Autoloading module: intpm.ko Starting background file system checks in 60 seconds. Fri Jan 17 07:09 FreeBSD/amd64 (ci-freebsd-i386-2.c.syzkaller.internal) (ttyu0) Warning: Permanently added '10.128.0.204' (ECDSA) to the list of known hosts. 2020/01/17 07:09:37 parsed 1 programs 2020/01/17 07:09:37 executed programs: 0 login: panic: sx_xlock() of destroyed sx @ /syzkaller/managers/i386/kernel/sys/kern/uipc_sockbuf.c:393 cpuid = 1 time = 1579244977 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00244e06b0 vpanic() at vpanic+0x1ce/frame 0xfffffe00244e0720 panic() at panic+0x43/frame 0xfffffe00244e0780 _sx_xlock() at _sx_xlock+0x1ca/frame 0xfffffe00244e07d0 soreceive_generic() at soreceive_generic+0x1a2/frame 0xfffffe00244e0890 soreceive() at soreceive+0xb9/frame 0xfffffe00244e08f0 kern_recvit() at kern_recvit+0x31f/frame 0xfffffe00244e09b0 freebsd32_recvmsg() at freebsd32_recvmsg+0x1e8/frame 0xfffffe00244e0ab0 ia32_syscall() at ia32_syscall+0x48c/frame 0xfffffe00244e0bf0 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x8142fbe KDB: enter: panic [ thread pid 815 tid 100134 ] Stopped at kdb_enter+0x67: movq $0,0x1467466(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0x80 ll+0x5f rdx 0xffffffff818ed59d rbx 0 rsp 0xfffffe00244e0690 rbp 0xfffffe00244e06b0 rsi 0x1 rdi 0 r8 0 r9 0xffffffff r10 0 r11 0xfffff8003abdfbd0 r12 0xffffffff82068d90 ddb_dbbe r13 0 r14 0xffffffff819350cb r15 0xffffffff819350cb rip 0xffffffff810aec37 kdb_enter+0x67 rflags 0x200086 kernphys+0x86 kdb_enter+0x67: movq $0,0x1467466(%rip) db> show proc Process 815 (syz-executor.0) at 0xfffff8003a512530: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 773 at 0xfffff8003a833530 ABI: FreeBSD ELF32 arguments: /root/syz-executor.0 reaper: 0xfffff800032fa530 reapsubtree: 1 sigparent: 20 vmspace: 0xfffff8003abb7000 (map 0xfffff8003abb7000) (map.pmap 0xfffff8003abb70c0) (pmap 0xfffff8003abb7120) threads: 3 100132 RunQ syz-executor.0 100133 Run CPU 0 syz-executor.0 100134 Run CPU 1 syz-executor.0 db> ps pid ppid pgrp uid state wmesg wchan cmd 815 773 773 0 R (threaded) syz-executor.0 100132 RunQ syz-executor.0 100133 Run CPU 0 syz-executor.0 100134 Run CPU 1 syz-executor.0 809 800 809 0 Ss select 0xfffff8003ab7b6c0 dhclient 803 1 803 0 Ss select 0xfffff80003d23940 dhclient 800 788 422 65 S select 0xfffff80003cf5040 dhclient 788 422 422 0 S wait 0xfffff8003a833000 sh 773 771 773 0 Ss nanslp 0xffffffff824feca0 syz-executor.0 771 769 769 0 S (threaded) syz-execprog 100085 S uwait 0xfffff80003e0bb80 syz-execprog 100101 S uwait 0xfffff80003a49180 syz-execprog 100102 S uwait 0xfffff80003a47e80 syz-execprog 100103 S uwait 0xfffff80003a48000 syz-execprog 100104 S kqread 0xfffff8000333b800 syz-execprog 100105 S uwait 0xfffff80003a48100 syz-execprog 100106 S uwait 0xfffff80003a48200 syz-execprog 100107 S uwait 0xfffff80003e0a600 syz-execprog 100110 S uwait 0xfffff80003a47a80 syz-execprog 769 767 769 0 Ss pause 0xfffff8003a833b08 csh 767 680 767 0 Ss select 0xfffff80003ce0d40 sshd 746 1 746 0 Ss+ ttyin 0xfffff800033f7cb0 getty 745 1 745 0 Ss+ ttyin 0xfffff800033f8cb0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003aba0b0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003aba4b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003aba8b0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003abacb0 getty 740 1 740 0 Ss+ ttyin 0xfffff80003abb0b0 getty 739 1 739 0 Ss+ ttyin 0xfffff80003abb4b0 getty 738 1 738 0 Ss+ ttyin 0xfffff80003abb8b0 getty 736 1 22 0 S+ piperd 0xfffff80003d892f8 logger 735 734 22 0 S+ nanslp 0xffffffff824feca1 sleep 734 1 22 0 S+ wait 0xfffff8003a5ce530 sh 684 1 684 0 Ss nanslp 0xffffffff824feca0 cron 680 1 680 0 Ss select 0xfffff80003d239c0 sshd 493 1 493 0 Ss select 0xfffff80003cf58c0 syslogd 422 1 422 0 Ss wait 0xfffff80003f4ca60 devd 421 1 421 65 Ss select 0xfffff80003cf56c0 dhclient 336 1 336 0 Ss select 0xfffff80003d23dc0 dhclient 333 1 333 0 Ss select 0xfffff80003d23bc0 dhclient 21 0 0 0 DL syncer 0xffffffff825d5118 [syncer] 20 0 0 0 DL vlruwt 0xfffff80003b01000 [vnlru] 19 0 0 0 DL (threaded) [bufdaemon] 100065 D qsleep 0xffffffff825d4618 [bufdaemon] 100070 D - 0xffffffff8200a980 [bufspacedaemon-0] 100081 D sdflush 0xfffff80003d018e8 [/ worker] 18 0 0 0 DL psleep 0xffffffff825f0088 [vmdaemon] 17 0 0 0 DL (threaded) [pagedaemon] 100063 D psleep 0xffffffff8261cfd8 [dom0] 100068 D launds 0xffffffff8261cfe4 [laundry: dom0] 100069 D umarcl 0xffffffff8153bd80 [uma] 16 0 0 0 DL - 0xffffffff82359530 [rand_harvestq] 15 0 0 0 DL waiting 0xffffffff826625a0 [sctp_iterator] 9 0 0 0 DL - 0xffffffff825d401c [soaiod4] 8 0 0 0 DL - 0xffffffff825d401c [soaiod3] 7 0 0 0 DL - 0xffffffff825d401c [soaiod2] 6 0 0 0 DL - 0xffffffff825d401c [soaiod1] 5 0 0 0 DL (threaded) [cam] 100031 D - 0xffffffff82234940 [doneq0] 100062 D - 0xffffffff82234808 [scanner] 4 0 0 0 DL crypto_ 0xfffff800031f8e90 [crypto returns 1] 3 0 0 0 DL crypto_ 0xfffff800031f8e30 [crypto returns 0] 2 0 0 0 DL crypto_ 0xffffffff825ea0f8 [crypto] 14 0 0 0 DL seqstat 0xfffff80003362888 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100022 D - 0xffffffff8261b608 [g_event] 100023 D - 0xffffffff8261b618 [g_up] 100024 D - 0xffffffff8261b610 [g_down] 12 0 0 0 WL (threaded) [intr] 100006 I [swi5: fast taskq] 100010 I [swi6: task queue] 100011 I [swi6: Giant taskq] 100017 I [swi3: vm] 100018 I [swi4: clock (0)] 100019 I [swi4: clock (1)] 100020 I [swi1: netisr 0] 100032 I [irq24: virtio_pci0] 100033 I [irq25: virtio_pci0] 100034 I [irq26: virtio_pci0] 100035 I [irq27: virtio_pci0] 100036 I [irq28: virtio_pci1] 100037 I [irq29: virtio_pci1] 100038 I [irq30: virtio_pci1] 100039 I [irq31: virtio_pci1] 100040 I [irq32: virtio_pci1] 100045 I [irq10: virtio_pci2] 100047 I [irq1: atkbd0] 100048 I [irq12: psm0] 100049 I [swi0: uart uart++] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff800032fa530 [init] 10 0 0 0 DL audit_w 0xffffffff82663230 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff82609bf8 [swapper] 100005 D - 0xfffff8000333d000 [thread taskq] 100007 D - 0xfffff8000333cd00 [kqueue_ctx taskq] 100008 D - 0xfffff8000333cc00 [config_0] 100009 D - 0xfffff8000333cb00 [aiod_kick taskq] 100012 D - 0xfffff8000333c800 [if_config_tqg_0] 100013 D - 0xfffff8000333c700 [if_io_tqg_0] 100014 D - 0xfffff8000333c600 [if_io_tqg_1] 100015 D - 0xfffff8000333c500 [softirq_0] 100016 D - 0xfffff8000333c400 [softirq_1] 100021 D - 0xfffff8000333c300 [firmware taskq] 100026 D - 0xfffff8000333c200 [crypto_0] 100027 D - 0xfffff8000333c200 [crypto_1] 100041 D - 0xfffff8000333c000 [vtnet0 rxq 0] 100042 D - 0xfffff8000333be00 [vtnet0 txq 0] 100043 D - 0xfffff8000333bd00 [vtnet0 rxq 1] 100044 D - 0xfffff8000333bc00 [vtnet0 txq 1] 100046 D vtbslp 0xfffff800034d4400 [virtio_balloon] 100050 D - 0xfffff8000333bb00 [mca taskq] 100055 D - 0xffffffff81cd89c0 [deadlkres] 100057 D - 0xfffff80003b31100 [acpi_task_0] 100058 D - 0xfffff80003b31100 [acpi_task_1] 100059 D - 0xfffff80003b31100 [acpi_task_2] 100061 D - 0xfffff8000333c100 [CAM taskq] db> show all locks db> show malloc Type InUse MemUse Requests devbuf 4213 4851K 4238 vtbuf 24 1968K 46 sysctloid 26527 1553K 26591 kobj 331 1324K 487 newblk 370 1117K 424 vfscache 4 1025K 4 inodedep 61 542K 92 pcb 24 537K 106 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 114 232K 880 acpica 1674 185K 49750 vnet_data 1 168K 1 pagedep 17 132K 35 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 102 102K 113 linker 221 89K 243 bus 962 78K 3306 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 493 62K 493 filedesc 5 37K 43 BPF 19 36K 19 gtaskqueue 22 34K 22 hostcache 1 32K 1 shm 1 32K 1 umtx 252 32K 252 kdtrace 160 31K 1710 DEVFS3 121 31K 131 msg 4 30K 4 DEVFS_RULE 56 27K 56 kbdmux 6 22K 6 vmem 3 18K 3 temp 22 17K 1665 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ifaddr 41 16K 43 ithread 89 15K 89 bus-sc 30 14K 1394 KTRACE 100 13K 100 kenv 95 12K 99 eventhandler 123 11K 123 pfs_nodes 20 10K 20 GEOM 60 10K 487 rman 82 10K 423 bmsafemap 2 9K 59 devstat 4 9K 4 UART 12 9K 12 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 audit_evclass 231 8K 289 lltable 20 7K 20 cred 28 7K 240 ifnet 4 7K 4 CAM DEV 3 6K 508 ether_multi 73 6K 78 vt 11 6K 11 kqueue 52 6K 820 sglist 5 6K 5 CAM queue 5 6K 1522 in6_multi 41 5K 41 routetbl 37 5K 41 plimit 19 5K 344 ufs_dirhash 24 5K 24 taskqueue 42 5K 42 memdesc 1 4K 1 MCA 32 4K 32 diradd 32 4K 57 evdev 4 4K 4 UMA 234 4K 234 dirrem 30 4K 41 hhook 13 4K 13 session 23 3K 34 pgrp 23 3K 34 acpisem 22 3K 22 terminal 11 3K 11 select 20 3K 20 uidinfo 4 3K 4 proc-args 44 3K 509 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 lockf 19 2K 29 freefile 13 2K 22 CAM XPT 22 2K 541 Unitno 25 2K 39 ip6ndp 8 2K 9 acpidev 20 2K 20 crypto 2 2K 2 msi 9 2K 9 mkdir 9 2K 48 indirdep 4 1K 4 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 sctp_ifa 8 1K 8 clone 8 1K 8 vnodemarker 2 1K 8 NFSD session 1 1K 1 CAM periph 4 1K 270 in_multi 3 1K 4 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 CAM SIM 2 1K 2 softdep 1 1K 1 pfil 4 1K 4 chacha20random 1 1K 1 epoch 4 1K 4 cdev 2 1K 2 newdirblk 7 1K 24 encap_export_host 8 1K 8 mld 3 1K 3 sctp_ifn 3 1K 3 igmp 3 1K 3 inpcbpolicy 11 1K 203 tun 4 1K 4 osd 3 1K 9 DEVFSP 5 1K 5 freework 2 1K 39 freeblks 1 1K 38 vnodes 1 1K 1 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 loginclass 3 1K 3 CAM path 4 1K 1030 apmdev 1 1K 1 atkbddev 2 1K 2 pmchooks 1 1K 1 prison 4 1K 4 filecaps 5 1K 72 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 soname 4 1K 5765 nexusdev 5 1K 5 entropy 2 1K 38 tcpfunc 1 1K 1 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 iov 1 1K 13384 p1003.1b 1 1K 1 CAM CCB 0 0K 1768 madt_table 0 0K 2 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 ag_tgt_map_t malloc 0 0K 0 ag_slr_map_t malloc 0 0K 0 lDevFlags * malloc 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 CAM ccb queue 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 mps_user 0 0K 0 MPSSAS 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 11 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 2 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freefrag 0 0K 5 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 nfsclient_nlminfo 0 0K 0 nfsclient_lock 0 0K 0 NFS FHA 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 3 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 0 sctp_iter 0 0K 5 sctp_mvrf 0 0K 0 sctp_timw 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_athm 0 0K 0 sctp_atky 0 0K 0 sctp_atcl 0 0K 0 sctp_a_it 0 0K 5 sctp_aadr 0 0K 0 sctp_stro 0 0K 0 sctp_stri 0 0K 0 sctp_map 0 0K 0 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 mpr 0 0K 0 statfs 0 0K 208 export_host 0 0K 0 cl_savebuf 0 0K 2 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 mfibuf 0 0K 0 mbuf_tag 0 0K 48 accf 0 0K 0 pts 0 0K 0 ioctlops 0 0K 92 Witness 0 0K 0 stack 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 364 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 589 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 kcovinfo 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 nvme_da 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 SIIS driver 0 0K 0 db> show ktr No such command; use "help" to list available commands