panic: tcp_default_fb_init: connection ADDR in unexpected state NUM
2 views
Skip to first unread message
syzbot
Jun 28, 2025, 1:46:32 PM6/28/25
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3a33e39edd48 pctrie: correct iter node after node allocation
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=1630288c580000
dashboard link: https://syzkaller.appspot.com/bug?extid=902d31bb0e68a1e8c088
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+902d31...@syzkaller.appspotmail.com
panic: tcp_default_fb_init: connection 0xfffffe0079dd2000 in unexpected state 10
cpuid = 1
time = 1751132753
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0057192290
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00571923f0
vpanic() at vpanic+0x257/frame 0xfffffe00571925b0
panic() at panic+0xb5/frame 0xfffffe0057192680
tcp_default_fb_init() at tcp_default_fb_init+0x697/frame 0xfffffe00571926d0
tcp_ctloutput_set() at tcp_ctloutput_set+0x607/frame 0xfffffe0057192850
tcp_ctloutput() at tcp_ctloutput+0x128/frame 0xfffffe0057192950
sosetopt() at sosetopt+0x236/frame 0xfffffe0057192b50
kern_setsockopt() at kern_setsockopt+0x2b0/frame 0xfffffe0057192cc0
sys_setsockopt() at sys_setsockopt+0x77/frame 0xfffffe0057192d10
amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0057192f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0057192f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x825d99f08, rbp = 0x825d99f80 ---
KDB: enter: panic
[ thread pid 1307 tid 100956 ]
Stopped at kdb_enter+0x6e: movq $0,0x25b9ce7(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe0002bf1850
rdx 0
rbx 0xffffffff827bb8c0 .str.27
rsp 0xfffffe00571923d0
rbp 0xfffffe00571923f0
rsi 0
rdi 0xffffffff81618b29 printf+0x149
r8 0
r9 0xffffffff
r10 0x3
r11 0xfffffe00541be550
r12 0xfffffe00541be000
r13 0xfffffffffffffffd
r14 0xffffffff827bb8c0 .str.27
r15 0
rip 0xffffffff816026ae kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25b9ce7(%rip)
db> show proc
Process 1307 (syz-executor) at 0xfffffe00541b4000:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 765 at 0xfffffe0054101000
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0007809040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00540b7db0
(map 0xfffffe00540b7db0)
(map.pmap 0xfffffe00540b7e50)
(pmap 0xfffffe00540b7ec0)
threads: 3
100941 RunQ syz-executor
100956 Run CPU 1 syz-executor
100957 S uwait 0xfffffe0078dced80 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1308 767 767 0 R (threaded) syz-executor
100279 Run CPU 0 syz-executor
100959 RunQ syz-executor
1307 765 765 0 R (threaded) syz-executor
100941 RunQ syz-executor
100956 Run CPU 1 syz-executor
100957 S uwait 0xfffffe0078dced80 syz-executor
1306 766 766 0 R (threaded) syz-executor
100245 RunQ syz-executor
100955 S uwait 0xfffffe006e52b280 syz-executor
100958 RunQ syz-executor
1304 1 1304 0 Ss+ ttyin 0xfffffe0053f700b0 getty
1303 1 1303 0 Ss+ ttyin 0xfffffe0053f6f8b0 getty
1302 1 1302 0 Ss+ ttyin 0xfffffe0053f6f0b0 getty
1301 1 1301 0 Ss+ ttyin 0xfffffe0053f6e8b0 getty
