Fatal trap NUM: page fault in _vn_lock

5 views
Skip to first unread message

syzbot

unread,
Jul 2, 2025, 8:48:41 PM7/2/25
to syzkaller-f...@googlegroups.com
Hello,

syzbot found the following issue on:

HEAD commit: 604d34c23f77 net: ether_gen_addr: fix address generation
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=137cf982580000
dashboard link: https://syzkaller.appspot.com/bug?extid=7b4a4824bf81548283ab
userspace arch: i386

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7b4a48...@syzkaller.appspotmail.com

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x1a0
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff817bdd10
stack pointer = 0x0:0xfffffe0056ec7fc0
frame pointer = 0x0:0xfffffe0056ec80b0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 2660 (syz-executor)
rdi: 00000000000001a0 rsi: 0000000000000000 rdx: 0000000000080000
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=-1 (errno 54: Connection reset by peer)
rcx: fffffe0002bf1850 r8: 0000000000000000 r9: 0000000000000038


FreeBSD/amd64rax: fffffe0002bf1850 rbx: 1fffffc00add8ffc rbp: fffffe0056ec80b0
r10: 2487e2d904a21603 r11: 0000000000000085 r12: 0000000000080400
r13: fffffe007b2b0040 r14: 0000000000000000 r15: fffffe007b2b0188
trap number = 12
panic: page fault
cpuid = 1
time = 147
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056ec77f0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056ec7950
vpanic() at vpanic+0x257/frame 0xfffffe0056ec7b10
panic() at panic+0xb5/frame 0xfffffe0056ec7bd0
trap_pfault() at trap_pfault+0xaec/frame 0xfffffe0056ec7d10
trap() at trap+0x78e/frame 0xfffffe0056ec7ef0
calltrap() at calltrap+0x8/frame 0xfffffe0056ec7ef0
--- trap 0xc, rip = 0xffffffff817bdd10, rsp = 0xfffffe0056ec7fc0, rbp = 0xfffffe0056ec80b0 ---
_vn_lock() at _vn_lock+0xb0/frame 0xfffffe0056ec80b0
mddestroy() at mddestroy+0x3ba/frame 0xfffffe0056ec8190
mdctlioctl() at mdctlioctl+0x1680/frame 0xfffffe0056ec82f0
devfs_ioctl() at devfs_ioctl+0x266/frame 0xfffffe0056ec83e0
VOP_IOCTL_APV() at VOP_IOCTL_APV+0x87/frame 0xfffffe0056ec8410
vn_ioctl() at vn_ioctl+0x3c7/frame 0xfffffe0056ec8620
devfs_ioctl_f() at devfs_ioctl_f+0x69/frame 0xfffffe0056ec8670
kern_ioctl() at kern_ioctl+0x4ca/frame 0xfffffe0056ec8750
sys_ioctl() at sys_ioctl+0x36e/frame 0xfffffe0056ec88d0
freebsd32_ioctl() at freebsd32_ioctl+0x607/frame 0xfffffe0056ec8d10
ia32_syscall() at ia32_syscall+0x4d2/frame 0xfffffe0056ec8f30
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xdfffcf98
KDB: enter: panic
[ thread pid 2660 tid 101844 ]
Stopped at kdb_enter+0x6e: movq $0,0x25b9147(%rip)
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0
rax 0x12
rcx 0xfffffe0077200000
rdx 0x7ffff
rbx 0xffffffff827bcf60 .str.27
rsp 0xfffffe0056ec7930
rbp 0xfffffe0056ec7950
rsi 0x80001
rdi 0xffffffff8161a6c9 printf+0x149
r8 0
r9 0xffffffff
r10 0
r11 0x17
r12 0xfffffe0054129000
r13 0xfffffffffffffffd
r14 0xffffffff827bcf60 .str.27
r15 0
rip 0xffffffff8160424e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25b9147(%rip)
db> show proc
Process 2660 (syz-executor) at 0xfffffe0007826000:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 2272 at 0xfffffe0054007020
ABI: FreeBSD ELF32
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0007809040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0054121db0
(map 0xfffffe0054121db0)
(map.pmap 0xfffffe0054121e50)
(pmap 0xfffffe0054121ec0)
threads: 2
100086 RunQ syz-executor
101844 Run CPU 1 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
2661 766 766 0 R (threaded) syz-executor
100702 RunQ syz-executor
101846 S uwait 0xfffffe006df16e80 syz-executor
2660 2272 2272 0 R (threaded) syz-executor
100086 RunQ syz-executor
101844 Run CPU 1 syz-executor
2659 765 765 0 R (threaded) syz-executor
101764 RunQ syz-executor
101845 S uwait 0xfffffe00584ec800 syz-executor
2644 1 2301 0 S uwait 0xfffffe006df17000 syz-executor
2599 0 0 0 DL (threaded) [so_splice]
101778 D - 0xfffffe0058251b00 [thr_0]
101783 D - 0xfffffe0058251b40 [thr_1]
2591 0 0 0 DL mdwait 0xfffffe0078a86000 [md3]
2588 1 2272 0 S uwait 0xfffffe00584ed480 syz-executor
2576 1 766 0 S uwait 0xfffffe00584ed180 syz-executor
2568 1 2272 0 S uwait 0xfffffe00584ec600 syz-executor
2562 0 0 0 DL mdwait 0xfffffe0071ebc000 [md2]
2513 1 2301 0 S uwait 0xfffffe00584ec900 syz-executor
2500 1 2301 0 S umtxn 0xfffffe00584ed380 syz-executor
2481 1 765 0 S uwait 0xfffffe005824e300 syz-executor
2470 0 0 0 DL mdwait 0xfffffe0078bfd000 [md1]
2354 2335 2354 0 Ss select 0xfffffe0058251e40 dhclient
2341 1 2341 0 Ss select 0xfffffe0058251dc0 dhclient
2335 2310 424 65 S select 0xfffffe0058251f40 dhclient
2310 424 424 0 S wait 0xfffffe00540e85a0 sh
2301 1 2301 0 RE syz-executor
2272 1 2272 0 R syz-executor
2232 0 0 0 DL mdwait 0xfffffe0077792000 [md0]
2221 1 766 0 S uwait 0xfffffe00584eba80 syz-executor
2207 1 766 0 S uwait 0xfffffe006df17400 syz-executor
1328 1 766 0 S uwait 0xfffffe006df17800 syz-executor
971 0 0 0 DL aiordy 0xfffffe0054107040 [aiod4]
970 0 0 0 DL aiordy 0xfffffe00541075a0 [aiod3]
969 0 0 0 DL aiordy 0xfffffe0054107b00 [aiod2]
968 0 0 0 DL aiordy 0xfffffe000780a060 [aiod1]
766 1 766 0 R syz-executor
765 1 765 0 R syz-executor
761 759 761 0 REs csh
759 682 759 0 Rs sshd
748 1 748 0 Ss+ ttyin 0xfffffe0058287cb0 getty
