Warning: Permanently added '10.128.0.192' (ECDSA) to the list of known hosts. 2020/04/26 20:43:02 fuzzer started 2020/04/26 20:43:02 dialing manager at 10.128.0.248:36560 2020/04/26 20:43:03 syscalls: 522 2020/04/26 20:43:03 code coverage: enabled 2020/04/26 20:43:03 comparison tracing: enabled 2020/04/26 20:43:03 extra coverage: support is not implemented in syzkaller 2020/04/26 20:43:03 setuid sandbox: support is not implemented in syzkaller 2020/04/26 20:43:03 namespace sandbox: support is not implemented in syzkaller 2020/04/26 20:43:03 Android sandbox: support is not implemented in syzkaller 2020/04/26 20:43:03 fault injection: support is not implemented in syzkaller 2020/04/26 20:43:03 leak checking: support is not implemented in syzkaller 2020/04/26 20:43:03 net packet injection: enabled 2020/04/26 20:43:03 net device setup: support is not implemented in syzkaller 2020/04/26 20:43:03 concurrency sanitizer: support is not implemented in syzkaller 2020/04/26 20:43:03 devlink PCI setup: support is not implemented in syzkaller 2020/04/26 20:43:03 USB emulation: support is not implemented in syzkaller 20:43:44 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/1, 0x1}, {0x0}], 0x2, 0x0}, 0x0) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xd051, 0x0, 0x0, 0x800e0053d) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=""/2, 0x2}], 0x1, 0x0}, 0x0) r4 = dup(r3) r5 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r5, 0x0, 0x2ec, 0x0, 0x0, 0x800e00549) shutdown(r4, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) write(r6, &(0x7f0000003480)="dc11e430022fdc779f9b4d24bdd8fd586c6875b53dfa7d488f7f576b76d6631752d1dc6d62858c480074266f6c7ce209a81eeda7ced9e2a609d67edbdb33807baa39862cefecd836f1c56da1366b394b2b34d223344b07c7dcbf0ffacf3e9b52a5c868685a4657dbc694485e7c6bf6bfd719a78ab7475459ab4d48f65f700df04272ef99bc5c0d17ab6d9b158510ea84e436b3dea76caf9cffb0b6ff741e7df23989486491fe6ae2a187449f3e2007d939893806c20f2d24cbc9d1c54e9cba6110f23e2d6827889b4e827cf48558ac6d77d46c4c94a0e201249eb462258e9950d571044ee6", 0xff8b) shutdown(r5, 0x0) shutdown(r2, 0x0) 20:43:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/141, 0x8d}, {0x0}], 0x2, 0x0}, 0x0) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x2769, 0x0, 0x0, 0x800e00506) shutdown(r1, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r3, &(0x7f00000001c0)={0xffffffffffffff6f, 0x2, 0x2, @rand_addr=0x7ffffeff}, 0x10) shutdown(r2, 0x0) 20:43:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/70, 0x46}, {0x0}, {0x0}], 0x3) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xd051, 0x0, 0x0, 0x800e005ae) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000200)=""/150, 0x96}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x8, 0x0}, 0x0) shutdown(r2, 0x0) 20:43:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xd, &(0x7f0000000000), 0x4) recvfrom$inet(r0, 0x0, 0xd85bc68d, 0x2, 0x0, 0x800e005fe) shutdown(r0, 0x0) 20:43:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xd, &(0x7f0000000000), 0x4) recvfrom$inet(r0, 0x0, 0xd85bc68d, 0x2, 0x0, 0x800e005fe) shutdown(r0, 0x0) 20:43:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xd, &(0x7f0000000000), 0x4) recvfrom$inet(r0, 0x0, 0xd85bc68d, 0x2, 0x0, 0x800e005fe) shutdown(r0, 0x0) 20:43:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xd, &(0x7f0000000000), 0x4) recvfrom$inet(r0, 0x0, 0xd85bc68d, 0x2, 0x0, 0x800e005fe) shutdown(r0, 0x0) 20:43:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xd, &(0x7f0000000000), 0x4) recvfrom$inet(r0, 0x0, 0xd85bc68d, 0x2, 0x0, 0x800e005fe) shutdown(r0, 0x0) 20:43:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xd, &(0x7f0000000000), 0x4) recvfrom$inet(r0, 0x0, 0xd85bc68d, 0x2, 0x0, 0x800e005fe) shutdown(r0, 0x0) 20:43:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/141, 0x8d}, {0x0}], 0x2, 0x0}, 0x0) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x2769, 0x0, 0x0, 0x800e00506) shutdown(r1, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r3, &(0x7f00000001c0)={0xffffffffffffff6f, 0x2, 0x2, @rand_addr=0x7ffffeff}, 0x10) shutdown(r2, 0x0) 20:43:45 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/1, 0x1}, {0x0}], 0x2, 0x0}, 0x0) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xd051, 0x0, 0x0, 0x800e0053d) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=""/2, 0x2}], 0x1, 0x0}, 0x0) r4 = dup(r3) r5 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r5, 0x0, 0x2ec, 0x0, 0x0, 0x800e00549) shutdown(r4, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) write(r6, &(0x7f0000003480)="dc11e430022fdc779f9b4d24bdd8fd586c6875b53dfa7d488f7f576b76d6631752d1dc6d62858c480074266f6c7ce209a81eeda7ced9e2a609d67edbdb33807baa39862cefecd836f1c56da1366b394b2b34d223344b07c7dcbf0ffacf3e9b52a5c868685a4657dbc694485e7c6bf6bfd719a78ab7475459ab4d48f65f700df04272ef99bc5c0d17ab6d9b158510ea84e436b3dea76caf9cffb0b6ff741e7df23989486491fe6ae2a187449f3e2007d939893806c20f2d24cbc9d1c54e9cba6110f23e2d6827889b4e827cf48558ac6d77d46c4c94a0e201249eb462258e9950d571044ee6", 0xff8b) shutdown(r5, 0x0) shutdown(r2, 0x0) 20:43:45 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x1, 0x0) ioctl$DIOCSETSTATUSIF(r0, 0xc0104414, &(0x7f0000000080)) 20:43:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xd, &(0x7f0000000000), 0x4) recvfrom$inet(r0, 0x0, 0xd85bc68d, 0x2, 0x0, 0x800e005fe) shutdown(r0, 0x0) 20:43:45 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x1, 0x0) ioctl$DIOCSETSTATUSIF(r0, 0xc0104414, &(0x7f0000000080)) 20:43:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)=""/88, 0x58}, {0x0}, {0x0}, {0x0}], 0x4, 0x0}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xccf3, 0x0, 0x0, 0x800e00545) shutdown(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000ac0)=""/156, 0x9c}], 0x1, 0x0}, 0x2) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r4, 0x0, 0xd051, 0x0, 0x0, 0x800e0053d) shutdown(r3, 0x0) r5 = open$dir(&(0x7f0000001240)='./file0\x00', 0x40000400001803c1, 0x0) pwritev(r5, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) shutdown(r4, 0x0) shutdown(r1, 0x0) 20:43:45 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x1, 0x0) ioctl$DIOCSETSTATUSIF(r0, 0xc0104414, &(0x7f0000000080)) 20:43:45 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x1, 0x0) ioctl$DIOCSETSTATUSIF(r0, 0xc0104414, &(0x7f0000000080)) login: Fatal trap 9: general protection fault while in kernel mode cpuid = 1; apic id = 01 instruction pointer = 0x20:0xffffffff812d257b stack pointer = 0x28:0xfffffe0025827450 frame pointer = 0x28:0xfffffe00258275a0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 764 (sshd) trap number = 9 panic: general protection fault cpuid = 1 time = 1587933826 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0025827120 vpanic() at vpanic+0x1c7/frame 0xfffffe0025827180 panic() at panic+0x43/frame 0xfffffe00258271e0 trap_fatal() at trap_fatal+0x4ca/frame 0xfffffe0025827260 trap() at trap+0xda/frame 0xfffffe0025827380 calltrap() at calltrap+0x8/frame 0xfffffe0025827380 --- trap 0x9, rip = 0xffffffff812d257b, rsp = 0xfffffe0025827450, rbp = 0xfffffe00258275a0 --- ip_output() at ip_output+0x43b/frame 0xfffffe00258275a0 tcp_output() at tcp_output+0x327e/frame 0xfffffe0025827760 tcp_usr_send() at tcp_usr_send+0x689/frame 0xfffffe0025827840 sosend_generic() at sosend_generic+0x8fd/frame 0xfffffe0025827940 sosend() at sosend+0xc6/frame 0xfffffe00258279b0 soo_write() at soo_write+0x61/frame 0xfffffe00258279f0 dofilewrite() at dofilewrite+0xb0/frame 0xfffffe0025827a40 sys_write() at sys_write+0x10c/frame 0xfffffe0025827ac0 amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0025827bf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0025827bf0 --- syscall (4, FreeBSD ELF64, sys_write), rip = 0x80090d1ea, rsp = 0x7fffffffa4c8, rbp = 0x7fffffffa500 --- KDB: enter: panic [ thread pid 764 tid 100099 ] Stopped at kdb_enter+0x67: movq $0,0x14a9b06(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0xffffffff810b8ab0 vprintf+0x140 rdx 0x1 rbx 0 rsp 0xfffffe0025827100 rbp 0xfffffe0025827120 rsi 0 rdi 0xffffffff810b8ae6 vprintf+0x176 r8 0 r9 0xffffffff r10 0 r11 0xfffffe0025790310 r12 0xffffffff82068ea0 ddb_dbbe r13 0 r14 0xffffffff81943078 r15 0xffffffff81943078 rip 0xffffffff810add67 kdb_enter+0x67 rflags 0x86 ll+0x65 kdb_enter+0x67: movq $0,0x14a9b06(%rip) db> show proc Process 764 (sshd) at 0xfffff8003b2c9520: state: NORMAL uid: 0 gids: 0 parent: pid 682 at 0xfffff80003d29a40 ABI: FreeBSD ELF64 arguments: sshd: root@notty reaper: 0xfffff8000331a000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00257979e8 (map 0xfffffe00257979e8) (map.pmap 0xfffffe0025797aa8) (pmap 0xfffffe0025797b08) threads: 1 100099 Run CPU 1 sshd db> ps pid ppid pgrp uid state wmesg wchan cmd 837 781 781 0 R (threaded) syz-executor.2 100084 Run CPU 0 syz-executor.2 100167 S sbwait 0xfffffe00239d5e14 syz-executor.2 834 793 793 0 R (threaded) syz-executor.3 100152 RunQ syz-executor.3 100159 D biowr 0xfffffe0003f2d700 syz-executor.3 100161 S uwait 0xfffff80003a34500 syz-executor.3 100164 S uwait 0xfffff80003a35c00 syz-executor.3 100166 S uwait 0xfffff80003a35d00 syz-executor.3 830 770 770 0 R (threaded) syz-executor.0 100127 RunQ syz-executor.0 100153 S pipdwt 0xfffff80003cb9d48 syz-executor.0 100158 S uwait 0xfffff8003b13a700 syz-executor.0 100160 S uwait 0xfffff8003b13a000 syz-executor.0 100165 S uwait 0xfffff80003a35b00 syz-executor.0 815 808 815 0 Ss select 0xfffff80003bc7540 dhclient 812 1 812 0 Ss select 0xfffff80003bc77c0 dhclient 808 789 424 65 S select 0xfffff800030848c0 dhclient 793 768 793 0 Rs syz-executor.3 789 424 424 0 S wait 0xfffff8003b5a3000 sh 781 768 781 0 Ss nanslp 0xffffffff8252c1f0 syz-executor.2 771 768 771 0 Ss piperd 0xfffff80003cc02f8 syz-executor.1 770 768 770 0 Ss nanslp 0xffffffff8252c1f0 syz-executor.0 768 766 766 0 R (threaded) syz-fuzzer 100093 S uwait 0xfffff800030f4e00 syz-fuzzer 100112 S uwait 0xfffff80003a37200 syz-fuzzer 100113 S uwait 0xfffff80003a37300 syz-fuzzer 100114 S uwait 0xfffff80003a37400 syz-fuzzer 100115 S uwait 0xfffff80003d52380 syz-fuzzer 100116 RunQ syz-fuzzer 100117 S uwait 0xfffff80003a37600 syz-fuzzer 100118 S uwait 0xfffff80003a37700 syz-fuzzer 100119 S uwait 0xfffff80003d52480 syz-fuzzer 100120 S uwait 0xfffff8003b13a200 syz-fuzzer 100121 S uwait 0xfffff80003a37800 syz-fuzzer 766 764 766 0 Ss pause 0xfffff80003d4aae8 csh 764 682 764 0 Rs CPU 1 sshd 748 1 748 0 Ss+ ttyin 0xfffff8000356f8b0 getty 747 1 747 0 Ss+ ttyin 0xfffff80003b6fcb0 getty 746 1 746 0 Ss+ ttyin 0xfffff80003b6e4b0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003b6ecb0 getty 744 1 744 0 Ss+ ttyin 0xfffff800033b74b0 getty 743 1 743 0 Ss+ ttyin 0xfffff800033b7cb0 getty 742 1 742 0 Ss+ ttyin 0xfffff800033b64b0 getty 741 1 741 0 Ss+ ttyin 0xfffff800033b6cb0 getty 740 1 740 0 Ss+ ttyin 0xfffff800033b94b0 getty 738 1 24 0 S+ piperd 0xfffff80003cb92f8 logger 737 736 24 0 S+ nanslp 0xffffffff8252c1f1 sleep 736 1 24 0 S+ wait 0xfffff80003caea40 sh 686 1 686 0 Ss nanslp 0xffffffff8252c1f1 cron 682 1 682 0 Ss select 0xfffff80003084740 sshd 495 1 495 0 Ss select 0xfffff800030845c0 syslogd 424 1 424 0 Ss wait 0xfffff8003b2c8520 devd 423 1 423 65 Ss select 0xfffff80003bc60c0 dhclient 338 1 338 0 Ss select 0xfffff80003bc7f40 dhclient 335 1 335 0 Ss select 0xfffff80003084640 dhclient 23 0 0 0 DL vlruwt 0xfffff800033e0520 [vnlru] 22 0 0 0 DL syncer 0xffffffff82618118 [syncer] 21 0 0 0 DL (threaded) [bufdaemon] 100069 D qsleep 0xffffffff82617438 [bufdaemon] 100074 D - 0xffffffff8200aa00 [bufspacedaemon-0] 100087 D sdflush 0xfffff80003c3dce8 [/ worker] 20 0 0 0 DL psleep 0xffffffff8263e308 [vmdaemon] 19 0 0 0 DL (threaded) [pagedaemon] 100067 D psleep 0xffffffff826328d8 [dom0] 100075 D launds 0xffffffff826328e4 [laundry: dom0] 100076 D umarcl 0xffffffff81544e70 [uma] 18 0 0 0 DL - 0xffffffff8235fe20 [rand_harvestq] 17 0 0 0 DL pftm 0xffffffff82c363a0 [pf purge] 16 0 0 0 DL waiting 0xffffffff8261a890 [sctp_iterator] 15 0 0 0 DL - 0xffffffff82616a2c [soaiod4] 9 0 0 0 DL - 0xffffffff82616a2c [soaiod3] 8 0 0 0 DL - 0xffffffff82616a2c [soaiod2] 7 0 0 0 DL - 0xffffffff82616a2c [soaiod1] 6 0 0 0 DL (threaded) [cam] 100033 D - 0xffffffff82237b40 [doneq0] 100066 D - 0xffffffff82237a10 [scanner] 5 0 0 0 DL crypto_ 0xfffff8000320cd90 [crypto returns 1] 4 0 0 0 DL crypto_ 0xfffff8000320cd30 [crypto returns 0] 3 0 0 0 DL crypto_ 0xffffffff826300c0 [crypto] 14 0 0 0 DL seqstat 0xfffff80003363488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100024 D - 0xffffffff8250b180 [g_event] 100025 D - 0xffffffff8250b188 [g_up] 100026 D - 0xffffffff8250b190 [g_down] 2 0 0 0 DL (threaded) [KTLS] 100017 D - 0xfffff80003084a00 [thr_0] 100018 D - 0xfffff80003084a40 [thr_1] 12 0 0 0 WL (threaded) [intr] 100010 I [swi6: Giant taskq] 100013 I [swi5: fast taskq] 100016 I [swi6: task queue] 100019 I [swi3: vm] 100020 I [swi4: clock (0)] 100021 I [swi4: clock (1)] 100022 I [swi1: netisr 0] 100034 I [irq24: virtio_pci0] 100035 I [irq25: virtio_pci0] 100036 I [irq26: virtio_pci0] 100037 I [irq27: virtio_pci0] 100038 I [irq28: virtio_pci1] 100039 I [irq29: virtio_pci1] 100040 I [irq30: virtio_pci1] 100041 I [irq31: virtio_pci1] 100042 I [irq32: virtio_pci1] 100047 I [irq10: virtio_pci2] 100049 I [irq1: atkbd0] 100050 I [irq12: psm0] 100051 I [swi0: uart uart++] 100060 I [swi1: pf send] 100072 I [swi1: hpts] 100073 I [swi1: hpts] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff8000331a000 [init] 10 0 0 0 DL audit_w 0xffffffff82630598 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff8250b710 [swapper] 100005 D - 0xfffff80003338000 [if_config_tqg_0] 100006 D - 0xfffff80003339e00 [softirq_0] 100007 D - 0xfffff80003339d00 [softirq_1] 100008 D - 0xfffff80003339c00 [if_io_tqg_0] 100009 D - 0xfffff80003339b00 [if_io_tqg_1] 100011 D - 0xfffff8000333e000 [in6m_free taskq] 100012 D - 0xfffff8000333fe00 [thread taskq] 100014 D - 0xfffff8000333fc00 [kqueue_ctx taskq] 100015 D - 0xfffff8000333fb00 [aiod_kick taskq] 100023 D - 0xfffff8000333f900 [firmware taskq] 100028 D - 0xfffff8000333f800 [crypto_0] 100029 D - 0xfffff8000333f800 [crypto_1] 100043 D - 0xfffff8000333f500 [vtnet0 rxq 0] 100044 D - 0xfffff8000333f400 [vtnet0 txq 0] 100045 D - 0xfffff8000333f300 [vtnet0 rxq 1] 100046 D - 0xfffff8000333f200 [vtnet0 txq 1] 100048 D vtbslp 0xfffff800034fc580 [virtio_balloon] 100052 D - 0xfffff8000333f100 [mca taskq] 100056 D - 0xffffffff81ce6671 [deadlkres] 100062 D - 0xfffff80003b5e300 [acpi_task_0] 100063 D - 0xfffff80003b5e300 [acpi_task_1] 100064 D - 0xfffff80003b5e300 [acpi_task_2] 100065 D - 0xfffff8000333f700 [CAM taskq] db> show all locks Process 834 (syz-executor.3) thread 0xfffffe00257acc00 (100159) exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003f2d780) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:1663 exclusive lockmgr ufs (ufs) r = 0 (0xfffff8003bbd8620) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:877 Process 764 (sshd) thread 0xfffffe002578fe00 (100099) exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8003b5295d8) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:965 exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe00239d9098) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:419 db> show malloc Type InUse MemUse Requests pf_hash 5 11524K 5 devbuf 4213 4851K 4238 tcp_hpts 5 3201K 5 vtbuf 24 1968K 46 sysctloid 28335 1653K 28399 kobj 332 1328K 488 newblk 553 1162K 623 vfscache 4 1025K 4 pcb 23 537K 102 inodedep 41 532K 109 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 130 265K 911 acpica 1674 185K 52709 vnet_data 1 168K 1 pagedep 20 133K 47 filedesc 19 133K 97 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 105 105K 122 linker 244 92K 277 bus 988 79K 3376 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 497 63K 497 umtx 306 39K 306 kdtrace 187 37K 1782 BPF 22 36K 22 temp 35 33K 1832 hostcache 1 32K 1 shm 1 32K 1 DEVFS3 124 31K 134 msg 4 30K 4 DEVFS_RULE 56 27K 56 gtaskqueue 18 26K 18 ifaddr 71 24K 73 vmem 3 22K 4 kbdmux 6 22K 6 lltable 47 18K 47 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ithread 98 16K 98 ether_multi 172 14K 177 bus-sc 30 14K 1431 KTRACE 100 13K 100 ifnet 7 13K 7 kenv 95 12K 99 eventhandler 132 12K 132 in6_multi 89 11K 89 pfs_nodes 20 10K 20 GEOM 60 10K 487 rman 82 10K 423 bmsafemap 2 9K 77 UART 12 9K 12 devstat 4 9K 4 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 audit_evclass 233 8K 291 routetbl 58 7K 62 CAM DEV 3 6K 510 kqueue 59 6K 842 vt 11 6K 11 plimit 22 6K 348 cred 22 6K 201 sglist 5 6K 5 CAM queue 5 6K 1528 dirrem 19 5K 43 taskqueue 45 5K 45 ufs_dirhash 24 5K 24 DEVFSP 72 5K 76 pf_ifnet 10 5K 19 memdesc 1 4K 1 MCA 32 4K 32 UMA 249 4K 249 diradd 32 4K 77 evdev 4 4K 4 kcovinfo 64 4K 68 session 26 4K 35 pgrp 26 4K 35 hhook 13 4K 13 mkdir 23 3K 70 indirdep 11 3K 21 acpisem 22 3K 22 terminal 11 3K 11 proc-args 47 3K 538 ip6ndp 14 3K 21 select 18 3K 18 uidinfo 3 3K 7 freefile 17 3K 37 sctp_ifa 17 3K 17 local_apic 1 2K 1 io_apic 1 2K 1 CAM CCB 1 2K 1921 newdirblk 16 2K 35 ipsec-saq 2 2K 2 lockf 19 2K 29 CAM XPT 22 2K 543 in_multi 6 2K 7 Unitno 25 2K 45 acpidev 20 2K 20 msi 9 2K 9 tun 7 2K 7 softdep 1 1K 1 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 clone 8 1K 8 vnodemarker 2 1K 8 NFSD session 1 1K 1 CAM periph 4 1K 271 freework 4 1K 42 freeblks 3 1K 41 mld 6 1K 6 sctp_timw 3 1K 3 sctp_ifn 6 1K 6 igmp 6 1K 6 nhops 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 crypto 3 1K 3 inpcbpolicy 17 1K 198 pfil 4 1K 4 chacha20random 1 1K 1 CAM SIM 2 1K 2 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 osd 3 1K 9 vnodes 1 1K 1 iov 3 1K 13547 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 tcpfunc 3 1K 3 loginclass 3 1K 6 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 apmdev 1 1K 1 atkbddev 2 1K 2 CAM path 4 1K 1034 ktls 1 1K 1 pmchooks 1 1K 1 prison 4 1K 4 filecaps 5 1K 72 soname 4 1K 5780 nexusdev 5 1K 5 entropy 2 1K 37 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 pf_table 0 0K 0 pf_rule 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_temp 0 0K 0 ath_hal 0 0K 0 madt_table 0 0K 2 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 nvme_da 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 fpukern_ctx 0 0K 0 mixer 0 0K 0 xen_intr 0 0K 0 ac97 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 hdaa 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 SIIS driver 0 0K 0 vm_fictitious 0 0K 0 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 UMAHash 0 0K 0 ag_tgt_map_t malloc 0 0K 0 ag_slr_map_t malloc 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 15 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 3 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freefrag 0 0K 5 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 3 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 lDevFlags * malloc 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 8 sctp_iter 0 0K 11 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_athm 0 0K 14 sctp_atky 0 0K 17 sctp_atcl 0 0K 14 sctp_a_it 0 0K 11 sctp_aadr 0 0K 1 sctp_stro 0 0K 3 sctp_stri 0 0K 0 sctp_map 0 0K 6 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 statfs 0 0K 204 export_host 0 0K 0 cl_savebuf 0 0K 2 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 CAM ccb queue 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 mps_user 0 0K 0 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 MPSSAS 0 0K 0 mbuf_tag 0 0K 111 accf 0 0K 0 pts 0 0K 0 ioctlops 0 0K 96 Witness 0 0K 0 stack 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 mpr 0 0K 0 mfibuf 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 586 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 sendfile 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 pwd 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 NFS FHA 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 db> show ktr No such command; use "help" to list available commands