1300 1 1300 0 Ss+ ttyin 0xfffffe0053f6e0b0 getty
1299 1 1299 0 Ss+ ttyin 0xfffffe00582924b0 getty
1298 1 1298 0 Ss+ ttyin 0xfffffe00594918b0 getty
1297 1 1297 0 Ss+ ttyin 0xfffffe00594910b0 getty
1296 1 1296 0 Ss+ ttyin 0xfffffe0057dfa8b0 getty
1295 764 764 0 R (threaded) syz-executor
100947 RunQ syz-executor
100952 S uwait 0xfffffe0053ec2780 syz-executor
100953 S uwait 0xfffffe007922c800 syz-executor
1291 1 765 0 T syz-executor
1231 1 764 0 S uwait 0xfffffe007922e000 syz-executor
1138 1137 764 0 S uwait 0xfffffe007922d880 syz-executor
1137 1136 764 0 SV wait 0xfffffe0054197b00 syz-executor
1136 1 764 0 DV ppwait 0xfffffe0054198000 syz-executor
1113 0 0 0 DL mdwait 0xfffffe005861f000 [md7]
945 0 0 0 DL mdwait 0xfffffe006b761000 [md1]
927 0 0 0 DL mdwait 0xfffffe006b760000 [md0]
913 0 0 0 DL (threaded) [KTLS]
100236 D - 0xfffffe0007a6c600 [thr_0]
100237 D - 0xfffffe0007a6c680 [thr_1]
100238 D - 0xffffffff83caee28 [reclaim_0]
892 0 0 0 DL (threaded) [so_splice]
100106 D - 0xfffffe006b452b00 [thr_0]
100195 D - 0xfffffe006b452b40 [thr_1]
847 0 0 0 DL - 0xffffffff83b47da0 [accounting]
814 0 0 0 DL aiordy 0xfffffe0054007020 [aiod4]
813 0 0 0 DL aiordy 0xfffffe00540085a0 [aiod3]
812 0 0 0 DL aiordy 0xfffffe0054008b00 [aiod2]
811 0 0 0 DL aiordy 0xfffffe00540e2020 [aiod1]
767 763 767 0 S nanslp 0xffffffff83b9d580 syz-executor
766 763 766 0 R syz-executor
765 763 765 0 R syz-executor
764 763 764 0 R syz-executor
763 761 761 0 S select 0xfffffe006ddfca40 syz-executor
761 1 761 0 Ss sigsusp 0xfffffe0054007b90 csh
17 0 0 0 DL syncer 0xffffffff83cbafa0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007828040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cb9560 [bufdaemon]
100083 D - 0xffffffff83001ec0 [bufspacedaemon-0]
100094 D sdflush 0xfffffe00596dbce8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d04400 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83cea4c8 [dom0]
100081 D launds 0xffffffff83cea4d4 [laundry: dom0]
100082 D umarcl 0xffffffff81dd8c90 [uma]
7 0 0 0 DL - 0xffffffff8391acd0 [rand_harvestq]
6 0 0 0 TL pftm 0xffffffff84838980 [pf purge]
5 0 0 0 DL waiting 0xffffffff84701700 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff838e5340 [doneq0]
100047 D - 0xffffffff838e52c0 [async]
100076 D - 0xffffffff838e5140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce5d80 [crypto]
100044 D crypto_ 0xfffffe0007a6fc30 [crypto returns 0]
100045 D crypto_ 0xfffffe0007a6fc80 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0053ff0088 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b45f20 [g_event]
100038 D - 0xffffffff83b45f40 [g_up]
100039 D - 0xffffffff83b45f60 [g_down]
2 0 0 0 WL (threaded) [clock]
100031 I [clock (0)]
100032 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0007809040 [init]
10 0 0 0 DL audit_w 0xffffffff83ce6820 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c36ff0 [swapper]
100005 D - 0xfffffe0053e9c800 [softirq_0]
100006 D - 0xfffffe0053e9c700 [softirq_1]
100007 D - 0xfffffe0053e9c600 [if_io_tqg_0]
