panic: Assertion pd->pcksum failed at /syzkaller/managers/main/kernel/sys/netpfil/pf/pf.c:LINE
1 view
Skip to first unread message
syzbot
May 5, 2025, 2:28:34 PMMay 5
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 2c0e6f53171c Revert "nfscommon: Use _PC_HAS_NAMEDATTR to c..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=167e539b980000
dashboard link: https://syzkaller.appspot.com/bug?extid=70e3dbe4cba92c8e56eb
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+70e3db...@syzkaller.appspotmail.com
panic: Assertion pd->pcksum failed at /syzkaller/managers/main/kernel/sys/netpfil/pf/pf.c:3279
cpuid = 0
time = 25
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00573515d0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057351730
vpanic() at vpanic+0x257/frame 0xfffffe00573518f0
panic() at panic+0xb5/frame 0xfffffe00573519b0
pf_change_ap() at pf_change_ap+0xd1b/frame 0xfffffe0057351a90
pf_translate_compat() at pf_translate_compat+0x1167/frame 0xfffffe0057351c30
pf_test_rule() at pf_test_rule+0x251b/frame 0xfffffe0057352450
pf_test() at pf_test+0x559f/frame 0xfffffe0057352a00
pf_check6_in() at pf_check6_in+0xac/frame 0xfffffe0057352a50
pfil_mbuf_in() at pfil_mbuf_in+0x8c/frame 0xfffffe0057352a90
ip6_input() at ip6_input+0x16dd/frame 0xfffffe0057352cf0
swi_net() at swi_net+0x2b8/frame 0xfffffe0057352d90
ithread_loop() at ithread_loop+0x4ec/frame 0xfffffe0057352ef0
fork_exit() at fork_exit+0xcc/frame 0xfffffe0057352f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0057352f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100033 ]
Stopped at kdb_enter+0x6e: movq $0,0x25bd6a7(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
rdx 0
rbx 0xffffffff827a9840 .str.27
rsp 0xfffffe0057351710
rbp 0xfffffe0057351730
rsi 0
rdi 0xffffffff81613509 printf+0x149
r8 0
r9 0xffffffff
r10 0x2fef5420
r11 0xe299e7fa
r12 0xfffffe000801f740
r13 0xfffffffffffffffe
r14 0xffffffff827a9840 .str.27
r15 0
rip 0xffffffff815fdaee kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25bd6a7(%rip)
db> show proc
Process 12 (intr) at 0xfffffe0008006580:
state: NORMAL
uid: 0 gids: 0
parent: pid 0 at 0xffffffff83b458e0
ABI: null
flag: 0x10000284 flag2: 0
reaper: 0xffffffff83b458e0 reapsubtree: 12
sigparent: 20
vmspace: 0xffffffff83b46880
(map 0xffffffff83b46880)
(map.pmap 0xffffffff83b46920)
(pmap 0xffffffff83b46990)
threads: 20
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 Run CPU 0 [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1537 1503 1503 0 R (threaded) syz-executor
101272 RunQ syz-executor
101319 RunQ syz-executor
101320 RunQ syz-executor
1536 1486 1486 0 R (threaded) syz-executor
101294 RunQ syz-executor
101317 RunQ syz-executor
101318 S uwait 0xfffffe00546d5100 syz-executor
1531 765 765 0 S (threaded) syz-executor
101262 S nanslp 0xffffffff83b9c500 syz-executor
101310 S select 0xfffffe006cd23240 syz-executor
101316 S uwait 0xfffffe007853fe00 syz-executor
1528 1 1486 0 S uwait 0xfffffe0078b03a80 syz-executor
1522 1 1486 0 S uwait 0xfffffe006e712e80 syz-executor
1520 1 1503 0 S uwait 0xfffffe0078543e00 syz-executor
1511 1 1486 0 S uwait 0xfffffe00546d5200 syz-executor
1503 763 1503 0 S nanslp 0xffffffff83b9c501 syz-executor
1502 1 1486 0 S uwait 0xfffffe0078542a80 syz-executor
1500 1 765 0 S uwait 0xfffffe006e712c80 syz-executor
1499 1 765 0 SV uwait 0xfffffe006e712b80 syz-executor
1486 763 1486 0 S nanslp 0xffffffff83b9c500 syz-executor
1483 1482 1482 0 D tun_con 0xfffffe006e5f00a8 ifconfig
1482 763 1482 0 S wait 0xfffffe0054803020 syz-executor
1480 1 1459 0 S uwait 0xfffffe0078b04e80 syz-executor
1478 1 1459 60929 S uwait 0xfffffe0078b04d80 syz-executor
1476 1475 765 0 S uwait 0xfffffe0078542200 syz-executor
1475 1 765 0 SV uwait 0xfffffe0078b03580 syz-executor
1473 1 765 0 S uwait 0xfffffe0077c4b000 syz-executor
1472 1 765 0 S uwait 0xfffffe0078b04080 syz-executor
1454 1 1278 0 T (threaded) syz-executor
100978 s syz-executor
101203 D MD conf 0xffffffff8390f400 syz-executor
1451 1 764 0 T (threaded) syz-executor
100652 s syz-executor
101192 D MD conf 0xffffffff8390f400 syz-executor
1448 1 765 0 SV sigwait 0xfffffe00549c9610 syz-executor
1447 1 764 0 S uwait 0xfffffe007853f500 syz-executor
1441 1 1441 0 S uwait 0xfffffe0078b04480 syz-executor
1432 1 767 0 T (threaded) syz-executor
101111 s syz-executor
101119 RunQ syz-executor
1424 1 764 0 S uwait 0xfffffe0078b03280 syz-executor
1423 1 764 0 S uwait 0xfffffe007853fc00 syz-executor
1421 1 764 0 S uwait 0xfffffe007853f300 syz-executor
1420 1 764 0 S uwait 0xfffffe0078540680 syz-executor
1413 1 767 0 S uwait 0xfffffe007853f700 syz-executor
1404 1 765 0 S uwait 0xfffffe0077c4bd00 syz-executor
1401 1 764 0 S uwait 0xfffffe0077c49600 syz-executor
1395 1 1278 0 S uwait 0xfffffe007853f200 syz-executor
1378 1 1278 0 S uwait 0xfffffe0078b04500 syz-executor
1377 1 764 0 S uwait 0xfffffe0078542480 syz-executor
1353 1 765 0 T uwait 0xfffffe0078542b00 syz-executor
1335 1 1278 0 S uwait 0xfffffe0078540100 syz-executor
1333 1 1278 0 S uwait 0xfffffe0078540000 syz-executor
1324 1 764 0 S uwait 0xfffffe006e712300 syz-executor
1322 1 764 0 S uwait 0xfffffe0058cf6c80 syz-executor
1316 1 767 0 S uwait 0xfffffe0077c49980 syz-executor
1308 1 767 0 S uwait 0xfffffe007853fd00 syz-executor
1305 1 767 0 S uwait 0xfffffe007853f980 syz-executor
1303 1 767 0 S uwait 0xfffffe0077c4ac00 syz-executor
1298 1 1278 -1 SV uwait 0xfffffe0077c49a80 syz-executor
1293 1 765 0 T uwait 0xfffffe007853f100 syz-executor
1288 1 1278 0 S uwait 0xfffffe007853f400 syz-executor
1279 1277 764 0 S uwait 0xfffffe007853f000 syz-executor
1277 1 764 0 SV uwait 0xfffffe0078540700 syz-executor
1269 1 766 0 T uwait 0xfffffe0077c4b200 syz-executor
1268 1 766 0 T uwait 0xfffffe0058cf6a80 syz-executor
1264 1 764 0 S uwait 0xfffffe0078540300 syz-executor
1240 1 765 0 T uwait 0xfffffe0058cf3580 syz-executor
1227 0 0 0 DL (threaded) [KTLS]
100749 D - 0xfffffe0058d70c00 [thr_0]
100750 D - 0xfffffe0058d70c80 [thr_1]
100751 D - 0xffffffff83cadc28 [reclaim_0]
1221 1 767 0 S uwait 0xfffffe0078540400 syz-executor
1220 1 767 0 S uwait 0xfffffe0078540900 syz-executor
1213 1 764 0 S uwait 0xfffffe006e70f180 syz-executor
1208 0 0 0 DL mdwait 0xfffffe005a35f000 [md2]
1205 1 764 0 S uwait 0xfffffe0078542080 syz-executor
1197 1 765 0 T uwait 0xfffffe0078542680 syz-executor
1193 1 766 0 SV uwait 0xfffffe0078543600 syz-executor
1191 1 766 0 T uwait 0xfffffe0077c49d00 syz-executor
1187 1 767 0 SV uwait 0xfffffe006e70f580 syz-executor
