panic: m_apply, length > size of mbuf chain (NUM extra)
5 views
Skip to first unread message
syzbot
Jul 23, 2025, 7:06:28 PM7/23/25
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 863dc799f743 ctladm: Use require.kmods for cfiscsi
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=175adfd4580000
dashboard link: https://syzkaller.appspot.com/bug?extid=73fe316271df473230eb
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+73fe31...@syzkaller.appspotmail.com
panic: m_apply, length > size of mbuf chain (8 extra)
cpuid = 0
time = 3
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056f9ec90
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056f9edf0
vpanic() at vpanic+0x257/frame 0xfffffe0056f9efb0
panic() at panic+0xb5/frame 0xfffffe0056f9f070
m_apply() at m_apply+0x665/frame 0xfffffe0056f9f0f0
sctp_delayed_cksum() at sctp_delayed_cksum+0x100/frame 0xfffffe0056f9f1b0
ip6_output_delayed_csum() at ip6_output_delayed_csum+0x21b/frame 0xfffffe0056f9f270
ip6_output() at ip6_output+0x3f0d/frame 0xfffffe0056f9f7b0
sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x1bb2/frame 0xfffffe0056f9fa60
sctp_med_chunk_output() at sctp_med_chunk_output+0x50e9/frame 0xfffffe0056fa0680
sctp_chunk_output() at sctp_chunk_output+0x2135/frame 0xfffffe0056fa12d0
sctp_lower_sosend() at sctp_lower_sosend+0x1f7c/frame 0xfffffe0056fa1700
sctp_sosend() at sctp_sosend+0x631/frame 0xfffffe0056fa19a0
sousrsend() at sousrsend+0x112/frame 0xfffffe0056fa1a30
kern_sendit() at kern_sendit+0x4fe/frame 0xfffffe0056fa1b90
sendit() at sendit+0x15f/frame 0xfffffe0056fa1bf0
sys_sendto() at sys_sendto+0x181/frame 0xfffffe0056fa1d10
amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056fa1f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056fa1f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a1afa, rsp = 0x8245fdf08, rbp = 0x8245fdf80 ---
KDB: enter: panic
[ thread pid 1027 tid 100512 ]
Stopped at kdb_enter+0x6e: movq $0,0x25c5097(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe006e600000
rdx 0x7ffff
rbx 0xffffffff827c9a00 .str.27
rsp 0xfffffe0056f9edd0
rbp 0xfffffe0056f9edf0
rsi 0x80001
rdi 0xffffffff81613ec9 printf+0x149
r8 0
r9 0xffffffff
r10 0x3
r11 0x3
r12 0xfffffe0054154000
r13 0xfffffffffffffffe
r14 0xffffffff827c9a00 .str.27
r15 0
rip 0xffffffff815fd9fe kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25c5097(%rip)
db> show proc
Process 1027 (syz-executor) at 0xfffffe00540df020:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 763 at 0xfffffe0054004040
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0007809040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00540d56d8
(map 0xfffffe00540d56d8)
(map.pmap 0xfffffe00540d5778)
(pmap 0xfffffe00540d57e8)
threads: 2
100107 RunQ syz-executor
100512 Run CPU 0 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1028 1026 764 0 S uwait 0xfffffe005814f180 syz-executor
1027 763 763 0 R (threaded) syz-executor
100107 RunQ syz-executor
100512 Run CPU 0 syz-executor
1026 764 764 0 R (threaded) syz-executor
100116 RunQ syz-executor
100511 S sigwait 0xfffffe00540e1670 syz-executor
100513 RunQ syz-executor
1024 1 764 0 S uwait 0xfffffe005814f380 syz-executor
1023 1 764 0 S uwait 0xfffffe0058151400 syz-executor
1022 1 764 0 S uwait 0xfffffe005814f480 syz-executor
1021 1019 765 0 SV uwait 0xfffffe005814f580 syz-executor
1019 765 765 0 D (threaded) syz-executor
100404 S nanslp 0xffffffff83ba3c81 syz-executor
100502 D ppwait 0xfffffe00540de500 syz-executor
100504 S uwait 0xfffffe0077af4d80 syz-executor
100508 S uwait 0xfffffe0077af5200 syz-executor
100509 S uwait 0xfffffe0077735680 syz-executor
100510 S uwait 0xfffffe0007775c80 syz-executor
1008 1 1006 0 S uwait 0xfffffe005814fe80 syz-executor
1007 1 763 0 S uwait 0xfffffe0058502900 syz-executor
1002 1 765 0 S uwait 0xfffffe0058152580 syz-executor
998 1 766 0 SV uwait 0xfffffe0058150780 syz-executor
989 1 764 0 SV uwait 0xfffffe0007775200 syz-executor
988 0 0 0 DL (threaded) [so_splice]
100442 D - 0xfffffe000778d100 [thr_0]
100443 D - 0xfffffe000778d140 [thr_1]
986 1 764 -1 S uwait 0xfffffe0058152480 syz-executor
976 1 766 0 S uwait 0xfffffe0058151300 syz-executor
972 1 763 0 S uwait 0xfffffe0077736100 syz-executor
969 1 765 0 S uwait 0xfffffe0058502400 syz-executor
967 1 763 0 S uwait 0xfffffe0058502700 syz-executor
955 1 951 0 S uwait 0xfffffe0077735d80 syz-executor
950 1 765 0 S uwait 0xfffffe0077735980 syz-executor
942 1 764 0 S uwait 0xfffffe0007775980 syz-executor
925 1 765 0 S uwait 0xfffffe005814f900 syz-executor
915 0 0 0 DL mdwait 0xfffffe0077ab2000 [md1]
914 1 766 0 S uwait 0xfffffe0077735a80 syz-executor
900 1 766 0 S uwait 0xfffffe0007775b80 syz-executor
893 1 763 0 S uwait 0xfffffe005814fa00 syz-executor
886 1 763 0 S uwait 0xfffffe0077736200 syz-executor
883 0 0 0 DL - 0xffffffff83b4e4a0 [accounting]
882 1 763 60928 S uwait 0xfffffe0058503080 syz-executor
875 1 764 0 S uwait 0xfffffe0077736300 syz-executor
869 1 764 0 S uwait 0xfffffe0058502200 syz-executor
865 1 765 0 S uwait 0xfffffe0007775780 syz-executor
855 1 766 0 S uwait 0xfffffe0058152d00 syz-executor
846 1 765 0 S uwait 0xfffffe0007775100 syz-executor
838 1 765 0 S uwait 0xfffffe0058501c00 syz-executor
828 1 828 0 SV uwait 0xfffffe0058502600 syz-executor
827 1 824 0 S uwait 0xfffffe0058502300 syz-executor
825 0 0 0 DL (threaded) [KTLS]
100132 D - 0xfffffe00596f2100 [thr_0]
100149 D - 0xfffffe00596f2180 [thr_1]
100150 D - 0xffffffff83cb5528 [reclaim_0]
817 0 0 0 DL aiordy 0xfffffe0054106020 [aiod4]
816 0 0 0 DL aiordy 0xfffffe0054106580 [aiod3]
815 0 0 0 DL aiordy 0xfffffe0054106ae0 [aiod2]
814 0 0 0 DL aiordy 0xfffffe0054107040 [aiod1]
766 762 766 0 R syz-executor
765 762 765 0 R syz-executor
764 762 764 0 S nanslp 0xffffffff83ba3c81 syz-executor
763 762 763 0 R CPU 1 syz-executor
762 760 760 0 S select 0xfffffe0058649a40 syz-executor
760 758 760 0 Ss sigsusp 0xfffffe005400d110 csh
758 1 758 0 Ss select 0xfffffe00077e5440 sshd
16 0 0 0 DL syncer 0xffffffff83cc1720 [syncer]
15 0 0 0 DL vlruwt 0xfffffe0054002560 [vnlru]
14 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83cbfc60 [bufdaemon]
100082 D - 0xffffffff83001ec0 [bufspacedaemon-0]
100095 D sdflush 0xfffffe00582a30e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d0abc0 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83cf0c88 [dom0]
100080 D launds 0xffffffff83cf0c94 [laundry: dom0]
100081 D umarcl 0xffffffff81ddfbb0 [uma]
7 0 0 0 DL - 0xffffffff8391c5d8 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff843b29e0 [pf purge]
5 0 0 0 DL waiting 0xffffffff848f6700 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100045 D - 0xffffffff838e6340 [doneq0]
100046 D - 0xffffffff838e62c0 [async]
100075 D - 0xffffffff838e6140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100042 D crypto_ 0xffffffff83cec540 [crypto]
100043 D crypto_ 0xfffffe0053eb5a30 [crypto returns 0]
100044 D crypto_ 0xfffffe0053eb5a80 [crypto returns 1]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b4c620 [g_event]
100038 D - 0xffffffff83b4c640 [g_up]
100039 D - 0xffffffff83b4c660 [g_down]
2 0 0 0 RL (threaded) [clock]
100031 I [clock (0)]
100032 RunQ [clock (1)]
12 0 0 0 WL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100047 I [irq24: virtio_pci0]
100048 I [irq25: virtio_pci0]
100049 I [irq26: virtio_pci0]
100050 I [irq27: virtio_pci0]
100051 I [irq28: virtio_pci1]
100052 I [irq29: virtio_pci1]
100053 I [irq30: virtio_pci1]
100054 I [irq31: virtio_pci1]
100055 I [irq32: virtio_pci1]
100060 I [irq10: virtio_pci2]
100062 I [irq1: atkbd0]
100063 I [irq12: psm0]
100064 I [swi0: uart uart++]
100068 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0007809040 [init]
10 0 0 0 DL audit_w 0xffffffff83cecfe0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c3dff0 [swapper]
100005 D - 0xfffffe0053eb6100 [softirq_0]
100006 D - 0xfffffe0053eb6000 [softirq_1]
100007 D - 0xfffffe0053eb5e00 [if_io_tqg_0]
100008 D - 0xfffffe0053eb5d00 [if_io_tqg_1]
100009 D - 0xfffffe0053eb5c00 [if_config_tqg_0]
100010 D - 0xfffffe00083f7d00 [kqueue_ctx taskq]
100011 D - 0xfffffe00083f7c00 [jail_remove taskq]
100012 D - 0xfffffe00083f7b00 [bus taskq]
100015 D - 0xfffffe00083f7800 [thread taskq]
100017 D - 0xfffffe00083f7600 [aiod_kick taskq]
100018 D - 0xfffffe00083f7500 [deferred_unmount ta]
100019 D - 0xfffffe00083f7400 [inm_free taskq]
100020 D - 0xfffffe00083f7300 [in6m_free taskq]
100021 D - 0xfffffe00083f7200 [linuxkpi_irq_wq]
100022 D - 0xfffffe00083f7100 [linuxkpi_short_wq_0]
100023 D - 0xfffffe00083f7100 [linuxkpi_short_wq_1]
100024 D - 0xfffffe00083f7100 [linuxkpi_short_wq_2]
100025 D - 0xfffffe00083f7100 [linuxkpi_short_wq_3]
100026 D - 0xfffffe00083f7000 [linuxkpi_long_wq_0]
100027 D - 0xfffffe00083f7000 [linuxkpi_long_wq_1]
100028 D - 0xfffffe00083f7000 [linuxkpi_long_wq_2]
100029 D - 0xfffffe00083f7000 [linuxkpi_long_wq_3]
100036 D - 0xfffffe00083f6e00 [firmware taskq]
100040 D - 0xfffffe00083f6b00 [crypto_0]
100041 D - 0xfffffe00083f6b00 [crypto_1]
100056 D - 0xfffffe00083f6900 [vtnet0 rxq 0]
100057 D - 0xfffffe00083f6800 [vtnet0 txq 0]
100058 D - 0xfffffe00083f6700 [vtnet0 rxq 1]
100059 D - 0xfffffe00083f6600 [vtnet0 txq 1]
100061 D vtbslp 0xfffffe0057d7d700 [virtio_balloon]
100065 D - 0xffffffff827cede0 [deadlkres]
100069 D - 0xfffffe005857c600 [acpi_task_0]
100070 D - 0xfffffe005857c600 [acpi_task_1]
100071 D - 0xfffffe005857c600 [acpi_task_2]
100073 D - 0xfffffe00083f8100 [mca taskq]
100074 D - 0xfffffe00083f6a00 [CAM taskq]
100076 D - 0xfffffe00083f6300 [ipsec_offload]
100221 D - 0xfffffe00083f4a00 [netlink_socket (PID]
db> show all locks
Process 1027 (syz-executor) thread 0xfffffe0054154000 (100512)
shared rw sctpinp (sctpinp) r = 0 (0xfffffe007777fb20) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:4550
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0077619180) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:13193
Process 763 (syz-executor) thread 0xfffffe0054011780 (100088)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007d2c740) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:4022
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0059887e30) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_ktrace.c:1411
