Warning: Permanently added '10.128.0.187' (ECDSA) to the list of known hosts. 2020/03/17 22:46:05 fuzzer started 2020/03/17 22:46:05 dialing manager at 10.128.0.248:46638 2020/03/17 22:46:05 syscalls: 496 2020/03/17 22:46:05 code coverage: enabled 2020/03/17 22:46:05 comparison tracing: enabled 2020/03/17 22:46:05 extra coverage: support is not implemented in syzkaller 2020/03/17 22:46:05 setuid sandbox: support is not implemented in syzkaller 2020/03/17 22:46:05 namespace sandbox: support is not implemented in syzkaller 2020/03/17 22:46:05 Android sandbox: support is not implemented in syzkaller 2020/03/17 22:46:05 fault injection: support is not implemented in syzkaller 2020/03/17 22:46:05 leak checking: support is not implemented in syzkaller 2020/03/17 22:46:05 net packet injection: enabled 2020/03/17 22:46:05 net device setup: support is not implemented in syzkaller 2020/03/17 22:46:05 concurrency sanitizer: support is not implemented in syzkaller 2020/03/17 22:46:05 devlink PCI setup: support is not implemented in syzkaller 22:46:38 executing program 0: r0 = dup(0xffffffffffffff9c) ioctl$DIOCRINADEFINE(r0, 0xc450444d, &(0x7f0000000100)={{"e7402b5f5ca02ceeacf4bd6335e44cf76bb5aa844e8669dfd4d3a33e76a6a1d6ec30f41e818da84b0cff08f72698041ee857d68df62f9038b974c8781d9c4a9ad7354b436b5a64d542ae03f4477783e9602bda8e0c35e90b92bf89a7a997870a404d633d7e6f5a81ee6b297e755b981603f1b1eceee5df075f5c9b3a8ab90d70be16705ee2eca93906b867deee97bfa9303d1efb31f3e43aacd344689ddc7c61a31c8922ae5bebe5e06a8c12bf440077b7a0e90f83494f7e029d8cb4311f5dd758b9fc8aec9f4cd910206968b1c65cf747c5e2563f5ee1af014f9265793964a8efa51ebe860433b16ed66917b6ddfeb6674befb902671b60e484260c60b1164d1aef281ed914cb44c938734b9f0c517a56b53d3e7ec08767d053938ed769a5cd98dde5d13aa4e02f279836d107ceae8fa329f6ea20c249d0abca47fa922c1dd858626817bf9aef24b346ba5195c6ec5fc8642c671768ae1e571c7b1edf4ed3f93a1e96035530bebbaf4e00e9b2569481f23be8d6a092b262b991f581d1022d131f603076711644effe93e759b0004fd2e81404b494836abf4a9e9fdc427cb4d649f0ac1c56a7c83f54ff419bdc8b92d10b429a4ff2801df213675bbefcdb17e17d04ebc4b03027210fe9b0875fc9a85ddd813d2f22219e45212e0740355a8be23200e9599235f406eadb10e7a34c0efab4cc97537c438d14641608cb55437253d588297aa8f1e6b1d3d1ce12971af41723221a28376da8a827326b6ca8fb397ee285e27bb3ff604b353f74c6abcb981d2f8fdde8034ebe25eb60c22c81b2b3c2781fcd5adbe20dd45d3e09e8be1e43b18cd1737fe7eddf3edf22c9a562fd4fd39ff4c4890743575a13147fb0022b453eafe5a2e589bf10928e528d768f532c80b1e65a696448debf61c2881b1ad520156bf5ee27a5024efe64c60c05f5fa9a27073458700ff858ac6d4e93e753c5661501247eb95140b35afedea6ea326496d21e6f7f18be4d010b5d3ce5d01a95f11ad22ff1d9a98f37867eab233b406c3a66744de0201ccb5ba4fd890cf6d8f403bb2051fb1b4c766fa1da2f43adc31fadb1173dee46af68296e7ff028c70f56bb29f4bf98acc4f870e94e6085ff32f5f24cd020ad07c78447b9c8919a1d3304f38043c5db21d995ae619ac8a4edff0f7387c34e4d64ec36ff2cfb5478780980681b0e67d9cfc1f643f258834a699ad46b5da1b5f04c94b332a977536d69b1b377a589dc3242498faa27ada6a2571aa8f8de1b94b7dd896aee372bc52494453ee3d0a9a8d17a2cad198989a9bc1b4837ae7878d30caec1952601451f18a1cbe259638c349b70d8bd17afc9e86d733527bfa0339827d4ea0ffb62a8fec75940c7e6880d074620ab71afbb9d53beb7d247a8107b03a562f0ee7f36196504d33b903e237b780275a3868aa6439d654e738ccb4d", "52c314b6c4a11bcb203955f1b9f4b18de1c6cc5b3cd6daae25a22637392edf83", 0x5, 0x1}, &(0x7f0000000000)="ce0e50cf2965c969e8d0d1cf77bee726802d1e6d56ce9b993daaaf483a0d0a28535aa2caa87a4b6343041fcebc7cd33ea337e181c1a8a817c42696e2848eec8f7fbbdd28ba3d5c59dbe3bf1665ea315a2a6b57e642aadae067226c4d22b2c6286ef97dba2b478fd998eef1a546f9005bef7703ad5d398176c893927b398be93b4aeb53f49ba1d405230fc47a9f1bb6f85750bda2b32f172ac44899709f7b656e85d67db193faa18ab4357557ac6d47986f6871aa698930117d256fd88df35d14066a2a4b643eede4fc256afacdd6b7", 0x7f, 0x0, 0x2400000000, 0x1, 0xff, 0x8, 0x4, 0x1}) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) r2 = getpid() getresgid(&(0x7f0000000880), &(0x7f00000008c0)=0x0, &(0x7f0000000900)) r4 = fcntl$getown(0xffffffffffffff9c, 0x5) freebsd11_fstat(0xffffffffffffff9c, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0}) freebsd11_fstat(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) freebsd10_pipe(&(0x7f0000000a40)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000b40)={&(0x7f0000000580)=@abs={0x8, 0x0, 0x0, 0x1}, 0x8, &(0x7f0000000840)=[{&(0x7f00000005c0)="c881577367e8bf216642a15232d2e8ca546ccc2f2478a6c7fd3ce4a57a3192f6774a26c8d776dabcaf2dc3a5ac02f724eb7500f31a596a7520068d317bf00c74a90b106c5d96398977bc5d6af02b748b2d1067fb25af140fc3c946c5a3a12cd9fa12fc2c4fa4e98af03a37e7a7ce4a4c589178762d17", 0x76}, {&(0x7f0000000640)="8a9307325e57c5d066a0b318985981033cb3071b8132cd4fd8c9ba95903df14041e29d588212babb3941b7103b6cd5e71218ebe18a40320314c736dc2739437af244c1cf85abfbe1614ab9e0d479d5659afe71ce8ed816b369a047c56b5936176f9476bede83750c38737e1063a5bd0d0d82a91b584b8bfd2fc975b89027bd401e24d2f3252a4d64584339368ec925d5e5ce0c7f9a8a109293a191c959a2b3d3f324671e8d0ebfa502926e565cb1d5a78085c19093b164f55f2fefa32a45a9cbfffcec0b756cdff5bd4478b2027feba23e73e4ff17", 0xd5}, {&(0x7f0000000740)="58534b7a67be8de4198606e43b8fb88f4ddf2478f9edb746a54b076d4bb8", 0x1e}, {&(0x7f0000000780)="f580ba3b336946ce62f2240328252f18a7de605e72ebab2c71d5b10d3fbee83db4c366dec0c77a80f6df4fab5bcabb407e10b396eb2d6843ee40d7d9f9da4d4db47a43fa76b6c03b07b48db5906341c88f6752932091943895f8f0e6b06f447ad1e9344543fface24b926b70198d4c29c14db40d04c99e8919fdffeef0009b7b1100716d77ab273859e7e8083c48b068", 0x90}], 0x4, &(0x7f0000000a80)=[@rights={0x18, 0xffff, 0x1, [r1]}, @cred={0x20, 0xffff, 0x2, r2, 0x0, r3}, @cred={0x20, 0xffff, 0x2, r4, r5, r6}, @rights={0x18, 0xffff, 0x1, [0xffffffffffffff9c, r8]}, @cred={0x20, 0xffff, 0x2, 0x0, 0xffffffffffffffff, 0xffffffffffffffff}], 0x90}, 0x1) fstat(r7, &(0x7f0000000b80)) r9 = socket(0x1, 0x5, 0xc4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000c80)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000cc0)={0xffffffffffffffff, 0xffffffffffffffff}) r12 = accept4$unix(0xffffffffffffffff, &(0x7f0000000d00)=@file={0x6e, 0x0, ""/108}, &(0x7f0000000d80)=0x6e, 0x0) r13 = socket$inet6(0x1c, 0x3, 0xf8) ppoll(&(0x7f0000000dc0)=[{r9, 0x20}, {r10, 0x2}, {r11}, {r1, 0x10}, {r12, 0x1}, {r13, 0x40}], 0x6, &(0x7f0000000e00)={0x87b, 0x8}, &(0x7f0000000e40)={0x3f}, 0x8) r14 = socket$inet6_tcp(0x1c, 0x1, 0x0) accept4$inet6(r14, 0x0, &(0x7f0000000e80), 0x0) freebsd11_lstat(&(0x7f0000000ec0)='./file0\x00', &(0x7f0000000f00)) 22:46:38 executing program 1: freebsd10_pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x12, &(0x7f0000000040), 0x1) r2 = accept4(r0, 0x0, &(0x7f0000000080), 0x30000000) getsockname(r2, &(0x7f00000000c0)=@in={0x10, 0x2, 0xffffffffffffffff, @local}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x2, &(0x7f0000000140)={0x0, 0x6, 0x2, 0x5, 0x1, 0x7}, &(0x7f0000000180)=0x14) setsockopt$inet6_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x900, &(0x7f00000001c0)={r3, 0x2}, 0x8) socketpair(0x1c, 0x20000002, 0x3f, &(0x7f0000000200)={0xffffffffffffffff}) recvfrom(r4, &(0x7f0000000240)=""/177, 0xb1, 0x40083, 0x0, 0x0) connect(r1, &(0x7f0000000300)=@un=@file={0xa, 0x0, './file0\x00'}, 0xa) link(&(0x7f0000000340)='./file0/file0\x00', &(0x7f0000000380)='./file0\x00') freebsd10_pipe(&(0x7f00000003c0)={0xffffffffffffffff}) recvfrom(r5, &(0x7f0000000400)=""/92, 0x5c, 0x40002, &(0x7f0000000480)=@in={0x10, 0x2, 0x3, @loopback}, 0x10) semget(0x2, 0x3, 0x20) r6 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_BINDX_REM_ADDR(r6, 0x84, 0x8002, &(0x7f0000000500)={r3, &(0x7f00000004c0)=[@in6={0x1c, 0x1c, 0x1, 0x5, @empty, 0x7ff}]}, &(0x7f0000000540)=0x10) getsockopt$inet6_sctp_SCTP_CONTEXT(r5, 0x84, 0x1a, &(0x7f0000000580)={r3, 0x9}, &(0x7f00000005c0)=0x8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x108, &(0x7f0000000600)={r7, 0x5, 0x1, 0x100000000, 0x1}, &(0x7f0000000640)=0x18) r8 = open(&(0x7f0000000680)='./file0\x00', 0x40, 0x108) getsockopt$inet6_sctp_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f00000006c0)={0x0, 0x10000, 0xfffffff9}, &(0x7f0000000700)=0x10) setsockopt$inet_sctp_SCTP_MAXSEG(r8, 0x84, 0xe, &(0x7f0000000740)={r9, 0x1}, 0x8) 22:46:38 executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x80) setsockopt$inet6_tcp_TCP_FUNCTION_BLK(r0, 0x6, 0x2000, &(0x7f0000000040)={'bbr\x00', 0x2}, 0x24) r1 = socket$inet6_tcp(0x1c, 0x1, 0x0) getsockopt$inet6_tcp_buf(r1, 0x6, 0x20, &(0x7f0000000080)=""/69, &(0x7f0000000100)=0x45) freebsd10_pipe(&(0x7f0000000140)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xe, &(0x7f0000000180)={0x0, 0x7}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xb, &(0x7f0000000200)={0x6, 0x6, 0x110, 0x80, 0x0, 0x1, 0xfffffffd, 0x1ff, r3}, 0x20) socket$unix(0x1, 0x2, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/pf\x00', 0x1, 0x0) ioctl$DIOCCHANGEALTQV0(r4, 0xc1004431, &(0x7f0000000280)="8bf1d0f7f78c79021cdaa4429dbe714c3dc16f826c715082dcbcd07398114cee9665d1af6a9b6a46d3d4f674100f") setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x18, &(0x7f00000002c0)=0x5, 0x4) shutdown(0xffffffffffffffff, 0x1) r5 = socket$inet_sctp(0x2, 0x1, 0x84) sendto(r5, &(0x7f0000000300)="5d59b69d62b5d1653d7d96a462002f0bbf97b3abe82969117727b026218301d322", 0x21, 0x20101, &(0x7f0000000340)=@in={0x10, 0x2, 0x3, @remote={0xac, 0x14, 0x0}}, 0x10) r6 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c) getsockopt$inet6_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffff9c, 0x84, 0x23, &(0x7f0000000380)={@in={{0x10, 0x2, 0x2, @multicast2}}, 0x0, 0x80, 0x8, 0x3ff}, &(0x7f0000000440)=0x94) getsockopt$inet6_sctp_SCTP_LOCAL_AUTH_CHUNKS(r6, 0x84, 0x103, &(0x7f0000000480)={r7, 0x17, "7ca9fc6bb740d6c3265eb97206d7a23a52e37a69c068f1"}, &(0x7f00000004c0)=0x1f) pipe2(&(0x7f0000000500)={0xffffffffffffffff}, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0xa, &(0x7f0000000540)={@in={{0x10, 0x2, 0x0, @broadcast}}, 0x0, 0x7, 0x8001, 0xff32cbf514463547, 0x88, 0x78d, 0x6e}, &(0x7f0000000600)=0xa0) setsockopt$inet6_sctp_SCTP_ADD_STREAMS(r8, 0x84, 0x903, &(0x7f0000000640)={r9, 0x85af, 0x9}, 0x8) 22:46:38 executing program 3: geteuid() r0 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000000)={0x1c, 0x1c, 0xffffffffffffffff, 0x0, @loopback}, &(0x7f0000000040)=0x1c) connect$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c, 0x1, 0x100, @loopback, 0x8}, 0x1c) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x900, &(0x7f00000000c0)={0x0, 0x97}, &(0x7f0000000100)=0x8) getsockopt$inet6_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x108, &(0x7f0000000140)={r1, 0x800, 0x1, 0x4fb4, 0x3ff}, &(0x7f0000000180)=0x18) recvfrom$inet(0xffffffffffffffff, &(0x7f00000001c0)=""/4096, 0x1000, 0x1, 0x0, 0x0) pipe2(&(0x7f00000011c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) setsockopt$inet_sctp_SCTP_INITMSG(r3, 0x84, 0x3, &(0x7f0000001200)={0xca34, 0x0, 0x9, 0x6}, 0x8) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x29, &(0x7f0000001240)={0x0, 0x8001}, 0x8) r4 = socket(0x6, 0x3, 0x51) getsockopt$inet6_sctp_SCTP_PR_SUPPORTED(r3, 0x84, 0x26, &(0x7f0000001280)={r1, 0x5}, &(0x7f00000012c0)=0x8) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x29, &(0x7f0000001300)={r5, 0x94ca}, 0x8) setsockopt$inet_buf(r3, 0x0, 0x48, &(0x7f0000001340)="8e269ecf5105d5107ec69be078504a0ad57bf44b6067840cd259bb145c716b90e9405eb1577fbdb474b615123fe97464f8608cd92b58a03aec51cb4602bee1dc8412285197683c5613346ed8361c6b76a1a99a0df19d28e1e727fb3da3edd45066e49846731e823039ce1f381f8843c07f5fba6e0f439e298147f35e600a240d912a88301a8b24cfd10c", 0x8a) r6 = accept4(0xffffffffffffff9c, &(0x7f0000001400)=@in={0x10}, &(0x7f0000001440)=0x10, 0x20000000) setsockopt$inet_sctp_SCTP_CONNECT_X(r6, 0x84, 0x8007, &(0x7f0000001500)={0xfffffc01, &(0x7f0000001480)=[@in={0x10, 0x2, 0x1, @rand_addr=0xfff}, @in={0x10, 0x2, 0x3, @loopback}, @in6={0x1c, 0x1c, 0x1, 0x81, @ipv4={[], [], @multicast2}, 0x1}, @in6={0x1c, 0x1c, 0x0, 0x80000000, @loopback, 0x2}]}, &(0x7f0000001540)=0x10) lseek(0xffffffffffffffff, 0x7f, 0x1) r7 = open$dir(&(0x7f0000001580)='./file0\x00', 0x10004, 0x0) fsync(r7) r8 = socket(0x10, 0x5, 0x2) setsockopt(r8, 0x4, 0x7fffffff, &(0x7f00000015c0)="f3d293a0a38339a05f864a7537b11449ad6afab001217ceda6a00afa002866d95e73bf84e9b488dd3dd54c26ae9d74bf44f9e5cfc7bdbce45af482d8d2c052529b6d7336bd7a92609bf8989a88575fe487944cd73c94abed0550b93c31df8a7fc88278b3342955592897a4e9f028dde338408c05c8d74ef91765bdf4f7def2e0ab060dd1f8", 0x85) 22:46:39 executing program 1: r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ppoll(&(0x7f0000000200)=[{r0, 0x5}], 0x1, 0x0, 0x0, 0xcd) r1 = getpid() fcntl$setown(r0, 0x6, r1) wait4(r1, &(0x7f0000000000), 0x1, &(0x7f0000000040)) login: panic: Assertion in_epoch(net_epoch_preempt) failed at /syzkaller/managers/main/kernel/sys/netinet/ip_output.c:325 cpuid = 0 time = 1584485199 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024ab8180 vpanic() at vpanic+0x1c7/frame 0xfffffe0024ab81e0 panic() at panic+0x43/frame 0xfffffe0024ab8240 ip_output() at ip_output+0x2489/frame 0xfffffe0024ab8390 sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0xffc/frame 0xfffffe0024ab84d0 sctp_send_initiate() at sctp_send_initiate+0xa3f/frame 0xfffffe0024ab85d0 sctp_lower_sosend() at sctp_lower_sosend+0x3f3e/frame 0xfffffe0024ab87b0 sctp_sosend() at sctp_sosend+0x501/frame 0xfffffe0024ab88e0 sosend() at sosend+0xc6/frame 0xfffffe0024ab8950 kern_sendit() at kern_sendit+0x33d/frame 0xfffffe0024ab8a00 sendit() at sendit+0x224/frame 0xfffffe0024ab8a60 sys_sendto() at sys_sendto+0x5c/frame 0xfffffe0024ab8ac0 amd64_syscall() at amd64_syscall+0x2f4/frame 0xfffffe0024ab8bf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0024ab8bf0 --- syscall (198, FreeBSD ELF64, nosys), rip = 0x41332a, rsp = 0x7fffdfffdf38, rbp = 0x6 --- KDB: enter: panic [ thread pid 818 tid 100124 ] Stopped at kdb_enter+0x67: movq $0,0x146d296(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0xfffffe0026200000 rdx 0x3ffff rbx 0 rsp 0xfffffe0024ab8160 rbp 0xfffffe0024ab8180 rsi 0x40001 rdi 0xffffffff810b4ce6 vprintf+0x176 r8 0 r9 0xffffffff r10 0x3ca9 ll+0x3c88 r11 0xfffffe0024981c10 r12 0xffffffff82068e30 ddb_dbbe r13 0 r14 0xffffffff81932c76 r15 0xffffffff81932c76 rip 0xffffffff810a9fa7 kdb_enter+0x67 rflags 0x86 ll+0x65 kdb_enter+0x67: movq $0,0x146d296(%rip) db> show proc Process 818 (syz-executor.2) at 0xfffff8003a458530: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 770 at 0xfffff800033f1530 ABI: FreeBSD ELF64 arguments: /root/syz-executor.2 reaper: 0xfffff80003311000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00249209e8 (map 0xfffffe00249209e8) (map.pmap 0xfffffe0024920aa8) (pmap 0xfffffe0024920b08) threads: 2 100099 RunQ syz-executor.2 100124 Run CPU 0 syz-executor.2 db> ps pid ppid pgrp uid state wmesg wchan cmd 821 819 422 0 R CPU 1 sh 819 778 422 0 S wait 0xfffff80003d12530 sh 818 770 770 0 R (threaded) syz-executor.2 100099 RunQ syz-executor.2 100124 Run CPU 0 syz-executor.2 815 769 769 0 R (threaded) syz-executor.1 100118 RunQ syz-executor.1 100123 S select 0xfffff80003a7d440 syz-executor.1 808 780 780 0 R ifconfig 795 768 768 0 R sh 780 766 780 0 Ss wait 0xfffff8003a459a60 syz-executor.3 778 773 422 0 S piperd 0xfffff8003a31a2f8 sh 773 422 422 0 S wait 0xfffff8003a32d000 sh 770 766 770 0 Rs syz-executor.2 769 766 769 0 Ss nanslp 0xffffffff824ffe41 syz-executor.1 768 766 768 0 Ss wait 0xfffff80003311a60 syz-executor.0 766 764 764 0 R (threaded) syz-fuzzer 100090 S uwait 0xfffff80003a64d80 syz-fuzzer 100102 RunQ syz-fuzzer 100103 RunQ syz-fuzzer 100104 S uwait 0xfffff80003a64980 syz-fuzzer 100105 S uwait 0xfffff80003a67100 syz-fuzzer 100106 S kqread 0xfffff80003b36300 syz-fuzzer 100107 S uwait 0xfffff80003a64a80 syz-fuzzer 100108 S uwait 0xfffff80003479e80 syz-fuzzer 100109 S uwait 0xfffff80003821000 syz-fuzzer 100110 S uwait 0xfffff80003821100 syz-fuzzer 100111 S uwait 0xfffff80003a64600 syz-fuzzer 100112 S uwait 0xfffff80003a64700 syz-fuzzer 764 762 764 0 Ss pause 0xfffff80003d120a8 csh 762 680 762 0 Ss select 0xfffff8000355cd40 sshd 746 1 746 0 Ss+ ttyin 0xfffff800033ea8b0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003b3b0b0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003b3b4b0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003b3b8b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003b3bcb0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003b3a0b0 getty 740 1 740 0 Ss+ ttyin 0xfffff80003b3a4b0 getty 739 1 739 0 Ss+ ttyin 0xfffff80003b3a8b0 getty 738 1 738 0 Ss+ ttyin 0xfffff80003b3acb0 getty 736 1 22 0 S+ piperd 0xfffff8003a2c9000 logger 735 734 22 0 S+ nanslp 0xffffffff824ffe41 sleep 734 1 22 0 S+ wait 0xfffff80003d43a60 sh 684 1 684 0 Ss nanslp 0xffffffff824ffe41 cron 680 1 680 0 Ss select 0xfffff80003a7ddc0 sshd 493 1 493 0 Ss select 0xfffff80003a7dd40 syslogd 422 1 422 0 Ss wait 0xfffff80003ca4000 devd 421 1 421 65 Ss select 0xfffff80003a7db40 dhclient 336 1 336 0 Ss select 0xfffff8000355f2c0 dhclient 333 1 333 0 Ss select 0xfffff80003a7de40 dhclient 21 0 0 0 DL vlruwt 0xfffff800033f1a60 [vnlru] 20 0 0 0 DL syncer 0xffffffff825d62d8 [syncer] 19 0 0 0 DL (threaded) [bufdaemon] 100065 D qsleep 0xffffffff825d57d8 [bufdaemon] 100070 D - 0xffffffff8200aa00 [bufspacedaemon-0] 100081 D sdflush 0xfffff8000341ace8 [/ worker] 18 0 0 0 DL psleep 0xffffffff825f1248 [vmdaemon] 17 0 0 0 DL (threaded) [pagedaemon] 100063 D psleep 0xffffffff8261d158 [dom0] 100068 D launds 0xffffffff8261d164 [laundry: dom0] 100069 D umarcl 0xffffffff81536ad0 [uma] 16 0 0 0 DL - 0xffffffff8235a6b0 [rand_harvestq] 15 0 0 0 DL waiting 0xffffffff82662720 [sctp_iterator] 9 0 0 0 DL - 0xffffffff825d51dc [soaiod4] 8 0 0 0 DL - 0xffffffff825d51dc [soaiod3] 7 0 0 0 DL - 0xffffffff825d51dc [soaiod2] 6 0 0 0 DL - 0xffffffff825d51dc [soaiod1] 5 0 0 0 DL (threaded) [cam] 100031 D - 0xffffffff82235ac0 [doneq0] 100062 D - 0xffffffff82235988 [scanner] 4 0 0 0 DL crypto_ 0xfffff8000321b190 [crypto returns 1] 3 0 0 0 DL crypto_ 0xfffff8000321b130 [crypto returns 0] 2 0 0 0 DL crypto_ 0xffffffff825eb2b8 [crypto] 14 0 0 0 DL seqstat 0xfffff80003369888 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100022 D - 0xffffffff8261b788 [g_event] 100023 D - 0xffffffff8261b798 [g_up] 100024 D - 0xffffffff8261b790 [g_down] 12 0 0 0 WL (threaded) [intr] 100005 I [swi6: Giant taskq] 100007 I [swi5: fast taskq] 100011 I [swi6: task queue] 100017 I [swi1: netisr 0] 100018 I [swi3: vm] 100019 I [swi4: clock (0)] 100020 I [swi4: clock (1)] 100032 I [irq24: virtio_pci0] 100033 I [irq25: virtio_pci0] 100034 I [irq26: virtio_pci0] 100035 I [irq27: virtio_pci0] 100036 I [irq28: virtio_pci1] 100037 I [irq29: virtio_pci1] 100038 I [irq30: virtio_pci1] 100039 I [irq31: virtio_pci1] 100040 I [irq32: virtio_pci1] 100045 I [irq10: virtio_pci2] 100047 I [irq1: atkbd0] 100048 I [irq12: psm0] 100049 I [swi0: uart uart++] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff80003311000 [init] 10 0 0 0 DL audit_w 0xffffffff826633b0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff8260adc8 [swapper] 100006 D - 0xfffff80003338000 [thread taskq] 100008 D - 0xfffff80003205d00 [config_0] 100009 D - 0xfffff80003339d00 [kqueue_ctx taskq] 100010 D - 0xfffff80003339c00 [aiod_kick taskq] 100012 D - 0xfffff80003205c00 [if_config_tqg_0] 100013 D - 0xfffff80003205b00 [if_io_tqg_0] 100014 D - 0xfffff80003205a00 [if_io_tqg_1] 100015 D - 0xfffff80003205900 [softirq_0] 100016 D - 0xfffff80003205800 [softirq_1] 100021 D - 0xfffff80003339a00 [firmware taskq] 100026 D - 0xfffff80003339800 [crypto_0] 100027 D - 0xfffff80003339800 [crypto_1] 100041 D - 0xfffff80003334a00 [vtnet0 rxq 0] 100042 D - 0xfffff80003334900 [vtnet0 txq 0] 100043 D - 0xfffff80003334800 [vtnet0 rxq 1] 100044 D - 0xfffff80003334700 [vtnet0 txq 1] 100046 D vtbslp 0xfffff80003572d80 [virtio_balloon] 100050 D - 0xfffff80003845000 [mca taskq] 100055 D - 0xffffffff81cd5f10 [deadlkres] 100058 D - 0xfffff80003b36500 [acpi_task_0] 100059 D - 0xfffff80003b36500 [acpi_task_1] 100060 D - 0xfffff80003b36500 [acpi_task_2] 100061 D - 0xfffff80003339600 [CAM taskq] db> show all locks Process 821 (sh) thread 0xfffffe0024947300 (100117) exclusive lockmgr devfs (devfs) r = 0 (0xfffff80003c72438) locked @ /syzkaller/managers/main/kernel/sys/fs/devfs/devfs_vnops.c:1172 Process 818 (syz-executor.2) thread 0xfffffe0024981700 (100124) exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0024c23380) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:13550 db> show malloc Type InUse MemUse Requests devbuf 4213 4851K 4238 vtbuf 24 1968K 46 sysctloid 26033 1517K 26097 kobj 332 1328K 488 newblk 538 1159K 594 vfscache 4 1025K 4 pcb 24 539K 81 inodedep 34 529K 90 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 129 261K 895 acpica 1674 185K 52709 vnet_data 1 168K 1 filedesc 21 149K 53 pagedep 18 133K 29 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 105 105K 122 linker 222 89K 253 bus 992 79K 3374 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 494 62K 494 gtaskqueue 22 34K 22 umtx 270 34K 270 kdtrace 175 34K 1709 hostcache 1 32K 1 shm 1 32K 1 DEVFS3 124 31K 134 msg 4 30K 4 DEVFS_RULE 56 27K 56 vmem 3 22K 4 kbdmux 6 22K 6 ifaddr 64 20K 66 BPF 14 19K 14 temp 34 17K 1740 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ithread 89 15K 89 bus-sc 30 14K 1431 lltable 37 13K 37 KTRACE 100 13K 100 ifnet 7 13K 7 kenv 95 12K 99 eventhandler 122 11K 122 pfs_nodes 20 10K 20 GEOM 60 10K 487 rman 82 10K 423 ether_multi 106 9K 111 bmsafemap 2 9K 58 UART 12 9K 12 devstat 4 9K 4 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 audit_evclass 232 8K 290 in6_multi 57 7K 57 routetbl 43 7K 47 CAM DEV 3 6K 510 kqueue 58 6K 826 vt 11 6K 11 plimit 21 6K 333 cred 21 6K 195 sglist 5 6K 5 CAM queue 5 6K 1528 ufs_dirhash 24 5K 24 taskqueue 42 5K 42 DEVFSP 70 5K 74 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 kcovinfo 64 4K 68 UMA 236 4K 236 diradd 28 4K 58 hhook 13 4K 13 session 24 3K 33 pgrp 24 3K 33 mkdir 22 3K 38 acpisem 22 3K 22 terminal 11 3K 11 proc-args 47 3K 513 indirdep 10 3K 10 ip6ndp 14 3K 15 uidinfo 3 3K 7 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 select 15 2K 15 newdirblk 14 2K 19 CAM XPT 22 2K 543 lockf 15 2K 22 freefile 12 2K 23 Unitno 25 2K 45 sctp_ifa 11 2K 11 dirrem 5 2K 29 crypto 2 2K 2 acpidev 20 2K 20 msi 9 2K 9 tun 7 2K 7 softdep 1 1K 1 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 sctp_atcl 2 1K 4 sctp_stro 1 1K 1 in_multi 4 1K 5 clone 8 1K 8 vnodemarker 2 1K 8 NFSD session 1 1K 1 CAM periph 4 1K 271 mld 6 1K 6 igmp 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 sctp_ifn 4 1K 4 pfil 4 1K 4 chacha20random 1 1K 1 CAM SIM 2 1K 2 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 osd 3 1K 9 inpcbpolicy 8 1K 154 vnodes 1 1K 1 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 loginclass 3 1K 6 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 apmdev 1 1K 1 atkbddev 2 1K 2 CAM path 4 1K 1034 sctp_atky 3 1K 5 soname 5 1K 5717 pmchooks 1 1K 1 prison 4 1K 4 filecaps 4 1K 66 nexusdev 5 1K 5 entropy 2 1K 36 tcpfunc 1 1K 1 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 freework 1 1K 27 sctp_athm 2 1K 4 sctp_map 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 ath_hal 0 0K 0 athdev 0 0K 0 madt_table 0 0K 2 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 scsi_ch 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 nvme_da 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 mixer 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 SIIS driver 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 CAM CCB 0 0K 1874 vm_fictitious 0 0K 0 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 ag_tgt_map_t malloc 0 0K 0 UMAHash 0 0K 0 ag_slr_map_t malloc 0 0K 0 lDevFlags * malloc 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 12 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 3 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freeblks 0 0K 26 freefrag 0 0K 5 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 nfsclient_nlminfo 0 0K 0 nfsclient_lock 0 0K 0 NFS FHA 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 3 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 0 sctp_iter 0 0K 7 sctp_mvrf 0 0K 0 sctp_timw 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 7 sctp_aadr 0 0K 0 sctp_stri 0 0K 0 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 statfs 0 0K 192 export_host 0 0K 0 cl_savebuf 0 0K 2 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 CAM ccb queue 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 mps_user 0 0K 0 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 MPSSAS 0 0K 0 mbuf_tag 0 0K 67 accf 0 0K 0 pts 0 0K 0 iov 0 0K 13330 ioctlops 0 0K 93 Witness 0 0K 0 stack 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 mpr 0 0K 0 mfibuf 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 568 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 pwd 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 db> show ktr No such command; use "help" to list available commands