747 1 747 0 Ss+ ttyin 0xfffffe00582860b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe00593f60b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00582864b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe00582868b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe00593f64b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0058286cb0 getty
741 1 741 0 Ss+ ttyin 0xfffffe00593f68b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe00593f6cb0 getty
738 1 18 0 S+ piperd 0xfffffe00598b98a0 logger
737 736 18 0 S+ nanslp 0xffffffff83b9e581 sleep
736 1 18 0 S+ wait 0xfffffe00540cf060 sh
686 1 686 0 Ss nanslp 0xffffffff83b9e581 cron
682 1 682 0 Ss select 0xfffffe005824ed40 sshd
495 1 495 0 Ss select 0xfffffe005824e940 syslogd
424 1 424 0 Ss wait 0xfffffe00540cdae0 devd
423 1 423 65 Ss select 0xfffffe005824e840 dhclient
338 1 338 0 Ss select 0xfffffe005824ee40 dhclient
335 1 335 0 Ss select 0xfffffe005824e8c0 dhclient
17 0 0 0 DL syncer 0xffffffff83cbbfa0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007829060 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cba560 [bufdaemon]
100083 D - 0xffffffff83001ec0 [bufspacedaemon-0]
100095 D sdflush 0xfffffe00596fe4e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d05400 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83ceb4c8 [dom0]
100081 D launds 0xffffffff83ceb4d4 [laundry: dom0]
100082 D umarcl 0xffffffff81dda750 [uma]
7 0 0 0 DL - 0xffffffff8391bcd0 [rand_harvestq]
6 0 0 0 RL [pf purge]
5 0 0 0 DL waiting 0xffffffff8449a700 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff838e6340 [doneq0]
100047 D - 0xffffffff838e62c0 [async]
100076 D - 0xffffffff838e6140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce6d80 [crypto]
100044 D crypto_ 0xfffffe0007a72d30 [crypto returns 0]
100045 D crypto_ 0xfffffe0007a72d80 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0057cba488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b46f20 [g_event]
100038 D - 0xffffffff83b46f40 [g_up]
100039 D - 0xffffffff83b46f60 [g_down]
2 0 0 0 RL (threaded) [clock]
100031 Run CPU 0 [clock (0)]
100032 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 RLs [init]
10 0 0 0 DL audit_w 0xffffffff83ce7820 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c36ff0 [swapper]
100005 D - 0xfffffe0053ea0100 [softirq_0]
100006 D - 0xfffffe0053ea0000 [softirq_1]
100007 D - 0xfffffe0053e9fe00 [if_io_tqg_0]
100008 D - 0xfffffe0053e9fd00 [if_io_tqg_1]
100009 D - 0xfffffe0053e9fc00 [if_config_tqg_0]
100010 D - 0xfffffe0007768900 [kqueue_ctx taskq]
100011 D - 0xfffffe0007768800 [jail_remove taskq]
100012 D - 0xfffffe0007768700 [bus taskq]
100015 D - 0xfffffe0007768200 [thread taskq]
100017 D - 0xfffffe0007767e00 [aiod_kick taskq]
100018 D - 0xfffffe0007767d00 [deferred_unmount ta]
100019 D - 0xfffffe0007767c00 [inm_free taskq]
100020 D - 0xfffffe0007767b00 [in6m_free taskq]
100021 D - 0xfffffe0007767a00 [linuxkpi_irq_wq]
100022 D - 0xfffffe0007767900 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0007767900 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0007767900 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0007767900 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0007767800 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0007767800 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0007767800 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0007767800 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0007767300 [firmware taskq]
100041 D - 0xfffffe0007767200 [crypto_0]
100042 D - 0xfffffe0007767200 [crypto_1]
100057 D - 0xfffffe005812c000 [vtnet0 rxq 0]
100058 D - 0xfffffe005812be00 [vtnet0 txq 0]
100059 D - 0xfffffe005812bd00 [vtnet0 rxq 1]
100060 D - 0xfffffe005812bc00 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0058250f00 [virtio_balloon]
100066 D - 0xffffffff827c2301 [deadlkres]
100070 D - 0xfffffe00593da400 [acpi_task_0]
100071 D - 0xfffffe00593da400 [acpi_task_1]
100072 D - 0xfffffe00593da400 [acpi_task_2]
100074 D - 0xfffffe000776a800 [mca taskq]
100075 D - 0xfffffe0007767100 [CAM taskq]
100077 D - 0xfffffe00593da300 [ipsec_offload]
db> show all locks
Process 2660 (syz-executor) thread 0xfffffe0054129000 (101844)
exclusive sx MD config lock (MD config lock) r = 0 (0xffffffff83911400) locked @ /syzkaller/managers/i386/kernel/sys/dev/md/md.c:1796
Process 2301 (syz-executor) thread 0xfffffe00540a4000 (100115)
exclusive rw vmobject (vmobject) r = 0 (0xfffffe005413a9b0) locked @ /syzkaller/managers/i386/kernel/sys/vm/vm_object.c:647
Process 761 (csh) thread 0xfffffe00540a3780 (100116)
exclusive rw pmap pv list (pmap pv list) r = 0 (0xfffffe00074ca100) locked @ /syzkaller/managers/i386/kernel/sys/amd64/amd64/pmap.c:8644
exclusive sleep mutex pmap (pmap) r = 0 (0xfffffe00540b3a30) locked @ /syzkaller/managers/i386/kernel/sys/amd64/amd64/pmap.c:8554
Process 2 (clock) thread 0xfffffe000781a780 (100031)
shared rw vnet_rwlock (vnet_rwlock) r = 0 (0xffffffff83cc0540) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/frag6.c:943
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 376 5071K 515
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4217
sysctloid 35476 2090K 35551
vtbuf 24 1968K 46
kobj 331 1324K 531
newblk 308 1101K 2042
vfscache 3 1025K 3
inodedep 1101 925K 1834
md_sectors 226 904K 226
pcb 24 669K 150
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 158 310K 2772