exclusive sx ktrace_sx (ktrace_sx) r = 0 (0xffffffff83b50620) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_ktrace.c:425
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 400 5474K 638
tcp_hpts 7 4801K 7
devbuf 4187 4323K 4214
sysctloid 35221 2075K 35296
vtbuf 24 1968K 46
kobj 330 1320K 512
newblk 25 1030K 1514
vfscache 3 1025K 3
pcb 50 694K 244
filedesc 73 582K 445
inodedep 17 518K 546
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 157 302K 1116
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 102 201K 7615
acpica 1674 184K 54426
vmem 5 144K 7
tidhash 3 141K 3
pagedep 12 131K 260
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 107 107K 125
sem 4 106K 4
gtaskqueue 18 98K 18
bus 997 82K 5063
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 522 66K 523
ddb_capture 1 64K 1
umtx 368 46K 368
kdtrace 231 46K 1544
shm 2 34K 11
hostcache 1 32K 1
DEVFS3 126 32K 137
msg 4 30K 4
kbdmux 6 28K 6
temp 32 21K 2323
DEVFS_RULE 56 20K 56
ifaddr 67 19K 69
routetbl 145 19K 455
LRO 18 19K 18
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
lltable 47 15K 47
ithread 90 15K 90
bus-sc 34 15K 1647
eventhandler 163 14K 163
ifnet 7 13K 7
ether_multi 152 13K 189
kenv 95 12K 95
GEOM 54 12K 498
CAM queue 5 11K 1528
rman 82 10K 437
shmfd 4 10K 8
rpc 8 9K 8
in6_multi 65 9K 67
bmsafemap 2 9K 437
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 2
pfs_vncache 1 8K 1
audit_evclass 240 8K 303
taskqueue 72 8K 90
kqueue 78 7K 1329
sglist 6 7K 6
CAM DEV 3 6K 510
cred 22 6K 286
sctp_atcl 15 6K 87
pfs_nodes 22 6K 22
crypto 12 5K 49
ufs_dirhash 24 5K 36
pf_ifnet 11 5K 20
UMA 269 5K 269
pwddesc 67 5K 1051
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
md_disk 1 4K 3
evdev 4 4K 4
plimit 10 4K 549
acpisem 28 4K 28
DEVFSP 52 4K 218
mount 23 4K 660
terminal 11 3K 11
uidinfo 5 3K 17
acpidev 20 3K 20
lockf 22 3K 100
hhook 8 3K 10
clone 9 3K 10
kcovinfo 36 3K 36
sctp_stro 2 2K 4
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 13
CC Mem 15 2K 256
Unitno 33 2K 58
BPF 8 2K 28
sctp_ifa 13 2K 14
CAM XPT 22 2K 543
in_multi 6 2K 12
tun 4 2K 4
selfd 24 2K 186203
toponodes 6 2K 6
proc-args 67 2K 2089
ipsecpolicy 2 2K 2
msi 9 2K 9
netlink 2 2K 82
inpcbpolicy 34 2K 580
sctp_stri 2 1K 6
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 42
NFSD session 1 1K 1
cryptodev 14 1K 241
CAM periph 4 1K 271
ip6opt 6 1K 22
sctp_atky 18 1K 95
osd 20 1K 272
sctp_ifn 6 1K 14
ipsec 3 1K 3
newdirblk 6 1K 229
diradd 6 1K 415
freefile 6 1K 312
mld 6 1K 6
igmp 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
pci_link 10 1K 10
mkdir 5 1K 456
encap_export_host 12 1K 12
session 5 1K 46
sctp_timw 2 1K 2
dirrem 2 1K 396
indirdep 2 1K 297
select 4 1K 55
cdev 2 1K 2
lkpikmalloc 8 1K 9
counter_rate 13 1K 13
chacha20random 1 1K 1
biobuf 1 1K 1
vnodes 2 1K 3
ktls 3 1K 34
freework 2 1K 315
freeblks 1 1K 246
freefrag 2 1K 55
ip6_msource 4 1K 6
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
sctp_athm 15 1K 90
feeder 7 1K 7
tcpfunc 3 1K 3
loginclass 3 1K 5
prison 6 1K 6
filedesc_to_leader 3 1K 6
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
ktls_ocf 1 1K 6
ip_msource 2 1K 8
aio 4 1K 6
eventfd 1 1K 4
pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_vrf 1 1K 1
sctp_map 4 1K 8
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 33
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
ext2_mount 0 0K 0
ext2_node 0 0K 0
ext2_extents 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 29
sctp_iter 0 0K 11
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 11
sctp_aadr 0 0K 0
mqdata 0 0K 0
tcp_pcm_rack 0 0K 3
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 6
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
filemon 0 0K 3
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
NMI handlers 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
amdiommu_dom 0 0K 0
amdiommu_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 486
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 22
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6_moptions 0 0K 6
in6_mfilter 0 0K 13
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_moptions 0 0K 10
in_mfilter 0 0K 15
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 21
fadvise 0 0K 1
VN POLL 0 0K 3
statfs 0 0K 186
namei_tracker 0 0K 5
inotify 0 0K 71
export_host 0 0K 0
cl_savebuf 0 0K 24
lio 0 0K 8
acl 0 0K 0
soname 0 0K 3577
mbuf_tag 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
procdesc 0 0K 8
iov 0 0K 14481
ioctlops 0 0K 133
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 380
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 668
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 3
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
filecaps 0 0K 74
sigio 0 0K 4
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 84
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 1
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mpi3mrbuf 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 175
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 70
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8336 1062 13268 0 254 38494208 0
mbuf 256 8945 717 19298 0 254 2473472 0
malloc-64 64 386 33697 188128 0 254 2181312 0
BUF TRIE 152 274 11530 1483 0 62 1794208 0
malloc-384 384 4164 36 4259 0 30 1612800 0
malloc-128 128 11539 179 11606 0 126 1499904 0
tcp_log 416 2982 582 8558 0 254 1482624 0
malloc-4096 4096 334 10 1087 0 2 1409024 0
UMA Slabs 0 112 11081 1 11081 0 126 1241184 0
malloc-65536 65536 16 2 21 0 1 1179648 0
RADIX NODE 152 6931 162 34912 0 62 1078136 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 17325 138 17325 0 254 977928 0
FFS inode 1168 568 27 892 0 8 694960 0
malloc-16384 16384 37 3 221 0 1 655360 0
256 Bucket 2048 274 22 1494 0 8 606208 0
sctp_ep 1152 11 500 80 0 254 588672 0
sctp_asoc 2256 2 253 4 0 254 575280 0
socket 1024 57 451 1987 0 254 520192 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 190 0 0 2 498560 0
THREAD 1860 163 21 513 0 8 342240 0
VM OBJECT 248 1114 262 15900 0 62 341248 0
malloc-4096 4096 67 9 1029 0 2 311296 0
VNODE 440 606 87 933 0 30 304920 0
malloc-64 64 3872 223 3891 0 254 262080 0
malloc-2048 2048 106 14 144 0 8 245760 0
malloc-16 16 14527 223 14853 0 254 236000 0
malloc-32768 32768 7 0 7 0 1 229376 0
DEVCTL 1024 27 193 154 0 0 225280 0
malloc-32768 32768 0 6 256 0 1 196608 0
malloc-128 128 1326 193 25909 0 126 194432 0
sctp_raddr 736 2 262 4 0 254 194304 0
malloc-32 32 5367 555 5943 0 254 189504 0
UMA Zones 768 241 3 241 0 16 187392 0
MAP ENTRY 96 1440 450 52455 0 126 181440 0
FPU_save_area 832 165 51 746 0 16 179712 0
FFS2 dinode 256 568 122 891 0 62 176640 0
lkpimm 56 1 3095 1 0 254 173376 0
unpcb 320 10 506 1284 0 254 165120 0
malloc-1024 1024 140 20 187 0 16 163840 0
S VFS Cache 104 1049 472 1452 0 126 158184 0
malloc-256 256 25 545 2006 0 62 145920 0
malloc-65536 65536 0 2 61 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-65536 65536 1 1 9 0 1 131072 0
malloc-2048 2048 18 46 1129 0 8 131072 0
mbuf_packet 256 17 491 476 0 254 130048 0
PROC 1376 66 22 1029 0 8 121088 0
tcp_inpcb 1304 15 75 256 0 8 117360 0
ksiginfo 112 75 969 307 0 126 116928 0
malloc-256 256 220 215 1431 0 62 111360 0
malloc-128 128 637 138 1431 0 126 99200 0
malloc-256 256 275 100 1121 0 62 96000 0
filedesc0 1072 67 17 1051 0 8 90048 0
UMA Kegs 384 227 6 227 0 30 89472 0
128 Bucket 1024 57 26 271 0 16 84992 0
malloc-128 128 411 240 1161 0 126 83328 0
malloc-128 128 356 295 1313 0 126 83328 0
malloc-16384 16384 5 0 6 0 1 81920 0
malloc-2048 2048 24 16 62 0 8 81920 0
64 Bucket 512 96 64 2080 0 30 81920 0
sctp_chunk 152 51 469 52 0 254 79040 0
malloc-4096 4096 13 5 66 0 2 73728 0
g_bio 408 0 180 10554 0 30 73440 0
pipe 736 23 76 387 0 16 72864 0
malloc-64 64 644 427 15768 0 254 68544 0
DIRHASH 1024 34 30 43 0 16 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 1 1 15 0 1 65536 0
malloc-32768 32768 0 2 120 0 1 65536 0
malloc-8192 8192 7 1 12 0 1 65536 0
malloc-8192 8192 7 1 9 0 1 65536 0
32 Bucket 256 81 174 525 0 62 65280 0
sctp_stream_msg_out 112 0 540 3 0 254 60480 0
malloc-384 384 99 51 662 0 30 57600 0
malloc-4096 4096 12 2 24 0 2 57344 0
malloc-64 64 537 282 2062 0 254 52416 0
Files 80 189 461 9397 0 126 52000 0
malloc-128 128 9 394 293 0 126 51584 0
malloc-256 256 82 113 1442 0 62 49920 0
NAMEI 1024 2 46 15842 0 16 49152 0
malloc-1024 1024 3 45 1544 0 16 49152 0
pcpu-64 64 501 267 501 0 254 49152 0
malloc-384 384 16 104 546 0 30 46080 0
ripcb 376 6 114 119 0 30 45120 0
syncache 168 0 264 3 0 254 44352 0
malloc-4096 4096 6 4 209 0 2 40960 0
pcpu-8 8 4738 382 4953 0 254 40960 0
VMSPACE 584 43 27 999 0 16 40880 0
ttyinq 160 0 250 570 0 62 40000 0
da_ccb 544 0 70 2739 0 16 38080 0
udp_inpcb 408 10 80 188 0 30 36720 0
malloc-64 64 55 512 110 0 254 36288 0
malloc-64 64 89 478 735 0 254 36288 0
malloc-64 64 79 488 4489 0 254 36288 0
malloc-64 64 9 558 33 0 254 36288 0
malloc-128 128 45 234 155 0 126 35712 0
malloc-128 128 36 243 3678 0 126 35712 0
routing nhops 256 28 107 39 0 62 34560 0
ttyoutq 256 0 135 304 0 62 34560 0
malloc-384 384 59 31 75 0 30 34560 0
malloc-256 256 25 110 168 0 62 34560 0
malloc-256 256 22 113 506 0 62 34560 0
malloc-256 256 60 75 465 0 62 34560 0
malloc-256 256 18 117 675 0 62 34560 0
TURNSTILE 136 185 67 185 0 62 34272 0
SLEEPQUEUE 88 185 199 185 0 126 33792 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-16384 16384 0 2 190 0 1 32768 0
malloc-8192 8192 3 1 45 0 1 32768 0
malloc-2048 2048 1 15 14 0 8 32768 0
malloc-2048 2048 4 12 58 0 8 32768 0
malloc-2048 2048 0 16 76 0 8 32768 0
malloc-2048 2048 4 12 200 0 8 32768 0
malloc-1024 1024 3 29 51 0 16 32768 0
malloc-1024 1024 7 25 346 0 16 32768 0
malloc-1024 1024 12 20 173 0 16 32768 0
malloc-1024 1024 9 23 15 0 16 32768 0
malloc-512 512 1 63 124 0 30 32768 0
malloc-512 512 2 62 17 0 30 32768 0
malloc-512 512 7 57 25 0 30 32768 0
malloc-512 512 3 61 60 0 30 32768 0
malloc-512 512 14 50 97 0 30 32768 0
malloc-512 512 2 62 42 0 30 32768 0
PGRP 120 11 253 52 0 126 31680 0
clpbuf 2624 0 12 49 0 4 31488 0
sctp_laddr 48 2 586 18 0 254 28224 0
rl_entry 48 8 580 165 0 254 28224 0
malloc-32 32 282 600 3029 0 254 28224 0
16 Bucket 144 66 130 358 0 62 28224 0
