Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. 2020/04/26 03:59:56 fuzzer started 2020/04/26 03:59:56 dialing manager at 10.128.0.248:27150 2020/04/26 03:59:56 syscalls: 522 2020/04/26 03:59:56 code coverage: enabled 2020/04/26 03:59:56 comparison tracing: enabled 2020/04/26 03:59:56 extra coverage: support is not implemented in syzkaller 2020/04/26 03:59:56 setuid sandbox: support is not implemented in syzkaller 2020/04/26 03:59:56 namespace sandbox: support is not implemented in syzkaller 2020/04/26 03:59:56 Android sandbox: support is not implemented in syzkaller 2020/04/26 03:59:56 fault injection: support is not implemented in syzkaller 2020/04/26 03:59:56 leak checking: support is not implemented in syzkaller 2020/04/26 03:59:56 net packet injection: enabled 2020/04/26 03:59:56 net device setup: support is not implemented in syzkaller 2020/04/26 03:59:56 concurrency sanitizer: support is not implemented in syzkaller 2020/04/26 03:59:56 devlink PCI setup: support is not implemented in syzkaller 2020/04/26 03:59:56 USB emulation: support is not implemented in syzkaller 04:00:37 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in={0x10, 0x2, 0x3, @local={0xac, 0x14, 0x0}}, 0x10) setsockopt$inet6_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000001c0)={@in={{0x10, 0x2, 0x3}}, 0x0, 0x3d83}, 0xa0) 04:00:38 executing program 1: dup(0xffffffffffffffff) shutdown(0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/141, 0x8d}], 0x1, 0x0}, 0x0) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x2769, 0x0, 0x0, 0x800e00506) shutdown(r1, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) write(r3, &(0x7f0000003480)="dc11e430022fdc779f9b4d24bdd8fd586c6875b53dfa7d488f7f576b76d6631752d1dc6d62858c480074266f6c7ce209a81eeda7ced9e2a609d67edbdb33807baa39862cefecd836f1c56da1366b394b2b34d223344b07c7dcbf0ffacf3e9b52a5c868685a4657dbc694485e7c6bf6bfd719a78ab7475459ab4d48f65f700df04272ef99bc5c0d17ab6d9b158510ea84e436b3dea76caf9cffb0b6ff741e7df23989486491fe6ae2a187449f3e2007d939893806c20f2d24cbc9d1c54e9cba6110f23e2d6827889b4e827cf48558ac6d77d46c4c94a0e201249eb462258e9950d571044ee6", 0xff8b) shutdown(r2, 0x0) 04:00:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pf\x00', 0x2, 0x0) socket$inet6_sctp(0x1c, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$DIOCCHANGERULE(r0, 0xcbe0441a, &(0x7f0000000000)) 04:00:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000300)=""/123, 0x7b}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0xf, 0x0}, 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x8164, 0x0, 0x0, 0x800e0057d) shutdown(r0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r2, 0x0) accept4$inet(r2, 0x0, 0x0, 0x0) shutdown(r1, 0x0) 04:00:38 executing program 2: r0 = open(&(0x7f0000000480)='./file0\x00', 0x80400000000206, 0x0) ftruncate(r0, 0x7e2780e0) mlockall(0x2) mmap(&(0x7f0000e00000/0x200000)=nil, 0x200000, 0x0, 0x12, r0, 0x0) socket(0x0, 0x1, 0x0) setsockopt$inet_tcp_TCP_FUNCTION_BLK(0xffffffffffffffff, 0x6, 0x2000, &(0x7f0000000080)={'bbr\x00'}, 0x24) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x20011, r0, 0x0) socket(0x0, 0x1, 0x0) chflags(&(0x7f0000000000)='./file0\x00', 0x40284) write(0xffffffffffffffff, 0x0, 0x0) msync(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) 04:00:38 executing program 2: r0 = open(&(0x7f0000000480)='./file0\x00', 0x80400000000206, 0x0) ftruncate(r0, 0x7e2780e0) mlockall(0x2) mmap(&(0x7f0000e00000/0x200000)=nil, 0x200000, 0x0, 0x12, r0, 0x0) socket(0x0, 0x1, 0x0) setsockopt$inet_tcp_TCP_FUNCTION_BLK(0xffffffffffffffff, 0x6, 0x2000, &(0x7f0000000080)={'bbr\x00'}, 0x24) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x20011, r0, 0x0) socket(0x0, 0x1, 0x0) chflags(&(0x7f0000000000)='./file0\x00', 0x40284) write(0xffffffffffffffff, 0x0, 0x0) msync(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) 04:00:38 executing program 2: r0 = open(&(0x7f0000000480)='./file0\x00', 0x80400000000206, 0x0) ftruncate(r0, 0x7e2780e0) mlockall(0x2) mmap(&(0x7f0000e00000/0x200000)=nil, 0x200000, 0x0, 0x12, r0, 0x0) socket(0x0, 0x1, 0x0) setsockopt$inet_tcp_TCP_FUNCTION_BLK(0xffffffffffffffff, 0x6, 0x2000, &(0x7f0000000080)={'bbr\x00'}, 0x24) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x20011, r0, 0x0) socket(0x0, 0x1, 0x0) chflags(&(0x7f0000000000)='./file0\x00', 0x40284) write(0xffffffffffffffff, 0x0, 0x0) msync(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) login: vnode_pager_putpages: zero-length write at 1966080 resid 131072 0xfffff8003b57a988: type VREG usecount 2, writecount 2, refcount 69 flags (VMP_LAZYLIST) v_object 0xfffff8003bc6b528 ref 3 pages 536 cleanbuf 65 dirtybuf 2 lock type ufs: EXCL by thread 0xfffffe00257b4500 (pid 821, syz-executor.2, tid 100127) nlink=1, effnlink=1, size=2116518112, extsize 0 generation=4c37159, uid=0, gid=0, flags=0x40284 ino 197717, on dev gpt/rootfs if_delmulti_locked: detaching ifnet instance 0xfffff80003a85800 if_delmulti_locked: detaching ifnet instance 0xfffff80003a85800 if_delmulti_locked: detaching ifnet instance 0xfffff80003a85800 04:00:38 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in={0x10, 0x2, 0x3, @local={0xac, 0x14, 0x0}}, 0x10) setsockopt$inet6_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000001c0)={@in={{0x10, 0x2, 0x3}}, 0x0, 0x3d83}, 0xa0) 04:00:39 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in={0x10, 0x2, 0x3, @local={0xac, 0x14, 0x0}}, 0x10) setsockopt$inet6_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000001c0)={@in={{0x10, 0x2, 0x3}}, 0x0, 0x3d83}, 0xa0) 04:00:39 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in={0x10, 0x2, 0x3, @local={0xac, 0x14, 0x0}}, 0x10) setsockopt$inet6_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000001c0)={@in={{0x10, 0x2, 0x3}}, 0x0, 0x3d83}, 0xa0) 04:00:39 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in={0x10, 0x2, 0x3, @local={0xac, 0x14, 0x0}}, 0x10) setsockopt$inet6_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000001c0)={@in={{0x10, 0x2, 0x3}}, 0x0, 0x3d83}, 0xa0) 04:00:39 executing program 1: dup(0xffffffffffffffff) shutdown(0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/141, 0x8d}], 0x1, 0x0}, 0x0) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x2769, 0x0, 0x0, 0x800e00506) shutdown(r1, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) write(r3, &(0x7f0000003480)="dc11e430022fdc779f9b4d24bdd8fd586c6875b53dfa7d488f7f576b76d6631752d1dc6d62858c480074266f6c7ce209a81eeda7ced9e2a609d67edbdb33807baa39862cefecd836f1c56da1366b394b2b34d223344b07c7dcbf0ffacf3e9b52a5c868685a4657dbc694485e7c6bf6bfd719a78ab7475459ab4d48f65f700df04272ef99bc5c0d17ab6d9b158510ea84e436b3dea76caf9cffb0b6ff741e7df23989486491fe6ae2a187449f3e2007d939893806c20f2d24cbc9d1c54e9cba6110f23e2d6827889b4e827cf48558ac6d77d46c4c94a0e201249eb462258e9950d571044ee6", 0xff8b) shutdown(r2, 0x0) 04:00:39 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in={0x10, 0x2, 0x3, @local={0xac, 0x14, 0x0}}, 0x10) setsockopt$inet6_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000001c0)={@in={{0x10, 0x2, 0x3}}, 0x0, 0x3d83}, 0xa0) Fatal trap 9: general protection fault while in kernel mode cpuid = 1; apic id = 01 instruction pointer = 0x20:0xffffffff812264fc if_delmulti_locked: detaching ifnet instance 0xfffff80003a85800 if_delmulti_locked: detaching ifnet instance 0xfffff80003a85800 if_delmulti_locked: detaching ifnet instance 0xfffff80003a85800 if_delmulti_locked: detaching ifnet instance 0xfffff80003a85800 stack pointer = 0x28:0xfffffe00258a4670 frame pointer = 0x28:0xfffffe00258a46a0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 879 (syz-executor.0) trap number = 9 panic: general protection fault cpuid = 1 time = 1587873639 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00258a4340 vpanic() at vpanic+0x1c7/frame 0xfffffe00258a43a0 panic() at panic+0x43/frame 0xfffffe00258a4400 trap_fatal() at trap_fatal+0x4ca/frame 0xfffffe00258a4480 trap() at trap+0xda/frame 0xfffffe00258a45a0 calltrap() at calltrap+0x8/frame 0xfffffe00258a45a0 --- trap 0x9, rip = 0xffffffff812264fc, rsp = 0xfffffe00258a4670, rbp = 0xfffffe00258a46a0 --- nhop_free() at nhop_free+0x1c/frame 0xfffffe00258a46a0 sctp_free_assoc() at sctp_free_assoc+0x23f1/frame 0xfffffe00258a4730 sctp_inpcb_free() at sctp_inpcb_free+0x47a/frame 0xfffffe00258a47a0 sctp_close() at sctp_close+0x13c/frame 0xfffffe00258a47f0 soclose() at soclose+0x22c/frame 0xfffffe00258a4870 _fdrop() at _fdrop+0x38/frame 0xfffffe00258a48a0 closef() at closef+0x28b/frame 0xfffffe00258a4930 fdescfree_fds() at fdescfree_fds+0xb4/frame 0xfffffe00258a4980 fdescfree() at fdescfree+0x582/frame 0xfffffe00258a4a40 exit1() at exit1+0x6c5/frame 0xfffffe00258a4ab0 sys_sys_exit() at sys_sys_exit+0xd/frame 0xfffffe00258a4ac0 amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe00258a4bf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe00258a4bf0 --- syscall (1, FreeBSD ELF64, sys_sys_exit), rip = 0x44f7ca, rsp = 0x7fffffffebe8, rbp = 0 --- KDB: enter: panic [ thread pid 879 tid 100126 ] Stopped at kdb_enter+0x67: movq $0,0x14a9b06(%rip) db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0xffffffff810b8ab0 vprintf+0x140 rdx 0x1 rbx 0 rsp 0xfffffe00258a4320 rbp 0xfffffe00258a4340 rsi 0 rdi 0xffffffff810b8ae6 vprintf+0x176 r8 0 r9 0xffffffff r10 0 r11 0xfffffe00257b5110 r12 0xffffffff82068ea0 ddb_dbbe r13 0 r14 0xffffffff819430d0 r15 0xffffffff819430d0 rip 0xffffffff810add67 kdb_enter+0x67 rflags 0x82 ll+0x61 kdb_enter+0x67: movq $0,0x14a9b06(%rip) db> show proc Process 879 (syz-executor.0) at 0xfffff8003bc8fa40: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 778 at 0xfffff8003b546520 ABI: FreeBSD ELF64 arguments: /root/syz-executor.0 reaper: 0xfffff8000331a000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00257959e8 (map 0xfffffe00257959e8) (map.pmap 0xfffffe0025795aa8) (pmap 0xfffffe0025795b08) threads: 1 100126 Run CPU 1 syz-executor.0 db> ps pid ppid pgrp uid state wmesg wchan cmd 880 792 792 0 R (threaded) syz-executor.3 100121 RunQ syz-executor.3 100145 RunQ syz-executor.3 100147 S uwait 0xfffff800037e0f00 syz-executor.3 879 778 778 0 RE CPU 1 syz-executor.0 878 779 779 0 R (threaded) syz-executor.1 100141 Run CPU 0 syz-executor.1 100143 S sbwait 0xfffffe001cfcde14 syz-executor.1 100146 S sbwait 0xfffffe00239dba8c syz-executor.1 871 1 871 0 Ss select 0xfffff8003b5279c0 rtsol 870 1 870 0 Ss select 0xfffff80003c068c0 rtsol 869 1 869 0 Ss select 0xfffff80003c069c0 rtsol 866 794 424 0 S kqread 0xfffff8000320b900 rtsol 794 784 424 0 S wait 0xfffff8003b548520 sh 792 768 792 0 Rs syz-executor.3 784 424 424 0 S wait 0xfffff8003b548000 sh 779 768 779 0 Rs syz-executor.1 778 768 778 0 Rs syz-executor.0 768 766 766 0 S (threaded) syz-fuzzer 100104 S kqread 0xfffff8000320b400 syz-fuzzer 100105 S uwait 0xfffff8003b34e300 syz-fuzzer 100106 S uwait 0xfffff8003b34e400 syz-fuzzer 100107 S uwait 0xfffff8003b34e500 syz-fuzzer 100108 S uwait 0xfffff800030f4780 syz-fuzzer 100109 S uwait 0xfffff80003812780 syz-fuzzer 100110 S uwait 0xfffff80003813a00 syz-fuzzer 100111 S uwait 0xfffff80003813b00 syz-fuzzer 100113 S uwait 0xfffff8003b34cc80 syz-fuzzer 100117 S uwait 0xfffff800030f4880 syz-fuzzer 100118 S uwait 0xfffff8003b34e100 syz-fuzzer 766 764 766 0 Ss pause 0xfffff8003b5430a8 csh 764 682 764 0 Ss select 0xfffff8003b527f40 sshd 748 1 748 0 Rs+ getty 747 1 747 0 Ss+ ttyin 0xfffff80003b6d8b0 getty 746 1 746 0 Ss+ ttyin 0xfffff80003b6c0b0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003b6c8b0 getty 744 1 744 0 Ss+ ttyin 0xfffff800033b70b0 getty 743 1 743 0 Ss+ ttyin 0xfffff800033b78b0 getty 742 1 742 0 Ss+ ttyin 0xfffff800033b60b0 getty 741 1 741 0 Ss+ ttyin 0xfffff800033b68b0 getty 740 1 740 0 Ss+ ttyin 0xfffff800033b90b0 getty 738 1 24 0 S+ piperd 0xfffff80003cbf000 logger 737 736 24 0 S+ nanslp 0xffffffff8252c1f0 sleep 736 1 24 0 S+ wait 0xfffff80003d33000 sh 686 1 686 0 Ss nanslp 0xffffffff8252c1f0 cron 682 1 682 0 Ss select 0xfffff80003c06bc0 sshd 495 1 495 0 Ss select 0xfffff80003084240 syslogd 424 1 424 0 Ss wait 0xfffff80003ccd000 devd 423 1 423 65 Ss select 0xfffff80003c05040 dhclient 338 1 338 0 Ss select 0xfffff80003c050c0 dhclient 335 1 335 0 Ss select 0xfffff80003084740 dhclient 23 0 0 0 DL vlruwt 0xfffff800033e0520 [vnlru] 22 0 0 0 DL syncer 0xffffffff82618118 [syncer] 21 0 0 0 DL (threaded) [bufdaemon] 100069 D qsleep 0xffffffff82617438 [bufdaemon] 100076 D - 0xffffffff8200aa00 [bufspacedaemon-0] 100087 D sdflush 0xfffff80003c210e8 [/ worker] 20 0 0 0 DL psleep 0xffffffff8263e308 [vmdaemon] 19 0 0 0 DL (threaded) [pagedaemon] 100067 D psleep 0xffffffff826328d8 [dom0] 100074 D launds 0xffffffff826328e4 [laundry: dom0] 100075 D umarcl 0xffffffff81544e70 [uma] 18 0 0 0 DL - 0xffffffff8235fe20 [rand_harvestq] 17 0 0 0 DL pftm 0xffffffff82c353a0 [pf purge] 16 0 0 0 DL waiting 0xffffffff8261a890 [sctp_iterator] 15 0 0 0 DL - 0xffffffff82616a2c [soaiod4] 9 0 0 0 DL - 0xffffffff82616a2c [soaiod3] 8 0 0 0 DL - 0xffffffff82616a2c [soaiod2] 7 0 0 0 DL - 0xffffffff82616a2c [soaiod1] 6 0 0 0 DL (threaded) [cam] 100033 D - 0xffffffff82237b40 [doneq0] 100066 D - 0xffffffff82237a10 [scanner] 5 0 0 0 DL crypto_ 0xfffff8000320cd90 [crypto returns 1] 4 0 0 0 DL crypto_ 0xfffff8000320cd30 [crypto returns 0] 3 0 0 0 DL crypto_ 0xffffffff826300c0 [crypto] 14 0 0 0 DL seqstat 0xfffff80003363488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100024 D - 0xffffffff8250b180 [g_event] 100025 D - 0xffffffff8250b188 [g_up] 100026 D - 0xffffffff8250b190 [g_down] 2 0 0 0 DL (threaded) [KTLS] 100017 D - 0xfffff80003084a00 [thr_0] 100018 D - 0xfffff80003084a40 [thr_1] 12 0 0 0 WL (threaded) [intr] 100010 I [swi6: Giant taskq] 100013 I [swi5: fast taskq] 100016 I [swi6: task queue] 100019 I [swi3: vm] 100020 I [swi4: clock (0)] 100021 I [swi4: clock (1)] 100022 I [swi1: netisr 0] 100034 I [irq24: virtio_pci0] 100035 I [irq25: virtio_pci0] 100036 I [irq26: virtio_pci0] 100037 I [irq27: virtio_pci0] 100038 I [irq28: virtio_pci1] 100039 I [irq29: virtio_pci1] 100040 I [irq30: virtio_pci1] 100041 I [irq31: virtio_pci1] 100042 I [irq32: virtio_pci1] 100047 I [irq10: virtio_pci2] 100049 I [irq1: atkbd0] 100050 I [irq12: psm0] 100051 I [swi0: uart uart++] 100060 I [swi1: pf send] 100072 I [swi1: hpts] 100073 I [swi1: hpts] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff8000331a000 [init] 10 0 0 0 DL audit_w 0xffffffff82630598 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff8250b710 [swapper] 100005 D - 0xfffff80003338000 [if_config_tqg_0] 100006 D - 0xfffff80003339e00 [softirq_0] 100007 D - 0xfffff80003339d00 [softirq_1] 100008 D - 0xfffff80003339c00 [if_io_tqg_0] 100009 D - 0xfffff80003339b00 [if_io_tqg_1] 100011 D - 0xfffff8000333e000 [in6m_free taskq] 100012 D - 0xfffff8000333fe00 [thread taskq] 100014 D - 0xfffff8000333fc00 [kqueue_ctx taskq] 100015 D - 0xfffff8000333fb00 [aiod_kick taskq] 100023 D - 0xfffff8000333f900 [firmware taskq] 100028 D - 0xfffff8000333f800 [crypto_0] 100029 D - 0xfffff8000333f800 [crypto_1] 100043 D - 0xfffff8000333f500 [vtnet0 rxq 0] 100044 D - 0xfffff8000333f400 [vtnet0 txq 0] 100045 D - 0xfffff8000333f300 [vtnet0 rxq 1] 100046 D - 0xfffff8000333f200 [vtnet0 txq 1] 100048 D vtbslp 0xfffff800034fc580 [virtio_balloon] 100052 D - 0xfffff8000333f100 [mca taskq] 100057 D - 0xffffffff81ce6690 [deadlkres] 100062 D - 0xfffff80003b60300 [acpi_task_0] 100063 D - 0xfffff80003b60300 [acpi_task_1] 100064 D - 0xfffff80003b60300 [acpi_task_2] 100065 D - 0xfffff8000333f700 [CAM taskq] db> show all locks Process 879 (syz-executor.0) thread 0xfffffe00257b4c00 (100126) exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0025a97a90) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:3363 exclusive sleep mutex sctp-inp (inp) r = 0 (0xfffff8003be63468) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:3334 exclusive rw sctp-info (sctp-info) r = 0 (0xfffffe0004956b60) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:3332 exclusive sleep mutex sctp-create (inp_create) r = 0 (0xfffff8003be63488) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:3331 db> show malloc Type InUse MemUse Requests pf_hash 5 11524K 5 devbuf 4213 4851K 4238 tcp_hpts 5 3201K 5 vtbuf 24 1968K 46 sysctloid 28335 1653K 28399 kobj 332 1328K 488 newblk 548 1161K 610 vfscache 4 1025K 4 pcb 27 539K 99 inodedep 46 535K 104 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 131 269K 954 acpica 1674 185K 52709 vnet_data 1 168K 1 pagedep 21 133K 39 tfo_ccache 1 128K 1 filedesc 16 113K 83 sem 4 106K 4 DEVFS1 105 105K 122 linker 244 92K 277 bus 994 80K 3378 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 497 63K 497 umtx 288 36K 288 kdtrace 184 36K 1845 temp 35 33K 1852 hostcache 1 32K 1 shm 1 32K 1 DEVFS3 124 31K 134 msg 4 30K 4 DEVFS_RULE 56 27K 56 gtaskqueue 18 26K 18 vmem 3 22K 4 kbdmux 6 22K 6 ifaddr 67 22K 72 BPF 14 19K 14 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 lltable 43 16K 47 ithread 98 16K 98 bus-sc 30 14K 1431 ether_multi 159 13K 177 KTRACE 100 13K 100 ifnet 7 13K 7 kenv 95 12K 99 eventhandler 132 12K 132 pfs_nodes 20 10K 20 GEOM 60 10K 486 rman 82 10K 423 in6_multi 73 9K 89 bmsafemap 2 9K 71 kqueue 62 9K 887 UART 12 9K 12 devstat 4 9K 4 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 audit_evclass 233 8K 291 routetbl 50 7K 61 CAM DEV 3 6K 510 vt 11 6K 11 cred 22 6K 223 sglist 5 6K 5 CAM queue 5 6K 1528 plimit 20 5K 378 taskqueue 45 5K 45 ufs_dirhash 24 5K 24 pf_ifnet 10 5K 19 diradd 34 5K 71 memdesc 1 4K 1 MCA 32 4K 32 UMA 249 4K 249 evdev 4 4K 4 DEVFSP 53 4K 74 session 26 4K 39 pgrp 26 4K 39 hhook 13 4K 13 mkdir 25 4K 54 dirrem 12 3K 37 indirdep 12 3K 12 kcovinfo 48 3K 68 acpisem 22 3K 22 terminal 11 3K 11 ip6ndp 15 3K 21 select 21 3K 21 proc-args 48 3K 547 uidinfo 3 3K 9 local_apic 1 2K 1 io_apic 1 2K 1 newdirblk 16 2K 27 ipsec-saq 2 2K 2 sctp_ifa 14 2K 17 lockf 16 2K 26 CAM XPT 22 2K 543 Unitno 27 2K 45 sctp_timw 6 2K 6 in_multi 5 2K 7 acpidev 20 2K 20 msi 9 2K 9 freefile 9 2K 29 tun 7 2K 7 softdep 1 1K 1 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 sctp_atcl 2 1K 14 clone 8 1K 8 vnodemarker 2 1K 8 NFSD session 1 1K 1 CAM periph 4 1K 271 mld 6 1K 6 igmp 6 1K 6 nhops 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 sctp_ifn 5 1K 6 crypto 3 1K 3 freework 3 1K 33 freeblks 2 1K 32 pfil 4 1K 4 chacha20random 1 1K 1 CAM SIM 2 1K 2 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 inpcbpolicy 11 1K 184 osd 3 1K 9 vnodes 1 1K 1 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 tcpfunc 3 1K 3 loginclass 3 1K 6 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 apmdev 1 1K 1 atkbddev 2 1K 2 CAM path 4 1K 1034 sctp_atky 3 1K 20 ktls 1 1K 1 pmchooks 1 1K 1 prison 4 1K 4 soname 4 1K 5778 filecaps 4 1K 82 nexusdev 5 1K 5 entropy 2 1K 38 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 sctp_athm 2 1K 14 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 iov 1 1K 13588 p1003.1b 1 1K 1 pf_table 0 0K 0 pf_rule 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_temp 0 0K 0 ath_hal 0 0K 0 madt_table 0 0K 2 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 nvme_da 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 fpukern_ctx 0 0K 0 mixer 0 0K 0 xen_intr 0 0K 0 ac97 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 hdaa 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 SIIS driver 0 0K 0 vm_fictitious 0 0K 0 CAM CCB 0 0K 1892 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 UMAHash 0 0K 0 ag_tgt_map_t malloc 0 0K 0 ag_slr_map_t malloc 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 14 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 3 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freefrag 0 0K 6 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 3 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 lDevFlags * malloc 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 6 sctp_iter 0 0K 11 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 11 sctp_aadr 0 0K 0 sctp_stro 0 0K 6 sctp_stri 0 0K 0 sctp_map 0 0K 12 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 statfs 0 0K 205 export_host 0 0K 0 cl_savebuf 0 0K 2 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 CAM ccb queue 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 mps_user 0 0K 0 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 MPSSAS 0 0K 0 mbuf_tag 0 0K 125 accf 0 0K 0 pts 0 0K 0 ioctlops 0 0K 99 Witness 0 0K 0 stack 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 mpr 0 0K 0 mfibuf 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 576 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 sendfile 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 pwd 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 NFS FHA 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 db> show ktr No such command; use "help" to list available commands