panic: /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:LINE: callout_cc_add: Bad list head ADDR first->prev != h
2 views
Skip to first unread message
syzbot
Apr 28, 2025, 2:43:39 PM4/28/25
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4e2616b74cb7 cross-build: Workaround system-provided strch..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=16e15374580000
dashboard link: https://syzkaller.appspot.com/bug?extid=feb558687bd3fc1443b3
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+feb558...@syzkaller.appspotmail.com
panic: /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:607: callout_cc_add: Bad list head 0xfffffe0007fba4e0 first->prev != head
cpuid = 1
time = 1745865731
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0057772eb0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057773010
vpanic() at vpanic+0x257/frame 0xfffffe00577731d0
panic() at panic+0xb5/frame 0xfffffe0057773290
callout_cc_add() at callout_cc_add+0x339/frame 0xfffffe00577732f0
callout_reset_sbt_on() at callout_reset_sbt_on+0x74f/frame 0xfffffe0057773410
tcp_timer_activate() at tcp_timer_activate+0x56c/frame 0xfffffe0057773490
tcp_default_output() at tcp_default_output+0x63f2/frame 0xfffffe0057773a50
tcp_output() at tcp_output+0x59/frame 0xfffffe0057773a90
tcp_usr_connect() at tcp_usr_connect+0x531/frame 0xfffffe0057773b90
soconnectat() at soconnectat+0x1c0/frame 0xfffffe0057773bf0
kern_connectat() at kern_connectat+0x300/frame 0xfffffe0057773cd0
sys_connect() at sys_connect+0xf5/frame 0xfffffe0057773d10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe0057773f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0057773f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x825f89f08, rbp = 0x825f89f80 ---
KDB: enter: panic
[ thread pid 1460 tid 100938 ]
Stopped at kdb_enter+0x6e: movq $0,0x25be387(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe007a800000
rdx 0x7ffff
rbx 0xffffffff827a7620 .str.27
rsp 0xfffffe0057772ff0
rbp 0xfffffe0057773010
rsi 0x80001
rdi 0xffffffff816124f9 printf+0x149
r8 0
r9 0xffffffff
r10 0x1
r11 0x1f
r12 0xfffffe005496e000
r13 0xfffffffffffffffd
r14 0xffffffff827a7620 .str.27
r15 0
rip 0xffffffff815fce0e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25be387(%rip)
db> show proc
Process 1460 (syz-executor) at 0xfffffe0008008060:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 1384 at 0xfffffe00548ed060
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0008007040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00548d2248
(map 0xfffffe00548d2248)
(map.pmap 0xfffffe00548d22e8)
(pmap 0xfffffe00548d2358)
threads: 2
100092 RunQ syz-executor
100938 Run CPU 1 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1460 1384 1384 0 R (threaded) syz-executor
100092 RunQ syz-executor
100938 Run CPU 1 syz-executor
1459 764 764 0 R (threaded) syz-executor
100821 RunQ syz-executor
100937 S uwait 0xfffffe006e78f080 syz-executor
1458 1113 1113 0 R (threaded) syz-executor
100628 Run CPU 0 syz-executor
100935 RunQ syz-executor
1453 1 1384 0 S uwait 0xfffffe00781ea700 syz-executor
1448 0 0 0 DL - 0xffffffff83cac400 [soaiod4]
1447 0 0 0 DL - 0xffffffff83cac400 [soaiod3]
1446 0 0 0 DL - 0xffffffff83cac400 [soaiod2]
1445 0 0 0 DL - 0xffffffff83cac400 [soaiod1]
1441 766 766 0 S (threaded) syz-executor
100690 S nanslp 0xffffffff83b9c501 syz-executor
100919 S sbwait 0xfffffe005a3372dc syz-executor
100923 S uwait 0xfffffe006e40ee80 syz-executor
1425 1 764 0 S uwait 0xfffffe00781ea300 syz-executor
1421 1 766 0 S uwait 0xfffffe006e791c00 syz-executor
1409 1 766 0 S uwait 0xfffffe0077efbb00 syz-executor
1392 1 766 0 S uwait 0xfffffe006e78f280 syz-executor
1384 763 1384 0 S nanslp 0xffffffff83b9c501 syz-executor
1362 1 767 0 S uwait 0xfffffe0077ef9e00 syz-executor
1346 1 766 0 SV lockf 0xfffffe00584c4a80 syz-executor
1341 1 766 0 S uwait 0xfffffe0059eae680 syz-executor
1338 0 0 0 DL mdwait 0xfffffe0077ed7000 [md0]
1324 1 767 0 S uwait 0xfffffe006e78f480 syz-executor
1320 1 767 0 S uwait 0xfffffe0077efa100 syz-executor
1281 1 766 0 S uwait 0xfffffe0059eae780 syz-executor
1280 1 766 0 S uwait 0xfffffe006e40e580 syz-executor
1274 1 767 0 SV uwait 0xfffffe006e40f300 syz-executor
1265 1 766 0 S uwait 0xfffffe0077efba00 syz-executor
1263 1 766 0 S uwait 0xfffffe0077efbe00 syz-executor
1223 1 764 0 SV uwait 0xfffffe006e790e80 syz-executor
1192 1 1113 0 SV uwait 0xfffffe006e40f400 syz-executor
1172 1 766 0 S uwait 0xfffffe006e40f000 syz-executor
1170 1 766 0 S uwait 0xfffffe0077efb600 syz-executor
1163 1 767 0 SV uwait 0xfffffe0059eaea80 syz-executor
1160 1 767 60929 S uwait 0xfffffe0077f2b380 syz-executor
1147 1 767 0 S uwait 0xfffffe0059eae600 syz-executor
1146 1 767 0 S uwait 0xfffffe0077efbf00 syz-executor
1144 1 767 0 S uwait 0xfffffe006e78f380 syz-executor
1141 1 764 0 S uwait 0xfffffe006e791200 syz-executor
1134 1 766 0 SV uwait 0xfffffe0077f2b580 syz-executor
1128 1 764 0 S uwait 0xfffffe0077f2b480 syz-executor
1127 1 764 0 S umtxn 0xfffffe006e410b00 syz-executor
1125 1 764 0 S uwait 0xfffffe0059bfbd00 syz-executor
1124 1 764 0 S uwait 0xfffffe0059eaeb80 syz-executor
1113 763 1113 0 S nanslp 0xffffffff83b9c501 syz-executor
1102 1 766 0 S uwait 0xfffffe0077f2b180 syz-executor
1085 1 1083 0 S uwait 0xfffffe0059bfba00 syz-executor
1078 1 765 0 S uwait 0xfffffe0059eaec80 syz-executor
1077 1 765 0 S uwait 0xfffffe006e40e600 syz-executor
1038 1 764 0 S uwait 0xfffffe0077f2b500 syz-executor
1031 1 766 0 S uwait 0xfffffe006e40f100 syz-executor
1012 1 765 0 S uwait 0xfffffe006e791100 syz-executor
1010 1 765 0 S uwait 0xfffffe0059eaed80 syz-executor
995 1 767 0 S uwait 0xfffffe0077efbd00 syz-executor
992 1 765 0 SV uwait 0xfffffe0077f2b080 syz-executor
981 1 765 0 S uwait 0xfffffe0059bfbe00 syz-executor
980 1 765 0 S uwait 0xfffffe0059eae980 syz-executor
978 1 766 60929 SV sigwait 0xfffffe00548ec0f0 syz-executor
972 1 764 60929 SV sigwait 0xfffffe0054932110 syz-executor
944 1 765 0 S uwait 0xfffffe006e790c80 syz-executor
937 1 764 60929 S uwait 0xfffffe006e40e300 syz-executor
926 1 767 0 S uwait 0xfffffe0059bfcd00 syz-executor
901 1 765 0 SV uwait 0xfffffe005a103700 syz-executor
893 1 765 0 S uwait 0xfffffe0059bfbc00 syz-executor
877 1 764 0 S uwait 0xfffffe0059bfbb00 syz-executor
867 1 866 0 S uwait 0xfffffe006e78f180 syz-executor
855 1 764 0 S uwait 0xfffffe006e78ef00 syz-executor
852 0 0 0 DL (threaded) [so_splice]
100157 D - 0xfffffe0058d9f480 [thr_0]
100170 D - 0xfffffe0058d9f4c0 [thr_1]
843 1 765 0 S uwait 0xfffffe005a0ff700 syz-executor
837 0 0 0 DL aiordy 0xfffffe00548fe040 [aiod4]
836 0 0 0 DL aiordy 0xfffffe00548fe5a0 [aiod3]
834 0 0 0 DL aiordy 0xfffffe00548c7ae0 [aiod2]
833 0 0 0 DL aiordy 0xfffffe00548eb580 [aiod1]
826 1 767 0 S uwait 0xfffffe005a103d80 syz-executor
825 1 766 0 S uwait 0xfffffe0059bfce00 syz-executor
821 809 821 0 Ss select 0xfffffe006e78f6c0 dhclient
815 1 815 0 Ss select 0xfffffe006e410bc0 dhclient
809 791 424 65 S select 0xfffffe006e410d40 dhclient
791 424 424 0 S wait 0xfffffe0054803ae0 sh
766 763 766 0 S nanslp 0xffffffff83b9c501 syz-executor
764 763 764 0 S nanslp 0xffffffff83b9c500 syz-executor
763 761 761 0 S select 0xfffffe005a0ff140 syz-executor
761 759 761 0 Ss pause 0xfffffe00548eb0d0 csh
759 682 759 0 Ss select 0xfffffe006e7914c0 sshd
748 1 748 0 Ss+ ttyin 0xfffffe0007ff78b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0058dcf8b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0058dcfcb0 getty
745 1 745 0 Ss+ ttyin 0xfffffe0058dd00b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0058dd04b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0007ff68b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0058dd08b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0058dd0cb0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0058dd10b0 getty
