panic: tcp_ouptapunit
0 views
Skip to first unread message
syzbot
Aug 28, 2022, 4:59:32 PM8/28/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 8ffe6ae0af63 Adjust desired output after tbl_term.c rev. 1..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=128b524d080000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=e859fd353c90eeac26f8
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e859fd...@syzkaller.appspotmail.com
panic: tcp_ouptapunit
cStopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*399709 38401 32767 0x10 0x4000000 1 syz-executor.0
324511 22286 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000c2e628) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd807b208030,fffffd80763f8c00,0,fffffd80763f8700) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff80002d07e2a8,3,ffff80002e4aba40,0,ffff80002e4abb30) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff80002d07e2a8,ffff80002e4abae8,ffff80002e4abb30) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff80002e4abbb0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002e4abbb0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4de36937ec0, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_map.c", line 2486
*cpu1: tcp_output
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000c2e628) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd807b208030,fffffd80763f8c00,0,fffffd80763f8700) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff80002d07e2a8,3,ffff80002e4aba40,0,ffff80002e4abb30) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff80002d07e2a8,ffff80002e4abae8,ffff80002e4abb30) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff80002e4abbb0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002e4abbb0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4de36937ec0, count: -9
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002e4ab520
rbx 0xffff800020dd9b8f
rdx 0xffff800000bd1240
rcx 0
rax 0xffff80002d07e2a8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x540f0505db77b548
r11 0x1e310a9952814052
r12 0xffff800020dd9990
r13 0
r14 0
r15 0x1
rip 0xffffffff823fc058 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002e4ab510
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.0) pid=399709 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=77, nice=20
forw=0xffffffffffffffff, list=0xffff80002d07e008,0xffff80002d07f278
process=0xffff8000ffff2158 user=0xffff80002e4a6000, vmspace=0xfffffd806c955460
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
62685 496049 35496 32767 2 0x10 syz-executor.7
38401 84732 41064 32767 2 0x10 syz-executor.0
*38401 399709 41064 32767 7 0x4000010 syz-executor.0
45174 342436 72388 32767 2 0x10 syz-executor.1
45174 409350 72388 32767 2 0x4000010 syz-executor.1
29604 81629 32056 32767 2 0x10 syz-executor.5
29604 154458 32056 32767 3 0x4000090 fsleep syz-executor.5
97173 288747 85444 32767 2 0x10 syz-executor.3
17917 307516 12339 32767 2 0x10 syz-executor.2
17917 344987 12339 32767 3 0x4000090 fsleep syz-executor.2
19897 336724 0 0 3 0x14200 bored sosplice
35496 336043 28053 32767 3 0x90 nanoslp syz-executor.7
53365 325337 19734 32767 3 0x90 nanoslp syz-executor.6
19734 493653 28041 0 3 0x82 wait syz-executor.6
28053 509498 28041 0 3 0x82 wait syz-executor.7
85444 234162 21323 32767 3 0x90 nanoslp syz-executor.3
26642 288423 45035 32767 3 0x90 nanoslp syz-executor.4
45035 241826 28041 0 3 0x82 wait syz-executor.4
32056 224309 6380 32767 3 0x90 nanoslp syz-executor.5
72388 332406 79319 32767 3 0x90 nanoslp syz-executor.1
6380 441890 28041 0 3 0x82 wait syz-executor.5
21323 13518 28041 0 3 0x82 wait syz-executor.3
79319 444849 28041 0 3 0x82 wait syz-executor.1
12339 163322 58874 32767 3 0x90 nanoslp syz-executor.2
41064 494820 31662 32767 3 0x90 nanoslp syz-executor.0
58874 268902 28041 0 3 0x82 wait syz-executor.2
31662 3018 28041 0 3 0x82 wait syz-executor.0
28041 420080 76077 0 3 0x82 wait syz-fuzzer
28041 118285 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 92053 76077 0 3 0x4000082 wait syz-fuzzer
