login: panic: mtx_lock() of destroyed mutex @ /syzkaller/managers/i386/kernel/sys/kern/sys_socket.c:316 cpuid = 0 time = 1582052085 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024ce7780 vpanic() at vpanic+0x1ce/frame 0xfffffe0024ce77f0 panic() at panic+0x43/frame 0xfffffe0024ce7850 __mtx_lock_flags() at __mtx_lock_flags+0x1e3/frame 0xfffffe0024ce78b0 soo_stat() at soo_stat+0x13b/frame 0xfffffe0024ce78f0 kern_fstat() at kern_fstat+0xe4/frame 0xfffffe0024ce7940 freebsd11_freebsd32_fstat() at freebsd11_freebsd32_fstat+0x2d/frame 0xfffffe0024ce7ab0 ia32_syscall() at ia32_syscall+0x2cf/frame 0xfffffe0024ce7bf0 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x814265f KDB: enter: panic [ thread pid 902 tid 100439 ] Stopped at kdb_enter+0x67: movq $0,0x1464f96(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0x80 ll+0x5f rdx 0xffffffff818f4cc5 rbx 0 rsp 0xfffffe0024ce7760 rbp 0xfffffe0024ce7780 rsi 0x1 rdi 0 r8 0 r9 0xffffffff r10 0 r11 0xfffffe00249dd100 r12 0xffffffff82068f00 ddb_dbbe r13 0 r14 0xffffffff8193cdec r15 0xffffffff8193cdec rip 0xffffffff810b2127 kdb_enter+0x67 rflags 0x200086 kernphys+0x86 kdb_enter+0x67: movq $0,0x1464f96(%rip) db> show proc Process 902 (syz-executor.3) at 0xfffff8003a98fa60: state: NORMAL uid: 60929 gids: 0, 0, 5 parent: pid 779 at 0xfffff8003a64a000 ABI: FreeBSD ELF32 arguments: /root/syz-executor.3 reaper: 0xfffff800032d3000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00249cf000 (map 0xfffffe00249cf000) (map.pmap 0xfffffe00249cf0c0) (pmap 0xfffffe00249cf120) threads: 5 100152 RunQ syz-executor.3 100423 S accept 0xfffffe0004dd8a20 syz-executor.3 100424 Run CPU 1 syz-executor.3 100438 S accept 0xfffffe0004dd6698 syz-executor.3 100439 Run CPU 0 syz-executor.3 db> ps pid ppid pgrp uid state wmesg wchan cmd 905 773 773 0 S (threaded) syz-executor.1 100266 S nanslp 0xffffffff824ffcc1 syz-executor.1 100436 S accept 0xfffffe0004dd7168 syz-executor.1 100437 S uwait 0xfffff8003a873500 syz-executor.1 904 780 780 0 S (threaded) syz-executor.0 100431 S nanslp 0xffffffff824ffcc0 syz-executor.0 100432 S accept 0xfffffe0004dd7878 syz-executor.0 100433 S uwait 0xfffff8003a3aaa80 syz-executor.0 903 774 774 0 S (threaded) syz-executor.2 100095 S nanslp 0xffffffff824ffcc1 syz-executor.2 100427 S accept 0xfffffe0004dd1c00 syz-executor.2 100428 S uwait 0xfffff8003a3aa880 syz-executor.2 902 779 779 0 R (threaded) syz-executor.3 100152 RunQ syz-executor.3 100423 S accept 0xfffffe0004dd8a20 syz-executor.3 100424 Run CPU 1 syz-executor.3 100438 S accept 0xfffffe0004dd6698 syz-executor.3 100439 Run CPU 0 syz-executor.3 826 816 826 0 Ss select 0xfffff8000357d1c0 dhclient 819 1 819 0 Ss select 0xfffff8000357d140 dhclient 816 798 422 65 S select 0xfffff800032c9840 dhclient 798 422 422 0 S wait 0xfffff80003cb3000 sh 780 771 780 0 Ss nanslp 0xffffffff824ffcc1 syz-executor.0 779 771 779 0 Ss nanslp 0xffffffff824ffcc1 syz-executor.3 774 771 774 0 Ss nanslp 0xffffffff824ffcc1 syz-executor.2 773 771 773 0 Ss nanslp 0xffffffff824ffcc1 syz-executor.1 771 769 769 0 S (threaded) syz-execprog 100103 S uwait 0xfffff800032d7c00 syz-execprog 100104 S uwait 0xfffff800030afc00 syz-execprog 100105 S uwait 0xfffff800030afd00 syz-execprog 100106 S uwait 0xfffff800030afe00 syz-execprog 100107 S uwait 0xfffff800030aff00 syz-execprog 100108 S uwait 0xfffff800032d7d00 syz-execprog 100109 S uwait 0xfffff8003a3aad80 syz-execprog 100110 S uwait 0xfffff8003a3af100 syz-execprog 100115 S kqread 0xfffff8003a527a00 syz-execprog 769 767 769 0 Ss pause 0xfffff8003a6445d8 csh 767 680 767 0