vmem 5 272K 7
dirrem 1070 268K 1767
filedesc 33 261K 3494
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 100 200K 100
acpica 1674 184K 54426
tidhash 3 141K 3
pagedep 33 136K 1726
freefile 1059 133K 1739
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 116 116K 139
sem 4 106K 4
gtaskqueue 18 98K 18
bus 997 82K 5063
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 521 66K 521
ddb_capture 1 64K 1
kdtrace 216 42K 4514
umtx 320 40K 320
temp 48 38K 2335
BPF 25 36K 72
DEVFS3 135 34K 145
hostcache 1 32K 1
shm 1 32K 1
msg 4 30K 4
kbdmux 6 28K 6
md_disk 231 28K 233
LRO 26 27K 32
ifaddr 88 22K 97
routetbl 268 21K 828
DEVFS_RULE 56 20K 56
ifnet 10 19K 11
lltable 60 18K 72
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
ithread 90 15K 90
GEOM 89 15K 601
bus-sc 34 15K 1647
eventhandler 163 14K 163
ether_multi 152 13K 251
kenv 95 12K 95
CAM queue 5 11K 1528
rman 82 10K 437
rpc 8 9K 8
bmsafemap 4 9K 1797
plimit 23 9K 379
in6_multi 65 9K 95
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 9
shmfd 1 8K 3
pfs_vncache 1 8K 1
audit_evclass 239 8K 301
taskqueue 69 8K 90
sglist 6 7K 6
cred 24 6K 269
CAM DEV 3 6K 510
pfs_nodes 22 6K 22
pf_ifnet 13 5K 28
ufs_dirhash 24 5K 24
UMA 271 5K 271
kqueue 69 5K 2697
pwddesc 67 5K 2656
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
newdirblk 29 4K 1713
mkdir 29 4K 3426
acpisem 28 4K 28
DEVFSP 46 3K 140
terminal 11 3K 11
session 22 3K 43
proc-args 89 3K 3898
diradd 21 3K 1791
tun 7 3K 7
acpidev 20 3K 20
hhook 8 3K 10
clone 9 3K 9
uidinfo 3 3K 48
lockf 21 3K 45
kcovinfo 36 3K 63
ip6ndp 15 3K 21
freework 9 3K 1709
local_apic 1 2K 1
io_apic 1 2K 1
freeblks 8 2K 1708
ipsec-saq 2 2K 2
selfd 31 2K 66290
Unitno 30 2K 64
sctp_ifa 13 2K 20
CAM XPT 22 2K 543
in_multi 6 2K 12
toponodes 6 2K 6
ipsecpolicy 2 2K 2
select 10 2K 57
msi 9 2K 9
netlink 2 2K 134
mld 9 2K 9
igmp 9 2K 9
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 12
NFSD session 1 1K 1
mount 19 1K 379
CAM periph 4 1K 271
ipsec 3 1K 3
sctp_ifn 6 1K 20
pfil 6 1K 6
isadev 6 1K 6
pci_link 10 1K 10
crypto 4 1K 21
encap_export_host 12 1K 12
osd 9 1K 71
sctp_timw 2 1K 2
CC Mem 4 1K 56
ioctlops 1 1K 120
cdev 2 1K 2
lkpikmalloc 8 1K 9
counter_rate 14 1K 14
filedesc_to_leader 7 1K 15
inpcbpolicy 13 1K 328
frag6 4 1K 6
chacha20random 1 1K 1
biobuf 1 1K 1
indirdep 1 1K 10
vnodes 1 1K 3
procdesc 2 1K 14
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
tcpfunc 3 1K 3
loginclass 3 1K 6
prison 6 1K 6
pf_rule 1 1K 1
cryptodev 2 1K 85
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
aio 4 1K 11
pmchooks 1 1K 1
filecaps 5 1K 98
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
soname 4 1K 3380
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 38
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_table 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
tcp_pcm_rack 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
filemon 0 0K 3
mqdata 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 19
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 19
sctp_atky 0 0K 21
sctp_atcl 0 0K 19
sctp_a_it 0 0K 19
sctp_aadr 0 0K 0
sctp_stro 0 0K 2
sctp_stri 0 0K 0
sctp_map 0 0K 4
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
NMI handlers 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
amdiommu_dom 0 0K 0
amdiommu_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 82
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 4
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 2
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 11
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 1
in_mfilter 0 0K 1
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 203
namei_tracker 0 0K 3
export_host 0 0K 0
cl_savebuf 0 0K 1
lio 0 0K 34
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
iov 0 0K 14865
eventfd 0 0K 2
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 374
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 687
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 96
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mpi3mrbuf 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 175
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 70
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8320 1078 17182 0 254 38494208 0
mbuf 256 8631 1032 31914 0 254 2473728 0
tcp_log 416 164 5425 7878 0 254 2325024 0
BUF TRIE 152 212 11592 464 0 62 1794208 0
vmem btag 56 31718 145 31718 0 254 1784328 0
malloc-4096 4096 401 3 3207 0 2 1654784 0
malloc-384 384 4176 24 4530 0 30 1612800 0
mbuf_cluster 2048 762 0 762 0 254 1560576 0
malloc-128 128 11673 200 13472 0 126 1519744 0
UMA Slabs 0 112 11407 35 11407 0 126 1281504 0
RADIX NODE 152 7095 388 67181 0 63 1137416 0
malloc-4096 4096 234 2 236 0 2 966656 0
FFS inode 1168 544 30 2293 0 8 670432 0
malloc-65536 65536 9 0 12 0 1 589824 0
sctp_ep 1152 0 511 17 0 254 588672 0
sctp_asoc 2256 0 255 2 0 254 575280 0
pbuf 2624 0 202 0 0 2 530048 0
socket 1024 26 482 1650 0 254 520192 0
lkpicurr 168 2 3094 2 0 62 520128 0
malloc-2048 2048 8 224 659 0 8 475136 0
malloc-384 384 1123 47 1865 0 30 449280 0
malloc-65536 65536 4 2 226 0 1 393216 0
malloc-16384 16384 17 6 1745 0 1 376832 0
256 Bucket 2048 159 9 2046 0 8 344064 0
VM OBJECT 248 1249 127 35444 0 62 341248 0
malloc-256 256 1153 92 2681 0 62 318720 0
VNODE 440 587 106 2338 0 30 304920 0
md3 8 37462 130 37462 0 254 300736 0
md2 8 37462 130 37462 0 254 300736 0
md0 8 37462 130 37462 0 254 300736 0
THREAD 1860 146 14 1848 0 8 297600 0
malloc-64 64 4190 409 7434 0 254 294336 0
malloc-2048 2048 110 10 117 0 8 245760 0
malloc-16 16 14669 331 14793 0 254 240000 0
DEVCTL 1024 56 164 189 0 0 225280 0
mbuf_packet 256 5 757 1203 0 254 195072 0
sctp_raddr 736 0 264 4 0 254 194304 0
malloc-32 32 5481 441 8809 0 254 189504 0
UMA Zones 768 243 1 243 0 16 187392 0
MAP ENTRY 96 1505 385 104699 0 126 181440 0
malloc-128 128 1205 190 25408 0 126 178560 0
malloc-128 128 1090 305 5477 0 126 178560 0
malloc-256 256 601 89 6122 0 62 176640 0
lkpimm 56 1 3095 1 0 254 173376 0
unpcb 320 11 505 1236 0 254 165120 0
malloc-32768 32768 3 2 123 0 1 163840 0
FFS2 dinode 256 544 86 2293 0 62 161280 0
FPU_save_area 832 148 32 3546 0 16 149760 0
malloc-1024 1024 131 13 1530 0 16 147456 0
S VFS Cache 104 1012 392 2795 0 126 146016 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
PROC 1376 68 20 2664 0 8 121088 0
ksiginfo 112 65 979 115 0 126 116928 0
malloc-128 128 813 86 3718 0 126 115072 0
malloc-128 128 568 207 4056 0 126 99200 0
filedesc0 1072 67 24 2656 0 8 97552 0
UMA Kegs 384 230 3 230 0 30 89472 0
128 Bucket 1024 51 32 611 0 16 84992 0
malloc-64 64 93 1230 66503 0 254 84672 0
malloc-16384 16384 4 1 194 0 1 81920 0
malloc-4096 4096 11 7 23 0 2 73728 0
malloc-64 64 693 378 6937 0 254 68544 0
malloc-65536 65536 0 1 8 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-8192 8192 6 2 145 0 1 65536 0
malloc-4096 4096 13 3 106 0 2 65536 0
malloc-2048 2048 7 25 738 0 8 65536 0
malloc-256 256 158 97 1906 0 62 65280 0
g_bio 408 0 150 5376 0 30 61200 0
malloc-4096 4096 10 4 18 0 2 57344 0
malloc-64 64 528 291 869 0 254 52416 0
malloc-256 256 93 102 197 0 62 49920 0
32 Bucket 256 71 124 702 0 62 49920 0
DIRHASH 1024 34 14 34 0 16 49152 0
NAMEI 1024 0 48 21090 0 16 49152 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-2048 2048 14 10 17 0 8 49152 0
malloc-1024 1024 14 34 544 0 16 49152 0
64 Bucket 512 73 23 2650 0 30 49152 0
VMSPACE 584 43 41 2638 0 16 49056 0
malloc-384 384 90 30 126 0 30 46080 0
malloc-384 384 58 62 431 0 30 46080 0
syncache 168 0 264 3 0 254 44352 0
tcp_inpcb 1304 5 28 55 0 8 43032 0
malloc-8192 8192 5 0 5 0 1 40960 0
malloc-8192 8192 3 2 5 0 1 40960 0
pcpu-8 8 5023 97 5541 0 254 40960 0
pipe 736 17 38 371 0 16 40480 0
da_ccb 544 0 70 1420 0 16 38080 0
udp_inpcb 408 7 83 207 0 30 36720 0
hostcache 64 2 565 2 0 254 36288 0
malloc-64 64 7 560 14479 0 254 36288 0
malloc-64 64 170 397 194 0 254 36288 0
malloc-64 64 21 546 379 0 254 36288 0
malloc-64 64 12 555 43 0 254 36288 0
malloc-128 128 88 191 203 0 126 35712 0
malloc-128 128 72 207 123 0 126 35712 0
malloc-128 128 19 260 283 0 126 35712 0
routing nhops 256 27 108 48 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-256 256 10 125 589 0 62 34560 0
malloc-256 256 40 95 90 0 62 34560 0
malloc-256 256 42 93 3723 0 62 34560 0
malloc-256 256 16 119 539 0 62 34560 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 0 1 11 0 1 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-8192 8192 2 2 22 0 1 32768 0
malloc-4096 4096 5 3 570 0 2 32768 0
malloc-2048 2048 4 12 47 0 8 32768 0
malloc-2048 2048 3 13 3 0 8 32768 0
malloc-2048 2048 5 11 24 0 8 32768 0
malloc-1024 1024 2 30 13 0 16 32768 0
malloc-1024 1024 6 26 6 0 16 32768 0
malloc-1024 1024 16 16 21 0 16 32768 0
malloc-1024 1024 9 23 14 0 16 32768 0
malloc-1024 1024 3 29 4 0 16 32768 0
malloc-512 512 3 61 57 0 30 32768 0
malloc-512 512 12 52 22 0 30 32768 0
malloc-512 512 3 61 174 0 30 32768 0
malloc-512 512 0 64 5 0 30 32768 0
malloc-512 512 2 62 15 0 30 32768 0
malloc-512 512 4 60 38 0 30 32768 0
pcpu-64 64 497 15 497 0 254 32768 0
ertt_txseginfo 40 0 808 4277 0 254 32320 0
PWD 40 26 782 1790 0 254 32320 0
ttyinq 160 135 65 300 0 62 32000 0
Files 80 141 259 9877 0 126 32000 0
PGRP 120 26 238 52 0 126 31680 0
malloc-32 32 493 389 593 0 254 28224 0
16 Bucket 144 58 138 263 0 62 28224 0
4 Bucket 48 5 583 6 0 254 28224 0
AIO 208 0 133 37 0 62 27664 0
udplite_inpcb 408 0 63 7 0 30 25704 0
TURNSTILE 136 161 28 161 0 62 25704 0
cpuset 200 7 121 52 0 62 25600 0
malloc-8192 8192 3 0 3 0 1 24576 0
rtentry 168 30 114 48 0 62 24192 0
8 Bucket 80 73 227 841 0 126 24000 0
malloc-384 384 8 52 27 0 30 23040 0
malloc-384 384 1 59 4 0 30 23040 0
malloc-384 384 27 33 40 0 30 23040 0
domainset 40 0 567 43 0 254 22680 0
ripcb 376 2 58 59 0 30 22560 0
SLEEPQUEUE 88 161 95 161 0 126 22528 0
clpbuf 2624 0 8 12 0 4 20992 0
ertt 72 4 276 55 0 126 20160 0
malloc-32 32 68 562 466 0 254 20160 0
malloc-32 32 33 597 115 0 254 20160 0
malloc-32 32 251 379 2989 0 254 20160 0
malloc-32 32 35 595 217 0 254 20160 0
malloc-32 32 17 613 38 0 254 20160 0
2 Bucket 32 59 571 566 0 254 20160 0
KNOTE 160 0 125 32 0 62 20000 0
AIOCB 552 0 35 33 0 16 19320 0
L VFS Cache 320 1 59 7 0 30 19200 0
AIOLIO 272 0 70 17 0 30 19040 0
vmem 1856 2 7 2 0 8 16704 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 0 1 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 0 2 4 0 1 16384 0
malloc-4096 4096 0 4 202 0 2 16384 0
malloc-2048 2048 0 8 2 0 8 16384 0
malloc-1024 1024 1 15 1 0 16 16384 0
malloc-512 512 1 31 1 0 30 16384 0
SMR CPU 32 8 503 8 0 254 16352 0
ipq 56 3 285 3 0 254 16128 0
sctp_laddr 48 0 336 24 0 254 16128 0
vtnet_tx_hdr 24 0 668 5409 0 254 16032 0