100008 D - 0xfffffe0053e9c500 [if_io_tqg_1]
100009 D - 0xfffffe0053e9c400 [if_config_tqg_0]
100010 D - 0xfffffe000776ab00 [kqueue_ctx taskq]
100011 D - 0xfffffe000776aa00 [jail_remove taskq]
100012 D - 0xfffffe000776a900 [bus taskq]
100015 D - 0xfffffe000776a600 [thread taskq]
100017 D - 0xfffffe000776a400 [aiod_kick taskq]
100018 D - 0xfffffe000776a300 [deferred_unmount ta]
100019 D - 0xfffffe000776a200 [inm_free taskq]
100020 D - 0xfffffe000776a100 [in6m_free taskq]
100021 D - 0xfffffe000776a000 [linuxkpi_irq_wq]
100022 D - 0xfffffe0007769e00 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0007769e00 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0007769e00 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0007769e00 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0007769d00 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0007769d00 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0007769d00 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0007769d00 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0007769a00 [firmware taskq]
100041 D - 0xfffffe0007769700 [crypto_0]
100042 D - 0xfffffe0007769700 [crypto_1]
100057 D - 0xfffffe0007769300 [vtnet0 rxq 0]
100058 D - 0xfffffe0007769200 [vtnet0 txq 0]
100059 D - 0xfffffe0007769100 [vtnet0 rxq 1]
100060 D - 0xfffffe0007769000 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0057d7eb80 [virtio_balloon]
100066 D - 0xffffffff827c0c61 [deadlkres]
100070 D - 0xfffffe00593dc300 [acpi_task_0]
100071 D - 0xfffffe00593dc300 [acpi_task_1]
100072 D - 0xfffffe00593dc300 [acpi_task_2]
100074 D - 0xfffffe000776ac00 [mca taskq]
100075 D - 0xfffffe0007769600 [CAM taskq]
100077 D - 0xfffffe00593db700 [ipsec_offload]
100468 D - 0xfffffe00593d9500 [system_taskq_0]
100469 D - 0xfffffe00593d9500 [system_taskq_1]
100470 D - 0xfffffe0078dcc900 [system_delay_taskq_]
100471 D - 0xfffffe0078dcc900 [system_delay_taskq_]
100472 D - 0xfffffe0078dcc800 [zvol_tq-0_0]
100473 D - 0xfffffe0078dcc800 [zvol_tq-0_1]
100474 D - 0xfffffe0078dcc800 [zvol_tq-0_2]
100475 D - 0xfffffe0078dcc800 [zvol_tq-0_3]
100476 D - 0xfffffe0078dcc800 [zvol_tq-0_4]
100477 D - 0xfffffe0078dcc800 [zvol_tq-0_5]
100478 D - 0xfffffe0078dcc800 [zvol_tq-0_6]
100479 D - 0xfffffe0078dcc800 [zvol_tq-0_7]
100480 D - 0xfffffe0078dcc800 [zvol_tq-0_8]
100481 D - 0xfffffe0078dcc800 [zvol_tq-0_9]
100482 D - 0xfffffe0078dcc800 [zvol_tq-0_10]
100483 D - 0xfffffe0078dcc800 [zvol_tq-0_11]
100484 D - 0xfffffe0078dcc800 [zvol_tq-0_12]
100485 D - 0xfffffe0078dcc800 [zvol_tq-0_13]
100486 D - 0xfffffe0078dcc800 [zvol_tq-0_14]
100487 D - 0xfffffe0078dcc800 [zvol_tq-0_15]
100488 D - 0xfffffe0078dcc800 [zvol_tq-0_16]
100489 D - 0xfffffe0078dcc800 [zvol_tq-0_17]
100490 D - 0xfffffe0078dcc800 [zvol_tq-0_18]
100491 D - 0xfffffe0078dcc800 [zvol_tq-0_19]
100492 D - 0xfffffe0078dcc800 [zvol_tq-0_20]
100493 D - 0xfffffe0078dcc800 [zvol_tq-0_21]
100494 D - 0xfffffe0078dcc800 [zvol_tq-0_22]
100495 D - 0xfffffe0078dcc800 [zvol_tq-0_23]