1182 1 766 0 T uwait 0xfffffe0078542580 syz-executor
1180 1 766 0 T uwait 0xfffffe0058cf6880 syz-executor
1178 1 764 0 S uwait 0xfffffe0078540a00 syz-executor
1169 1 766 0 T uwait 0xfffffe006e710280 syz-executor
1162 1 764 0 S uwait 0xfffffe0078540600 syz-executor
1149 1 766 0 T uwait 0xfffffe0078543700 syz-executor
1139 1 766 0 T uwait 0xfffffe0078540e00 syz-executor
1134 1 764 0 S uwait 0xfffffe0078543200 syz-executor
1130 1 764 0 SV uwait 0xfffffe0078540d00 syz-executor
1118 1 766 0 T uwait 0xfffffe0077c49100 syz-executor
1110 1 765 0 T uwait 0xfffffe0058cf6780 syz-executor
1105 1 765 0 T uwait 0xfffffe0077c49180 syz-executor
1100 1 764 0 S uwait 0xfffffe006e70f380 syz-executor
1097 1 767 0 SV uwait 0xfffffe0077c49580 syz-executor
1095 1 767 0 S uwait 0xfffffe006e70f780 syz-executor
1093 1 767 0 S uwait 0xfffffe0077c49e80 syz-executor
1092 1 767 0 S uwait 0xfffffe0058cf5380 syz-executor
1088 1 767 0 S uwait 0xfffffe0078543400 syz-executor
1085 1 764 0 SV uwait 0xfffffe0077c4ab00 syz-executor
1077 1 765 0 T uwait 0xfffffe0078543500 syz-executor
1076 1 767 0 S uwait 0xfffffe0077c4a800 syz-executor
1068 1 1066 0 SV uwait 0xfffffe0058cf6680 syz-executor
1061 1 767 0 SV uwait 0xfffffe0058cf4800 syz-executor
1057 1 767 0 S uwait 0xfffffe006e710680 syz-executor
1043 1 765 0 T uwait 0xfffffe006e711100 syz-executor
1042 1 765 0 T uwait 0xfffffe0077c4ad00 syz-executor
1038 1 1038 0 T uwait 0xfffffe006e710480 syz-executor
1034 1 766 0 SV uwait 0xfffffe00584ff980 syz-executor
1026 1 767 0 S uwait 0xfffffe0077c4a700 syz-executor
1023 1 764 0 S uwait 0xfffffe006e70ff00 syz-executor
1021 1 765 0 T uwait 0xfffffe0058cf5280 syz-executor
1019 1 766 0 SV uwait 0xfffffe006e710080 syz-executor
1013 1 765 0 T uwait 0xfffffe006e70f480 syz-executor
1007 1 767 0 SV uwait 0xfffffe0058cf6980 syz-executor
1002 0 0 0 DL - 0xffffffff83cac400 [soaiod4]
1001 0 0 0 DL - 0xffffffff83cac400 [soaiod3]
1000 0 0 0 DL - 0xffffffff83cac400 [soaiod2]
999 0 0 0 DL - 0xffffffff83cac400 [soaiod1]
994 0 0 0 DL mdwait 0xfffffe00784ff000 [md1]
983 1 766 0 T uwait 0xfffffe005859a880 syz-executor
981 1 767 0 SV uwait 0xfffffe0058cf5180 syz-executor
977 1 764 0 S uwait 0xfffffe006e712100 syz-executor
976 1 764 0 S uwait 0xfffffe005859b000 syz-executor
961 1 765 0 T uwait 0xfffffe006e712400 syz-executor
957 1 767 0 S uwait 0xfffffe0058cf4300 syz-executor
954 1 767 0 S uwait 0xfffffe0058cf4600 syz-executor
951 1 765 0 T uwait 0xfffffe005859b400 syz-executor
949 1 765 0 T umtxn 0xfffffe006e710800 syz-executor
947 1 765 0 T uwait 0xfffffe0077c4b100 syz-executor
944 1 944 0 Ts+ ttyin 0xfffffe0058a7fcb0 getty
943 1 943 0 Ts+ ttyin 0xfffffe0058e40cb0 getty
942 1 942 0 Ts+ ttyin 0xfffffe0058e410b0 getty
941 1 941 0 Ts+ ttyin 0xfffffe0058e414b0 getty
940 1 940 0 Ts+ ttyin 0xfffffe0058e418b0 getty
939 1 939 0 Ts+ ttyin 0xfffffe0058e41cb0 getty
938 1 938 0 Ts+ ttyin 0xfffffe0058e420b0 getty
937 1 937 0 Ts+ ttyin 0xfffffe0058e424b0 getty
936 1 936 0 Ts+ ttyin 0xfffffe0058e428b0 getty
933 1 765 0 T uwait 0xfffffe006e710180 syz-executor
931 1 764 0 S uwait 0xfffffe0077c4ae00 syz-executor
928 1 767 0 S uwait 0xfffffe0058cf4200 syz-executor
920 0 0 0 DL (threaded) [so_splice]
100216 D - 0xfffffe0058d99300 [thr_0]
100217 D - 0xfffffe0058d99340 [thr_1]
918 1 764 0 S uwait 0xfffffe006e710d00 syz-executor
917 1 765 0 T uwait 0xfffffe006e710380 syz-executor
912 1 767 0 SV uwait 0xfffffe0058cf3d80 syz-executor
911 0 0 0 DL mdwait 0xfffffe0058e48000 [md0]
907 1 767 0 S uwait 0xfffffe0058cf4100 syz-executor
905 1 905 0 T uwait 0xfffffe006e710580 syz-executor
901 1 766 0 T uwait 0xfffffe006e710e00 syz-executor
899 1 764 0 S uwait 0xfffffe0077c4b580 syz-executor
883 1 765 0 T uwait 0xfffffe006e712580 syz-executor
882 1 764 0 SV uwait 0xfffffe0058cf3780 syz-executor
879 1 764 0 S uwait 0xfffffe0058cf3480 syz-executor
877 1 767 0 S umtxn 0xfffffe0058cf3300 syz-executor
876 1 767 0 S uwait 0xfffffe0077c4b400 syz-executor
869 783 424 0 S kqread 0xfffffe0058a8f900 rtsol
831 1 765 0 SV uwait 0xfffffe00584ff580 syz-executor
820 0 0 0 DL aiordy 0xfffffe00548e5ae0 [aiod4]
819 0 0 0 DL aiordy 0xfffffe00548e6040 [aiod3]
818 0 0 0 DL aiordy 0xfffffe00548e65a0 [aiod2]
817 0 0 0 DL aiordy 0xfffffe00548d65a0 [aiod1]
816 1 767 0 SV uwait 0xfffffe006e710900 syz-executor
815 1 766 60928 T uwait 0xfffffe006e712000 syz-executor
814 0 0 0 DL - 0xffffffff83b46d40 [accounting]
783 1 424 0 T wait 0xfffffe00548d75c0 sh
765 763 765 0 S nanslp 0xffffffff83b9c500 syz-executor
763 761 761 0 S select 0xfffffe00585e39c0 syz-executor
761 759 761 0 Ss pause 0xfffffe00548d7110 csh
759 1 759 0 Ts select 0xfffffe00585e89c0 sshd
17 0 0 0 DL syncer 0xffffffff83cb9da0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0008026040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cb8360 [bufdaemon]
100083 D - 0xffffffff83002140 [bufspacedaemon-0]
100093 D sdflush 0xfffffe0058e3f8e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d03380 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83ce92f8 [dom0]
100081 D launds 0xffffffff83ce9304 [laundry: dom0]
100082 D umarecl 0xffffffff83ce8320 [uma]
7 0 0 0 DL - 0xffffffff83919cd0 [rand_harvestq]
6 0 0 0 TL pftm 0xffffffff84642850 [pf purge]
5 0 0 0 DL waiting 0xffffffff848ea6c0 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff838e4340 [doneq0]
100047 D - 0xffffffff838e42c0 [async]
100076 D - 0xffffffff838e4140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce4b00 [crypto]
100044 D crypto_ 0xfffffe00546e8c30 [crypto returns 0]
100045 D crypto_ 0xfffffe00546e8c80 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0007f5e888 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b44f00 [g_event]
100038 D - 0xffffffff83b44f20 [g_up]
100039 D - 0xffffffff83b44f40 [g_down]
2 0 0 0 RL (threaded) [clock]
100031 I [clock (0)]
100032 Run CPU 1 [clock (1)]
12 0 0 0 RL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 Run CPU 0 [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0008007040 [init]
10 0 0 0 DL audit_w 0xffffffff83ce55a0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c2bff0 [swapper]
100005 D - 0xfffffe0008be9a00 [softirq_0]
100006 D - 0xfffffe0008be9900 [softirq_1]
100007 D - 0xfffffe0008be9800 [if_io_tqg_0]
100008 D - 0xfffffe0008be9700 [if_io_tqg_1]
100009 D - 0xfffffe0008be9600 [if_config_tqg_0]
100010 D - 0xfffffe0007fcd000 [kqueue_ctx taskq]
100011 D - 0xfffffe0007fcce00 [jail_remove taskq]
100012 D - 0xfffffe0007fccd00 [bus taskq]
100015 D - 0xfffffe0007fcca00 [thread taskq]
100017 D - 0xfffffe0007fcc800 [aiod_kick taskq]
100018 D - 0xfffffe0007fcc700 [deferred_unmount ta]
100019 D - 0xfffffe0007fcc600 [inm_free taskq]
100020 D - 0xfffffe0007fcc500 [in6m_free taskq]
100021 D - 0xfffffe0007fcc400 [linuxkpi_irq_wq]
100022 D - 0xfffffe0007fcc300 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0007fcc300 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0007fcc300 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0007fcc300 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0007fcc200 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0007fcc200 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0007fcc200 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0007fcc200 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0007fcc100 [firmware taskq]
100041 D - 0xfffffe0008bffe00 [crypto_0]
100042 D - 0xfffffe0008bffe00 [crypto_1]
100057 D - 0xfffffe0008bffc00 [vtnet0 rxq 0]
100058 D - 0xfffffe0008bffb00 [vtnet0 txq 0]
100059 D - 0xfffffe0008bffa00 [vtnet0 rxq 1]
100060 D - 0xfffffe0008bff900 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe00585e8380 [virtio_balloon]
100066 D - 0xffffffff827aeb80 [deadlkres]
100070 D - 0xfffffe0059bfc700 [acpi_task_0]
100071 D - 0xfffffe0059bfc700 [acpi_task_1]
100072 D - 0xfffffe0059bfc700 [acpi_task_2]
100074 D - 0xfffffe0007fcd100 [mca taskq]
100075 D - 0xfffffe0008bffd00 [CAM taskq]
100077 D - 0xfffffe0008bff700 [ipsec_offload]
100385 D - 0xfffffe0008bfd000 [netlink_socket (PID]
100488 D - 0xfffffe0008bfd700 [netlink_socket (PID]
100682 D - 0xfffffe0008bfe700 [netlink_socket (PID]
100893 D - 0xfffffe0008bfe600 [netlink_socket (PID]
101054 D - 0xfffffe0008bfd400 [netlink_socket (PID]
101131 D - 0xfffffe006eb55700 [system_taskq_0]
101132 D - 0xfffffe006eb55700 [system_taskq_1]
101133 D - 0xfffffe0008bfe500 [system_delay_taskq_]
101134 D - 0xfffffe0008bfe500 [system_delay_taskq_]
101135 D - 0xfffffe0059bfc500 [arc_prune]
101136 D - 0xfffffe0059bfc400 [arc_flush_0]
101137 D - 0xfffffe0059bfc400 [arc_flush_1]
101151 D - 0xfffffe0008bfec00 [dbu_evict]
101162 D - 0xfffffe006eb55500 [netlink_socket (PID]
101168 D - 0xfffffe0059bfc200 [z_vdev_file_0]
101169 D - 0xfffffe0059bfc200 [z_vdev_file_1]
101170 D - 0xfffffe0059bfc200 [z_vdev_file_2]
101171 D - 0xfffffe0059bfc200 [z_vdev_file_3]
101172 D - 0xfffffe0059bfc200 [z_vdev_file_4]
101173 D - 0xfffffe0059bfc200 [z_vdev_file_5]
101174 D - 0xfffffe0059bfc200 [z_vdev_file_6]
101175 D - 0xfffffe0059bfc200 [z_vdev_file_7]
101176 D - 0xfffffe0059bfc200 [z_vdev_file_8]
101177 D - 0xfffffe0059bfc200 [z_vdev_file_9]
101178 D - 0xfffffe0059bfc200 [z_vdev_file_10]
101179 D - 0xfffffe0059bfc200 [z_vdev_file_11]
101180 D - 0xfffffe0059bfc200 [z_vdev_file_12]
101181 D - 0xfffffe0059bfc200 [z_vdev_file_13]
101182 D - 0xfffffe0059bfc200 [z_vdev_file_14]
101183 D - 0xfffffe0059bfc200 [z_vdev_file_15]
101196 D - 0xfffffe0059bfc000 [zfsvfs]
db> show all locks
Process 1536 (syz-executor) thread 0xfffffe00549ee000 (101317)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe0078309560) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:567
Process 1483 (ifconfig) thread 0xfffffe00549d4740 (101219)
exclusive sx ifnet_detach_sx (ifnet_detach_sx) r = 0 (0xffffffff83cba580) locked @ /syzkaller/managers/main/kernel/sys/net/if.c:3027
Process 1432 (syz-executor) thread 0xfffffe00549ad740 (101119)
exclusive sx umareclaim (umareclaim) r = 0 (0xffffffff83ce8320) locked @ /syzkaller/managers/main/kernel/sys/vm/uma_core.c:3428
exclusive sx MD config lock (MD config lock) r = 0 (0xffffffff8390f400) locked @ /syzkaller/managers/main/kernel/sys/dev/md/md.c:1766
Process 12 (intr) thread 0xfffffe000801f740 (100033)
shared rm pf rulesets (pf rulesets) r = 0 (0xfffffe0008241558) locked @ /syzkaller/managers/main/kernel/sys/netpfil/pf/pf.c:10320
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 443 12676K 746
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4217
solaris 2244 3597K 4470
sysctloid 44873 2636K 45102
sctp_stro 2 2309K 13
vtbuf 24 1968K 46
filedesc 235 1880K 1327
kobj 331 1324K 522
vmem 5 1048K 12
newblk 66 1041K 5085
vfscache 3 1025K 3
subproc 359 755K 1736
pcb 113 744K 780
inodedep 62 535K 1192
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 101 201K 175977
acpica 1674 184K 54426
tidhash 3 141K 3
pagedep 28 135K 616
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 117 117K 142
sem 4 106K 4
gtaskqueue 18 98K 18
netlink 26 98K 134
kdtrace 455 82K 2862
bus 997 82K 5063
mtx_pool 3 74K 3
umtx 576 72K 576
syncache 1 68K 1
NFSD srvcache 3 68K 3
md_sectors 17 68K 3429
module 527 66K 528
ddb_capture 1 64K 1
shm 5 40K 23
temp 52 40K 2688
DEVFS3 136 34K 146
LRO 32 33K 32
hostcache 1 32K 1
msg 4 30K 4
kbdmux 6 28K 6
routetbl 276 26K 719
ifaddr 101 26K 104
lltable 76 24K 87
ether_multi 274 22K 320
ifnet 11 21K 12
DEVFS_RULE 56 20K 56
kstat_data 19 19K 19
ufs_mount 4 17K 5
md_disk 21 17K 3437
proc 3 17K 3
tty 16 16K 16
kqueue 186 16K 2331
ithread 90 15K 90
in6_multi 105 15K 105
bus-sc 34 15K 1647
eventhandler 166 14K 166
GEOM 82 14K 574
sctp_atcl 34 13K 295
cred 42 13K 386
shmfd 10 12K 121
kenv 95 12K 95
taskqueue 108 12K 135
pwddesc 171 11K 1580
plimit 27 11K 696
CAM queue 5 11K 1528
rman 82 10K 437
rpc 8 9K 8
bmsafemap 3 9K 1067
ksem 2 9K 8
devstat 4 9K 4
UART 12 9K 12
filemon 1 8K 14
pfs_vncache 1 8K 1
CC Mem 61 8K 644
audit_evclass 239 8K 301
DEVFSP 112 7K 249
dirrem 25 7K 957
UMA 341 7K 341
crypto 15 7K 101
sglist 6 7K 6
CAM DEV 3 6K 510
pf_ifnet 17 6K 35
pfs_nodes 22 6K 22
kcovinfo 81 6K 81
ufs_dirhash 20 5K 35
tcp_fsb_rack 2 5K 34
vt 11 5K 11
freework 17 5K 1519
pf_table 2 4K 3
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
proc-args 181 4K 2706
inpcbpolicy 118 4K 1402
acpisem 28 4K 28
in_multi 13 4K 23
ip6ndp 20 4K 22
tun 8 3K 8
lockf 27 3K 1140
BPF 13 3K 66
terminal 11 3K 11
sctp_ifa 21 3K 22
newdirblk 21 3K 565
freefile 20 3K 756
uidinfo 5 3K 20
acpidev 20 3K 20
mkdir 19 3K 1130
hhook 8 3K 10
sctp_timw 9 3K 9
diradd 18 3K 992
clone 9 3K 9
ip6opt 12 3K 92
pf_rule 2 3K 3
osd 91 3K 689
cryptodev 32 3K 282
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
session 14 2K 66
Unitno 29 2K 1070
selfd 26 2K 232157
CAM XPT 22 2K 543
indirdep 6 2K 1083
nhops 6 2K 10
pfil 14 2K 14
vnodemarker 3 2K 63
ioctlops 3 2K 274
toponodes 6 2K 6
ipsecpolicy 2 2K 2
sctp_ifn 10 2K 22
mld 10 2K 10
igmp 10 2K 10
sctp_atky 36 2K 309
