Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. 2020/03/10 12:00:14 parsed 1 programs 2020/03/10 12:00:14 executed programs: 0 2020/03/10 12:00:19 executed programs: 24 2020/03/10 12:00:24 executed programs: 48 login: panic: sx lock still held cpuid = 1 time = 1583841627 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024ae5870 vpanic() at vpanic+0x1ce/frame 0xfffffe0024ae58e0 panic() at panic+0x43/frame 0xfffffe0024ae5940 sx_destroy() at sx_destroy+0x63/frame 0xfffffe0024ae5960 solisten_proto() at solisten_proto+0xd2/frame 0xfffffe0024ae59c0 tcp6_usr_listen() at tcp6_usr_listen+0x1dc/frame 0xfffffe0024ae5a30 solisten() at solisten+0x7a/frame 0xfffffe0024ae5a70 kern_listen() at kern_listen+0x13c/frame 0xfffffe0024ae5ab0 ia32_syscall() at ia32_syscall+0x2e4/frame 0xfffffe0024ae5bf0 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x8142e3d KDB: enter: panic [ thread pid 928 tid 100355 ] Stopped at kdb_enter+0x67: movq $0,0x14634f6(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0x80 ll+0x5f rdx 0xffffffff818f738b rbx 0 rsp 0xfffffe0024ae5850 rbp 0xfffffe0024ae5870 rsi 0x1 rdi 0 r8 0 r9 0xffffffff r10 0 r11 0xfffffe0024981110 r12 0xffffffff82068f60 ddb_dbbe r13 0 r14 0xffffffff8193f6ec r15 0xffffffff8193f6ec rip 0xffffffff810b3dc7 kdb_enter+0x67 rflags 0x200082 kernphys+0x82 kdb_enter+0x67: movq $0,0x14634f6(%rip) db> show proc Process 928 (syz-executor.3) at 0xfffff8000b8a0a60: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 775 at 0xfffff80003c86a60 ABI: FreeBSD ELF32 arguments: /root/syz-executor.3 reaper: 0xfffff80003317000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe002498a3d0 (map 0xfffffe002498a3d0) (map.pmap 0xfffffe002498a490) (pmap 0xfffffe002498a4f0) threads: 5 100110 RunQ syz-executor.3 100341 S accept 0xfffffe0003da0878 syz-executor.3 100342 S accept 0xfffffe0003da0878 syz-executor.3 100355 Run CPU 1 syz-executor.3 100356 Run CPU 0 syz-executor.3 db> ps pid ppid pgrp uid state wmesg wchan cmd 932 788 422 0 S nanslp 0xffffffff824ffec0 sleep 931 777 777 0 S (threaded) syz-executor.0 100075 S nanslp 0xffffffff824ffec1 syz-executor.0 100353 S accept 0xfffffe0003de4168 syz-executor.0 100354 S uwait 0xfffff80003bc5e00 syz-executor.0 930 782 782 0 S (threaded) syz-executor.2 100078 S nanslp 0xffffffff824ffec1 syz-executor.2 100349 S accept 0xfffffe0003da1da8 syz-executor.2 100350 S uwait 0xfffff80003bc5b00 syz-executor.2 929 773 773 0 S (threaded) syz-executor.1 100329 S nanslp 0xffffffff824ffec1 syz-executor.1 100345 S accept 0xfffffe0003d9fa20 syz-executor.1 100346 S uwait 0xfffff80003bc4e00 syz-executor.1 928 775 775 0 R (threaded) syz-executor.3 100110 RunQ syz-executor.3 100341 S accept 0xfffffe0003da0878 syz-executor.3 100342 S accept 0xfffffe0003da0878 syz-executor.3 100355 Run CPU 1 syz-executor.3 100356 Run CPU 0 syz-executor.3 788 779 422 0 S wait 0xfffff8000b831000 sh 782 771 782 0 Ss nanslp 0xffffffff824ffec1 syz-executor.2 779 422 422 0 S wait 0xfffff80003c86530 sh 777 771 777 0 Ss nanslp 0xffffffff824ffec1 syz-executor.0 775 771 775 0 Ss nanslp 0xffffffff824ffec1 syz-executor.3 773 771 773 0 Ss nanslp 0xffffffff824ffec1 syz-executor.1 771 769 769 0 S (threaded) syz-execprog 100098 S uwait 0xfffff80003393f00 syz-execprog 100099 S uwait 0xfffff8000b1ab580 syz-execprog 100100 S uwait 0xfffff80003c02300 syz-execprog 100101 S uwait 0xfffff80003c02400 syz-execprog 100102 S uwait 0xfffff80003396080 syz-execprog 100103 S uwait 0xfffff80003396180 syz-execprog 100104 S uwait 0xfffff80003bc4f00 syz-execprog 100105 S uwait 0xfffff80003c02500 syz-execprog 100106 S kqread 0xfffff800031fd000 syz-execprog 769 767 769 0 Ss pause 0xfffff80003317b08 csh 767 680 767 0 Ss select 0xfffff8000b1a8a40 sshd 746 1 746 0 Ss+ ttyin 0xfffff800033ed8b0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003b160b0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003b164b0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003b168b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003b16cb0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003b150b0 getty 740 1 740 0 Ss+ ttyin 0xfffff80003b154b0 getty 739 1 739 0 Ss+ ttyin 0xfffff80003b158b0 getty 738 1 738 0 Ss+ ttyin 0xfffff80003b15cb0 getty 736 1 22 0 S+ piperd 0xfffff80003c8c2f8 logger 735 734 22 0 S+ nanslp 0xffffffff824ffec0 sleep 734 1 22 0 S+ wait 0xfffff80003c86000 sh 684 1 684 0 Ss nanslp 0xffffffff824ffec0 cron 680 1 680 0 Ss select 0xfffff80003bc75c0 sshd 493 1 493 0 Ss select 0xfffff8000b1abcc0 syslogd 422 1 422 0 Ss wait 0xfffff80003ceea60 devd 421 1 421 65 Ss select 0xfffff80003bc7540 dhclient 336 1 336 0 Ss select 0xfffff80003bc7840 dhclient 333 1 333 0 Ss select 0xfffff80003bc7740 dhclient 21 0 0 0 DL vlruwt 0xfffff800033f4a60 [vnlru] 20 0 0 0 DL syncer 0xffffffff825d6358 [syncer] 19 0 0 0 DL (threaded) [bufdaemon] 100065 D qsleep 0xffffffff825d5858 [bufdaemon] 100070 D - 0xffffffff8200aa00 [bufspacedaemon-0] 100081 D sdflush 0xfffff8000353e8e8 [/ worker] 18 0 0 0 DL psleep 0xffffffff825f12c8 [vmdaemon] 17 0 0 0 DL (threaded) [pagedaemon] 100063 D psleep 0xffffffff8261d1d8 [dom0] 100068 D launds 0xffffffff8261d1e4 [laundry: dom0] 100069 D umarcl 0xffffffff815432d0 [uma] 16 0 0 0 DL - 0xffffffff8235a730 [rand_harvestq] 15 0 0 0 DL waiting 0xffffffff826627a0 [sctp_iterator] 9 0 0 0 DL - 0xffffffff825d525c [soaiod4] 8 0 0 0 DL - 0xffffffff825d525c [soaiod3] 7 0 0 0 DL - 0xffffffff825d525c [soaiod2] 6 0 0 0 DL - 0xffffffff825d525c [soaiod1] 5 0 0 0 DL (threaded) [cam] 100031 D - 0xffffffff82235b40 [doneq0] 100062 D - 0xffffffff82235a08 [scanner] 4 0 0 0 DL crypto_ 0xfffff80003211990 [crypto returns 1] 3 0 0 0 DL crypto_ 0xfffff80003211930 [crypto returns 0] 2 0 0 0 DL crypto_ 0xffffffff825eb338 [crypto] 14 0 0 0 DL seqstat 0xfffff80003364488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100022 D - 0xffffffff8261b808 [g_event] 100023 D - 0xffffffff8261b818 [g_up] 100024 D - 0xffffffff8261b810 [g_down] 12 0 0 0 WL (threaded) [intr] 100005 I [swi6: Giant taskq] 100007 I [swi5: fast taskq] 100011 I [swi6: task queue] 100017 I [swi1: netisr 0] 100018 I [swi3: vm] 100019 I [swi4: clock (0)] 100020 I [swi4: clock (1)] 100032 I [irq24: virtio_pci0] 100033 I [irq25: virtio_pci0] 100034 I [irq26: virtio_pci0] 100035 I [irq27: virtio_pci0] 100036 I [irq28: virtio_pci1] 100037 I [irq29: virtio_pci1] 100038 I [irq30: virtio_pci1] 100039 I [irq31: virtio_pci1] 100040 I [irq32: virtio_pci1] 100045 I [irq10: virtio_pci2] 100047 I [irq1: atkbd0] 100048 I [irq12: psm0] 100049 I [swi0: uart uart++] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff80003317000 [init] 10 0 0 0 DL audit_w 0xffffffff82663430 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff8260ae48 [swapper] 100006 D - 0xfffff80003200d00 [thread taskq] 100008 D - 0xfffff80003212500 [config_0] 100009 D - 0xfffff80003200b00 [kqueue_ctx taskq] 100010 D - 0xfffff80003200a00 [aiod_kick taskq] 100012 D - 0xfffff80003212300 [if_config_tqg_0] 100013 D - 0xfffff80003212200 [if_io_tqg_0] 100014 D - 0xfffff80003212100 [if_io_tqg_1] 100015 D - 0xfffff80003212000 [softirq_0] 100016 D - 0xfffff80003211e00 [softirq_1] 100021 D - 0xfffff80003200800 [firmware taskq] 100026 D - 0xfffff80003200600 [crypto_0] 100027 D - 0xfffff80003200600 [crypto_1] 100041 D - 0xfffff80003200200 [vtnet0 rxq 0] 100042 D - 0xfffff80003200100 [vtnet0 txq 0] 100043 D - 0xfffff80003200000 [vtnet0 rxq 1] 100044 D - 0xfffff800031ffe00 [vtnet0 txq 1] 100046 D vtbslp 0xfffff8000350e580 [virtio_balloon] 100050 D - 0xfffff800031ffc00 [mca taskq] 100054 D - 0xffffffff81ce3741 [deadlkres] 100058 D - 0xfffff80003b11300 [acpi_task_0] 100059 D - 0xfffff80003b11300 [acpi_task_1] 100060 D - 0xfffff80003b11300 [acpi_task_2] 100061 D - 0xfffff80003200400 [CAM taskq] db> show all locks Process 928 (syz-executor.3) thread 0xfffffe0024980c00 (100355) exclusive sleep mutex socket (socket) r = 0 (0xfffffe0003da2e20) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_usrreq.c:483 exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8000b3e0208) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_usrreq.c:475 db> show malloc Type InUse MemUse Requests devbuf 4213 4851K 4238 vtbuf 24 1968K 46 sysctloid 26033 1517K 26097 kobj 332 1328K 488 newblk 397 1123K 498 vfscache 4 1025K 4 inodedep 128 576K 151 pcb 34 538K 336 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 128 257K 1006 acpica 1674 185K 52709 vnet_data 1 168K 1 filedesc 21 149K 187 pagedep 26 135K 89 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 105 105K 122 linker 222 89K 253 bus 992 79K 3374 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 494 62K 494 umtx 288 36K 288 kdtrace 178 35K 2160 gtaskqueue 22 34K 22 hostcache 1 32K 1 shm 1 32K 1 DEVFS3 124 31K 134 msg 4 30K 4 DEVFS_RULE 56 27K 56 ifaddr 70 23K 72 vmem 3 22K 4 kbdmux 6 22K 6 dirrem 76 19K 87 BPF 14 19K 14 lltable 47 18K 47 temp 34 17K 1840 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ithread 89 15K 89 ether_multi 172 14K 177 bus-sc 30 14K 1431 KTRACE 100 13K 100 ifnet 7 13K 7 kenv 95 12K 99 in6_multi 89 11K 89 eventhandler 122 11K 122 pfs_nodes 20 10K 20 GEOM 60 10K 487 rman 82 10K 423 bmsafemap 3 9K 122 UART 12 9K 12 devstat 4 9K 4 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 routetbl 57 8K 61 freefile 59 8K 68 audit_evclass 232 8K 290 diradd 49 7K 119 CAM DEV 3 6K 510 kqueue 57 6K 939 cred 22 6K 237 vt 11 6K 11 plimit 21 6K 350 sglist 5 6K 5 CAM queue 5 6K 1528 ufs_dirhash 24 5K 24 taskqueue 42 5K 42 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 UMA 236 4K 236 mkdir 27 4K 158 hhook 13 4K 13 session 24 3K 38 pgrp 24 3K 38 acpisem 22 3K 22 select 22 3K 22 terminal 11 3K 11 indirdep 10 3K 10 proc-args 46 3K 549 uidinfo 3 3K 8 sctp_ifa 17 3K 17 local_apic 1 2K 1 io_apic 1 2K 1 newdirblk 16 2K 79 ipsec-saq 2 2K 2 ip6ndp 12 2K 21 Unitno 29 2K 45 CAM XPT 22 2K 543 lockf 15 2K 22 in_multi 6 2K 7 crypto 2 2K 2 acpidev 20 2K 20 msi 9 2K 9 tun 7 2K 7 softdep 1 1K 1 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 clone 8 1K 8 vnodemarker 2 1K 8 NFSD session 1 1K 1 CAM periph 4 1K 271 inpcbpolicy 25 1K 673 mld 6 1K 6 sctp_ifn 6 1K 6 igmp 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 pfil 4 1K 4 chacha20random 1 1K 1 CAM SIM 2 1K 2 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 DEVFSP 6 1K 6 osd 3 1K 9 vnodes 1 1K 1 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 filecaps 7 1K 84 loginclass 3 1K 7 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 apmdev 1 1K 1 atkbddev 2 1K 2 CAM path 4 1K 1034 pmchooks 1 1K 1 prison 4 1K 4 soname 4 1K 5753 nexusdev 5 1K 5 entropy 2 1K 41 tcpfunc 1 1K 1 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 freework 1 1K 85 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 ath_hal 0 0K 0 athdev 0 0K 0 madt_table 0 0K 2 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 scsi_ch 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 nvme_da 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 mixer 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 SIIS driver 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 CAM CCB 0 0K 1789 vm_fictitious 0 0K 0 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 ag_tgt_map_t malloc 0 0K 0 UMAHash 0 0K 0 ag_slr_map_t malloc 0 0K 0 lDevFlags * malloc 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 12 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 3 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freeblks 0 0K 84 freefrag 0 0K 5 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 nfsclient_nlminfo 0 0K 0 n