738 1 18 0 S+ piperd 0xfffffe0059ff12e0 logger
737 736 18 0 S+ nanslp 0xffffffff83b9c501 sleep
736 1 18 0 S+ wait 0xfffffe0054804040 sh
686 1 686 0 Ss nanslp 0xffffffff83b9c501 cron
682 1 682 0 Ss select 0xfffffe005a102ac0 sshd
495 1 495 0 Ss select 0xfffffe005a1022c0 syslogd
424 1 424 0 Ss wait 0xfffffe00548c6ac0 devd
423 1 423 65 Ss select 0xfffffe005a102440 dhclient
338 1 338 0 Ss select 0xfffffe005a1024c0 dhclient
335 1 335 0 Ss select 0xfffffe006e410f40 dhclient
17 0 0 0 DL syncer 0xffffffff83cb9da0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0008026040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cb8360 [bufdaemon]
100083 D - 0xffffffff83002140 [bufspacedaemon-0]
100094 D sdflush 0xfffffe0059e7a4e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d03380 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83ce92f8 [dom0]
100081 D launds 0xffffffff83ce9304 [laundry: dom0]
100082 D umarcl 0xffffffff81dc63e0 [uma]
7 0 0 0 DL - 0xffffffff83919cd0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff8476d850 [pf purge]
5 0 0 0 DL waiting 0xffffffff845be5c0 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff838e4340 [doneq0]
100047 D - 0xffffffff838e42c0 [async]
100076 D - 0xffffffff838e4140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce4b00 [crypto]
100044 D crypto_ 0xfffffe005856e030 [crypto returns 0]
100045 D crypto_ 0xfffffe005856e080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe00547f6088 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b44f00 [g_event]
100038 D - 0xffffffff83b44f20 [g_up]
100039 D - 0xffffffff83b44f40 [g_down]
2 0 0 0 WL (threaded) [clock]
100031 I [clock (0)]
100032 I [clock (1)]
12 0 0 0 LL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 L *tcpinp 0xfffffe0008003000 [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0008007040 [init]
10 0 0 0 DL audit_w 0xffffffff83ce55a0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c29ff0 [swapper]
100005 D - 0xfffffe0008bf7d00 [softirq_0]
100006 D - 0xfffffe0008bf7c00 [softirq_1]
100007 D - 0xfffffe0008bf7b00 [if_io_tqg_0]
100008 D - 0xfffffe0008bf7a00 [if_io_tqg_1]
100009 D - 0xfffffe0008bf7900 [if_config_tqg_0]
100010 D - 0xfffffe0008bf7800 [kqueue_ctx taskq]
100011 D - 0xfffffe0008bf7700 [jail_remove taskq]
100012 D - 0xfffffe0008bf7600 [bus taskq]
100015 D - 0xfffffe0008bf7300 [thread taskq]
100017 D - 0xfffffe0008bf7100 [aiod_kick taskq]
100018 D - 0xfffffe0008bf7000 [deferred_unmount ta]
100019 D - 0xfffffe0008bf6e00 [inm_free taskq]
100020 D - 0xfffffe0008bf6d00 [in6m_free taskq]
100021 D - 0xfffffe0008bf6c00 [linuxkpi_irq_wq]
100022 D - 0xfffffe0008bf6b00 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0008bf6b00 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0008bf6b00 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0008bf6b00 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0008bf6a00 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0008bf6a00 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0008bf6a00 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0008bf6a00 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0008bf6900 [firmware taskq]
100041 D - 0xfffffe0008bf6600 [crypto_0]
100042 D - 0xfffffe0008bf6600 [crypto_1]
100057 D - 0xfffffe0008bf6400 [vtnet0 rxq 0]
100058 D - 0xfffffe0008bf6300 [vtnet0 txq 0]
100059 D - 0xfffffe0008bf6200 [vtnet0 rxq 1]
100060 D - 0xfffffe0008bf6100 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0058587680 [virtio_balloon]
100066 D - 0xffffffff827ac961 [deadlkres]
100070 D - 0xfffffe0058f59b00 [acpi_task_0]
100071 D - 0xfffffe0058f59b00 [acpi_task_1]
100072 D - 0xfffffe0058f59b00 [acpi_task_2]
100074 D - 0xfffffe0008bf8100 [mca taskq]
100075 D - 0xfffffe0008bf6500 [CAM taskq]
100077 D - 0xfffffe0008bf5e00 [ipsec_offload]
db> show all locks
Process 1460 (syz-executor) thread 0xfffffe005496e000 (100938)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe006e73d560) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:497
Process 1458 (syz-executor) thread 0xfffffe0054985000 (100935)
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0077e46070) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3579
Process 1441 (syz-executor) thread 0xfffffe005496d740 (100919)
exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe005a337180) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4840
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 376 5059K 519
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4214
sysctloid 35088 2067K 35163
vtbuf 24 1968K 46
kobj 331 1324K 504
newblk 84 1045K 4046
vfscache 3 1025K 3
filedesc 128 1018K 1323
pcb 36 677K 194
inodedep 46 529K 1130
subproc 255 518K 1607
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 101 201K 67305
acpica 1674 184K 54426
vmem 5 144K 6
tidhash 3 141K 3
pagedep 20 133K 696
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 112 112K 133
sem 4 106K 4
gtaskqueue 18 98K 18
bus 997 82K 5063
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 521 66K 521
ddb_capture 1 64K 1
kdtrace 310 56K 2401
umtx 416 52K 416
temp 45 40K 2147
BPF 29 39K 34
shm 2 34K 11
DEVFS3 131 33K 141
hostcache 1 32K 1
msg 4 30K 4
kbdmux 6 28K 6
LRO 26 27K 26
filemon 3 24K 12
routetbl 196 24K 570
ifaddr 85 23K 87
DEVFS_RULE 56 20K 56
lltable 60 19K 63
ether_multi 208 17K 241
ufs_mount 4 17K 5
proc 3 17K 3
ifnet 9 17K 10
tty 16 16K 16
ithread 90 15K 90
bus-sc 34 15K 1647
eventhandler 163 14K 163
in6_multi 85 12K 85
kenv 95 12K 95
GEOM 68 12K 521
shmfd 7 11K 18
CAM queue 5 11K 1528
plimit 26 10K 358
rman 82 10K 437
rpc 8 9K 8
bmsafemap 2 9K 1059
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 2
pfs_vncache 1 8K 1
audit_evclass 239 8K 301
kqueue 118 8K 1637
pwddesc 117 8K 1513
cred 29 8K 247
taskqueue 69 8K 126
dirrem 25 7K 989
sglist 6 7K 6
CAM DEV 3 6K 510
pfs_nodes 22 6K 22
pf_ifnet 15 6K 29
lockf 52 6K 423
ufs_dirhash 24 5K 27
DEVFSP 74 5K 109
UMA 268 5K 268
vt 11 5K 11
md_disk 2 5K 3
pf_table 2 4K 6
memdesc 1 4K 1
MCA 32 4K 32
md_sectors 1 4K 1
evdev 4 4K 4
proc-args 139 4K 2553
acpisem 28 4K 28
sctp_atcl 9 4K 69
kcovinfo 54 4K 54
selfd 50 4K 196439
sctp_stro 3 3K 13
session 23 3K 44
terminal 11 3K 11
sctp_timw 10 3K 10
ip6ndp 16 3K 17
acpidev 20 3K 20
uidinfo 4 3K 26
hhook 8 3K 10
tun 6 3K 6
clone 9 3K 9
sctp_ifa 17 3K 18
ip6opt 12 3K 48
freework 9 3K 1502
local_apic 1 2K 1
io_apic 1 2K 1
freefile 16 2K 844
freeblks 8 2K 778
ipsec-saq 2 2K 2
in_multi 8 2K 16
newdirblk 13 2K 656
CC Mem 13 2K 107
Unitno 26 2K 58
CAM XPT 22 2K 543
sctp_stri 3 2K 16
select 12 2K 67
toponodes 6 2K 6
mkdir 11 2K 1312
ipsecpolicy 2 2K 2
nhops 6 2K 9
msi 9 2K 9
diradd 9 2K 1013
netlink 2 2K 102
sctp_ifn 8 1K 18
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
mld 8 1K 8
igmp 8 1K 8
vnodemarker 2 1K 34
NFSD session 1 1K 1
freefrag 7 1K 278
CAM periph 4 1K 271
ipsec 3 1K 3
pfil 6 1K 6
isadev 6 1K 6
osd 18 1K 124
mount 16 1K 877
pci_link 10 1K 10
inpcbpolicy 21 1K 375
crypto 4 1K 13
encap_export_host 12 1K 12
sctp_atky 12 1K 90
indirdep 2 1K 767
cdev 2 1K 2
lkpikmalloc 8 1K 9
chacha20random 1 1K 1
biobuf 1 1K 1
filedesc_to_leader 6 1K 12
ip_msource 5 1K 17
ip6_msource 4 1K 23
vnodes 1 1K 11
procdesc 2 1K 8
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
frag6 2 1K 14
tcpfunc 3 1K 3
loginclass 3 1K 5
prison 6 1K 6
sctp_athm 9 1K 76
pf_rule 1 1K 3
cryptodev 2 1K 71
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
VN POLL 1 1K 37
aio 4 1K 7
soname 5 1K 3571
pmchooks 1 1K 1
filecaps 5 1K 74
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_map 6 1K 26
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
sigio 1 1K 7
entropy 2 1K 35