malloc-16 16 529 471 3508 0 254 16000 0
tcp_log_id_node 120 1 131 1 0 126 15840 0
kenv 258 17 43 1073 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
tcp_log_id_bucket 176 1 68 1 0 62 12144 0
malloc-32 32 152 226 939 0 254 12096 0
malloc-16 16 1 749 231 0 254 12000 0
malloc-16 16 15 735 85 0 254 12000 0
malloc-16 16 16 734 192 0 254 12000 0
malloc-16 16 44 706 24926 0 254 12000 0
malloc-16 16 58 692 3466 0 254 12000 0
itimer 352 0 33 8 0 30 11616 0
splice 184 0 63 1 0 62 11592 0
malloc-384 384 1 29 1 0 30 11520 0
Mountpoints 2816 2 2 2 0 4 11264 0
malloc-4096 4096 0 2 2 0 2 8192 0
malloc-16 16 3 497 4 0 254 8000 0
pcpu-16 16 4 252 4 0 254 4096 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
md1 1 0 0 0 0 254 0 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 152 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf fragment node 72 0 0 0 0 126 0 0
pf frags 232 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf UDP mappings 104 0 0 0 0 126 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 384 0 0 0 0 16 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_bbr_pcb 896 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tcp_rack_pcb 1088 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

syzbot

unread,
Jul 3, 2025, 2:27:29 AM7/3/25
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:

HEAD commit: 604d34c23f77 net: ether_gen_addr: fix address generation
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=1403f982580000
dashboard link: https://syzkaller.appspot.com/bug?extid=7b4a4824bf81548283ab
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1639b770580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1203f982580000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7b4a48...@syzkaller.appspotmail.com

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x1a0
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff817bdd10
stack pointer = 0x28:0xfffffe0056d01400
frame pointer = 0x28:0xfffffe0056d014f0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 837 (syz-executor)
rdi: 00000000000001a0 rsi: 0000000000080000 rdx: ffffffff825d6e60
rcx: fffffe0002bf1850 r8: 0000000000000000 r9: 000000000000002a
rax: fffffe0002bf1850 rbx: 1fffffc00ada0284 rbp: fffffe0056d014f0
r10: 39014910d50bcec9 r11: 0000000000000085 r
12: 0000000000080400
r13: fffffe005853c040 r14: 0000000000000000 r15: fffffe005853c188
trap number = 12
panic: page fault
cpuid = 1
time = 1751523962
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056d00c30
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056d00d90
vpanic() at vpanic+0x257/frame 0xfffffe0056d00f50
panic() at panic+0xb5/frame 0xfffffe0056d01010
trap_pfault() at trap_pfault+0xaec/frame 0xfffffe0056d01150
trap() at trap+0x78e/frame 0xfffffe0056d01330
calltrap() at calltrap+0x8/frame 0xfffffe0056d01330
--- trap 0xc, rip = 0xffffffff817bdd10, rsp = 0xfffffe0056d01400, rbp = 0xfffffe0056d014f0 ---
_vn_lock() at _vn_lock+0xb0/frame 0xfffffe0056d014f0
mddestroy() at mddestroy+0x3ba/frame 0xfffffe0056d015d0
mdctlioctl() at mdctlioctl+0x1680/frame 0xfffffe0056d01730
devfs_ioctl() at devfs_ioctl+0x266/frame 0xfffffe0056d01820
VOP_IOCTL_APV() at VOP_IOCTL_APV+0x87/frame 0xfffffe0056d01850
vn_ioctl() at vn_ioctl+0x3c7/frame 0xfffffe0056d01a60
devfs_ioctl_f() at devfs_ioctl_f+0x69/frame 0xfffffe0056d01ab0
kern_ioctl() at kern_ioctl+0x4ca/frame 0xfffffe0056d01b90
sys_ioctl() at sys_ioctl+0x36e/frame 0xfffffe0056d01d10
amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056d01f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056d01f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x820659a08, rbp = 0x820659a80 ---
KDB: enter: panic
[ thread pid 837 tid 100107 ]
Stopped at kdb_enter+0x6e: movq $0,0x25b9147(%rip)
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe0002bf1850
rdx 0xdffff7c000000000
rbx 0xffffffff827bcf60 .str.27
rsp 0xfffffe0056d00d70
rbp 0xfffffe0056d00d90
rsi 0
rdi 0xffffffff830004d8 panicstr
r8 0
r9 0xffffffff
r10 0
r11 0x17
r12 0xfffffe00540e8000
r13 0xfffffffffffffffd
r14 0xffffffff827bcf60 .str.27
r15 0
rip 0xffffffff8160424e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25b9147(%rip)
db> show proc
Process 837 (syz-executor) at 0xfffffe00540e1ac0:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 824 at 0xfffffe00540e2020
ABI: FreeBSD ELF64
flag: 0x10000000 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0007809040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00540b2b68
(map 0xfffffe00540b2b68)
(map.pmap 0xfffffe00540b2c08)
(pmap 0xfffffe00540b2c78)
threads: 1
100107 Run CPU 1 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
837 824 824 0 R CPU 1 syz-executor
832 823 832 0 Ss select 0xfffffe006ddeb1c0 dhclient
828 1 828 0 Ss select 0xfffffe00584ec140 dhclient
824 774 824 0 R syz-executor
823 813 424 65 S select 0xfffffe006ddeb2c0 dhclient
813 424 424 0 S wait 0xfffffe0054008b00 sh
774 773 771 0 S select 0xfffffe006ddeb8c0 syz-executor
773 771 771 0 S (threaded) syz-execprog
100090 S uwait 0xfffffe0057d75f00 syz-execprog
100115 S uwait 0xfffffe00584ed380 syz-execprog
100116 S uwait 0xfffffe005824e680 syz-execprog
100117 S uwait 0xfffffe005824e780 syz-execprog
100118 S uwait 0xfffffe006ddec280 syz-execprog
100119 S uwait 0xfffffe005824e880 syz-execprog
100120 S uwait 0xfffffe0057d75680 syz-execprog
100121 S kqread 0xfffffe005812b400 syz-execprog
