panic: mutex process lock not owned at /syzkaller/managers/main/kernel/sys/kern/kern_time.c:261 cpuid = 1 time = 1580860762 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00244f68c0 vpanic() at vpanic+0x1ce/frame 0xfffffe00244f6930 panic() at panic+0x43/frame 0xfffffe00244f6990 __mtx_assert() at __mtx_assert+0x196/frame 0xfffffe00244f69d0 kern_thread_cputime() at kern_thread_cputime+0xaa/frame 0xfffffe00244f6a20 kern_clock_gettime() at kern_clock_gettime+0x277/frame 0xfffffe00244f6a80 sys_clock_gettime() at sys_clock_gettime+0x25/frame 0xfffffe00244f6ab0 amd64_syscall() at amd64_syscall+0x499/frame 0xfffffe00244f6bf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe00244f6bf0 --- syscall (198, FreeBSD ELF64, nosys), rip = 0x4132ea, rsp = 0x7fffdfffdf38, rbp = 0x2 --- KDB: enter: panic [ thread pid 813 tid 100119 ] Stopped at kdb_enter+0x67: movq $0,0x14669d6(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0xfffffe0029200000 rdx 0x3ffff rbx 0 rsp 0xfffffe00244f68a0 rbp 0xfffffe00244f68c0 rsi 0x40001 rdi 0xffffffff810ba616 vprintf+0x176 r8 0 r9 0xffffffff r10 0 r11 0xfffff8003af7dbd0 r12 0xffffffff82068d90 ddb_dbbe r13 0 r14 0xffffffff81938dcf r15 0xffffffff81938dcf rip 0xffffffff810af6c7 kdb_enter+0x67 rflags 0x86 ll+0x65 kdb_enter+0x67: movq $0,0x14669d6(%rip) db> show proc Process 813 (syz-executor.3) at 0xfffff8003ad26530: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 773 at 0xfffff80003df6530 ABI: FreeBSD ELF64 arguments: /root/syz-executor.3 reaper: 0xfffff80003300a60 reapsubtree: 1 sigparent: 20 vmspace: 0xfffff8003aed8000 (map 0xfffff8003aed8000) (map.pmap 0xfffff8003aed80c0) (pmap 0xfffff8003aed8120) threads: 2 100112 RunQ syz-executor.3 100119 Run CPU 1 syz-executor.3 db> ps pid ppid pgrp uid state wmesg wchan cmd 813 773 773 0 R (threaded) syz-executor.3 100112 RunQ syz-executor.3 100119 Run CPU 1 syz-executor.3 812 772 772 0 R (threaded) syz-executor.2 100072 RunQ syz-executor.2 100118 S uwait 0xfffff80003a45980 syz-executor.2 810 422 422 0 R CPU 0 env 808 769 769 0 R (threaded) syz-executor.0 100089 RunQ syz-executor.0 100115 S uwait 0xfffff80003d88e80 syz-executor.0 805 770 770 0 R sh 773 766 773 0 Ss nanslp 0xffffffff824feca1 syz-executor.3 772 766 772 0 Ss nanslp 0xffffffff824feca1 syz-executor.2 770 766 770 0 Ss wait 0xfffff80003f44a60 syz-executor.1 769 766 769 0 Rs syz-executor.0 766 764 764 0 S (threaded) syz-fuzzer 100079 S uwait 0xfffff800031bd680 syz-fuzzer 100101 S uwait 0xfffff80003d99680 syz-fuzzer 100102 S uwait 0xfffff80003d99780 syz-fuzzer 100103 S uwait 0xfffff80003d88980 syz-fuzzer 100104 S uwait 0xfffff80003d88a80 syz-fuzzer 100105 S kqread 0xfffff80003cf8d00 syz-fuzzer 100106 S uwait 0xfffff80003d88c80 syz-fuzzer 100107 S uwait 0xfffff80003a45f00 syz-fuzzer 100108 S uwait 0xfffff80003a48080 syz-fuzzer 100109 S uwait 0xfffff80003a48180 syz-fuzzer 100111 S uwait 0xfffff80003d88d80 syz-fuzzer 764 762 764 0 Ss pause 0xfffff80003df10a8 csh 762 680 762 0 Ss select 0xfffff80003d99040 sshd 746 1 746 0 Ss+ ttyin 0xfffff800034384b0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003b388b0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003b38cb0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003b370b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003b374b0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003b378b0 getty 740 1 740 0 Ss+ ttyin 0xfffff80003b37cb0 getty 739 1 739 0 Ss+ ttyin 0xfffff80003b3a0b0 getty 738 1 738 0 Ss+ ttyin 0xfffff80003b3a4b0 getty 684 1 684 0 Ss nanslp 0xffffffff824feca1 cron 680 1 680 0 Ss select 0xfffff80003d8c940 sshd 493 1 493 0 Ss select 0xfffff80003d99140 syslogd 422 1 422 0 Ss wait 0xfffff80003f49a60 devd 421 1 421 65 Ss select 0xfffff80003d991c0 dhclient 336 1 336 0 Ss select 0xfffff80003d99c40 dhclient 333 1 333 0 Ss select 0xfffff80003d99840 dhclient 21 0 0 0 DL vlruwt 0xfffff80003b15a60 [vnlru] 20 0 0 0 DL syncer 0xffffffff825d5158 [syncer] 19 0 0 0 DL (threaded) [bufdaemon] 100065 D qsleep 0xffffffff825d4658 [bufdaemon] 100066 D - 0xffffffff8200a980 [bufspacedaemon-0] 100081 D sdflush 0xfffff80003d044e8 [/ worker] 18 0 0 0 DL psleep 0xffffffff825f00c8 [vmdaemon] 17 0 0 0 DL (threaded) [pagedaemon] 100063 D psleep 0xffffffff8261cfd8 [dom0] 100069 D launds 0xffffffff8261cfe4 [laundry: dom0] 100070 D umarcl 0xffffffff8153f880 [uma] 16 0 0 0 DL - 0xffffffff82359530 [rand_harvestq] 15 0 0 0 DL waiting 0xffffffff826625a0 [sctp_iterator] 9 0 0 0 DL - 0xffffffff825d405c [soaiod4] 8 0 0 0 DL - 0xffffffff825d405c [soaiod3] 7 0 0 0 DL - 0xffffffff825d405c [soaiod2] 6 0 0 0 DL - 0xffffffff825d405c [soaiod1] 5 0 0 0 DL (threaded) [cam] 100031 D - 0xffffffff82234940 [doneq0] 100062 D - 0xffffffff82234808 [scanner] 4 0 0 0 DL crypto_ 0xfffff80003338190 [crypto returns 1] 3 0 0 0 DL crypto_ 0xfffff80003338130 [crypto returns 0] 2 0 0 0 DL crypto_ 0xffffffff825ea138 [crypto] 14 0 0 0 DL seqstat 0xfffff8000337a088 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100022 D - 0xffffffff8261b608 [g_event] 100023 D - 0xffffffff8261b618 [g_up] 100024 D - 0xffffffff8261b610 [g_down] 12 0 0 0 WL (threaded) [intr] 100006 I [swi5: fast taskq] 100010 I [swi6: task queue] 100011 I [swi6: Giant taskq] 100017 I [swi3: vm] 100018 I [swi4: clock (0)] 100019 I [swi4: clock (1)] 100020 I [swi1: netisr 0] 100032 I [irq24: virtio_pci0] 100033 I [irq25: virtio_pci0] 100034 I [irq26: virtio_pci0] 100035 I [irq27: virtio_pci0] 100036 I [irq28: virtio_pci1] 100037 I [irq29: virtio_pci1] 100038 I [irq30: virtio_pci1] 100039 I [irq31: virtio_pci1] 100040 I [irq32: virtio_pci1] 100045 I [irq10: virtio_pci2] 100047 I [irq1: atkbd0] 100048 I [irq12: psm0] 100049 I [swi0: uart uart++] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff80003300a60 [init] 10 0 0 0 DL audit_w 0xffffffff82663230 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff82609c48 [swapper] 100005 D - 0xfffff80003200b00 [thread taskq] 100007 D - 0xfffff80003200700 [kqueue_ctx taskq] 100008 D - 0xfffff800031fc000 [config_0] 100009 D - 0xfffff80003200400 [aiod_kick taskq] 100012 D - 0xfffff800031fbe00 [if_config_tqg_0] 100013 D - 0xfffff800031fbd00 [if_io_tqg_0] 100014 D - 0xfffff800031fbc00 [if_io_tqg_1] 100015 D - 0xfffff800031fbb00 [softirq_0] 100016 D - 0xfffff800031fba00 [softirq_1] 100021 D - 0xfffff800031ff400 [firmware taskq] 100026 D - 0xfffff800031fed00 [crypto_0] 100027 D - 0xfffff800031fed00 [crypto_1] 100041 D - 0xfffff800031fe000 [vtnet0 rxq 0] 100042 D - 0xfffff800031fde00 [vtnet0 txq 0] 100043 D - 0xfffff800031fdd00 [vtnet0 rxq 1] 100044 D - 0xfffff800031fdc00 [vtnet0 txq 1] 100046 D vtbslp 0xfffff80003579880 [virtio_balloon] 100050 D - 0xfffff8000380ce00 [mca taskq] 100054 D - 0xffffffff81cdce20 [deadlkres] 100057 D - 0xfffff80003a50700 [acpi_task_0] 100058 D - 0xfffff80003a50700 [acpi_task_1] 100059 D - 0xfffff80003a50700 [acpi_task_2] 100061 D - 0xfffff800031fe600 [CAM taskq] db> show all locks db> show malloc Type InUse MemUse Requests devbuf 4213 4851K 4241 vtbuf 24 1968K 46 sysctloid 26737 1565K 26801 kobj 332 1328K 488 newblk 28 1031K 594 vfscache 4 1025K 4 pcb 22 537K 77 inodedep 28 526K 91 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 111 231K 875 acpica 1674 185K 49750 vnet_data 1 168K 1 filedesc 21 149K 65 pagedep 14 132K 31 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 105 105K 122 linker 222 89K 253 bus 984 79K 3332 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 494 62K 494 gtaskqueue 22 34K 22 hostcache 1 32K 1 shm 1 32K 1 kdtrace 163 32K 1693 DEVFS3 124 31K 134 msg 4 30K 4 umtx 240 30K 240 DEVFS_RULE 56 27K 56 ifaddr 69 23K 71 kbdmux 6 22K 6 vmem 3 19K 4 BPF 14 19K 14 temp 34 17K 1814 ufs_mount 3 17K 4 proc 3 17K 3 lltable 44 16K 44 tty 16 16K 16 tidhash 1 16K 1 ithread 89 15K 89 ether_multi 167 14K 172 bus-sc 30 14K 1394 KTRACE 100 13K 100 ifnet 7 13K 7 kenv 95 12K 99 eventhandler 122 11K 122 pfs_nodes 20 10K 20 in6_multi 83 10K 83 GEOM 60 10K 487 rman 82 10K 423 bmsafemap 2 9K 60 devstat 4 9K 4 UART 12 9K 12 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 routetbl 56 8K 60 audit_evclass 231 8K 289 cred 28 7K 199 CAM DEV 3 6K 510 vt 11 6K 11 kqueue 52 6K 818 sglist 5 6K 5 CAM queue 5 6K 1528 plimit 20 5K 334 ufs_dirhash 24 5K 24 taskqueue 42 5K 42 DEVFSP 70 5K 74 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 kcovinfo 64 4K 68 UMA 236 4K 236 ip6ndp 19 4K 20 diradd 27 4K 59 hhook 13 4K 13 session 23 3K 33 pgrp 23 3K 33 acpisem 22 3K 22 terminal 11 3K 11 mkdir 20 3K 40 proc-args 42 3K 531 uidinfo 4 3K 4 local_apic 1 2K 1 io_apic 1 2K 1 indirdep 8 2K 10 ipsec-saq 2 2K 2 sctp_ifa 16 2K 16 select 14 2K 14 Unitno 29 2K 45 CAM XPT 22 2K 543 lockf 15 2K 22 in_multi 6 2K 7 newdirblk 11 2K 20 acpidev 20 2K 20 crypto 2 2K 2 msi 9 2K 9 tun 7 2K 7 softdep 1 1K 1 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 clone 8 1K 8 vnodemarker 2 1K 12 NFSD session 1 1K 1 CAM periph 4 1K 271 mld 6 1K 6 sctp_ifn 6 1K 6 igmp 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 CAM SIM 2 1K 2 pfil 4 1K 4 chacha20random 1 1K 1 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 osd 3 1K 9 dirrem 1 1K 29 inpcbpolicy 8 1K 163 vnodes 1 1K 1 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 loginclass 3 1K 3 CAM path 4 1K 1034 apmdev 1 1K 1 atkbddev 2 1K 2 freefile 1 1K 27 pmchooks 1 1K 1 prison 4 1K 4 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 soname 4 1K 5737 nexusdev 5 1K 5 entropy 2 1K 36 tcpfunc 1 1K 1 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 freework 1 1K 27 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 filecaps 1 1K 66 CAM CCB 0 0K 1902 madt_table 0 0K 2 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 ag_tgt_map_t malloc 0 0K 0 ag_slr_map_t malloc 0 0K 0 lDevFlags * malloc 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 CAM ccb queue 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 mps_user 0 0K 0 MPSSAS 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 12 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 4 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freeblks 0 0K 26 freefrag 0 0K 5 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 nfsclient_nlminfo 0 0K 0 nfsclient_lock 0 0K 0 NFS FHA 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 3 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 0 sctp_iter 0 0K 9 sctp_mvrf 0 0K 0 sctp_timw 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_athm 0 0K 0 sctp_atky 0 0K 0 sctp_atcl 0 0K 0 sctp_a_it 0 0K 9 sctp_aadr 0 0K 0 sctp_stro 0 0K 0 sctp_stri 0 0K 0 sctp_map 0 0K 0 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 mpr 0 0K 0 statfs 0 0K 191 export_host 0 0K 0 cl_savebuf 0 0K 2 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 mfibuf 0 0K 0 mbuf_tag 0 0K 100 accf 0 0K 0 pts 0 0K 0 iov 0 0K 13488 ioctlops 0 0K 102 Witness 0 0K 0 stack 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 586 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 nvme_da 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 SIIS driver 0 0K 0 db> show ktr No such command; use "help" to list available commands