4 Bucket 48 8 580 12 0 254 28224 0
AIO 208 1 132 40 0 62 27664 0
udplite_inpcb 408 3 60 17 0 30 25704 0
cpuset 200 10 118 22 0 62 25600 0
malloc-8192 8192 1 2 82 0 1 24576 0
malloc-8192 8192 1 2 22 0 1 24576 0
malloc-4096 4096 3 3 8 0 2 24576 0
malloc-4096 4096 1 5 7 0 2 24576 0
ertt_txseginfo 40 1 605 642 0 254 24240 0
PWD 40 39 567 258 0 254 24240 0
rtentry 168 32 112 39 0 62 24192 0
8 Bucket 80 63 237 582 0 126 24000 0
malloc-384 384 12 48 12 0 30 23040 0
malloc-384 384 2 58 346 0 30 23040 0
malloc-384 384 44 16 51 0 30 23040 0
tcp_rack_pcb 1088 0 21 3 0 8 22848 0
domainset 40 0 567 12 0 254 22680 0
Mountpoints 2816 2 6 8 0 4 22528 0
swrbuf 2624 0 8 15 0 4 20992 0
hostcache 64 2 313 2 0 254 20160 0
ertt 72 15 265 256 0 126 20160 0
malloc-32 32 82 548 124 0 254 20160 0
malloc-32 32 81 549 565 0 254 20160 0
malloc-32 32 105 525 1409 0 254 20160 0
malloc-32 32 49 581 2381 0 254 20160 0
malloc-32 32 206 424 1077 0 254 20160 0
malloc-32 32 29 601 132 0 254 20160 0
2 Bucket 32 71 559 456 0 254 20160 0
tcp_rack_map 128 0 155 4 0 126 19840 0
tcp_bbr_map 128 0 155 4 0 126 19840 0
cryptop 280 0 70 11 0 30 19600 0
AIOCB 552 0 35 119 0 16 19320 0
ktls_session 256 1 74 7 0 62 19200 0
L VFS Cache 320 0 60 43 0 30 19200 0
AIOLIO 272 0 70 8 0 30 19040 0
vmem 1856 2 7 2 0 8 16704 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 0 4 9 0 2 16384 0
malloc-1024 1024 4 12 4 0 16 16384 0
malloc-1024 1024 1 15 5 0 16 16384 0
malloc-512 512 1 31 21 0 30 16384 0
SMR CPU 32 8 503 8 0 254 16352 0
tcp_bbr_pcb 896 0 18 2 0 16 16128 0
tcp_log_id_node 120 0 132 1 0 126 15840 0
kenv 258 17 43 1066 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
tcp_log_id_bucket 176 0 69 1 0 62 12144 0
KNOTE 160 7 68 86 0 62 12000 0
malloc-16 16 15 735 85 0 254 12000 0
malloc-16 16 318 432 612 0 254 12000 0
malloc-16 16 75 675 541 0 254 12000 0
malloc-16 16 15 735 1868 0 254 12000 0
malloc-16 16 239 511 4582 0 254 12000 0
malloc-16 16 28 722 24889 0 254 12000 0
malloc-16 16 6 744 16 0 254 12000 0
itimer 352 0 33 2 0 30 11616 0
splice 184 0 63 4 0 62 11592 0
malloc-384 384 2 28 2 0 30 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
pcpu-16 16 8 504 8 0 254 8192 0
vtnet_tx_hdr 24 0 334 1882 0 254 8016 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 15 24 22 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 152 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf fragment node 72 0 0 0 0 126 0 0
pf frags 232 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf UDP mappings 104 0 0 0 0 126 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 384 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_read
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 863dc799f743 ctladm: Use require.kmods for cfiscsi
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=175adfd4580000
dashboard link: https://syzkaller.appspot.com/bug?extid=73fe316271df473230eb
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+73fe31...@syzkaller.appspotmail.com
panic: m_apply, length > size of mbuf chain (8 extra)
cpuid = 0
time = 3
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056f9ec90
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056f9edf0
vpanic() at vpanic+0x257/frame 0xfffffe0056f9efb0
panic() at panic+0xb5/frame 0xfffffe0056f9f070
m_apply() at m_apply+0x665/frame 0xfffffe0056f9f0f0
sctp_delayed_cksum() at sctp_delayed_cksum+0x100/frame 0xfffffe0056f9f1b0
ip6_output_delayed_csum() at ip6_output_delayed_csum+0x21b/frame 0xfffffe0056f9f270
ip6_output() at ip6_output+0x3f0d/frame 0xfffffe0056f9f7b0
sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x1bb2/frame 0xfffffe0056f9fa60
sctp_med_chunk_output() at sctp_med_chunk_output+0x50e9/frame 0xfffffe0056fa0680
sctp_chunk_output() at sctp_chunk_output+0x2135/frame 0xfffffe0056fa12d0
sctp_lower_sosend() at sctp_lower_sosend+0x1f7c/frame 0xfffffe0056fa1700
sctp_sosend() at sctp_sosend+0x631/frame 0xfffffe0056fa19a0
sousrsend() at sousrsend+0x112/frame 0xfffffe0056fa1a30
kern_sendit() at kern_sendit+0x4fe/frame 0xfffffe0056fa1b90
sendit() at sendit+0x15f/frame 0xfffffe0056fa1bf0
sys_sendto() at sys_sendto+0x181/frame 0xfffffe0056fa1d10
amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056fa1f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056fa1f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a1afa, rsp = 0x8245fdf08, rbp = 0x8245fdf80 ---
KDB: enter: panic
[ thread pid 1027 tid 100512 ]
Stopped at kdb_enter+0x6e: movq $0,0x25c5097(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe006e600000
rdx 0x7ffff
rbx 0xffffffff827c9a00 .str.27
rsp 0xfffffe0056f9edd0
rbp 0xfffffe0056f9edf0
rsi 0x80001
rdi 0xffffffff81613ec9 printf+0x149
r8 0
r9 0xffffffff
r10 0x3
r11 0x3
r12 0xfffffe0054154000
r13 0xfffffffffffffffe
r14 0xffffffff827c9a00 .str.27
r15 0
rip 0xffffffff815fd9fe kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25c5097(%rip)
db> show proc
Process 1027 (syz-executor) at 0xfffffe00540df020:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 763 at 0xfffffe0054004040
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0007809040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00540d56d8
(map 0xfffffe00540d56d8)
(map.pmap 0xfffffe00540d5778)
(pmap 0xfffffe00540d57e8)
threads: 2
100107 RunQ syz-executor
100512 Run CPU 0 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1028 1026 764 0 S uwait 0xfffffe005814f180 syz-executor
1027 763 763 0 R (threaded) syz-executor
100107 RunQ syz-executor
100512 Run CPU 0 syz-executor
1026 764 764 0 R (threaded) syz-executor
100116 RunQ syz-executor
100511 S sigwait 0xfffffe00540e1670 syz-executor
100513 RunQ syz-executor
1024 1 764 0 S uwait 0xfffffe005814f380 syz-executor
1023 1 764 0 S uwait 0xfffffe0058151400 syz-executor
1022 1 764 0 S uwait 0xfffffe005814f480 syz-executor
1021 1019 765 0 SV uwait 0xfffffe005814f580 syz-executor
1019 765 765 0 D (threaded) syz-executor
100404 S nanslp 0xffffffff83ba3c81 syz-executor
100502 D ppwait 0xfffffe00540de500 syz-executor
100504 S uwait 0xfffffe0077af4d80 syz-executor
100508 S uwait 0xfffffe0077af5200 syz-executor
100509 S uwait 0xfffffe0077735680 syz-executor
100510 S uwait 0xfffffe0007775c80 syz-executor
1008 1 1006 0 S uwait 0xfffffe005814fe80 syz-executor
1007 1 763 0 S uwait 0xfffffe0058502900 syz-executor
1002 1 765 0 S uwait 0xfffffe0058152580 syz-executor
998 1 766 0 SV uwait 0xfffffe0058150780 syz-executor
989 1 764 0 SV uwait 0xfffffe0007775200 syz-executor
988 0 0 0 DL (threaded) [so_splice]
100442 D - 0xfffffe000778d100 [thr_0]
100443 D - 0xfffffe000778d140 [thr_1]
986 1 764 -1 S uwait 0xfffffe0058152480 syz-executor
976 1 766 0 S uwait 0xfffffe0058151300 syz-executor
972 1 763 0 S uwait 0xfffffe0077736100 syz-executor
969 1 765 0 S uwait 0xfffffe0058502400 syz-executor
967 1 763 0 S uwait 0xfffffe0058502700 syz-executor
955 1 951 0 S uwait 0xfffffe0077735d80 syz-executor
950 1 765 0 S uwait 0xfffffe0077735980 syz-executor
942 1 764 0 S uwait 0xfffffe0007775980 syz-executor
925 1 765 0 S uwait 0xfffffe005814f900 syz-executor
915 0 0 0 DL mdwait 0xfffffe0077ab2000 [md1]
914 1 766 0 S uwait 0xfffffe0077735a80 syz-executor
900 1 766 0 S uwait 0xfffffe0007775b80 syz-executor
893 1 763 0 S uwait 0xfffffe005814fa00 syz-executor
886 1 763 0 S uwait 0xfffffe0077736200 syz-executor
883 0 0 0 DL - 0xffffffff83b4e4a0 [accounting]
882 1 763 60928 S uwait 0xfffffe0058503080 syz-executor
875 1 764 0 S uwait 0xfffffe0077736300 syz-executor
869 1 764 0 S uwait 0xfffffe0058502200 syz-executor
865 1 765 0 S uwait 0xfffffe0007775780 syz-executor
855 1 766 0 S uwait 0xfffffe0058152d00 syz-executor
846 1 765 0 S uwait 0xfffffe0007775100 syz-executor
838 1 765 0 S uwait 0xfffffe0058501c00 syz-executor
828 1 828 0 SV uwait 0xfffffe0058502600 syz-executor
827 1 824 0 S uwait 0xfffffe0058502300 syz-executor
825 0 0 0 DL (threaded) [KTLS]
100132 D - 0xfffffe00596f2100 [thr_0]
100149 D - 0xfffffe00596f2180 [thr_1]
100150 D - 0xffffffff83cb5528 [reclaim_0]
817 0 0 0 DL aiordy 0xfffffe0054106020 [aiod4]
816 0 0 0 DL aiordy 0xfffffe0054106580 [aiod3]
815 0 0 0 DL aiordy 0xfffffe0054106ae0 [aiod2]
814 0 0 0 DL aiordy 0xfffffe0054107040 [aiod1]
766 762 766 0 R syz-executor
765 762 765 0 R syz-executor
764 762 764 0 S nanslp 0xffffffff83ba3c81 syz-executor
763 762 763 0 R CPU 1 syz-executor
762 760 760 0 S select 0xfffffe0058649a40 syz-executor
760 758 760 0 Ss sigsusp 0xfffffe005400d110 csh
758 1 758 0 Ss select 0xfffffe00077e5440 sshd
16 0 0 0 DL syncer 0xffffffff83cc1720 [syncer]
15 0 0 0 DL vlruwt 0xfffffe0054002560 [vnlru]
14 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83cbfc60 [bufdaemon]
100082 D - 0xffffffff83001ec0 [bufspacedaemon-0]
100095 D sdflush 0xfffffe00582a30e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d0abc0 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83cf0c88 [dom0]
100080 D launds 0xffffffff83cf0c94 [laundry: dom0]
100081 D umarcl 0xffffffff81ddfbb0 [uma]
7 0 0 0 DL - 0xffffffff8391c5d8 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff843b29e0 [pf purge]
5 0 0 0 DL waiting 0xffffffff848f6700 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100045 D - 0xffffffff838e6340 [doneq0]
100046 D - 0xffffffff838e62c0 [async]
100075 D - 0xffffffff838e6140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100042 D crypto_ 0xffffffff83cec540 [crypto]
100043 D crypto_ 0xfffffe0053eb5a30 [crypto returns 0]
100044 D crypto_ 0xfffffe0053eb5a80 [crypto returns 1]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b4c620 [g_event]
100038 D - 0xffffffff83b4c640 [g_up]
100039 D - 0xffffffff83b4c660 [g_down]
2 0 0 0 RL (threaded) [clock]
100031 I [clock (0)]
100032 RunQ [clock (1)]
12 0 0 0 WL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100047 I [irq24: virtio_pci0]
100048 I [irq25: virtio_pci0]
100049 I [irq26: virtio_pci0]
100050 I [irq27: virtio_pci0]
100051 I [irq28: virtio_pci1]
100052 I [irq29: virtio_pci1]
100053 I [irq30: virtio_pci1]
100054 I [irq31: virtio_pci1]
100055 I [irq32: virtio_pci1]
100060 I [irq10: virtio_pci2]
100062 I [irq1: atkbd0]
100063 I [irq12: psm0]
100064 I [swi0: uart uart++]
100068 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0007809040 [init]
