Autoloading module: intpm.ko Starting background file system checks in 60 seconds. Thu Jan 23 03:39 FreeBSD/amd64 (ci-freebsd-i386-3.c.syzkaller.internal) (ttyu0) Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. 2020/01/23 03:39:56 fuzzer started 2020/01/23 03:39:56 dialing manager at 10.128.0.248:26780 2020/01/23 03:39:56 syscalls: 496 2020/01/23 03:39:56 code coverage: enabled 2020/01/23 03:39:56 comparison tracing: enabled 2020/01/23 03:39:56 extra coverage: support is not implemented in syzkaller 2020/01/23 03:39:56 setuid sandbox: support is not implemented in syzkaller 2020/01/23 03:39:56 namespace sandbox: support is not implemented in syzkaller 2020/01/23 03:39:56 Android sandbox: support is not implemented in syzkaller 2020/01/23 03:39:56 fault injection: support is not implemented in syzkaller 2020/01/23 03:39:56 leak checking: support is not implemented in syzkaller 2020/01/23 03:39:56 net packet injection: enabled 2020/01/23 03:39:56 net device setup: support is not implemented in syzkaller 2020/01/23 03:39:56 concurrency sanitizer: support is not implemented in syzkaller 2020/01/23 03:39:56 devlink PCI setup: support is not implemented in syzkaller 03:40:06 executing program 0: open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, 0x0) open$dir(0x0, 0x0, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f0000000180)={0x9}, &(0x7f00000001c0)) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff2840029f}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002ca}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff2840029a}}) 03:40:06 executing program 1: syz_emit_ethernet(0x68, &(0x7f0000000640)={@broadcast, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "4c000f", 0x32, 0x3a, 0x0, @empty, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x2000, {0x0, 0x6, "86dca5", 0x0, 0x0, 0x0, @rand_addr, @mcast2, [], "59ea"}}}}}}}) 03:40:06 executing program 3: freebsd11_mknod(&(0x7f00000000c0)='./file0\x00', 0x1000, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x200, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000001c0)={{0xffffffff284002c9}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000480)={{0xffffffff2840029d}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0x2840029b}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000001c0)={{0xffffffff284002dd}}) 03:40:06 executing program 2: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000240)={{0xffffffff284002b2}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a3}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff2840029d}}) 03:40:07 executing program 1: syz_emit_ethernet(0x68, &(0x7f0000000640)={@broadcast, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "4c000f", 0x32, 0x3a, 0x0, @empty, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x2000, {0x0, 0x6, "86dca5", 0x0, 0x0, 0x0, @rand_addr, @mcast2, [], "59ea"}}}}}}}) 03:40:07 executing program 1: syz_emit_ethernet(0x68, &(0x7f0000000640)={@broadcast, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "4c000f", 0x32, 0x3a, 0x0, @empty, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x2000, {0x0, 0x6, "86dca5", 0x0, 0x0, 0x0, @rand_addr, @mcast2, [], "59ea"}}}}}}}) 03:40:07 executing program 1: syz_emit_ethernet(0x68, &(0x7f0000000640)={@broadcast, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "4c000f", 0x32, 0x3a, 0x0, @empty, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x2000, {0x0, 0x6, "86dca5", 0x0, 0x0, 0x0, @rand_addr, @mcast2, [], "59ea"}}}}}}}) 03:40:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000080)=""/169, 0xa9}], 0x1) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000004c0)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff2840029e}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000280)={{0xffffffff2840029a}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff28400299}}) 03:40:08 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3, 0x0, @local={0xfe, 0x80, [], 0x0}}, 0x1c) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002cb}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff2840029e}}) 03:40:08 executing program 2: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000240)={{0xffffffff284002b2}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a3}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff2840029d}}) 03:40:08 executing program 0: r0 = socket(0x11, 0x3, 0x0) sendto$unix(r0, &(0x7f0000000240)="5001050460000004015000001306ca90100e10fecea11ea8fef96ecfc73fd3357ae26caa0416fa4f376336acf00b7804be781e4991f7c8df5f882b297be1aa5b23ed00f4c8b2ca3ebbc257699a1f132e27acb5d602000d7d026ba8af63ff37282902e4fd89720fd3872babfbb770c1f5a872c881ff7cc53c894303b22f310b404f36a00f90006ee01be657aea8c5000000020000000000000e0208a371a3f80004ffff00000000000000000000000000008539cda74d1467802811c67be2313927b913cebdbb7e563c73891d41f638837f11c34b0cceb2024db224dadc0640906fa45d709da9d158d945a2a5fc1233cf6e27749bbd97bb0d03fe2d04a1b9ff40195f1fde95d68896dc7ed7b187906698e04e34248daaf9231f0de030323b4125ce41203583671ac5e5b7b303757e60642b45cbc5737b8e2405757105889a2b32728f83ea65f3482e093de7cd0b10427a", 0x150, 0x0, 0x0, 0x0) 03:40:08 executing program 0: r0 = socket(0x11, 0x3, 0x0) sendto$unix(r0, &(0x7f0000000240)="5001050460000004015000001306ca90100e10fecea11ea8fef96ecfc73fd3357ae26caa0416fa4f376336acf00b7804be781e4991f7c8df5f882b297be1aa5b23ed00f4c8b2ca3ebbc257699a1f132e27acb5d602000d7d026ba8af63ff37282902e4fd89720fd3872babfbb770c1f5a872c881ff7cc53c894303b22f310b404f36a00f90006ee01be657aea8c5000000020000000000000e0208a371a3f80004ffff00000000000000000000000000008539cda74d1467802811c67be2313927b913cebdbb7e563c73891d41f638837f11c34b0cceb2024db224dadc0640906fa45d709da9d158d945a2a5fc1233cf6e27749bbd97bb0d03fe2d04a1b9ff40195f1fde95d68896dc7ed7b187906698e04e34248daaf9231f0de030323b4125ce41203583671ac5e5b7b303757e60642b45cbc5737b8e2405757105889a2b32728f83ea65f3482e093de7cd0b10427a", 0x150, 0x0, 0x0, 0x0) 03:40:08 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000080)={0x10, 0x2, 0x0}, 0x10) getpeername$inet(r0, 0x0, &(0x7f0000000040)) 03:40:08 executing program 0: r0 = socket(0x11, 0x3, 0x0) sendto$unix(r0, &(0x7f0000000240)="5001050460000004015000001306ca90100e10fecea11ea8fef96ecfc73fd3357ae26caa0416fa4f376336acf00b7804be781e4991f7c8df5f882b297be1aa5b23ed00f4c8b2ca3ebbc257699a1f132e27acb5d602000d7d026ba8af63ff37282902e4fd89720fd3872babfbb770c1f5a872c881ff7cc53c894303b22f310b404f36a00f90006ee01be657aea8c5000000020000000000000e0208a371a3f80004ffff00000000000000000000000000008539cda74d1467802811c67be2313927b913cebdbb7e563c73891d41f638837f11c34b0cceb2024db224dadc0640906fa45d709da9d158d945a2a5fc1233cf6e27749bbd97bb0d03fe2d04a1b9ff40195f1fde95d68896dc7ed7b187906698e04e34248daaf9231f0de030323b4125ce41203583671ac5e5b7b303757e60642b45cbc5737b8e2405757105889a2b32728f83ea65f3482e093de7cd0b10427a", 0x150, 0x0, 0x0, 0x0) 03:40:08 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000080)={0x10, 0x2, 0x0}, 0x10) getpeername$inet(r0, 0x0, &(0x7f0000000040)) 03:40:08 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000080)={0x10, 0x2, 0x0}, 0x10) getpeername$inet(r0, 0x0, &(0x7f0000000040)) 03:40:09 executing program 0: r0 = socket(0x11, 0x3, 0x0) sendto$unix(r0, &(0x7f0000000240)="5001050460000004015000001306ca90100e10fecea11ea8fef96ecfc73fd3357ae26caa0416fa4f376336acf00b7804be781e4991f7c8df5f882b297be1aa5b23ed00f4c8b2ca3ebbc257699a1f132e27acb5d602000d7d026ba8af63ff37282902e4fd89720fd3872babfbb770c1f5a872c881ff7cc53c894303b22f310b404f36a00f90006ee01be657aea8c5000000020000000000000e0208a371a3f80004ffff00000000000000000000000000008539cda74d1467802811c67be2313927b913cebdbb7e563c73891d41f638837f11c34b0cceb2024db224dadc0640906fa45d709da9d158d945a2a5fc1233cf6e27749bbd97bb0d03fe2d04a1b9ff40195f1fde95d68896dc7ed7b187906698e04e34248daaf9231f0de030323b4125ce41203583671ac5e5b7b303757e60642b45cbc5737b8e2405757105889a2b32728f83ea65f3482e093de7cd0b10427a", 0x150, 0x0, 0x0, 0x0) 03:40:09 executing program 3: pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write(r0, &(0x7f0000000d80)="827cdd78c443b24d44c586d37951c430bbbd631fe2719ca007eb084b3af7d021402a5b37356394be4f27df09410322143e8288b5820d044a7ee2fdda201404678a5ec1a2e52dc00ee8ad4bb1946ea0be61189f752845eeb89cb982bf7491277d7d0a3a93b9964da0e3dc8c3f9876b81b1ed3042d2de02305a4346a8e0ab245748277cdf2e0127c4412b319fe0007ac841303a862159e0998d4ca6d9cee94751f1a7885b4f59c948ea786cb90139c3acfc204671d18ca81d2a86fccc8f4141cdfeb61f399c2d5047f11a7f7ffd07d7315cc5599882fe80b58ce2835794e2fa744917b9104114b33fcffff7fc48d60841c64703ccb4ef8b5945308d39679661dc7742bc4fc855aec385f48c22e370cc3375c0149e4a70f2440a07c05e9d87fb12c865b2a64a811bfedbf86666c58f71ee8fcfc6b629b75fd890b93f5cd67d19c67d32e60a5cdf01fe1c8ed71960e780d385e59f5454e15fd4bfc000000c7c85e605adef08c9df5ebb66239e79b71b8d7d027a01e48d0a4c0f8a48e5ab6789254312772", 0x6066) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000004c0)={{0xffffffff284002a1}}) execve(0x0, 0x0, 0x0) 03:40:09 executing program 2: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000240)={{0xffffffff284002b2}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a3}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff2840029d}}) 03:40:09 executing program 0: pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000100)=""/115, 0x73}], 0x1) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000180)={{0x2840029e}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000480)={{0xffffffff28400299}}) 03:40:09 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000080)={0x10, 0x2, 0x0}, 0x10) getpeername$inet(r0, 0x0, &(0x7f0000000040)) 03:40:09 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmsg(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)=""/18, 0x12}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, 0x0}, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000001c0)={{0xffffffff2840029f}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff28400299}}) shutdown(r0, 0x0) 03:40:09 executing program 3: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000340)={{0xffffffff284002ca}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000001c0)={{0x2840039d}}) 03:40:09 executing program 1: open$dir(&(0x7f0000001240)='./file0\x00', 0x40000400000002c1, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) semget$private(0x0, 0x6, 0x5f8) __semctl$IPC_SET(0x0, 0x0, 0xa, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000001c0)={{0x7fffffdf284002e5}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff28400299}, 0x0, 0xfffffffc}) semget(0x3, 0x0, 0x48) r1 = semget(0x2, 0x3, 0x58) r2 = semget(0x1, 0x3, 0x58) semop(r2, 0x0, 0x0) r3 = getgid() __semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f00000003c0)={{0x9, 0x0, 0x0, 0x0, r3, 0x80, 0x1000}, 0x6, 0x3, 0x41}) getresuid(0x0, &(0x7f0000000080)=0x0, 0x0) r5 = semget(0x2, 0x1, 0x200) semop(r5, 0x0, 0x0) __semctl$IPC_SET(r5, 0x0, 0x1, 0x0) __semctl$IPC_SET(r5, 0x0, 0xa, &(0x7f00000002c0)={{0xffffffff2840029c, 0x0, 0x0, r4}}) r6 = getgid() getgroups(0x7, &(0x7f0000000000)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0]) __semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f0000000340)={{0x2, 0xffffffffffffffff, 0x0, r4, r6, 0x8, 0x6}, 0x2, 0x6, 0xc0000000}) semop(r1, 0x0, 0x0) r7 = getgid() __semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x0, r7, 0x80, 0x1000}, 0x784845a3, 0x6, 0x41}) getgroups(0x1, &(0x7f00000000c0)=[r7]) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000002c0)) getegid() __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff284002ca}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff284002b1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000100)={{0xffffffff284002a1}}) 03:40:09 executing program 2: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000240)={{0xffffffff284002b2}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a3}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff2840029d}}) 03:40:09 executing program 1: open$dir(&(0x7f0000001240)='./file0\x00', 0x40000400000002c1, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) semget$private(0x0, 0x6, 0x5f8) __semctl$IPC_SET(0x0, 0x0, 0xa, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000001c0)={{0x7fffffdf284002e5}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff28400299}, 0x0, 0xfffffffc}) semget(0x3, 0x0, 0x48) r1 = semget(0x2, 0x3, 0x58) r2 = semget(0x1, 0x3, 0x58) semop(r2, 0x0, 0x0) r3 = getgid() __semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f00000003c0)={{0x9, 0x0, 0x0, 0x0, r3, 0x80, 0x1000}, 0x6, 0x3, 0x41}) getresuid(0x0, &(0x7f0000000080)=0x0, 0x0) r5 = semget(0x2, 0x1, 0x200) semop(r5, 0x0, 0x0) __semctl$IPC_SET(r5, 0x0, 0x1, 0x0) __semctl$IPC_SET(r5, 0x0, 0xa, &(0x7f00000002c0)={{0xffffffff2840029c, 0x0, 0x0, r4}}) r6 = getgid() getgroups(0x7, &(0x7f0000000000)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0]) __semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f0000000340)={{0x2, 0xffffffffffffffff, 0x0, r4, r6, 0x8, 0x6}, 0x2, 0x6, 0xc0000000}) semop(r1, 0x0, 0x0) r7 = getgid() __semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x0, r7, 0x80, 0x1000}, 0x784845a3, 0x6, 0x41}) getgroups(0x1, &(0x7f00000000c0)=[r7]) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000002c0)) getegid() __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff284002ca}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff284002b1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000100)={{0xffffffff284002a1}}) 03:40:10 executing program 1: open$dir(&(0x7f0000001240)='./file0\x00', 0x40000400000002c1, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) semget$private(0x0, 0x6, 0x5f8) __semctl$IPC_SET(0x0, 0x0, 0xa, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000001c0)={{0x7fffffdf284002e5}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff28400299}, 0x0, 0xfffffffc}) semget(0x3, 0x0, 0x48) r1 = semget(0x2, 0x3, 0x58) r2 = semget(0x1, 0x3, 0x58) semop(r2, 0x0, 0x0) r3 = getgid() __semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f00000003c0)={{0x9, 0x0, 0x0, 0x0, r3, 0x80, 0x1000}, 0x6, 0x3, 0x41}) getresuid(0x0, &(0x7f0000000080)=0x0, 0x0) r5 = semget(0x2, 0x1, 0x200) semop(r5, 0x0, 0x0) __semctl$IPC_SET(r5, 0x0, 0x1, 0x0) __semctl$IPC_SET(r5, 0x0, 0xa, &(0x7f00000002c0)={{0xffffffff2840029c, 0x0, 0x0, r4}}) r6 = getgid() getgroups(0x7, &(0x7f0000000000)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0]) __semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f0000000340)={{0x2, 0xffffffffffffffff, 0x0, r4, r6, 0x8, 0x6}, 0x2, 0x6, 0xc0000000}) semop(r1, 0x0, 0x0) r7 = getgid() __semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x0, r7, 0x80, 0x1000}, 0x784845a3, 0x6, 0x41}) getgroups(0x1, &(0x7f00000000c0)=[r7]) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000002c0)) getegid() __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff284002ca}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff284002b1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000100)={{0xffffffff284002a1}}) 03:40:10 executing program 1: open$dir(&(0x7f0000001240)='./file0\x00', 0x40000400000002c1, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) semget$private(0x0, 0x6, 0x5f8) __semctl$IPC_SET(0x0, 0x0, 0xa, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000001c0)={{0x7fffffdf284002e5}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff28400299}, 0x0, 0xfffffffc}) semget(0x3, 0x0, 0x48) r1 = semget(0x2, 0x3, 0x58) r2 = semget(0x1, 0x3, 0x58) semop(r2, 0x0, 0x0) r3 = getgid() __semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f00000003c0)={{0x9, 0x0, 0x0, 0x0, r3, 0x80, 0x1000}, 0x6, 0x3, 0x41}) getresuid(0x0, &(0x7f0000000080)=0x0, 0x0) r5 = semget(0x2, 0x1, 0x200) semop(r5, 0x0, 0x0) __semctl$IPC_SET(r5, 0x0, 0x1, 0x0) __semctl$IPC_SET(r5, 0x0, 0xa, &(0x7f00000002c0)={{0xffffffff2840029c, 0x0, 0x0, r4}}) r6 = getgid() getgroups(0x7, &(0x7f0000000000)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0]) __semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f0000000340)={{0x2, 0xffffffffffffffff, 0x0, r4, r6, 0x8, 0x6}, 0x2, 0x6, 0xc0000000}) semop(r1, 0x0, 0x0) r7 = getgid() __semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x0, r7, 0x80, 0x1000}, 0x784845a3, 0x6, 0x41}) getgroups(0x1, &(0x7f00000000c0)=[r7]) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000002c0)) getegid() __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000040)={{0xffffffff284002ca}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff284002b1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000100)={{0xffffffff284002a1}}) 03:40:10 executing program 0: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) r1 = dup(r0) accept$inet(r1, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002ca}}) 03:40:10 executing program 3: select(0x4, 0x0, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a7}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002cb}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000180)={{0x2840029e}}) 03:40:10 executing program 1: freebsd11_mknod(&(0x7f00000000c0)='./file0\x00', 0x1000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0x28400296}}) open$dir(&(0x7f0000000140)='./file0\x00', 0x40000400000002c2, 0x0) 03:40:10 executing program 1: freebsd11_mknod(&(0x7f00000000c0)='./file0\x00', 0x1000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0x28400296}}) open$dir(&(0x7f0000000140)='./file0\x00', 0x40000400000002c2, 0x0) 03:40:11 executing program 1: freebsd11_mknod(&(0x7f00000000c0)='./file0\x00', 0x1000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0x28400296}}) open$dir(&(0x7f0000000140)='./file0\x00', 0x40000400000002c2, 0x0) 03:40:11 executing program 2: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000c00)={{0xffffffff284002a6}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000002c0)={{0xffffffff2840029d}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000100)={{0xffffffff2840029b}}) 03:40:11 executing program 0: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) r1 = dup(r0) accept$inet(r1, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002ca}}) 03:40:11 executing program 1: freebsd11_mknod(&(0x7f00000000c0)='./file0\x00', 0x1000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0x28400296}}) open$dir(&(0x7f0000000140)='./file0\x00', 0x40000400000002c2, 0x0) 03:40:11 executing program 1: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) accept(r0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a3}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff2840029f}}) 03:40:11 executing program 3: select(0x4, 0x0, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a7}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002cb}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000180)={{0x2840029e}}) 03:40:11 executing program 2: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000c00)={{0xffffffff284002a6}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000002c0)={{0xffffffff2840029d}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000100)={{0xffffffff2840029b}}) 03:40:11 executing program 0: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) r1 = dup(r0) accept$inet(r1, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002ca}}) 03:40:12 executing program 1: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) accept(r0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a3}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff2840029f}}) 03:40:12 executing program 3: select(0x4, 0x0, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a7}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002cb}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000180)={{0x2840029e}}) 03:40:12 executing program 2: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000c00)={{0xffffffff284002a6}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000002c0)={{0xffffffff2840029d}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000100)={{0xffffffff2840029b}}) 03:40:12 executing program 0: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) r1 = dup(r0) accept$inet(r1, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002ca}}) 03:40:12 executing program 1: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) accept(r0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a3}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002a1}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000000)={{0xffffffff2840029f}}) 03:40:12 executing program 3: select(0x4, 0x0, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000200)={{0xffffffff284002a7}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000080)={{0xffffffff284002cb}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000180)={{0x2840029e}}) 03:40:13 executing program 2: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000c00)={{0xffffffff284002a6}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f00000002c0)={{0xffffffff2840029d}}) __semctl$IPC_SET(0x0, 0x0, 0xa, &(0x7f0000000100)={{0xffffffff2840029b}}) 03:40:13 executing program 0: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f00000001c0), 0x4) connect$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c, 0x2, 0x0, @ipv4={[], [], @broadcast}}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0x9734f89c1bc2c068, 0x1c, 0xffffffffffffffff, 0x0, @rand_addr="9dea0b2a205acbe7d83f413f95b3f777"}, 0x1c) login: panic: Assertion in_epoch(net_epoch_preempt) failed at /syzkaller/managers/i386/kernel/sys/netinet/in_pcb.c:1267 cpuid = 1 time = 1579750813 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024523750 vpanic() at vpanic+0x1ce/frame 0xfffffe00245237c0 panic() at panic+0x43/frame 0xfffffe0024523820 in_pcbconnect_setup() at in_pcbconnect_setup+0x5b5/frame 0xfffffe00245238e0 in_pcbconnect_mbuf() at in_pcbconnect_mbuf+0x9f/frame 0xfffffe0024523940 udp6_connect() at udp6_connect+0x388/frame 0xfffffe00245239b0 soconnectat() at soconnectat+0x183/frame 0xfffffe0024523a10 kern_connectat() at kern_connectat+0x1ec/frame 0xfffffe0024523a70 sys_connect() at sys_connect+0xd9/frame 0xfffffe0024523ab0 ia32_syscall() at ia32_syscall+0x48c/frame 0xfffffe0024523bf0 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x81425c0 KDB: enter: panic [ thread pid 867 tid 100221 ] Stopped at kdb_enter+0x67: movq $0,0x1466de6(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0xfffffe0024a00000 rdx 0x3ffff rbx 0 rsp 0xfffffe0024523730 rbp 0xfffffe0024523750 rsi 0x40001 rdi 0xffffffff810ba276 vprintf+0x176 r8 0 r9 0xffffffff r10 0xffffffff r11 0xfffff8003adacbd0 r12 0xffffffff82068d90 ddb_dbbe r13 0 r14 0xffffffff819363ab r15 0xffffffff819363ab rip 0xffffffff810af337 kdb_enter+0x67 rflags 0x200086 kernphys+0x86 kdb_enter+0x67: movq $0,0x1466de6(%rip) db> show proc Process 867 (syz-executor.0) at 0xfffff80003db6a60: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 770 at 0xfffff8003a422530 ABI: FreeBSD ELF32 arguments: /root/syz-executor.0 reaper: 0xfffff800032fa530 reapsubtree: 1 sigparent: 20 vmspace: 0xfffff8003ada0000 (map 0xfffff8003ada0000) (map.pmap 0xfffff8003ada00c0) (pmap 0xfffff8003ada0120) threads: 2 100082 RunQ syz-executor.0 100221 Run CPU 1 syz-executor.0 db> ps pid ppid pgrp uid state wmesg wchan cmd 867 770 770 0 R (threaded) syz-executor.0 100082 RunQ syz-executor.0 100221 Run CPU 1 syz-executor.0 866 773 773 0 R (threaded) syz-executor.2 100085 Run CPU 0 syz-executor.2 100220 S accept 0xfffff8003a2d9168 syz-executor.2 865 772 772 0 S (threaded) syz-executor.3 100121 S nanslp 0xffffffff824fed21 syz-executor.3 100217 S select 0xfffff8003ad300c0 syz-executor.3 100219 S uwait 0xfffff80003a47280 syz-executor.3 864 771 771 0 S (threaded) syz-executor.1 100084 S nanslp 0xffffffff824fed20 syz-executor.1 100216 S accept 0xfffff80003e874f0 syz-executor.1 100218 S uwait 0xfffff80003a49500 syz-executor.1 813 806 813 0 Ss select 0xfffff8003ad30340 dhclient 810 1 810 0 Ss select 0xfffff8003ad303c0 dhclient 806 795 422 65 S select 0xfffff8003ad304c0 dhclient 795 422 422 0 S wait 0xfffff80003afc530 sh 773 766 773 0 Ss nanslp 0xffffffff824fed21 syz-executor.2 772 766 772 0 Ss nanslp 0xffffffff824fed20 syz-executor.3 771 766 771 0 Rs syz-executor.1 770 766 770 0 Ss nanslp 0xffffffff824fed21 syz-executor.0 766 764 764 0 S (threaded) syz-fuzzer 100106 S uwait 0xfffff80003cd8380 syz-fuzzer 100107 S uwait 0xfffff80003a48700 syz-fuzzer 100108 S uwait 0xfffff80003a47800 syz-fuzzer 100109 S uwait 0xfffff80003a47900 syz-fuzzer 100110 S uwait 0xfffff80003a47a00 syz-fuzzer 100111 S uwait 0xfffff80003cd8480 syz-fuzzer 100112 S uwait 0xfffff80003a47b00 syz-fuzzer 100113 S uwait 0xfffff80003cd8580 syz-fuzzer 100114 S uwait 0xfffff80003cd8b00 syz-fuzzer 100115 S kqread 0xfffff80003b33e00 syz-fuzzer 764 762 764 0 Ss pause 0xfffff8003a5f55d8 csh 762 680 762 0 Ss select 0xfffff80003cf3e40 sshd 746 1 746 0 Ss+ ttyin 0xfffff800033f7cb0 getty 745 1 745 0 Ss+ ttyin 0xfffff800033f8cb0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003aba0b0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003aba4b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003aba8b0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003abacb0 getty 740 1 740 0 Ss+ ttyin 0xfffff80003abb0b0 getty 739 1 739 0 Ss+ ttyin 0xfffff80003abb4b0 getty 738 1 738 0 Ss+ ttyin 0xfffff80003abb8b0 getty 736 1 22 0 S+ piperd 0xfffff80003d96000 logger 735 734 22 0 S+ nanslp 0xffffffff824fed21 sleep 734 1 22 0 S+ wait 0xfffff8003a45b000 sh 684 1 684 0 Ss nanslp 0xffffffff824fed21 cron 680 1 680 0 Ss select 0xfffff80003cf2040 sshd 493 1 493 0 Ss select 0xfffff80003cf5ac0 syslogd 422 1 422 0 Ss wait 0xfffff80003dac000 devd 421 1 421 65 Ss select 0xfffff80003cf59c0 dhclient 336 1 336 0 Ss select 0xfffff80003cf5c40 dhclient 333 1 333 0 Ss select 0xfffff80003cf5bc0 dhclient 21 0 0 0 DL syncer 0xffffffff825d5198 [syncer] 20 0 0 0 DL vlruwt 0xfffff80003b01000 [vnlru] 19 0 0 0 DL (threaded) [bufdaemon] 100065 D qsleep 0xffffffff825d4698 [bufdaemon] 100069 D - 0xffffffff8200a980 [bufspacedaemon-0] 100079 D sdflush 0xfffff80003cfe8e8 [/ worker] 18 0 0 0 DL psleep 0xffffffff825f0108 [vmdaemon] 17 0 0 0 DL (threaded) [pagedaemon] 100063 D psleep 0xffffffff8261d058 [dom0] 100068 D launds 0xffffffff8261d064 [laundry: dom0] 100070 D umarcl 0xffffffff8153d4b0 [uma] 16 0 0 0 DL - 0xffffffff823595b0 [rand_harvestq] 15 0 0 0 DL waiting 0xffffffff82662620 [sctp_iterator] 9 0 0 0 DL - 0xffffffff825d409c [soaiod4] 8 0 0 0 DL - 0xffffffff825d409c [soaiod3] 7 0 0 0 DL - 0xffffffff825d409c [soaiod2] 6 0 0 0 DL - 0xffffffff825d409c [soaiod1] 5 0 0 0 DL (threaded) [cam] 100031 D - 0xffffffff822349c0 [doneq0] 100062 D - 0xffffffff82234888 [scanner] 4 0 0 0 DL crypto_ 0xfffff800031f8e90 [crypto returns 1] 3 0 0 0 DL crypto_ 0xfffff800031f8e30 [crypto returns 0] 2 0 0 0 DL crypto_ 0xffffffff825ea178 [crypto] 14 0 0 0 DL seqstat 0xfffff80003362888 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100022 D - 0xffffffff8261b688 [g_event] 100023 D - 0xffffffff8261b698 [g_up] 100024 D - 0xffffffff8261b690 [g_down] 12 0 0 0 WL (threaded) [intr] 100006 I [swi5: fast taskq] 100010 I [swi6: task queue] 100011 I [swi6: Giant taskq] 100017 I [swi3: vm] 100018 I [swi4: clock (0)] 100019 I [swi4: clock (1)] 100020 I [swi1: netisr 0] 100032 I [irq24: virtio_pci0] 100033 I [irq25: virtio_pci0] 100034 I [irq26: virtio_pci0] 100035 I [irq27: virtio_pci0] 100036 I [irq28: virtio_pci1] 100037 I [irq29: virtio_pci1] 100038 I [irq30: virtio_pci1] 100039 I [irq31: virtio_pci1] 100040 I [irq32: virtio_pci1] 100045 I [irq10: virtio_pci2] 100047 I [irq1: atkbd0] 100048 I [irq12: psm0] 100049 I [swi0: uart uart++] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff800032fa530 [init] 10 0 0 0 DL audit_w 0xffffffff826632b0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff82609c78 [swapper] 100005 D - 0xfffff8000333d000 [thread taskq] 100007 D - 0xfffff8000333cd00 [kqueue_ctx taskq] 100008 D - 0xfffff8000333cc00 [config_0] 100009 D - 0xfffff8000333cb00 [aiod_kick taskq] 100012 D - 0xfffff8000333c800 [if_config_tqg_0] 100013 D - 0xfffff8000333c700 [if_io_tqg_0] 100014 D - 0xfffff8000333c600 [if_io_tqg_1] 100015 D - 0xfffff8000333c500 [softirq_0] 100016 D - 0xfffff8000333c400 [softirq_1] 100021 D - 0xfffff8000333c300 [firmware taskq] 100026 D - 0xfffff8000333c200 [crypto_0] 100027 D - 0xfffff8000333c200 [crypto_1] 100041 D - 0xfffff8000333c000 [vtnet0 rxq 0] 100042 D - 0xfffff8000333be00 [vtnet0 txq 0] 100043 D - 0xfffff8000333bd00 [vtnet0 rxq 1] 100044 D - 0xfffff8000333bc00 [vtnet0 txq 1] 100046 D vtbslp 0xfffff800034d4400 [virtio_balloon] 100050 D - 0xfffff8000333bb00 [mca taskq] 100054 D - 0xffffffff81cd9e01 [deadlkres] 100057 D - 0xfffff80003b34100 [acpi_task_0] 100058 D - 0xfffff80003b34100 [acpi_task_1] 100059 D - 0xfffff80003b34100 [acpi_task_2] 100061 D - 0xfffff8000333c100 [CAM taskq] db> show all locks Process 867 (syz-executor.0) thread 0xfffff8003adac6e0 (100221) exclusive sleep mutex pcbinfohash (pcbinfohash) r = 0 (0xfffffe0004959ad8) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/udp6_usrreq.c:1218 exclusive rw udpinp (udpinp) r = 0 (0xfffff80003ea77c0) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/udp6_usrreq.c:1194 Process 866 (syz-executor.2) thread 0xfffff80003ef66e0 (100085) exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff8250f4d0) locked @ /syzkaller/managers/i386/kernel/sys/kern/kern_umtx.c:507 db> show malloc Type InUse MemUse Requests devbuf 4213 4851K 4238 vtbuf 24 1968K 46 sysctloid 26527 1553K 26591 kobj 331 1324K 487 newblk 571 1167K 909 vfscache 4 1025K 4 inodedep 85 554K 150 pcb 25 537K 110 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 120 256K 932 acpica 1674 185K 49750 vnet_data 1 168K 1 filedesc 21 149K 157 pagedep 26 135K 75 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 105 105K 122 linker 221 89K 252 bus 986 79K 3330 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 493 62K 493 BPF 22 36K 22 umtx 272 34K 272 gtaskqueue 22 34K 22 kdtrace 177 34K 1896 hostcache 1 32K 1 shm 1 32K 1 DEVFS3 124 31K 134 msg 4 30K 4 DEVFS_RULE 56 27K 56 ifaddr 71 24K 73 kbdmux 6 22K 6 vmem 3 19K 4 lltable 47 18K 47 temp 34 17K 1840 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ithread 89 15K 89 ether_multi 172 14K 177 bus-sc 30 14K 1394 KTRACE 100 13K 100 ifnet 7 13K 7 kenv 95 12K 99 eventhandler 123 11K 123 in6_multi 89 11K 89 pfs_nodes 20 10K 20 GEOM 60 10K 487 rman 82 10K 423 bmsafemap 3 9K 124 devstat 4 9K 4 UART 12 9K 12 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 routetbl 58 8K 62 cred 29 8K 211 audit_evclass 231 8K 289 diradd 49 7K 118 CAM DEV 3 6K 508 kqueue 58 6K 872 plimit 22 6K 363 vt 11 6K 11 sglist 5 6K 5 CAM queue 5 6K 1522 ufs_dirhash 24 5K 24 DEVFSP 72 5K 76 taskqueue 42 5K 42 memdesc 1 4K 1 MCA 32 4K 32 dirrem 32 4K 85 evdev 4 4K 4 kcovinfo 64 4K 68 freework 16 4K 182 UMA 234 4K 234 session 26 4K 36 pgrp 26 4K 36 hhook 13 4K 13 mkdir 24 3K 128 select 24 3K 24 acpisem 22 3K 22 indirdep 11 3K 178 terminal 11 3K 11 proc-args 47 3K 541 uidinfo 4 3K 5 sctp_ifa 17 3K 17 lockf 20 3K 33 local_apic 1 2K 1 io_apic 1 2K 1 freefile 16 2K 66 ipsec-saq 2 2K 2 ip6ndp 12 2K 21 Unitno 29 2K 45 CAM XPT 22 2K 541 in_multi 6 2K 7 acpidev 20 2K 20 crypto 2 2K 2 msi 9 2K 9 tun 7 2K 7 newdirblk 16 1K 64 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 clone 8 1K 8 vnodemarker 2 1K 10 NFSD session 1 1K 1 CAM periph 4 1K 270 freeblks 3 1K 85 mld 6 1K 6 sctp_ifn 6 1K 6 igmp 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 CAM SIM 2 1K 2 softdep 1 1K 1 sctp_timw 2 1K 2 pfil 4 1K 4 chacha20random 1 1K 1 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 inpcbpolicy 11 1K 189 osd 3 1K 9 vnodes 1 1K 6 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 loginclass 3 1K 3 soname 5 1K 5745 CAM path 4 1K 1030 apmdev 1 1K 1 atkbddev 2 1K 2 pmchooks 1 1K 1 prison 4 1K 4 filecaps 5 1K 72 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 nexusdev 5 1K 5 entropy 2 1K 37 tcpfunc 1 1K 1 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 CAM CCB 0 0K 2471 madt_table 0 0K 2 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 ag_tgt_map_t malloc 0 0K 0 ag_slr_map_t malloc 0 0K 0 lDevFlags * malloc 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 CAM ccb queue 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 mps_user 0 0K 0 MPSSAS 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 140 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 3 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freefrag 0 0K 5 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 nfsclient_nlminfo 0 0K 0 nfsclient_lock 0 0K 0 NFS FHA 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 3 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 0 sctp_iter 0 0K 10 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_athm 0 0K 4 sctp_atky 0 0K 6 sctp_atcl 0 0K 4 sctp_a_it 0 0K 10 sctp_aadr 0 0K 0 sctp_stro 0 0K 2 sctp_stri 0 0K 0 sctp_map 0 0K 4 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 mpr 0 0K 0 statfs 0 0K 234 export_host 0 0K 0 cl_savebuf 0 0K 2 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 mfibuf 0 0K 0 mbuf_tag 0 0K 116 accf 0 0K 0 pts 0 0K 0 iov 0 0K 13564 ioctlops 0 0K 100 Witness 0 0K 0 stack 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 580 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 nvme_da 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 SIIS driver 0 0K 0 db> show ktr No such command; use "help" to list available commands