100496 D - 0xfffffe0078dcc800 [zvol_tq-0_24]
100497 D - 0xfffffe0078dcc800 [zvol_tq-0_25]
100498 D - 0xfffffe0078dcc800 [zvol_tq-0_26]
100499 D - 0xfffffe0078dcc800 [zvol_tq-0_27]
100500 D - 0xfffffe0078dcc800 [zvol_tq-0_28]
100501 D - 0xfffffe0078dcc800 [zvol_tq-0_29]
100502 D - 0xfffffe0078dcc800 [zvol_tq-0_30]
100503 D - 0xfffffe0078dcc800 [zvol_tq-0_31]
100504 D - 0xfffffe0078dcc600 [arc_prune]
100505 D - 0xfffffe0078dcc500 [arc_flush_0]
100506 D - 0xfffffe0078dcc500 [arc_flush_1]
100520 D - 0xfffffe000776c600 [dbu_evict]
100535 D - 0xfffffe00593d9900 [z_vdev_file_0]
100536 D - 0xfffffe00593d9900 [z_vdev_file_1]
100537 D - 0xfffffe00593d9900 [z_vdev_file_2]
100538 D - 0xfffffe00593d9900 [z_vdev_file_3]
100539 D - 0xfffffe00593d9900 [z_vdev_file_4]
100540 D - 0xfffffe00593d9900 [z_vdev_file_5]
100541 D - 0xfffffe00593d9900 [z_vdev_file_6]
100542 D - 0xfffffe00593d9900 [z_vdev_file_7]
100543 D - 0xfffffe00593d9900 [z_vdev_file_8]
100544 D - 0xfffffe00593d9900 [z_vdev_file_9]
100545 D - 0xfffffe00593d9900 [z_vdev_file_10]
100546 D - 0xfffffe00593d9900 [z_vdev_file_11]
100547 D - 0xfffffe00593d9900 [z_vdev_file_12]
100548 D - 0xfffffe00593d9900 [z_vdev_file_13]
100549 D - 0xfffffe00593d9900 [z_vdev_file_14]
100550 D - 0xfffffe00593d9900 [z_vdev_file_15]
100565 D - 0xfffffe00593da600 [zfsvfs]
100799 D - 0xfffffe0059668e00 [netlink_socket (PID]
db> show all locks
Process 1308 (syz-executor) thread 0xfffffe0054129000 (100279)
exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff83baa940) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:1299
Process 1307 (syz-executor) thread 0xfffffe00541be000 (100956)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe0079dd2020) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:1734
db> show malloc
Type InUse MemUse Requests
sctp_stro 9 23051K 13
pf_hash 6 12804K 6
linker 425 12680K 793
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4217
solaris 2246 3597K 4472
sysctloid 45027 2645K 45139
vtbuf 24 1968K 46
kobj 331 1324K 524
newblk 97 1048K 3612
vfscache 3 1025K 3
pcb 44 690K 736
inodedep 18 519K 876
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vmem 5 274K 8
subproc 207 267K 1474
vnet_data 2 224K 2
acpitask 1 224K 1
filedesc 27 213K 785
KTRACE 102 201K 75073
acpica 1674 184K 54432
tidhash 3 141K 3
pagedep 11 131K 413
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 113 113K 130
sem 4 106K 4
gtaskqueue 18 98K 18
bus 1002 82K 5074
mtx_pool 3 74K 3
md_sectors 18 72K 18
umtx 560 70K 560
kdtrace 319 70K 2270
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 526 66K 531
ddb_capture 1 64K 1
temp 40 44K 2457
DEVFS3 132 33K 142
hostcache 1 32K 1
shm 1 32K 23
msg 4 30K 4
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
kstat_data 19 19K 19
ifaddr 67 19K 69
LRO 18 19K 18
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
routetbl 135 16K 424
ithread 90 15K 90
bus-sc 34 15K 1650
lltable 45 14K 46
eventhandler 166 14K 166
GEOM 82 14K 574
md_disk 21 13K 23
ifnet 7 13K 7
ether_multi 152 13K 174
shmfd 10 12K 32
kenv 95 12K 95