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
tcp_pcm_rack 0 0K 9
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 18
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 13
sctp_iter 0 0K 14
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 14
sctp_aadr 0 0K 2
mqdata 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
NMI handlers 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
amdiommu_dom 0 0K 0
amdiommu_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 600
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 15
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6_moptions 0 0K 8
in6_mfilter 0 0K 33
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_moptions 0 0K 19
in_mfilter 0 0K 33
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 3
statfs 0 0K 184
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 137
lio 0 0K 17
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
iov 0 0K 21860
ioctlops 0 0K 120
eventfd 0 0K 3
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 388
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 652
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 24
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 78
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 1
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mpi3mrbuf 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8321 1077 17527 0 254 38494208 0
mbuf 256 8847 815 33932 0 254 2473472 0
BUF TRIE 152 342 11462 3215 0 62 1794208 0
RADIX NODE 152 10324 409 48630 0 62 1631416 0
malloc-128 128 12560 181 13472 0 126 1630848 0
malloc-384 384 4160 40 4200 0 30 1612800 0
malloc-4096 4096 334 4 676 0 2 1384448 0
UMA Slabs 0 112 11254 8 11254 0 126 1261344 0
sctp_asoc 2256 3 507 13 0 254 1150560 0
malloc-64 64 427 16898 218520 0 254 1108800 0
malloc-16384 16384 63 3 846 0 1 1081344 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 17126 121 17126 0 254 965832 0
malloc-65536 65536 13 1 17 0 1 917504 0
FFS inode 1168 595 21 1451 0 8 719488 0
sctp_ep 1152 3 508 46 0 254 588672 0
malloc-4096 4096 136 2 1547 0 2 565248 0
md0 4096 128 0 128 0 2 524288 0
socket 1024 34 474 1707 0 254 520192 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0
VM OBJECT 264 1730 70 20728 0 30 475200 0
256 Bucket 2048 216 8 1324 0 8 458752 0
malloc-32768 32768 5 8 676 0 1 425984 0
sctp_raddr 736 3 514 31 0 254 380512 0
THREAD 1824 192 16 938 0 8 379392 0
VNODE 440 636 84 1494 0 30 316800 0
MAP ENTRY 96 2847 303 65394 0 126 302400 0
malloc-64 64 4050 297 5425 0 254 278208 0
malloc-65536 65536 0 4 68 0 1 262144 0
malloc-2048 2048 105 15 186 0 8 245760 0
malloc-16 16 14480 270 14656 0 254 236000 0
DEVCTL 1024 35 185 162 0 0 225280 0
tcp_log 416 0 513 162 0 254 213408 0
malloc-65536 65536 3 0 3 0 1 196608 0
UMA Zones 768 240 4 240 0 16 187392 0
FPU_save_area 832 194 31 1508 0 16 187200 0
PROC 1376 116 16 1461 0 8 181632 0
malloc-32 32 5380 290 6423 0 254 181440 0
malloc-128 128 1142 253 25376 0 126 178560 0
FFS2 dinode 256 595 95 1451 0 62 176640 0
lkpimm 56 1 3095 1 0 254 173376 0
unpcb 320 11 505 1234 0 254 165120 0
malloc-256 256 119 511 4202 0 62 161280 0
malloc-1024 1024 126 18 171 0 16 147456 0
S VFS Cache 104 1011 393 1972 0 126 146016 0
filedesc0 1072 117 16 1513 0 8 142576 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-2048 2048 6 58 1039 0 8 131072 0
mbuf_packet 256 9 499 1698 0 254 130048 0
ksiginfo 112 109 935 213 0 126 116928 0
malloc-32768 32768 2 1 13 0 1 98304 0
malloc-32768 32768 0 3 122 0 1 98304 0
malloc-4096 4096 18 4 41 0 2 90112 0
UMA Kegs 384 226 7 226 0 30 89472 0
g_bio 408 0 210 17391 0 30 85680 0
128 Bucket 1024 56 27 290 0 16 84992 0
malloc-128 128 390 261 1385 0 126 83328 0
malloc-384 384 178 32 1263 0 30 80640 0
malloc-256 256 179 136 1280 0 62 80640 0
malloc-256 256 276 39 1035 0 62 80640 0
sctp_chunk 152 53 467 75 0 254 79040 0
64 Bucket 512 92 44 3054 0 30 69632 0
malloc-64 64 509 562 1182 0 254 68544 0
malloc-64 64 518 553 1607 0 254 68544 0
malloc-128 128 165 362 2382 0 126 67456 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 0 1 8 0 1 65536 0
malloc-16384 16384 4 0 5 0 1 65536 0
malloc-8192 8192 8 0 9 0 1 65536 0
VMSPACE 584 90 22 1421 0 16 65408 0
malloc-256 256 104 151 1032 0 62 65280 0
32 Bucket 256 84 171 4478 0 62 65280 0
sctp_stream_msg_out 112 0 540 11 0 254 60480 0
malloc-64 64 236 583 2367 0 254 52416 0
malloc-256 256 80 115 676 0 62 49920 0
malloc-256 256 54 141 2983 0 62 49920 0
malloc-256 256 90 105 1078 0 62 49920 0
DIRHASH 1024 34 14 36 0 16 49152 0
NAMEI 1024 0 48 16973 0 16 49152 0
malloc-8192 8192 4 2 38 0 1 49152 0
malloc-8192 8192 5 1 8 0 1 49152 0
malloc-8192 8192 3 3 31 0 1 49152 0
malloc-2048 2048 8 16 45 0 8 49152 0
malloc-2048 2048 14 10 136 0 8 49152 0
malloc-1024 1024 7 41 1603 0 16 49152 0
malloc-384 384 91 29 154 0 30 46080 0
pcpu-8 8 5072 560 5394 0 254 45056 0
PWD 40 65 1046 670 0 254 44440 0
syncache 168 0 264 3 0 254 44352 0
tcp_inpcb 1304 13 20 107 0 8 43032 0
TURNSTILE 136 209 106 209 0 62 42840 0
pipe 736 23 32 340 0 16 40480 0
sctp_readq 152 0 260 10 0 254 39520 0
da_ccb 544 0 70 4469 0 16 38080 0
udp_inpcb 408 6 84 211 0 30 36720 0
hostcache 64 3 564 3 0 254 36288 0
malloc-64 64 137 430 1557 0 254 36288 0
malloc-64 64 8 559 35613 0 254 36288 0
malloc-64 64 51 516 81 0 254 36288 0
16 Bucket 144 64 188 566 0 62 36288 0
tcp_rack_map 128 0 279 32 0 126 35712 0
tcp_bbr_map 128 3 276 60 0 126 35712 0
malloc-128 128 21 258 78 0 126 35712 0
malloc-128 128 72 207 3395 0 126 35712 0
malloc-128 128 87 192 982 0 126 35712 0
malloc-128 128 22 257 1236 0 126 35712 0
routing nhops 256 35 100 42 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 52 38 386 0 30 34560 0
malloc-256 256 7 128 2026 0 62 34560 0
SLEEPQUEUE 88 209 175 209 0 126 33792 0
malloc-16384 16384 1 1 2 0 1 32768 0
malloc-4096 4096 4 4 563 0 2 32768 0
malloc-2048 2048 16 0 28 0 8 32768 0
malloc-2048 2048 0 16 50 0 8 32768 0
malloc-1024 1024 6 26 59 0 16 32768 0
malloc-1024 1024 3 29 160 0 16 32768 0
malloc-1024 1024 18 14 5459 0 16 32768 0
malloc-1024 1024 20 12 22 0 16 32768 0
malloc-1024 1024 2 30 22 0 16 32768 0
malloc-512 512 1 63 111 0 30 32768 0
malloc-512 512 22 42 77 0 30 32768 0
malloc-512 512 0 64 42 0 30 32768 0
malloc-512 512 2 62 49 0 30 32768 0
malloc-512 512 6 58 146 0 30 32768 0
malloc-512 512 3 61 17 0 30 32768 0
malloc-512 512 2 62 12 0 30 32768 0
pcpu-64 64 496 16 496 0 254 32768 0
ertt_txseginfo 40 3 805 3058 0 254 32320 0
tcp_bbr_pcb 896 1 35 14 0 16 32256 0
ipq 56 2 574 3 0 254 32256 0
ttyinq 160 135 65 300 0 62 32000 0
Files 80 219 181 8730 0 126 32000 0
PGRP 120 30 234 61 0 126 31680 0
clpbuf 2624 0 12 92 0 4 31488 0
sctp_laddr 48 3 585 25 0 254 28224 0
rl_entry 48 13 575 32 0 254 28224 0
malloc-32 32 392 490 1097 0 254 28224 0
4 Bucket 48 7 581 18 0 254 28224 0
AIO 208 1 132 51 0 62 27664 0
udplite_inpcb 408 0 63 18 0 30 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-8192 8192 1 2 82 0 1 24576 0
rtentry 168 38 106 42 0 62 24192 0
8 Bucket 80 54 246 523 0 126 24000 0
itimer 352 0 66 11 0 30 23232 0
malloc-384 384 7 53 7 0 30 23040 0
malloc-384 384 0 60 343 0 30 23040 0
malloc-384 384 2 58 229 0 30 23040 0
malloc-384 384 2 58 30 0 30 23040 0
tcp_rack_pcb 1088 0 21 9 0 8 22848 0
ripcb 376 2 58 39 0 30 22560 0
Mountpoints 2816 2 6 11 0 4 22528 0
ertt 72 13 267 107 0 126 20160 0
malloc-32 32 44 586 466 0 254 20160 0
malloc-32 32 127 503 1611 0 254 20160 0
malloc-32 32 157 473 14244 0 254 20160 0
malloc-32 32 99 531 201 0 254 20160 0
malloc-32 32 24 606 2701 0 254 20160 0
2 Bucket 32 63 567 664 0 254 20160 0
cryptop 280 0 70 4 0 30 19600 0
AIOCB 552 1 34 37 0 16 19320 0
L VFS Cache 320 0 60 38 0 30 19200 0
AIOLIO 272 0 70 17 0 30 19040 0