msi 9 2K 9
mount 22 2K 1143
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
NFSD session 1 1K 1
CAM periph 4 1K 271
ipsec 3 1K 3
freeblks 3 1K 653
ip_msource 12 1K 24
isadev 6 1K 6
pci_link 10 1K 10
encap_export_host 12 1K 12
iov 9 1K 21168
sctp_athm 34 1K 296
select 4 1K 87
cdev 2 1K 2
lkpikmalloc 8 1K 9
ip_moptions 6 1K 31
chacha20random 1 1K 1
VN POLL 3 1K 12
biobuf 1 1K 1
eventfd 3 1K 14
in_mfilter 6 1K 52
tcp_pcm_rack 1 1K 17
vnodes 1 1K 6
ktls 1 1K 97
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
prison 8 1K 8
feeder 7 1K 7
taskq 2 1K 2
sctp_aadr 3 1K 3
ip6_msource 3 1K 4
tcpfunc 3 1K 3
loginclass 3 1K 5
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
freefrag 1 1K 234
aio 4 1K 12
pmchooks 1 1K 1
filedesc_to_leader 2 1K 6
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_vrf 1 1K 1
sctp_map 4 1K 26
vnet 1 1K 1
accf 1 1K 1
pmc 1 1K 1
entropy 2 1K 38
acpiintr 1 1K 1
cpus 2 1K 2
ip6_moptions 1 1K 8
vnet_data_free 1 1K 1
soname 1 1K 3913
Per-cpu 1 1K 1
p1003.1b 1 1K 1
sfs_nodes 0 0K 0
zones_data 0 0K 0
ext2_mount 0 0K 0
ext2_node 0 0K 0
ext2_extents 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 45
sctp_iter 0 0K 19
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 19
sctp_stri 0 0K 2
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 8
mqdata 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
tcp_do_rack 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
NMI handlers 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
amdiommu_dom 0 0K 0
amdiommu_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 4
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 680
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 30
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 5
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
in6_mfilter 0 0K 10
frag6 0 0K 3
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 23
fadvise 0 0K 3
statfs 0 0K 222
namei_tracker 0 0K 5
export_host 0 0K 0
cl_savebuf 0 0K 116
lio 0 0K 24
acl 0 0K 0
mbuf_tag 0 0K 22
pts 0 0K 0
timerfd 0 0K 0
procdesc 0 0K 10
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 460
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 671
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 10
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
filecaps 0 0K 78
sigio 0 0K 2
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 90
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 7
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mpi3mrbuf 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 1225
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8325 126 16206 0 126 34615296 0
vmem btag 56 83748 160443 246696 0 254 13674696 0
malloc-4096 4096 32 3263 3933 0 2 13496320 0
256 Bucket 2048 777 3687 23053 0 8 9142272 0
RADIX NODE 152 19931 8170 76050 0 62 4271352 0
mbuf 256 9606 478 39068 0 254 2581504 0
malloc-16384 16384 117 2 658 0 1 1949696 0
malloc-128 128 14695 92 14772 0 126 1892736 0
BUF TRIE 152 372 11432 4161 0 62 1794208 0
UMA Slabs 0 112 15625 29 17587 0 126 1753248 0
malloc-384 384 4162 28 4192 0 30 1608960 0
malloc-4096 4096 334 4 821 0 2 1384448 0
malloc-64 64 750 17016 340255 0 254 1137024 0
mbuf_cluster 2048 296 212 802 0 129 1040384 0
malloc-65536 65536 15 0 19 0 1 983040 0
FFS inode 1168 673 27 1446 0 8 817600 0
malloc-4096 4096 173 3 1537 0 2 720896 0
VM OBJECT 264 2239 56 22188 0 30 605880 0
malloc-256 256 2239 116 3335 0 62 602880 0
pbuf 2624 0 210 0 0 2 551040 0
THREAD 1824 283 5 1320 0 8 525312 0
lkpicurr 168 2 3094 2 0 62 520128 0
socket 1024 177 255 3222 0 133 442368 0
MAP ENTRY 96 4316 178 76336 0 126 431424 0
VNODE 440 715 77 1491 0 30 348480 0
malloc-64 64 4877 541 5570 0 254 346752 0
sctp_ep 1152 32 255 281 0 129 330624 0
malloc-2048 2048 140 12 821 0 8 311296 0
malloc-16 16 18358 642 18552 0 254 304000 0
FPU_save_area 832 285 30 1834 0 16 262080 0
PROC 1376 170 17 1540 0 8 257312 0
malloc-32 32 7207 353 7732 0 254 241920 0
UMA Zones 768 313 1 313 0 16 241152 0
malloc-32768 32768 2 5 889 0 1 229376 0
FFS2 dinode 256 673 107 1445 0 62 199680 0
malloc-65536 65536 0 3 84 0 1 196608 0
malloc-65536 65536 3 0 3 0 1 196608 0
filedesc0 1072 171 11 1580 0 8 195104 0
malloc-128 128 1226 262 26731 0 126 190464 0
malloc-1024 1024 151 33 2421 0 16 188416 0
lkpimm 56 1 3095 1 0 254 173376 0
malloc-128 128 1114 157 6758 0 126 162688 0
DEVCTL 1024 53 103 178 0 0 159744 0
S VFS Cache 104 1057 425 2059 0 126 154128 0
malloc-32 32 272 3886 3800 0 254 133056 0
tcp_inpcb 1304 61 41 641 0 8 133008 0
malloc-32768 32768 4 0 4 0 1 131072 0
malloc-16384 16384 8 0 9 0 1 131072 0
malloc-4096 4096 31 1 79 0 2 131072 0
tcp_log 416 15 273 137 0 140 119808 0
UMA Kegs 384 298 5 298 0 30 116352 0
malloc-256 256 337 113 1503 0 62 115200 0
malloc-128 128 639 260 3031 0 126 115072 0
pf states 384 23 267 27 0 140 111360 0
malloc-8192 8192 12 1 28 0 1 106496 0
malloc-256 256 116 289 5366 0 62 103680 0
64 Bucket 512 156 44 24409 0 30 102400 0
unpcb 320 20 280 1472 0 140 96000 0
malloc-256 256 257 118 3189 0 62 96000 0
VMSPACE 584 140 21 1490 0 16 94024 0
malloc-64 64 968 481 2930 0 254 92736 0
malloc-8192 8192 8 2 108 0 1 81920 0
malloc-384 384 194 16 194 0 30 80640 0
malloc-4096 4096 16 3 274 0 2 77824 0
mbuf_packet 256 43 253 2326 0 254 75776 0
128 Bucket 1024 51 16 402 0 16 68608 0
8 Bucket 80 499 351 1845 0 126 68000 0
md0 8 8192 8 8192 0 254 65600 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 0 2 68 0 1 65536 0
Files 80 468 332 13399 0 126 64000 0
malloc-2048 2048 15 15 77 0 8 61440 0
malloc-384 384 124 36 1965 0 30 61440 0
malloc-256 256 141 99 3316 0 62 61440 0
udp_inpcb 408 24 120 451 0 30 58752 0
malloc-2048 2048 17 11 44 0 8 57344 0
malloc-2048 2048 12 16 1066 0 8 57344 0
malloc-1024 1024 21 35 1242 0 16 57344 0
malloc-64 64 344 538 2261 0 254 56448 0
malloc-384 384 85 55 99 0 30 53760 0
malloc-128 128 122 281 784 0 126 51584 0
malloc-256 256 92 103 2246 0 62 49920 0
pcpu-8 8 5768 376 6331 0 254 49152 0
ripcb 376 27 103 270 0 30 48880 0
pipe 736 34 32 454 0 16 48576 0
ksiginfo 112 165 267 536 0 126 48384 0
malloc-64 64 210 546 2113 0 254 48384 0
32 Bucket 256 61 119 28309 0 62 46080 0
TURNSTILE 136 289 47 289 0 62 45696 0
malloc-2048 2048 14 8 94 0 8 45056 0
PWD 40 108 1003 581 0 254 44440 0
2 Bucket 32 1120 266 3592 0 254 44352 0
routing nhops 256 42 123 49 0 62 42240
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 2c0e6f53171c Revert "nfscommon: Use _PC_HAS_NAMEDATTR to c..
git tree: freebsd-src
console output: https://syzkaller.appspot.com/x/log.txt?x=167e539b980000
dashboard link: https://syzkaller.appspot.com/bug?extid=70e3dbe4cba92c8e56eb
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+70e3db...@syzkaller.appspotmail.com
panic: Assertion pd->pcksum failed at /syzkaller/managers/main/kernel/sys/netpfil/pf/pf.c:3279
cpuid = 0
time = 25
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00573515d0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057351730
vpanic() at vpanic+0x257/frame 0xfffffe00573518f0
panic() at panic+0xb5/frame 0xfffffe00573519b0
pf_change_ap() at pf_change_ap+0xd1b/frame 0xfffffe0057351a90
pf_translate_compat() at pf_translate_compat+0x1167/frame 0xfffffe0057351c30
pf_test_rule() at pf_test_rule+0x251b/frame 0xfffffe0057352450
pf_test() at pf_test+0x559f/frame 0xfffffe0057352a00
pf_check6_in() at pf_check6_in+0xac/frame 0xfffffe0057352a50
pfil_mbuf_in() at pfil_mbuf_in+0x8c/frame 0xfffffe0057352a90
ip6_input() at ip6_input+0x16dd/frame 0xfffffe0057352cf0
swi_net() at swi_net+0x2b8/frame 0xfffffe0057352d90
ithread_loop() at ithread_loop+0x4ec/frame 0xfffffe0057352ef0
fork_exit() at fork_exit+0xcc/frame 0xfffffe0057352f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0057352f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100033 ]
Stopped at kdb_enter+0x6e: movq $0,0x25bd6a7(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe00033eee30
rdx 0
rbx 0xffffffff827a9840 .str.27
rsp 0xfffffe0057351710
rbp 0xfffffe0057351730
rsi 0
rdi 0xffffffff81613509 printf+0x149
r8 0
r9 0xffffffff
r10 0x2fef5420
r11 0xe299e7fa
r12 0xfffffe000801f740
r13 0xfffffffffffffffe
r14 0xffffffff827a9840 .str.27
r15 0
rip 0xffffffff815fdaee kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25bd6a7(%rip)
db> show proc
Process 12 (intr) at 0xfffffe0008006580:
state: NORMAL
uid: 0 gids: 0
parent: pid 0 at 0xffffffff83b458e0
ABI: null
flag: 0x10000284 flag2: 0
reaper: 0xffffffff83b458e0 reapsubtree: 12
sigparent: 20
vmspace: 0xffffffff83b46880
(map 0xffffffff83b46880)
(map.pmap 0xffffffff83b46920)
(pmap 0xffffffff83b46990)
threads: 20
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 Run CPU 0 [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
1537 1503 1503 0 R (threaded) syz-executor
101272 RunQ syz-executor
101319 RunQ syz-executor
101320 RunQ syz-executor
1536 1486 1486 0 R (threaded) syz-executor
101294 RunQ syz-executor
101317 RunQ syz-executor
101318 S uwait 0xfffffe00546d5100 syz-executor
1531 765 765 0 S (threaded) syz-executor
101262 S nanslp 0xffffffff83b9c500 syz-executor
101310 S select 0xfffffe006cd23240 syz-executor
101316 S uwait 0xfffffe007853fe00 syz-executor
1528 1 1486 0 S uwait 0xfffffe0078b03a80 syz-executor
1522 1 1486 0 S uwait 0xfffffe006e712e80 syz-executor
1520 1 1503 0 S uwait 0xfffffe0078543e00 syz-executor
1511 1 1486 0 S uwait 0xfffffe00546d5200 syz-executor
1503 763 1503 0 S nanslp 0xffffffff83b9c501 syz-executor
1502 1 1486 0 S uwait 0xfffffe0078542a80 syz-executor
1500 1 765 0 S uwait 0xfffffe006e712c80 syz-executor
1499 1 765 0 SV uwait 0xfffffe006e712b80 syz-executor
1486 763 1486 0 S nanslp 0xffffffff83b9c500 syz-executor
1483 1482 1482 0 D tun_con 0xfffffe006e5f00a8 ifconfig
1482 763 1482 0 S wait 0xfffffe0054803020 syz-executor
1480 1 1459 0 S uwait 0xfffffe0078b04e80 syz-executor
1478 1 1459 60929 S uwait 0xfffffe0078b04d80 syz-executor
1476 1475 765 0 S uwait 0xfffffe0078542200 syz-executor
1475 1 765 0 SV uwait 0xfffffe0078b03580 syz-executor
1473 1 765 0 S uwait 0xfffffe0077c4b000 syz-executor
1472 1 765 0 S uwait 0xfffffe0078b04080 syz-executor
1454 1 1278 0 T (threaded) syz-executor
100978 s syz-executor
101203 D MD conf 0xffffffff8390f400 syz-executor
1451 1 764 0 T (threaded) syz-executor
100652 s syz-executor
101192 D MD conf 0xffffffff8390f400 syz-executor
1448 1 765 0 SV sigwait 0xfffffe00549c9610 syz-executor
1447 1 764 0 S uwait 0xfffffe007853f500 syz-executor
1441 1 1441 0 S uwait 0xfffffe0078b04480 syz-executor
1432 1 767 0 T (threaded) syz-executor
101111 s syz-executor
101119 RunQ syz-executor
1424 1 764 0 S uwait 0xfffffe0078b03280 syz-executor
1423 1 764 0 S uwait 0xfffffe007853fc00 syz-executor
1421 1 764 0 S uwait 0xfffffe007853f300 syz-executor
1420 1 764 0 S uwait 0xfffffe0078540680 syz-executor
1413 1 767 0 S uwait 0xfffffe007853f700 syz-executor
1404 1 765 0 S uwait 0xfffffe0077c4bd00 syz-executor
1401 1 764 0 S uwait 0xfffffe0077c49600 syz-executor
1395 1 1278 0 S uwait 0xfffffe007853f200 syz-executor
1378 1 1278 0 S uwait 0xfffffe0078b04500 syz-executor
1377 1 764 0 S uwait 0xfffffe0078542480 syz-executor
1353 1 765 0 T uwait 0xfffffe0078542b00 syz-executor
1335 1 1278 0 S uwait 0xfffffe0078540100 syz-executor
1333 1 1278 0 S uwait 0xfffffe0078540000 syz-executor
1324 1 764 0 S uwait 0xfffffe006e712300 syz-executor
1322 1 764 0 S uwait 0xfffffe0058cf6c80 syz-executor
1316 1 767 0 S uwait 0xfffffe0077c49980 syz-executor
1308 1 767 0 S uwait 0xfffffe007853fd00 syz-executor
1305 1 767 0 S uwait 0xfffffe007853f980 syz-executor
1303 1 767 0 S uwait 0xfffffe0077c4ac00 syz-executor
1298 1 1278 -1 SV uwait 0xfffffe0077c49a80 syz-executor
1293 1 765 0 T uwait 0xfffffe007853f100 syz-executor
1288 1 1278 0 S uwait 0xfffffe007853f400 syz-executor
1279 1277 764 0 S uwait 0xfffffe007853f000 syz-executor
1277 1 764 0 SV uwait 0xfffffe0078540700 syz-executor
1269 1 766 0 T uwait 0xfffffe0077c4b200 syz-executor
1268 1 766 0 T uwait 0xfffffe0058cf6a80 syz-executor
1264 1 764 0 S uwait 0xfffffe0078540300 syz-executor
1240 1 765 0 T uwait 0xfffffe0058cf3580 syz-executor
1227 0 0 0 DL (threaded) [KTLS]
100749 D - 0xfffffe0058d70c00 [thr_0]
100750 D - 0xfffffe0058d70c80 [thr_1]
100751 D - 0xffffffff83cadc28 [reclaim_0]
1221 1 767 0 S uwait 0xfffffe0078540400 syz-executor
1220 1 767 0 S uwait 0xfffffe0078540900 syz-executor
1213 1 764 0 S uwait 0xfffffe006e70f180 syz-executor
1208 0 0 0 DL mdwait 0xfffffe005a35f000 [md2]
1205 1 764 0 S uwait 0xfffffe0078542080 syz-executor
1197 1 765 0 T uwait 0xfffffe0078542680 syz-executor
1193 1 766 0 SV uwait 0xfffffe0078543600 syz-executor
1191 1 766 0 T uwait 0xfffffe0077c49d00 syz-executor
1187 1 767 0 SV uwait 0xfffffe006e70f580 syz-executor
1182 1 766 0 T uwait 0xfffffe0078542580 syz-executor
1180 1 766 0 T uwait 0xfffffe0058cf6880 syz-executor
1178 1 764 0 S uwait 0xfffffe0078540a00 syz-executor
1169 1 766 0 T uwait 0xfffffe006e710280 syz-executor
1162 1 764 0 S uwait 0xfffffe0078540600 syz-executor
1149 1 766 0 T uwait 0xfffffe0078543700 syz-executor
1139 1 766 0 T uwait 0xfffffe0078540e00 syz-executor
1134 1 764 0 S uwait 0xfffffe0078543200 syz-executor
1130 1 764 0 SV uwait 0xfffffe0078540d00 syz-executor
1118 1 766 0 T uwait 0xfffffe0077c49100 syz-executor
1110 1 765 0 T uwait 0xfffffe0058cf6780 syz-executor
1105 1 765 0 T uwait 0xfffffe0077c49180 syz-executor