taskqueue 96 11K 168
CAM queue 5 11K
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 3a33e39edd48 pctrie: correct iter node after node allocation
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=1630288c580000
dashboard link: https://syzkaller.appspot.com/bug?extid=902d31bb0e68a1e8c088
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+902d31...@syzkaller.appspotmail.com
panic: tcp_default_fb_init: connection 0xfffffe0079dd2000 in unexpected state 10
cpuid = 1
time = 1751132753
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0057192290
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00571923f0
vpanic() at vpanic+0x257/frame 0xfffffe00571925b0
panic() at panic+0xb5/frame 0xfffffe0057192680
tcp_default_fb_init() at tcp_default_fb_init+0x697/frame 0xfffffe00571926d0
tcp_ctloutput_set() at tcp_ctloutput_set+0x607/frame 0xfffffe0057192850
tcp_ctloutput() at tcp_ctloutput+0x128/frame 0xfffffe0057192950
sosetopt() at sosetopt+0x236/frame 0xfffffe0057192b50
kern_setsockopt() at kern_setsockopt+0x2b0/frame 0xfffffe0057192cc0
sys_setsockopt() at sys_setsockopt+0x77/frame 0xfffffe0057192d10
amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0057192f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0057192f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x825d99f08, rbp = 0x825d99f80 ---
KDB: enter: panic
[ thread pid 1307 tid 100956 ]
Stopped at kdb_enter+0x6e: movq $0,0x25b9ce7(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe0002bf1850
rdx 0
rbx 0xffffffff827bb8c0 .str.27
rsp 0xfffffe00571923d0
rbp 0xfffffe00571923f0
rsi 0
rdi 0xffffffff81618b29 printf+0x149
r8 0
r9 0xffffffff
r10 0x3
r11 0xfffffe00541be550
r12 0xfffffe00541be000
r13 0xfffffffffffffffd
r14 0xffffffff827bb8c0 .str.27
r15 0
rip 0xffffffff816026ae kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25b9ce7(%rip)
db> show proc
Process 1307 (syz-executor) at 0xfffffe00541b4000:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 765 at 0xfffffe0054101000
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0007809040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00540b7db0
(map 0xfffffe00540b7db0)
(map.pmap 0xfffffe00540b7e50)
(pmap 0xfffffe00540b7ec0)
threads: 3
100941 RunQ syz-executor
100956 Run CPU 1 syz-executor
100957 S uwait 0xfffffe0078dced80 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1308 767 767 0 R (threaded) syz-executor
100279 Run CPU 0 syz-executor
100959 RunQ syz-executor
1307 765 765 0 R (threaded) syz-executor
100941 RunQ syz-executor
100956 Run CPU 1 syz-executor
100957 S uwait 0xfffffe0078dced80 syz-executor
1306 766 766 0 R (threaded) syz-executor
100245 RunQ syz-executor
100955 S uwait 0xfffffe006e52b280 syz-executor
100958 RunQ syz-executor
1304 1 1304 0 Ss+ ttyin 0xfffffe0053f700b0 getty
1303 1 1303 0 Ss+ ttyin 0xfffffe0053f6f8b0 getty
1302 1 1302 0 Ss+ ttyin 0xfffffe0053f6f0b0 getty
1301 1 1301 0 Ss+ ttyin 0xfffffe0053f6e8b0 getty
1300 1 1300 0 Ss+ ttyin 0xfffffe0053f6e0b0 getty
1299 1 1299 0 Ss+ ttyin 0xfffffe00582924b0 getty
1298 1 1298 0 Ss+ ttyin 0xfffffe00594918b0 getty
1297 1 1297 0 Ss+ ttyin 0xfffffe00594910b0 getty
1296 1 1296 0 Ss+ ttyin 0xfffffe0057dfa8b0 getty
1295 764 764 0 R (threaded) syz-executor
100947 RunQ syz-executor
100952 S uwait 0xfffffe0053ec2780 syz-executor
100953 S uwait 0xfffffe007922c800 syz-executor
1291 1 765 0 T syz-executor
1231 1 764 0 S uwait 0xfffffe007922e000 syz-executor
1138 1137 764 0 S uwait 0xfffffe007922d880 syz-executor
1137 1136 764 0 SV wait 0xfffffe0054197b00 syz-executor
1136 1 764 0 DV ppwait 0xfffffe0054198000 syz-executor
1113 0 0 0 DL mdwait 0xfffffe005861f000 [md7]
945 0 0 0 DL mdwait 0xfffffe006b761000 [md1]
927 0 0 0 DL mdwait 0xfffffe006b760000 [md0]
913 0 0 0 DL (threaded) [KTLS]
100236 D - 0xfffffe0007a6c600 [thr_0]
100237 D - 0xfffffe0007a6c680 [thr_1]
100238 D - 0xffffffff83caee28 [reclaim_0]
892 0 0 0 DL (threaded) [so_splice]
100106 D - 0xfffffe006b452b00 [thr_0]
100195 D - 0xfffffe006b452b40 [thr_1]
847 0 0 0 DL - 0xffffffff83b47da0 [accounting]
814 0 0 0 DL aiordy 0xfffffe0054007020 [aiod4]
813 0 0 0 DL aiordy 0xfffffe00540085a0 [aiod3]
812 0 0 0 DL aiordy 0xfffffe0054008b00 [aiod2]
811 0 0 0 DL aiordy 0xfffffe00540e2020 [aiod1]
767 763 767 0 S nanslp 0xffffffff83b9d580 syz-executor
766 763 766 0 R syz-executor
765 763 765 0 R syz-executor
764 763 764 0 R syz-executor
763 761 761 0 S select 0xfffffe006ddfca40 syz-executor
761 1 761 0 Ss sigsusp 0xfffffe0054007b90 csh
17 0 0 0 DL syncer 0xffffffff83cbafa0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007828040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cb9560 [bufdaemon]
100083 D - 0xffffffff83001ec0 [bufspacedaemon-0]
100094 D sdflush 0xfffffe00596dbce8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d04400 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83cea4c8 [dom0]
100081 D launds 0xffffffff83cea4d4 [laundry: dom0]
100082 D umarcl 0xffffffff81dd8c90 [uma]
7 0 0 0 DL - 0xffffffff8391acd0 [rand_harvestq]
6 0 0 0 TL pftm 0xffffffff84838980 [pf purge]
5 0 0 0 DL waiting 0xffffffff84701700 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff838e5340 [doneq0]
100047 D - 0xffffffff838e52c0 [async]
100076 D - 0xffffffff838e5140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce5d80 [crypto]
100044 D crypto_ 0xfffffe0007a6fc30 [crypto returns 0]
100045 D crypto_ 0xfffffe0007a6fc80 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0053ff0088 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b45f20 [g_event]
100038 D - 0xffffffff83b45f40 [g_up]
100039 D - 0xffffffff83b45f60 [g_down]
2 0 0 0 WL (threaded) [clock]
100031 I [clock (0)]
100032 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0007809040 [init]
10 0 0 0 DL audit_w 0xffffffff83ce6820 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c36ff0 [swapper]
100005 D - 0xfffffe0053e9c800 [softirq_0]
100006 D - 0xfffffe0053e9c700 [softirq_1]
100007 D - 0xfffffe0053e9c600 [if_io_tqg_0]
100008 D - 0xfffffe0053e9c500 [if_io_tqg_1]
100009 D - 0xfffffe0053e9c400 [if_config_tqg_0]
