panic: pfi_dynaddr_setup: dyn is 0x800000000000000 cpuid = 0 time = 24 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0025b49110 vpanic() at vpanic+0x1c7/frame 0xfffffe0025b49170 panic() at panic+0x43/frame 0xfffffe0025b491d0 pfi_dynaddr_setup() at pfi_dynaddr_setup+0x590/frame 0xfffffe0025b49260 pfioctl() at pfioctl+0x6e4f/frame 0xfffffe0025b49790 devfs_ioctl() at devfs_ioctl+0x14e/frame 0xfffffe0025b497f0 VOP_IOCTL_APV() at VOP_IOCTL_APV+0x78/frame 0xfffffe0025b49820 vn_ioctl() at vn_ioctl+0x27c/frame 0xfffffe0025b49940 devfs_ioctl_f() at devfs_ioctl_f+0x47/frame 0xfffffe0025b49980 kern_ioctl() at kern_ioctl+0x3d4/frame 0xfffffe0025b499f0 sys_ioctl() at sys_ioctl+0x22b/frame 0xfffffe0025b49ac0 amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0025b49bf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0025b49bf0 --- syscall (198, FreeBSD ELF64, nosys), rip = 0x80071d48a, rsp = 0x7fffdfffdf38, rbp = 0x3 --- KDB: enter: panic ioctl$DIOCRADDTABLES(0xffffffffffffffff, 0xc450443d, &(0x7f0000000500)={{"a337d42b3aa759d0b26f8a80d5862d8d61dafb0de089c3e697a0cff40fa1bb876abcd9dff113ffb291e7b20640f15b49536b28a5f8088377dfe2b8304264212714e3fcc48ca8e14e3eb683d651689047c66723c5e1fd09c71af4aa90422c132ce55e5db76ea10391ecd739e3905f4dfe2167a96a095e4857b2c94980dfe92c66a22648cce2b9ba5d9e29ab68540bcba24ed1641919d4152b4fb664d5763a5f2f51b860c8384f69454214c8e6a464ad8cc25455c0af84d4f892bf00f2fd1a5cbfcfaf01ad20108627871abcd1cc0e97f1a00ceaa5419f60e5dbcdd6d4582af0e8b6101a865699ac96443620b6ed8fd4bf35d4aead54c63ee016ee5458a6467f61a3c2ab134dc5b0752e6bea3e6de432a54eec0167483d1ce4a2e3e83af5e6eafde8bfde06963a76881f1262f0d83a8934f091c1093734227c552e058613a3b686ee53621467e7db156ec9d8175637914de9769de09d97c16ddd9852e162b3368281857096d1d18968ab1ef1882d3cae4eedebdb88ed40456fc1e7d679d3d980570dd751efb583a4028a4ae5d14b7dfe08b1ad3b04bc9152c7afec92b0fd08f8c62b33b25663750cfd48d6aa2e2017f0a1d3001a559358d0d7e1d876e4a201b2c23418663f5b60c0d9ffd8bd126452ac4adcfc8c65fd59aec04de2c2997725b7a6c25d7056c75039c41d645357b8af4eba7c4486478934bf8aee95192f858dda1ca6ed62e93bf333f5b0526b3c2b87e9cb122921d9f618b55ab55ac26ff718119f03c1850fbae9759d21e8899b364a8cbd5a7d72e30fb04dc7e30754090085eef39b6516ff6835b101d54c09dc84d25b9129851ca414855916dee0112dd2c9833585bda2d888f66873dc681827688f40985c7d92512094b720087b130029e9c4180ac6cbcc9becf3d75773ee176a2f22d3c3357d49f839fa83e5437a28366ca412ecae71c7ac9de0917d32c2e3198e4fbe2d4ff993536d3d26f1f266ed5a3444d60031b889f697e9bdaf1bbb0644efffd32ade826f9da4b873a249599cfc91b84f7025c96e1eb8b64ce9f94a16a542c805782676892bdc7c897b823ac99217df9f73dc0dbe96f279029fb67bbe94321a9d70fbae116e0fecc5b5b04569578847b87b14d641e97c3f3d74722c8f7e8e09b2abee67c6af1bce506af7bce2c6273243ce7404c87dbc4792fd03be4199d54524c849136bc6a616c7ef2aa5b0230334ff53d5996969c5fb8782c91f7f11046ed1218625ea15a4db0a57c5a20e0d538d29573b83288c961cd7336b6bec3bb21eb4a9ccd00300be6949065cfa01ba21b51026264ae530d44e694cbd5bd15fc8ba8e89898f0e5f6d0bbd2acf1424974f10d1449ee5ca64ddd5e944e37a942a088231c1dbb9a5ca3c07aba585948fdfc5470cab7bcd38f242a642bd881aa419fb9a6afcab298600717f65387baa481f9d08f3", "daff37d979a926b05ae1eea1f86a8e32a01767ca00"}, 0x0, 0x0, 0x2}) pipe2(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) write(r1, &(0x7f0000000d80)="827cdd78c443b24d44c586d37951c430bbbd631fe2719ca007eb084b3af7d021402a5b37356394be4f27df09410322143e8288b5820d044a7ee2fdda201404678a5ec1a2e52dc00ee8ad4bb1946ea0be61189f752845eeb89cb982bf7491277d7d0a3a93b9964da0e3dc8c3f9876b81b1ed3042d2de02305a4346a8e0ab245748277cdf2e0127c4412b319fe0007ac841303a862159e0998d4ca6d9cee94751f1a7885b4f59c948ea786cb90139c3acfc204671d18ca81d2a86fccc8f4141cdfeb61f399c2d5047f11a7f7ffd07d7315cc5599882fe80b58ce2835794e2fa744917b9104114b33fcffff7fc48d60841c64703ccb4ef8b5945308d39679661dc7742bc4fc855aec385f48c22e370cc3375c0149e4a70f2440a07c05e9d87fb12c865b2a64a811bfedbf86666c58f71ee8fcfc6b629b75fd890b93f5cd67d19c67d32e60a5cdf01fe1c8ed71960e780d385e59f5454e15fd4bfc000000c7c85e605adef08c9df5ebb66239e79b71b8d7d027a01e48d0a4c0f8a48e5ab6789254312772", 0xff86) accept4$inet(r1, &(0x7f0000000080)={0x10, 0x2, 0xffffffffffffffff, @loopback}, &(0x7f00000000c0)=0x10, 0x30000000) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000003740)=""/4090, 0xffa}, {0x0}, {0x0}, {0x0}], 0x4, 0x0}, 0x40002) r3 = dup(r2) dup(r3) getpeername(r3, &(0x7f0000000140)=@in={0x10, 0x2, 0xffffffffffffffff, @loopback}, &(0x7f0000000180)=0x10) ioctl$DIOCADDRULE(r0, 0xcbe04404, &(0x7f0000000100)) accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000240)=0x2b, 0x18000000) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r4, &(0x7f00000001c0)={0x0, 0xc, &(0x7f00000004c0)=[{&(0x7f0000001f40)=""/4081, 0xffa}, {0x0}, {0x0, 0xffffffffffffff8c}, {0x0}], 0x4, 0x0, 0x7}, 0xc0) r5 = dup(r4) r6 = dup(r5) shutdown(r6, 0x0) r7 = dup2(r2, r6) connectat$unix(0xffffffffffffff9c, r7, &(0x7f0000000100)=ANY=[@ANYRES16=0x0, @ANYRESDEC=0x0], 0x2) pipe2(&(0x7f0000000000), 0x100000) 00:00:24 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="0300f18a2ebf6c7c4d0534483696e7336db1677f33c8a30efa120365f7ae730b77ded3b2b8e3995a03b23820d7717bf27528c83adf93e3aa411599b93e52bd5436a2b139a138020000001ed4b0b691b3ad83ca4996f612d2ab3192a9cd9ef3e9e3b746f31e345abd68edc2e4735e0ff48fbfb14523789d6497cff4b235cddaf31a691d2d46d5d4a704f5dc3e3f2a99317ba366e727f545b3d5aa1a785b93938dc7132877cac13a29ff090fdbea4f8348857fd6b8dbb15e4b9c9b303c462c65a1b012e94e40129b8f1e4a386bb8"], 0xa) 00:00:24 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pf\x00', 0x1, 0x0) ioctl$DIOCRADDTABLES(0xffffffffffffffff, 0xc450443d, &(0x7f0000000500)={{"a337d42b3aa759d0b26f8a80d5862d8d61dafb0de089c3e697a0cff40fa1bb876abcd9dff113ffb291e7b20640f15b49536b28a5f8088377dfe2b8304264212714e3fcc48ca8e14e3eb683d651689047c66723c5e1fd09c71af4aa90422c132ce55e5db76ea10391ecd739e3905f4dfe2167a96a095e4857b2c94980dfe92c66a22648cce2b9ba5d9e29ab68540bcba24ed1641919d4152b4fb664d5763a5f2f51b860c8384f69454214c8e6a464ad8cc25455c0af84d4f892bf00f2fd1a5cbfcfaf01ad20108627871abcd1cc0e97f1a00ceaa5419f60e5dbcdd6d4582af0e8b6101a865699ac96443620b6ed8f497635d4aead54c63ee016ee5458a6467f61a3c2ab134dc5b0752e6bea3e6de432a54eec0167483d1ce4a2e3e83af5e6eafde8bfde06963a76881f1262f0d83a8934f091c1093734227c552e058613a3b686ee53621467e7db156ec9da175637914de9769de09d97c16ddd9852e162b3368281857096d1d18968ab1ef1882d3cae4eedebdb88ed40456fc1e7d679d3d980570dd751efb583a4028a4ae5d14b7dfe08b1ad3b04bc9152c7afec92b0fd08f8c62b33b25663750cfd48d6aa2e2017f0a1d3001a559358d0d7e1d876e4a201b2c23418663f5b60c0d9ffd8bd126452ac4adcfc8c65fd59aec04de2c2997725b7a6c25d7056c75039c41d645357b8af4eba7c4486478934bf8aee95192f858dda1ca6ed62e93bf333f5b0526b3c2b87e9cb122921d9f618b55ab55ac26ff718119f03c1850fbae9759d21e8899b364a8cbd5a7d72e30fb04dc7e30754090085eef39b6516ff6835b101d54c09dc84d25b9129851ca414855916dee0112dd2c9833585bda2d888f66873dc681827688f40985c7d92512094b720087b130029e9c4180ac6cbcc9becf3d75773ee176a2f22d3c3357d49f839fa83e5437a28366ca412ecae71c7ac9de0917d32c2e3198e4fbe2d4ff993536d3d26f1f266ed5a3444d60031b889f697e9bdaf1bbb0644efffd32ade826f9da4b857a249599cfc91b84f7025c96e1eb8b64ce9f94a16a542c805782676892bdc7c897b823ac99217df9f73dc0dbe96f279029fb67bbe94321a9d70fbae116e0fecc5b5b04569578847b87b14d641e97c3f3d74722c8f7e8e09b2abee67c6af1bce506af7bce2c6273243ce7404c87dbc4792fd03be4199d54524c849136bc6a616c7ef2aa5b0230334ff53d5996969c5fb8782c91f7f11046ed1218625ea15a4db0a57c5a20e0d538d29573b83288c961cd7336b6bec3bb21eb4a9ccd00300be6949065cfa01ba21b51026264ae530d44e694cbd5bd15fc8ba8e89898f0e5f6d0bbd2acf1424974f10d1449ee5ca64ddd5e944e37a942a088231c1dbb9a5ca3c07aba585948fdfc5470cab7bcd38f242a642bd881aa419fb9a6afcab298600717f65387baa481f9d08f3", "daff37d979a926b05ae1eea1f86a8e32a01767ca00"}, 0x0, 0x800000000000000, 0x2, 0x0, 0x0, 0xfffffffffffffffc}) r1 = accept4$unix(0xffffffffffffff9c, 0x0, &(0x7f0000000000), 0x20000000) fsync(r1) ioctl$DIOCADDRULE(r0, 0xcbe04404, &(0x7f0000000100)) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write(r2, &(0x7f0000000180)="827cdd78c443b24d44c586d37951c430bbbd631fe2719ca007eb084b3af7d021402a5b37356394be4f27df09410322143e8288b5820d044a7ee2fdda20140467835ec1a2e52dc00ee8ad4bb1946ea0be61189f752845eeb89cb982bf7491277d7d0a3a93b9964da0e3dc8c3f9876b81b1ed3042d2de02305a4346a8e0ab245748277cdf2e0127c4412b319fe0007ac841303a862159e0998d4ca6d9cee94751f1a7885b4f59c948ea786cb90139c3acfc204671d18ca81d2a86fccc8f4141cdfeb61f399c2d5047f11a7f7ffd07d7315cc5599882fe80b58ce2835794e2fa744917b9104114b33fcffff7fc48d60841c64703ccb4ef8b5945308d39679661dc7742bc4fc855aec385f48c22e370cc3375c0149e4a70f2440a07c05e9d87fb12c865b2a64a811bfedbf86666c58f71ee8fcfc6b629b75fd890b93f5cd67d19c67d32e60a5cdf01fe1c8ed710000000000005233454e15fd4bfc000000c7c85e605adef08c9df5ebb66239e79b71b8d7d027a01e48d0a4c0f8a48e5ab67896543127728a8e6da93e9adfcb38b88255e7975a4911de4358caff4b05f61b5b5d4316891a3971db0fc97714c88eced5dfac81c0e759cfe192073a47c821992cc96c091ce1c0a06ba5f56cc93465e1c6a4a785da65270fe5ba8daf8acabca0f704bd90348f237ae5952bf6d492421ded5c6d918ee312a408d3992503477f5e87b2f2327b86b9220ac2c2db49d5f5dd427ae9f4799e0309b8c6af76f611fbb121ada59c848dac91892221439a6980e5cafe6416b26df9273c0d101d", 0x238) ioctl$DIOCRADDTABLES(r2, 0xc450443d, &(0x7f0000000980)={{"20fe7764be75bb5fc310e3b46d32579c4034c27eb3ecd85acddd3a01439caab74b448400574c179b33bd0f3f78dd7e6e4aa76bbb063339eca940852985a3a0d92530657285532cb93bcc07ceff3a4fe99693a58bf28995dba315ca839d45220f41fafe5af2eb82aa76f6eff5305bd18ce81622b784290eeee7b4016435d6850cd404d4cd17b6a9587c6cf5137fa4b278047f949bf8902f941061f7a0e04740a8cfaa119d03907aee2583a55d66ab88e02893f1d1cc32283c7ac9133cf82f9b775d6a423ee7611f62ef76e1bae1ee1751526088052a6d88d6cdd0168621059891ba555ff903b6e586ac03ab18baa98de69f35d4d28e711aba305f2ca8692c84e88a2ccb5e13f9b3c03390d5e480238795320ba15c0c18e96ce6037be2609bea3ae0aa60ad45b15d5c9e1a82daca5f924ac7e9d49904397914e29015e11efb7be1fc7540eaa1581cb689ce00592eaa40d788aefec2336be05874e751ca853e9941a1cd1c05f946da59c4c28791798aec75d53bb66403dc16a7cae155bde22906aeb1377fadeef82eb4cde49574b4278f6a72e225c3492b9f35dc440de0c5089397397c30b1800ef961e8ea122e40d8cbbd9da234cdd537c30796fc178a9e561db6c8493f240564977bb7e9a52c6e968e349d3de68cb0049390726c61a069c783d5868a48205080cc03ae5f793c9eea334c1a99ba0f84012895dfaebde736ba71cc713860042b4cb25241dbc76378e55fbfacb8294e04b2cee92fc82a04e4e4281190ebbcf1c90f924dad4e0b615718e90e2b96853d21984ce7dfeaa684d1d38ce52e477a7aaf675e6dc262af00a25909f200796f7ffa1adc977651ee522d31cb60d5ff12bc38efcaa469589cbffcdddbd976644bcff1d2a0a836ffc3ca2d244237ba5a3b0db11a774a64da20cd9a619850551df385e028e5d7f4530d1b175501b59ad854ab1676e5da01e3120d1a15f12a2bde07223a15e99d76b26db07362e70db79bfc27b958e13afd85f148e570e305cdea00c34e14537e2fb94edb02f3a36239720afd435a5d0ffd6780e0441b4087551a2540b17f15dc65a5ff5983df9203f62b37bda0feef4d19840b2492bf9a9a5f62092d3754892c1b5418c093145cbd2aeff610af2314bd5f11820bf3fb367b7219f1e65f51e5601ec4d52d66efaaa3638b8f89f3071ff9eb8b03602e5eb92b1a021909ebc9228eccef0a192c2741931ecbd78378aeda10274b366f76b5c6fe6c775c1ed5225bb1a7e43afd5ae718bc84d61190814f2e3ec2b9d98e2ac06f09218ff33f472a2f5adb7abb3fc9164394c6950795ddfdde6fa5f4ac3cc5572c8964999a8816f7cf5ac253ad984cb35792f748e40168156eae5ffd43e73a5fd8bc486dffff03cfffac1b5343d471ec1e943d4c98efbc7dc82163c42d0202925e16455f355429e28f39530a4845e9d8b379", "a64eaae0fdc677d33f314f9c2fa52bf90cf463058649300eaa7aaf7562e39f87", 0x80000000, 0x1}, &(0x7f0000000080)="fa107ca71543b4872ac0b1ecd376d0bc06ba3a42662b5494bf970073179a3bc53c1e9b138a1c9dfea8a972391ba02b2b637b0745559e1c636a945383fe8ce6ee4c471adc3647970ad852501a539ec757ea2869252e676f0900b245911543f5445209143328ce360e29683eab62b6a59d519c09a2a6a598f1bc8b7a5e98d209430d361401afba9455c09446da6d91b702897656d378e19b38b25f12aa76278dcdf64217d5d408bda5ad23c8710b7d979216837bb01a7b1a63863b20de36093c74b131d17917a255bd7471e044570348f8ee990a4cca0ebd911d6618625ada02df580ba807bb384757af342746a2195c54cba152b264d69d030c", 0x2, 0x8, 0xde, 0x8, 0x5, 0x4, 0x615f7bdd, 0x3}) [ thread pid 1625 tid 100529 ] Stopped at kdb_enter+0x67: movq $0,0x14a96a6(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0xfffffe002de00000 rdx 0x3ffff rbx 0 rsp 0xfffffe0025b490f0 rbp 0xfffffe0025b49110 rsi 0x40001 rdi 0xffffffff810b8f46 vprintf+0x176 r8 0 r9 0xffffffff r10 0 r11 0xfffffe0025c56100 r12 0xffffffff82068ea0 ddb_dbbe r13 0 r14 0xffffffff8194403f r15 0xffffffff8194403f rip 0xffffffff810ae1c7 kdb_enter+0x67 rflags 0x86 ll+0x65 kdb_enter+0x67: movq $0,0x14a96a6(%rip) db> show proc Process 1625 (syz-executor.3) at 0xfffff80013f2a520: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 891 at 0xfffff80003cafa40 ABI: FreeBSD ELF64 arguments: /root/syz-executor.3 reaper: 0xfffff80003304000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00258633d0 (map 0xfffffe00258633d0) (map.pmap 0xfffffe0025863490) (pmap 0xfffffe00258634f0) threads: 2 100727 RunQ syz-executor.3 100529 Run CPU 0 syz-executor.3 db> ps pid ppid pgrp uid state wmesg wchan cmd 1626 776 776 0 R syz-executor.2 1625 891 891 0 R (threaded) syz-executor.3 100727 RunQ syz-executor.3 100529 Run CPU 0 syz-executor.3 1624 1356 1356 0 R (threaded) syz-executor.0 100464 Run CPU 1 syz-executor.0 100530 RunQ syz-executor.0 1623 1173 1173 0 R (threaded) syz-executor.1 100232 RunQ syz-executor.1 100525 S uwait 0xfffff8001390b980 syz-executor.1 100528 S uwait 0xfffff80013909280 syz-executor.1 1356 768 1356 0 Ss nanslp 0xffffffff8252c1e1 syz-executor.0 1352 1346 1352 0 Ss select 0xfffff8000380b1c0 dhclient 1349 1 1349 0 Ss select 0xfffff8001390ac40 dhclient 1346 1338 424 65 S select 0xfffff8000380ce40 dhclient 1338 424 424 0 S wait 0xfffff800134b9520 sh 1173 768 1173 0 Ss nanslp 0xffffffff8252c1e0 syz-executor.1 891 768 891 0 Ss nanslp 0xffffffff8252c1e0 syz-executor.3 776 768 776 0 Rs syz-executor.2 768 766 766 0 S (threaded) syz-fuzzer 100113 S uwait 0xfffff80003a34700 syz-fuzzer 100115 S uwait 0xfffff80003a34900 syz-fuzzer 100116 S kqread 0xfffff80003a38200 syz-fuzzer 100117 S uwait 0xfffff80003a34b00 syz-fuzzer 100118 S uwait 0xfffff8000380db80 syz-fuzzer 100119 S uwait 0xfffff8000380eb80 syz-fuzzer 100120 S uwait 0xfffff8000380e100 syz-fuzzer 100121 S uwait 0xfffff8000380dc80 syz-fuzzer 100122 S uwait 0xfffff8000380dd80 syz-fuzzer 100124 S uwait 0xfffff80003a34000 syz-fuzzer 100125 S uwait 0xfffff80003a34100 syz-fuzzer 766 764 766 0 Ss pause 0xfffff800134ee0a8 csh 764 682 764 0 Ss select 0xfffff8000380e9c0 sshd 748 1 748 0 Ss+ ttyin 0xfffff80003805cb0 getty 747 1 747 0 Ss+ ttyin 0xfffff80003b068b0 getty 746 1 746 0 Ss+ ttyin 0xfffff80003b06cb0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003b050b0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003b054b0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003b058b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003b05cb0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003b080b0 getty 740 1 740 0 Ss+ ttyin 0xfffff80003b084b0 getty 686 1 686 0 Ss nanslp 0xffffffff8252c1e1 cron 682 1 682 0 Ss select 0xfffff80003a33040 sshd 495 1 495 0 Ss select 0xfffff80003a33dc0 syslogd 424 1 424 0 Ss wait 0xfffff80003ccb520 devd 423 1 423 65 Ss select 0xfffff80003a330c0 dhclient 338 1 338 0 Ss select 0xfffff8000380b240 dhclient 335 1 335 0 Ss select 0xfffff80003a33b40 dhclient 23 0 0 0 DL syncer 0xffffffff82618118 [syncer] 22 0 0 0 DL vlruwt 0xfffff800033c6a40 [vnlru] 21 0 0 0 DL (threaded) [bufdaemon] 100069 D qsleep 0xffffffff82617438 [bufdaemon] 100076 D - 0xffffffff8200aa00 [bufspacedaemon-0] 100086 D sdflush 0xfffff80003806ce8 [/ worker] 20 0 0 0 DL psleep 0xffffffff8263e308 [vmdaemon] 19 0 0 0 DL (threaded) [pagedaemon] 100067 D psleep 0xffffffff826328d8 [dom0] 100074 D launds 0xffffffff826328e4 [laundry: dom0] 100075 D umarcl 0xffffffff81545a10 [uma] 18 0 0 0 DL - 0xffffffff8235fe20 [rand_harvestq] 17 0 0 0 DL pftm 0xffffffff82b533a0 [pf purge] 16 0 0 0 DL waiting 0xffffffff8261a890 [sctp_iterator] 15 0 0 0 DL - 0xffffffff82616a2c [soaiod4] 9 0 0 0 DL - 0xffffffff82616a2c [soaiod3] 8 0 0 0 DL - 0xffffffff82616a2c [soaiod2] 7 0 0 0 DL - 0xffffffff82616a2c [soaiod1] 6 0 0 0 DL (threaded) [cam] 100033 D - 0xffffffff82237b40 [doneq0] 100066 D - 0xffffffff82237a10 [scanner] 5 0 0 0 DL crypto_ 0xfffff80003202d90 [crypto returns 1] 4 0 0 0 DL crypto_ 0xfffff80003202d30 [crypto returns 0] 3 0 0 0 DL crypto_ 0xffffffff826300c0 [crypto] 14 0 0 0 DL seqstat 0xfffff80003351488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100024 D - 0xffffffff8250b180 [g_event] 100025 D - 0xffffffff8250b188 [g_up] 100026 D - 0xffffffff8250b190 [g_down] 2 0 0 0 DL (threaded) [KTLS] 100017 D - 0xfffff800032fac80 [thr_0] 100018 D - 0xfffff800032facc0 [thr_1] 12 0 0 0 WL (threaded) [intr] 100010 I [swi6: Giant taskq] 100013 I [swi5: fast taskq] 100016 I [swi6: task queue] 100019 I [swi3: vm] 100020 I [swi4: clock (0)] 100021 I [swi4: clock (1)] 100022 I [swi1: netisr 0] 100034 I [irq24: virtio_pci0] 100035 I [irq25: virtio_pci0] 100036 I [irq26: virtio_pci0] 100037 I [irq27: virtio_pci0] 100038 I [irq28: virtio_pci1] 100039 I [irq29: virtio_pci1] 100040 I [irq30: virtio_pci1] 100041 I [irq31: virtio_pci1] 100042 I [irq32: virtio_pci1] 100047 I [irq10: virtio_pci2] 100049 I [irq1: atkbd0] 100050 I [irq12: psm0] 100051 I [swi0: uart uart++] 100060 I [swi1: pf send] 100072 I [swi1: hpts] 100073 I [swi1: hpts] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff80003304000 [init] 10 0 0 0 DL audit_w 0xffffffff82630598 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff8250b710 [swapper] 100005 D - 0xfffff80003325000 [if_config_tqg_0] 100006 D - 0xfffff80003326e00 [softirq_0] 100007 D - 0xfffff80003326d00 [softirq_1] 100008 D - 0xfffff80003326c00 [if_io_tqg_0] 100009 D - 0xfffff80003326b00 [if_io_tqg_1] 100011 D - 0xfffff80003333600 [in6m_free taskq] 100012 D - 0xfffff80003333500 [thread taskq] 100014 D - 0xfffff80003333200 [kqueue_ctx taskq] 100015 D - 0xfffff80003333100 [aiod_kick taskq] 100023 D - 0xfffff80003334800 [firmware taskq] 100028 D - 0xfffff80003331c00 [crypto_0] 100029 D - 0xfffff80003331c00 [crypto_1] 100043 D - 0xfffff80003562c00 [vtnet0 rxq 0] 100044 D - 0xfffff80003562b00 [vtnet0 txq 0] 100045 D - 0xfffff80003562a00 [vtnet0 rxq 1] 100046 D - 0xfffff80003562900 [vtnet0 txq 1] 100048 D vtbslp 0xfffff80003522680 [virtio_balloon] 100052 D - 0xfffff80003335700 [mca taskq] 100057 D - 0xffffffff81ce7760 [deadlkres] 100062 D - 0xfffff80003331800 [acpi_task_0] 100063 D - 0xfffff80003331800 [acpi_task_1] 100064 D - 0xfffff80003331800 [acpi_task_2] 100065 D - 0xfffff80003331500 [CAM taskq] db> show all locks Process 1625 (syz-executor.3) thread 0xfffffe0025c55c00 (100529) exclusive rm pf rulesets (pf rulesets) r = 0 (0xffffffff82ba5290) locked @ /syzkaller/managers/main/kernel/sys/netpfil/pf/pf_ioctl.c:1585 db> show malloc Type InUse MemUse Requests pf_hash 5 11524K 5 devbuf 4213 4851K 4241 tcp_hpts 5 3201K 5 vtbuf 24 1968K 46 sysctloid 28335 1653K 28399 kobj 332 1328K 488 newblk 9 1026K 3301 vfscache 4 1025K 4 pcb 37 553K 626 inodedep 26 525K 952 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 137 261K 1709 acpica 1674 185K 52709 vnet_data 1 168K 1 filedesc 22 153K 1454 pagedep 13 131K 756 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 105 105K 122 linker 244 92K 286 bus 992 79K 3388 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 497 63K 497 umtx 342 43K 342 BPF 22 36K 30 kdtrace 178 35K 4744 temp 35 33K 2596 hostcache 1 32K 1 shm 1 32K 10 DEVFS3 124 31K 134 msg 4 30K 4 DEVFS_RULE 56 27K 56 vmem 3 26K 5 gtaskqueue 18 26K 18 ifaddr 71 24K 83 kbdmux 6 22K 6 ufs_mount 3 17K 4 lltable 45 17K 68 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ithread 98 16K 98 pf_rule 14 14K 63 ether_multi 172 14K 236 bus-sc 30 14K 1431 KTRACE 100 13K 100 pf_ifnet 42 13K 84 ifnet 7 13K 7 kenv 95 12K 99 eventhandler 132 12K 132 in6_multi 89 11K 129 pfs_nodes 20 10K 20 GEOM 60 10K 487 rman 82 10K 423 bmsafemap 3 9K 879 UART 12 9K 12 devstat 4 9K 4 rpc 2 8K 2 shmfd 1 8K 3 pfs_vncache 1 8K 1 sctp_timw 31 8K 31 audit_evclass 233 8K 291 sctp_atcl 13 7K 381 routetbl 52 7K 462 CAM DEV 3 6K 510 sctp_stro 6 6K 145 kqueue 57 6K 1633 vt 11 6K 11 plimit 21 6K 444 cred 21 6K 291 sglist 5 6K 5 CAM queue 5 6K 1528 select 38 5K 38 taskqueue 45 5K 45 ufs_dirhash 24 5K 24 DEVFSP 72 5K 132 dirrem 17 5K 751 memdesc 1 4K 1 MCA 32 4K 32 UMA 249 4K 249 ioctlops 1 4K 389 evdev 4 4K 4 kcovinfo 64 4K 119 hhook 13 4K 13 session 25 4K 44 pgrp 25 4K 44 acpisem 22 3K 22 terminal 11 3K 11 proc-args 44 3K 641 lockf 22 3K 145 uidinfo 3 3K 14 freefile 17 3K 747 sctp_ifa 17 3K 26 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 ip6ndp 12 2K 27 Unitno 28 2K 843 CAM XPT 22 2K 543 in_multi 6 2K 10 acpidev 20 2K 20 msi 9 2K 9 tun 7 2K 7 freework 5 2K 1036 softdep 1 1K 1 newdirblk 8 1K 700 mkdir 8 1K 1400 freeblks 4 1K 752 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 clone 8 1K 8 vnodemarker 2 1K 170 NFSD session 1 1K 1 CAM periph 4 1K 271 sctp_atky 19 1K 526 mld 6 1K 6 sctp_ifn 6 1K 9 igmp 6 1K 6 nhops 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 crypto 3 1K 3 diradd 4 1K 797 pfil 4 1K 4 chacha20random 1 1K 1 CAM SIM 2 1K 2 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 osd 3 1K 9 inpcbpolicy 9 1K 1106 vnodes 1 1K 4 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 sctp_athm 13 1K 381 tcpfunc 3 1K 3 sctp_map 12 1K 290 loginclass 3 1K 6 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 apmdev 1 1K 1 atkbddev 2 1K 2 CAM path 4 1K 1034 ktls 1 1K 1 pmchooks 1 1K 1 prison 4 1K 4 soname 4 1K 6133 nexusdev 5 1K 5 entropy 2 1K 42 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 filecaps 2 1K 100 p1003.1b 1 1K 1 pf_table 0 0K 96 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_temp 0 0K 0 ath_hal 0 0K 0 madt_table 0 0K 2 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 nvme_da 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 fpukern_ctx 0 0K 0 mixer 0 0K 0 xen_intr 0 0K 0 ac97 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 hdaa 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 SIIS driver 0 0K 0 vm_fictitious 0 0K 0 CAM CCB 0 0K 8404 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 UMAHash 0 0K 0 ag_tgt_map_t malloc 0 0K 0 ag_slr_map_t malloc 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 412 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 84 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freefrag 0 0K 12 allocindir 0 0K 0 indirdep 0 0K 387 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 8 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 lDevFlags * malloc 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 164 sctp_iter 0 0K 19 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 19 sctp_aadr 0 0K 0 sctp_stri 0 0K 0 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 2 tiDeviceHandle_t * malloc 0 0K 0 statfs 0 0K 870 export_host 0 0K 0 cl_savebuf 0 0K 4 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 CAM ccb queue 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 mps_user 0 0K 0 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 MPSSAS 0 0K 0 mbuf_tag 0 0K 211 accf 0 0K 0 pts 0 0K 0 iov 0 0K 15295 Witness 0 0K 0 stack 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 mpr 0 0K 0 mfibuf 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 619 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 sendfile 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 pwd 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 NFS FHA 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 db> show ktr No such command; use "help" to list available commands