panic: Assertion in_epoch(net_epoch_preempt) failed at /syzkaller/managers/i386/kernel/sys/netinet/ip_output.c:LINE
4 views
Skip to first unread message
syzbot
Jan 22, 2020, 9:39:11 AM1/22/20
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b17accbc Bring back redirect route expiration.
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1264ca6ee00000
dashboard link: https://syzkaller.appspot.com/bug?extid=da64217e140444c49f00
userspace arch: i386
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+da6421...@syzkaller.appspotmail.com
login: panic: Assertion in_epoch(net_epoch_preempt) failed at /syzkaller/managers/i386/kernel/sys/netinet/ip_output.c:325
cpuid = 1
time = 1579703926
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00244f1490
vpanic() at vpanic+0x1ce/frame 0xfffffe00244f1500
panic() at panic+0x43/frame 0xfffffe00244f1560
ip_output() at ip_output+0x2558/frame 0xfffffe00244f1700
sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x101c/frame 0xfffffe00244f1850
sctp_send_initiate() at sctp_send_initiate+0xa53/frame 0xfffffe00244f1950
sctp_connect() at sctp_connect+0x4b1/frame 0xfffffe00244f19b0
soconnectat() at soconnectat+0x183/frame 0xfffffe00244f1a10
kern_connectat() at kern_connectat+0x1ec/frame 0xfffffe00244f1a70
sys_connect() at sys_connect+0xd9/frame 0xfffffe00244f1ab0
ia32_syscall() at ia32_syscall+0x48c/frame 0xfffffe00244f1bf0
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x81425b3
KDB: enter: panic
[ thread pid 806 tid 100116 ]
Stopped at kdb_enter+0x67: movq $0,0x1466de6(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0
rax 0x12
rcx 0xfffffe0026800000
rdx 0x3ffff
rbx 0
rsp 0xfffffe00244f1470
rbp 0xfffffe00244f1490
rsi 0x40001
rdi 0xffffffff810ba276 vprintf+0x176
r8 0
r9 0xffffffff
r10 0x2ec8 ll+0x2ea7
r11 0xeffeceb1
r12 0xffffffff82068d90 ddb_dbbe
r13 0
r14 0xffffffff819363ab
r15 0xffffffff819363ab
rip 0xffffffff810af337 kdb_enter+0x67
rflags 0x200082 kernphys+0x82
kdb_enter+0x67: movq $0,0x1466de6(%rip)
db> show proc
Process 806 (syz-executor.1) at 0xfffff80003dada60:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 769 at 0xfffff80003deda60
ABI: FreeBSD ELF32
arguments: /root/syz-executor.1
reaper: 0xfffff800032fa530 reapsubtree: 1
sigparent: 20
vmspace: 0xfffff8003ab25000
(map 0xfffff8003ab25000)
(map.pmap 0xfffff8003ab250c0)
(pmap 0xfffff8003ab25120)
threads: 2
100078 RunQ syz-executor.1
100116 Run CPU 1 syz-executor.1
db> ps
pid ppid pgrp uid state wmesg wchan cmd
810 771 771 0 R (threaded) syz-executor.3
100117 RunQ syz-executor.3
100118 RunQ syz-executor.3
809 770 770 0 R (threaded) syz-executor.2
100087 Run CPU 0 syz-executor.2
100119 S accept 0xfffff80003eec878 syz-executor.2
808 789 422 0 R sysctl
806 769 769 0 R (threaded) syz-executor.1
100078 RunQ syz-executor.1
100116 Run CPU 1 syz-executor.1
789 775 422 0 S wait 0xfffff80003db4a60 sh
775 422 422 0 S wait 0xfffff80003f25a60 sh
771 766 771 0 Ss nanslp 0xffffffff824fed20 syz-executor.3
770 766 770 0 Ss nanslp 0xffffffff824fed20 syz-executor.2
769 766 769 0 Ss nanslp 0xffffffff824fed20 syz-executor.1
768 766 768 0 Rs syz-executor.0
766 764 764 0 S (threaded) syz-fuzzer
100096 S uwait 0xfffff80003cdd800 syz-fuzzer
100102 S uwait 0xfffff80003a47580 syz-fuzzer
100103 S uwait 0xfffff80003a47680 syz-fuzzer
100104 S uwait 0xfffff80003a47780 syz-fuzzer
100105 S uwait 0xfffff80003a45d80 syz-fuzzer
100106 S uwait 0xfffff80003a45e80 syz-fuzzer
100107 S kqread 0xfffff80003b33e00 syz-fuzzer
100108 S uwait 0xfffff80003cdcc00 syz-fuzzer
100109 S uwait 0xfffff80003cdcd00 syz-fuzzer
100111 S uwait 0xfffff80003cdd180 syz-fuzzer
764 762 764 0 Ss pause 0xfffff8003a4af5d8 csh
762 680 762 0 Ss select 0xfffff80003cd3640 sshd
746 1 746 0 Ss+ ttyin 0xfffff800033f7cb0 getty
745 1 745 0 Ss+ ttyin 0xfffff800033f8cb0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003aba0b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003aba4b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003aba8b0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003abacb0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003abb0b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003abb4b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003abb8b0 getty
736 1 22 0 S+ piperd 0xfffff80003d97000 logger
735 734 22 0 S+ nanslp 0xffffffff824fed21 sleep
734 1 22 0 S+ wait 0xfffff8003a4b6000 sh
684 1 684 0 Ss nanslp 0xffffffff824fed20 cron
680 1 680 0 Ss select 0xfffff80003cd3ac0 sshd
493 1 493 0 Ss select 0xfffff80003cd3b40 syslogd
422 1 422 0 Ss wait 0xfffff80003544a60 devd
421 1 421 65 Ss select 0xfffff80003d2b2c0 dhclient
336 1 336 0 Ss select 0xfffff80003cd3c40 dhclient
333 1 333 0 Ss select 0xfffff80003d2b4c0 dhclient
21 0 0 0 DL syncer 0xffffffff825d5198 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003b01000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d4698 [bufdaemon]
100070 D - 0xffffffff8200a980 [bufspacedaemon-0]
100082 D sdflush 0xfffff80003cff8e8 [/ worker]
18 0 0 0 DL psleep 0xffffffff825f0108 [vmdaemon]
17 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff8261d058 [dom0]
100068 D launds 0xffffffff8261d064 [laundry: dom0]
100069 D umarcl 0xffffffff8153d4b0 [uma]
16 0 0 0 DL - 0xffffffff823595b0 [rand_harvestq]
15 0 0 0 DL waiting 0xffffffff82662620 [sctp_iterator]
9 0 0 0 DL - 0xffffffff825d409c [soaiod4]
8 0 0 0 DL - 0xffffffff825d409c [soaiod3]
7 0 0 0 DL - 0xffffffff825d409c [soaiod2]
6 0 0 0 DL - 0xffffffff825d409c [soaiod1]
5 0 0 0 DL (threaded) [cam]
100031 D - 0xffffffff822349c0 [doneq0]
100062 D - 0xffffffff82234888 [scanner]
4 0 0 0 DL crypto_ 0xfffff800031f8e90 [crypto returns 1]
3 0 0 0 DL crypto_ 0xfffff800031f8e30 [crypto returns 0]
2 0 0 0 DL crypto_ 0xffffffff825ea178 [crypto]
14 0 0 0 DL seqstat 0xfffff80003362888 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100022 D - 0xffffffff8261b688 [g_event]
100023 D - 0xffffffff8261b698 [g_up]
100024 D - 0xffffffff8261b690 [g_down]
12 0 0 0 WL (threaded) [intr]
100006 I [swi5: fast taskq]
100010 I [swi6: task queue]
100011 I [swi6: Giant taskq]
100017 I [swi3: vm]
100018 I [swi4: clock (0)]
100019 I [swi4: clock (1)]
100020 I [swi1: netisr 0]
100032 I [irq24: virtio_pci0]
100033 I [irq25: virtio_pci0]
100034 I [irq26: virtio_pci0]
100035 I [irq27: virtio_pci0]
100036 I [irq28: virtio_pci1]
100037 I [irq29: virtio_pci1]
100038 I [irq30: virtio_pci1]
100039 I [irq31: virtio_pci1]
100040 I [irq32: virtio_pci1]
100045 I [irq10: virtio_pci2]
100047 I [irq1: atkbd0]
100048 I [irq12: psm0]
100049 I [swi0: uart uart++]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff800032fa530 [init]
10 0 0 0 DL audit_w 0xffffffff826632b0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff82609c78 [swapper]
100005 D - 0xfffff8000333d000 [thread taskq]
100007 D - 0xfffff8000333cd00 [kqueue_ctx taskq]
100008 D - 0xfffff8000333cc00 [config_0]
100009 D - 0xfffff8000333cb00 [aiod_kick taskq]
100012 D - 0xfffff8000333c800 [if_config_tqg_0]
100013 D - 0xfffff8000333c700 [if_io_tqg_0]
100014 D - 0xfffff8000333c600 [if_io_tqg_1]
100015 D - 0xfffff8000333c500 [softirq_0]
100016 D - 0xfffff8000333c400 [softirq_1]
100021 D - 0xfffff8000333c300 [firmware taskq]
100026 D - 0xfffff8000333c200 [crypto_0]
100027 D - 0xfffff8000333c200 [crypto_1]
100041 D - 0xfffff8000333c000 [vtnet0 rxq 0]
100042 D - 0xfffff8000333be00 [vtnet0 txq 0]
100043 D - 0xfffff8000333bd00 [vtnet0 rxq 1]
100044 D - 0xfffff8000333bc00 [vtnet0 txq 1]
100046 D vtbslp 0xfffff800034d4400 [virtio_balloon]
100050 D - 0xfffff8000333bb00 [mca taskq]
100054 D - 0xffffffff81cd9e01 [deadlkres]
100057 D - 0xfffff80003b34100 [acpi_task_0]
100058 D - 0xfffff80003b34100 [acpi_task_1]
100059 D - 0xfffff80003b34100 [acpi_task_2]
100061 D - 0xfffff8000333c100 [CAM taskq]
805 768 768 0 Z ndp
db> show all locks
Process 806 (syz-executor.1) thread 0xfffff8003abe7000 (100116)
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffff8003ae34928) locked @ /syzkaller/managers/i386/kernel/sys/netinet/sctp_pcb.c:4370
exclusive sleep mutex sctp-create (inp_create) r = 0 (0xfffff8003ad3f488) locked @ /syzkaller/managers/i386/kernel/sys/netinet/sctp_usrreq.c:7038
db> show malloc
Type InUse MemUse Requests
devbuf 4213 4851K 4238
vtbuf 24 1968K 46
sysctloid 26527 1553K 26591
kobj 331 1324K 487
newblk 540 1159K 582
vfscache 4 1025K 4
inodedep 67 545K 90
pcb 25 539K 82
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 119 252K 875
acpica 1674 185K 49750
vnet_data 1 168K 1
pagedep 25 134K 29
filedesc 19 133K 67
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 221 89K 252
bus 990 79K 3330
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 493 62K 493
gtaskqueue 22 34K 22
kdtrace 172 33K 1684
hostcache 1 32K 1
shm 1 32K 1
umtx 252 32K 252
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
ifaddr 70 23K 72
kbdmux 6 22K 6
vmem 3 19K 4
BPF 14 19K 14
lltable 47 18K 47
temp 34 17K 1791
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 89 15K 89
ether_multi 172 14K 177
bus-sc 30 14K 1394
KTRACE 100 13K 100
ifnet 7 13K 7
kenv 95 12K 99
eventhandler 123 11K 123
in6_multi 89 11K 89
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 3 9K 59
devstat 4 9K 4
UART 12 9K 12
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
routetbl 57 8K 61
audit_evclass 231 8K 289
cred 27 7K 195
CAM DEV 3 6K 508
diradd 47 6K 58
kqueue 57 6K 815
vt 11 6K 11
plimit 21 6K 333
sglist 5 6K 5
CAM queue 5 6K 1522
ufs_dirhash 24 5K 24
taskqueue 42 5K 42
DEVFSP 70 5K 74
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
kcovinfo 64 4K 68
ip6ndp 20 4K 21
UMA 234 4K 234
hhook 13 4K 13
mkdir 25 4K 38
session 24 3K 33
pgrp 24 3K 33
acpisem 22 3K 22
terminal 11 3K 11
proc-args 47 3K 524
indirdep 10 3K 10
uidinfo 4 3K 4
dirrem 17 3K 28
sctp_ifa 17 3K 17
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
select 15 2K 15
Unitno 28 2K 45
CAM XPT 22 2K 541
lockf 15 2K 22
in_multi 6 2K 7
acpidev 20 2K 20
crypto 2 2K 2
msi 9 2K 9
tun 7 2K 7
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
sctp_atcl 2 1K 2
sctp_stro 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 8
NFSD session 1 1K 1
newdirblk 15 1K 19
CAM periph 4 1K 270
mld 6 1K 6
sctp_ifn 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
CAM SIM 2 1K 2
softdep 1 1K 1
pfil 4 1K 4
chacha20random 1 1K 1
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
inpcbpolicy 9 1K 157
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 3
CAM path 4 1K 1030
apmdev 1 1K 1
atkbddev 2 1K 2
sctp_atky 3 1K 3
soname 5 1K 5715
pmchooks 1 1K 1
prison 4 1K 4
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
filecaps 4 1K 66
nexusdev 5 1K 5
entropy 2 1K 36
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
freework 1 1K 26
sctp_athm 2 1K 2
sctp_map 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
CAM CCB 0 0K 1819
madt_table 0 0K 2
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
CAM ccb queue 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 12
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefile 0 0K 9
freeblks 0 0K 25
freefrag 0 0K 5
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 7
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 7
sctp_aadr 0 0K 0
sctp_stri 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
mpr 0 0K 0
statfs 0 0K 188
export_host 0 0K 0
cl_savebuf 0 0K 2
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
mfibuf 0 0K 0
mbuf_tag 0 0K 109
accf 0 0K 0
pts 0 0K 0
iov 0 0K 13347
ioctlops 0 0K 96
Witness 0 0K 0
stack 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 565
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
db> show ktr
No such command; use "help" to list available commands
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: b17accbc Bring back redirect route expiration.
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1264ca6ee00000
dashboard link: https://syzkaller.appspot.com/bug?extid=da64217e140444c49f00
userspace arch: i386
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+da6421...@syzkaller.appspotmail.com
login: panic: Assertion in_epoch(net_epoch_preempt) failed at /syzkaller/managers/i386/kernel/sys/netinet/ip_output.c:325
cpuid = 1
time = 1579703926
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00244f1490
vpanic() at vpanic+0x1ce/frame 0xfffffe00244f1500
panic() at panic+0x43/frame 0xfffffe00244f1560
ip_output() at ip_output+0x2558/frame 0xfffffe00244f1700
sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x101c/frame 0xfffffe00244f1850
sctp_send_initiate() at sctp_send_initiate+0xa53/frame 0xfffffe00244f1950
sctp_connect() at sctp_connect+0x4b1/frame 0xfffffe00244f19b0
soconnectat() at soconnectat+0x183/frame 0xfffffe00244f1a10
kern_connectat() at kern_connectat+0x1ec/frame 0xfffffe00244f1a70
sys_connect() at sys_connect+0xd9/frame 0xfffffe00244f1ab0
ia32_syscall() at ia32_syscall+0x48c/frame 0xfffffe00244f1bf0
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x81425b3
KDB: enter: panic
[ thread pid 806 tid 100116 ]
Stopped at kdb_enter+0x67: movq $0,0x1466de6(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0
rax 0x12
rcx 0xfffffe0026800000
rdx 0x3ffff
rbx 0
rsp 0xfffffe00244f1470
rbp 0xfffffe00244f1490
rsi 0x40001
rdi 0xffffffff810ba276 vprintf+0x176
r8 0
r9 0xffffffff
r10 0x2ec8 ll+0x2ea7
r11 0xeffeceb1
r12 0xffffffff82068d90 ddb_dbbe
r13 0
r14 0xffffffff819363ab
r15 0xffffffff819363ab
rip 0xffffffff810af337 kdb_enter+0x67
rflags 0x200082 kernphys+0x82
kdb_enter+0x67: movq $0,0x1466de6(%rip)
db> show proc
Process 806 (syz-executor.1) at 0xfffff80003dada60:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 769 at 0xfffff80003deda60
ABI: FreeBSD ELF32
arguments: /root/syz-executor.1
reaper: 0xfffff800032fa530 reapsubtree: 1
sigparent: 20
vmspace: 0xfffff8003ab25000
(map 0xfffff8003ab25000)
(map.pmap 0xfffff8003ab250c0)
(pmap 0xfffff8003ab25120)
threads: 2
100078 RunQ syz-executor.1
100116 Run CPU 1 syz-executor.1
db> ps
pid ppid pgrp uid state wmesg wchan cmd
810 771 771 0 R (threaded) syz-executor.3
100117 RunQ syz-executor.3
100118 RunQ syz-executor.3
809 770 770 0 R (threaded) syz-executor.2
100087 Run CPU 0 syz-executor.2
100119 S accept 0xfffff80003eec878 syz-executor.2
808 789 422 0 R sysctl
806 769 769 0 R (threaded) syz-executor.1
100078 RunQ syz-executor.1
100116 Run CPU 1 syz-executor.1
789 775 422 0 S wait 0xfffff80003db4a60 sh
775 422 422 0 S wait 0xfffff80003f25a60 sh
771 766 771 0 Ss nanslp 0xffffffff824fed20 syz-executor.3
770 766 770 0 Ss nanslp 0xffffffff824fed20 syz-executor.2
769 766 769 0 Ss nanslp 0xffffffff824fed20 syz-executor.1
768 766 768 0 Rs syz-executor.0
766 764 764 0 S (threaded) syz-fuzzer
100096 S uwait 0xfffff80003cdd800 syz-fuzzer
100102 S uwait 0xfffff80003a47580 syz-fuzzer
100103 S uwait 0xfffff80003a47680 syz-fuzzer
100104 S uwait 0xfffff80003a47780 syz-fuzzer
100105 S uwait 0xfffff80003a45d80 syz-fuzzer
100106 S uwait 0xfffff80003a45e80 syz-fuzzer
100107 S kqread 0xfffff80003b33e00 syz-fuzzer
100108 S uwait 0xfffff80003cdcc00 syz-fuzzer
100109 S uwait 0xfffff80003cdcd00 syz-fuzzer
100111 S uwait 0xfffff80003cdd180 syz-fuzzer
764 762 764 0 Ss pause 0xfffff8003a4af5d8 csh
762 680 762 0 Ss select 0xfffff80003cd3640 sshd
746 1 746 0 Ss+ ttyin 0xfffff800033f7cb0 getty
745 1 745 0 Ss+ ttyin 0xfffff800033f8cb0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003aba0b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003aba4b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003aba8b0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003abacb0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003abb0b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003abb4b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003abb8b0 getty
736 1 22 0 S+ piperd 0xfffff80003d97000 logger
735 734 22 0 S+ nanslp 0xffffffff824fed21 sleep
734 1 22 0 S+ wait 0xfffff8003a4b6000 sh
684 1 684 0 Ss nanslp 0xffffffff824fed20 cron
680 1 680 0 Ss select 0xfffff80003cd3ac0 sshd
493 1 493 0 Ss select 0xfffff80003cd3b40 syslogd
422 1 422 0 Ss wait 0xfffff80003544a60 devd
421 1 421 65 Ss select 0xfffff80003d2b2c0 dhclient
336 1 336 0 Ss select 0xfffff80003cd3c40 dhclient
333 1 333 0 Ss select 0xfffff80003d2b4c0 dhclient
21 0 0 0 DL syncer 0xffffffff825d5198 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003b01000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d4698 [bufdaemon]
100070 D - 0xffffffff8200a980 [bufspacedaemon-0]
100082 D sdflush 0xfffff80003cff8e8 [/ worker]
18 0 0 0 DL psleep 0xffffffff825f0108 [vmdaemon]
17 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff8261d058 [dom0]
100068 D launds 0xffffffff8261d064 [laundry: dom0]
100069 D umarcl 0xffffffff8153d4b0 [uma]
16 0 0 0 DL - 0xffffffff823595b0 [rand_harvestq]
15 0 0 0 DL waiting 0xffffffff82662620 [sctp_iterator]
9 0 0 0 DL - 0xffffffff825d409c [soaiod4]
8 0 0 0 DL - 0xffffffff825d409c [soaiod3]
7 0 0 0 DL - 0xffffffff825d409c [soaiod2]
6 0 0 0 DL - 0xffffffff825d409c [soaiod1]
5 0 0 0 DL (threaded) [cam]
100031 D - 0xffffffff822349c0 [doneq0]
100062 D - 0xffffffff82234888 [scanner]
4 0 0 0 DL crypto_ 0xfffff800031f8e90 [crypto returns 1]
3 0 0 0 DL crypto_ 0xfffff800031f8e30 [crypto returns 0]
2 0 0 0 DL crypto_ 0xffffffff825ea178 [crypto]
14 0 0 0 DL seqstat 0xfffff80003362888 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100022 D - 0xffffffff8261b688 [g_event]
100023 D - 0xffffffff8261b698 [g_up]
100024 D - 0xffffffff8261b690 [g_down]
12 0 0 0 WL (threaded) [intr]
100006 I [swi5: fast taskq]
100010 I [swi6: task queue]
100011 I [swi6: Giant taskq]
100017 I [swi3: vm]
100018 I [swi4: clock (0)]
100019 I [swi4: clock (1)]
100020 I [swi1: netisr 0]
100032 I [irq24: virtio_pci0]
100033 I [irq25: virtio_pci0]
100034 I [irq26: virtio_pci0]
100035 I [irq27: virtio_pci0]
100036 I [irq28: virtio_pci1]
100037 I [irq29: virtio_pci1]
100038 I [irq30: virtio_pci1]
100039 I [irq31: virtio_pci1]
100040 I [irq32: virtio_pci1]
100045 I [irq10: virtio_pci2]
100047 I [irq1: atkbd0]
100048 I [irq12: psm0]
100049 I [swi0: uart uart++]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff800032fa530 [init]
10 0 0 0 DL audit_w 0xffffffff826632b0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff82609c78 [swapper]
100005 D - 0xfffff8000333d000 [thread taskq]
100007 D - 0xfffff8000333cd00 [kqueue_ctx taskq]
100008 D - 0xfffff8000333cc00 [config_0]
100009 D - 0xfffff8000333cb00 [aiod_kick taskq]
100012 D - 0xfffff8000333c800 [if_config_tqg_0]
100013 D - 0xfffff8000333c700 [if_io_tqg_0]
100014 D - 0xfffff8000333c600 [if_io_tqg_1]
100015 D - 0xfffff8000333c500 [softirq_0]
100016 D - 0xfffff8000333c400 [softirq_1]
100021 D - 0xfffff8000333c300 [firmware taskq]
100026 D - 0xfffff8000333c200 [crypto_0]
100027 D - 0xfffff8000333c200 [crypto_1]
100041 D - 0xfffff8000333c000 [vtnet0 rxq 0]
100042 D - 0xfffff8000333be00 [vtnet0 txq 0]
100043 D - 0xfffff8000333bd00 [vtnet0 rxq 1]
100044 D - 0xfffff8000333bc00 [vtnet0 txq 1]
100046 D vtbslp 0xfffff800034d4400 [virtio_balloon]
100050 D - 0xfffff8000333bb00 [mca taskq]
100054 D - 0xffffffff81cd9e01 [deadlkres]
100057 D - 0xfffff80003b34100 [acpi_task_0]
100058 D - 0xfffff80003b34100 [acpi_task_1]
100059 D - 0xfffff80003b34100 [acpi_task_2]
100061 D - 0xfffff8000333c100 [CAM taskq]
805 768 768 0 Z ndp
db> show all locks
Process 806 (syz-executor.1) thread 0xfffff8003abe7000 (100116)
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffff8003ae34928) locked @ /syzkaller/managers/i386/kernel/sys/netinet/sctp_pcb.c:4370
exclusive sleep mutex sctp-create (inp_create) r = 0 (0xfffff8003ad3f488) locked @ /syzkaller/managers/i386/kernel/sys/netinet/sctp_usrreq.c:7038
db> show malloc
Type InUse MemUse Requests
devbuf 4213 4851K 4238
vtbuf 24 1968K 46
sysctloid 26527 1553K 26591
kobj 331 1324K 487
newblk 540 1159K 582
vfscache 4 1025K 4
inodedep 67 545K 90
pcb 25 539K 82
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 119 252K 875
acpica 1674 185K 49750
vnet_data 1 168K 1
pagedep 25 134K 29
filedesc 19 133K 67
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 221 89K 252
bus 990 79K 3330
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 493 62K 493
gtaskqueue 22 34K 22
kdtrace 172 33K 1684
hostcache 1 32K 1
shm 1 32K 1
umtx 252 32K 252
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
ifaddr 70 23K 72
kbdmux 6 22K 6
vmem 3 19K 4
BPF 14 19K 14
lltable 47 18K 47
temp 34 17K 1791
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 89 15K 89
ether_multi 172 14K 177
bus-sc 30 14K 1394
KTRACE 100 13K 100
ifnet 7 13K 7
kenv 95 12K 99
eventhandler 123 11K 123
in6_multi 89 11K 89
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 3 9K 59
devstat 4 9K 4
UART 12 9K 12
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
routetbl 57 8K 61
audit_evclass 231 8K 289
cred 27 7K 195
CAM DEV 3 6K 508
diradd 47 6K 58
kqueue 57 6K 815
vt 11 6K 11
plimit 21 6K 333
sglist 5 6K 5
CAM queue 5 6K 1522
ufs_dirhash 24 5K 24
taskqueue 42 5K 42
DEVFSP 70 5K 74
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
kcovinfo 64 4K 68
ip6ndp 20 4K 21
UMA 234 4K 234
hhook 13 4K 13
mkdir 25 4K 38
session 24 3K 33
pgrp 24 3K 33
acpisem 22 3K 22
terminal 11 3K 11
proc-args 47 3K 524
indirdep 10 3K 10
uidinfo 4 3K 4
dirrem 17 3K 28
sctp_ifa 17 3K 17
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
select 15 2K 15
Unitno 28 2K 45
CAM XPT 22 2K 541
lockf 15 2K 22
in_multi 6 2K 7
acpidev 20 2K 20
crypto 2 2K 2
msi 9 2K 9
tun 7 2K 7
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
sctp_atcl 2 1K 2
sctp_stro 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 8
NFSD session 1 1K 1
newdirblk 15 1K 19
CAM periph 4 1K 270
mld 6 1K 6
sctp_ifn 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
CAM SIM 2 1K 2
softdep 1 1K 1
pfil 4 1K 4
chacha20random 1 1K 1
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
inpcbpolicy 9 1K 157
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 3
CAM path 4 1K 1030
apmdev 1 1K 1
atkbddev 2 1K 2
sctp_atky 3 1K 3
soname 5 1K 5715
pmchooks 1 1K 1
prison 4 1K 4
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
filecaps 4 1K 66
nexusdev 5 1K 5
entropy 2 1K 36
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
freework 1 1K 26
sctp_athm 2 1K 2
sctp_map 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
CAM CCB 0 0K 1819
madt_table 0 0K 2
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
CAM ccb queue 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
mps_user 0 0K 0
MPSSAS 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 12
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefile 0 0K 9
freeblks 0 0K 25
freefrag 0 0K 5
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 7
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 7
sctp_aadr 0 0K 0
sctp_stri 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
mpr 0 0K 0
statfs 0 0K 188
export_host 0 0K 0
cl_savebuf 0 0K 2
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
mfibuf 0 0K 0
mbuf_tag 0 0K 109
accf 0 0K 0
pts 0 0K 0
iov 0 0K 13347
ioctlops 0 0K 96
Witness 0 0K 0
stack 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 565
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
db> show ktr
No such command; use "help" to list available commands
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Feb 19, 2020, 12:00:12 AM2/19/20
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 7673f8d2 Epochify SCTP.
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14cab481e00000
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12d455e9e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+da6421...@syzkaller.appspotmail.com
login: panic: Assertion in_epoch(net_epoch_preempt) failed at /syzkaller/managers/i386/kernel/sys/netinet/ip_output.c:325
cpuid = 1
time = 1582088179
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00247d60b0
vpanic() at vpanic+0x1ce/frame 0xfffffe00247d6120
panic() at panic+0x43/frame 0xfffffe00247d6180
ip_output() at ip_output+0x2499/frame 0xfffffe00247d6320
sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x101c/frame 0xfffffe00247d6470
sctp_send_initiate() at sctp_send_initiate+0xa53/frame 0xfffffe00247d6570
sctp_lower_sosend() at sctp_lower_sosend+0x3f73/frame 0xfffffe00247d6780
sctp_sosend() at sctp_sosend+0x4fe/frame 0xfffffe00247d68b0
sosend() at sosend+0xc6/frame 0xfffffe00247d6920
kern_sendit() at kern_sendit+0x32d/frame 0xfffffe00247d69d0
freebsd32_sendmsg() at freebsd32_sendmsg+0x256/frame 0xfffffe00247d6ab0
ia32_syscall() at ia32_syscall+0x2cf/frame 0xfffffe00247d6bf0
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x8142fdc
KDB: enter: panic
[ thread pid 790 tid 100079 ]
Stopped at kdb_enter+0x67: movq $0,0x1464f96(%rip)
rdx 0xffffffff818f4ce4
rbx 0
rsp 0xfffffe00247d6090
rbp 0xfffffe00247d60b0
rsi 0x1
rdi 0
r8 0
r9 0xffffffff
r10 0x6375 ll+0x6354
r11 0xfffffe0004cfd800
r12 0xffffffff82068f00 ddb_dbbe
r13 0
r14 0xffffffff8193ce0b
r15 0xffffffff8193ce0b
rip 0xffffffff810b2127 kdb_enter+0x67
rflags 0x200086 kernphys+0x86
kdb_enter+0x67: movq $0,0x1464f96(%rip)
db> show proc
Process 790 (syz-executor.0) at 0xfffff80003bf2530:
ABI: FreeBSD ELF32
arguments: /root/syz-executor.0
reaper: 0xfffff800032d3000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe002497b9e8
(map 0xfffffe002497b9e8)
(map.pmap 0xfffffe002497baa8)
(pmap 0xfffffe002497bb08)
threads: 1
100079 Run CPU 1 syz-executor.0
788 422 422 0 R CPU 0 sh
773 771 773 0 Ss nanslp 0xffffffff824ffcc1 syz-executor.0
771 769 769 0 S (threaded) syz-execprog
100087 S uwait 0xfffff80003b2d500 syz-execprog
100103 S uwait 0xfffff80003b2ba80 syz-execprog
100104 S uwait 0xfffff80003b2bb80 syz-execprog
100105 S uwait 0xfffff80003b2bc80 syz-execprog
100106 S kqread 0xfffff80003aa3100 syz-execprog
100107 S uwait 0xfffff800039b7480 syz-execprog
100108 S uwait 0xfffff800039b4080 syz-execprog
100109 S uwait 0xfffff800039b4180 syz-execprog
100110 S uwait 0xfffff80003b2da80 syz-execprog
769 767 769 0 Ss pause 0xfffff80003bf2b08 csh
767 680 767 0 Ss select 0xfffff8000352a9c0 sshd
746 1 746 0 Ss+ ttyin 0xfffff800033a78b0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003a920b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003a924b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003a928b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003a92cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003a950b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003a954b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003a958b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003a95cb0 getty
736 1 22 0 S+ piperd 0xfffff80003bf8be0 logger
735 734 22 0 S+ nanslp 0xffffffff824ffcc0 sleep
734 1 22 0 S+ wait 0xfffff80003c90000 sh
684 1 684 0 Ss nanslp 0xffffffff824ffcc0 cron
680 1 680 0 Ss select 0xfffff800039d1ec0 sshd
493 1 493 0 Ss select 0xfffff8000352a640 syslogd
422 1 422 0 Ss wait 0xfffff80003cf1a60 devd
421 1 421 65 Ss select 0xfffff800039d1bc0 dhclient
336 1 336 0 Ss select 0xfffff800039d1dc0 dhclient
333 1 333 0 Ss select 0xfffff800039d1d40 dhclient
21 0 0 0 DL syncer 0xffffffff825d6158 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003a62000 [vnlru]
18 0 0 0 DL psleep 0xffffffff825f10c8 [vmdaemon]
100068 D launds 0xffffffff8261cfe4 [laundry: dom0]
100069 D umarcl 0xffffffff81542420 [uma]
16 0 0 0 DL - 0xffffffff8235a530 [rand_harvestq]
15 0 0 0 DL waiting 0xffffffff826625a0 [sctp_iterator]
9 0 0 0 DL - 0xffffffff825d505c [soaiod4]
8 0 0 0 DL - 0xffffffff825d505c [soaiod3]
7 0 0 0 DL - 0xffffffff825d505c [soaiod2]
6 0 0 0 DL - 0xffffffff825d505c [soaiod1]
100062 D - 0xffffffff82235808 [scanner]
4 0 0 0 DL crypto_ 0xfffff800033aa190 [crypto returns 1]
3 0 0 0 DL crypto_ 0xfffff800033aa130 [crypto returns 0]
2 0 0 0 DL crypto_ 0xffffffff825eb138 [crypto]
14 0 0 0 DL seqstat 0xfffff80003321888 [sequencer 00]
100023 D - 0xffffffff8261b618 [g_up]
100024 D - 0xffffffff8261b610 [g_down]
100009 I [swi6: task queue]
100010 I [swi6: Giant taskq]
100017 I [swi3: vm]
100018 I [swi1: netisr 0]
100019 I [swi4: clock (0)]
100020 I [swi4: clock (1)]
10 0 0 0 DL audit_w 0xffffffff82663230 [audit]
100006 D - 0xfffff800031c5e00 [config_0]
100007 D - 0xfffff800031cce00 [kqueue_ctx taskq]
100008 D - 0xfffff800031ccd00 [aiod_kick taskq]
100011 D - 0xfffff800031cca00 [thread taskq]
100012 D - 0xfffff800031c5d00 [softirq_0]
100013 D - 0xfffff800031c5c00 [softirq_1]
100014 D - 0xfffff800031c5b00 [if_io_tqg_0]
100015 D - 0xfffff800031c5a00 [if_io_tqg_1]
100016 D - 0xfffff800031c5900 [if_config_tqg_0]
100021 D - 0xfffff800031cc900 [firmware taskq]
100026 D - 0xfffff800031cc800 [crypto_0]
100027 D - 0xfffff800031cc800 [crypto_1]
100041 D - 0xfffff800031cc600 [vtnet0 rxq 0]
100042 D - 0xfffff800031cc500 [vtnet0 txq 0]
100043 D - 0xfffff800031cc400 [vtnet0 rxq 1]
100044 D - 0xfffff800031cc300 [vtnet0 txq 1]
100046 D vtbslp 0xfffff80003542d80 [virtio_balloon]
100050 D - 0xfffff800031cc200 [mca taskq]
100054 D - 0xffffffff81ce0c31 [deadlkres]
100057 D - 0xfffff80003a82a00 [acpi_task_0]
100058 D - 0xfffff80003a82a00 [acpi_task_1]
100059 D - 0xfffff80003a82a00 [acpi_task_2]
100061 D - 0xfffff800031cc700 [CAM taskq]
db> show all locks
Process 790 (syz-executor.0) thread 0xfffffe0004cfd300 (100079)
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0024a32380) locked @ /syzkaller/managers/i386/kernel/sys/netinet/sctp_output.c:13643
Process 788 (sh) thread 0xfffffe0004cd7c00 (100073)
shared rw ncbuc (ncbuc) r = 0 (0xfffff800031cf300) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_cache.c:1358
shared lockmgr ufs (ufs) r = 0 (0xfffff80003c49620) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_subr.c:2928
kobj 332 1328K 488
newblk 360 1114K 410
vfscache 4 1025K 4
pcb 23 539K 79
inodedep 54 539K 77
acpica 1674 185K 50140
vnet_data 1 168K 1
pagedep 17 132K 21
linker 222 89K 244
bus 964 78K 3311
filedesc 5 37K 17
gtaskqueue 22 34K 22
msg 4 30K 4
kdtrace 152 30K 1640
DEVFS_RULE 56 27K 56
vmem 3 22K 4
kbdmux 6 22K 6
BPF 11 18K 11
temp 22 17K 1639
ithread 89 15K 89
bus-sc 30 14K 1397
KTRACE 100 13K 100
kenv 95 12K 99
eventhandler 122 11K 122
lltable 20 7K 20
cred 27 7K 234
ifnet 4 7K 4
CAM DEV 3 6K 510
ether_multi 73 6K 78
routetbl 36 6K 40
vt 11 6K 11
kqueue 49 6K 795
sglist 5 6K 5
CAM queue 5 6K 1528
in6_multi 41 5K 41
ufs_dirhash 24 5K 24
plimit 18 5K 329
taskqueue 42 5K 42
dirrem 17 5K 28
UMA 235 4K 235
hhook 13 4K 13
pgrp 21 3K 32
uidinfo 4 3K 4
proc-args 41 3K 498
CAM XPT 22 2K 543
lockf 15 2K 22
Unitno 25 2K 39
ip6ndp 8 2K 9
acpidev 20 2K 20
mkdir 10 2K 22
indirdep 4 1K 4
newdirblk 7 1K 11
in_multi 3 1K 4
sctp_ifn 3 1K 3
igmp 3 1K 3
tun 4 1K 4
osd 3 1K 9
CAM path 4 1K 1034
p1003.1b 1 1K 1
CAM CCB 0 0K 1783
mps_user 0 0K 0
sctp_iter 0 0K 5
statfs 0 0K 196
HEAD commit: 7673f8d2 Epochify SCTP.
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14cab481e00000
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12d455e9e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+da6421...@syzkaller.appspotmail.com
login: panic: Assertion in_epoch(net_epoch_preempt) failed at /syzkaller/managers/i386/kernel/sys/netinet/ip_output.c:325
cpuid = 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00247d60b0
vpanic() at vpanic+0x1ce/frame 0xfffffe00247d6120
panic() at panic+0x43/frame 0xfffffe00247d6180
ip_output() at ip_output+0x2499/frame 0xfffffe00247d6320
sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x101c/frame 0xfffffe00247d6470
sctp_send_initiate() at sctp_send_initiate+0xa53/frame 0xfffffe00247d6570
sctp_lower_sosend() at sctp_lower_sosend+0x3f73/frame 0xfffffe00247d6780
sctp_sosend() at sctp_sosend+0x4fe/frame 0xfffffe00247d68b0
sosend() at sosend+0xc6/frame 0xfffffe00247d6920
kern_sendit() at kern_sendit+0x32d/frame 0xfffffe00247d69d0
freebsd32_sendmsg() at freebsd32_sendmsg+0x256/frame 0xfffffe00247d6ab0
ia32_syscall() at ia32_syscall+0x2cf/frame 0xfffffe00247d6bf0
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x8142fdc
KDB: enter: panic
[ thread pid 790 tid 100079 ]
Stopped at kdb_enter+0x67: movq $0,0x1464f96(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0
rax 0x12
rcx 0x80 ll+0x5f
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0
rax 0x12
rdx 0xffffffff818f4ce4
rbx 0
rsp 0xfffffe00247d6090
rbp 0xfffffe00247d60b0
rsi 0x1
rdi 0
r8 0
r9 0xffffffff
r10 0x6375 ll+0x6354
r11 0xfffffe0004cfd800
r12 0xffffffff82068f00 ddb_dbbe
r13 0
r14 0xffffffff8193ce0b
r15 0xffffffff8193ce0b
rip 0xffffffff810b2127 kdb_enter+0x67
rflags 0x200086 kernphys+0x86
kdb_enter+0x67: movq $0,0x1464f96(%rip)
db> show proc
Process 790 (syz-executor.0) at 0xfffff80003bf2530:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 773 at 0xfffff800033b1530
uid: 0 gids: 0, 0, 5
ABI: FreeBSD ELF32
arguments: /root/syz-executor.0
reaper: 0xfffff800032d3000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe002497b9e8
(map 0xfffffe002497b9e8)
(map.pmap 0xfffffe002497baa8)
(pmap 0xfffffe002497bb08)
threads: 1
100079 Run CPU 1 syz-executor.0
db> ps
pid ppid pgrp uid state wmesg wchan cmd
790 773 773 0 R CPU 1 syz-executor.0
pid ppid pgrp uid state wmesg wchan cmd
788 422 422 0 R CPU 0 sh
773 771 773 0 Ss nanslp 0xffffffff824ffcc1 syz-executor.0
771 769 769 0 S (threaded) syz-execprog
100087 S uwait 0xfffff80003b2d500 syz-execprog
100103 S uwait 0xfffff80003b2ba80 syz-execprog
100104 S uwait 0xfffff80003b2bb80 syz-execprog
100105 S uwait 0xfffff80003b2bc80 syz-execprog
100106 S kqread 0xfffff80003aa3100 syz-execprog
100107 S uwait 0xfffff800039b7480 syz-execprog
100108 S uwait 0xfffff800039b4080 syz-execprog
100109 S uwait 0xfffff800039b4180 syz-execprog
100110 S uwait 0xfffff80003b2da80 syz-execprog
769 767 769 0 Ss pause 0xfffff80003bf2b08 csh
767 680 767 0 Ss select 0xfffff8000352a9c0 sshd
746 1 746 0 Ss+ ttyin 0xfffff800033a78b0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003a920b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003a924b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003a928b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003a92cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003a950b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003a954b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003a958b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003a95cb0 getty
736 1 22 0 S+ piperd 0xfffff80003bf8be0 logger
735 734 22 0 S+ nanslp 0xffffffff824ffcc0 sleep
734 1 22 0 S+ wait 0xfffff80003c90000 sh
684 1 684 0 Ss nanslp 0xffffffff824ffcc0 cron
680 1 680 0 Ss select 0xfffff800039d1ec0 sshd
493 1 493 0 Ss select 0xfffff8000352a640 syslogd
422 1 422 0 Ss wait 0xfffff80003cf1a60 devd
421 1 421 65 Ss select 0xfffff800039d1bc0 dhclient
336 1 336 0 Ss select 0xfffff800039d1dc0 dhclient
333 1 333 0 Ss select 0xfffff800039d1d40 dhclient
21 0 0 0 DL syncer 0xffffffff825d6158 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003a62000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d5658 [bufdaemon]
100070 D - 0xffffffff8200a980 [bufspacedaemon-0]
100080 D sdflush 0xfffff800033a48e8 [/ worker]
18 0 0 0 DL psleep 0xffffffff825f10c8 [vmdaemon]
17 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff8261cfd8 [dom0]
100068 D launds 0xffffffff8261cfe4 [laundry: dom0]
100069 D umarcl 0xffffffff81542420 [uma]
16 0 0 0 DL - 0xffffffff8235a530 [rand_harvestq]
15 0 0 0 DL waiting 0xffffffff826625a0 [sctp_iterator]
9 0 0 0 DL - 0xffffffff825d505c [soaiod4]
8 0 0 0 DL - 0xffffffff825d505c [soaiod3]
7 0 0 0 DL - 0xffffffff825d505c [soaiod2]
6 0 0 0 DL - 0xffffffff825d505c [soaiod1]
5 0 0 0 DL (threaded) [cam]
100031 D - 0xffffffff82235940 [doneq0]
100062 D - 0xffffffff82235808 [scanner]
4 0 0 0 DL crypto_ 0xfffff800033aa190 [crypto returns 1]
3 0 0 0 DL crypto_ 0xfffff800033aa130 [crypto returns 0]
2 0 0 0 DL crypto_ 0xffffffff825eb138 [crypto]
14 0 0 0 DL seqstat 0xfffff80003321888 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100022 D - 0xffffffff8261b608 [g_event]
100023 D - 0xffffffff8261b618 [g_up]
100024 D - 0xffffffff8261b610 [g_down]
12 0 0 0 WL (threaded) [intr]
100005 I [swi5: fast taskq]
100009 I [swi6: task queue]
100010 I [swi6: Giant taskq]
100017 I [swi3: vm]
100018 I [swi1: netisr 0]
100019 I [swi4: clock (0)]
100020 I [swi4: clock (1)]
100032 I [irq24: virtio_pci0]
100033 I [irq25: virtio_pci0]
100034 I [irq26: virtio_pci0]
100035 I [irq27: virtio_pci0]
100036 I [irq28: virtio_pci1]
100037 I [irq29: virtio_pci1]
100038 I [irq30: virtio_pci1]
100039 I [irq31: virtio_pci1]
100040 I [irq32: virtio_pci1]
100045 I [irq10: virtio_pci2]
100047 I [irq1: atkbd0]
100048 I [irq12: psm0]
100049 I [swi0: uart uart++]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff800032d3000 [init]
100033 I [irq25: virtio_pci0]
100034 I [irq26: virtio_pci0]
100035 I [irq27: virtio_pci0]
100036 I [irq28: virtio_pci1]
100037 I [irq29: virtio_pci1]
100038 I [irq30: virtio_pci1]
100039 I [irq31: virtio_pci1]
100040 I [irq32: virtio_pci1]
100045 I [irq10: virtio_pci2]
100047 I [irq1: atkbd0]
100048 I [irq12: psm0]
100049 I [swi0: uart uart++]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
10 0 0 0 DL audit_w 0xffffffff82663230 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8260ac48 [swapper]
100006 D - 0xfffff800031c5e00 [config_0]
100007 D - 0xfffff800031cce00 [kqueue_ctx taskq]
100008 D - 0xfffff800031ccd00 [aiod_kick taskq]
100011 D - 0xfffff800031cca00 [thread taskq]
100012 D - 0xfffff800031c5d00 [softirq_0]
100013 D - 0xfffff800031c5c00 [softirq_1]
100014 D - 0xfffff800031c5b00 [if_io_tqg_0]
100015 D - 0xfffff800031c5a00 [if_io_tqg_1]
100016 D - 0xfffff800031c5900 [if_config_tqg_0]
100021 D - 0xfffff800031cc900 [firmware taskq]
100026 D - 0xfffff800031cc800 [crypto_0]
100027 D - 0xfffff800031cc800 [crypto_1]
100041 D - 0xfffff800031cc600 [vtnet0 rxq 0]
100042 D - 0xfffff800031cc500 [vtnet0 txq 0]
100043 D - 0xfffff800031cc400 [vtnet0 rxq 1]
100044 D - 0xfffff800031cc300 [vtnet0 txq 1]
100046 D vtbslp 0xfffff80003542d80 [virtio_balloon]
100050 D - 0xfffff800031cc200 [mca taskq]
100054 D - 0xffffffff81ce0c31 [deadlkres]
100057 D - 0xfffff80003a82a00 [acpi_task_0]
100058 D - 0xfffff80003a82a00 [acpi_task_1]
100059 D - 0xfffff80003a82a00 [acpi_task_2]
100061 D - 0xfffff800031cc700 [CAM taskq]
db> show all locks
Process 790 (syz-executor.0) thread 0xfffffe0004cfd300 (100079)
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0024a32380) locked @ /syzkaller/managers/i386/kernel/sys/netinet/sctp_output.c:13643
Process 788 (sh) thread 0xfffffe0004cd7c00 (100073)
shared rw ncbuc (ncbuc) r = 0 (0xfffff800031cf300) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_cache.c:1358
shared lockmgr ufs (ufs) r = 0 (0xfffff80003c49620) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_subr.c:2928
db> show malloc
Type InUse MemUse Requests
devbuf 4213 4851K 4238
vtbuf 24 1968K 46
sysctloid 26636 1559K 26700
Type InUse MemUse Requests
devbuf 4213 4851K 4238
vtbuf 24 1968K 46
kobj 332 1328K 488
newblk 360 1114K 410
vfscache 4 1025K 4
pcb 23 539K 79
inodedep 54 539K 77
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 105 217K 849
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
acpica 1674 185K 50140
vnet_data 1 168K 1
pagedep 17 132K 21
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 102 102K 113
sem 4 106K 4
linker 222 89K 244
bus 964 78K 3311
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 494 62K 494
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
filedesc 5 37K 17
gtaskqueue 22 34K 22
hostcache 1 32K 1
shm 1 32K 1
umtx 252 32K 252
DEVFS3 121 31K 131
shm 1 32K 1
umtx 252 32K 252
msg 4 30K 4
kdtrace 152 30K 1640
DEVFS_RULE 56 27K 56
vmem 3 22K 4
kbdmux 6 22K 6
BPF 11 18K 11
temp 22 17K 1639
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ifaddr 40 15K 42
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 89 15K 89
bus-sc 30 14K 1397
KTRACE 100 13K 100
kenv 95 12K 99
eventhandler 122 11K 122
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 4 9K 46
GEOM 60 10K 487
rman 82 10K 423
devstat 4 9K 4
UART 12 9K 12
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 231 8K 289
UART 12 9K 12
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
lltable 20 7K 20
cred 27 7K 234
ifnet 4 7K 4
CAM DEV 3 6K 510
ether_multi 73 6K 78
routetbl 36 6K 40
vt 11 6K 11
kqueue 49 6K 795
sglist 5 6K 5
CAM queue 5 6K 1528
in6_multi 41 5K 41
ufs_dirhash 24 5K 24
plimit 18 5K 329
taskqueue 42 5K 42
dirrem 17 5K 28
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
diradd 31 4K 42
MCA 32 4K 32
evdev 4 4K 4
UMA 235 4K 235
hhook 13 4K 13
acpisem 22 3K 22
terminal 11 3K 11
session 21 3K 32
terminal 11 3K 11
pgrp 21 3K 32
uidinfo 4 3K 4
proc-args 41 3K 498
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
select 14 2K 14
io_apic 1 2K 1
ipsec-saq 2 2K 2
CAM XPT 22 2K 543
lockf 15 2K 22
Unitno 25 2K 39
ip6ndp 8 2K 9
acpidev 20 2K 20
mkdir 10 2K 22
crypto 2 2K 2
msi 9 2K 9
softdep 1 1K 1
msi 9 2K 9
indirdep 4 1K 4
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
sctp_ifa 8 1K 8
sahead 1 1K 1
secasvar 1 1K 1
sctp_atcl 2 1K 2
sctp_stro 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 8
NFSD session 1 1K 1
CAM periph 4 1K 271
sctp_stro 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 8
NFSD session 1 1K 1
newdirblk 7 1K 11
in_multi 3 1K 4
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
CAM SIM 2 1K 2
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
CAM SIM 2 1K 2
pfil 4 1K 4
chacha20random 1 1K 1
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
mld 3 1K 3
chacha20random 1 1K 1
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
sctp_ifn 3 1K 3
igmp 3 1K 3
tun 4 1K 4
osd 3 1K 9
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
inpcbpolicy 7 1K 143
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 3
DEVFSP 3 1K 3
loginclass 3 1K 3
CAM path 4 1K 1034
apmdev 1 1K 1
atkbddev 2 1K 2
sctp_atky 3 1K 3
soname 5 1K 5763
atkbddev 2 1K 2
sctp_atky 3 1K 3
pmchooks 1 1K 1
prison 4 1K 4
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
filecaps 4 1K 66
nexusdev 5 1K 5
entropy 2 1K 37
prison 4 1K 4
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
filecaps 4 1K 66
nexusdev 5 1K 5
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
freework 1 1K 26
sctp_athm 2 1K 2
sctp_map 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
iov 1 1K 13169
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
freework 1 1K 26
sctp_athm 2 1K 2
sctp_map 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
CAM CCB 0 0K 1783
madt_table 0 0K 2
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
tempbuff 0 0K 0
smartpqi 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
fpukern_ctx 0 0K 0
ixl 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
CAM ccb queue 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
mpt_user 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
mps_user 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
MPSSAS 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 13
mpr_user 0 0K 0
MPRSAS 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 3
jfsync 0 0K 0
jtrunc 0 0K 0
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 5
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 2
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
mfibuf 0 0K 0
mbuf_tag 0 0K 46
cl_savebuf 0 0K 2
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
mfibuf 0 0K 0
accf 0 0K 0
pts 0 0K 0
ioctlops 0 0K 92
pts 0 0K 0
Witness 0 0K 0
stack 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 590
stack 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
kcovinfo 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
Reply all
Reply to author
Forward
0 new messages