10 0 0 0 DL audit_w 0xffffffff83cecfe0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c3dff0 [swapper]
100005 D - 0xfffffe0053eb6100 [softirq_0]
100006 D - 0xfffffe0053eb6000 [softirq_1]
100007 D - 0xfffffe0053eb5e00 [if_io_tqg_0]
100008 D - 0xfffffe0053eb5d00 [if_io_tqg_1]
100009 D - 0xfffffe0053eb5c00 [if_config_tqg_0]
100010 D - 0xfffffe00083f7d00 [kqueue_ctx taskq]
100011 D - 0xfffffe00083f7c00 [jail_remove taskq]
100012 D - 0xfffffe00083f7b00 [bus taskq]
100015 D - 0xfffffe00083f7800 [thread taskq]
100017 D - 0xfffffe00083f7600 [aiod_kick taskq]
100018 D - 0xfffffe00083f7500 [deferred_unmount ta]
100019 D - 0xfffffe00083f7400 [inm_free taskq]
100020 D - 0xfffffe00083f7300 [in6m_free taskq]
100021 D - 0xfffffe00083f7200 [linuxkpi_irq_wq]
100022 D - 0xfffffe00083f7100 [linuxkpi_short_wq_0]
100023 D - 0xfffffe00083f7100 [linuxkpi_short_wq_1]
100024 D - 0xfffffe00083f7100 [linuxkpi_short_wq_2]
100025 D - 0xfffffe00083f7100 [linuxkpi_short_wq_3]
100026 D - 0xfffffe00083f7000 [linuxkpi_long_wq_0]
100027 D - 0xfffffe00083f7000 [linuxkpi_long_wq_1]
100028 D - 0xfffffe00083f7000 [linuxkpi_long_wq_2]
100029 D - 0xfffffe00083f7000 [linuxkpi_long_wq_3]
100036 D - 0xfffffe00083f6e00 [firmware taskq]
100040 D - 0xfffffe00083f6b00 [crypto_0]
100041 D - 0xfffffe00083f6b00 [crypto_1]
100056 D - 0xfffffe00083f6900 [vtnet0 rxq 0]
100057 D - 0xfffffe00083f6800 [vtnet0 txq 0]
100058 D - 0xfffffe00083f6700 [vtnet0 rxq 1]
100059 D - 0xfffffe00083f6600 [vtnet0 txq 1]
100061 D vtbslp 0xfffffe0057d7d700 [virtio_balloon]
100065 D - 0xffffffff827cede0 [deadlkres]
100069 D - 0xfffffe005857c600 [acpi_task_0]
100070 D - 0xfffffe005857c600 [acpi_task_1]
100071 D - 0xfffffe005857c600 [acpi_task_2]
100073 D - 0xfffffe00083f8100 [mca taskq]
100074 D - 0xfffffe00083f6a00 [CAM taskq]
100076 D - 0xfffffe00083f6300 [ipsec_offload]
100221 D - 0xfffffe00083f4a00 [netlink_socket (PID]
db> show all locks
Process 1027 (syz-executor) thread 0xfffffe0054154000 (100512)
shared rw sctpinp (sctpinp) r = 0 (0xfffffe007777fb20) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:4550
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0077619180) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:13193
Process 763 (syz-executor) thread 0xfffffe0054011780 (100088)
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007d2c740) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:4022
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0059887e30) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_ktrace.c:1411
exclusive sx ktrace_sx (ktrace_sx) r = 0 (0xffffffff83b50620) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_ktrace.c:425
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 400 5474K 638
tcp_hpts 7 4801K 7
devbuf 4187 4323K 4214
sysctloid 35221 2075K 35296
vtbuf 24 1968K 46
kobj 330 1320K 512
newblk 25 1030K 1514
vfscache 3 1025K 3
pcb 50 694K 244
filedesc 73 582K 445
inodedep 17 518K 546
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 157 302K 1116
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 102 201K 7615
acpica 1674 184K 54426
vmem 5 144K 7
tidhash 3 141K 3
pagedep 12 131K 260
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 107 107K 125
sem 4 106K 4
gtaskqueue 18 98K 18
bus 997 82K 5063
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 522 66K 523
ddb_capture 1 64K 1
umtx 368 46K 368
kdtrace 231 46K 1544
shm 2 34K 11
hostcache 1 32K 1
DEVFS3 126 32K 137
msg 4 30K 4
kbdmux 6 28K 6
temp 32 21K 2323
DEVFS_RULE 56 20K 56
ifaddr 67 19K 69
routetbl 145 19K 455
LRO 18 19K 18
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
lltable 47 15K 47
ithread 90 15K 90
bus-sc 34 15K 1647
eventhandler 163 14K 163
ifnet 7 13K 7
ether_multi 152 13K 189
kenv 95 12K 95
GEOM 54 12K 498
CAM queue 5 11K 1528
rman 82 10K 437
shmfd 4 10K 8
rpc 8 9K 8
in6_multi 65 9K 67
bmsafemap 2 9K 437
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 2
pfs_vncache 1 8K 1
audit_evclass 240 8K 303
taskqueue 72 8K 90
kqueue 78 7K 1329
sglist 6 7K 6
CAM DEV 3 6K 510
cred 22 6K 286
sctp_atcl 15 6K 87
pfs_nodes 22 6K 22
crypto 12 5K 49
ufs_dirhash 24 5K 36
pf_ifnet 11 5K 20
UMA 269 5K 269
pwddesc 67 5K 1051
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
md_disk 1 4K 3
evdev 4 4K 4
plimit 10 4K 549
acpisem 28 4K 28
DEVFSP 52 4K 218
mount 23 4K 660
terminal 11 3K 11
uidinfo 5 3K 17
acpidev 20 3K 20
lockf 22 3K 100
hhook 8 3K 10
clone 9 3K 10
kcovinfo 36 3K 36
sctp_stro 2 2K 4
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
ip6ndp 12 2K 13
CC Mem 15 2K 256
Unitno 33 2K 58
BPF 8 2K 28
sctp_ifa 13 2K 14
CAM XPT 22 2K 543
in_multi 6 2K 12
tun 4 2K 4
selfd 24 2K 186203
toponodes 6 2K 6
proc-args 67 2K 2089
ipsecpolicy 2 2K 2
msi 9 2K 9
netlink 2 2K 82
inpcbpolicy 34 2K 580
sctp_stri 2 1K 6
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
vnodemarker 2 1K 42
NFSD session 1 1K 1
cryptodev 14 1K 241
CAM periph 4 1K 271
ip6opt 6 1K 22
sctp_atky 18 1K 95
osd 20 1K 272
sctp_ifn 6 1K 14
ipsec 3 1K 3
newdirblk 6 1K 229
diradd 6 1K 415
freefile 6 1K 312
mld 6 1K 6
igmp 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
pci_link 10 1K 10
mkdir 5 1K 456
encap_export_host 12 1K 12
session 5 1K 46
sctp_timw 2 1K 2
dirrem 2 1K 396
indirdep 2 1K 297
select 4 1K 55
cdev 2 1K 2
lkpikmalloc 8 1K 9
counter_rate 13 1K 13
chacha20random 1 1K 1
biobuf 1 1K 1
vnodes 2 1K 3
ktls 3 1K 34
freework 2 1K 315
freeblks 1 1K 246
freefrag 2 1K 55
ip6_msource 4 1K 6
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
sctp_athm 15 1K 90
feeder 7 1K 7
tcpfunc 3 1K 3
loginclass 3 1K 5
prison 6 1K 6
filedesc_to_leader 3 1K 6
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
ktls_ocf 1 1K 6
ip_msource 2 1K 8
aio 4 1K 6
eventfd 1 1K 4
pmchooks 1 1K 1
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_vrf 1 1K 1
sctp_map 4 1K 8
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 33
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
ext2_mount 0 0K 0
ext2_node 0 0K 0
ext2_extents 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 29
sctp_iter 0 0K 11
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 11
sctp_aadr 0 0K 0
mqdata 0 0K 0
tcp_pcm_rack 0 0K 3
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 6
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
filemon 0 0K 3
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
NMI handlers 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
amdiommu_dom 0 0K 0
amdiommu_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 486
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 22
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6_moptions 0 0K 6
in6_mfilter 0 0K 13
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_moptions 0 0K 10
in_mfilter 0 0K 15
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 21
fadvise 0 0K 1
VN POLL 0 0K 3
statfs 0 0K 186
namei_tracker 0 0K 5
inotify 0 0K 71
export_host 0 0K 0
cl_savebuf 0 0K 24
lio 0 0K 8
acl 0 0K 0
soname 0 0K 3577
mbuf_tag 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
procdesc 0 0K 8
iov 0 0K 14481
ioctlops 0 0K 133
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 380
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 668
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 3
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
filecaps 0 0K 74
sigio 0 0K 4
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 84
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 1
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mpi3mrbuf 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 175
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 70
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8336 1062 13268 0 254 38494208 0
mbuf 256 8945 717 19298 0 254 2473472 0
malloc-64 64 386 33697 188128 0 254 2181312 0
BUF TRIE 152 274 11530 1483 0 62 1794208 0
malloc-384 384 4164 36 4259 0 30 1612800 0
malloc-128 128 11539 179 11606 0 126 1499904 0
tcp_log 416 2982 582 8558 0 254 1482624 0
malloc-4096 4096 334 10 1087 0 2 1409024 0
UMA Slabs 0 112 11081 1 11081 0 126 1241184 0
malloc-65536 65536 16 2 21 0 1 1179648 0
RADIX NODE 152 6931 162 34912 0 62 1078136 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 17325 138 17325 0 254 977928 0
FFS inode 1168 568 27 892 0 8 694960 0
malloc-16384 16384 37 3 221 0 1 655360 0
256 Bucket 2048 274 22 1494 0 8 606208 0
sctp_ep 1152 11 500 80 0 254 588672 0
sctp_asoc 2256 2 253 4 0 254 575280 0
socket 1024 57 451 1987 0 254 520192 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 190 0 0 2 498560 0
THREAD 1860 163 21 513 0 8 342240 0
VM OBJECT 248 1114 262 15900 0 62 341248 0
malloc-4096 4096 67 9 1029 0 2 311296 0
VNODE 440 606 87 933 0 30 304920 0
malloc-64 64 3872 223 3891 0 254 262080 0
malloc-2048 2048 106 14 144 0 8 245760 0
malloc-16 16 14527 223 14853 0 254 236000 0
malloc-32768 32768 7 0 7 0 1 229376 0
DEVCTL 1024 27 193 154 0 0 225280 0
malloc-32768 32768 0 6 256 0 1 196608 0
malloc-128 128 1326 193 25909 0 126 194432 0
sctp_raddr 736 2 262 4 0 254 194304 0
malloc-32 32 5367 555 5943 0 254 189504 0
UMA Zones 768 241 3 241 0 16 187392 0
MAP ENTRY 96 1440 450 52455 0 126 181440 0
FPU_save_area 832 165 51 746 0 16 179712 0
FFS2 dinode 256 568 122 891 0 62 176640 0
lkpimm 56 1 3095 1 0 254 173376 0
unpcb 320 10 506 1284 0 254 165120 0
malloc-1024 1024 140 20 187 0 16 163840 0
S VFS Cache 104 1049 472 1452 0 126 158184 0
malloc-256 256 25 545 2006 0 62 145920 0
malloc-65536 65536 0 2 61 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-65536 65536 1 1 9 0 1 131072 0
malloc-2048 2048 18 46 1129 0 8 131072 0
mbuf_packet 256 17 491 476 0 254 130048 0
PROC 1376 66 22 1029 0 8 121088 0
tcp_inpcb 1304 15 75 256 0 8 117360 0
ksiginfo 112 75 969 307 0 126 116928 0
malloc-256 256 220 215 1431 0 62 111360 0
malloc-128 128 637 138 1431 0 126 99200 0
malloc-256 256 275 100 1121 0 62 96000 0
filedesc0 1072 67 17 1051 0 8 90048 0
UMA Kegs 384 227 6 227 0 30 89472 0
128 Bucket 1024 57 26 271 0 16 84992 0
malloc-128 128 411 240 1161 0 126 83328 0
malloc-128 128 356 295 1313 0 126 83328 0
malloc-16384 16384 5 0 6 0 1 81920 0
malloc-2048 2048 24 16 62 0 8 81920 0
64 Bucket 512 96 64 2080 0 30 81920 0
sctp_chunk 152 51 469 52 0 254 79040 0
malloc-4096 4096 13 5 66 0 2 73728 0
g_bio 408 0 180 10554 0 30 73440 0
pipe 736 23 76 387 0 16 72864 0
malloc-64 64 644 427 15768 0 254 68544 0
DIRHASH 1024 34 30 43 0 16 65536 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 1 1 15 0 1 65536 0
malloc-32768 32768 0 2 120 0 1 65536 0
malloc-8192 8192 7 1 12 0 1 65536 0
malloc-8192 8192 7 1 9 0 1 65536 0
32 Bucket 256 81 174 525 0 62 65280 0
sctp_stream_msg_out 112 0 540 3 0 254 60480 0
malloc-384 384 99 51 662 0 30 57600 0
malloc-4096 4096 12 2 24 0 2 57344 0
malloc-64 64 537 282 2062 0 254 52416 0
Files 80 189 461 9397 0 126 52000 0
malloc-128 128 9 394 293 0 126 51584 0
malloc-256 256 82 113 1442 0 62 49920 0
NAMEI 1024 2 46 15842 0 16 49152 0
malloc-1024 1024 3 45 1544 0 16 49152 0
pcpu-64 64 501 267 501 0 254 49152 0
malloc-384 384 16 104 546 0 30 46080 0
ripcb 376 6 114 119 0 30 45120 0
syncache 168 0 264 3 0 254 44352 0
malloc-4096 4096 6 4 209 0 2 40960 0
pcpu-8 8 4738 382 4953 0 254 40960 0
VMSPACE 584 43 27 999 0 16 40880 0
ttyinq 160 0 250 570 0 62 40000 0
da_ccb 544 0 70 2739 0 16 38080 0
udp_inpcb 408 10 80 188 0 30 36720 0
malloc-64 64 55 512 110 0 254 36288 0
malloc-64 64 89 478 735 0 254 36288 0
malloc-64 64 79 488 4489 0 254 36288 0
malloc-64 64 9 558 33 0 254 36288 0
malloc-128 128 45 234 155 0 126 35712 0
malloc-128 128 36 243 3678 0 126 35712 0
routing nhops 256 28 107 39 0 62 34560 0
ttyoutq 256 0 135 304 0 62 34560 0
malloc-384 384 59 31 75 0 30 34560 0
malloc-256 256 25 110 168 0 62 34560 0
malloc-256 256 22 113 506 0 62 34560 0
malloc-256 256 60 75 465 0 62 34560 0
malloc-256 256 18 117 675 0 62 34560 0
TURNSTILE 136 185 67 185 0 62 34272 0
SLEEPQUEUE 88 185 199 185 0 126 33792 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-16384 16384 0 2 190 0 1 32768 0
malloc-8192 8192 3 1 45 0 1 32768 0
malloc-2048 2048 1 15 14 0 8 32768 0
malloc-2048 2048 4 12 58 0 8 32768 0
malloc-2048 2048 0 16 76 0 8 32768 0
malloc-2048 2048 4 12 200 0 8 32768 0
malloc-1024 1024 3 29 51 0 16 32768 0
malloc-1024 1024 7 25 346 0 16 32768 0
malloc-1024 1024 12 20 173 0 16 32768 0
malloc-1024 1024 9 23 15 0 16 32768 0
malloc-512 512 1 63 124 0 30 32768 0
malloc-512 512 2 62 17 0 30 32768 0
malloc-512 512 7 57 25 0 30 32768 0
malloc-512 512 3 61 60 0 30 32768 0
malloc-512 512 14 50 97 0 30 32768 0
malloc-512 512 2 62 42 0 30 32768 0
PGRP 120 11 253 52 0 126 31680 0
clpbuf 2624 0 12 49 0 4 31488 0
sctp_laddr 48 2 586 18 0 254 28224 0
rl_entry 48 8 580 165 0 254 28224 0
malloc-32 32 282 600 3029 0 254 28224 0
16 Bucket 144 66 130 358 0 62 28224 0
4 Bucket 48 8 580 12 0 254 28224 0
AIO 208 1 132 40 0 62 27664 0
udplite_inpcb 408 3 60 17 0 30 25704 0
cpuset 200 10 118 22 0 62 25600 0
malloc-8192 8192 1 2 82 0 1 24576 0
malloc-8192 8192 1 2 22 0 1 24576 0
malloc-4096 4096 3 3 8 0 2 24576 0
malloc-4096 4096 1 5 7 0 2 24576 0
ertt_txseginfo 40 1 605 642 0 254 24240 0
PWD 40 39 567 258 0 254 24240 0
rtentry 168 32 112 39 0 62 24192 0
8 Bucket 80 63 237 582 0 126 24000 0
malloc-384 384 12 48 12 0 30 23040 0
malloc-384 384 2 58 346 0 30 23040 0
malloc-384 384 44 16 51 0 30 23040 0
tcp_rack_pcb 1088 0 21 3 0 8 22848 0
domainset 40 0 567 12 0 254 22680 0
Mountpoints 2816 2 6 8 0 4 22528 0
swrbuf 2624 0 8 15 0 4 20992 0
hostcache 64 2 313 2 0 254 20160 0
ertt 72 15 265 256 0 126 20160 0
malloc-32 32 82 548 124 0 254 20160 0
malloc-32 32 81 549 565 0 254 20160 0
malloc-32 32 105 525 1409 0 254 20160 0
malloc-32 32 49 581 2381 0 254 20160 0
malloc-32 32 206 424 1077 0 254 20160 0
malloc-32 32 29 601 132 0 254 20160 0
2 Bucket 32 71 559 456 0 254 20160 0
tcp_rack_map 128 0 155 4 0 126 19840 0
tcp_bbr_map 128 0 155 4 0 126 19840 0
cryptop 280 0 70 11 0 30 19600 0
AIOCB 552 0 35 119 0 16 19320 0
ktls_session 256 1 74 7 0 62 19200 0
L VFS Cache 320 0 60 43 0 30 19200 0
AIOLIO 272 0 70 8 0 30 19040 0
vmem 1856 2 7 2 0 8 16704 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 0 4 9 0 2 16384 0
malloc-1024 1024 4 12 4 0 16 16384 0
malloc-1024 1024 1 15 5 0 16 16384 0
malloc-512 512 1 31 21 0 30 16384 0
SMR CPU 32 8 503 8 0 254 16352 0
tcp_bbr_pcb 896 0 18 2 0 16 16128 0
tcp_log_id_node 120 0 132 1 0 126 15840 0
kenv 258 17 43 1066 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
tcp_log_id_bucket 176 0 69 1 0 62 12144 0
KNOTE 160 7 68 86 0 62 12000 0
malloc-16 16 15 735 85 0 254 12000 0
malloc-16 16 318 432 612 0 254 12000 0
malloc-16 16 75 675 541 0 254 12000 0
malloc-16 16 15 735 1868 0 254 12000 0
malloc-16 16 239 511 4582 0 254 12000 0
malloc-16 16 28 722 24889 0 254 12000 0
malloc-16 16 6 744 16 0 254 12000 0
itimer 352 0 33 2 0 30 11616 0
splice 184 0 63 4 0 62 11592 0
malloc-384 384 2 28 2 0 30 11520 0
malloc-8192 8192 1 0 1 0 1 8192 0
pcpu-16 16 8 504 8 0 254 8192 0
vtnet_tx_hdr 24 0 334 1882 0 254 8016 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 15 24 22 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 152 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf fragment node 72 0 0 0 0 126 0 0
pf frags 232 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf UDP mappings 104 0 0 0 0 126 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 384 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_read
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jul 23, 2025, 7:39:34 PM7/23/25
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 863dc799f743 ctladm: Use require.kmods for cfiscsi
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=1253ff22580000
dashboard link: https://syzkaller.appspot.com/bug?extid=73fe316271df473230eb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17731b82580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17d6dfd4580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+73fe31...@syzkaller.appspotmail.com
panic: m_apply, length > size of mbuf chain (8 extra)
cpuid = 1
time = 1753313919
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056c64c90
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056c64df0
vpanic() at vpanic+0x257/frame 0xfffffe0056c64fb0
panic() at panic+0xb5/frame 0xfffffe0056c65070
m_apply() at m_apply+0x665/frame 0xfffffe0056c650f0
sctp_delayed_cksum() at sctp_delayed_cksum+0x100/frame 0xfffffe0056c651b0
ip6_output_delayed_csum() at ip6_output_delayed_csum+0x21b/frame 0xfffffe0056c65270
ip6_output() at ip6_output+0x3f0d/frame 0xfffffe0056c657b0
sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x1bb2/frame 0xfffffe0056c65a60
sctp_med_chunk_output() at sctp_med_chunk_output+0x50e9/frame 0xfffffe0056c66680
sctp_chunk_output() at sctp_chunk_output+0x2135/frame 0xfffffe0056c672d0
sctp_lower_sosend() at sctp_lower_sosend+0x1f7c/frame 0xfffffe0056c67700
sctp_sosend() at sctp_sosend+0x631/frame 0xfffffe0056c679a0
sousrsend() at sousrsend+0x112/frame 0xfffffe0056c67a30
kern_sendit() at kern_sendit+0x4fe/frame 0xfffffe0056c67b90
sendit() at sendit+0x15f/frame 0xfffffe0056c67bf0
sys_sendto() at sys_sendto+0x181/frame 0xfffffe0056c67d10
amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056c67f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056c67f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a1afa, rsp = 0x820dd9fc8, rbp = 0x820dda040 ---
KDB: enter: panic
[ thread pid 836 tid 100090 ]
rdx 0xdffff7c000000000
rbx 0xffffffff827c9a00 .str.27
rsp 0xfffffe0056c64dd0
rbp 0xfffffe0056c64df0
rsi 0
rdi 0xffffffff830004e8 panicstr
r13 0xfffffffffffffffd
ABI: FreeBSD ELF64
flag: 0x10000000 flag2: 0
(map 0xfffffe005410edb0)
(map.pmap 0xfffffe005410ee50)
(pmap 0xfffffe005410eec0)
threads: 1
100090 Run CPU 1 syz-executor
832 824 832 0 Ss select 0xfffffe00077e50c0 dhclient
827 1 827 0 Ss select 0xfffffe00077e5140 dhclient
824 814 423 65 S select 0xfffffe00077e4c40 dhclient
820 773 820 0 S nanslp 0xffffffff83ba3c80 syz-executor
814 423 423 0 S wait 0xfffffe005400c040 sh
773 772 770 0 S select 0xfffffe00077e4d40 syz-executor
772 770 770 0 S (threaded) syz-execprog
100103 S uwait 0xfffffe0058150100 syz-execprog
100118 S uwait 0xfffffe0007771780 syz-execprog
100119 S uwait 0xfffffe0007771880 syz-execprog
100120 S kqread 0xfffffe0053eb5300 syz-execprog
100121 S uwait 0xfffffe0007771a80 syz-execprog
100122 S uwait 0xfffffe0058502b80 syz-execprog
100123 S uwait 0xfffffe0058502c80 syz-execprog
770 768 770 0 Ss sigsusp 0xfffffe005400ab70 csh
768 681 768 0 Ss select 0xfffffe00077e4f40 sshd
747 1 747 0 Ss+ ttyin 0xfffffe00582798b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe00594d84b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00594d8cb0 getty
744 1 744 0 Ss+ ttyin 0xfffffe00594da4b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe00594dacb0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0053f694b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0053f69cb0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0053f6a4b0 getty
739 1 739 0 Ss+ ttyin 0xfffffe0053f6acb0 getty
737 1 17 0 S+ piperd 0xfffffe006b4382e0 logger
736 735 17 0 S+ nanslp 0xffffffff83ba3c80 sleep
735 1 17 0 S+ wait 0xfffffe0054003ae0 sh
685 1 685 0 Ss nanslp 0xffffffff83ba3c81 cron
681 1 681 0 Ss select 0xfffffe00077e56c0 sshd
494 1 494 0 Ds bo_wwai 0xfffffe006de10f28 syslogd
423 1 423 0 Ss wait 0xfffffe00540caae0 devd
422 1 422 65 Ss select 0xfffffe00077e5c40 dhclient
337 1 337 0 Ss select 0xfffffe00077e58c0 dhclient
334 1 334 0 Ss select 0xfffffe00077e5ac0 dhclient
100093 D sdflush 0xfffffe00582a30e8 [/ worker]
100082 D umarcl 0xffffffff81ddfbb0 [uma]
5 0 0 0 DL waiting 0xffffffff848f4700 [sctp_iterator]
100031 I [clock (0)]
100032 I [clock (1)]
100069 D - 0xfffffe005857b600 [acpi_task_0]
100070 D - 0xfffffe005857b600 [acpi_task_1]
100071 D - 0xfffffe005857b600 [acpi_task_2]
Process 836 (syz-executor) thread 0xfffffe00540bc780 (100090)
shared rw sctpinp (sctpinp) r = 0 (0xfffffe006e66e4a0) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:4550
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe006e709320) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:13193
Process 494 (syslogd) thread 0xfffffe00540cf000 (100102)
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006de10e30) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3671
tcp_hpts 7 4801K 7
devbuf 4187 4323K 4212
sysctloid 34891 2055K 34966
vtbuf 24 1968K 46
newblk 1871 1492K 1929
kobj 330 1320K 494
vfscache 3 1025K 3
pcb 26 671K 49
inodedep 83 543K 107
KTRACE 100 200K 100
acpica 1674 184K 54426
vmem 5 144K 6
tidhash 3 141K 3
pagedep 42 139K 49
DEVFS1 104 104K 117
ddb_capture 1 64K 1
filedesc 5 37K 83
BPF 19 36K 20
kdtrace 172 35K 976
umtx 272 34K 272
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 122 31K 133
DEVFS_RULE 56 20K 56
kenv 95 12K 95
routetbl 79 12K 319
GEOM 49 11K 431
bmsafemap 3 9K 74
LRO 8 9K 10
shmfd 1 8K 1
pfs_vncache 1 8K 1
mkdir 60 8K 76
audit_evclass 240 8K 303
plimit 20 8K 431
taskqueue 69 8K 69
diradd 54 7K 70
ifnet 4 7K 5
sglist 6 7K 6
cred 24 6K 283
kqueue 49 6K 842
pfs_nodes 22 6K 22
ether_multi 68 6K 111
dirrem 19 5K 32
ufs_dirhash 24 5K 24
in6_multi 35 5K 45
UMA 266 5K 266
vt 11 5K 11
pf_ifnet 9 4K 16
evdev 4 4K 4
acpisem 28 4K 28
pwddesc 46 3K 837
proc-args 75 3K 1887
terminal 11 3K 11
session 22 3K 46
acpidev 20 3K 20
hhook 8 3K 10
clone 9 3K 9
uidinfo 3 3K 9
selfd 31 2K 28868
Unitno 28 2K 48
ipsecpolicy 2 2K 2
select 11 2K 35
sctp_atcl 3 2K 3
msi 9 2K 9
netlink 2 2K 62
sctp_stro 1 1K 1
softdep 1 1K 1
indirdep 4 1K 4
sctp_ifa 7 1K 10
CC Mem 6 1K 13
in_multi 3 1K 7
nhops 6 1K 6
pci_link 10 1K 10
crypto 4 1K 4
encap_export_host 12 1K 12
osd 11 1K 29
sctp_stri 1 1K 2
DEVFSP 7 1K 43
counter_rate 13 1K 13
sctp_ifn 3 1K 10
mld 3 1K 4
igmp 3 1K 4
tun 1 1K 2
vnodes 1 1K 1
procdesc 2 1K 8
sctp_atky 4 1K 5
tcpfunc 3 1K 3
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
pmchooks 1 1K 1
filecaps 5 1K 72
sctp_vrf 1 1K 1
acpiintr 1 1K 1
sctp_athm 3 1K 4
sctp_map 2 1K 2
p1003.1b 1 1K 1
sctp_mcore 0 0K 0
sctp_socko 0 0K 1
sctp_iter 0 0K 9
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_aadr 0 0K 0
filemon 0 0K 0
tcp_pcm_rack 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
savedino 0 0K 16
ipsec-misc 0 0K 2
ipsecrequest 0 0K 0
ip6opt 0 0K 3
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 196
namei_tracker 0 0K 0
inotify 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 29
aio 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
ioctlops 0 0K 92
eventfd 0 0K 0
filedesc_to_leader 0 0K 0
tcp_log_dev 0 0K 0
md_disk 0 0K 0
mbuf 256 8633 1029 32810 0 254 2473472 0
tcp_log 416 614 4471 8941 0 254 2115360 0
BUF TRIE 152 294 11510 1024 0 62 1794208 0
malloc-384 384 4146 54 4158 0 30 1612800 0
malloc-128 128 11427 167 11484 0 126 1484032 0
malloc-4096 4096 340 2 1061 0 2 1400832 0
UMA Slabs 0 112 10878 24 10878 0 126 1221024 0
malloc-65536 65536 15 1 18 0 1 1048576 0
RADIX NODE 152 4472 619 27947 0 62 773832 0
FFS inode 1168 549 25 560 0 8 670432 0
sctp_asoc 2256 1 254 1 0 254 575280 0
socket 1024 28 480 1369 0 254 520192 0
malloc-256 256 1871 64 1945 0 62 495360 0
256 Bucket 2048 139 13 1114 0 8 311296 0
sctp_ep 1152 1 258 1 0 254 298368 0
VM OBJECT 248 1061 59 13725 0 62 277760 0
VNODE 440 582 48 596 0 30 277200 0
malloc-64 64 3831 264 3845 0 254 262080 0
THREAD 1860 125 11 138 0 8 252960 0
malloc-2048 2048 106 14 107 0 8 245760 0
malloc-16 16 14375 375 14450 0 254 236000 0
malloc-4096 4096 46 2 837 0 2 196608 0
malloc-128 128 1323 196 25869 0 126 194432 0
sctp_raddr 736 1 263 1 0 254 194304 0
UMA Zones 768 238 1 238 0 16 183552 0
malloc-32 32 5307 363 5491 0 254 181440 0
malloc-1024 1024 134 26 170 0 16 163840 0
FFS2 dinode 256 549 81 560 0 62 161280 0
MAP ENTRY 96 1091 295 42777 0 126 133056 0
malloc-65536 65536 0 2 54 0 1 131072 0
S VFS Cache 104 1021 149 1064 0 126 121680 0
FPU_save_area 832 127 17 1242 0 16 119808 0
ksiginfo 112 43 1001 1125 0 126 116928 0
malloc-16384 16384 3 4 42 0 1 114688 0
malloc-128 128 596 179 1314 0 126 99200 0
malloc-2048 2048 8 40 1040 0 8 98304 0
PROC 1376 45 21 836 0 8 90816 0
UMA Kegs 384 225 8 225 0 30 89472 0
128 Bucket 1024 44 39 256 0 16 84992 0
malloc-128 128 434 217 694 0 126 83328 0
malloc-16384 16384 4 1 5 0 1 81920 0
malloc-256 256 210 105 925 0 62 80640 0
malloc-256 256 239 76 444 0 62 80640 0
g_bio 408 4 176 5093 0 30 73440 0
malloc-64 64 530 541 1852 0 254 68544 0
malloc-64 64 635 436 16548 0 254 68544 0
malloc-128 128 353 174 380 0 126 67456 0
filedesc0 1072 46 10 837 0 8 60032 0
malloc-4096 4096 12 2 23 0 2 57344 0
malloc-4096 4096 10 4 53 0 2 57344 0
malloc-64 64 315 504 30043 0 254 52416 0
malloc-128 128 9 394 270 0 126 51584 0
malloc-256 256 115 80 506 0 62 49920 0
32 Bucket 256 54 141 703 0 62 49920 0
DIRHASH 1024 34 14 34 0 16 49152 0
NAMEI 1024 0 48 12952 0 16 49152 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-2048 2048 14 10 32 0 8 49152 0
malloc-1024 1024 3 45 1486 0 16 49152 0
malloc-384 384 82 38 107 0 30 46080 0
malloc-384 384 87 33 520 0 30 46080 0
syncache 168 0 264 6 0 254 44352 0
clpbuf 2624 0 16 71 0 4 41984 0
malloc-8192 8192 3 2 29 0 1 40960 0
pcpu-8 8 4452 668 4663 0 254 40960 0
VMSPACE 584 30 40 822 0 16 40880 0
pipe 736 11 44 336 0 16 40480 0
sctp_chunk 152 1 259 1 0 254 39520 0
da_ccb 544 1 69 1502 0 16 38080 0
udp_inpcb 408 6 84 150 0 30 36720 0
malloc-64 64 19 548 56 0 254 36288 0
malloc-64 64 56 511 765 0 254 36288 0
malloc-64 64 52 515 847 0 254 36288 0
malloc-128 128 50 229 3341 0 126 35712 0
routing nhops 256 14 121 26 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 59 31 59 0 30 34560 0
malloc-256 256 22 113 141 0 62 34560 0
malloc-256 256 12 123 41 0 62 34560 0
malloc-256 256 34 101 442 0 62 34560 0
malloc-256 256 7 128 582 0 62 34560 0
malloc-32768 32768 0 1 11 0 1 32768 0
malloc-2048 2048 1 15 13 0 8 32768 0
malloc-2048 2048 4 12 44 0 8 32768 0
malloc-2048 2048 2 14 75 0 8 32768 0
malloc-2048 2048 4 12 195 0 8 32768 0
malloc-1024 1024 3 29 43 0 16 32768 0
malloc-1024 1024 4 28 4 0 16 32768 0
malloc-512 512 1 63 18 0 30 32768 0
malloc-512 512 15 49 78 0 30 32768 0
pcpu-64 64 498 14 498 0 254 32768 0
ertt_txseginfo 40 1 807 640 0 254 32320 0
sctp_stream_msg_out 112 1 287 1 0 254 32256 0
ttyinq 160 135 65 300 0 62 32000 0
PGRP 120 23 241 61 0 126 31680 0
sctp_laddr 48 0 588 10 0 254 28224 0
malloc-32 32 272 610 3015 0 254 28224 0
16 Bucket 144 50 146 356 0 62 28224 0
4 Bucket 48 7 581 12 0 254 28224 0
TURNSTILE 136 137 52 137 0 62 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-4096 4096 3 3 6 0 2 24576 0
PWD 40 13 593 128 0 254 24240 0
rtentry 168 17 127 26 0 62 24192 0
Files 80 105 195 7069 0 126 24000 0
8 Bucket 80 42 258 304 0 126 24000 0
tcp_inpcb 1304 6 12 13 0 8 23472 0
ripcb 376 2 58 5 0 30 22560 0
SLEEPQUEUE 88 137 119 137 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
ertt 72 6 274 13 0 126 20160 0
malloc-32 32 60 570 465 0 254 20160 0
malloc-32 32 72 558 1166 0 254 20160 0
malloc-32 32 17 613 69 0 254 20160 0
malloc-32 32 149 481 1049 0 254 20160 0
malloc-32 32 29 601 96 0 254 20160 0
2 Bucket 32 58 572 326 0 254 20160 0
KNOTE 160 6 119 120 0 62 20000 0
malloc-512 512 1 31 111 0 30 16384 0
malloc-512 512 4 28 10 0 30 16384 0
malloc-512 512 1 31 1 0 30 16384 0
malloc-512 512 2 30 8 0 30 16384 0
malloc-512 512 1 31 2 0 30 16384 0
malloc-16 16 299 451 472 0 254 12000 0
malloc-16 16 53 697 129 0 254 12000 0
malloc-16 16 15 735 128 0 254 12000 0
malloc-16 16 23 727 24843 0 254 12000 0
malloc-16 16 7 743 14 0 254 12000 0
vtnet_tx_hdr 24 0 334 6419 0 254 8016 0
malloc-16 16 15 485 15 0 254 8000 0
pcpu-16 16 4 252 4 0 254 4096 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tcp_rack_pcb 1088 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb 408 0 0 0 0 30 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 240 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
cryptop 280 0 0 0 0 30 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 152 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 112 0 0 0 0 126 0 0
skbuff 1808 0 0 0 0 8 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 152 0 0 0 0 62 0 0
rl_entry 48 0 0 0 0 254 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-2048 2048 0 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 863dc799f743 ctladm: Use require.kmods for cfiscsi
git tree: freebsd-src
dashboard link: https://syzkaller.appspot.com/bug?extid=73fe316271df473230eb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17731b82580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17d6dfd4580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+73fe31...@syzkaller.appspotmail.com
panic: m_apply, length > size of mbuf chain (8 extra)
time = 1753313919
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056c64c90
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056c64df0
vpanic() at vpanic+0x257/frame 0xfffffe0056c64fb0
panic() at panic+0xb5/frame 0xfffffe0056c65070
m_apply() at m_apply+0x665/frame 0xfffffe0056c650f0
sctp_delayed_cksum() at sctp_delayed_cksum+0x100/frame 0xfffffe0056c651b0
ip6_output_delayed_csum() at ip6_output_delayed_csum+0x21b/frame 0xfffffe0056c65270
ip6_output() at ip6_output+0x3f0d/frame 0xfffffe0056c657b0
sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x1bb2/frame 0xfffffe0056c65a60
sctp_med_chunk_output() at sctp_med_chunk_output+0x50e9/frame 0xfffffe0056c66680
sctp_chunk_output() at sctp_chunk_output+0x2135/frame 0xfffffe0056c672d0
sctp_lower_sosend() at sctp_lower_sosend+0x1f7c/frame 0xfffffe0056c67700
sctp_sosend() at sctp_sosend+0x631/frame 0xfffffe0056c679a0
sousrsend() at sousrsend+0x112/frame 0xfffffe0056c67a30
kern_sendit() at kern_sendit+0x4fe/frame 0xfffffe0056c67b90
sendit() at sendit+0x15f/frame 0xfffffe0056c67bf0
sys_sendto() at sys_sendto+0x181/frame 0xfffffe0056c67d10
amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056c67f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056c67f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a1afa, rsp = 0x820dd9fc8, rbp = 0x820dda040 ---
KDB: enter: panic
[ thread pid 836 tid 100090 ]
Stopped at kdb_enter+0x6e: movq $0,0x25c5097(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe0002bf1850
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rdx 0xdffff7c000000000
rbx 0xffffffff827c9a00 .str.27
rsp 0xfffffe0056c64dd0
rbp 0xfffffe0056c64df0
rsi 0
rdi 0xffffffff830004e8 panicstr
r8 0
r9 0xffffffff
r10 0x3
r11 0x3
r12 0xfffffe00540bc780
r9 0xffffffff
r10 0x3
r11 0x3
r13 0xfffffffffffffffd
r14 0xffffffff827c9a00 .str.27
r15 0
rip 0xffffffff815fd9fe kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25c5097(%rip)
db> show proc
Process 836 (syz-executor) at 0xfffffe005400d060:
r15 0
rip 0xffffffff815fd9fe kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25c5097(%rip)
db> show proc
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 820 at 0xfffffe005400cb00
uid: 0 gids: 0, 0, 5
ABI: FreeBSD ELF64
flag: 0x10000000 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0007809040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe005410edb0
reaper: 0xfffffe0007809040 reapsubtree: 1
sigparent: 20
(map 0xfffffe005410edb0)
(map.pmap 0xfffffe005410ee50)
(pmap 0xfffffe005410eec0)
threads: 1
100090 Run CPU 1 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
836 820 820 0 R CPU 1 syz-executor
pid ppid pgrp uid state wmesg wchan cmd
832 824 832 0 Ss select 0xfffffe00077e50c0 dhclient
827 1 827 0 Ss select 0xfffffe00077e5140 dhclient
824 814 423 65 S select 0xfffffe00077e4c40 dhclient
820 773 820 0 S nanslp 0xffffffff83ba3c80 syz-executor
814 423 423 0 S wait 0xfffffe005400c040 sh
773 772 770 0 S select 0xfffffe00077e4d40 syz-executor
772 770 770 0 S (threaded) syz-execprog
100103 S uwait 0xfffffe0058150100 syz-execprog
100118 S uwait 0xfffffe0007771780 syz-execprog
100119 S uwait 0xfffffe0007771880 syz-execprog
100120 S kqread 0xfffffe0053eb5300 syz-execprog
100121 S uwait 0xfffffe0007771a80 syz-execprog
100122 S uwait 0xfffffe0058502b80 syz-execprog
100123 S uwait 0xfffffe0058502c80 syz-execprog
770 768 770 0 Ss sigsusp 0xfffffe005400ab70 csh
768 681 768 0 Ss select 0xfffffe00077e4f40 sshd
747 1 747 0 Ss+ ttyin 0xfffffe00582798b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe00594d84b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00594d8cb0 getty
744 1 744 0 Ss+ ttyin 0xfffffe00594da4b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe00594dacb0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0053f694b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0053f69cb0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0053f6a4b0 getty
739 1 739 0 Ss+ ttyin 0xfffffe0053f6acb0 getty
737 1 17 0 S+ piperd 0xfffffe006b4382e0 logger
736 735 17 0 S+ nanslp 0xffffffff83ba3c80 sleep
735 1 17 0 S+ wait 0xfffffe0054003ae0 sh
685 1 685 0 Ss nanslp 0xffffffff83ba3c81 cron
681 1 681 0 Ss select 0xfffffe00077e56c0 sshd
494 1 494 0 Ds bo_wwai 0xfffffe006de10f28 syslogd
423 1 423 0 Ss wait 0xfffffe00540caae0 devd
422 1 422 65 Ss select 0xfffffe00077e5c40 dhclient
337 1 337 0 Ss select 0xfffffe00077e58c0 dhclient
334 1 334 0 Ss select 0xfffffe00077e5ac0 dhclient
16 0 0 0 DL syncer 0xffffffff83cc1720 [syncer]
15 0 0 0 DL vlruwt 0xfffffe0054002560 [vnlru]
14 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83cbfc60 [bufdaemon]
100080 D - 0xffffffff83001ec0 [bufspacedaemon-0]
15 0 0 0 DL vlruwt 0xfffffe0054002560 [vnlru]
14 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83cbfc60 [bufdaemon]
100093 D sdflush 0xfffffe00582a30e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d0abc0 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83cf0c88 [dom0]
100081 D launds 0xffffffff83cf0c94 [laundry: dom0]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83cf0c88 [dom0]
100082 D umarcl 0xffffffff81ddfbb0 [uma]
7 0 0 0 DL - 0xffffffff8391c5d8 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff8460f9e0 [pf purge]
5 0 0 0 DL waiting 0xffffffff848f4700 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100045 D - 0xffffffff838e6340 [doneq0]
100046 D - 0xffffffff838e62c0 [async]
100075 D - 0xffffffff838e6140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100042 D crypto_ 0xffffffff83cec540 [crypto]
100043 D crypto_ 0xfffffe0053eb5a30 [crypto returns 0]
100044 D crypto_ 0xfffffe0053eb5a80 [crypto returns 1]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b4c620 [g_event]
100038 D - 0xffffffff83b4c640 [g_up]
100039 D - 0xffffffff83b4c660 [g_down]
2 0 0 0 WL (threaded) [clock]
100045 D - 0xffffffff838e6340 [doneq0]
100046 D - 0xffffffff838e62c0 [async]
100075 D - 0xffffffff838e6140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100042 D crypto_ 0xffffffff83cec540 [crypto]
100043 D crypto_ 0xfffffe0053eb5a30 [crypto returns 0]
100044 D crypto_ 0xfffffe0053eb5a80 [crypto returns 1]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b4c620 [g_event]
100038 D - 0xffffffff83b4c640 [g_up]
100039 D - 0xffffffff83b4c660 [g_down]
100031 I [clock (0)]
100032 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100047 I [irq24: virtio_pci0]
100048 I [irq25: virtio_pci0]
100049 I [irq26: virtio_pci0]
100050 I [irq27: virtio_pci0]
100051 I [irq28: virtio_pci1]
100052 I [irq29: virtio_pci1]
100053 I [irq30: virtio_pci1]
100054 I [irq31: virtio_pci1]
100055 I [irq32: virtio_pci1]
100060 I [irq10: virtio_pci2]
100062 I [irq1: atkbd0]
100063 I [irq12: psm0]
100064 I [swi0: uart uart++]
100068 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 Run CPU 0 [idle: cpu0]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100047 I [irq24: virtio_pci0]
100048 I [irq25: virtio_pci0]
100049 I [irq26: virtio_pci0]
100050 I [irq27: virtio_pci0]
100051 I [irq28: virtio_pci1]
100052 I [irq29: virtio_pci1]
100053 I [irq30: virtio_pci1]
100054 I [irq31: virtio_pci1]
100055 I [irq32: virtio_pci1]
100060 I [irq10: virtio_pci2]
100062 I [irq1: atkbd0]
100063 I [irq12: psm0]
100064 I [swi0: uart uart++]
100068 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100070 D - 0xfffffe005857b600 [acpi_task_1]
100071 D - 0xfffffe005857b600 [acpi_task_2]
100073 D - 0xfffffe00083f8100 [mca taskq]
100074 D - 0xfffffe00083f6a00 [CAM taskq]
100076 D - 0xfffffe00083f6300 [ipsec_offload]
db> show all locks
100074 D - 0xfffffe00083f6a00 [CAM taskq]
100076 D - 0xfffffe00083f6300 [ipsec_offload]
Process 836 (syz-executor) thread 0xfffffe00540bc780 (100090)
shared rw sctpinp (sctpinp) r = 0 (0xfffffe006e66e4a0) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:4550
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe006e709320) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:13193
Process 494 (syslogd) thread 0xfffffe00540cf000 (100102)
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006de10e30) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3671
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 376 5079K 486
Type InUse MemUse Requests
pf_hash 6 12804K 6
tcp_hpts 7 4801K 7
devbuf 4187 4323K 4212
sysctloid 34891 2055K 34966
vtbuf 24 1968K 46
newblk 1871 1492K 1929
kobj 330 1320K 494
vfscache 3 1025K 3
pcb 26 671K 49
inodedep 83 543K 107
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
subproc 113 210K 904
acpitask 1 224K 1
KTRACE 100 200K 100
acpica 1674 184K 54426
vmem 5 144K 6
tidhash 3 141K 3
pagedep 42 139K 49
tfo_ccache 1 128K 1
IP reass 1 128K 1
sem 4 106K 4
IP reass 1 128K 1
DEVFS1 104 104K 117
gtaskqueue 18 98K 18
bus 997 82K 5063
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 521 66K 521
bus 997 82K 5063
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
ddb_capture 1 64K 1
filedesc 5 37K 83
BPF 19 36K 20
kdtrace 172 35K 976
umtx 272 34K 272
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 122 31K 133
msg 4 30K 4
kbdmux 6 28K 6
temp 19 21K 1794
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
ufs_mount 4 17K 5
proc 3 17K 3
tty 16 16K 16
proc 3 17K 3
tty 16 16K 16
ithread 90 15K 90
bus-sc 34 15K 1647
eventhandler 163 14K 163
ifaddr 39 13K 51
bus-sc 34 15K 1647
eventhandler 163 14K 163
kenv 95 12K 95
routetbl 79 12K 319
GEOM 49 11K 431
CAM queue 5 11K 1528
rman 82 10K 437
rpc 8 9K 8
rman 82 10K 437
bmsafemap 3 9K 74
LRO 8 9K 10
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 1
UART 12 9K 12
shmfd 1 8K 1
pfs_vncache 1 8K 1
mkdir 60 8K 76
audit_evclass 240 8K 303
plimit 20 8K 431
taskqueue 69 8K 69
diradd 54 7K 70
ifnet 4 7K 5
sglist 6 7K 6
cred 24 6K 283
CAM DEV 3 6K 510
lltable 19 6K 27
kqueue 49 6K 842
pfs_nodes 22 6K 22
ether_multi 68 6K 111
dirrem 19 5K 32
ufs_dirhash 24 5K 24
in6_multi 35 5K 45
UMA 266 5K 266
vt 11 5K 11
pf_ifnet 9 4K 16
memdesc 1 4K 1
MCA 32 4K 32
newdirblk 32 4K 38
MCA 32 4K 32
evdev 4 4K 4
acpisem 28 4K 28
pwddesc 46 3K 837
proc-args 75 3K 1887
terminal 11 3K 11
session 22 3K 46
acpidev 20 3K 20
hhook 8 3K 10
clone 9 3K 9
uidinfo 3 3K 9
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
lockf 19 2K 29
io_apic 1 2K 1
ipsec-saq 2 2K 2
selfd 31 2K 28868
Unitno 28 2K 48
CAM XPT 22 2K 543
toponodes 6 2K 6
ipsecpolicy 2 2K 2
select 11 2K 35
sctp_atcl 3 2K 3
msi 9 2K 9
netlink 2 2K 62
sctp_stro 1 1K 1
softdep 1 1K 1
indirdep 4 1K 4
sahead 1 1K 1
secasvar 1 1K 1
vnodemarker 2 1K 8
secasvar 1 1K 1
NFSD session 1 1K 1
ip6ndp 6 1K 9
sctp_ifa 7 1K 10
CAM periph 4 1K 271
ipsec 3 1K 3
CC Mem 6 1K 13
in_multi 3 1K 7
nhops 6 1K 6
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
isadev 6 1K 6
pci_link 10 1K 10
crypto 4 1K 4
encap_export_host 12 1K 12
osd 11 1K 29
sctp_stri 1 1K 2
cdev 2 1K 2
lkpikmalloc 8 1K 9
inpcbpolicy 14 1K 168
lkpikmalloc 8 1K 9
DEVFSP 7 1K 43
counter_rate 13 1K 13
sctp_ifn 3 1K 10
mld 3 1K 4
igmp 3 1K 4
tun 1 1K 2
chacha20random 1 1K 1
biobuf 1 1K 1
freefile 2 1K 11
biobuf 1 1K 1
vnodes 1 1K 1
procdesc 2 1K 8
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
sctp_atky 4 1K 5
tcpfunc 3 1K 3
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
freefrag 1 1K 32
apmdev 1 1K 1
atkbddev 2 1K 2
pmchooks 1 1K 1
filecaps 5 1K 72
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
soname 4 1K 3357
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 54
pmc 1 1K 1
acpiintr 1 1K 1
sctp_athm 3 1K 4
sctp_map 2 1K 2
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
freework 1 1K 28
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
sctp_mcore 0 0K 0
sctp_socko 0 0K 1
sctp_iter 0 0K 9
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 9
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_aadr 0 0K 0
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
mqdata 0 0K 0
esp 0 0K 0
ah 0 0K 0
filemon 0 0K 0
tcp_pcm_rack 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 27
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_msource 0 0K 0
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
fadvise 0 0K 0
VN POLL 0 0K 0
statfs 0 0K 196
namei_tracker 0 0K 0
inotify 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 29