100010 D - 0xfffffe000776ab00 [kqueue_ctx taskq]
100011 D - 0xfffffe000776aa00 [jail_remove taskq]
100012 D - 0xfffffe000776a900 [bus taskq]
100015 D - 0xfffffe000776a600 [thread taskq]
100017 D - 0xfffffe000776a400 [aiod_kick taskq]
100018 D - 0xfffffe000776a300 [deferred_unmount ta]
100019 D - 0xfffffe000776a200 [inm_free taskq]
100020 D - 0xfffffe000776a100 [in6m_free taskq]
100021 D - 0xfffffe000776a000 [linuxkpi_irq_wq]
100022 D - 0xfffffe0007769e00 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0007769e00 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0007769e00 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0007769e00 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0007769d00 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0007769d00 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0007769d00 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0007769d00 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0007769a00 [firmware taskq]
100041 D - 0xfffffe0007769700 [crypto_0]
100042 D - 0xfffffe0007769700 [crypto_1]
100057 D - 0xfffffe0007769300 [vtnet0 rxq 0]
100058 D - 0xfffffe0007769200 [vtnet0 txq 0]
100059 D - 0xfffffe0007769100 [vtnet0 rxq 1]
100060 D - 0xfffffe0007769000 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0057d7eb80 [virtio_balloon]
100066 D - 0xffffffff827c0c61 [deadlkres]
100070 D - 0xfffffe00593dc300 [acpi_task_0]
100071 D - 0xfffffe00593dc300 [acpi_task_1]
100072 D - 0xfffffe00593dc300 [acpi_task_2]
100074 D - 0xfffffe000776ac00 [mca taskq]
100075 D - 0xfffffe0007769600 [CAM taskq]
100077 D - 0xfffffe00593db700 [ipsec_offload]
100468 D - 0xfffffe00593d9500 [system_taskq_0]
100469 D - 0xfffffe00593d9500 [system_taskq_1]
100470 D - 0xfffffe0078dcc900 [system_delay_taskq_]
100471 D - 0xfffffe0078dcc900 [system_delay_taskq_]
100472 D - 0xfffffe0078dcc800 [zvol_tq-0_0]
100473 D - 0xfffffe0078dcc800 [zvol_tq-0_1]
100474 D - 0xfffffe0078dcc800 [zvol_tq-0_2]
100475 D - 0xfffffe0078dcc800 [zvol_tq-0_3]
100476 D - 0xfffffe0078dcc800 [zvol_tq-0_4]
100477 D - 0xfffffe0078dcc800 [zvol_tq-0_5]
100478 D - 0xfffffe0078dcc800 [zvol_tq-0_6]
100479 D - 0xfffffe0078dcc800 [zvol_tq-0_7]
100480 D - 0xfffffe0078dcc800 [zvol_tq-0_8]
100481 D - 0xfffffe0078dcc800 [zvol_tq-0_9]
100482 D - 0xfffffe0078dcc800 [zvol_tq-0_10]
100483 D - 0xfffffe0078dcc800 [zvol_tq-0_11]
100484 D - 0xfffffe0078dcc800 [zvol_tq-0_12]
100485 D - 0xfffffe0078dcc800 [zvol_tq-0_13]
100486 D - 0xfffffe0078dcc800 [zvol_tq-0_14]
100487 D - 0xfffffe0078dcc800 [zvol_tq-0_15]
100488 D - 0xfffffe0078dcc800 [zvol_tq-0_16]
100489 D - 0xfffffe0078dcc800 [zvol_tq-0_17]
100490 D - 0xfffffe0078dcc800 [zvol_tq-0_18]
100491 D - 0xfffffe0078dcc800 [zvol_tq-0_19]
100492 D - 0xfffffe0078dcc800 [zvol_tq-0_20]
100493 D - 0xfffffe0078dcc800 [zvol_tq-0_21]
100494 D - 0xfffffe0078dcc800 [zvol_tq-0_22]
100495 D - 0xfffffe0078dcc800 [zvol_tq-0_23]
100496 D - 0xfffffe0078dcc800 [zvol_tq-0_24]
100497 D - 0xfffffe0078dcc800 [zvol_tq-0_25]
100498 D - 0xfffffe0078dcc800 [zvol_tq-0_26]
100499 D - 0xfffffe0078dcc800 [zvol_tq-0_27]
100500 D - 0xfffffe0078dcc800 [zvol_tq-0_28]
100501 D - 0xfffffe0078dcc800 [zvol_tq-0_29]
100502 D - 0xfffffe0078dcc800 [zvol_tq-0_30]
100503 D - 0xfffffe0078dcc800 [zvol_tq-0_31]
100504 D - 0xfffffe0078dcc600 [arc_prune]
100505 D - 0xfffffe0078dcc500 [arc_flush_0]
100506 D - 0xfffffe0078dcc500 [arc_flush_1]
100520 D - 0xfffffe000776c600 [dbu_evict]
100535 D - 0xfffffe00593d9900 [z_vdev_file_0]
100536 D - 0xfffffe00593d9900 [z_vdev_file_1]
100537 D - 0xfffffe00593d9900 [z_vdev_file_2]
100538 D - 0xfffffe00593d9900 [z_vdev_file_3]
100539 D - 0xfffffe00593d9900 [z_vdev_file_4]
100540 D - 0xfffffe00593d9900 [z_vdev_file_5]
100541 D - 0xfffffe00593d9900 [z_vdev_file_6]
100542 D - 0xfffffe00593d9900 [z_vdev_file_7]
100543 D - 0xfffffe00593d9900 [z_vdev_file_8]
100544 D - 0xfffffe00593d9900 [z_vdev_file_9]
100545 D - 0xfffffe00593d9900 [z_vdev_file_10]
100546 D - 0xfffffe00593d9900 [z_vdev_file_11]
100547 D - 0xfffffe00593d9900 [z_vdev_file_12]
100548 D - 0xfffffe00593d9900 [z_vdev_file_13]
100549 D - 0xfffffe00593d9900 [z_vdev_file_14]
100550 D - 0xfffffe00593d9900 [z_vdev_file_15]
100565 D - 0xfffffe00593da600 [zfsvfs]
100799 D - 0xfffffe0059668e00 [netlink_socket (PID]
db> show all locks
Process 1308 (syz-executor) thread 0xfffffe0054129000 (100279)
exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff83baa940) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:1299
Process 1307 (syz-executor) thread 0xfffffe00541be000 (100956)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe0079dd2020) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:1734
db> show malloc
Type InUse MemUse Requests
sctp_stro 9 23051K 13
pf_hash 6 12804K 6
linker 425 12680K 793
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4217
solaris 2246 3597K 4472
sysctloid 45027 2645K 45139
vtbuf 24 1968K 46
kobj 331 1324K 524
newblk 97 1048K 3612
vfscache 3 1025K 3
pcb 44 690K 736
inodedep 18 519K 876
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vmem 5 274K 8
subproc 207 267K 1474
vnet_data 2 224K 2
acpitask 1 224K 1
filedesc 27 213K 785
KTRACE 102 201K 75073
acpica 1674 184K 54432
tidhash 3 141K 3
pagedep 11 131K 413
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 113 113K 130
sem 4 106K 4
gtaskqueue 18 98K 18
bus 1002 82K 5074
mtx_pool 3 74K 3
md_sectors 18 72K 18
umtx 560 70K 560
kdtrace 319 70K 2270
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 526 66K 531
ddb_capture 1 64K 1
temp 40 44K 2457
DEVFS3 132 33K 142
hostcache 1 32K 1
shm 1 32K 23
msg 4 30K 4
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
kstat_data 19 19K 19
ifaddr 67 19K 69
LRO 18 19K 18
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
routetbl 135 16K 424
ithread 90 15K 90
bus-sc 34 15K 1650
lltable 45 14K 46
eventhandler 166 14K 166
GEOM 82 14K 574
md_disk 21 13K 23
ifnet 7 13K 7
ether_multi 152 13K 174
shmfd 10 12K 32
kenv 95 12K 95
taskqueue 96 11K 168
CAM queue 5 11K
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages