login: panic: mutex process lock not owned at /syzkaller/managers/main/kernel/sys/kern/kern_time.c:261 cpuid = 1 time = 1580884842 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00244fb8c0 vpanic() at vpanic+0x1ce/frame 0xfffffe00244fb930 panic() at panic+0x43/frame 0xfffffe00244fb990 __mtx_assert() at __mtx_assert+0x196/frame 0xfffffe00244fb9d0 kern_thread_cputime() at kern_thread_cputime+0xaa/frame 0xfffffe00244fba20 kern_clock_gettime() at kern_clock_gettime+0x277/frame 0xfffffe00244fba80 sys_clock_gettime() at sys_clock_gettime+0x25/frame 0xfffffe00244fbab0 amd64_syscall() at amd64_syscall+0x499/frame 0xfffffe00244fbbf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe00244fbbf0 --- syscall (198, FreeBSD ELF64, nosys), rip = 0x4132ea, rsp = 0x7fffdfffdf38, rbp = 0x2 --- KDB: enter: panic [ thread pid 809 tid 100118 ] Stopped at kdb_enter+0x67: movq $0,0x14669d6(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0xfffffe0026200000 rdx 0x3ffff rbx 0 rsp 0xfffffe00244fb8a0 rbp 0xfffffe00244fb8c0 rsi 0x40001 rdi 0xffffffff810ba616 vprintf+0x176 r8 0 r9 0xffffffff r10 0 r11 0xfffff8003ad47bd0 r12 0xffffffff82068d90 ddb_dbbe r13 0 r14 0xffffffff81938dcf r15 0xffffffff81938dcf rip 0xffffffff810af6c7 kdb_enter+0x67 rflags 0x86 ll+0x65 kdb_enter+0x67: movq $0,0x14669d6(%rip) db> show proc Process 809 (syz-executor.1) at 0xfffff80003f20530: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 771 at 0xfffff80003b17530 ABI: FreeBSD ELF64 arguments: /root/syz-executor.1 reaper: 0xfffff80003300a60 reapsubtree: 1 sigparent: 20 vmspace: 0xfffff8003a52e000 (map 0xfffff8003a52e000) (map.pmap 0xfffff8003a52e0c0) (pmap 0xfffff8003a52e120) threads: 2 100091 RunQ syz-executor.1 100118 Run CPU 1 syz-executor.1 db> ps pid ppid pgrp uid state wmesg wchan cmd 809 771 771 0 R (threaded) syz-executor.1 100091 RunQ syz-executor.1 100118 Run CPU 1 syz-executor.1 808 798 422 0 R sh 806 770 770 0 R (threaded) syz-executor.0 100116 RunQ syz-executor.0 100117 S uwait 0xfffff80003a44d00 syz-executor.0 804 766 764 0 R syz-executor.3 803 1 803 0 Ss select 0xfffff80003d93cc0 dhclient 802 782 782 0 R CPU 0 ifconfig 798 791 422 0 S wait 0xfffff80003d8ba60 dhclient 791 422 422 0 S wait 0xfffff8003a6d2000 sh 782 766 782 0 Ss wait 0xfffff80003b17000 syz-executor.2 771 766 771 0 Rs syz-executor.1 770 766 770 0 Ss nanslp 0xffffffff824feca1 syz-executor.0 766 764 764 0 S (threaded) syz-fuzzer 100102 S uwait 0xfffff80003a44f00 syz-fuzzer 100103 S uwait 0xfffff80003d93600 syz-fuzzer 100104 S uwait 0xfffff80003d93700 syz-fuzzer 100105 S uwait 0xfffff80003d8e900 syz-fuzzer 100106 S uwait 0xfffff80003a49080 syz-fuzzer 100107 S uwait 0xfffff80003a49180 syz-fuzzer 100108 S uwait 0xfffff80003a49300 syz-fuzzer 100109 S uwait 0xfffff80003a49400 syz-fuzzer 100111 S uwait 0xfffff80003d8ea00 syz-fuzzer 100112 S kqread 0xfffff80003cfad00 syz-fuzzer 100113 S uwait 0xfffff80003d8eb00 syz-fuzzer 764 762 764 0 Ss pause 0xfffff8003a6d2b08 csh 762 680 762 0 Ss select 0xfffff800031bd9c0 sshd 746 1 746 0 Ss+ ttyin 0xfffff800034384b0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003b388b0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003b38cb0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003b370b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003b374b0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003b378b0 getty 740 1 740 0 Ss+ ttyin 0xfffff80003b37cb0 getty 739 1 739 0 Ss+ ttyin 0xfffff80003b3c0b0 getty 738 1 738 0 Ss+ ttyin 0xfffff80003b3c4b0 getty 736 1 22 0 S+ piperd 0xfffff80003d7a2f8 logger 735 734 22 0 S+ nanslp 0xffffffff824feca0 sleep 734 1 22 0 S+ wait 0xfffff80003f1f530 sh 684 1 684 0 Ss nanslp 0xffffffff824feca1 cron 680 1 680 0 Ss select 0xfffff80003d937c0 sshd 493 1 493 0 Ss select 0xfffff800031bda40 syslogd 422 1 422 0 Ss wait 0xfffff80003df9000 devd 421 1 421 65 Ss select 0xfffff80003d90940 dhclient 336 1 336 0 Ss select 0xfffff80003d908c0 dhclient 333 1 333 0 Ss select 0xfffff80003d93840 dhclient 21 0 0 0 DL vlruwt 0xfffff80003b17a60 [vnlru] 20 0 0 0 DL syncer 0xffffffff825d5158 [syncer] 19 0 0 0 DL (threaded) [bufdaemon] 100065 D qsleep 0xffffffff825d4658 [bufdaemon] 100066 D - 0xffffffff8200a980 [bufspacedaemon-0] 100081 D sdflush 0xfffff80003d094e8 [/ worker] 18 0 0 0 DL psleep 0xffffffff825f00c8 [vmdaemon] 17 0 0 0 DL (threaded) [pagedaemon] 100063 D psleep 0xffffffff8261cfd8 [dom0] 100069 D launds 0xffffffff8261cfe4 [laundry: dom0] 100070 D umarcl 0xffffffff8153f880 [uma] 16 0 0 0 DL - 0xffffffff82359530 [rand_harvestq] 15 0 0 0 DL waiting 0xffffffff826625a0 [sctp_iterator] 9 0 0 0 DL - 0xffffffff825d405c [soaiod4] 8 0 0 0 DL - 0xffffffff825d405c [soaiod3] 7 0 0 0 DL - 0xffffffff825d405c [soaiod2] 6 0 0 0 DL - 0xffffffff825d405c [soaiod1] 5 0 0 0 DL (threaded) [cam] 100031 D - 0xffffffff82234940 [doneq0] 100062 D - 0xffffffff82234808 [scanner] 4 0 0 0 DL crypto_ 0xfffff80003338190 [crypto returns 1] 3 0 0 0 DL crypto_ 0xfffff80003338130 [crypto returns 0] 2 0 0 0 DL crypto_ 0xffffffff825ea138 [crypto] 14 0 0 0 DL seqstat 0xfffff8000337a088 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100022 D - 0xffffffff8261b608 [g_event] 100023 D - 0xffffffff8261b618 [g_up] 100024 D - 0xffffffff8261b610 [g_down] 12 0 0 0 WL (threaded) [intr] 100006 I [swi5: fast taskq] 100010 I [swi6: task queue] 100011 I [swi6: Giant taskq] 100017 I [swi3: vm] 100018 I [swi4: clock (0)] 100019 I [swi4: clock (1)] 100020 I [swi1: netisr 0] 100032 I [irq24: virtio_pci0] 100033 I [irq25: virtio_pci0] 100034 I [irq26: virtio_pci0] 100035 I [irq27: virtio_pci0] 100036 I [irq28: virtio_pci1] 100037 I [irq29: virtio_pci1] 100038 I [irq30: virtio_pci1] 100039 I [irq31: virtio_pci1] 100040 I [irq32: virtio_pci1] 100045 I [irq10: virtio_pci2] 100047 I [irq1: atkbd0] 100048 I [irq12: psm0] 100049 I [swi0: uart uart++] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff80003300a60 [init] 10 0 0 0 DL audit_w 0xffffffff82663230 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff82609c48 [swapper] 100005 D - 0xfffff80003200b00 [thread taskq] 100007 D - 0xfffff80003200700 [kqueue_ctx taskq] 100008 D - 0xfffff800031fc000 [config_0] 100009 D - 0xfffff80003200400 [aiod_kick taskq] 100012 D - 0xfffff800031fbe00 [if_config_tqg_0] 100013 D - 0xfffff800031fbd00 [if_io_tqg_0] 100014 D - 0xfffff800031fbc00 [if_io_tqg_1] 100015 D - 0xfffff800031fbb00 [softirq_0] 100016 D - 0xfffff800031fba00 [softirq_1] 100021 D - 0xfffff800031ff400 [firmware taskq] 100026 D - 0xfffff800031fed00 [crypto_0] 100027 D - 0xfffff800031fed00 [crypto_1] 100041 D - 0xfffff800031fe000 [vtnet0 rxq 0] 100042 D - 0xfffff800031fde00 [vtnet0 txq 0] 100043 D - 0xfffff800031fdd00 [vtnet0 rxq 1] 100044 D - 0xfffff800031fdc00 [vtnet0 txq 1] 100046 D vtbslp 0xfffff80003579880 [virtio_balloon] 100050 D - 0xfffff8000380ae00 [mca taskq] 100054 D - 0xffffffff81cdce20 [deadlkres] 100057 D - 0xfffff80003a52700 [acpi_task_0] 100058 D - 0xfffff80003a52700 [acpi_task_1] 100059 D - 0xfffff80003a52700 [acpi_task_2] 100061 D - 0xfffff800031fe600 [CAM taskq] 810 808 422 0 Z ifconfig db> show all locks Process 802 (ifconfig) thread 0xfffff80003e156e0 (100084) exclusive sx vm map (user) (vm map (user)) r = 0 (0xfffff8003a6e2060) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:4761 db> show malloc Type InUse MemUse Requests devbuf 4213 4851K 4238 vtbuf 24 1968K 46 sysctloid 26737 1565K 26801 kobj 332 1328K 488 newblk 537 1158K 592 vfscache 4 1025K 4 pcb 22 537K 75 inodedep 33 528K 89 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 117 255K 872 acpica 1674 185K 49750 vnet_data 1 168K 1 pagedep 17 132K 28 tfo_ccache 1 128K 1 filedesc 17 117K 43 sem 4 106K 4 DEVFS1 104 104K 119 linker 222 89K 250 bus 980 79K 3324 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 494 62K 494 gtaskqueue 22 34K 22 kdtrace 174 33K 1684 hostcache 1 32K 1 shm 1 32K 1 umtx 252 32K 252 DEVFS3 123 31K 133 msg 4 30K 4 DEVFS_RULE 56 27K 56 kbdmux 6 22K 6 ifaddr 58 19K 60 vmem 3 19K 4 BPF 13 18K 13 temp 30 17K 1744 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ithread 89 15K 89 bus-sc 30 14K 1394 KTRACE 100 13K 100 lltable 33 12K 33 kenv 95 12K 99 eventhandler 122 11K 122 ifnet 6 11K 6 pfs_nodes 20 10K 20 GEOM 60 10K 487 rman 82 10K 423 ether_multi 106 9K 111 bmsafemap 2 9K 58 devstat 4 9K 4 UART 12 9K 12 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 cred 29 8K 206 audit_evclass 231 8K 289 in6_multi 57 7K 57 routetbl 44 7K 48 CAM DEV 3 6K 510 kqueue 58 6K 815 vt 11 6K 11 plimit 21 6K 356 sglist 5 6K 5 CAM queue 5 6K 1528 ufs_dirhash 24 5K 24 taskqueue 42 5K 42 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 UMA 236 4K 236 diradd 28 4K 57 DEVFSP 53 4K 56 hhook 13 4K 13 session 24 3K 34 pgrp 24 3K 34 kcovinfo 48 3K 51 acpisem 22 3K 22 terminal 11 3K 11 proc-args 49 3K 519 indirdep 10 3K 10 select 19 3K 19 uidinfo 4 3K 5 ip6ndp 13 3K 14 mkdir 18 3K 34 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 lockf 19 2K 29 newdirblk 13 2K 17 CAM XPT 22 2K 543 Unitno 25 2K 43 sctp_ifa 11 2K 11 acpidev 20 2K 20 crypto 2 2K 2 msi 9 2K 9 softdep 1 1K 1 dirrem 4 1K 28 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 in_multi 4 1K 5 clone 8 1K 8 vnodemarker 2 1K 10 NFSD session 1 1K 1 CAM periph 4 1K 271 tun 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 mld 5 1K 5 igmp 5 1K 5 CAM SIM 2 1K 2 sctp_ifn 4 1K 4 pfil 4 1K 4 chacha20random 1 1K 1 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 inpcbpolicy 11 1K 150 osd 3 1K 9 freefile 2 1K 22 vnodes 1 1K 1 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 loginclass 3 1K 3 CAM path 4 1K 1034 apmdev 1 1K 1 atkbddev 2 1K 2 pmchooks 1 1K 1 prison 4 1K 4 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 soname 4 1K 5733 filecaps 4 1K 70 nexusdev 5 1K 5 entropy 2 1K 35 tcpfunc 1 1K 1 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 freework 1 1K 26 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 CAM CCB 0 0K 1878 madt_table 0 0K 2 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 ag_tgt_map_t malloc 0 0K 0 ag_slr_map_t malloc 0 0K 0 lDevFlags * malloc 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 CAM ccb queue 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 mps_user 0 0K 0 MPSSAS 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 12 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 3 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freeblks 0 0K 25 freefrag 0 0K 5 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 nfsclient_nlminfo 0 0K 0 nfsclient_lock 0 0K 0 NFS FHA 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 3 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 0 sctp_iter 0 0K 7 sctp_mvrf 0 0K 0 sctp_timw 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_athm 0 0K 0 sctp_atky 0 0K 0 sctp_atcl 0 0K 0 sctp_a_it 0 0K 7 sctp_aadr 0 0K 0 sctp_stro 0 0K 0 sctp_stri 0 0K 0 sctp_map 0 0K 0 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 mpr 0 0K 0 statfs 0 0K 190 export_host 0 0K 0 cl_savebuf 0 0K 2 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 mfibuf 0 0K 0 mbuf_tag 0 0K 69 accf 0 0K 0 pts 0 0K 0 iov 0 0K 13469 ioctlops 0 0K 95 Witness 0 0K 0 stack 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 579 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 nvme_da 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 SIIS driver 0 0K 0 db> show ktr No such command; use "help" to list available commands