vmem 1856 2 7 2 0 8 16704 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 1 3 18 0 2 16384 0
malloc-4096 4096 1 3 4 0 2 16384 0
malloc-4096 4096 1 3 185 0 2 16384 0
malloc-4096 4096 0 4 12 0 2 16384 0
malloc-2048 2048 6 2 10 0 8 16384 0
malloc-2048 2048 1 7 199 0 8 16384 0
malloc-1024 1024 1 15 1 0 16 16384 0
malloc-512 512 1 31 1 0 30 16384 0
SMR CPU 32 8 503 8 0 254 16352 0
kenv 258 17 43 1066 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
malloc-32 32 13 365 43 0 254 12096 0
vtnet_tx_hdr 24 0 501 2995 0 254 12024 0
KNOTE 160 0 75 102 0 62 12000 0
malloc-16 16 26 724 79 0 254 12000 0
malloc-16 16 75 675 845 0 254 12000 0
malloc-16 16 81 669 451 0 254 12000 0
malloc-16 16 279 471 5024 0 254 12000 0
malloc-16 16 9 741 11329 0 254 12000 0
malloc-16 16 272 478 293 0 254 12000 0
malloc-1
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4e2616b74cb7 cross-build: Workaround system-provided strch..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=16e15374580000
dashboard link: https://syzkaller.appspot.com/bug?extid=feb558687bd3fc1443b3
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+feb558...@syzkaller.appspotmail.com
panic: /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:607: callout_cc_add: Bad list head 0xfffffe0007fba4e0 first->prev != head
cpuid = 1
time = 1745865731
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0057772eb0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057773010
vpanic() at vpanic+0x257/frame 0xfffffe00577731d0
panic() at panic+0xb5/frame 0xfffffe0057773290
callout_cc_add() at callout_cc_add+0x339/frame 0xfffffe00577732f0
callout_reset_sbt_on() at callout_reset_sbt_on+0x74f/frame 0xfffffe0057773410
tcp_timer_activate() at tcp_timer_activate+0x56c/frame 0xfffffe0057773490
tcp_default_output() at tcp_default_output+0x63f2/frame 0xfffffe0057773a50
tcp_output() at tcp_output+0x59/frame 0xfffffe0057773a90
tcp_usr_connect() at tcp_usr_connect+0x531/frame 0xfffffe0057773b90
soconnectat() at soconnectat+0x1c0/frame 0xfffffe0057773bf0
kern_connectat() at kern_connectat+0x300/frame 0xfffffe0057773cd0
sys_connect() at sys_connect+0xf5/frame 0xfffffe0057773d10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe0057773f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0057773f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x825f89f08, rbp = 0x825f89f80 ---
KDB: enter: panic
[ thread pid 1460 tid 100938 ]
Stopped at kdb_enter+0x6e: movq $0,0x25be387(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe007a800000
rdx 0x7ffff
rbx 0xffffffff827a7620 .str.27
rsp 0xfffffe0057772ff0
rbp 0xfffffe0057773010
rsi 0x80001
rdi 0xffffffff816124f9 printf+0x149
r8 0
r9 0xffffffff
r10 0x1
r11 0x1f
r12 0xfffffe005496e000
r13 0xfffffffffffffffd
r14 0xffffffff827a7620 .str.27
r15 0
rip 0xffffffff815fce0e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25be387(%rip)
db> show proc
Process 1460 (syz-executor) at 0xfffffe0008008060:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 1384 at 0xfffffe00548ed060
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0008007040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00548d2248
(map 0xfffffe00548d2248)
(map.pmap 0xfffffe00548d22e8)
(pmap 0xfffffe00548d2358)
threads: 2
100092 RunQ syz-executor
100938 Run CPU 1 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1460 1384 1384 0 R (threaded) syz-executor
100092 RunQ syz-executor
100938 Run CPU 1 syz-executor
1459 764 764 0 R (threaded) syz-executor
100821 RunQ syz-executor
100937 S uwait 0xfffffe006e78f080 syz-executor
1458 1113 1113 0 R (threaded) syz-executor
100628 Run CPU 0 syz-executor
100935 RunQ syz-executor
1453 1 1384 0 S uwait 0xfffffe00781ea700 syz-executor
1448 0 0 0 DL - 0xffffffff83cac400 [soaiod4]
1447 0 0 0 DL - 0xffffffff83cac400 [soaiod3]
1446 0 0 0 DL - 0xffffffff83cac400 [soaiod2]
1445 0 0 0 DL - 0xffffffff83cac400 [soaiod1]
1441 766 766 0 S (threaded) syz-executor
100690 S nanslp 0xffffffff83b9c501 syz-executor
100919 S sbwait 0xfffffe005a3372dc syz-executor
100923 S uwait 0xfffffe006e40ee80 syz-executor
1425 1 764 0 S uwait 0xfffffe00781ea300 syz-executor
1421 1 766 0 S uwait 0xfffffe006e791c00 syz-executor
1409 1 766 0 S uwait 0xfffffe0077efbb00 syz-executor
1392 1 766 0 S uwait 0xfffffe006e78f280 syz-executor
1384 763 1384 0 S nanslp 0xffffffff83b9c501 syz-executor
1362 1 767 0 S uwait 0xfffffe0077ef9e00 syz-executor
1346 1 766 0 SV lockf 0xfffffe00584c4a80 syz-executor
1341 1 766 0 S uwait 0xfffffe0059eae680 syz-executor
1338 0 0 0 DL mdwait 0xfffffe0077ed7000 [md0]
1324 1 767 0 S uwait 0xfffffe006e78f480 syz-executor
1320 1 767 0 S uwait 0xfffffe0077efa100 syz-executor
1281 1 766 0 S uwait 0xfffffe0059eae780 syz-executor
1280 1 766 0 S uwait 0xfffffe006e40e580 syz-executor
1274 1 767 0 SV uwait 0xfffffe006e40f300 syz-executor
1265 1 766 0 S uwait 0xfffffe0077efba00 syz-executor
1263 1 766 0 S uwait 0xfffffe0077efbe00 syz-executor
1223 1 764 0 SV uwait 0xfffffe006e790e80 syz-executor
1192 1 1113 0 SV uwait 0xfffffe006e40f400 syz-executor
1172 1 766 0 S uwait 0xfffffe006e40f000 syz-executor
1170 1 766 0 S uwait 0xfffffe0077efb600 syz-executor
1163 1 767 0 SV uwait 0xfffffe0059eaea80 syz-executor
1160 1 767 60929 S uwait 0xfffffe0077f2b380 syz-executor
1147 1 767 0 S uwait 0xfffffe0059eae600 syz-executor
1146 1 767 0 S uwait 0xfffffe0077efbf00 syz-executor
1144 1 767 0 S uwait 0xfffffe006e78f380 syz-executor
1141 1 764 0 S uwait 0xfffffe006e791200 syz-executor
1134 1 766 0 SV uwait 0xfffffe0077f2b580 syz-executor
1128 1 764 0 S uwait 0xfffffe0077f2b480 syz-executor
1127 1 764 0 S umtxn 0xfffffe006e410b00 syz-executor
1125 1 764 0 S uwait 0xfffffe0059bfbd00 syz-executor
1124 1 764 0 S uwait 0xfffffe0059eaeb80 syz-executor
1113 763 1113 0 S nanslp 0xffffffff83b9c501 syz-executor
1102 1 766 0 S uwait 0xfffffe0077f2b180 syz-executor
1085 1 1083 0 S uwait 0xfffffe0059bfba00 syz-executor
1078 1 765 0 S uwait 0xfffffe0059eaec80 syz-executor
1077 1 765 0 S uwait 0xfffffe006e40e600 syz-executor
1038 1 764 0 S uwait 0xfffffe0077f2b500 syz-executor
1031 1 766 0 S uwait 0xfffffe006e40f100 syz-executor
1012 1 765 0 S uwait 0xfffffe006e791100 syz-executor
1010 1 765 0 S uwait 0xfffffe0059eaed80 syz-executor
995 1 767 0 S uwait 0xfffffe0077efbd00 syz-executor
992 1 765 0 SV uwait 0xfffffe0077f2b080 syz-executor
981 1 765 0 S uwait 0xfffffe0059bfbe00 syz-executor
980 1 765 0 S uwait 0xfffffe0059eae980 syz-executor
978 1 766 60929 SV sigwait 0xfffffe00548ec0f0 syz-executor
972 1 764 60929 SV sigwait 0xfffffe0054932110 syz-executor
944 1 765 0 S uwait 0xfffffe006e790c80 syz-executor
937 1 764 60929 S uwait 0xfffffe006e40e300 syz-executor
926 1 767 0 S uwait 0xfffffe0059bfcd00 syz-executor
901 1 765 0 SV uwait 0xfffffe005a103700 syz-executor
893 1 765 0 S uwait 0xfffffe0059bfbc00 syz-executor
877 1 764 0 S uwait 0xfffffe0059bfbb00 syz-executor
867 1 866 0 S uwait 0xfffffe006e78f180 syz-executor
855 1 764 0 S uwait 0xfffffe006e78ef00 syz-executor
852 0 0 0 DL (threaded) [so_splice]
100157 D - 0xfffffe0058d9f480 [thr_0]
100170 D - 0xfffffe0058d9f4c0 [thr_1]
843 1 765 0 S uwait 0xfffffe005a0ff700 syz-executor
837 0 0 0 DL aiordy 0xfffffe00548fe040 [aiod4]
836 0 0 0 DL aiordy 0xfffffe00548fe5a0 [aiod3]
834 0 0 0 DL aiordy 0xfffffe00548c7ae0 [aiod2]
833 0 0 0 DL aiordy 0xfffffe00548eb580 [aiod1]
826 1 767 0 S uwait 0xfffffe005a103d80 syz-executor
825 1 766 0 S uwait 0xfffffe0059bfce00 syz-executor
821 809 821 0 Ss select 0xfffffe006e78f6c0 dhclient
815 1 815 0 Ss select 0xfffffe006e410bc0 dhclient
809 791 424 65 S select 0xfffffe006e410d40 dhclient
791 424 424 0 S wait 0xfffffe0054803ae0 sh
766 763 766 0 S nanslp 0xffffffff83b9c501 syz-executor
764 763 764 0 S nanslp 0xffffffff83b9c500 syz-executor
763 761 761 0 S select 0xfffffe005a0ff140 syz-executor
761 759 761 0 Ss pause 0xfffffe00548eb0d0 csh
759 682 759 0 Ss select 0xfffffe006e7914c0 sshd
748 1 748 0 Ss+ ttyin 0xfffffe0007ff78b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0058dcf8b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0058dcfcb0 getty
745 1 745 0 Ss+ ttyin 0xfffffe0058dd00b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0058dd04b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0007ff68b0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0058dd08b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0058dd0cb0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0058dd10b0 getty
738 1 18 0 S+ piperd 0xfffffe0059ff12e0 logger
737 736 18 0 S+ nanslp 0xffffffff83b9c501 sleep
736 1 18 0 S+ wait 0xfffffe0054804040 sh
686 1 686 0 Ss nanslp 0xffffffff83b9c501 cron
682 1 682 0 Ss select 0xfffffe005a102ac0 sshd
495 1 495 0 Ss select 0xfffffe005a1022c0 syslogd
424 1 424 0 Ss wait 0xfffffe00548c6ac0 devd
423 1 423 65 Ss select 0xfffffe005a102440 dhclient
338 1 338 0 Ss select 0xfffffe005a1024c0 dhclient
335 1 335 0 Ss select 0xfffffe006e410f40 dhclient
17 0 0 0 DL syncer 0xffffffff83cb9da0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0008026040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cb8360 [bufdaemon]
100083 D - 0xffffffff83002140 [bufspacedaemon-0]
100094 D sdflush 0xfffffe0059e7a4e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d03380 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83ce92f8 [dom0]
100081 D launds 0xffffffff83ce9304 [laundry: dom0]
100082 D umarcl 0xffffffff81dc63e0 [uma]
7 0 0 0 DL - 0xffffffff83919cd0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff8476d850 [pf purge]
5 0 0 0 DL waiting 0xffffffff845be5c0 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff838e4340 [doneq0]
100047 D - 0xffffffff838e42c0 [async]
100076 D - 0xffffffff838e4140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce4b00 [crypto]
100044 D crypto_ 0xfffffe005856e030 [crypto returns 0]
100045 D crypto_ 0xfffffe005856e080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe00547f6088 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b44f00 [g_event]
100038 D - 0xffffffff83b44f20 [g_up]
100039 D - 0xffffffff83b44f40 [g_down]
2 0 0 0 WL (threaded) [clock]
100031 I [clock (0)]
100032 I [clock (1)]
12 0 0 0 LL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 L *tcpinp 0xfffffe0008003000 [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0008007040 [init]
10 0 0 0 DL audit_w 0xffffffff83ce55a0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c29ff0 [swapper]
100005 D - 0xfffffe0008bf7d00 [softirq_0]
100006 D - 0xfffffe0008bf7c00 [softirq_1]
100007 D - 0xfffffe0008bf7b00 [if_io_tqg_0]
100008 D - 0xfffffe0008bf7a00 [if_io_tqg_1]
100009 D - 0xfffffe0008bf7900 [if_config_tqg_0]
100010 D - 0xfffffe0008bf7800 [kqueue_ctx taskq]
100011 D - 0xfffffe0008bf7700 [jail_remove taskq]
100012 D - 0xfffffe0008bf7600 [bus taskq]
100015 D - 0xfffffe0008bf7300 [thread taskq]
100017 D - 0xfffffe0008bf7100 [aiod_kick taskq]
100018 D - 0xfffffe0008bf7000 [deferred_unmount ta]
100019 D - 0xfffffe0008bf6e00 [inm_free taskq]
100020 D - 0xfffffe0008bf6d00 [in6m_free taskq]
100021 D - 0xfffffe0008bf6c00 [linuxkpi_irq_wq]
100022 D - 0xfffffe0008bf6b00 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0008bf6b00 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0008bf6b00 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0008bf6b00 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0008bf6a00 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0008bf6a00 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0008bf6a00 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0008bf6a00 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0008bf6900 [firmware taskq]
100041 D - 0xfffffe0008bf6600 [crypto_0]
100042 D - 0xfffffe0008bf6600 [crypto_1]
100057 D - 0xfffffe0008bf6400 [vtnet0 rxq 0]
100058 D - 0xfffffe0008bf6300 [vtnet0 txq 0]
100059 D - 0xfffffe0008bf6200 [vtnet0 rxq 1]
100060 D - 0xfffffe0008bf6100 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0058587680 [virtio_balloon]
100066 D - 0xffffffff827ac961 [deadlkres]
100070 D - 0xfffffe0058f59b00 [acpi_task_0]
100071 D - 0xfffffe0058f59b00 [acpi_task_1]
100072 D - 0xfffffe0058f59b00 [acpi_task_2]
100074 D - 0xfffffe0008bf8100 [mca taskq]
100075 D - 0xfffffe0008bf6500 [CAM taskq]
100077 D - 0xfffffe0008bf5e00 [ipsec_offload]
db> show all locks
Process 1460 (syz-executor) thread 0xfffffe005496e000 (100938)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe006e73d560) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:497
Process 1458 (syz-executor) thread 0xfffffe0054985000 (100935)
exclusive lockmgr ufs (ufs) r = 0 (0xfffffe0077e46070) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3579
Process 1441 (syz-executor) thread 0xfffffe005496d740 (100919)
exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe005a337180) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4840
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 376 5059K 519
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4214
sysctloid 35088 2067K 35163
vtbuf 24 1968K 46
kobj 331 1324K 504
newblk 84 1045K 4046
vfscache 3 1025K 3
filedesc 128 1018K 1323
pcb 36 677K 194
inodedep 46 529K 1130
subproc 255 518K 1607
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 101 201K 67305
acpica 1674 184K 54426
vmem 5 144K 6
tidhash 3 141K 3
pagedep 20 133K 696
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 112 112K 133
sem 4 106K 4
gtaskqueue 18 98K 18
bus 997 82K 5063
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 521 66K 521
ddb_capture 1 64K 1
kdtrace 310 56K 2401
umtx 416 52K 416
temp 45 40K 2147
BPF 29 39K 34
shm 2 34K 11
DEVFS3 131 33K 141
hostcache 1 32K 1
msg 4 30K 4
kbdmux 6 28K 6
LRO 26 27K 26
filemon 3 24K 12
routetbl 196 24K 570
ifaddr 85 23K 87
DEVFS_RULE 56 20K 56
lltable 60 19K 63
ether_multi 208 17K 241
ufs_mount 4 17K 5
proc 3 17K 3
ifnet 9 17K 10
tty 16 16K 16
ithread 90 15K 90
bus-sc 34 15K 1647
eventhandler 163 14K 163
in6_multi 85 12K 85
kenv 95 12K 95
GEOM 68 12K 521
shmfd 7 11K 18
CAM queue 5 11K 1528
plimit 26 10K 358
rman 82 10K 437
rpc 8 9K 8
bmsafemap 2 9K 1059
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 2
pfs_vncache 1 8K 1
audit_evclass 239 8K 301
kqueue 118 8K 1637
pwddesc 117 8K 1513
cred 29 8K 247
taskqueue 69 8K 126
dirrem 25 7K 989
sglist 6 7K 6
CAM DEV 3 6K 510
pfs_nodes 22 6K 22
pf_ifnet 15 6K 29
lockf 52 6K 423
ufs_dirhash 24 5K 27
DEVFSP 74 5K 109
UMA 268 5K 268
vt 11 5K 11
md_disk 2 5K 3
pf_table 2 4K 6
memdesc 1 4K 1
MCA 32 4K 32
md_sectors 1 4K 1
evdev 4 4K 4
proc-args 139 4K 2553
acpisem 28 4K 28
sctp_atcl 9 4K 69
kcovinfo 54 4K 54
selfd 50 4K 196439
sctp_stro 3 3K 13
session 23 3K 44
terminal 11 3K 11
sctp_timw 10 3K 10
ip6ndp 16 3K 17
acpidev 20 3K 20
uidinfo 4 3K 26
hhook 8 3K 10
tun 6 3K 6
clone 9 3K 9
sctp_ifa 17 3K 18
ip6opt 12 3K 48
freework 9 3K 1502
local_apic 1 2K 1
io_apic 1 2K 1
freefile 16 2K 844
freeblks 8 2K 778
ipsec-saq 2 2K 2
in_multi 8 2K 16
newdirblk 13 2K 656
CC Mem 13 2K 107
Unitno 26 2K 58
CAM XPT 22 2K 543
sctp_stri 3 2K 16
select 12 2K 67
toponodes 6 2K 6
mkdir 11 2K 1312
ipsecpolicy 2 2K 2
nhops 6 2K 9
msi 9 2K 9
diradd 9 2K 1013
netlink 2 2K 102
sctp_ifn 8 1K 18
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
mld 8 1K 8
igmp 8 1K 8
vnodemarker 2 1K 34
NFSD session 1 1K 1
freefrag 7 1K 278
CAM periph 4 1K 271
ipsec 3 1K 3
pfil 6 1K 6
isadev 6 1K 6
osd 18 1K 124
mount 16 1K 877
pci_link 10 1K 10
inpcbpolicy 21 1K 375
crypto 4 1K 13
encap_export_host 12 1K 12
sctp_atky 12 1K 90
indirdep 2 1K 767
cdev 2 1K 2
lkpikmalloc 8 1K 9
chacha20random 1 1K 1