1100 1 764 0 S uwait 0xfffffe006e70f380 syz-executor
1097 1 767 0 SV uwait 0xfffffe0077c49580 syz-executor
1095 1 767 0 S uwait 0xfffffe006e70f780 syz-executor
1093 1 767 0 S uwait 0xfffffe0077c49e80 syz-executor
1092 1 767 0 S uwait 0xfffffe0058cf5380 syz-executor
1088 1 767 0 S uwait 0xfffffe0078543400 syz-executor
1085 1 764 0 SV uwait 0xfffffe0077c4ab00 syz-executor
1077 1 765 0 T uwait 0xfffffe0078543500 syz-executor
1076 1 767 0 S uwait 0xfffffe0077c4a800 syz-executor
1068 1 1066 0 SV uwait 0xfffffe0058cf6680 syz-executor
1061 1 767 0 SV uwait 0xfffffe0058cf4800 syz-executor
1057 1 767 0 S uwait 0xfffffe006e710680 syz-executor
1043 1 765 0 T uwait 0xfffffe006e711100 syz-executor
1042 1 765 0 T uwait 0xfffffe0077c4ad00 syz-executor
1038 1 1038 0 T uwait 0xfffffe006e710480 syz-executor
1034 1 766 0 SV uwait 0xfffffe00584ff980 syz-executor
1026 1 767 0 S uwait 0xfffffe0077c4a700 syz-executor
1023 1 764 0 S uwait 0xfffffe006e70ff00 syz-executor
1021 1 765 0 T uwait 0xfffffe0058cf5280 syz-executor
1019 1 766 0 SV uwait 0xfffffe006e710080 syz-executor
1013 1 765 0 T uwait 0xfffffe006e70f480 syz-executor
1007 1 767 0 SV uwait 0xfffffe0058cf6980 syz-executor
1002 0 0 0 DL - 0xffffffff83cac400 [soaiod4]
1001 0 0 0 DL - 0xffffffff83cac400 [soaiod3]
1000 0 0 0 DL - 0xffffffff83cac400 [soaiod2]
999 0 0 0 DL - 0xffffffff83cac400 [soaiod1]
994 0 0 0 DL mdwait 0xfffffe00784ff000 [md1]
983 1 766 0 T uwait 0xfffffe005859a880 syz-executor
981 1 767 0 SV uwait 0xfffffe0058cf5180 syz-executor
977 1 764 0 S uwait 0xfffffe006e712100 syz-executor
976 1 764 0 S uwait 0xfffffe005859b000 syz-executor
961 1 765 0 T uwait 0xfffffe006e712400 syz-executor
957 1 767 0 S uwait 0xfffffe0058cf4300 syz-executor
954 1 767 0 S uwait 0xfffffe0058cf4600 syz-executor
951 1 765 0 T uwait 0xfffffe005859b400 syz-executor
949 1 765 0 T umtxn 0xfffffe006e710800 syz-executor
947 1 765 0 T uwait 0xfffffe0077c4b100 syz-executor
944 1 944 0 Ts+ ttyin 0xfffffe0058a7fcb0 getty
943 1 943 0 Ts+ ttyin 0xfffffe0058e40cb0 getty
942 1 942 0 Ts+ ttyin 0xfffffe0058e410b0 getty
941 1 941 0 Ts+ ttyin 0xfffffe0058e414b0 getty
940 1 940 0 Ts+ ttyin 0xfffffe0058e418b0 getty
939 1 939 0 Ts+ ttyin 0xfffffe0058e41cb0 getty
938 1 938 0 Ts+ ttyin 0xfffffe0058e420b0 getty
937 1 937 0 Ts+ ttyin 0xfffffe0058e424b0 getty
936 1 936 0 Ts+ ttyin 0xfffffe0058e428b0 getty
933 1 765 0 T uwait 0xfffffe006e710180 syz-executor
931 1 764 0 S uwait 0xfffffe0077c4ae00 syz-executor
928 1 767 0 S uwait 0xfffffe0058cf4200 syz-executor
920 0 0 0 DL (threaded) [so_splice]
100216 D - 0xfffffe0058d99300 [thr_0]
100217 D - 0xfffffe0058d99340 [thr_1]
918 1 764 0 S uwait 0xfffffe006e710d00 syz-executor
917 1 765 0 T uwait 0xfffffe006e710380 syz-executor
912 1 767 0 SV uwait 0xfffffe0058cf3d80 syz-executor
911 0 0 0 DL mdwait 0xfffffe0058e48000 [md0]
907 1 767 0 S uwait 0xfffffe0058cf4100 syz-executor
905 1 905 0 T uwait 0xfffffe006e710580 syz-executor
901 1 766 0 T uwait 0xfffffe006e710e00 syz-executor
899 1 764 0 S uwait 0xfffffe0077c4b580 syz-executor
883 1 765 0 T uwait 0xfffffe006e712580 syz-executor
882 1 764 0 SV uwait 0xfffffe0058cf3780 syz-executor
879 1 764 0 S uwait 0xfffffe0058cf3480 syz-executor
877 1 767 0 S umtxn 0xfffffe0058cf3300 syz-executor
876 1 767 0 S uwait 0xfffffe0077c4b400 syz-executor
869 783 424 0 S kqread 0xfffffe0058a8f900 rtsol
831 1 765 0 SV uwait 0xfffffe00584ff580 syz-executor
820 0 0 0 DL aiordy 0xfffffe00548e5ae0 [aiod4]
819 0 0 0 DL aiordy 0xfffffe00548e6040 [aiod3]
818 0 0 0 DL aiordy 0xfffffe00548e65a0 [aiod2]
817 0 0 0 DL aiordy 0xfffffe00548d65a0 [aiod1]
816 1 767 0 SV uwait 0xfffffe006e710900 syz-executor
815 1 766 60928 T uwait 0xfffffe006e712000 syz-executor
814 0 0 0 DL - 0xffffffff83b46d40 [accounting]
783 1 424 0 T wait 0xfffffe00548d75c0 sh
765 763 765 0 S nanslp 0xffffffff83b9c500 syz-executor
763 761 761 0 S select 0xfffffe00585e39c0 syz-executor
761 759 761 0 Ss pause 0xfffffe00548d7110 csh
759 1 759 0 Ts select 0xfffffe00585e89c0 sshd
17 0 0 0 DL syncer 0xffffffff83cb9da0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0008026040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cb8360 [bufdaemon]
100083 D - 0xffffffff83002140 [bufspacedaemon-0]
100093 D sdflush 0xfffffe0058e3f8e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d03380 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83ce92f8 [dom0]
100081 D launds 0xffffffff83ce9304 [laundry: dom0]
100082 D umarecl 0xffffffff83ce8320 [uma]
7 0 0 0 DL - 0xffffffff83919cd0 [rand_harvestq]
6 0 0 0 TL pftm 0xffffffff84642850 [pf purge]
5 0 0 0 DL waiting 0xffffffff848ea6c0 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff838e4340 [doneq0]
100047 D - 0xffffffff838e42c0 [async]
100076 D - 0xffffffff838e4140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce4b00 [crypto]
100044 D crypto_ 0xfffffe00546e8c30 [crypto returns 0]
100045 D crypto_ 0xfffffe00546e8c80 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0007f5e888 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b44f00 [g_event]
100038 D - 0xffffffff83b44f20 [g_up]
100039 D - 0xffffffff83b44f40 [g_down]
2 0 0 0 RL (threaded) [clock]
100031 I [clock (0)]
100032 Run CPU 1 [clock (1)]
12 0 0 0 RL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 Run CPU 0 [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0008007040 [init]
10 0 0 0 DL audit_w 0xffffffff83ce55a0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c2bff0 [swapper]
100005 D - 0xfffffe0008be9a00 [softirq_0]
100006 D - 0xfffffe0008be9900 [softirq_1]
100007 D - 0xfffffe0008be9800 [if_io_tqg_0]
100008 D - 0xfffffe0008be9700 [if_io_tqg_1]
100009 D - 0xfffffe0008be9600 [if_config_tqg_0]
100010 D - 0xfffffe0007fcd000 [kqueue_ctx taskq]
100011 D - 0xfffffe0007fcce00 [jail_remove taskq]
100012 D - 0xfffffe0007fccd00 [bus taskq]
100015 D - 0xfffffe0007fcca00 [thread taskq]
100017 D - 0xfffffe0007fcc800 [aiod_kick taskq]
100018 D - 0xfffffe0007fcc700 [deferred_unmount ta]
100019 D - 0xfffffe0007fcc600 [inm_free taskq]
100020 D - 0xfffffe0007fcc500 [in6m_free taskq]
100021 D - 0xfffffe0007fcc400 [linuxkpi_irq_wq]
100022 D - 0xfffffe0007fcc300 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0007fcc300 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0007fcc300 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0007fcc300 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0007fcc200 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0007fcc200 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0007fcc200 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0007fcc200 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0007fcc100 [firmware taskq]
100041 D - 0xfffffe0008bffe00 [crypto_0]
100042 D - 0xfffffe0008bffe00 [crypto_1]
100057 D - 0xfffffe0008bffc00 [vtnet0 rxq 0]
100058 D - 0xfffffe0008bffb00 [vtnet0 txq 0]
100059 D - 0xfffffe0008bffa00 [vtnet0 rxq 1]
100060 D - 0xfffffe0008bff900 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe00585e8380 [virtio_balloon]
100066 D - 0xffffffff827aeb80 [deadlkres]
100070 D - 0xfffffe0059bfc700 [acpi_task_0]
100071 D - 0xfffffe0059bfc700 [acpi_task_1]
100072 D - 0xfffffe0059bfc700 [acpi_task_2]
100074 D - 0xfffffe0007fcd100 [mca taskq]
100075 D - 0xfffffe0008bffd00 [CAM taskq]
100077 D - 0xfffffe0008bff700 [ipsec_offload]
100385 D - 0xfffffe0008bfd000 [netlink_socket (PID]
100488 D - 0xfffffe0008bfd700 [netlink_socket (PID]
100682 D - 0xfffffe0008bfe700 [netlink_socket (PID]
100893 D - 0xfffffe0008bfe600 [netlink_socket (PID]
101054 D - 0xfffffe0008bfd400 [netlink_socket (PID]
101131 D - 0xfffffe006eb55700 [system_taskq_0]
101132 D - 0xfffffe006eb55700 [system_taskq_1]
101133 D - 0xfffffe0008bfe500 [system_delay_taskq_]
101134 D - 0xfffffe0008bfe500 [system_delay_taskq_]
101135 D - 0xfffffe0059bfc500 [arc_prune]
101136 D - 0xfffffe0059bfc400 [arc_flush_0]
101137 D - 0xfffffe0059bfc400 [arc_flush_1]
101151 D - 0xfffffe0008bfec00 [dbu_evict]
101162 D - 0xfffffe006eb55500 [netlink_socket (PID]
101168 D - 0xfffffe0059bfc200 [z_vdev_file_0]
101169 D - 0xfffffe0059bfc200 [z_vdev_file_1]
101170 D - 0xfffffe0059bfc200 [z_vdev_file_2]
101171 D - 0xfffffe0059bfc200 [z_vdev_file_3]
101172 D - 0xfffffe0059bfc200 [z_vdev_file_4]
101173 D - 0xfffffe0059bfc200 [z_vdev_file_5]
101174 D - 0xfffffe0059bfc200 [z_vdev_file_6]
101175 D - 0xfffffe0059bfc200 [z_vdev_file_7]
101176 D - 0xfffffe0059bfc200 [z_vdev_file_8]
101177 D - 0xfffffe0059bfc200 [z_vdev_file_9]
101178 D - 0xfffffe0059bfc200 [z_vdev_file_10]
101179 D - 0xfffffe0059bfc200 [z_vdev_file_11]
101180 D - 0xfffffe0059bfc200 [z_vdev_file_12]
101181 D - 0xfffffe0059bfc200 [z_vdev_file_13]
101182 D - 0xfffffe0059bfc200 [z_vdev_file_14]
101183 D - 0xfffffe0059bfc200 [z_vdev_file_15]
101196 D - 0xfffffe0059bfc000 [zfsvfs]
db> show all locks
Process 1536 (syz-executor) thread 0xfffffe00549ee000 (101317)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe0078309560) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:567
Process 1483 (ifconfig) thread 0xfffffe00549d4740 (101219)
exclusive sx ifnet_detach_sx (ifnet_detach_sx) r = 0 (0xffffffff83cba580) locked @ /syzkaller/managers/main/kernel/sys/net/if.c:3027
Process 1432 (syz-executor) thread 0xfffffe00549ad740 (101119)
exclusive sx umareclaim (umareclaim) r = 0 (0xffffffff83ce8320) locked @ /syzkaller/managers/main/kernel/sys/vm/uma_core.c:3428
exclusive sx MD config lock (MD config lock) r = 0 (0xffffffff8390f400) locked @ /syzkaller/managers/main/kernel/sys/dev/md/md.c:1766
Process 12 (intr) thread 0xfffffe000801f740 (100033)
shared rm pf rulesets (pf rulesets) r = 0 (0xfffffe0008241558) locked @ /syzkaller/managers/main/kernel/sys/netpfil/pf/pf.c:10320
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 443 12676K 746
tcp_hpts 7 4801K 7
devbuf 4188 4324K 4217
solaris 2244 3597K 4470
sysctloid 44873 2636K 45102
sctp_stro 2 2309K 13
vtbuf 24 1968K 46
filedesc 235 1880K 1327
kobj 331 1324K 522
vmem 5 1048K 12
newblk 66 1041K 5085
vfscache 3 1025K 3
subproc 359 755K 1736
pcb 113 744K 780
inodedep 62 535K 1192
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 472K 4
vnet_data 2 224K 2
acpitask 1 224K 1
KTRACE 101 201K 175977
acpica 1674 184K 54426
tidhash 3 141K 3
pagedep 28 135K 616
tfo_ccache 1 128K 1
IP reass 1 128K 1
DEVFS1 117 117K 142
sem 4 106K 4
gtaskqueue 18 98K 18
netlink 26 98K 134
kdtrace 455 82K 2862
bus 997 82K 5063
mtx_pool 3 74K 3
umtx 576 72K 576
syncache 1 68K 1
NFSD srvcache 3 68K 3
md_sectors 17 68K 3429
module 527 66K 528
ddb_capture 1 64K 1
shm 5 40K 23
temp 52 40K 2688
DEVFS3 136 34K 146
LRO 32 33K 32
hostcache 1 32K 1
msg 4 30K 4
kbdmux 6 28K 6
routetbl 276 26K 719
ifaddr 101 26K 104
lltable 76 24K 87
ether_multi 274 22K 320
ifnet 11 21K 12
DEVFS_RULE 56 20K 56
kstat_data 19 19K 19
ufs_mount 4 17K 5
md_disk 21 17K 3437
proc 3 17K 3
tty 16 16K 16
kqueue 186 16K 2331
ithread 90 15K 90
in6_multi 105 15K 105
bus-sc 34 15K 1647
eventhandler 166 14K 166
GEOM 82 14K 574
sctp_atcl 34 13K 295
cred 42 13K 386
shmfd 10 12K 121
kenv 95 12K 95
taskqueue 108 12K 135
pwddesc 171 11K 1580
plimit 27 11K 696
CAM queue 5 11K 1528
rman 82 10K 437
rpc 8 9K 8
bmsafemap 3 9K 1067
ksem 2 9K 8
devstat 4 9K 4
UART 12 9K 12
filemon 1 8K 14
pfs_vncache 1 8K 1
CC Mem 61 8K 644
audit_evclass 239 8K 301
DEVFSP 112 7K 249
dirrem 25 7K 957
UMA 341 7K 341
crypto 15 7K 101
sglist 6 7K 6
CAM DEV 3 6K 510
pf_ifnet 17 6K 35
pfs_nodes 22 6K 22
kcovinfo 81 6K 81
ufs_dirhash 20 5K 35
tcp_fsb_rack 2 5K 34
vt 11 5K 11
freework 17 5K 1519
pf_table 2 4K 3
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
proc-args 181 4K 2706
inpcbpolicy 118 4K 1402
acpisem 28 4K 28
in_multi 13 4K 23
ip6ndp 20 4K 22
tun 8 3K 8
lockf 27 3K 1140
BPF 13 3K 66
terminal 11 3K 11
sctp_ifa 21 3K 22
newdirblk 21 3K 565
freefile 20 3K 756
uidinfo 5 3K 20
acpidev 20 3K 20
mkdir 19 3K 1130
hhook 8 3K 10
sctp_timw 9 3K 9
diradd 18 3K 992
clone 9 3K 9
ip6opt 12 3K 92
pf_rule 2 3K 3
osd 91 3K 689
cryptodev 32 3K 282
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
session 14 2K 66
Unitno 29 2K 1070
selfd 26 2K 232157
CAM XPT 22 2K 543
indirdep 6 2K 1083
nhops 6 2K 10
pfil 14 2K 14
vnodemarker 3 2K 63
ioctlops 3 2K 274
toponodes 6 2K 6
ipsecpolicy 2 2K 2
sctp_ifn 10 2K 22
mld 10 2K 10
igmp 10 2K 10
sctp_atky 36 2K 309
msi 9 2K 9
mount 22 2K 1143
softdep 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
NFSD session 1 1K 1
CAM periph 4 1K 271
ipsec 3 1K 3
freeblks 3 1K 653
ip_msource 12 1K 24
isadev 6 1K 6
pci_link 10 1K 10
encap_export_host 12 1K 12
iov 9 1K 21168
sctp_athm 34 1K 296
select 4 1K 87
cdev 2 1K 2
lkpikmalloc 8 1K 9
ip_moptions 6 1K 31
chacha20random 1 1K 1
VN POLL 3 1K 12
biobuf 1 1K 1
eventfd 3 1K 14
in_mfilter 6 1K 52
tcp_pcm_rack 1 1K 17
vnodes 1 1K 6
ktls 1 1K 97
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
CAM SIM 2 1K 2
prison 8 1K 8
feeder 7 1K 7
taskq 2 1K 2
sctp_aadr 3 1K 3
ip6_msource 3 1K 4
tcpfunc 3 1K 3
loginclass 3 1K 5
nexusdev 8 1K 8
apmdev 1 1K 1
atkbddev 2 1K 2
freefrag 1 1K 234
aio 4 1K 12
pmchooks 1 1K 1
filedesc_to_leader 2 1K 6
CAM path 4 1K 1034
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
sctp_vrf 1 1K 1
sctp_map 4 1K 26
vnet 1 1K 1
accf 1 1K 1
pmc 1 1K 1
entropy 2 1K 38
acpiintr 1 1K 1
cpus 2 1K 2
ip6_moptions 1 1K 8
vnet_data_free 1 1K 1
soname 1 1K 3913
Per-cpu 1 1K 1
p1003.1b 1 1K 1
sfs_nodes 0 0K 0
zones_data 0 0K 0
ext2_mount 0 0K 0
ext2_node 0 0K 0
ext2_extents 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 45
sctp_iter 0 0K 19
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 19
sctp_stri 0 0K 2
pf_altq 0 0K 0
pf_osfp 0 0K 0
pf_krule_item 0 0K 0
pf_temp 0 0K 8
mqdata 0 0K 0
ipcomp 0 0K 0
esp 0 0K 0
ah 0 0K 0
tcp_do_rack 0 0K 0
madt_table 0 0K 2
smartpqi 0 0K 0
ixl 0 0K 0
ice-resmgr 0 0K 0
ice-osdep 0 0K 0
ice 0 0K 0
iavf 0 0K 0
axgbe 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
NMI handlers 0 0K 0
bounce 0 0K 0
busdma 0 0K 0
qpidrv 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
amdiommu_dom 0 0K 0
amdiommu_ctx 0 0K 0
isci 0 0K 0
iommu_dmamap 0 0K 0
hyperv_socket 0 0K 0
bxe_ilt 0 0K 0
aesni_data 0 0K 4
xenbus 0 0K 0
vm_fictitious 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 680
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 30
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
ktls_ocf 0 0K 5
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS_RX 0 0K 0
MLX5EEPROM 0 0K 0
MLX5E_TLS 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EN 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5DUMP 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
MLX5EEPROM 0 0K 0
simple_attr 0 0K 0
seq_file 0 0K 0
lkpiskb 0 0K 0
radix 0 0K 0
idr 0 0K 0
lkpindev 0 0K 0
lkpimhi 0 0K 0
lkpifw 0 0K 0
lkpi80211 0 0K 0
NLM 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
in6_mfilter 0 0K 10
frag6 0 0K 3
tcplog 0 0K 0
tcp_hwpace 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 23
fadvise 0 0K 3
statfs 0 0K 222
namei_tracker 0 0K 5
export_host 0 0K 0
cl_savebuf 0 0K 116
lio 0 0K 24
acl 0 0K 0
mbuf_tag 0 0K 22
pts 0 0K 0
timerfd 0 0K 0
procdesc 0 0K 10
Witness 0 0K 0
stack 0 0K 0
sbuf 0 0K 460
firmware 0 0K 0
compressor 0 0K 0
SWAP 0 0K 0
sysctltmp 0 0K 671
sysctl 0 0K 3
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 10
rctl 0 0K 0
cache 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
filecaps 0 0K 78
sigio 0 0K 2
pwd 0 0K 0
tty console 0 0K 0
boottrace 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 90
geom_flashmap 0 0K 0
tmpfs dir 0 0K 0
tmpfs name 0 0K 0
tmpfs mount 0 0K 0
tmpfs extattr 0 0K 0
NFS FHA 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroff 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
xnb 0 0K 0
xen_acpi 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
pvscsi 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
twsbuf 0 0K 0
tcp_log_dev 0 0K 7
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
SIIS driver 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
mpi3mrbuf 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
malodev 0 0K 0
LED 0 0K 0
ix_sriov 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
ciss_data 0 0K 0
BACKLIGHT 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
acpipwr 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
aacraidcam 0 0K 0
aacraid_buf 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
XZ_DEC 0 0K 0
nvlist 0 0K 1225
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
scsi_pass 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
nvme_da 0 0K 0
CAM CCB 0 0K 523
CAM ccb queue 0 0K 0
db> show uma
Zone Size Used Free Requests Sleeps Bucket Total Mem XFree
mbuf_jumbo_page 4096 8325 126 16206 0 126 34615296 0
vmem btag 56 83748 160443 246696 0 254 13674696 0
malloc-4096 4096 32 3263 3933 0 2 13496320 0
256 Bucket 2048 777 3687 23053 0 8 9142272 0
RADIX NODE 152 19931 8170 76050 0 62 4271352 0
mbuf 256 9606 478 39068 0 254 2581504 0
malloc-16384 16384 117 2 658 0 1 1949696 0
malloc-128 128 14695 92 14772 0 126 1892736 0
BUF TRIE 152 372 11432 4161 0 62 1794208 0
UMA Slabs 0 112 15625 29 17587 0 126 1753248 0
malloc-384 384 4162 28 4192 0 30 1608960 0
malloc-4096 4096 334 4 821 0 2 1384448 0
malloc-64 64 750 17016 340255 0 254 1137024 0
mbuf_cluster 2048 296 212 802 0 129 1040384 0
malloc-65536 65536 15 0 19 0 1 983040 0
FFS inode 1168 673 27 1446 0 8 817600 0
malloc-4096 4096 173 3 1537 0 2 720896 0
VM OBJECT 264 2239 56 22188 0 30 605880 0
malloc-256 256 2239 116 3335 0 62 602880 0
pbuf 2624 0 210 0 0 2 551040 0
THREAD 1824 283 5 1320 0 8 525312 0
lkpicurr 168 2 3094 2 0 62 520128 0
socket 1024 177 255 3222 0 133 442368 0
MAP ENTRY 96 4316 178 76336 0 126 431424 0
VNODE 440 715 77 1491 0 30 348480 0
malloc-64 64 4877 541 5570 0 254 346752 0
sctp_ep 1152 32 255 281 0 129 330624 0
malloc-2048 2048 140 12 821 0 8 311296 0
malloc-16 16 18358 642 18552 0 254 304000 0
FPU_save_area 832 285 30 1834 0 16 262080 0
PROC 1376 170 17 1540 0 8 257312 0
malloc-32 32 7207 353 7732 0 254 241920 0
UMA Zones 768 313 1 313 0 16 241152 0
malloc-32768 32768 2 5 889 0 1 229376 0
FFS2 dinode 256 673 107 1445 0 62 199680 0
malloc-65536 65536 0 3 84 0 1 196608 0
malloc-65536 65536 3 0 3 0 1 196608 0
filedesc0 1072 171 11 1580 0 8 195104 0
malloc-128 128 1226 262 26731 0 126 190464 0
malloc-1024 1024 151 33 2421 0 16 188416 0
lkpimm 56 1 3095 1 0 254 173376 0
malloc-128 128 1114 157 6758 0 126 162688 0
DEVCTL 1024 53 103 178 0 0 159744 0
S VFS Cache 104 1057 425 2059 0 126 154128 0
malloc-32 32 272 3886 3800 0 254 133056 0
tcp_inpcb 1304 61 41 641 0 8 133008 0
malloc-32768 32768 4 0 4 0 1 131072 0
malloc-16384 16384 8 0 9 0 1 131072 0
malloc-4096 4096 31 1 79 0 2 131072 0
tcp_log 416 15 273 137 0 140 119808 0
UMA Kegs 384 298 5 298 0 30 116352 0
malloc-256 256 337 113 1503 0 62 115200 0
malloc-128 128 639 260 3031 0 126 115072 0
pf states 384 23 267 27 0 140 111360 0
malloc-8192 8192 12 1 28 0 1 106496 0
malloc-256 256 116 289 5366 0 62 103680 0
64 Bucket 512 156 44 24409 0 30 102400 0
unpcb 320 20 280 1472 0 140 96000 0
malloc-256 256 257 118 3189 0 62 96000 0
VMSPACE 584 140 21 1490 0 16 94024 0
malloc-64 64 968 481 2930 0 254 92736 0
malloc-8192 8192 8 2 108 0 1 81920 0
malloc-384 384 194 16 194 0 30 80640 0
malloc-4096 4096 16 3 274 0 2 77824 0
mbuf_packet 256 43 253 2326 0 254 75776 0
128 Bucket 1024 51 16 402 0 16 68608 0
8 Bucket 80 499 351 1845 0 126 68000 0
md0 8 8192 8 8192 0 254 65600 0
malloc-65536 65536 1 0 1 0 1 65536 0
malloc-32768 32768 0 2 68 0 1 65536 0
Files 80 468 332 13399 0 126 64000 0
malloc-2048 2048 15 15 77 0 8 61440 0
malloc-384 384 124 36 1965 0 30 61440 0
malloc-256 256 141 99 3316 0 62 61440 0
udp_inpcb 408 24 120 451 0 30 58752 0
malloc-2048 2048 17 11 44 0 8 57344 0
malloc-2048 2048 12 16 1066 0 8 57344 0
malloc-1024 1024 21 35 1242 0 16 57344 0
malloc-64 64 344 538 2261 0 254 56448 0
malloc-384 384 85 55 99 0 30 53760 0
malloc-128 128 122 281 784 0 126 51584 0
malloc-256 256 92 103 2246 0 62 49920 0
pcpu-8 8 5768 376 6331 0 254 49152 0
ripcb 376 27 103 270 0 30 48880 0
pipe 736 34 32 454 0 16 48576 0
ksiginfo 112 165 267 536 0 126 48384 0
malloc-64 64 210 546 2113 0 254 48384 0
32 Bucket 256 61 119 28309 0 62 46080 0
TURNSTILE 136 289 47 289 0 62 45696 0
malloc-2048 2048 14 8 94 0 8 45056 0
PWD 40 108 1003 581 0 254 44440 0
2 Bucket 32 1120 266 3592 0 254 44352 0
routing nhops 256 42 123 49 0 62 42240
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Sep 9, 2025, 9:10:20 AMSep 9
to syzkaller-f...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages