 0 16 26656 0
TURNSTILE 136 113 76 113 0 62 25704 0
PWD 40 10 596 99 0 254 24240 0
rtentry 168 13 131 17 0 62 24192 0
Files 80 68 232 6533 0 126 24000 0
8 Bucket 80 48 252 294 0 126 24000 0
tcp_inpcb 1312 3 15 7 0 8 23616 0
malloc-384 384 7 53 27 0 30 23040 0
malloc-384 384 17 43 668 0 30 23040 0
malloc-384 384 19 41 21 0 30 23040 0
malloc-384 384 26 34 38 0 30 23040 0
malloc-384 384 4 56 5 0 30 23040 0
Mountpoints 2816 2 6 2 0 4 22528 0
SLEEPQUEUE 88 113 143 113 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
udp_inpcb ports 32 3 627 40 0 254 20160 0
ertt 72 3 277 7 0 126 20160 0
malloc-32 32 41 589 47 0 254 20160 0
malloc-32 32 59 571 753 0 254 20160 0
malloc-32 32 31 599 3776 0 254 20160 0
malloc-32 32 25 605 506 0 254 20160 0
2 Bucket 32 49 581 305 0 254 20160 0
malloc-256 256 8 67 522 0 62 19200 0
malloc-2048 2048 1 7 1 0 8 16384 0
malloc-32 32 0 378 2 0 254 12096 0
malloc-32 32 114 264 212 0 254 12096 0
KNOTE 160 0 75 8 0 62 12000 0
malloc-16 16 5 745 14 0 254 12000 0
malloc-16 16 18 732 57 0 254 12000 0
malloc-16 16 306 444 493 0 254 12000 0
malloc-16 16 183 567 3013 0 254 12000 0
malloc-16 16 20 730 24915 0 254 12000 0
malloc-16 16 15 735 37 0 254 12000 0
ripcb 384 1 29 4 0 30 11520 0
pcpu-16 16 8 504 8 0 254 8192 0
vtnet_tx_hdr 24 0 334 7074 0 254 8016 0
malloc-16 16 6 494 8 0 254 8000 0
UMA Slabs 1 176 8 14 8 0 62 3872 0
swpctrie 152 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 256 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf UDP mappings 104 0 0 0 0 126 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 376 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_rack_pcb 1152 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
tcp_bbr_pcb 896 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_raddr 736 0 0 0 0 254 0 0
sctp_asoc 2256 0 0 0 0 254 0 0
sctp_ep 1152 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb ports 32 0 0 0 0 254 0 0
udplite_inpcb 416 0 0 0 0 30 0 0
ripcb ports 32 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 240 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
cryptop 280 0 0 0 0 30 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 152 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 112 0 0 0 0 126 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 152 0 0 0 0 62 0 0
rl_entry 48 0 0 0 0 254 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 2980318b2747 sh.1: extend the section about getopts
git tree: freebsd-src
dashboard link: https://syzkaller.appspot.com/bug?extid=eb5db60d36b005dbccf5
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=148b85a8580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=147297b8580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+eb5db6...@syzkaller.appspotmail.com
panic: nl_buf_alloc: invalid length 4294968096
cpuid = 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0057582510
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057582670
vpanic() at vpanic+0x257/frame 0xfffffe0057582830
panic() at panic+0xb5/frame 0xfffffe0057582900
nl_buf_alloc() at nl_buf_alloc+0xb7/frame 0xfffffe0057582930
nl_sosend() at nl_sosend+0x11e/frame 0xfffffe00575829a0
sousrsend() at sousrsend+0x112/frame 0xfffffe0057582a30
kern_sendit() at kern_sendit+0x4fe/frame 0xfffffe0057582b90
sendit() at sendit+0x15f/frame 0xfffffe0057582bf0
sys_sendto() at sys_sendto+0x181/frame 0xfffffe0057582d10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe0057582f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0057582f30
--- syscall (0, FreeBSD ELF64, syscall), rip = 0x233daa, rsp = 0x820a641a8, rbp = 0x820a641c0 ---
KDB: enter: panic
[ thread pid 774 tid 100101 ]
Stopped at kdb_enter+0x6e: movq $0,0x23eaac7(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rdx 0xdffff7c000000000
rbx 0xffffffff8274a640 .str.27
rsp 0xfffffe0057582650
rbp 0xfffffe0057582670
rsi 0
rdi 0xffffffff82e004c0 panicstr
r8 0
r9 0xffffffff
r10 0
r11 0xfffffe00548d3c60
r9 0xffffffff
r10 0
r12 0xfffffe00548d3740
r13 0xfffffffffffffffd
r14 0xffffffff8274a640 .str.27
r15 0
rip 0xffffffff815c254e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23eaac7(%rip)
db> show proc
Process 774 (syz-executor3839528) at 0xfffffe00548c6000:
r14 0xffffffff8274a640 .str.27
r15 0
rip 0xffffffff815c254e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x23eaac7(%rip)
db> show proc
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 772 at 0xfffffe00548c7580
uid: 0 gids: 0, 0, 5
ABI: FreeBSD ELF64
flag: 0x10004000 flag2: 0
arguments: ./syz-executor3839528570
reaper: 0xfffffe0008007040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe000800f248
sigparent: 20
(map 0xfffffe000800f248)
(map.pmap 0xfffffe000800f2e8)
(pmap 0xfffffe000800f358)
threads: 1
100101 Run CPU 1 syz-executor3839528
db> ps
pid ppid pgrp uid state wmesg wchan cmd
774 772 772 0 R CPU 1 syz-executor3839528
pid ppid pgrp uid state wmesg wchan cmd
772 770 772 0 Ss pause 0xfffffe00548c7630 csh
770 682 770 0 Rs CPU 0 sshd
748 1 748 0 Ss+ ttyin 0xfffffe0058a7dcb0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0058dca8b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0058dcacb0 getty
745 1 745 0 Ss+ ttyin 0xfffffe0058dcc0b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0058dcc4b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0058dcc8b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0058dcccb0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0058dcd0b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0058dcd4b0 getty
686 1 686 0 Ss nanslp 0xffffffff8398e3c1 cron
682 1 682 0 Ss select 0xfffffe0058ce26c0 sshd
495 1 495 0 Ss select 0xfffffe0058a85740 syslogd
424 1 424 0 Ss select 0xfffffe0058ce29c0 devd
423 1 423 65 Ss select 0xfffffe0058ce27c0 dhclient
338 1 338 0 Ss select 0xfffffe0058ce2940 dhclient
335 1 335 0 Ss select 0xfffffe0058a856c0 dhclient
17 0 0 0 DL syncer 0xffffffff83aabc20 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0008026040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83aaa1e0 [bufdaemon]
100083 D - 0xffffffff82e02140 [bufspacedaemon-0]
100093 D sdflush 0xfffffe0058dc94e8 [/ worker]
100080 D psleep 0xffffffff83aaa1e0 [bufdaemon]
100083 D - 0xffffffff82e02140 [bufspacedaemon-0]
9 0 0 0 DL psleep 0xffffffff83af50e0 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83adb078 [dom0]
100081 D launds 0xffffffff83adb084 [laundry: dom0]
100082 D umarcl 0xffffffff81d83e80 [uma]
7 0 0 0 DL - 0xffffffff8370bbf0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff8430e5d0 [pf purge]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83adb078 [dom0]
100081 D launds 0xffffffff83adb084 [laundry: dom0]
100082 D umarcl 0xffffffff81d83e80 [uma]
7 0 0 0 DL - 0xffffffff8370bbf0 [rand_harvestq]
5 0 0 0 DL waiting 0xffffffff845de580 [sctp_iterator]
100075 D - 0xfffffe0007f68900 [CAM taskq]
100077 D - 0xfffffe0059bf6100 [ipsec_offload]
100110 D - 0xfffffe0007f68400 [netlink_socket (PID]
db> show all locks
Process 774 (syz-executor3839528) thread 0xfffffe00548d3740 (100101)
exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe005a1f4180) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4826
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 375 5015K 485
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4216
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 375 5015K 485
tcp_hpts 7 4801K 7
sysctloid 35205 2074K 35280
vtbuf 24 1968K 46
newblk 1914 1503K 1982
vtbuf 24 1968K 46
kobj 330 1320K 494
vfscache 3 1025K 3
pcb 24 669K 43
inodedep 4 514K 71
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 100 200K 100
vnet_data 2 224K 2
acpitask 1 224K 1
acpica 1674 184K 54408
subproc 93 169K 831
vmem 5 144K 6
tidhash 3 141K 3
pagedep 2 129K 18
tfo_ccache 1 128K 1
IP reass 1 128K 1
sem 4 106K 4
IP reass 1 128K 1
DEVFS1 105 105K 114
gtaskqueue 18 98K 18
bus 994 81K 5040
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 519 65K 519
ddb_capture 1 64K 1
temp 18 37K 1575
bus 994 81K 5040
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 519 65K 519
ddb_capture 1 64K 1
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
kdtrace 147 30K 886
umtx 224 28K 224
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
BPF 10 18K 10
DEVFS_RULE 56 20K 56
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
proc 3 17K 3
ithread 90 15K 90
bus-sc 34 15K 1637
eventhandler 163 14K 163
bus-sc 34 15K 1637
kenv 95 12K 95
ifaddr 30 12K 32
GEOM 61 11K 477
routetbl 50 11K 176
CAM queue 5 11K 1528
rman 82 10K 437
rpc 8 9K 8
rman 82 10K 437
bmsafemap 3 9K 40
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 1
UART 12 9K 12
shmfd 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 239 8K 301
taskqueue 72 8K 72
audit_evclass 239 8K 301
sglist 6 7K 6
plimit 16 6K 323
CAM DEV 3 6K 510
cred 22 6K 274
pfs_nodes 22 6K 22
ufs_dirhash 24 5K 24
UMA 269 5K 269
ufs_dirhash 24 5K 24
ifnet 3 5K 3
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
filedesc 1 4K 1
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
acpisem 28 4K 28
ether_multi 40 4K 50
acpisem 28 4K 28
lltable 11 4K 11
pf_ifnet 5 3K 6
in6_multi 25 3K 25
terminal 11 3K 11
acpidev 20 3K 20
session 19 3K 31
hhook 8 3K 10
kqueue 37 3K 777
pwddesc 37 3K 775
clone 9 3K 9
uidinfo 3 3K 8
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
proc-args 56 2K 1703
io_apic 1 2K 1
ipsec-saq 2 2K 2
Unitno 28 2K 42
CAM XPT 22 2K 543
lockf 15 2K 22
toponodes 6 2K 6
ipsecpolicy 2 2K 2
selfd 21 2K 29402
msi 9 2K 9
netlink 2 2K 48
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
vnodemarker 2 1K 18
secasvar 1 1K 1
NFSD session 1 1K 1
select 7 1K 29
CAM periph 4 1K 271
ipsec 3 1K 3
indirdep 3 1K 3
nhops 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
isadev 6 1K 6
pci_link 10 1K 10
sctp_ifa 5 1K 6
crypto 4 1K 4
ip6ndp 4 1K 5
encap_export_host 12 1K 12
in_multi 2 1K 4
cdev 2 1K 2
lkpikmalloc 8 1K 9
osd 8 1K 20
lkpikmalloc 8 1K 9
diradd 3 1K 36
CC Mem 3 1K 7
chacha20random 1 1K 1
biobuf 1 1K 1
inpcbpolicy 10 1K 139
biobuf 1 1K 1
sctp_ifn 2 1K 6
mld 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFSP 4 1K 9
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
tcpfunc 3 1K 3
CAM SIM 2 1K 2
feeder 7 1K 7
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
procdesc 1 1K 6
apmdev 1 1K 1
atkbddev 2 1K 2
pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
soname 4 1K 3328
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 35
pmc 1 1K 1
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
freework 1 1K 26
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
filecaps 1 1K 66
tcp_pcm_rack 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 4
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 4
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
mqdata 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
pf_temp 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
filemon 0 0K 0
esp 0 0K 0
ah 0 0K 0
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 6
jfsync 0 0K 0
jtrunc 0 0K 0
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
newdirblk 0 0K 8
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
dirrem 0 0K 28
mkdir 0 0K 16
freefile 0 0K 26
freeblks 0 0K 25
freefrag 0 0K 38
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
LRO 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
tun 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 198
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 0
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 35
aio 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
mbuf_tag 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
iov 0 0K 14739
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 86
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
stack 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 649
compressor 0 0K 0
SWAP 0 0K 0
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
kcovinfo 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
mbuf 256 8577 1085 34402 0 254 2473472 0
BUF TRIE 152 298 11506 973 0 62 1794208 0
malloc-384 384 4118 52 4118 0 30 1601280 0
malloc-128 128 11572 146 11674 0 126 1499904 0
malloc-4096 4096 330 2 495 0 2 1359872 0
UMA Slabs 0 112 10852 14 10852 0 126 1216992 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 15539 124 15539 0 254 877128 0
RADIX NODE 152 3888 215 23355 0 62 623656 0
FFS inode 1168 499 33 525 0 8 621376 0
malloc-65536 65536 9 0 12 0 1 589824 0
malloc-256 256 2145 30 2551 0 62 556800 0
socket 1024 19 489 1315 0 254 520192 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 194 0 0 2 509056 0
256 Bucket 2048 123 23 1039 0 8 299008 0
pbuf 2624 0 194 0 0 2 509056 0
malloc-64 64 4098 249 4376 0 254 278208 0
malloc-65536 65536 4 0 4 0 1 262144 0
VNODE 440 529 47 557 0 30 253440 0
VM OBJECT 264 869 61 12727 0 30 245520 0
malloc-16 16 14579 171 15857 0 254 236000 0
malloc-32768 32768 6 1 17 0 1 229376 0
malloc-2048 2048 107 5 298 0 8 229376 0
DEVCTL 1024 0 220 123 0 0 225280 0
malloc-2048 2048 7 97 1039 0 8 212992 0
THREAD 1824 109 3 110 0 8 204288 0
malloc-32 32 5426 496 5590 0 254 189504 0
UMA Zones 768 241 3 241 0 16 187392 0
malloc-128 128 1178 217 28585 0 126 178560 0
lkpimm 56 1 3095 1 0 254 173376 0
unpcb 320 7 509 1158 0 254 165120 0
malloc-4096 4096 37 3 775 0 2 163840 0
FFS2 dinode 256 499 71 525 0 62 145920 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 0 2 156 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 0 2 8 0 1 131072 0
malloc-1024 1024 105 23 117 0 16 131072 0
malloc-128 128 917 106 1923 0 126 130944 0
mbuf_packet 256 0 508 117 0 254 130048 0
S VFS Cache 104 986 184 1024 0 126 121680 0
MAP ENTRY 96 792 468 39418 0 126 120960 0
ksiginfo 112 31 1013 50 0 126 116928 0
FPU_save_area 832 111 24 128 0 16 112320 0
UMA Kegs 384 227 6 227 0 30 89472 0
malloc-16384 16384 3 2 183 0 1 81920 0
PROC 1376 36 19 774 0 8 75680 0
malloc-16384 16384 3 2 183 0 1 81920 0
malloc-8192 8192 7 2 114 0 1 73728 0
malloc-4096 4096 15 3 107 0 2 73728 0
g_bio 408 0 180 5356 0 30 73440 0
128 Bucket 1024 43 24 236 0 16 68608 0
malloc-64 64 515 556 15976 0 254 68544 0
malloc-128 128 326 201 535 0 126 67456 0
malloc-32768 32768 0 2 120 0 1 65536 0
malloc-4096 4096 13 3 18 0 2 65536 0
malloc-384 384 55 95 122 0 30 57600 0
filedesc0 1072 37 12 775 0 8 52528 0
malloc-64 64 498 321 1475 0 254 52416 0
malloc-256 256 146 49 165 0 62 49920 0
32 Bucket 256 58 137 2153 0 62 49920 0
DIRHASH 1024 35 13 35 0 16 49152 0
NAMEI 1024 0 48 12140 0 16 49152 0
malloc-16384 16384 3 0 3 0 1 49152 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-1024 1024 11 37 519 0 16 49152 0
malloc-8192 8192 6 0 7 0 1 49152 0
syncache 168 0 264 5 0 254 44352 0
clpbuf 2624 0 16 77 0 4 41984 0
malloc-4096 4096 7 3 489 0 2 40960 0
udp_inpcb 416 6 84 128 0 30 37440 0
pcpu-8 8 4296 312 4324 0 254 36864 0
64 Bucket 512 62 10 1249 0 30 36864 0
malloc-64 64 7 560 36 0 254 36288 0
malloc-64 64 39 528 29450 0 254 36288 0
malloc-64 64 65 502 831 0 254 36288 0
malloc-64 64 183 384 921 0 254 36288 0
malloc-64 64 15 552 605 0 254 36288 0
malloc-128 128 15 264 63 0 126 35712 0
malloc-128 128 7 272 8 0 126 35712 0
malloc-128 128 68 211 88 0 126 35712 0
malloc-128 128 17 262 276 0 126 35712 0
routing nhops 256 10 125 17 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 56 34 56 0 30 34560 0
malloc-256 256 42 93 132 0 62 34560 0
malloc-256 256 47 88 320 0 62 34560 0
malloc-256 256 8 127 86 0 62 34560 0
malloc-256 256 51 84 698 0 62 34560 0
malloc-256 256 12 123 384 0 62 34560 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-8192 8192 2 2 4 0 1 32768 0
malloc-2048 2048 2 14 11 0 8 32768 0
malloc-8192 8192 2 2 4 0 1 32768 0
malloc-2048 2048 6 10 93 0 8 32768 0
malloc-2048 2048 5 11 21 0 8 32768 0
malloc-1024 1024 2 30 10 0 16 32768 0
malloc-1024 1024 13 19 1069 0 16 32768 0
malloc-1024 1024 19 13 19 0 16 32768 0
malloc-1024 1024 3 29 22 0 16 32768 0
malloc-1024 1024 9 23 10 0 16 32768 0
malloc-1024 1024 9 23 9 0 16 32768 0
malloc-512 512 2 62 12 0 30 32768 0
malloc-512 512 2 62 168 0 30 32768 0
malloc-512 512 6 58 22 0 30 32768 0
malloc-512 512 8 56 9 0 30 32768 0
pcpu-64 64 495 17 495 0 254 32768 0
ertt_txseginfo 40 0 808 618 0 254 32320 0
ttyinq 160 135 65 300 0 62 32000 0
PGRP 120 19 245 31 0 126 31680 0
VMSPACE 584 20 29 759 0 16 28616 0
sctp_laddr 48 0 588 4 0 254 28224 0
malloc-32 32 262 620 479 0 254 28224 0
16 Bucket 144 49 147 334 0 62 28224 0
4 Bucket 48 8 580 14 0 254 28224 0
da_ccb 544 0 49 1572 0 16 26656 0
TURNSTILE 136 113 76 113 0 62 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 1 2 20 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
pipe 736 6 27 282 0 16 24288 0
malloc-8192 8192 1 2 20 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-8192 8192 3 0 3 0 1 24576 0
PWD 40 10 596 99 0 254 24240 0
rtentry 168 13 131 17 0 62 24192 0
Files 80 68 232 6533 0 126 24000 0
8 Bucket 80 48 252 294 0 126 24000 0
tcp_inpcb 1312 3 15 7 0 8 23616 0
malloc-384 384 7 53 27 0 30 23040 0
malloc-384 384 17 43 668 0 30 23040 0
malloc-384 384 19 41 21 0 30 23040 0
malloc-384 384 26 34 38 0 30 23040 0
malloc-384 384 4 56 5 0 30 23040 0
Mountpoints 2816 2 6 2 0 4 22528 0
SLEEPQUEUE 88 113 143 113 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
udp_inpcb ports 32 3 627 40 0 254 20160 0
ertt 72 3 277 7 0 126 20160 0
malloc-32 32 41 589 47 0 254 20160 0
malloc-32 32 59 571 753 0 254 20160 0
malloc-32 32 31 599 3776 0 254 20160 0
malloc-32 32 25 605 506 0 254 20160 0
2 Bucket 32 49 581 305 0 254 20160 0
malloc-256 256 8 67 522 0 62 19200 0
vmem 1856 2 7 2 0 8 16704 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 2 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 2 2 217 0 2 16384 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 2 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-2048 2048 1 7 1 0 8 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-512 512 1 31 1 0 30 16384 0
malloc-2048 2048 2 6 2 0 8 16384 0
malloc-512 512 2 30 7 0 30 16384 0
SMR CPU 32 8 503 8 0 254 16352 0
kenv 258 17 43 1063 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
tcp_inpcb ports 32 1 377 1 0 254 12096 0
SMR SHARED 24 8 503 8 0 254 12264 0
malloc-32 32 0 378 2 0 254 12096 0
malloc-32 32 114 264 212 0 254 12096 0
KNOTE 160 0 75 8 0 62 12000 0
malloc-16 16 5 745 14 0 254 12000 0
malloc-16 16 18 732 57 0 254 12000 0
malloc-16 16 306 444 493 0 254 12000 0
malloc-16 16 183 567 3013 0 254 12000 0
malloc-16 16 20 730 24915 0 254 12000 0
malloc-16 16 15 735 37 0 254 12000 0
ripcb 384 1 29 4 0 30 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 1 0 2 8192 0
pcpu-16 16 8 504 8 0 254 8192 0
vtnet_tx_hdr 24 0 334 7074 0 254 8016 0
malloc-16 16 6 494 8 0 254 8000 0
UMA Slabs 1 176 8 14 8 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swpctrie 152 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf frags 256 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf UDP mappings 104 0 0 0 0 126 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 376 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_rack_pcb 1152 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
tcp_bbr_pcb 896 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_raddr 736 0 0 0 0 254 0 0
sctp_asoc 2256 0 0 0 0 254 0 0
sctp_ep 1152 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcp_log 416 0 0 0 0 254 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb ports 32 0 0 0 0 254 0 0
udplite_inpcb 416 0 0 0 0 30 0 0
ripcb ports 32 0 0 0 0 254 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 240 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
cryptop 280 0 0 0 0 30 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 152 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 112 0 0 0 0 126 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 152 0 0 0 0 62 0 0
rl_entry 48 0 0 0 0 254 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-4096 4096 0 0 0 0 2 0 0
malloc-512 512 0 0 0 0 30 0 0
malloc-512 512 0 0 0 0 30 0 0
pcpu-32 32 0 0 0 0 254 0 0
pcpu-4 4 0 0 0 0 254 0 0
fakepg 104 0 0 0 0 126 0 0
UMA Hash 256 0 0 0 0 62 0 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages