Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. 2020/01/19 19:12:56 parsed 1 programs 2020/01/19 19:12:56 executed programs: 0 2020/01/19 19:13:01 executed programs: 1750 2020/01/19 19:13:06 executed programs: 3656 2020/01/19 19:13:11 executed programs: 5493 2020/01/19 19:13:16 executed programs: 7409 login: panic: sx lock still held cpuid = 0 time = 1579461198 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe002454b870 vpanic() at vpanic+0x1ce/frame 0xfffffe002454b8e0 panic() at panic+0x43/frame 0xfffffe002454b940 sx_destroy() at sx_destroy+0x63/frame 0xfffffe002454b960 solisten_proto() at solisten_proto+0xde/frame 0xfffffe002454b9c0 tcp6_usr_listen() at tcp6_usr_listen+0x1dc/frame 0xfffffe002454ba30 solisten() at solisten+0x7a/frame 0xfffffe002454ba70 kern_listen() at kern_listen+0x125/frame 0xfffffe002454bab0 ia32_syscall() at ia32_syscall+0x48c/frame 0xfffffe002454bbf0 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x8142e7d KDB: enter: panic [ thread pid 8971 tid 100916 ] Stopped at kdb_enter+0x67: movq $0,0x1466f66(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0x80 ll+0x5f rdx 0xffffffff818ee5b2 rbx 0 rsp 0xfffffe002454b850 rbp 0xfffffe002454b870 rsi 0x1 rdi 0 r8 0 r9 0xffffffff r10 0 r11 0xfffff8003abfebd0 r12 0xffffffff82068d90 ddb_dbbe r13 0 r14 0xffffffff819360e0 r15 0xffffffff819360e0 rip 0xffffffff810af137 kdb_enter+0x67 rflags 0x200082 kernphys+0x82 kdb_enter+0x67: movq $0,0x1466f66(%rip) db> show proc Process 8971 (syz-executor.2) at 0xfffff8003abdfa60: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 779 at 0xfffff8003a654a60 ABI: FreeBSD ELF32 arguments: /root/syz-executor.2 reaper: 0xfffff800032fa530 reapsubtree: 1 sigparent: 20 vmspace: 0xfffff8003aa18000 (map 0xfffff8003aa18000) (map.pmap 0xfffff8003aa180c0) (pmap 0xfffff8003aa18120) threads: 3 100740 RunQ syz-executor.2 100916 Run CPU 0 syz-executor.2 100917 RunQ syz-executor.2 db> ps pid ppid pgrp uid state wmesg wchan cmd 8972 778 778 0 R syz-executor.3 8971 779 779 0 R (threaded) syz-executor.2 100740 RunQ syz-executor.2 100916 Run CPU 0 syz-executor.2 100917 RunQ syz-executor.2 5978 5966 5978 0 Ss select 0xfffff80003822bc0 dhclient 5972 1 5972 0 Ss select 0xfffff80003cf3dc0 dhclient 5966 5950 422 65 S select 0xfffff80003cf3e40 dhclient 5950 422 422 0 S wait 0xfffff8003a593000 sh 779 772 779 0 Ss nanslp 0xffffffff824feca1 syz-executor.2 778 772 778 0 Rs syz-executor.3 775 772 775 0 Rs syz-executor.0 774 772 774 0 Rs syz-executor.1 772 770 770 0 R (threaded) syz-execprog 100082 S uwait 0xfffff80003dfc800 syz-execprog 100109 Run CPU 1 syz-execprog 100110 S uwait 0xfffff80003dad680 syz-execprog 100111 S uwait 0xfffff80003dad780 syz-execprog 100112 S uwait 0xfffff80003a59100 syz-execprog 100113 S uwait 0xfffff80003dad880 syz-execprog 100114 S uwait 0xfffff80003dad900 syz-execprog 100115 S uwait 0xfffff80003dad080 syz-execprog 100116 S kqread 0xfffff8000333b900 syz-execprog 100117 S uwait 0xfffff80003dad280 syz-execprog 100118 S uwait 0xfffff80003a59200 syz-execprog 770 768 770 0 Ss pause 0xfffff80003de25d8 csh 768 680 768 0 Ss select 0xfffff800038221c0 sshd 746 1 746 0 Ss+ ttyin 0xfffff800033f8cb0 getty 745 1 745 0 Ss+ ttyin 0xfffff800033f7cb0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003ac20b0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003ac24b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003ac28b0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003ac2cb0 getty 740 1 740 0 Ss+ ttyin 0xfffff80003ac10b0 getty 739 1 739 0 Ss+ ttyin 0xfffff80003ac14b0 getty 738 1 738 0 Ss+ ttyin 0xfffff80003ac18b0 getty 684 1 684 0 Ss nanslp 0xffffffff824feca0 cron 680 1 680 0 Ss select 0xfffff80003822ac0 sshd 493 1 493 0 Ss select 0xfffff80003822cc0 syslogd 422 1 422 0 Ss wait 0xfffff80003543530 devd 421 1 421 65 Ss select 0xfffff8003a257e40 dhclient 336 1 336 0 Ss select 0xfffff80003822c40 dhclient 333 1 333 0 Ss select 0xfffff8003a257ec0 dhclient 21 0 0 0 DL syncer 0xffffffff825d5118 [syncer] 20 0 0 0 DL vlruwt 0xfffff80003b06000 [vnlru] 19 0 0 0 DL (threaded) [bufdaemon] 100065 D qsleep 0xffffffff825d4618 [bufdaemon] 100070 D - 0xffffffff8200a980 [bufspacedaemon-0] 100081 D sdflush 0xfffff80003d03ce8 [/ worker] 18 0 0 0 DL psleep 0xffffffff825f0088 [vmdaemon] 17 0 0 0 DL (threaded) [pagedaemon] 100063 D psleep 0xffffffff8261cfd8 [dom0] 100068 D launds 0xffffffff8261cfe4 [laundry: dom0] 100069 D umarcl 0xffffffff8153ce00 [uma] 16 0 0 0 DL - 0xffffffff82359530 [rand_harvestq] 15 0 0 0 DL waiting 0xffffffff826625a0 [sctp_iterator] 9 0 0 0 DL - 0xffffffff825d401c [soaiod4] 8 0 0 0 DL - 0xffffffff825d401c [soaiod3] 7 0 0 0 DL - 0xffffffff825d401c [soaiod2] 6 0 0 0 DL - 0xffffffff825d401c [soaiod1] 5 0 0 0 DL (threaded) [cam] 100031 D - 0xffffffff82234940 [doneq0] 100062 D - 0xffffffff82234808 [scanner] 4 0 0 0 DL crypto_ 0xfffff800031f8e90 [crypto returns 1] 3 0 0 0 DL crypto_ 0xfffff800031f8e30 [crypto returns 0] 2 0 0 0 DL crypto_ 0xffffffff825ea0f8 [crypto] 14 0 0 0 DL seqstat 0xfffff80003362888 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100022 D - 0xffffffff8261b608 [g_event] 100023 D - 0xffffffff8261b618 [g_up] 100024 D - 0xffffffff8261b610 [g_down] 12 0 0 0 WL (threaded) [intr] 100006 I [swi5: fast taskq] 100010 I [swi6: task queue] 100011 I [swi6: Giant taskq] 100017 I [swi3: vm] 100018 I [swi4: clock (0)] 100019 I [swi4: clock (1)] 100020 I [swi1: netisr 0] 100032 I [irq24: virtio_pci0] 100033 I [irq25: virtio_pci0] 100034 I [irq26: virtio_pci0] 100035 I [irq27: virtio_pci0] 100036 I [irq28: virtio_pci1] 100037 I [irq29: virtio_pci1] 100038 I [irq30: virtio_pci1] 100039 I [irq31: virtio_pci1] 100040 I [irq32: virtio_pci1] 100045 I [irq10: virtio_pci2] 100047 I [irq1: atkbd0] 100048 I [irq12: psm0] 100049 I [swi0: uart uart++] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff800032fa530 [init] 10 0 0 0 DL audit_w 0xffffffff82663230 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff82609bf8 [swapper] 100005 D - 0xfffff8000333d000 [thread taskq] 100007 D - 0xfffff8000333cd00 [kqueue_ctx taskq] 100008 D - 0xfffff8000333cc00 [config_0] 100009 D - 0xfffff8000333cb00 [aiod_kick taskq] 100012 D - 0xfffff8000333c800 [if_config_tqg_0] 100013 D - 0xfffff8000333c700 [if_io_tqg_0] 100014 D - 0xfffff8000333c600 [if_io_tqg_1] 100015 D - 0xfffff8000333c500 [softirq_0] 100016 D - 0xfffff8000333c400 [softirq_1] 100021 D - 0xfffff8000333c300 [firmware taskq] 100026 D - 0xfffff8000333c200 [crypto_0] 100027 D - 0xfffff8000333c200 [crypto_1] 100041 D - 0xfffff8000333c000 [vtnet0 rxq 0] 100042 D - 0xfffff8000333be00 [vtnet0 txq 0] 100043 D - 0xfffff8000333bd00 [vtnet0 rxq 1] 100044 D - 0xfffff8000333bc00 [vtnet0 txq 1] 100046 D vtbslp 0xfffff800034d3400 [virtio_balloon] 100050 D - 0xfffff8000333bb00 [mca taskq] 100055 D - 0xffffffff81cd9b11 [deadlkres] 100057 D - 0xfffff80003b3a100 [acpi_task_0] 100058 D - 0xfffff80003b3a100 [acpi_task_1] 100059 D - 0xfffff80003b3a100 [acpi_task_2] 100061 D - 0xfffff8000333c100 [CAM taskq] db> show all locks Process 8971 (syz-executor.2) thread 0xfffff8003abfe6e0 (100916) exclusive sleep mutex socket (socket) r = 0 (0xfffff80003edea98) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_usrreq.c:489 exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8003a4d69a8) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_usrreq.c:481 db> show malloc Type InUse MemUse Requests devbuf 4213 4851K 4241 inodedep 8038 4531K 8158 vtbuf 24 1968K 46 sysctloid 26527 1553K 26591 kobj 331 1324K 487 newblk 35 1033K 8495 vfscache 4 1025K 4 dirrem 8013 1002K 8091 freefile 8013 1002K 8089 pcb 30 537K 16179 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 124 241K 9046 acpica 1674 185K 49750 vnet_data 1 168K 1 pagedep 15 132K 8096 tfo_ccache 1 128K 1 filedesc 18 121K 16194 sem 4 106K 4 DEVFS1 105 105K 122 linker 221 89K 252 bus 986 79K 3330 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 493 62K 493 umtx 300 38K 300 BPF 22 36K 22 gtaskqueue 22 34K 22 hostcache 1 32K 1 shm 1 32K 1 kdtrace 164 32K 27017 DEVFS3 124 31K 134 msg 4 30K 4 DEVFS_RULE 56 27K 56 ifaddr 71 24K 73 kbdmux 6 22K 6 vmem 3 19K 4 lltable 47 18K 47 temp 34 17K 1942 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ithread 89 15K 89 ether_multi 172 14K 177 bus-sc 30 14K 1394 KTRACE 100 13K 100 ifnet 7 13K 7 kenv 95 12K 99 eventhandler 123 11K 123 in6_multi 89 11K 89 pfs_nodes 20 10K 20 GEOM 60 10K 486 rman 82 10K 423 bmsafemap 3 9K 8127 devstat 4 9K 4 UART 12 9K 12 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 audit_evclass 231 8K 289 routetbl 58 7K 62 cred 27 7K 243 CAM DEV 3 6K 508 vt 11 6K 11 kqueue 53 6K 8979 plimit 21 6K 366 sglist 5 6K 5 CAM queue 5 6K 1522 ufs_dirhash 24 5K 24 taskqueue 42 5K 42 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 UMA 234 4K 234 diradd 26 4K 8125 hhook 13 4K 13 session 25 4K 40 pgrp 25 4K 40 acpisem 22 3K 22 mkdir 22 3K 16166 terminal 11 3K 11 proc-args 44 3K 582 select 19 3K 19 uidinfo 4 3K 4 sctp_ifa 17 3K 17 local_apic 1 2K 1 io_apic 1 2K 1 indirdep 8 2K 10 ipsec-saq 2 2K 2 lockf 19 2K 29 ip6ndp 12 2K 21 Unitno 30 2K 16017 CAM XPT 22 2K 541 in_multi 6 2K 7 acpidev 20 2K 20 crypto 2 2K 2 msi 9 2K 9 tun 7 2K 7 freework 5 2K 8089 freeblks 4 1K 8088 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 clone 8 1K 8 vnodemarker 2 1K 17 NFSD session 1 1K 1 CAM periph 4 1K 270 newdirblk 12 1K 8083 mld 6 1K 6 sctp_ifn 6 1K 6 igmp 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 inpcbpolicy 22 1K 31731 CAM SIM 2 1K 2 softdep 1 1K 1 pfil 4 1K 4 chacha20random 1 1K 1 epoch 4 1K 4 cdev 2 1K 2 DEVFSP 8 1K 8 encap_export_host 8 1K 8 osd 3 1K 9 vnodes 1 1K 1 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 loginclass 3 1K 3 CAM path 4 1K 1030 apmdev 1 1K 1 atkbddev 2 1K 2 pmchooks 1 1K 1 prison 4 1K 4 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 soname 4 1K 5769 nexusdev 5 1K 5 entropy 2 1K 42 tcpfunc 1 1K 1 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 filecaps 2 1K 90 p1003.1b 1 1K 1 CAM CCB 0 0K 1923 madt_table 0 0K 2 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 ag_tgt_map_t malloc 0 0K 0 ag_slr_map_t malloc 0 0K 0 lDevFlags * malloc 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 CAM ccb queue 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 mps_user 0 0K 0 MPSSAS 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 12 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 5 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freefrag 0 0K 5 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 nfsclient_nlminfo 0 0K 0 nfsclient_lock 0 0K 0 NFS FHA 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 6 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 0 sctp_iter 0 0K 7 sctp_mvrf 0 0K 0 sctp_timw 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_athm 0 0K 0 sctp_atky 0 0K 0 sctp_atcl 0 0K 0 sctp_a_it 0 0K 7 sctp_aadr 0 0K 0 sctp_stro 0 0K 0 sctp_stri 0 0K 0 sctp_map 0 0K 0 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 mpr 0 0K 0 statfs 0 0K 8267 export_host 0 0K 0 cl_savebuf 0 0K 2 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 mfibuf 0 0K 0 mbuf_tag 0 0K 111 accf 0 0K 0 pts 0 0K 0 iov 0 0K 14107 ioctlops 0 0K 105 Witness 0 0K 0 stack 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 591 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 kcovinfo 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 nvme_da 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 SIIS driver 0 0K 0 db> show ktr No such command; use "help" to list available commands