28041 238445 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 39637 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 492809 76077 0 3 0x4000082 wait syz-fuzzer
28041 256605 76077 0 3 0x4000082 wait syz-fuzzer
28041 453869 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 51286 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 165573 76077 0 3 0x4000082 wait syz-fuzzer
28041 169850 76077 0 3 0x4000082 wait syz-fuzzer
28041 365737 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 285100 76077 0 3 0x4000082 wait syz-fuzzer
28041 76383 76077 0 3 0x4000082 wait syz-fuzzer
28041 216348 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 367935 76077 0 3 0x4000082 kqread syz-fuzzer
76077 256095 16891 0 3 0x10008a sigsusp ksh
16891 397768 27293 0 3 0x9a kqread sshd
15345 169711 1 0 3 0x100083 ttyin getty
27293 233573 1 0 3 0x88 kqread sshd
75398 329452 30516 73 3 0x1100090 kqread syslogd
30516 112963 1 0 3 0x100082 netio syslogd
19016 76924 1 0 3 0x100080 kqread resolvd
17599 142481 55876 77 3 0x100092 kqread dhcpleased
39199 276537 55876 77 3 0x100092 kqread dhcpleased
55876 203219 1 0 3 0x80 kqread dhcpleased
82862 194166 0 0 3 0x14200 bored smr
33648 354450 0 0 2 0x14200 zerothread
50920 408735 0 0 3 0x14200 aiodoned aiodoned
16147 253014 0 0 3 0x14200 syncer update
59972 220062 0 0 3 0x14200 cleaner cleaner
22286 324511 0 0 7 0x14200 reaper
56178 471467 0 0 3 0x14200 pgdaemon pagedaemon
51531 397341 0 0 3 0x14200 bored viomb
79414 408463 0 0 3 0x40014200 acpi0 acpi0
58708 168815 0 0 3 0x40014200 idle1
35043 168711 0 0 3 0x14200 bored softnet
40955 52304 0 0 3 0x14200 bored softnet
14413 133998 0 0 3 0x14200 bored softnet
77970 168288 0 0 3 0x14200 bored softnet
92979 114504 0 0 3 0x14200 bored systqmp
560 445423 0 0 3 0x14200 bored systq
41400 494760 0 0 3 0x40014200 bored softclock
76805 136944 0 0 3 0x40014200 idle0
1 345848 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex pvpl r = 0 (0xffffffff82a0c500)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pool_put+0x80 sys/kern/subr_pool.c:797
#4 pmap_do_remove+0x607 sys/arch/amd64/amd64/pmap.c:1878
#5 uvm_unmap_kill_entry_withlock+0x1af sys/uvm/uvm_map.c:1891
#6 uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
#6 uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2523
#7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436
#8 reaper+0x19a sys/kern/kern_exit.c:448
#9 proc_trampoline+0x1c
Process 38401 (syz-executor.0) thread 0xffff80002d07e2a8 (399709)
exclusive rwlock netlock r = 0 (0xffffffff8292fbb0)
#0 witness_lock+0x44d
#1 sosend+0x500 sys/kern/uipc_socket.c:632
#2 sendit+0x65d sys/kern/uipc_syscalls.c:694
#3 sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
#4 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#4 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
#5 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10179 6408K 6419K 78643K 11269 0
pcb 13 8K 8K 78643K 13 0
rtable 234 6K 6K 78643K 423 0
ifaddr 82 16K 16K 78643K 84 0
counters 56 35K 35K 78643K 56 0
ioctlops 0 0K 2K 78643K 35 0
iov 0 0K 16K 78643K 89 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1270 79K 79K 78643K 1298 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 76 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 24 89K 121K 78643K 360 0
proc 56 78K 103K 78643K 463 0
subproc 104 6K 6K 78643K 104 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 3 0
in_multi 99 6K 6K 78643K 105 0
ether_multi 1 0K 0K 78643K 4 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 55 254K 254K 78643K 55 0
exec 0 0K 2K 78643K 630 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 62K 78643K 8 0
UVM amap 239 78K 83K 78643K 3686 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 9 0
NDP 11 0K 2K 78643K 27 0
temp 99 4719K 4783K 78643K 4026 0
kqueue 12 18K 22K 78643K 35 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 55 0 52 1 0 1 1 0 8 0
rtentry 112 111 0 1 4 0 4 4 0 8 0
unpcb 144 287 0 271 1 0 1 1 0 8 0
syncache 296 11 0 11 2 1 1 1 0 8 1
tcpqe 32 52 0 52 1 0 1 1 0 8 1
tcpcb 768 184 0 156 7 0 7 7 0 8 4
arp 120 18 0 0 1 0 1 1 0 8 0
ipq 40 2 0 0 1 0 1 1 0 8 0
ipqe 40 7 0 5 1 0 1 1 0 8 0
inpcb 368 289 0 276 4 0 4 4 0 8 2
nd6 48 24 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 452 0 0 29 0 29 29 0 8 0
art_table 32 453 0 0 4 0 4 4 0 8 0
art_node 16 110 0 10 1 0 1 1 0 8 0
sysvmsgpl 40 16 0 16 1 0 1 1 0 8 1
semapl 112 74 0 64 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1751 0 321 90 0 90 90 0 8 0
ffsino 272 1751 0 321 96 0 96 96 0 8 0
nchpl 144 2330 0 656 63 0 63 63 0 8 0
uvmvnodes 80 1864 0 0 39 0 39 39 0 8 0
vnodes 216 1864 0 0 104 0 104 104 0 8 0
namei 1024 7830 0 7830 2 1 1 2 0 8 1
percpumem 16 40 0 0 1 0 1 1 0 8 0
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 6792 0 6792 2 1 1 2 0 8 1
plimitpl 152 71 0 48 1 0 1 1 0 8 0
sigapl 424 645 0 590 7 0 7 7 0 8 0
futexpl 64 2387 0 2385 1 0 1 1 0 8 0
knotepl 120 108 0 0 4 0 4 4 0 8 0
kqueuepl 216 60 0 51 1 0 1 1 0 8 0
pipepl 320 225 0 197 8 0 8 8 0 8 5
fdescpl 496 627 0 592 7 1 6 6 0 8 1
filepl 152 3416 0 3174 15 0 15 15 0 8 5
lockfpl 104 18 0 16 1 0 1 1 0 8 0
lockfspl 48 10 0 8 1 0 1 1 0 8 0
sessionpl 144 23 0 7 1 0 1 1 0 8 0
pgrppl 48 23 0 7 1 0 1 1 0 8 0
ucredpl 104 277 0 259 1 0 1 1 0 8 0
zombiepl 144 592 0 590 1 0 1 1 0 8 0
processpl 1064 645 0 590 5 0 5 5 0 8 1
procpl 672 1162 0 1086 8 0 8 8 0 8 0
sosppl 168 6 0 6 1 0 1 1 0 8 1
sockpl 488 667 0 635 8 0 8 8 0 8 4
mcl64k 65536 7 0 0 1 0 1 1 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl12k 12288 5 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 7 0 0 1 0 1 1 0 8 0
mcl4k 4096 8 0 0 1 0 1 1 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 268 0 0 33 0 33 33 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 386 0 0 24 0 24 24 0 8 0
bufpl 288 3822 0 128 264 0 264 264 0 8 0
anonpl 24 111324 0 99434 103 3 100 100 0 186 21
amapchunkpl 152 9179 0 8535 29 0 29 29 0 158 1
amappl16 200 1719 0 1379 31 1 30 30 0 8 10
amappl15 192 173 0 165 1 0 1 1 0 8 0
amappl14 184 108 0 100 1 0 1 1 0 8 0
amappl13 176 79 0 78 1 0 1 1 0 8 0
amappl12 168 104 0 95 1 0 1 1 0 8 0
amappl11 160 79 0 65 1 0 1 1 0 8 0
amappl10 152 56 0 53 1 0 1 1 0 8 0
amappl9 144 524 0 518 1 0 1 1 0 8 0
amappl8 136 574 0 524 2 0 2 2 0 8 0
amappl7 128 115 0 97 1 0 1 1 0 8 0
amappl6 120 221 0 206 2 1 1 2 0 8 0
amappl5 112 240 0 221 1 0 1 1 0 8 0
amappl4 104 860 0 830 2 0 2 2 0 8 0
amappl3 96 1390 0 1325 2 0 2 2 0 8 0
amappl2 88 503 0 464 2 0 2 2 0 8 0
amappl1 80 16922 0 16203 19 2 17 19 0 8 1
amappl 88 3237 0 3067 6 1 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 628 0 592 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 628 0 592 1 0 1 1 0 8 0
vmmpekpl 168 9929 0 9876 3 0 3 3 0 8 0
vmmpepl 168 63113 0 60423 135 0 135 135 0 357 13
vmsppl 368 627 0 592 4 0 4 4 0 8 0
rwobjpl 56 18789 0 15612 49 0 49 49 0 8 1
pdppl 4096 1263 0 1184 114 33 81 93 0 8 2
pvpl 32 320490 0 303632 251 6 245 250 0 265 94
pmappl 248 627 0 592 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 671 0 36 19 0 19 19 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82933ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:651
comcnputc(800,3a) at comcnputc+0x97 sys/dev/ic/com.c:1259
cnputc(3a) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(3a) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6ac sys/kern/subr_prf.c:724
db_printf(ffffffff8261ba78) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff825a1bd6) at panic+0xd7 sys/kern/subr_prf.c:216
__assert(ffffffff82619795,ffffffff826448c7,9b6,ffffffff825d77c8) at __assert+0x25 sys/kern/subr_prf.c:157
uvm_map_teardown(fffffd80759a4b98) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2488
uvmspace_free(fffffd80759a4b98) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436
reaper(ffff800021233508) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: 1
ddb{0}> trace
x86_ipi_db(ffffffff82933ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:651
comcnputc(800,3a) at comcnputc+0x97 sys/dev/ic/com.c:1259
cnputc(3a) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(3a) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6ac sys/kern/subr_prf.c:724
db_printf(ffffffff8261ba78) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff825a1bd6) at panic+0xd7 sys/kern/subr_prf.c:216
__assert(ffffffff82619795,ffffffff826448c7,9b6,ffffffff825d77c8) at __assert+0x25 sys/kern/subr_prf.c:157
uvm_map_teardown(fffffd80759a4b98) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2488
uvmspace_free(fffffd80759a4b98) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436
reaper(ffff800021233508) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000c2e628) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd807b208030,fffffd80763f8c00,0,fffffd80763f8700) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff80002d07e2a8,3,ffff80002e4aba40,0,ffff80002e4abb30) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff80002d07e2a8,ffff80002e4abae8,ffff80002e4abb30) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff80002e4abbb0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002e4abbb0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4de36937ec0, count: 6
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000c2e628) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd807b208030,fffffd80763f8c00,0,fffffd80763f8700) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff80002d07e2a8,3,ffff80002e4aba40,0,ffff80002e4abb30) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff80002d07e2a8,ffff80002e4abae8,ffff80002e4abb30) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff80002e4abbb0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002e4abbb0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4de36937ec0, count: -9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 8ffe6ae0af63 Adjust desired output after tbl_term.c rev. 1..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=128b524d080000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=e859fd353c90eeac26f8
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e859fd...@syzkaller.appspotmail.com
panic: tcp_ouptapunit
cStopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*399709 38401 32767 0x10 0x4000000 1 syz-executor.0
324511 22286 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000c2e628) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd807b208030,fffffd80763f8c00,0,fffffd80763f8700) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff80002d07e2a8,3,ffff80002e4aba40,0,ffff80002e4abb30) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff80002d07e2a8,ffff80002e4abae8,ffff80002e4abb30) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff80002e4abbb0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002e4abbb0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4de36937ec0, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_map.c", line 2486
*cpu1: tcp_output
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000c2e628) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd807b208030,fffffd80763f8c00,0,fffffd80763f8700) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff80002d07e2a8,3,ffff80002e4aba40,0,ffff80002e4abb30) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff80002d07e2a8,ffff80002e4abae8,ffff80002e4abb30) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff80002e4abbb0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002e4abbb0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4de36937ec0, count: -9
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002e4ab520
rbx 0xffff800020dd9b8f
rdx 0xffff800000bd1240
rcx 0
rax 0xffff80002d07e2a8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x540f0505db77b548
r11 0x1e310a9952814052
r12 0xffff800020dd9990
r13 0
r14 0
r15 0x1
rip 0xffffffff823fc058 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002e4ab510
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.0) pid=399709 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=77, nice=20
forw=0xffffffffffffffff, list=0xffff80002d07e008,0xffff80002d07f278
process=0xffff8000ffff2158 user=0xffff80002e4a6000, vmspace=0xfffffd806c955460
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
62685 496049 35496 32767 2 0x10 syz-executor.7
38401 84732 41064 32767 2 0x10 syz-executor.0
*38401 399709 41064 32767 7 0x4000010 syz-executor.0
45174 342436 72388 32767 2 0x10 syz-executor.1
45174 409350 72388 32767 2 0x4000010 syz-executor.1
29604 81629 32056 32767 2 0x10 syz-executor.5
29604 154458 32056 32767 3 0x4000090 fsleep syz-executor.5
97173 288747 85444 32767 2 0x10 syz-executor.3
17917 307516 12339 32767 2 0x10 syz-executor.2
17917 344987 12339 32767 3 0x4000090 fsleep syz-executor.2
19897 336724 0 0 3 0x14200 bored sosplice
35496 336043 28053 32767 3 0x90 nanoslp syz-executor.7
53365 325337 19734 32767 3 0x90 nanoslp syz-executor.6
19734 493653 28041 0 3 0x82 wait syz-executor.6
28053 509498 28041 0 3 0x82 wait syz-executor.7
85444 234162 21323 32767 3 0x90 nanoslp syz-executor.3
26642 288423 45035 32767 3 0x90 nanoslp syz-executor.4
45035 241826 28041 0 3 0x82 wait syz-executor.4
32056 224309 6380 32767 3 0x90 nanoslp syz-executor.5
72388 332406 79319 32767 3 0x90 nanoslp syz-executor.1
6380 441890 28041 0 3 0x82 wait syz-executor.5
21323 13518 28041 0 3 0x82 wait syz-executor.3
79319 444849 28041 0 3 0x82 wait syz-executor.1
12339 163322 58874 32767 3 0x90 nanoslp syz-executor.2
41064 494820 31662 32767 3 0x90 nanoslp syz-executor.0
58874 268902 28041 0 3 0x82 wait syz-executor.2
31662 3018 28041 0 3 0x82 wait syz-executor.0
28041 420080 76077 0 3 0x82 wait syz-fuzzer
28041 118285 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 92053 76077 0 3 0x4000082 wait syz-fuzzer
28041 238445 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 39637 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 492809 76077 0 3 0x4000082 wait syz-fuzzer
28041 256605 76077 0 3 0x4000082 wait syz-fuzzer
28041 453869 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 51286 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 165573 76077 0 3 0x4000082 wait syz-fuzzer
28041 169850 76077 0 3 0x4000082 wait syz-fuzzer
28041 365737 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 285100 76077 0 3 0x4000082 wait syz-fuzzer
28041 76383 76077 0 3 0x4000082 wait syz-fuzzer
28041 216348 76077 0 3 0x4000082 thrsleep syz-fuzzer
28041 367935 76077 0 3 0x4000082 kqread syz-fuzzer
76077 256095 16891 0 3 0x10008a sigsusp ksh
16891 397768 27293 0 3 0x9a kqread sshd
15345 169711 1 0 3 0x100083 ttyin getty
27293 233573 1 0 3 0x88 kqread sshd
75398 329452 30516 73 3 0x1100090 kqread syslogd
30516 112963 1 0 3 0x100082 netio syslogd
19016 76924 1 0 3 0x100080 kqread resolvd
17599 142481 55876 77 3 0x100092 kqread dhcpleased
39199 276537 55876 77 3 0x100092 kqread dhcpleased
55876 203219 1 0 3 0x80 kqread dhcpleased
82862 194166 0 0 3 0x14200 bored smr
33648 354450 0 0 2 0x14200 zerothread
50920 408735 0 0 3 0x14200 aiodoned aiodoned
16147 253014 0 0 3 0x14200 syncer update
59972 220062 0 0 3 0x14200 cleaner cleaner
22286 324511 0 0 7 0x14200 reaper
56178 471467 0 0 3 0x14200 pgdaemon pagedaemon
51531 397341 0 0 3 0x14200 bored viomb
79414 408463 0 0 3 0x40014200 acpi0 acpi0
58708 168815 0 0 3 0x40014200 idle1
35043 168711 0 0 3 0x14200 bored softnet
40955 52304 0 0 3 0x14200 bored softnet
14413 133998 0 0 3 0x14200 bored softnet
77970 168288 0 0 3 0x14200 bored softnet
92979 114504 0 0 3 0x14200 bored systqmp
560 445423 0 0 3 0x14200 bored systq
41400 494760 0 0 3 0x40014200 bored softclock
76805 136944 0 0 3 0x40014200 idle0
1 345848 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex pvpl r = 0 (0xffffffff82a0c500)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pool_put+0x80 sys/kern/subr_pool.c:797
#4 pmap_do_remove+0x607 sys/arch/amd64/amd64/pmap.c:1878
#5 uvm_unmap_kill_entry_withlock+0x1af sys/uvm/uvm_map.c:1891
#6 uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
#6 uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2523
#7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436
#8 reaper+0x19a sys/kern/kern_exit.c:448
#9 proc_trampoline+0x1c
Process 38401 (syz-executor.0) thread 0xffff80002d07e2a8 (399709)
exclusive rwlock netlock r = 0 (0xffffffff8292fbb0)
#0 witness_lock+0x44d
#1 sosend+0x500 sys/kern/uipc_socket.c:632
#2 sendit+0x65d sys/kern/uipc_syscalls.c:694
#3 sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
#4 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#4 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
#5 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10179 6408K 6419K 78643K 11269 0
pcb 13 8K 8K 78643K 13 0
rtable 234 6K 6K 78643K 423 0
ifaddr 82 16K 16K 78643K 84 0
counters 56 35K 35K 78643K 56 0
ioctlops 0 0K 2K 78643K 35 0
iov 0 0K 16K 78643K 89 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1270 79K 79K 78643K 1298 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 76 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 24 89K 121K 78643K 360 0
proc 56 78K 103K 78643K 463 0
subproc 104 6K 6K 78643K 104 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 3 0
in_multi 99 6K 6K 78643K 105 0
ether_multi 1 0K 0K 78643K 4 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 55 254K 254K 78643K 55 0
exec 0 0K 2K 78643K 630 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 62K 78643K 8 0
UVM amap 239 78K 83K 78643K 3686 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 9 0
NDP 11 0K 2K 78643K 27 0
temp 99 4719K 4783K 78643K 4026 0
kqueue 12 18K 22K 78643K 35 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 55 0 52 1 0 1 1 0 8 0
rtentry 112 111 0 1 4 0 4 4 0 8 0
unpcb 144 287 0 271 1 0 1 1 0 8 0
syncache 296 11 0 11 2 1 1 1 0 8 1
tcpqe 32 52 0 52 1 0 1 1 0 8 1
tcpcb 768 184 0 156 7 0 7 7 0 8 4
arp 120 18 0 0 1 0 1 1 0 8 0
ipq 40 2 0 0 1 0 1 1 0 8 0
ipqe 40 7 0 5 1 0 1 1 0 8 0
inpcb 368 289 0 276 4 0 4 4 0 8 2
nd6 48 24 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 452 0 0 29 0 29 29 0 8 0
art_table 32 453 0 0 4 0 4 4 0 8 0
art_node 16 110 0 10 1 0 1 1 0 8 0
sysvmsgpl 40 16 0 16 1 0 1 1 0 8 1
semapl 112 74 0 64 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1751 0 321 90 0 90 90 0 8 0
ffsino 272 1751 0 321 96 0 96 96 0 8 0
nchpl 144 2330 0 656 63 0 63 63 0 8 0
uvmvnodes 80 1864 0 0 39 0 39 39 0 8 0
vnodes 216 1864 0 0 104 0 104 104 0 8 0
namei 1024 7830 0 7830 2 1 1 2 0 8 1
percpumem 16 40 0 0 1 0 1 1 0 8 0
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 6792 0 6792 2 1 1 2 0 8 1
plimitpl 152 71 0 48 1 0 1 1 0 8 0
sigapl 424 645 0 590 7 0 7 7 0 8 0
futexpl 64 2387 0 2385 1 0 1 1 0 8 0
knotepl 120 108 0 0 4 0 4 4 0 8 0
kqueuepl 216 60 0 51 1 0 1 1 0 8 0
pipepl 320 225 0 197 8 0 8 8 0 8 5
fdescpl 496 627 0 592 7 1 6 6 0 8 1
filepl 152 3416 0 3174 15 0 15 15 0 8 5
lockfpl 104 18 0 16 1 0 1 1 0 8 0
lockfspl 48 10 0 8 1 0 1 1 0 8 0
sessionpl 144 23 0 7 1 0 1 1 0 8 0
pgrppl 48 23 0 7 1 0 1 1 0 8 0
ucredpl 104 277 0 259 1 0 1 1 0 8 0
zombiepl 144 592 0 590 1 0 1 1 0 8 0
processpl 1064 645 0 590 5 0 5 5 0 8 1
procpl 672 1162 0 1086 8 0 8 8 0 8 0
sosppl 168 6 0 6 1 0 1 1 0 8 1
sockpl 488 667 0 635 8 0 8 8 0 8 4
mcl64k 65536 7 0 0 1 0 1 1 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl12k 12288 5 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 7 0 0 1 0 1 1 0 8 0
mcl4k 4096 8 0 0 1 0 1 1 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 268 0 0 33 0 33 33 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 386 0 0 24 0 24 24 0 8 0
bufpl 288 3822 0 128 264 0 264 264 0 8 0
anonpl 24 111324 0 99434 103 3 100 100 0 186 21
amapchunkpl 152 9179 0 8535 29 0 29 29 0 158 1
amappl16 200 1719 0 1379 31 1 30 30 0 8 10
amappl15 192 173 0 165 1 0 1 1 0 8 0
amappl14 184 108 0 100 1 0 1 1 0 8 0
amappl13 176 79 0 78 1 0 1 1 0 8 0
amappl12 168 104 0 95 1 0 1 1 0 8 0
amappl11 160 79 0 65 1 0 1 1 0 8 0
amappl10 152 56 0 53 1 0 1 1 0 8 0
amappl9 144 524 0 518 1 0 1 1 0 8 0
amappl8 136 574 0 524 2 0 2 2 0 8 0
amappl7 128 115 0 97 1 0 1 1 0 8 0
amappl6 120 221 0 206 2 1 1 2 0 8 0
amappl5 112 240 0 221 1 0 1 1 0 8 0
amappl4 104 860 0 830 2 0 2 2 0 8 0
amappl3 96 1390 0 1325 2 0 2 2 0 8 0
amappl2 88 503 0 464 2 0 2 2 0 8 0
amappl1 80 16922 0 16203 19 2 17 19 0 8 1
amappl 88 3237 0 3067 6 1 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 628 0 592 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 628 0 592 1 0 1 1 0 8 0
vmmpekpl 168 9929 0 9876 3 0 3 3 0 8 0
vmmpepl 168 63113 0 60423 135 0 135 135 0 357 13
vmsppl 368 627 0 592 4 0 4 4 0 8 0
rwobjpl 56 18789 0 15612 49 0 49 49 0 8 1
pdppl 4096 1263 0 1184 114 33 81 93 0 8 2
pvpl 32 320490 0 303632 251 6 245 250 0 265 94
pmappl 248 627 0 592 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 671 0 36 19 0 19 19 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82933ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:651
comcnputc(800,3a) at comcnputc+0x97 sys/dev/ic/com.c:1259
cnputc(3a) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(3a) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6ac sys/kern/subr_prf.c:724
db_printf(ffffffff8261ba78) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff825a1bd6) at panic+0xd7 sys/kern/subr_prf.c:216
__assert(ffffffff82619795,ffffffff826448c7,9b6,ffffffff825d77c8) at __assert+0x25 sys/kern/subr_prf.c:157
uvm_map_teardown(fffffd80759a4b98) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2488
uvmspace_free(fffffd80759a4b98) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436
reaper(ffff800021233508) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: 1
ddb{0}> trace
x86_ipi_db(ffffffff82933ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:651
comcnputc(800,3a) at comcnputc+0x97 sys/dev/ic/com.c:1259
cnputc(3a) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(3a) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6ac sys/kern/subr_prf.c:724
db_printf(ffffffff8261ba78) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff825a1bd6) at panic+0xd7 sys/kern/subr_prf.c:216
__assert(ffffffff82619795,ffffffff826448c7,9b6,ffffffff825d77c8) at __assert+0x25 sys/kern/subr_prf.c:157
uvm_map_teardown(fffffd80759a4b98) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2488
uvmspace_free(fffffd80759a4b98) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436
reaper(ffff800021233508) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000c2e628) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd807b208030,fffffd80763f8c00,0,fffffd80763f8700) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff80002d07e2a8,3,ffff80002e4aba40,0,ffff80002e4abb30) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff80002d07e2a8,ffff80002e4abae8,ffff80002e4abb30) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff80002e4abbb0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002e4abbb0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4de36937ec0, count: 6
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000c2e628) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd807b208030,fffffd80763f8c00,0,fffffd80763f8700) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd807b208030,0,ffff80002e4ab8c0,0,fffffd80763f8700,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff80002d07e2a8,3,ffff80002e4aba40,0,ffff80002e4abb30) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff80002d07e2a8,ffff80002e4abae8,ffff80002e4abb30) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff80002e4abbb0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002e4abbb0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4de36937ec0, count: -9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Greg Steuck
Aug 28, 2022, 11:57:57 PM8/28/22
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: panic: tcp_output
--
You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/000000000000712fd505e7536c9b%40google.com.
--
nest.cx is Gmail hosted, use PGP: https://pgp.key-server.io/0x0B1542BD8DF5A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Reply all
Reply to author
Forward
0 new messages