biobuf 1 1K 1
filedesc_to_leader 6 1K 12
ip_msource 5 1K 17
ip6_msource 4 1K 23
vnodes 1 1K 11
procdesc 2 1K 8
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
frag6 2 1K 14
tcpfunc 3 1K 3
loginclass 3 1K 5
prison 6 1K 6
sctp_athm 9 1K 76
pf_rule 1 1K 3
cryptodev 2 1K 71
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
VN POLL 1 1K 37
aio 4 1K 7
soname 5 1K 3571
pmchooks 1 1K 1
filecaps 5 1K 74
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_map 6 1K 26
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
sigio 1 1K 7
entropy 2 1K 35
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
tcp_pcm_rack 0 0K 9
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 18
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 13
sctp_iter 0 0K 14
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 14
sctp_aadr 0 0K 2
mqdata 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
NMI handlers 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
amdiommu_dom 0 0K 0
amdiommu_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 600
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 15
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6_moptions 0 0K 8
in6_mfilter 0 0K 33
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ip_moptions 0 0K 19
in_mfilter 0 0K 33
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 19
fadvise 0 0K 3
statfs 0 0K 184
namei_tracker 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 137
lio 0 0K 17
acl 0 0K 0
mbuf_tag 0 0K 0
ktls 0 0K 0
accf 0 0K 0
pts 0 0K 0
timerfd 0 0K 0
iov 0 0K 21860
ioctlops 0 0K 120
eventfd 0 0K 3
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 388
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 652
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 24
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 78
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 1
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mpi3mrbuf 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8321 1077 17527 0 254 38494208 0
mbuf 256 8847 815 33932 0 254 2473472 0
BUF TRIE 152 342 11462 3215 0 62 1794208 0
RADIX NODE 152 10324 409 48630 0 62 1631416 0
malloc-128 128 12560 181 13472 0 126 1630848 0
malloc-384 384 4160 40 4200 0 30 1612800 0
malloc-4096 4096 334 4 676 0 2 1384448 0
UMA Slabs 0 112 11254 8 11254 0 126 1261344 0
sctp_asoc 2256 3 507 13 0 254 1150560 0
malloc-64 64 427 16898 218520 0 254 1108800 0
malloc-16384 16384 63 3 846 0 1 1081344 0
mbuf_cluster 2048 508 0 508 0 254 1040384 0
vmem btag 56 17126 121 17126 0 254 965832 0
malloc-65536 65536 13 1 17 0 1 917504 0
FFS inode 1168 595 21 1451 0 8 719488 0
sctp_ep 1152 3 508 46 0 254 588672 0
malloc-4096 4096 136 2 1547 0 2 565248 0
md0 4096 128 0 128 0 2 524288 0
socket 1024 34 474 1707 0 254 520192 0
lkpicurr 168 2 3094 2 0 62 520128 0
pbuf 2624 0 198 0 0 2 519552 0
VM OBJECT 264 1730 70 20728 0 30 475200 0
256 Bucket 2048 216 8 1324 0 8 458752 0
malloc-32768 32768 5 8 676 0 1 425984 0
sctp_raddr 736 3 514 31 0 254 380512 0
THREAD 1824 192 16 938 0 8 379392 0
VNODE 440 636 84 1494 0 30 316800 0
MAP ENTRY 96 2847 303 65394 0 126 302400 0
malloc-64 64 4050 297 5425 0 254 278208 0
malloc-65536 65536 0 4 68 0 1 262144 0
malloc-2048 2048 105 15 186 0 8 245760 0
malloc-16 16 14480 270 14656 0 254 236000 0
DEVCTL 1024 35 185 162 0 0 225280 0
tcp_log 416 0 513 162 0 254 213408 0
malloc-65536 65536 3 0 3 0 1 196608 0
UMA Zones 768 240 4 240 0 16 187392 0
FPU_save_area 832 194 31 1508 0 16 187200 0
PROC 1376 116 16 1461 0 8 181632 0
malloc-32 32 5380 290 6423 0 254 181440 0
malloc-128 128 1142 253 25376 0 126 178560 0
FFS2 dinode 256 595 95 1451 0 62 176640 0
lkpimm 56 1 3095 1 0 254 173376 0
unpcb 320 11 505 1234 0 254 165120 0
malloc-256 256 119 511 4202 0 62 161280 0
malloc-1024 1024 126 18 171 0 16 147456 0
S VFS Cache 104 1011 393 1972 0 126 146016 0
filedesc0 1072 117 16 1513 0 8 142576 0
malloc-65536 65536 0 2 110 0 1 131072 0
malloc-2048 2048 6 58 1039 0 8 131072 0
mbuf_packet 256 9 499 1698 0 254 130048 0
ksiginfo 112 109 935 213 0 126 116928 0
malloc-32768 32768 2 1 13 0 1 98304 0
malloc-32768 32768 0 3 122 0 1 98304 0
malloc-4096 4096 18 4 41 0 2 90112 0
UMA Kegs 384 226 7 226 0 30 89472 0
g_bio 408 0 210 17391 0 30 85680 0
128 Bucket 1024 56 27 290 0 16 84992 0
malloc-128 128 390 261 1385 0 126 83328 0
malloc-384 384 178 32 1263 0 30 80640 0
malloc-256 256 179 136 1280 0 62 80640 0
malloc-256 256 276 39 1035 0 62 80640 0
sctp_chunk 152 53 467 75 0 254 79040 0
64 Bucket 512 92 44 3054 0 30 69632 0
malloc-64 64 509 562 1182 0 254 68544 0
malloc-64 64 518 553 1607 0 254 68544 0
malloc-128 128 165 362 2382 0 126 67456 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-65536 65536 0 1 8 0 1 65536 0
malloc-16384 16384 4 0 5 0 1 65536 0
malloc-8192 8192 8 0 9 0 1 65536 0
VMSPACE 584 90 22 1421 0 16 65408 0
malloc-256 256 104 151 1032 0 62 65280 0
32 Bucket 256 84 171 4478 0 62 65280 0
sctp_stream_msg_out 112 0 540 11 0 254 60480 0
malloc-64 64 236 583 2367 0 254 52416 0
malloc-256 256 80 115 676 0 62 49920 0
malloc-256 256 54 141 2983 0 62 49920 0
malloc-256 256 90 105 1078 0 62 49920 0
DIRHASH 1024 34 14 36 0 16 49152 0
NAMEI 1024 0 48 16973 0 16 49152 0
malloc-8192 8192 4 2 38 0 1 49152 0
malloc-8192 8192 5 1 8 0 1 49152 0
malloc-8192 8192 3 3 31 0 1 49152 0
malloc-2048 2048 8 16 45 0 8 49152 0
malloc-2048 2048 14 10 136 0 8 49152 0
malloc-1024 1024 7 41 1603 0 16 49152 0
malloc-384 384 91 29 154 0 30 46080 0
pcpu-8 8 5072 560 5394 0 254 45056 0
PWD 40 65 1046 670 0 254 44440 0
syncache 168 0 264 3 0 254 44352 0
tcp_inpcb 1304 13 20 107 0 8 43032 0
TURNSTILE 136 209 106 209 0 62 42840 0
pipe 736 23 32 340 0 16 40480 0
sctp_readq 152 0 260 10 0 254 39520 0
da_ccb 544 0 70 4469 0 16 38080 0
udp_inpcb 408 6 84 211 0 30 36720 0
hostcache 64 3 564 3 0 254 36288 0
malloc-64 64 137 430 1557 0 254 36288 0
malloc-64 64 8 559 35613 0 254 36288 0
malloc-64 64 51 516 81 0 254 36288 0
16 Bucket 144 64 188 566 0 62 36288 0
tcp_rack_map 128 0 279 32 0 126 35712 0
tcp_bbr_map 128 3 276 60 0 126 35712 0
malloc-128 128 21 258 78 0 126 35712 0
malloc-128 128 72 207 3395 0 126 35712 0
malloc-128 128 87 192 982 0 126 35712 0
malloc-128 128 22 257 1236 0 126 35712 0
routing nhops 256 35 100 42 0 62 34560 0
ttyoutq 256 72 63 160 0 62 34560 0
malloc-384 384 52 38 386 0 30 34560 0
malloc-256 256 7 128 2026 0 62 34560 0
SLEEPQUEUE 88 209 175 209 0 126 33792 0
malloc-16384 16384 1 1 2 0 1 32768 0
malloc-4096 4096 4 4 563 0 2 32768 0
malloc-2048 2048 16 0 28 0 8 32768 0
malloc-2048 2048 0 16 50 0 8 32768 0
malloc-1024 1024 6 26 59 0 16 32768 0
malloc-1024 1024 3 29 160 0 16 32768 0
malloc-1024 1024 18 14 5459 0 16 32768 0
malloc-1024 1024 20 12 22 0 16 32768 0
malloc-1024 1024 2 30 22 0 16 32768 0
malloc-512 512 1 63 111 0 30 32768 0
malloc-512 512 22 42 77 0 30 32768 0
malloc-512 512 0 64 42 0 30 32768 0
malloc-512 512 2 62 49 0 30 32768 0
malloc-512 512 6 58 146 0 30 32768 0
malloc-512 512 3 61 17 0 30 32768 0
malloc-512 512 2 62 12 0 30 32768 0
pcpu-64 64 496 16 496 0 254 32768 0
ertt_txseginfo 40 3 805 3058 0 254 32320 0
tcp_bbr_pcb 896 1 35 14 0 16 32256 0
ipq 56 2 574 3 0 254 32256 0
ttyinq 160 135 65 300 0 62 32000 0
Files 80 219 181 8730 0 126 32000 0
PGRP 120 30 234 61 0 126 31680 0
clpbuf 2624 0 12 92 0 4 31488 0
sctp_laddr 48 3 585 25 0 254 28224 0
rl_entry 48 13 575 32 0 254 28224 0
malloc-32 32 392 490 1097 0 254 28224 0
4 Bucket 48 7 581 18 0 254 28224 0
AIO 208 1 132 51 0 62 27664 0
udplite_inpcb 408 0 63 18 0 30 25704 0
cpuset 200 7 121 7 0 62 25600 0
malloc-8192 8192 3 0 3 0 1 24576 0
malloc-8192 8192 1 2 82 0 1 24576 0
rtentry 168 38 106 42 0 62 24192 0
8 Bucket 80 54 246 523 0 126 24000 0
itimer 352 0 66 11 0 30 23232 0
malloc-384 384 7 53 7 0 30 23040 0
malloc-384 384 0 60 343 0 30 23040 0
malloc-384 384 2 58 229 0 30 23040 0
malloc-384 384 2 58 30 0 30 23040 0
tcp_rack_pcb 1088 0 21 9 0 8 22848 0
ripcb 376 2 58 39 0 30 22560 0
Mountpoints 2816 2 6 11 0 4 22528 0
ertt 72 13 267 107 0 126 20160 0
malloc-32 32 44 586 466 0 254 20160 0
malloc-32 32 127 503 1611 0 254 20160 0
malloc-32 32 157 473 14244 0 254 20160 0
malloc-32 32 99 531 201 0 254 20160 0
malloc-32 32 24 606 2701 0 254 20160 0
2 Bucket 32 63 567 664 0 254 20160 0
cryptop 280 0 70 4 0 30 19600 0
AIOCB 552 1 34 37 0 16 19320 0
L VFS Cache 320 0 60 38 0 30 19200 0
AIOLIO 272 0 70 17 0 30 19040 0
vmem 1856 2 7 2 0 8 16704 0
epoch_record pcpu 256 4 60 4 0 62 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-16384 16384 1 0 1 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-8192 8192 2 0 2 0 1 16384 0
malloc-4096 4096 1 3 18 0 2 16384 0
malloc-4096 4096 1 3 4 0 2 16384 0
malloc-4096 4096 1 3 185 0 2 16384 0
malloc-4096 4096 0 4 12 0 2 16384 0
malloc-2048 2048 6 2 10 0 8 16384 0
malloc-2048 2048 1 7 199 0 8 16384 0
malloc-1024 1024 1 15 1 0 16 16384 0
malloc-512 512 1 31 1 0 30 16384 0
SMR CPU 32 8 503 8 0 254 16352 0
kenv 258 17 43 1066 0 30 15480 0
mqnode 416 3 33 3 0 30 14976 0
SMR SHARED 24 8 503 8 0 254 12264 0
malloc-32 32 13 365 43 0 254 12096 0
vtnet_tx_hdr 24 0 501 2995 0 254 12024 0
KNOTE 160 0 75 102 0 62 12000 0
malloc-16 16 26 724 79 0 254 12000 0
malloc-16 16 75 675 845 0 254 12000 0
malloc-16 16 81 669 451 0 254 12000 0
malloc-16 16 279 471 5024 0 254 12000 0
malloc-16 16 9 741 11329 0 254 12000 0
malloc-16 16 272 478 293 0 254 12000 0
malloc-1
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 28, 2025, 7:09:31 PM4/28/25
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 4e2616b74cb7 cross-build: Workaround system-provided strch..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=127af0d4580000
dashboard link: https://syzkaller.appspot.com/bug?extid=feb558687bd3fc1443b3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12d5e374580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+feb558...@syzkaller.appspotmail.com
panic: /syzkaller/managers/main/kernel/sys/kern/kern_timeout.c:607: callout_cc_add: Bad list head 0xfffffe0007fbdbd0 first->prev != head
cpuid = 1
time = 1745881128
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00576a8530
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00576a8690
vpanic() at vpanic+0x257/frame 0xfffffe00576a8850
panic() at panic+0xb5/frame 0xfffffe00576a8910
callout_cc_add() at callout_cc_add+0x339/frame 0xfffffe00576a8970
callout_reset_sbt_on() at callout_reset_sbt_on+0x74f/frame 0xfffffe00576a8a90
kern_setitimer() at kern_setitimer+0x835/frame 0xfffffe00576a8bb0
sys_setitimer() at sys_setitimer+0x170/frame 0xfffffe00576a8d10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe00576a8f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00576a8f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x8211dcf08, rbp = 0x8211dcf80 ---
KDB: enter: panic
[ thread pid 4414 tid 103643 ]
rdx 0xdffff7c000000000
rbx 0xffffffff827a7620 .str.27
rsp 0xfffffe00576a8670
rbp 0xfffffe00576a8690
rsi 0
rdi 0xffffffff830004c0 panicstr
r8 0
r9 0xffffffff
r10 0x69a56dcd713b5ac7
r11 0xfffffe0054925520
r12 0xfffffe0054925000
(map 0xfffffe000800e920)
(map.pmap 0xfffffe000800e9c0)
(pmap 0xfffffe000800ea30)
threads: 2
102430 RunQ syz-executor
103643 Run CPU 1 syz-executor
102430 RunQ syz-executor
103643 Run CPU 1 syz-executor
4412 3267 3267 0 R (threaded) syz-executor
100126 Run CPU 0 syz-executor
103641 RunQ syz-executor
4411 3245 3245 0 R (threaded) syz-executor
100179 RunQ syz-executor
103640 S uwait 0xfffffe0059ecdc00 syz-executor
3486 3466 3486 0 Ss select 0xfffffe006ee13dc0 dhclient
3473 1 3473 0 Ss select 0xfffffe006edc7640 dhclient
3466 3447 424 65 S select 0xfffffe006ee14540 dhclient
3447 424 424 0 S wait 0xfffffe0054905060 sh
3421 774 3421 0 S nanslp 0xffffffff83b9c501 syz-executor
3296 774 3296 0 R syz-executor
3267 774 3267 0 S nanslp 0xffffffff83b9c500 syz-executor
3245 774 3245 0 S nanslp 0xffffffff83b9c501 syz-executor
864 0 0 0 DL aiordy 0xfffffe005490d580 [aiod4]
863 0 0 0 DL aiordy 0xfffffe005490dae0 [aiod3]
862 0 0 0 DL aiordy 0xfffffe00548e3060 [aiod2]
861 0 0 0 DL aiordy 0xfffffe005490c000 [aiod1]
774 773 771 0 S select 0xfffffe0059ecdec0 syz-executor
773 771 771 0 S (threaded) syz-execprog
100109 S uwait 0xfffffe0059bfbc00 syz-execprog
100112 S uwait 0xfffffe0059bfbf00 syz-execprog
100113 S uwait 0xfffffe0059bfc080 syz-execprog
100114 S uwait 0xfffffe0059bfc180 syz-execprog
100115 S kqread 0xfffffe0008bf4700 syz-execprog
100116 S uwait 0xfffffe006e3b2f00 syz-execprog
100117 S uwait 0xfffffe006e3b4080 syz-execprog
100118 S uwait 0xfffffe0059ecd800 syz-execprog
771 769 771 0 Ss pause 0xfffffe0054902610 csh
769 682 769 0 Ss select 0xfffffe0059ece8c0 sshd
750 1 750 0 Ss+ ttyin 0xfffffe0007ff78b0 getty
749 1 749 0 Ss+ ttyin 0xfffffe0058dcf4b0 getty
748 1 748 0 Ss+ ttyin 0xfffffe0058dcf8b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0058dcfcb0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0058dd00b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe0058dd04b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0058dd08b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0058dd0cb0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0058dd10b0 getty
740 1 18 0 S+ piperd 0xfffffe006e7568a0 logger
739 738 18 0 S+ nanslp 0xffffffff83b9c501 sleep
738 1 18 0 S+ wait 0xfffffe0008007b00 sh
495 1 495 0 Ss select 0xfffffe006e3b4b40 syslogd
424 1 424 0 Ss wait 0xfffffe0054803580 devd
423 1 423 65 Ss select 0xfffffe0059ece140 dhclient
338 1 338 0 Ss select 0xfffffe0059ece0c0 dhclient
335 1 335 0 Ss select 0xfffffe006e3b4640 dhclient
5 0 0 0 DL waiting 0xffffffff845155c0 [sctp_iterator]
Process 4414 (syz-executor) thread 0xfffffe0054925000 (103643)
exclusive sleep mutex process lock (process lock) r = 0 (0xfffffe005492f128) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_time.c:841
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4213
sysctloid 34854 2053K 34929
vtbuf 24 1968K 46
newblk 1830 1482K 5393
kobj 331 1324K 495
inodedep 1406 1039K 7080
vfscache 3 1025K 3
pcb 24 669K 66
subproc 134 254K 4493
acpica 1674 184K 54426
freefile 1333 167K 6965
DEVFS1 114 114K 141
kdtrace 207 42K 8059
temp 35 37K 2354
BPF 22 36K 43
LRO 34 35K 44
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 128 32K 143
DEVFS_RULE 56 20K 56
ifaddr 67 19K 117
ifnet 7 13K 12
ether_multi 152 13K 330
kenv 95 12K 95
GEOM 61 11K 477
plimit 23 9K 503
in6_multi 65 9K 125
shmfd 1 8K 1
mkdir 56 7K 7048
diradd 56 7K 7039
kqueue 59 7K 4420
sglist 6 7K 6
cred 24 6K 295
pfs_nodes 22 6K 22
pf_ifnet 14 6K 45
ufs_dirhash 24 5K 24
UMA 266 5K 266
vt 11 5K 11
pwddesc 56 4K 7886
acpisem 28 4K 28
proc-args 83 4K 5752
selfd 48 3K 145771
terminal 11 3K 11
session 22 3K 56
indirdep 10 3K 10
acpidev 20 3K 20
hhook 8 3K 10
clone 9 3K 9
uidinfo 3 3K 9
lockf 21 3K 44
ip6ndp 13 3K 25
Unitno 28 2K 70
sctp_ifa 13 2K 25
tun 4 2K 9
toponodes 6 2K 6
ipsecpolicy 2 2K 2
select 11 2K 45
freework 6 2K 3504
freeblks 5 2K 3503
msi 9 2K 9
netlink 2 2K 182
vnodemarker 2 1K 10
ipsec 3 1K 3
mld 6 1K 11
CC Mem 6 1K 13
igmp 6 1K 11
pci_link 10 1K 10
crypto 4 1K 4
encap_export_host 12 1K 12
osd 11 1K 29
DEVFSP 10 1K 47
procdesc 2 1K 12
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
pmchooks 1 1K 1
filecaps 5 1K 84
pf_table 0 0K 0
pf_rule 0 0K 0
tcp_pcm_rack 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 31
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 31
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 4e2616b74cb7 cross-build: Workaround system-provided strch..
git tree: freebsd-src
dashboard link: https://syzkaller.appspot.com/bug?extid=feb558687bd3fc1443b3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12d5e374580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+feb558...@syzkaller.appspotmail.com
cpuid = 1
time = 1745881128
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00576a8530
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00576a8690
vpanic() at vpanic+0x257/frame 0xfffffe00576a8850
panic() at panic+0xb5/frame 0xfffffe00576a8910
callout_cc_add() at callout_cc_add+0x339/frame 0xfffffe00576a8970
callout_reset_sbt_on() at callout_reset_sbt_on+0x74f/frame 0xfffffe00576a8a90
kern_setitimer() at kern_setitimer+0x835/frame 0xfffffe00576a8bb0
sys_setitimer() at sys_setitimer+0x170/frame 0xfffffe00576a8d10
amd64_syscall() at amd64_syscall+0x4af/frame 0xfffffe00576a8f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00576a8f30
--- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a197a, rsp = 0x8211dcf08, rbp = 0x8211dcf80 ---
KDB: enter: panic
[ thread pid 4414 tid 103643 ]
Stopped at kdb_enter+0x6e: movq $0,0x25be387(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rdx 0xdffff7c000000000
rbx 0xffffffff827a7620 .str.27
rsp 0xfffffe00576a8670
rbp 0xfffffe00576a8690
rsi 0
rdi 0xffffffff830004c0 panicstr
r8 0
r9 0xffffffff
r10 0x69a56dcd713b5ac7
r11 0xfffffe0054925520
r12 0xfffffe0054925000
r13 0xfffffffffffffffd
r14 0xffffffff827a7620 .str.27
r15 0
rip 0xffffffff815fce0e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25be387(%rip)
db> show proc
Process 4414 (syz-executor) at 0xfffffe005492f000:
r14 0xffffffff827a7620 .str.27
r15 0
rip 0xffffffff815fce0e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25be387(%rip)
db> show proc
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 3421 at 0xfffffe0054902ac0
uid: 0 gids: 0, 0, 5
ABI: FreeBSD ELF64
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0008007040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe000800e920
flag: 0x10000080 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0008007040 reapsubtree: 1
sigparent: 20
(map 0xfffffe000800e920)
(map.pmap 0xfffffe000800e9c0)
(pmap 0xfffffe000800ea30)
threads: 2
102430 RunQ syz-executor
103643 Run CPU 1 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
4414 3421 3421 0 R (threaded) syz-executor
pid ppid pgrp uid state wmesg wchan cmd
102430 RunQ syz-executor
103643 Run CPU 1 syz-executor
4412 3267 3267 0 R (threaded) syz-executor
100126 Run CPU 0 syz-executor
103641 RunQ syz-executor
4411 3245 3245 0 R (threaded) syz-executor
100179 RunQ syz-executor
103640 S uwait 0xfffffe0059ecdc00 syz-executor
3486 3466 3486 0 Ss select 0xfffffe006ee13dc0 dhclient
3473 1 3473 0 Ss select 0xfffffe006edc7640 dhclient
3466 3447 424 65 S select 0xfffffe006ee14540 dhclient
3447 424 424 0 S wait 0xfffffe0054905060 sh
3421 774 3421 0 S nanslp 0xffffffff83b9c501 syz-executor
3296 774 3296 0 R syz-executor
3267 774 3267 0 S nanslp 0xffffffff83b9c500 syz-executor
3245 774 3245 0 S nanslp 0xffffffff83b9c501 syz-executor
864 0 0 0 DL aiordy 0xfffffe005490d580 [aiod4]
863 0 0 0 DL aiordy 0xfffffe005490dae0 [aiod3]
862 0 0 0 DL aiordy 0xfffffe00548e3060 [aiod2]
861 0 0 0 DL aiordy 0xfffffe005490c000 [aiod1]
774 773 771 0 S select 0xfffffe0059ecdec0 syz-executor
773 771 771 0 S (threaded) syz-execprog
100109 S uwait 0xfffffe0059bfbc00 syz-execprog
100112 S uwait 0xfffffe0059bfbf00 syz-execprog
100113 S uwait 0xfffffe0059bfc080 syz-execprog
100114 S uwait 0xfffffe0059bfc180 syz-execprog
100115 S kqread 0xfffffe0008bf4700 syz-execprog
100116 S uwait 0xfffffe006e3b2f00 syz-execprog
100117 S uwait 0xfffffe006e3b4080 syz-execprog
100118 S uwait 0xfffffe0059ecd800 syz-execprog
771 769 771 0 Ss pause 0xfffffe0054902610 csh
769 682 769 0 Ss select 0xfffffe0059ece8c0 sshd
750 1 750 0 Ss+ ttyin 0xfffffe0007ff78b0 getty
749 1 749 0 Ss+ ttyin 0xfffffe0058dcf4b0 getty
748 1 748 0 Ss+ ttyin 0xfffffe0058dcf8b0 getty
747 1 747 0 Ss+ ttyin 0xfffffe0058dcfcb0 getty
746 1 746 0 Ss+ ttyin 0xfffffe0058dd00b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe0058dd04b0 getty
744 1 744 0 Ss+ ttyin 0xfffffe0058dd08b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe0058dd0cb0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0058dd10b0 getty
740 1 18 0 S+ piperd 0xfffffe006e7568a0 logger
739 738 18 0 S+ nanslp 0xffffffff83b9c501 sleep
738 1 18 0 S+ wait 0xfffffe0008007b00 sh
686 1 686 0 Ss nanslp 0xffffffff83b9c501 cron
682 1 682 0 Ss select 0xfffffe0059ecdd40 sshd
495 1 495 0 Ss select 0xfffffe006e3b4b40 syslogd
424 1 424 0 Ss wait 0xfffffe0054803580 devd
423 1 423 65 Ss select 0xfffffe0059ece140 dhclient
338 1 338 0 Ss select 0xfffffe0059ece0c0 dhclient
335 1 335 0 Ss select 0xfffffe006e3b4640 dhclient
17 0 0 0 DL syncer 0xffffffff83cb9da0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0008026040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cb8360 [bufdaemon]
100083 D - 0xffffffff83002140 [bufspacedaemon-0]
100094 D sdflush 0xfffffe0059e9c4e8 [/ worker]
16 0 0 0 DL vlruwt 0xfffffe0008026040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cb8360 [bufdaemon]
100083 D - 0xffffffff83002140 [bufspacedaemon-0]
9 0 0 0 DL psleep 0xffffffff83d03380 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83ce92f8 [dom0]
100081 D launds 0xffffffff83ce9304 [laundry: dom0]
100082 D umarcl 0xffffffff81dc63e0 [uma]
7 0 0 0 DL - 0xffffffff83919cd0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff84771850 [pf purge]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83ce92f8 [dom0]
100081 D launds 0xffffffff83ce9304 [laundry: dom0]
100082 D umarcl 0xffffffff81dc63e0 [uma]
7 0 0 0 DL - 0xffffffff83919cd0 [rand_harvestq]
5 0 0 0 DL waiting 0xffffffff845155c0 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff838e4340 [doneq0]
100047 D - 0xffffffff838e42c0 [async]
100076 D - 0xffffffff838e4140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce4b00 [crypto]
100044 D crypto_ 0xfffffe005856e030 [crypto returns 0]
100045 D crypto_ 0xfffffe005856e080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe00547f6088 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b44f00 [g_event]
100038 D - 0xffffffff83b44f20 [g_up]
100039 D - 0xffffffff83b44f40 [g_down]
2 0 0 0 WL (threaded) [clock]
100031 I [clock (0)]
100032 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100046 D - 0xffffffff838e4340 [doneq0]
100047 D - 0xffffffff838e42c0 [async]
100076 D - 0xffffffff838e4140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce4b00 [crypto]
100044 D crypto_ 0xfffffe005856e030 [crypto returns 0]
100045 D crypto_ 0xfffffe005856e080 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe00547f6088 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b44f00 [g_event]
100038 D - 0xffffffff83b44f20 [g_up]
100039 D - 0xffffffff83b44f40 [g_down]
2 0 0 0 WL (threaded) [clock]
100031 I [clock (0)]
100032 I [clock (1)]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
exclusive sleep mutex process lock (process lock) r = 0 (0xfffffe005492f128) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_time.c:841
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 376 5059K 486
Type InUse MemUse Requests
pf_hash 6 12804K 6
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4213
sysctloid 34854 2053K 34929
vtbuf 24 1968K 46
newblk 1830 1482K 5393
kobj 331 1324K 495
inodedep 1406 1039K 7080
vfscache 3 1025K 3
pcb 24 669K 66
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
dirrem 1330 333K 6980
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
subproc 134 254K 4493
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 100 200K 100
acpitask 1 224K 1
acpica 1674 184K 54426
freefile 1333 167K 6965
vmem 5 144K 6
tidhash 3 141K 3
pagedep 49 140K 3537
tidhash 3 141K 3
tfo_ccache 1 128K 1
IP reass 1 128K 1
filedesc 16 121K 7145
IP reass 1 128K 1
DEVFS1 114 114K 141
sem 4 106K 4
gtaskqueue 18 98K 18
bus 997 82K 5063
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 521 66K 521
ddb_capture 1 64K 1
umtx 336 42K 336
gtaskqueue 18 98K 18
bus 997 82K 5063
mtx_pool 3 74K 3
syncache 1 68K 1
NFSD srvcache 3 68K 3
module 521 66K 521
ddb_capture 1 64K 1
kdtrace 207 42K 8059
temp 35 37K 2354
BPF 22 36K 43
LRO 34 35K 44
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 128 32K 143
msg 4 30K 4
kbdmux 6 28K 6
routetbl 357 23K 1142
kbdmux 6 28K 6
DEVFS_RULE 56 20K 56
ifaddr 67 19K 117
ufs_mount 4 17K 5
proc 3 17K 3
proc 3 17K 3
tty 16 16K 16
ithread 90 15K 90
bus-sc 34 15K 1647
eventhandler 163 14K 163
lltable 43 14K 84
ithread 90 15K 90
bus-sc 34 15K 1647
eventhandler 163 14K 163
ifnet 7 13K 12
ether_multi 152 13K 330
kenv 95 12K 95
GEOM 61 11K 477
CAM queue 5 11K 1528
rman 82 10K 437
rpc 8 9K 8
bmsafemap 4 9K 7044
rpc 8 9K 8
plimit 23 9K 503
in6_multi 65 9K 125
devstat 4 9K 4
UART 12 9K 12
ksem 1 8K 1
UART 12 9K 12
shmfd 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 239 8K 301
taskqueue 69 8K 69
audit_evclass 239 8K 301
mkdir 56 7K 7048
diradd 56 7K 7039
kqueue 59 7K 4420
sglist 6 7K 6
cred 24 6K 295
CAM DEV 3 6K 510
newdirblk 44 6K 3524
pfs_nodes 22 6K 22
pf_ifnet 14 6K 45
ufs_dirhash 24 5K 24
UMA 266 5K 266
vt 11 5K 11
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
MCA 32 4K 32
pwddesc 56 4K 7886
acpisem 28 4K 28
proc-args 83 4K 5752
selfd 48 3K 145771
terminal 11 3K 11
session 22 3K 56
indirdep 10 3K 10
acpidev 20 3K 20
hhook 8 3K 10
clone 9 3K 9
uidinfo 3 3K 9
lockf 21 3K 44
ip6ndp 13 3K 25
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
io_apic 1 2K 1
Unitno 28 2K 70
sctp_ifa 13 2K 25
CAM XPT 22 2K 543
in_multi 6 2K 14
tun 4 2K 9
toponodes 6 2K 6
ipsecpolicy 2 2K 2
select 11 2K 45
freework 6 2K 3504
freeblks 5 2K 3503
msi 9 2K 9
netlink 2 2K 182
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
nhops 6 1K 8
sahead 1 1K 1
secasvar 1 1K 1
vnodemarker 2 1K 10
NFSD session 1 1K 1
CAM periph 4 1K 271
sctp_ifn 6 1K 25
ipsec 3 1K 3
mld 6 1K 11
CC Mem 6 1K 13
igmp 6 1K 11
pfil 6 1K 6
isadev 6 1K 6
mount 16 1K 89
isadev 6 1K 6
pci_link 10 1K 10
crypto 4 1K 4
encap_export_host 12 1K 12
osd 11 1K 29
DEVFSP 10 1K 47
cdev 2 1K 2
lkpikmalloc 8 1K 9
inpcbpolicy 14 1K 241
lkpikmalloc 8 1K 9
chacha20random 1 1K 1
biobuf 1 1K 1
vnodes 1 1K 1
biobuf 1 1K 1
procdesc 2 1K 12
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
tcpfunc 3 1K 3
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
feeder 7 1K 7
loginclass 3 1K 7
prison 6 1K 6
cryptodev 2 1K 49
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
aio 4 1K 4
apmdev 1 1K 1
atkbddev 2 1K 2
pmchooks 1 1K 1
filecaps 5 1K 84
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
soname 4 1K 3466
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
pmc 1 1K 1
entropy 2 1K 62
vnet 1 1K 1
pmc 1 1K 1
acpiintr 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
mqdata 0 0K 0
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
pf_table 0 0K 0
pf_rule 0 0K 0
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
filemon 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 0
tcp_pcm_rack 0 0K 0
tcp_do_rack 0 0K 0
tcp_fsb_rack 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 31
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 31
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages