Waiting for PIDS: 424panic: sx lock still held cpuid = 1 time = 1593451328 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0028a90880 vpanic() at vpanic+0x1c7/frame 0xfffffe0028a908e0 panic() at panic+0x43/frame 0xfffffe0028a90940 sx_destroy() at sx_destroy+0x63/frame 0xfffffe0028a90960 solisten_proto() at solisten_proto+0xd2/frame 0xfffffe0028a909c0 tcp6_usr_listen() at tcp6_usr_listen+0x1dc/frame 0xfffffe0028a90a30 solisten() at solisten+0x7a/frame 0xfffffe0028a90a70 kern_listen() at kern_listen+0x13c/frame 0xfffffe0028a90ab0 ia32_syscall() at ia32_syscall+0x24e/frame 0xfffffe0028a90bf0 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xfbfbaf78 KDB: enter: panic [ thread pid 1842 tid 100291 ] Stopped at kdb_enter+0x67: movq $0,0x14a4296(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0xfffffe002a400000 rdx 0x3ffff rbx 0 rsp 0xfffffe0028a90860 rbp 0xfffffe0028a90880 rsi 0x40001 rdi 0xffffffff810c0686 vprintf+0x176 r8 0 r9 0xffffffff r10 0 r11 0xfffffe00257ac310 r12 0xffffffff82068f70 ddb_dbbe r13 0 r14 0xffffffff819a824a r15 0xffffffff819a824a rip 0xffffffff810b5997 kdb_enter+0x67 rflags 0x200086 kernphys+0x86 kdb_enter+0x67: movq $0,0x14a4296(%rip) db> show proc Process 1842 (syz-executor.2) at 0xfffff800105a6000: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 783 at 0xfffff80010ad0000 ABI: FreeBSD ELF32 arguments: /root/syz-executor.2 reaper: 0xfffff80003310000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe002579c9e8 (map 0xfffffe002579c9e8) (map.pmap 0xfffffe002579caa8) (pmap 0xfffffe002579cb08) threads: 4 101149 RunQ syz-executor.2 100279 S sbwait 0xfffffe00239a747c syz-executor.2 101167 Run CPU 0 syz-executor.2 100291 Run CPU 1 syz-executor.2 db> ps pid ppid pgrp uid state wmesg wchan cmd 1847 771 771 0 S (threaded) syz-executor.1 100129 S nanslp 0xffffffff8252f241 syz-executor.1 100286 S select 0xfffff8001030ca40 syz-executor.1 100274 S sbwait 0xfffffe00239a8d6c syz-executor.1 101168 S uwait 0xfffff80003317d80 syz-executor.1 1842 783 783 0 R (threaded) syz-executor.2 101149 RunQ syz-executor.2 100279 S sbwait 0xfffffe00239a747c syz-executor.2 101167 Run CPU 0 syz-executor.2 100291 Run CPU 1 syz-executor.2 1635 1629 1383 0 S+ kqread 0xfffff80003b66600 pwait 1629 1383 1383 0 S+ wait 0xfffff80010cfb000 sh 1388 1386 1383 0 S+ nanslp 0xffffffff8252f241 sleep 1386 1383 1383 0 S+ wait 0xfffff80003dc4000 sh 1383 1 1383 0 Ss+ wait 0xfffff80003d47000 sh 818 809 818 0 Ss select 0xfffff8001044bcc0 dhclient 813 1 813 0 Ss select 0xfffff8001044bc40 dhclient 809 798 424 65 S select 0xfffff8001030cc40 dhclient 798 424 424 0 S wait 0xfffff80003cba000 sh 786 768 786 0 Ss piperd 0xfffff80003cc12f8 syz-executor.3 783 768 783 0 Ss nanslp 0xffffffff8252f241 syz-executor.2 771 768 771 0 Ss nanslp 0xffffffff8252f241 syz-executor.1 770 768 770 0 Ss piperd 0xfffff80003df6be0 syz-executor.0 768 766 766 0 S (threaded) syz-fuzzer 100079 S uwait 0xfffff800037efb80 syz-fuzzer 100105 S uwait 0xfffff800037ec500 syz-fuzzer 100106 S uwait 0xfffff800037ec600 syz-fuzzer 100107 S uwait 0xfffff800037ec700 syz-fuzzer 100108 S kqread 0xfffff80003dfce00 syz-fuzzer 100109 S uwait 0xfffff80003317380 syz-fuzzer 100110 S uwait 0xfffff80003a41480 syz-fuzzer 100111 S uwait 0xfffff80003a41580 syz-fuzzer 100112 S uwait 0xfffff80003a41680 syz-fuzzer 100113 S uwait 0xfffff80003317480 syz-fuzzer 100116 S uwait 0xfffff80003317580 syz-fuzzer 100117 S uwait 0xfffff80003317a80 syz-fuzzer 766 764 766 0 Ss pause 0xfffff80003cba5c8 csh 764 1 764 0 Ss select 0xfffff80010200040 sshd 495 1 495 0 Ss select 0xfffff80003bf7f40 syslogd 424 1 424 0 Ss wait 0xfffff80003cbda40 devd 423 1 423 65 Ss select 0xfffff8001030cec0 dhclient 338 1 338 0 Ss select 0xfffff80003c47140 dhclient 335 1 335 0 Ss select 0xfffff80003b62d40 dhclient 23 0 0 0 DL vlruwt 0xfffff800033ec520 [vnlru] 22 0 0 0 DL syncer 0xffffffff8261a498 [syncer] 21 0 0 0 DL (threaded) [bufdaemon] 100069 D qsleep 0xffffffff826197e0 [bufdaemon] 100076 D - 0xffffffff8200aa00 [bufspacedaemon-0] 100087 D sdflush 0xfffff8000342c4e8 [/ worker] 20 0 0 0 DL psleep 0xffffffff826407c8 [vmdaemon] 19 0 0 0 DL (threaded) [pagedaemon] 100067 D psleep 0xffffffff82634c58 [dom0] 100074 D launds 0xffffffff82634c64 [laundry: dom0] 100075 D umarcl 0xffffffff8154df20 [uma] 18 0 0 0 DL - 0xffffffff82362e78 [rand_harvestq] 17 0 0 0 DL pftm 0xffffffff82be13a0 [pf purge] 16 0 0 0 DL waiting 0xffffffff8261cc10 [sctp_iterator] 15 0 0 0 DL - 0xffffffff82618dec [soaiod4] 9 0 0 0 DL - 0xffffffff82618dec [soaiod3] 8 0 0 0 DL - 0xffffffff82618dec [soaiod2] 7 0 0 0 DL - 0xffffffff82618dec [soaiod1] 6 0 0 0 DL (threaded) [cam] 100033 D - 0xffffffff8223abc0 [doneq0] 100066 D - 0xffffffff8223aa90 [scanner] 5 0 0 0 DL crypto_ 0xfffff80003212d90 [crypto returns 1] 4 0 0 0 DL crypto_ 0xfffff80003212d30 [crypto returns 0] 3 0 0 0 DL crypto_ 0xffffffff82632440 [crypto] 14 0 0 0 DL seqstat 0xfffff800030d5488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100024 D - 0xffffffff8250e1c0 [g_event] 100025 D - 0xffffffff8250e1c8 [g_up] 100026 D - 0xffffffff8250e1d0 [g_down] 2 0 0 0 DL (threaded) [KTLS] 100017 D - 0xfffff80003093700 [thr_0] 100018 D - 0xfffff80003093740 [thr_1] 12 0 0 0 WL (threaded) [intr] 100010 I [swi5: fast taskq] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100019 I [swi4: clock (0)] 100020 I [swi4: clock (1)] 100021 I [swi3: vm] 100022 I [swi1: netisr 0] 100034 I [irq24: virtio_pci0] 100035 I [irq25: virtio_pci0] 100036 I [irq26: virtio_pci0] 100037 I [irq27: virtio_pci0] 100038 I [irq28: virtio_pci1] 100039 I [irq29: virtio_pci1] 100040 I [irq30: virtio_pci1] 100041 I [irq31: virtio_pci1] 100042 I [irq32: virtio_pci1] 100047 I [irq10: virtio_pci2] 100049 I [irq1: atkbd0] 100050 I [irq12: psm0] 100051 I [swi0: uart uart++] 100060 I [swi1: pf send] 100072 I [swi1: hpts] 100073 I [swi1: hpts] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff80003310000 [init] 10 0 0 0 DL audit_w 0xffffffff82632918 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff8250e750 [swapper] 100005 D - 0xfffff80003356100 [if_config_tqg_0] 100006 D - 0xfffff80003356000 [softirq_0] 100007 D - 0xfffff80003357e00 [softirq_1] 100008 D - 0xfffff80003357d00 [if_io_tqg_0] 100009 D - 0xfffff80003357c00 [if_io_tqg_1] 100011 D - 0xfffff80003351600 [kqueue_ctx taskq] 100012 D - 0xfffff80003351500 [aiod_kick taskq] 100015 D - 0xfffff80003351000 [in6m_free taskq] 100016 D - 0xfffff8000334ee00 [thread taskq] 100023 D - 0xfffff8000334e900 [firmware taskq] 100028 D - 0xfffff8000334e800 [crypto_0] 100029 D - 0xfffff8000334e800 [crypto_1] 100043 D - 0xfffff8000334e200 [vtnet0 rxq 0] 100044 D - 0xfffff8000334e100 [vtnet0 txq 0] 100045 D - 0xfffff8000334e000 [vtnet0 rxq 1] 100046 D - 0xfffff8000334fe00 [vtnet0 txq 1] 100048 D vtbslp 0xfffff800034f3580 [virtio_balloon] 100052 D - 0xfffff8000334f700 [mca taskq] 100056 D - 0xffffffff81d4d9f0 [deadlkres] 100061 D - 0xfffff80003b66200 [acpi_task_0] 100062 D - 0xfffff80003b66200 [acpi_task_1] 100063 D - 0xfffff80003b66200 [acpi_task_2] 100065 D - 0xfffff8000334e700 [CAM taskq] db> show all locks Process 1847 (syz-executor.1) thread 0xfffffe0025c76c00 (100274) exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe00239a8d10) locked @ /syzkaller/managers/i386/kernel/sys/kern/uipc_sockbuf.c:414 Process 1842 (syz-executor.2) thread 0xfffffe002586d800 (100279) exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe00239a7420) locked @ /syzkaller/managers/i386/kernel/sys/kern/uipc_sockbuf.c:414 Process 1842 (syz-executor.2) thread 0xfffffe002586b500 (101167) exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffffe00239aa278) locked @ /syzkaller/managers/i386/kernel/sys/kern/uipc_sockbuf.c:414 Process 1842 (syz-executor.2) thread 0xfffffe00257abe00 (100291) exclusive sleep mutex socket (socket) r = 0 (0xfffffe00239aa000) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_usrreq.c:495 exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8001041ab90) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_usrreq.c:487 db> serialport: VM disconnected.