aio 0 0K 0
lio 0 0K 0
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
iov 0 0K 15227
pts 0 0K 0
timerfd 0 0K 0
ioctlops 0 0K 92
eventfd 0 0K 0
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 288
stack 0 0K 0
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 671
compressor 0 0K 0
SWAP 0 0K 0
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
rctl 0 0K 0
cache 0 0K 0
kcovinfo 0 0K 30
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
Fail Points 0 0K 0
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 70
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8336 1062 24738 0 254 38494208 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 70
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf 256 8633 1029 32810 0 254 2473472 0
tcp_log 416 614 4471 8941 0 254 2115360 0
BUF TRIE 152 294 11510 1024 0 62 1794208 0
malloc-384 384 4146 54 4158 0 30 1612800 0
malloc-128 128 11427 167 11484 0 126 1484032 0
malloc-4096 4096 340 2 1061 0 2 1400832 0
UMA Slabs 0 112 10878 24 10878 0 126 1221024 0
malloc-65536 65536 15 1 18 0 1 1048576 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 16396 59 16396 0 254 921480 0
RADIX NODE 152 4472 619 27947 0 62 773832 0
FFS inode 1168 549 25 560 0 8 670432 0
sctp_asoc 2256 1 254 1 0 254 575280 0
socket 1024 28 480 1369 0 254 520192 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 194 0 0 2 509056 0
malloc-256 256 1871 64 1945 0 62 495360 0
256 Bucket 2048 139 13 1114 0 8 311296 0
sctp_ep 1152 1 258 1 0 254 298368 0
VM OBJECT 248 1061 59 13725 0 62 277760 0
VNODE 440 582 48 596 0 30 277200 0
malloc-64 64 3831 264 3845 0 254 262080 0
THREAD 1860 125 11 138 0 8 252960 0
malloc-2048 2048 106 14 107 0 8 245760 0
malloc-16 16 14375 375 14450 0 254 236000 0
malloc-32768 32768 7 0 7 0 1 229376 0
DEVCTL 1024 16 204 143 0 0 225280 0
malloc-4096 4096 46 2 837 0 2 196608 0
malloc-128 128 1323 196 25869 0 126 194432 0
sctp_raddr 736 1 263 1 0 254 194304 0
UMA Zones 768 238 1 238 0 16 183552 0
malloc-32 32 5307 363 5491 0 254 181440 0
lkpimm 56 1 3095 1 0 254 173376 0
unpcb 320 11 505 1178 0 254 165120 0
malloc-1024 1024 134 26 170 0 16 163840 0
FFS2 dinode 256 549 81 560 0 62 161280 0
MAP ENTRY 96 1091 295 42777 0 126 133056 0
malloc-65536 65536 0 2 54 0 1 131072 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-65536 65536 1 1 9 0 1 131072 0
mbuf_packet 256 1 507 168 0 254 130048 0
malloc-65536 65536 1 1 9 0 1 131072 0
S VFS Cache 104 1021 149 1064 0 126 121680 0
FPU_save_area 832 127 17 1242 0 16 119808 0
ksiginfo 112 43 1001 1125 0 126 116928 0
malloc-16384 16384 3 4 42 0 1 114688 0
malloc-128 128 596 179 1314 0 126 99200 0
malloc-2048 2048 8 40 1040 0 8 98304 0
PROC 1376 45 21 836 0 8 90816 0
UMA Kegs 384 225 8 225 0 30 89472 0
128 Bucket 1024 44 39 256 0 16 84992 0
malloc-128 128 434 217 694 0 126 83328 0
malloc-16384 16384 4 1 5 0 1 81920 0
malloc-256 256 210 105 925 0 62 80640 0
malloc-256 256 239 76 444 0 62 80640 0
g_bio 408 4 176 5093 0 30 73440 0
malloc-64 64 530 541 1852 0 254 68544 0
malloc-64 64 635 436 16548 0 254 68544 0
malloc-128 128 353 174 380 0 126 67456 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 0 2 120 0 1 65536 0
malloc-8192 8192 7 1 9 0 1 65536 0
64 Bucket 512 73 55 2351 0 30 65536 0
filedesc0 1072 46 10 837 0 8 60032 0
malloc-4096 4096 12 2 23 0 2 57344 0
malloc-4096 4096 10 4 53 0 2 57344 0
malloc-64 64 315 504 30043 0 254 52416 0
malloc-128 128 9 394 270 0 126 51584 0
malloc-256 256 115 80 506 0 62 49920 0
32 Bucket 256 54 141 703 0 62 49920 0
DIRHASH 1024 34 14 34 0 16 49152 0
NAMEI 1024 0 48 12952 0 16 49152 0
malloc-8192 8192 6 0 7 0 1 49152 0
malloc-2048 2048 14 10 32 0 8 49152 0
malloc-1024 1024 3 45 1486 0 16 49152 0
malloc-384 384 82 38 107 0 30 46080 0
malloc-384 384 87 33 520 0 30 46080 0
syncache 168 0 264 6 0 254 44352 0
clpbuf 2624 0 16 71 0 4 41984 0
malloc-8192 8192 3 2 29 0 1 40960 0
pcpu-8 8 4452 668 4663 0 254 40960 0
VMSPACE 584 30 40 822 0 16 40880 0
pipe 736 11 44 336 0 16 40480 0
sctp_chunk 152 1 259 1 0 254 39520 0
da_ccb 544 1 69 1502 0 16 38080 0
udp_inpcb 408 6 84 150 0 30 36720 0
malloc-64 64 19 548 56 0 254 36288 0
malloc-64 64 56 511 765 0 254 36288 0
malloc-64 64 52 515 847 0 254 36288 0
malloc-64 64 9 558 33 0 254 36288 0
malloc-128 128 32 247 49 0 126 35712 0
malloc-128 128 50 229 3341 0 126 35712 0
routing nhops 256 14 121 26 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 59 31 59 0 30 34560 0
malloc-256 256 22 113 141 0 62 34560 0
malloc-256 256 12 123 41 0 62 34560 0
malloc-256 256 34 101 442 0 62 34560 0
malloc-256 256 7 128 582 0 62 34560 0
malloc-32768 32768 0 1 11 0 1 32768 0
malloc-16384 16384 2 0 2 0 1 32768 0
malloc-16384 16384 0 2 190 0 1 32768 0
malloc-4096 4096 6 2 202 0 2 32768 0
malloc-16384 16384 0 2 190 0 1 32768 0
malloc-2048 2048 1 15 13 0 8 32768 0
malloc-2048 2048 4 12 44 0 8 32768 0
malloc-2048 2048 2 14 75 0 8 32768 0
malloc-2048 2048 4 12 195 0 8 32768 0
malloc-1024 1024 3 29 43 0 16 32768 0
malloc-1024 1024 4 28 4 0 16 32768 0
malloc-1024 1024 12 20 173 0 16 32768 0
malloc-1024 1024 9 23 14 0 16 32768 0
malloc-512 512 1 63 18 0 30 32768 0
malloc-512 512 15 49 78 0 30 32768 0
pcpu-64 64 498 14 498 0 254 32768 0
ertt_txseginfo 40 1 807 640 0 254 32320 0
sctp_stream_msg_out 112 1 287 1 0 254 32256 0
ttyinq 160 135 65 300 0 62 32000 0
PGRP 120 23 241 61 0 126 31680 0
sctp_laddr 48 0 588 10 0 254 28224 0
malloc-32 32 272 610 3015 0 254 28224 0
16 Bucket 144 50 146 356 0 62 28224 0
4 Bucket 48 7 581 12 0 254 28224 0
TURNSTILE 136 137 52 137 0 62 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 1 2 82 0 1 24576 0
malloc-8192 8192 1 2 20 0 1 24576 0
malloc-4096 4096 3 3 6 0 2 24576 0
PWD 40 13 593 128 0 254 24240 0
rtentry 168 17 127 26 0 62 24192 0
Files 80 105 195 7069 0 126 24000 0
8 Bucket 80 42 258 304 0 126 24000 0
tcp_inpcb 1304 6 12 13 0 8 23472 0
malloc-384 384 12 48 12 0 30 23040 0
malloc-384 384 2 58 346 0 30 23040 0
malloc-384 384 18 42 29 0 30 23040 0
malloc-384 384 2 58 346 0 30 23040 0
ripcb 376 2 58 5 0 30 22560 0
SLEEPQUEUE 88 137 119 137 0 126 22528 0
hostcache 64 1 314 1 0 254 20160 0
ertt 72 6 274 13 0 126 20160 0
malloc-32 32 60 570 465 0 254 20160 0
malloc-32 32 72 558 1166 0 254 20160 0
malloc-32 32 17 613 69 0 254 20160 0
malloc-32 32 149 481 1049 0 254 20160 0
malloc-32 32 29 601 96 0 254 20160 0
2 Bucket 32 58 572 326 0 254 20160 0
KNOTE 160 6 119 120 0 62 20000 0
vmem 1856 2 7 2 0 8 16704 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 0 4 5 0 2 16384 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-1024 1024 4 12 4 0 16 16384 0
malloc-1024 1024 1 15 1 0 16 16384 0
malloc-512 512 1 31 111 0 30 16384 0
malloc-512 512 4 28 10 0 30 16384 0
malloc-512 512 1 31 1 0 30 16384 0
malloc-512 512 2 30 8 0 30 16384 0
malloc-512 512 1 31 2 0 30 16384 0
SMR CPU 32 8 503 8 0 254 16352 0
malloc-16 16 226 774 4375 0 254 16000 0
kenv 258 17 43 1066 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
malloc-32 32 81 297 81 0 254 12096 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
malloc-16 16 299 451 472 0 254 12000 0
malloc-16 16 53 697 129 0 254 12000 0
malloc-16 16 15 735 128 0 254 12000 0
malloc-16 16 23 727 24843 0 254 12000 0
malloc-16 16 7 743 14 0 254 12000 0
malloc-384 384 2 28 2 0 30 11520 0
Mountpoints 2816 2 2 2 0 4 11264 0
malloc-8192 8192 1 0 1 0 1 8192 0
malloc-4096 4096 1 1 1 0 2 8192 0
vtnet_tx_hdr 24 0 334 6419 0 254 8016 0
malloc-16 16 15 485 15 0 254 8000 0
pcpu-16 16 4 252 4 0 254 4096 0
UMA Slabs 1 176 9 13 9 0 62 3872 0
KMAP ENTRY 96 12 27 14 0 0 3744 0
FFS1 dinode 128 0 0 0 0 126 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 152 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf fragment node 72 0 0 0 0 126 0 0
pf frags 232 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf UDP mappings 104 0 0 0 0 126 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 384 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_bbr_pcb 896 0 0 0 0 16 0 0
ada_ccb 272 0 0 0 0 30 0 0
swblk 136 0 0 0 0 62 0 0
swpctrie 152 0 0 0 0 62 0 0
cdg_qdiffsample 16 0 0 0 0 254 0 0
pf state scrubs 40 0 0 0 0 254 0 0
pf frag entries 40 0 0 0 0 254 0 0
pf fragment node 72 0 0 0 0 126 0 0
pf frags 232 0 0 0 0 62 0 0
pf table entries 160 0 0 0 0 254 0 0
pf table entry counters 64 0 0 0 0 254 0 0
pf UDP mappings 104 0 0 0 0 126 0 0
pf source nodes 152 0 0 0 0 254 0 0
pf state keys 88 0 0 0 0 126 0 0
pf states 384 0 0 0 0 254 0 0
pf tags 104 0 0 0 0 126 0 0
pf mtags 184 0 0 0 0 62 0 0
tcp_bbr_map 128 0 0 0 0 126 0 0
tcp_rack_pcb 1088 0 0 0 0 8 0 0
tcp_rack_map 128 0 0 0 0 126 0 0
tfo_ccache_entries 80 0 0 0 0 126 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
sctp_readq 152 0 0 0 0 254 0 0
tfo 4 0 0 0 0 254 0 0
sackhole 32 0 0 0 0 254 0 0
ipq 56 0 0 0 0 254 0 0
sctp_asconf_ack 48 0 0 0 0 254 0 0
sctp_asconf 40 0 0 0 0 254 0 0
tcp_log_id_node 120 0 0 0 0 126 0 0
tcp_log_id_bucket 176 0 0 0 0 62 0 0
tcpreass 48 0 0 0 0 254 0 0
udplite_inpcb 408 0 0 0 0 30 0 0
IPsec SA lft_c 16 0 0 0 0 254 0 0
itimer 352 0 0 0 0 30 0 0
AIOLIO 272 0 0 0 0 30 0 0
AIOCB 552 0 0 0 0 16 0 0
AIO 208 0 0 0 0 62 0 0
mqnotifier 216 0 0 0 0 62 0 0
mvdata 64 0 0 0 0 254 0 0
mqueue 248 0 0 0 0 62 0 0
TMPFS node 240 0 0 0 0 62 0 0
NCLNODE 608 0 0 0 0 16 0 0
LTS VFS Cache 360 0 0 0 0 30 0 0
L VFS Cache 320 0 0 0 0 30 0 0
STS VFS Cache 144 0 0 0 0 62 0 0
cryptop 280 0 0 0 0 30 0 0
linux_dma_object 32 0 0 0 0 254 0 0
linux_dma_pctrie 152 0 0 0 0 62 0 0
IOMMU_MAP_ENTRY 112 0 0 0 0 126 0 0
skbuff 1808 0 0 0 0 8 0 0
mbuf_jumbo_16k 16384 0 0 0 0 254 0 0
mbuf_jumbo_9k 9216 0 0 0 0 254 0 0
audit_record 1280 0 0 0 0 8 0 0
domainset 40 0 0 0 0 254 0 0
MAC labels 40 0 0 0 0 254 0 0
vnpbuf 2624 0 0 0 0 16 0 0
nfspbuf 2624 0 0 0 0 4 0 0
swwbuf 2624 0 0 0 0 2 0 0
swrbuf 2624 0 0 0 0 4 0 0
umtx_shm 88 0 0 0 0 126 0 0
umtx pi 96 0 0 0 0 126 0 0
rangeset pctrie nodes 152 0 0 0 0 62 0 0
rl_entry 48 0 0 0 0 254 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-65536 65536 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-32768 32768 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-16384 16384 0 0 0 0 1 0 0
malloc-2048 2048 0 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages