panic: _mtx_lock_sleep: recursed on non-recursive mutex rtentry @ /syzkaller/managers/main/kernel/sys/net/route.c:LINE
20 views
Skip to first unread message
syzbot
Jun 3, 2019, 11:13:06 AM6/3/19
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: c7cdb4a8 Another partial revert of r301289.
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14b3a1dea00000
dashboard link: https://syzkaller.appspot.com/bug?extid=f24d53c2045465142c43
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f24d53...@syzkaller.appspotmail.com
panic: _mtx_lock_sleep: recursed on non-recursive mutex rtentry @
/syzkaller/managers/main/kernel/sys/net/route.c:470
cpuid = 0
time = 16
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
0xfffffe001f67bfb0
vpanic() at vpanic+0x1e0/frame 0xfffffe001f67c010
panic() at panic+0x43/frame 0xfffffe001f67c070
__mtx_lock_sleep() at __mtx_lock_sleep+0x71a/frame 0xfffffe001f67c110
__mtx_lock_flags() at __mtx_lock_flags+0x157/frame 0xfffffe001f67c170
rtalloc1_fib() at rtalloc1_fib+0x16e/frame 0xfffffe001f67c280
ifa_ifwithroute() at ifa_ifwithroute+0x136/frame 0xfffffe001f67c2c0
rt_getifa_fib() at rt_getifa_fib+0x255/frame 0xfffffe001f67c330
rtrequest1_fib() at rtrequest1_fib+0xe3f/frame 0xfffffe001f67c450
route_output() at route_output+0x1259/frame 0xfffffe001f67c6d0
sosend_generic() at sosend_generic+0x73d/frame 0xfffffe001f67c7a0
sosend() at sosend+0xc6/frame 0xfffffe001f67c810
kern_sendit() at kern_sendit+0x35e/frame 0xfffffe001f67c8c0
sendit() at sendit+0x225/frame 0xfffffe001f67c920
sys_sendto() at sys_sendto+0x5c/frame 0xfffffe001f67c980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe001f67cab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe001f67cab0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x41311a, rsp =
0x7fffdfffdf38, rbp = 0x6 ---
KDB: enter: panic
[ thread pid 51797 tid 100388 ]
Stopped at kdb_enter+0x6a: movq $0,kdb_why
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: c7cdb4a8 Another partial revert of r301289.
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14b3a1dea00000
dashboard link: https://syzkaller.appspot.com/bug?extid=f24d53c2045465142c43
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f24d53...@syzkaller.appspotmail.com
panic: _mtx_lock_sleep: recursed on non-recursive mutex rtentry @
/syzkaller/managers/main/kernel/sys/net/route.c:470
cpuid = 0
time = 16
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
0xfffffe001f67bfb0
vpanic() at vpanic+0x1e0/frame 0xfffffe001f67c010
panic() at panic+0x43/frame 0xfffffe001f67c070
__mtx_lock_sleep() at __mtx_lock_sleep+0x71a/frame 0xfffffe001f67c110
__mtx_lock_flags() at __mtx_lock_flags+0x157/frame 0xfffffe001f67c170
rtalloc1_fib() at rtalloc1_fib+0x16e/frame 0xfffffe001f67c280
ifa_ifwithroute() at ifa_ifwithroute+0x136/frame 0xfffffe001f67c2c0
rt_getifa_fib() at rt_getifa_fib+0x255/frame 0xfffffe001f67c330
rtrequest1_fib() at rtrequest1_fib+0xe3f/frame 0xfffffe001f67c450
route_output() at route_output+0x1259/frame 0xfffffe001f67c6d0
sosend_generic() at sosend_generic+0x73d/frame 0xfffffe001f67c7a0
sosend() at sosend+0xc6/frame 0xfffffe001f67c810
kern_sendit() at kern_sendit+0x35e/frame 0xfffffe001f67c8c0
sendit() at sendit+0x225/frame 0xfffffe001f67c920
sys_sendto() at sys_sendto+0x5c/frame 0xfffffe001f67c980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe001f67cab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe001f67cab0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x41311a, rsp =
0x7fffdfffdf38, rbp = 0x6 ---
KDB: enter: panic
[ thread pid 51797 tid 100388 ]
Stopped at kdb_enter+0x6a: movq $0,kdb_why
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jun 3, 2019, 11:40:06 AM6/3/19
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: c7cdb4a8 Another partial revert of r301289.
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12bf9e4aa00000
dashboard link: https://syzkaller.appspot.com/bug?extid=f24d53c2045465142c43
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16572ca6a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17cfbcfea00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f24d53...@syzkaller.appspotmail.com
login: panic: _mtx_lock_sleep: recursed on non-recursive mutex rtentry @
vpanic() at vpanic+0x1e0/frame 0xfffffe0020e22010
panic() at panic+0x43/frame 0xfffffe0020e22070
__mtx_lock_sleep() at __mtx_lock_sleep+0x71a/frame 0xfffffe0020e22110
__mtx_lock_flags() at __mtx_lock_flags+0x157/frame 0xfffffe0020e22170
rtalloc1_fib() at rtalloc1_fib+0x16e/frame 0xfffffe0020e22280
ifa_ifwithroute() at ifa_ifwithroute+0x136/frame 0xfffffe0020e222c0
rt_getifa_fib() at rt_getifa_fib+0x255/frame 0xfffffe0020e22330
rtrequest1_fib() at rtrequest1_fib+0xe3f/frame 0xfffffe0020e22450
route_output() at route_output+0x1259/frame 0xfffffe0020e226d0
sosend_generic() at sosend_generic+0x73d/frame 0xfffffe0020e227a0
sosend() at sosend+0xc6/frame 0xfffffe0020e22810
kern_sendit() at kern_sendit+0x35e/frame 0xfffffe0020e228c0
sendit() at sendit+0x225/frame 0xfffffe0020e22920
sys_sendto() at sys_sendto+0x5c/frame 0xfffffe0020e22980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe0020e22ab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0020e22ab0
--- syscall (0, FreeBSD ELF64, nosys), rip = 0x41c38a, rsp =
0x7fffffffead8, rbp = 0x7fffffffeb40 ---
KDB: enter: panic
[ thread pid 759 tid 100081 ]
HEAD commit: c7cdb4a8 Another partial revert of r301289.
git tree: freebsd
dashboard link: https://syzkaller.appspot.com/bug?extid=f24d53c2045465142c43
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16572ca6a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17cfbcfea00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f24d53...@syzkaller.appspotmail.com
/syzkaller/managers/main/kernel/sys/net/route.c:470
cpuid = 0
time = 1559575590
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
0xfffffe0020e21fb0
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
vpanic() at vpanic+0x1e0/frame 0xfffffe0020e22010
panic() at panic+0x43/frame 0xfffffe0020e22070
__mtx_lock_sleep() at __mtx_lock_sleep+0x71a/frame 0xfffffe0020e22110
__mtx_lock_flags() at __mtx_lock_flags+0x157/frame 0xfffffe0020e22170
rtalloc1_fib() at rtalloc1_fib+0x16e/frame 0xfffffe0020e22280
ifa_ifwithroute() at ifa_ifwithroute+0x136/frame 0xfffffe0020e222c0
rt_getifa_fib() at rt_getifa_fib+0x255/frame 0xfffffe0020e22330
rtrequest1_fib() at rtrequest1_fib+0xe3f/frame 0xfffffe0020e22450
route_output() at route_output+0x1259/frame 0xfffffe0020e226d0
sosend_generic() at sosend_generic+0x73d/frame 0xfffffe0020e227a0
sosend() at sosend+0xc6/frame 0xfffffe0020e22810
kern_sendit() at kern_sendit+0x35e/frame 0xfffffe0020e228c0
sendit() at sendit+0x225/frame 0xfffffe0020e22920
sys_sendto() at sys_sendto+0x5c/frame 0xfffffe0020e22980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe0020e22ab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0020e22ab0
--- syscall (0, FreeBSD ELF64, nosys), rip = 0x41c38a, rsp =
0x7fffffffead8, rbp = 0x7fffffffeb40 ---
KDB: enter: panic
[ thread pid 759 tid 100081 ]
Reply all
Reply to author
Forward
0 new messages