panic: mutex process lock not owned at /syzkaller/managers/main/kernel/sys/kern/kern_time.c:261 cpuid = 1 time = 32788 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00245418c0 vpanic() at vpanic+0x1ce/frame 0xfffffe0024541930 panic() at panic+0x43/frame 0xfffffe0024541990 __mtx_assert() at __mtx_assert+0x196/frame 0xfffffe00245419d0 kern_thread_cputime() at kern_thread_cputime+0xaa/frame 0xfffffe0024541a20 kern_clock_gettime() at kern_clock_gettime+0x277/frame 0xfffffe0024541a80 sys_clock_gettime() at sys_clock_gettime+0x25/frame 0xfffffe0024541ab0 amd64_syscall() at amd64_syscall+0x499/frame 0xfffffe0024541bf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0024541bf0 --- syscall (198, FreeBSD ELF64, nosys), rip = 0x4132ea, rsp = 0x7fffdfffdf38, rbp = 0x2 --- KDB: enter: panic [ thread pid 1970 tid 100355 ] Stopped at kdb_enter+0x67: movq $0,0x14669d6(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0xfffffe0024a00000 rdx 0x3ffff rbx 0 rsp 0xfffffe00245418a0 rbp 0xfffffe00245418c0 rsi 0x40001 rdi 0xffffffff810ba616 vprintf+0x176 r8 0 r9 0xffffffff r10 0 r11 0xfffff8003afba4f0 r12 0xffffffff82068d90 ddb_dbbe r13 0 r14 0xffffffff81938dcf r15 0xffffffff81938dcf rip 0xffffffff810af6c7 kdb_enter+0x67 rflags 0x86 ll+0x65 kdb_enter+0x67: movq $0,0x14669d6(%rip) db> show proc Process 1970 (syz-executor.0) at 0xfffff80003a3aa60: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 770 at 0xfffff80003e40530 ABI: FreeBSD ELF64 arguments: /root/syz-executor.0 reaper: 0xfffff80003300a60 reapsubtree: 1 sigparent: 20 vmspace: 0xfffff8003ac1c000 (map 0xfffff8003ac1c000) (map.pmap 0xfffff8003ac1c0c0) (pmap 0xfffff8003ac1c120) threads: 2 100090 RunQ syz-executor.0 100355 Run CPU 1 syz-executor.0 db> ps pid ppid pgrp uid state wmesg wchan cmd 1970 770 770 0 R (threaded) syz-executor.0 100090 RunQ syz-executor.0 100355 Run CPU 1 syz-executor.0 1969 771 771 0 R syz-executor.3 1968 774 774 0 R (threaded) syz-executor.2 100096 Run CPU 0 syz-executor.2 100353 RunQ syz-executor.2 1967 773 773 0 R (threaded) syz-executor.1 100460 RunQ syz-executor.1 100366 S sbwait 0xfffff80003e6555c syz-executor.1 100368 S uwait 0xfffff80003a46880 syz-executor.1 1617 1610 1617 0 Ss select 0xfffff8003a5e9ac0 dhclient 1614 1 1614 0 Ss select 0xfffff8003a5e9a40 dhclient 1610 1596 422 65 S select 0xfffff80003da31c0 dhclient 1596 422 422 0 S wait 0xfffff80003b15000 sh 1587 1 1587 65 Ss select 0xfffff80003da3240 dhclient 817 1 817 0 Ss select 0xfffff80003d9c940 dhclient 811 1 811 0 Ss select 0xfffff80003a46ec0 dhclient 774 768 774 0 Rs syz-executor.2 773 768 773 0 Ss nanslp 0xffffffff824feca1 syz-executor.1 771 768 771 0 Ss nanslp 0xffffffff824feca1 syz-executor.3 770 768 770 0 Ss nanslp 0xffffffff824feca1 syz-executor.0 768 766 766 0 S (threaded) syz-fuzzer 100097 S uwait 0xfffff80003a45700 syz-fuzzer 100104 S uwait 0xfffff80003a45a00 syz-fuzzer 100105 S uwait 0xfffff80003a45b00 syz-fuzzer 100106 S uwait 0xfffff80003a45c00 syz-fuzzer 100107 S uwait 0xfffff80003d9ce00 syz-fuzzer 100108 S kqread 0xfffff80003cf2500 syz-fuzzer 100109 S uwait 0xfffff80003d9cf00 syz-fuzzer 100110 S uwait 0xfffff80003a45200 syz-fuzzer 100112 S uwait 0xfffff80003a45400 syz-fuzzer 100113 S uwait 0xfffff80003d9c100 syz-fuzzer 766 764 766 0 Ss pause 0xfffff80003e40b08 csh 764 680 764 0 Ss select 0xfffff80003d9c840 sshd 746 1 746 0 Ss+ ttyin 0xfffff800034384b0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003b388b0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003b38cb0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003b370b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003b374b0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003b378b0 getty 740 1 740 0 Ss+ ttyin 0xfffff80003b37cb0 getty 739 1 739 0 Ss+ ttyin 0xfffff80003b3a0b0 getty 738 1 738 0 Ss+ ttyin 0xfffff80003b3a4b0 getty 684 1 684 0 Ss nanslp 0xffffffff824feca1 cron 680 1 680 0 Ss select 0xfffff80003da73c0 sshd 493 1 493 0 Ss select 0xfffff80003da7040 syslogd 422 1 422 0 Ss wait 0xfffff80003e29000 devd 421 1 421 65 Ss select 0xfffff80003a45cc0 dhclient 336 1 336 0 Ss select 0xfffff80003da7940 dhclient 333 1 333 0 Ss select 0xfffff80003a48440 dhclient 21 0 0 0 DL vlruwt 0xfffff80003b15a60 [vnlru] 20 0 0 0 DL syncer 0xffffffff825d5158 [syncer] 19 0 0 0 DL (threaded) [bufdaemon] 100065 D qsleep 0xffffffff825d4658 [bufdaemon] 100066 D - 0xffffffff8200a980 [bufspacedaemon-0] 100077 D sdflush 0xfffff800038154e8 [/ worker] 18 0 0 0 DL psleep 0xffffffff825f00c8 [vmdaemon] 17 0 0 0 DL (threaded) [pagedaemon] 100063 D psleep 0xffffffff8261cfd8 [dom0] 100069 D launds 0xffffffff8261cfe4 [laundry: dom0] 100070 D umarcl 0xffffffff8153f880 [uma] 16 0 0 0 DL - 0xffffffff82359530 [rand_harvestq] 15 0 0 0 DL waiting 0xffffffff826625a0 [sctp_iterator] 9 0 0 0 DL - 0xffffffff825d405c [soaiod4] 8 0 0 0 DL - 0xffffffff825d405c [soaiod3] 7 0 0 0 DL - 0xffffffff825d405c [soaiod2] 6 0 0 0 DL - 0xffffffff825d405c [soaiod1] 5 0 0 0 DL (threaded) [cam] 100031 D - 0xffffffff82234940 [doneq0] 100062 D - 0xffffffff82234808 [scanner] 4 0 0 0 DL crypto_ 0xfffff80003338190 [crypto returns 1] 3 0 0 0 DL crypto_ 0xfffff80003338130 [crypto returns 0] 2 0 0 0 DL crypto_ 0xffffffff825ea138 [crypto] 14 0 0 0 DL seqstat 0xfffff8000337a088 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100022 D - 0xffffffff8261b608 [g_event] 100023 D - 0xffffffff8261b618 [g_up] 100024 D - 0xffffffff8261b610 [g_down] 12 0 0 0 WL (threaded) [intr] 100006 I [swi5: fast taskq] 100010 I [swi6: task queue] 100011 I [swi6: Giant taskq] 100017 I [swi3: vm] 100018 I [swi4: clock (0)] 100019 I [swi4: clock (1)] 100020 I [swi1: netisr 0] 100032 I [irq24: virtio_pci0] 100033 I [irq25: virtio_pci0] 100034 I [irq26: virtio_pci0] 100035 I [irq27: virtio_pci0] 100036 I [irq28: virtio_pci1] 100037 I [irq29: virtio_pci1] 100038 I [irq30: virtio_pci1] 100039 I [irq31: virtio_pci1] 100040 I [irq32: virtio_pci1] 100045 I [irq10: virtio_pci2] 100047 I [irq1: atkbd0] 100048 I [irq12: psm0] 100049 I [swi0: uart uart++] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff80003300a60 [init] 10 0 0 0 DL audit_w 0xffffffff82663230 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff82609c48 [swapper] 100005 D - 0xfffff80003200b00 [thread taskq] 100007 D - 0xfffff80003200700 [kqueue_ctx taskq] 100008 D - 0xfffff800031fc000 [config_0] 100009 D - 0xfffff80003200400 [aiod_kick taskq] 100012 D - 0xfffff800031fbe00 [if_config_tqg_0] 100013 D - 0xfffff800031fbd00 [if_io_tqg_0] 100014 D - 0xfffff800031fbc00 [if_io_tqg_1] 100015 D - 0xfffff800031fbb00 [softirq_0] 100016 D - 0xfffff800031fba00 [softirq_1] 100021 D - 0xfffff800031ff400 [firmware taskq] 100026 D - 0xfffff800031fed00 [crypto_0] 100027 D - 0xfffff800031fed00 [crypto_1] 100041 D - 0xfffff800031fe000 [vtnet0 rxq 0] 100042 D - 0xfffff800031fde00 [vtnet0 txq 0] 100043 D - 0xfffff800031fdd00 [vtnet0 rxq 1] 100044 D - 0xfffff800031fdc00 [vtnet0 txq 1] 100046 D vtbslp 0xfffff80003579880 [virtio_balloon] 100050 D - 0xfffff8000380ce00 [mca taskq] 100053 D - 0xffffffff81cdce20 [deadlkres] 100057 D - 0xfffff80003a4e700 [acpi_task_0] 100058 D - 0xfffff80003a4e700 [acpi_task_1] 100059 D - 0xfffff80003a4e700 [acpi_task_2] 100061 D - 0xfffff800031fe600 [CAM taskq] db> show all locks db> show malloc Type InUse MemUse Requests devbuf 4213 4851K 4241 vtbuf 24 1968K 46 sysctloid 26737 1565K 26801 kobj 332 1328K 488 newblk 12 1027K 4138 vfscache 4 1025K 4 inodedep 83 553K 1499 pcb 24 537K 786 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 138 265K 2053 acpica 1674 185K 49750 vnet_data 1 168K 1 filedesc 21 149K 2309 pagedep 10 131K 1176 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 105 105K 122 linker 222 89K 253 bus 980 79K 3332 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 494 62K 494 BPF 30 53K 30 umtx 312 39K 312 gtaskqueue 22 34K 22 kdtrace 175 34K 6317 hostcache 1 32K 1 shm 1 32K 37 DEVFS3 124 31K 134 msg 4 30K 4 DEVFS_RULE 56 27K 56 cred 96 24K 707 ifaddr 72 24K 74 kbdmux 6 22K 6 vmem 3 20K 5 dirrem 71 18K 1357 lltable 46 17K 50 temp 34 17K 1985 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ithread 89 15K 89 ether_multi 172 14K 182 bus-sc 30 14K 1394 KTRACE 100 13K 100 ifnet 7 13K 7 kenv 95 12K 99 in6_multi 89 11K 89 eventhandler 122 11K 122 pfs_nodes 20 10K 20 GEOM 60 10K 487 rman 82 10K 423 freefile 71 9K 1355 bmsafemap 2 9K 1439 devstat 4 9K 4 UART 12 9K 12 rpc 2 8K 2 sctp_timw 32 8K 32 shmfd 1 8K 1 pfs_vncache 1 8K 1 routetbl 58 8K 62 audit_evclass 231 8K 289 select 52 7K 52 CAM DEV 3 6K 510 kqueue 58 6K 1975 plimit 22 6K 396 vt 11 6K 11 sglist 5 6K 5 CAM queue 5 6K 1528 ufs_dirhash 24 5K 24 DEVFSP 74 5K 78 taskqueue 42 5K 42 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 kcovinfo 64 4K 68 UMA 236 4K 236 session 28 4K 39 pgrp 28 4K 48 hhook 13 4K 13 acpisem 22 3K 22 terminal 11 3K 11 lockf 24 3K 715 proc-args 47 3K 570 uidinfo 4 3K 65 sctp_ifa 17 3K 17 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 ip6ndp 12 2K 21 Unitno 33 2K 2623 CAM XPT 22 2K 543 in_multi 6 2K 8 acpidev 20 2K 20 crypto 2 2K 2 msi 9 2K 9 tun 7 2K 7 freework 5 2K 1557 softdep 1 1K 1 mkdir 8 1K 2280 freeblks 4 1K 1206 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 clone 8 1K 8 vnodemarker 2 1K 64 NFSD session 1 1K 1 CAM periph 4 1K 271 mld 6 1K 6 sctp_ifn 6 1K 6 igmp 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 diradd 5 1K 1392 CAM SIM 2 1K 2 newdirblk 4 1K 1140 pfil 4 1K 4 chacha20random 1 1K 1 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 inpcbpolicy 12 1K 3903 osd 3 1K 9 vnodes 1 1K 2 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 loginclass 3 1K 3 CAM path 4 1K 1034 apmdev 1 1K 1 atkbddev 2 1K 2 pmchooks 1 1K 1 prison 4 1K 4 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 soname 4 1K 6133 nexusdev 5 1K 5 entropy 2 1K 38 tcpfunc 1 1K 1 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 filecaps 3 1K 79 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 CAM CCB 0 0K 5568 madt_table 0 0K 2 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 ag_tgt_map_t malloc 0 0K 0 ag_slr_map_t malloc 0 0K 0 lDevFlags * malloc 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 CAM ccb queue 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 mps_user 0 0K 0 MPSSAS 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 699 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 33 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freefrag 0 0K 11 allocindir 0 0K 0 indirdep 0 0K 483 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 nfsclient_nlminfo 0 0K 0 nfsclient_lock 0 0K 0 NFS FHA 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 6 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 300 sctp_iter 0 0K 10 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_athm 0 0K 419 sctp_atky 0 0K 530 sctp_atcl 0 0K 419 sctp_a_it 0 0K 10 sctp_aadr 0 0K 0 sctp_stro 0 0K 111 sctp_stri 0 0K 0 sctp_map 0 0K 222 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 10 in_mfilter 0 0K 4 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 mpr 0 0K 0 statfs 0 0K 1312 export_host 0 0K 0 cl_savebuf 0 0K 4 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 mfibuf 0 0K 0 mbuf_tag 0 0K 120 accf 0 0K 0 pts 0 0K 0 iov 0 0K 15451 ioctlops 0 0K 258 Witness 0 0K 0 stack 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 611 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 10 filedesc_to_leader 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 nvme_da 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 SIIS driver 0 0K 0 db> show ktr No such command; use "help" to list available commands