Warning: Permanently added '10.128.0.118' (ECDSA) to the list of known hosts. 2021/05/12 16:59:38 parsed 1 programs 2021/05/12 16:59:38 executed programs: 0 login: [fib_algo] inet.0 (bsearch4#23) rebuild_fd_flm: switching algo to radix4_lockless 2021/05/12 16:59:43 executed programs: 1758 2021/05/12 16:59:48 executed programs: 3751 panic: Assertion (cnp->cn_flags & (LOCKPARENT | WANTPARENT)) == 0 failed at /syzkaller/managers/main/kernel/sys/kern/vfs_lookup.c:490 cpuid = 1 time = 1620838792 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00517b2640 vpanic() at vpanic+0x1c7/frame 0xfffffe00517b26a0 panic() at panic+0x43/frame 0xfffffe00517b2700 namei() at namei+0x13e3/frame 0xfffffe00517b27c0 vn_open_cred() at vn_open_cred+0x1ad/frame 0xfffffe00517b2940 kern_openat() at kern_openat+0x3bd/frame 0xfffffe00517b2ab0 amd64_syscall() at amd64_syscall+0x247/frame 0xfffffe00517b2bf0 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00517b2bf0 --- syscall (198, FreeBSD ELF64, nosys), rip = 0x285e1a, rsp = 0x7fffdffdcf08, rbp = 0x7fffdffdcf70 --- KDB: enter: panic [ thread pid 6168 tid 105795 ] Stopped at kdb_enter+0x67: movq $0,0x163a49e(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0x80 rdx 0xffffffff819c28ef rbx 0 rsp 0xfffffe00517b2620 rbp 0xfffffe00517b2640 rsi 0x1 rdi 0 r8 0 r9 0x8080808080808080 r10 0xfffffe00517b2510 r11 0x1ffaefff59c r12 0xffffffff82267ac0 ddb_dbbe r13 0 r14 0xffffffff81a73d79 r15 0xffffffff81a73d79 rip 0xffffffff8112ece7 kdb_enter+0x67 rflags 0x82 kdb_enter+0x67: movq $0,0x163a49e(%rip) db> show proc Process 6168 (syz-executor.1) at 0xfffff80027cb9a70: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 791 at 0xfffff80027497000 ABI: FreeBSD ELF64 flag: 0x10000080 flag2: 0 arguments: /root/syz-executor.1 reaper: 0xfffff8000452a538 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe0094c35000 (map 0xfffffe0094c35000) (map.pmap 0xfffffe0094c350c0) (pmap 0xfffffe0094c35120) threads: 3 100226 RunQ syz-executor.1 105793 S uwait 0xfffff80027b6e600 syz-executor.1 105795 Run CPU 1 syz-executor.1 db> ps pid ppid pgrp uid state wmesg wchan cmd 6169 795 795 0 R (threaded) syz-executor.3 100128 RunQ syz-executor.3 105794 Run CPU 0 syz-executor.3 6168 791 791 0 R (threaded) syz-executor.1 100226 RunQ syz-executor.1 105793 S uwait 0xfffff80027b6e600 syz-executor.1 105795 Run CPU 1 syz-executor.1 6167 788 788 0 R (threaded) syz-executor.0 100652 RunQ syz-executor.0 105792 RunQ syz-executor.0 6150 6136 6150 0 Ss select 0xfffff80027b6e9c0 dhclient 6142 1 6142 0 Ss select 0xfffff80027b6e840 dhclient 6136 6120 436 0 D biowr 0xfffffe00038554d8 dhclient 6120 436 436 0 S wait 0xfffff80027b61000 sh 795 785 795 0 Rs syz-executor.3 791 785 791 0 Ss nanslp 0xffffffff8273c8e1 syz-executor.1 788 785 788 0 Ss nanslp 0xffffffff8273c8e0 syz-executor.0 787 785 787 0 Rs syz-executor.2 785 783 783 0 S (threaded) syz-execprog 100091 S uwait 0xfffff80004f59e00 syz-execprog 100118 S uwait 0xfffff8002310e300 syz-execprog 100119 S uwait 0xfffff8002310e400 syz-execprog 100120 S uwait 0xfffff8002310e500 syz-execprog 100121 S kqread 0xfffff80027a12d00 syz-execprog 100122 S uwait 0xfffff80004cfc180 syz-execprog 100123 S uwait 0xfffff8002310e700 syz-execprog 100124 S uwait 0xfffff800230fbc80 syz-execprog 100125 S uwait 0xfffff800230fbd80 syz-execprog 100126 S uwait 0xfffff800230fbe80 syz-execprog 783 781 783 0 Ss pause 0xfffff8002303f5e8 csh 781 694 781 0 Ss select 0xfffff800230fba40 sshd 760 1 760 0 Ss+ ttyin 0xfffff800049d7cb0 getty 759 1 759 0 Ss+ ttyin 0xfffff80004ced8b0 getty 758 1 758 0 Ss+ ttyin 0xfffff80004cedcb0 getty 757 1 757 0 Ss+ ttyin 0xfffff80004cf40b0 getty 756 1 756 0 Ss+ ttyin 0xfffff80004cf44b0 getty 755 1 755 0 Ss+ ttyin 0xfffff80004cf48b0 getty 754 1 754 0 Ss+ ttyin 0xfffff80004cf4cb0 getty 753 1 753 0 Ss+ ttyin 0xfffff80004c6e0b0 getty 752 1 752 0 Ss+ ttyin 0xfffff80004c6e4b0 getty 750 1 24 0 S+ piperd 0xfffff800230135d0 logger 749 748 24 0 S+ nanslp 0xffffffff8273c8e0 sleep 748 1 24 0 S+ wait 0xfffff8002300d000 sh 698 1 698 0 Ss nanslp 0xffffffff8273c8e0 cron 694 1 694 0 Ss select 0xfffff8002310ebc0 sshd 507 1 507 0 Ss select 0xfffff8002310e840 syslogd 436 1 436 0 Ss wait 0xfffff80027497a70 devd 435 1 435 65 Ss select 0xfffff8002310e9c0 dhclient 350 1 350 0 Ss select 0xfffff8002310e8c0 dhclient 347 1 347 0 Ss select 0xfffff80004f59a40 dhclient 23 0 0 0 DL syncer 0xffffffff8282bd50 [syncer] 22 0 0 0 DL vlruwt 0xfffff80004e8da70 [vnlru] 21 0 0 0 DL (threaded) [bufdaemon] 100081 D qsleep 0xffffffff8282ae00 [bufdaemon] 100088 D - 0xffffffff8220ae00 [bufspacedaemon-0] 100098 D sdflush 0xfffff80023000ce8 [/ worker] 20 0 0 0 DL psleep 0xffffffff82852c08 [vmdaemon] 19 0 0 0 DL (threaded) [pagedaemon] 100079 D psleep 0xffffffff82847078 [dom0] 100086 D launds 0xffffffff82847084 [laundry: dom0] 100087 D umarcl 0xffffffff815c9ef0 [uma] 18 0 0 0 DL - 0xffffffff82570c78 [rand_harvestq] 17 0 0 0 DL waiting 0xffffffff82e34828 [sctp_iterator] 16 0 0 0 DL pftm 0xffffffff82fc83c0 [pf purge] 15 0 0 0 DL - 0xffffffff8282845c [soaiod4] 9 0 0 0 DL - 0xffffffff8282845c [soaiod3] 8 0 0 0 DL - 0xffffffff8282845c [soaiod2] 7 0 0 0 DL - 0xffffffff8282845c [soaiod1] 6 0 0 0 DL (threaded) [cam] 100044 D - 0xffffffff82448140 [doneq0] 100045 D - 0xffffffff824480c0 [async] 100078 D - 0xffffffff82447f90 [scanner] 14 0 0 0 DL seqstat 0xfffff8000463c888 [sequencer 00] 5 0 0 0 DL crypto_ 0xfffff8000462ed80 [crypto returns 1] 4 0 0 0 DL crypto_ 0xfffff8000462ed30 [crypto returns 0] 3 0 0 0 DL crypto_ 0xffffffff828445a0 [crypto] 13 0 0 0 DL (threaded) [geom] 100035 D - 0xffffffff8271c120 [g_event] 100036 D - 0xffffffff8271c128 [g_up] 100037 D - 0xffffffff8271c130 [g_down] 2 0 0 0 DL (threaded) [KTLS] 100028 D - 0xfffff80004574600 [thr_0] 100029 D - 0xfffff80004574680 [thr_1] 12 0 0 0 WL (threaded) [intr] 100011 I [swi6: task queue] 100013 I [swi6: Giant taskq] 100018 I [swi5: fast taskq] 100030 I [swi4: clock (0)] 100031 I [swi4: clock (1)] 100032 I [swi1: netisr 0] 100033 I [swi3: vm] 100046 I [irq24: virtio_pci0] 100047 I [irq25: virtio_pci0] 100048 I [irq26: virtio_pci0] 100049 I [irq27: virtio_pci0] 100050 I [irq28: virtio_pci1] 100051 I [irq29: virtio_pci1] 100052 I [irq30: virtio_pci1] 100053 I [irq31: virtio_pci1] 100054 I [irq32: virtio_pci1] 100059 I [irq10: virtio_pci2] 100061 I [irq1: atkbd0] 100062 I [irq12: psm0] 100063 I [swi0: uart uart++] 100071 I [swi1: pf send] 100084 I [swi1: hpts] 100085 I [swi1: hpts] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff8000452a538 [init] 10 0 0 0 DL audit_w 0xffffffff82844ab0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff8271c6b0 [swapper] 100005 D - 0xfffff80004144800 [if_config_tqg_0] 100006 D - 0xfffff80004144700 [softirq_0] 100007 D - 0xfffff80004144600 [softirq_1] 100008 D - 0xfffff80004144500 [if_io_tqg_0] 100009 D - 0xfffff80004144400 [if_io_tqg_1] 100010 D - 0xfffff8000457a600 [pci_hp taskq] 100012 D - 0xfffff8000457a300 [inm_free taskq] 100014 D - 0xfffff8000457a000 [linuxkpi_irq_wq] 100015 D - 0xfffff80004574e00 [thread taskq] 100016 D - 0xfffff80004574d00 [in6m_free taskq] 100017 D - 0xfffff80004574c00 [aiod_kick taskq] 100019 D - 0xfffff80004574900 [kqueue_ctx taskq] 100020 D - 0xfffff80004574800 [linuxkpi_short_wq_0] 100021 D - 0xfffff80004574800 [linuxkpi_short_wq_1] 100022 D - 0xfffff80004574800 [linuxkpi_short_wq_2] 100023 D - 0xfffff80004574800 [linuxkpi_short_wq_3] 100024 D - 0xfffff80004574700 [linuxkpi_long_wq_0] 100025 D - 0xfffff80004574700 [linuxkpi_long_wq_1] 100026 D - 0xfffff80004574700 [linuxkpi_long_wq_2] 100027 D - 0xfffff80004574700 [linuxkpi_long_wq_3] 100034 D - 0xfffff80004574000 [firmware taskq] 100038 D - 0xfffff800045c1d00 [crypto_0] 100039 D - 0xfffff800045c1d00 [crypto_1] 100055 D - 0xfffff800045c1700 [vtnet0 rxq 0] 100056 D - 0xfffff800045c1600 [vtnet0 txq 0] 100057 D - 0xfffff800045c1500 [vtnet0 rxq 1] 100058 D - 0xfffff800045c1400 [vtnet0 txq 1] 100060 D vtbslp 0xfffff80004972100 [virtio_balloon] 100064 D - 0xfffff80004973a00 [mca taskq] 100066 D - 0xffffffff81e20680 [deadlkres] 100073 D - 0xfffff80004c3e700 [acpi_task_0] 100074 D - 0xfffff80004c3e700 [acpi_task_1] 100075 D - 0xfffff80004c3e700 [acpi_task_2] 100077 D - 0xfffff800045c1c00 [CAM taskq] db> show all locks Process 6136 (dhclient) thread 0xfffffe0094c40e40 (100663) exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003855558) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:14702 exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe00038534b8) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3928 exclusive lockmgr ufs (ufs) r = 0 (0xfffff80027c953f0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3516 db> show malloc Type InUse MemUse Requests pf_hash 5 11524K 5 devbuf 4216 4340K 4241 tcp_hpts 5 3201K 5 inodedep 5317 2506K 5340 sysctloid 33718 1992K 33785 vtbuf 24 1968K 46 kobj 332 1328K 492 dirrem 5263 1316K 5274 newblk 467 1141K 5755 vfscache 3 1025K 3 freefile 5246 656K 5255 pcb 23 537K 89 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 subproc 133 257K 6246 acpica 1674 184K 55406 vnet_data 1 168K 1 tidhash 3 141K 3 pagedep 27 135K 5277 tfo_ccache 1 128K 1 filedesc 16 121K 10561 DEVFS1 107 107K 124 sem 4 106K 4 linker 294 102K 330 bus 995 81K 3509 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 508 64K 508 umtx 352 44K 352 kdtrace 212 43K 11966 BPF 22 36K 22 temp 35 33K 1989 hostcache 1 32K 1 shm 1 32K 1 DEVFS3 126 32K 136 msg 4 30K 4 vmem 3 26K 4 gtaskqueue 18 26K 18 kbdmux 6 22K 6 DEVFS_RULE 56 20K 56 ifaddr 67 19K 69 ufs_mount 5 17K 6 proc 3 17K 3 tty 16 16K 16 routetbl 126 16K 398 ithread 99 16K 99 bus-sc 33 14K 1719 lltable 43 14K 43 KTRACE 100 13K 100 ifnet 7 13K 7 ether_multi 152 13K 162 kenv 94 12K 94 eventhandler 133 12K 133 rman 84 10K 425 GEOM 60 10K 489 bmsafemap 4 9K 5311 in6_multi 65 9K 65 UART 12 9K 12 devstat 4 9K 4 ksem 1 8K 1 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 pfs_nodes 20 8K 20 audit_evclass 236 8K 294 diradd 51 7K 5308 taskqueue 60 7K 60 sglist 5 7K 5 CAM DEV 3 6K 510 kqueue 59 6K 6176 cred 23 6K 237 plimit 22 6K 365 CAM queue 5 6K 1528 ufs_dirhash 24 5K 24 UMA 265 5K 265 pf_ifnet 10 5K 19 vt 11 5K 11 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 pwddesc 57 4K 6170 mkdir 28 4K 10532 acpisem 28 4K 28 session 26 4K 40 hhook 13 4K 13 fpukern_ctx 3 3K 3 terminal 11 3K 11 proc-args 47 3K 595 indirdep 10 3K 10 uidinfo 3 3K 8 lockf 21 3K 28 local_apic 1 2K 1 io_apic 1 2K 1 newdirblk 16 2K 5266 ipsec-saq 2 2K 2 CAM CCB 1 2K 1801 ip6ndp 12 2K 14 selfd 30 2K 7856 Unitno 30 2K 47 sctp_ifa 13 2K 14 CAM XPT 22 2K 543 in_multi 6 2K 8 ipsecpolicy 2 2K 2 acpidev 20 2K 20 select 10 2K 40 msi 9 2K 9 clone 9 2K 9 tun 7 2K 7 softdep 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 nhops 6 1K 8 vnodemarker 2 1K 10 NFSD session 1 1K 1 CAM periph 4 1K 271 ipsec 3 1K 3 sctp_ifn 6 1K 14 mld 6 1K 6 igmp 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 89 pci_link 10 1K 10 DEVFSP 11 1K 10268 crypto 4 1K 4 encap_export_host 12 1K 12 pfil 4 1K 4 CAM SIM 2 1K 2 cdev 2 1K 2 inpcbpolicy 15 1K 10694 chacha20random 1 1K 1 osd 3 1K 10 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 vnodes 1 1K 1 ktls 1 1K 1 procdesc 2 1K 12 feeder 7 1K 7 xform 3 1K 10302 tcpfunc 3 1K 3 loginclass 3 1K 7 prison 6 1K 6 linux 5 1K 6 aesni_data 2 1K 2 apmdev 1 1K 1 atkbddev 2 1K 2 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 CAM path 4 1K 1034 pmchooks 1 1K 1 filecaps 5 1K 90 nexusdev 7 1K 7 soname 4 1K 3256 sctp_vrf 1 1K 1 vnet 1 1K 1 entropy 2 1K 42 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 freework 1 1K 5272 p1003.1b 1 1K 1 mqdata 0 0K 0 pf_table 0 0K 0 pf_rule 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_temp 0 0K 0 tcp_do 0 0K 0 tcp_fsb 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 0 sctp_iter 0 0K 6 sctp_mvrf 0 0K 0 sctp_timw 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_athm 0 0K 0 sctp_atky 0 0K 0 sctp_atcl 0 0K 0 sctp_a_it 0 0K 6 sctp_aadr 0 0K 0 sctp_stro 0 0K 0 sctp_stri 0 0K 0 sctp_map 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 madt_table 0 0K 2 smartpqi 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 ice-resmgr 0 0K 0 ice-osdep 0 0K 0 ice 0 0K 0 axgbe 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 ciss_data 0 0K 0 BACKLIGHT 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 xen_intr 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 isci 0 0K 0 iommu_dmamap 0 0K 0 amr 0 0K 0 hyperv_socket 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 pvscsi 0 0K 0 scsi_da 0 0K 69 vm_fictitious 0 0K 0 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 AHCI driver 0 0K 0 USBdev 0 0K 0 USB 0