771 769 771 0 Ss sigsusp 0xfffffe0054009110 csh
769 682 769 0 Ss select 0xfffffe006ddeb940 sshd
748 1 748 0 Rs+ CPU 0 getty
747 1 747 0 Ss+ ttyin 0xfffffe00593f50b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe00593f54b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00593f58b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe00593f5cb0 getty
743 1 743 0 Ss+ ttyin 0xfffffe00593f60b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe00593f64b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe00593f68b0 getty
740 1 740 0 Ss+ ttyin 0xfffffe00593f6cb0 getty
738 1 18 0 S+ piperd 0xfffffe006b422000 logger
737 736 18 0 S+ nanslp 0xffffffff83b9e581 sleep
736 1 18 0 S+ wait 0xfffffe0054006ac0 sh
686 1 686 0 Ss nanslp 0xffffffff83b9e581 cron
682 1 682 0 Ss select 0xfffffe006ddec440 sshd
495 1 495 0 Ss select 0xfffffe0057d755c0 syslogd
424 1 424 0 Ss wait 0xfffffe00540085a0 devd
423 1 423 65 Ss select 0xfffffe006ddec6c0 dhclient
338 1 338 0 Ss select 0xfffffe006ddec640 dhclient
335 1 335 0 Ss select 0xfffffe0057d75740 dhclient
17 0 0 0 DL syncer 0xffffffff83cbbfa0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007828040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cba560 [bufdaemon]
100083 D - 0xffffffff83001ec0 [bufspacedaemon-0]
100093 D sdflush 0xfffffe00596c28e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d05400 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83ceb4c8 [dom0]
100081 D launds 0xffffffff83ceb4d4 [laundry: dom0]
100082 D umarcl 0xffffffff81dda750 [uma]
7 0 0 0 DL - 0xffffffff8391bcd0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff8485f980 [pf purge]
5 0 0 0 DL waiting 0xffffffff844a7700 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff838e6340 [doneq0]
100047 D - 0xffffffff838e62c0 [async]
100076 D - 0xffffffff838e6140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce6d80 [crypto]
100044 D crypto_ 0xfffffe0007a72d30 [crypto returns 0]
100045 D crypto_ 0xfffffe0007a72d80 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0057cba488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b46f20 [g_event]
100038 D - 0xffffffff83b46f40 [g_up]
100039 D - 0xffffffff83b46f60 [g_down]
2 0 0 0 WL (threaded) [clock]
100031 I [clock (0)]
1 0 1 0 SLs wait 0xfffffe0007809040 [init]
10 0 0 0 DL audit_w 0xffffffff83ce7820 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c36ff0 [swapper]
100005 D - 0xfffffe0053ea0100 [softirq_0]
100006 D - 0xfffffe0053ea0000 [softirq_1]
100007 D - 0xfffffe0053e9fe00 [if_io_tqg_0]
100008 D - 0xfffffe0053e9fd00 [if_io_tqg_1]
100009 D - 0xfffffe0053e9fc00 [if_config_tqg_0]
100010 D - 0xfffffe0007764900 [kqueue_ctx taskq]
100011 D - 0xfffffe0007764800 [jail_remove taskq]
100012 D - 0xfffffe0007764700 [bus taskq]
100015 D - 0xfffffe0007764200 [thread taskq]
100017 D - 0xfffffe0007763e00 [aiod_kick taskq]
100018 D - 0xfffffe0007763d00 [deferred_unmount ta]
100019 D - 0xfffffe0007763c00 [inm_free taskq]
100020 D - 0xfffffe0007763b00 [in6m_free taskq]
100021 D - 0xfffffe0007763a00 [linuxkpi_irq_wq]
100022 D - 0xfffffe0007763900 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0007763900 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0007763900 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0007763900 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0007763800 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0007763800 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0007763800 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0007763800 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0007763300 [firmware taskq]
100041 D - 0xfffffe0007763200 [crypto_0]
100042 D - 0xfffffe0007763200 [crypto_1]
100057 D - 0xfffffe005812c000 [vtnet0 rxq 0]
100058 D - 0xfffffe005812be00 [vtnet0 txq 0]
100059 D - 0xfffffe005812bd00 [vtnet0 rxq 1]
100060 D - 0xfffffe005812bc00 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0058250f00 [virtio_balloon]
100066 D - 0xffffffff827c2301 [deadlkres]
100070 D - 0xfffffe00593da400 [acpi_task_0]
100071 D - 0xfffffe00593da400 [acpi_task_1]
100072 D - 0xfffffe00593da400 [acpi_task_2]
100074 D - 0xfffffe0007766900 [mca taskq]
100075 D - 0xfffffe0007763100 [CAM taskq]
100077 D - 0xfffffe005812b500 [ipsec_offload]
db> show all locks
Process 837 (syz-executor) thread 0xfffffe00540e8000 (100107)
exclusive sx MD config lock (MD config lock) r = 0 (0xffffffff83911400) locked @ /syzkaller/managers/main/kernel/sys/dev/md/md.c:1796
Process 748 (getty) thread 0xfffffe00540f7000 (100112)
exclusive sleep mutex ttymtx (ttymtx) r = 0 (0xfffffe0058287c08) locked @ /syzkaller/managers/main/kernel/sys/kern/tty.c:216
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 376 5071K 486
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4213
sysctloid 34891 2055K 34966
vtbuf 24 1968K 46
newblk 1831 1482K 1898
kobj 331 1324K 495
vfscache 3 1025K 3
pcb 24 669K 47
inodedep 84 544K 108
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
subproc 114 214K 906
KTRACE 100 200K 100
acpica 1674 184K 54426
vmem 5 144K 6
tidhash 3 141K 3
pagedep 42 139K 50
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 107 107K 120
sem 4 106K 4
gtaskqueue 18 98K 18
bus 997 82K 5063
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 521 66K 521
ddb_capture 1 64K 1
temp 23 37K 1798
filedesc 5 37K 83
BPF 19 36K 20
kdtrace 172 35K 977
hostcache 1 32K 1
shm 1 32K 1
umtx 256 32K 256
DEVFS3 125 32K 136
msg 4 30K 4
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
ithread 90 15K 90
bus-sc 34 15K 1647
eventhandler 163 14K 163
ifaddr 39 13K 51
kenv 95 12K 95
routetbl 79 12K 319
GEOM 61 11K 477
CAM queue 5 11K 1528
rman 82 10K 437
rpc 8 9K 8
bmsafemap 3 9K 73
LRO 8 9K 10
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 1
shmfd 1 8K 1
pfs_vncache 1 8K 1
mkdir 60 8K 78
plimit 20 8K 431
audit_evclass 239 8K 301
taskqueue 69 8K 69
diradd 54 7K 71
ifnet 4 7K 5
sglist 6 7K 6
cred 24 6K 283
CAM DEV 3 6K 510
kqueue 50 6K 844
lltable 19 6K 27
pfs_nodes 22 6K 22
ether_multi 68 6K 111
dirrem 20 5K 33
ufs_dirhash 24 5K 24
in6_multi 35 5K 45
UMA 266 5K 266
vt 11 5K 11
pf_ifnet 9 4K 16
memdesc 1 4K 1
MCA 32 4K 32
newdirblk 32 4K 39
md_disk 1 4K 1
evdev 4 4K 4
acpisem 28 4K 28
pwddesc 47 3K 839
proc-args 75 3K 1887
terminal 11 3K 11
session 22 3K 46
acpidev 20 3K 20
hhook 8 3K 10
clone 9 3K 9
selfd 36 3K 27954
uidinfo 3 3K 9
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
lockf 19 2K 29
Unitno 28 2K 48
CAM XPT 22 2K 543
toponodes 6 2K 6
ipsecpolicy 2 2K 2
select 11 2K 35
msi 9 2K 9
netlink 2 2K 62
softdep 1 1K 1
indirdep 4 1K 4
sahead 1 1K 1
secasvar 1 1K 1
vnodemarker 2 1K 8
NFSD session 1 1K 1
ip6ndp 6 1K 9
sctp_ifa 7 1K 10
CAM periph 4 1K 271
ipsec 3 1K 3
CC Mem 6 1K 13
in_multi 3 1K 7
nhops 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
pci_link 10 1K 10
crypto 4 1K 4
encap_export_host 12 1K 12
osd 11 1K 29
ioctlops 1 1K 93
cdev 2 1K 2
lkpikmalloc 8 1K 9
inpcbpolicy 14 1K 168
counter_rate 14 1K 14
DEVFSP 7 1K 43
sctp_ifn 3 1K 10
freefile 3 1K 12
mld 3 1K 4
igmp 3 1K 4
tun 1 1K 2
chacha20random 1 1K 1
biobuf 1 1K 1
freework 2 1K 29
freeblks 1 1K 28
vnodes 1 1K 1
procdesc 2 1K 8
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
tcpfunc 3 1K 3
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
freefrag 1 1K 28
pmchooks 1 1K 1
filecaps 5 1K 72
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
soname 4 1K 3356
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 54
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
mqdata 0 0K 0
tcp_pcm_rack 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 9
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 9
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
filemon 0 0K 0
savedino 0 0K 16
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
ipsec-misc 0 0K 2
ipsecrequest 0 0K 0
ip6opt 0 0K 3
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 197
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 29
aio 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
iov 0 0K 15219
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 672
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
cache 0 0K 0
kcovinfo 0 0K 30
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
md_sectors 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 70
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8320 1078 25204 0 254 38494208 0
mbuf 256 8581 1081 34037 0 254 2473472 0
tcp_log 416 620 4465 9388 0 254 2115360 0
BUF TRIE 152 293 11511 1047 0 62 1794208 0
malloc-384 384 4170 30 4515 0 30 1612800 0
malloc-4096 4096 378 4 1334 0 2 1564672 0
malloc-128 128 11511 207 11548 0 126 1499904 0
UMA Slabs 0 112 10880 22 10880 0 126 1221024 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 16228 83 16228 0 254 913416 0
RADIX NODE 152 4418 621 27813 0 62 765928 0
FFS inode 1168 549 25 561 0 8 670432 0
malloc-65536 65536 9 1 12 0 1 655360 0
malloc-256 256 2110 65 2530 0 62 556800 0
socket 1024 27 481 1368 0 254 520192 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0
malloc-65536 65536 4 2 168 0 1 393216 0
256 Bucket 2048 134 18 1015 0 8 311296 0
malloc-64 64 4096 503 5490 0 254 294336 0
VM OBJECT 248 1057 63 13721 0 62 277760 0
VNODE 440 583 47 598 0 30 277200 0
THREAD 1860 124 4 137 0 8 238080 0
malloc-16 16 14419 331 14501 0 254 236000 0
malloc-2048 2048 104 8 105 0 8 229376 0
DEVCTL 1024 16 204 143 0 0 225280 0
UMA Zones 768 238 1 238 0 16 183552 0
malloc-32 32 5388 282 6999 0 254 181440 0
malloc-128 128 1200 195 25343 0 126 178560 0
lkpimm 56 1 3095 1 0 254 173376 0
unpcb 320 11 505 1178 0 254 165120 0
malloc-32768 32768 3 2 123 0 1 163840 0
FFS2 dinode 256 549 81 561 0 62 161280 0
malloc-1024 1024 122 22 1308 0 16 147456 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-65536 65536 2 0 2 0 1 131072 0
malloc-2048 2048 8 56 617 0 8 131072 0
mbuf_packet 256 1 507 165 0 254 130048 0
S VFS Cache 104 1020 150 1064 0 126 121680 0
MAP ENTRY 96 1091 169 42768 0 126 120960 0
FPU_save_area 832 126 18 3091 0 16 119808 0
ksiginfo 112 40 1004 2972 0 126 116928 0
malloc-128 128 744 155 1802 0 126 115072 0
malloc-16384 16384 3 4 43 0 1 114688 0
malloc-128 128 560 215 3925 0 126 99200 0
PROC 1376 46 20 838 0 8 90816 0
UMA Kegs 384 225 8 225 0 30 89472 0
malloc-16384 16384 4 1 194 0 1 81920 0
filedesc0 1072 47 23 839 0 8 75040 0
g_bio 408 0 180 5115 0 30 73440 0
128 Bucket 1024 47 20 283 0 16 68608 0
malloc-64 64 615 456 3260 0 254 68544 0
malloc-65536 65536 0 1 8 0 1 65536 0
malloc-32768 32768 2 0 2 0 1 65536 0
malloc-4096 4096 13 3 63 0 2 65536 0
malloc-2048 2048 7 25 721 0 8 65536 0
malloc-384 384 93 57 123 0 30 57600 0
malloc-8192 8192 6 1 113 0 1 57344 0
malloc-64 64 489 330 756 0 254 52416 0
malloc-128 128 13 390 275 0 126 51584 0
malloc-256 256 132 63 157 0 62 49920 0
malloc-256 256 104 91 829 0 62 49920 0
32 Bucket 256 51 144 2619 0 62 49920 0
DIRHASH 1024 34 14 34 0 16 49152 0
NAMEI 1024 0 48 12964 0 16 49152 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-4096 4096 11 1 16 0 2 49152 0
malloc-1024 1024 14 34 541 0 16 49152 0
64 Bucket 512 71 25 2188 0 30 49152 0
syncache 168 0 264 6 0 254 44352 0
malloc-8192 8192 5 0 5 0 1 40960 0
malloc-8192 8192 3 2 5 0 1 40960 0
malloc-4096 4096 10 0 13 0 2 40960 0
VMSPACE 584 30 40 822 0 16 40880 0
pipe 736 11 44 336 0 16 40480 0
da_ccb 544 0 70 1506 0 16 38080 0
pcpu-8 8 4437 171 4648 0 254 36864 0
udp_inpcb 408 6 84 150 0 30 36720 0
malloc-64 64 6 561 14904 0 254 36288 0
malloc-64 64 156 411 169 0 254 36288 0
malloc-64 64 65 502 28026 0 254 36288 0
malloc-64 64 21 546 292 0 254 36288 0
malloc-64 64 6 561 46 0 254 36288 0
malloc-128 128 84 195 105 0 126 35712 0
malloc-128 128 32 247 51 0 126 35712 0
malloc-128 128 66 213 339 0 126 35712 0
routing nhops 256 14 121 26 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 68 22 92 0 30 34560 0
malloc-256 256 9 126 446 0 62 34560 0
malloc-256 256 62 73 115 0 62 34560 0
malloc-256 256 15 120 57 0 62 34560 0
malloc-256 256 30 105 361 0 62 34560 0
malloc-256 256 13 122 525 0 62 34560 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-32768 32768 0 1 11 0 1 32768 0
malloc-32768 32768 1 0 1 0 1 32768 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-4096 4096 5 3 564 0 2 32768 0
malloc-2048 2048 5 11 28 0 8 32768 0
malloc-2048 2048 3 13 3 0 8 32768 0
malloc-2048 2048 5 11 6 0 8 32768 0
malloc-1024 1024 2 30 11 0 16 32768 0
malloc-1024 1024 6 26 6 0 16 32768 0
malloc-1024 1024 16 16 19 0 16 32768 0
malloc-1024 1024 9 23 9 0 16 32768 0
malloc-512 512 2 62 18 0 30 32768 0
malloc-512 512 12 52 18 0 30 32768 0
malloc-512 512 3 61 177 0 30 32768 0
malloc-512 512 3 61 8 0 30 32768 0
malloc-512 512 4 60 5 0 30 32768 0
pcpu-64 64 497 15 497 0 254 32768 0
ttyinq 160 135 65 300 0 62 32000 0
PGRP 120 23 241 61 0 126 31680 0
clpbuf 2624 0 12 70 0 4 31488 0
tcp_inpcb 1304 6 18 13 0 8 31296 0
sctp_laddr 48 0 588 10 0 254 28224 0
malloc-32 32 309 573 384 0 254 28224 0
16 Bucket 144 50 146 343 0 62 28224 0
4 Bucket 48 7 581 14 0 254 28224 0
TURNSTILE 136 129 60 129 0 62 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-8192 8192 2 1 21 0 1 24576 0
ertt_txseginfo 40 0 606 623 0 254 24240 0
PWD 40 13 593 128 0 254 24240 0
rtentry 168 17 127 26 0 62 24192 0
Files 80 105 195 7069 0 126 24000 0
8 Bucket 80 48 252 431 0 126 24000 0
malloc-384 384 38 22 453 0 30 23040 0
malloc-384 384 8 52 8 0 30 23040 0
ripcb 376 2 58 5 0 30 22560 0
Mountpoints 2816 2 6 2 0 4 22528 0
SLEEPQUEUE 88 129 127 129 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
malloc-32 32 46 584 226 0 254 20160 0
malloc-32 32 16 614 57 0 254 20160 0
malloc-32 32 25 605 2681 0 254 20160 0
malloc-32 32 32 598 228 0 254 20160 0
malloc-32 32 17 613 36 0 254 20160 0
2 Bucket 32 50 580 317 0 254 20160 0
KNOTE 160 6 119 112 0 62 20000 0
vmem 1856 2 7 2 0 8 16704 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-4096 4096 0 4 197 0 2 16384 0
malloc-4096 4096 4 0 4 0 2 16384 0
malloc-4096 4096 0 4 2 0 2 16384 0
malloc-2048 2048 6 2 23 0 8 16384 0
malloc-2048 2048 0 8 2 0 8 16384 0
malloc-1024 1024 1 15 1 0 16 16384 0
malloc-1024 1024 3 13 3 0 16 16384 0
malloc-512 512 1 31 1 0 30 16384 0
SMR CPU 32 8 503 8 0 254 16352 0
malloc-16 16 492 508 3411 0 254 16000 0
kenv 258 17 43 1066 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
ertt 72 6 162 13 0 126 12096 0
malloc-32 32 152 226 928 0 254 12096 0
malloc-16 16 1 749 145 0 254 12000 0
malloc-16 16 9 741 10 0 254 12000 0
malloc-16 16 13 737 56 0 254 12000 0
malloc-16 16 46 704 24851 0 254 12000 0
malloc-16 16 36 714 1482 0 254 12000 0
malloc-16 16 3 747 5 0 254 12000 0
malloc-384 384 1 29 1 0 30 11520 0
malloc-384 384 27 3 38 0 30 11520 0
malloc-384 384 1 29 1 0 30 11520 0
pcpu-16 16 8 504 8 0 254 8192 0
vtnet_tx_hdr 24 0 334 7198 0 254 8016 0
UMA Slabs 1 176 8 14 8 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 152 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf fragment node 72 0 0 0 0 126 0 0
pf frags 232 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf UDP mappings 104 0 0 0 0 126 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 384 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_rack_pcb 1088 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
tcp_bbr_pcb 896 0 0 0 0 16 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_stream_msg_out 112 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
sctp_chunk 152 0 0 0 0 254 0 0
sctp_raddr 736 0 0 0 0 254 0 0
sctp_asoc 2256 0 0 0 0 254 0 0
sctp_ep 1152 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb 408 0 0 0 0 30 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 240 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
cryptop 280 0 0 0 0 30 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 152 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 112 0 0 0 0 126 0 0
skbuff 1808 0 0 0 0 8 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 152 0 0 0 0 62 0 0
rl_entry 48 0 0 0 0 254 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-3276

---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages