panic: tcp_opuatpniuct
0 views
Skip to first unread message
syzbot
Aug 28, 2022, 6:04:29 PM8/28/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 8ffe6ae0af63 Adjust desired output after tbl_term.c rev. 1..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=127c3a83080000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=e8baa0aa39f6c60da041
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e8baa0...@syzkaller.appspotmail.com
panic: tcp_opuatpniuct
: Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*384724 35961 32767 0x10 0x4000000 1 syz-executor.0
243379 9876 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000d0e470) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd806a87a1f8,fffffd80695a7200,fffffd806f6c3f00,fffffd807ae0d300) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff8000ffff57a8,3,ffff800025fd8680,0,ffff800025fd8770) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff8000ffff57a8,ffff800025fd8728,ffff800025fd8770) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff800025fd87f0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800025fd87f0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7d209a67d0, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_map.c", line 2486
*cpu1: tcp_output
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000d0e470) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd806a87a1f8,fffffd80695a7200,fffffd806f6c3f00,fffffd807ae0d300) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff8000ffff57a8,3,ffff800025fd8680,0,ffff800025fd8770) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff8000ffff57a8,ffff800025fd8728,ffff800025fd8770) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff800025fd87f0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800025fd87f0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7d209a67d0, count: -9
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800025fd8160
rbx 0xffff800020dd9b8f
rdx 0xffff800000bb9200
rcx 0
rax 0xffff8000ffff57a8
r8 0x101010101010101
r9 0x8080808080808080
r10 0xddc87fa6ab56fe35
r11 0x9ee202081ea97298
r12 0xffff800020dd9990
r13 0
r14 0
r15 0x1
rip 0xffffffff823fc058 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800025fd8150
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.0) pid=384724 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff3270,0xffff800021233a58
process=0xffff8000262194e0 user=0xffff800025fd3000, vmspace=0xfffffd806c7a6740
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
61818 411406 4140 32767 2 0x10 syz-executor.1
99847 222100 20039 32767 2 0x10 syz-executor.2
88129 422927 80215 32767 2 0x10 syz-executor.5
88129 45469 80215 32767 3 0x4000090 fsleep syz-executor.5
35961 27774 77683 32767 2 0x10 syz-executor.0
*35961 384724 77683 32767 7 0x4000010 syz-executor.0
58854 160354 52133 32767 3 0x90 nanoslp syz-executor.7
52133 478750 65918 0 3 0x82 wait syz-executor.7
13684 371630 10081 32767 3 0x90 nanoslp syz-executor.6
10081 49723 65918 0 3 0x82 wait syz-executor.6
77196 253090 66213 32767 3 0x90 piperd syz-executor.4
66213 41923 65918 0 3 0x82 wait syz-executor.4
9783 411126 0 0 3 0x14200 bored sosplice
80215 97046 87297 32767 3 0x90 nanoslp syz-executor.5
28827 171873 4905 32767 3 0x90 nanoslp syz-executor.3
87297 506259 65918 0 3 0x82 wait syz-executor.5
4905 175125 65918 0 3 0x82 wait syz-executor.3
20039 50505 21984 32767 3 0x90 nanoslp syz-executor.2
21984 457169 65918 0 3 0x82 wait syz-executor.2
4140 309262 53958 32767 3 0x90 nanoslp syz-executor.1
53958 12620 65918 0 3 0x82 wait syz-executor.1
77683 353419 30878 32767 2 0x10 syz-executor.0
30878 35912 65918 0 3 0x82 wait syz-executor.0
65918 416871 26790 0 3 0x82 wait syz-fuzzer
65918 124992 26790 0 3 0x4000082 nanoslp syz-fuzzer
65918 241990 26790 0 3 0x4000082 thrsleep syz-fuzzer
65918 307982 26790 0 3 0x4000082 wait syz-fuzzer
65918 237597 26790 0 3 0x4000082 thrsleep syz-fuzzer
65918 72948 26790 0 3 0x4000082 thrsleep syz-fuzzer
65918 371407 26790 0 3 0x4000082 wait syz-fuzzer
65918 218271 26790 0 3 0x4000082 thrsleep syz-fuzzer
65918 91754 26790 0 3 0x4000082 thrsleep syz-fuzzer
65918 385266 26790 0 3 0x4000082 wait syz-fuzzer
65918 345854 26790 0 3 0x4000082 wait syz-fuzzer
65918 34019 26790 0 3 0x4000082 kqread syz-fuzzer
65918 31988 26790 0 3 0x4000082 wait syz-fuzzer
65918 443166 26790 0 3 0x4000082 wait syz-fuzzer
65918 275806 26790 0 3 0x4000082 wait syz-fuzzer
65918 259775 26790 0 3 0x4000082 thrsleep syz-fuzzer
26790 166969 87635 0 3 0x10008a sigsusp ksh
87635 66349 56412 0 3 0x9a kqread sshd
2412 402880 1 0 3 0x100083 ttyin getty
56412 36621 1 0 3 0x88 kqread sshd
32265 506240 48004 73 3 0x1100090 kqread syslogd
48004 161177 1 0 3 0x100082 netio syslogd
69560 290936 1 0 3 0x100080 kqread resolvd
64778 408923 68885 77 3 0x100092 kqread dhcpleased
67240 474287 68885 77 3 0x100092 kqread dhcpleased
68885 250301 1 0 3 0x80 kqread dhcpleased
87153 79271 0 0 3 0x14200 bored smr
28011 62956 0 0 2 0x14200 zerothread
8787 207159 0 0 3 0x14200 aiodoned aiodoned
51998 309203 0 0 3 0x14200 syncer update
34140 95537 0 0 3 0x14200 cleaner cleaner
9876 243379 0 0 7 0x14200 reaper
55837 242987 0 0 3 0x14200 pgdaemon pagedaemon
72573 53016 0 0 3 0x14200 bored viomb
92501 320311 0 0 3 0x40014200 acpi0 acpi0
80993 307138 0 0 3 0x40014200 idle1
71867 54092 0 0 3 0x14200 bored softnet
23334 214624 0 0 3 0x14200 bored softnet
18594 346832 0 0 3 0x14200 bored softnet
57350 421316 0 0 3 0x14200 bored softnet
9744 103423 0 0 3 0x14200 bored systqmp
15608 90704 0 0 3 0x14200 bored systq
44337 104211 0 0 3 0x40014200 bored softclock
70379 376083 0 0 3 0x40014200 idle0
1 334196 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive kernel: protection fault trap, code=0
Faulted in DDB; continuing...
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10209 6412K 6419K 78643K 11328 0
pcb 13 16K 18K 78643K 19 0
rtable 236 6K 7K 78643K 1161 0
ifaddr 82 17K 17K 78643K 149 0
sysctl 3 1K 1K 78643K 3 0
counters 56 35K 35K 78643K 74 0
ioctlops 0 0K 2K 78643K 188 0
iov 0 0K 20K 78643K 1197 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1271 79K 79K 78643K 2337 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 126 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 1625 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 22 81K 121K 78643K 7812 0
sigio 0 0K 0K 78643K 53 0
proc 56 78K 115K 78643K 1444 0
subproc 104 6K 6K 78643K 221 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 1 0K 0K 78643K 517 0
in_multi 99 6K 7K 78643K 291 0
ether_multi 1 0K 0K 78643K 48 0
mrt 2 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 235 1049K 1049K 78643K 235 0
exec 0 0K 2K 78643K 2074 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 62K 78643K 8 0
UVM amap 324 89K 102K 78643K 48659 0
UVM aobj 131 4K 4K 78643K 139 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 188 0
NDP 11 0K 2K 78643K 54 0
temp 124 4726K 4854K 78643K 22618 0
kqueue 12 18K 27K 78643K 839 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 554 0 551 6 5 1 3 0 8 0
rtentry 112 216 0 105 4 0 4 4 0 8 0
unpcb 144 8389 0 8376 85 76 9 11 0 8 8
syncache 296 77 0 77 16 16 0 1 0 8 0
tcpqe 32 171 0 171 10 10 0 1 0 8 0
tcpcb 768 3525 0 3511 99 95 4 14 0 8 1
arp 120 39 0 20 1 0 1 1 0 8 0
ipq 40 3 0 3 2 2 0 1 0 8 0
ipqe 40 42 0 42 2 2 0 1 0 8 0
inpcb 368 14112 0 14092 143 135 8 20 0 8 4
nd6 48 54 0 30 1 0 1 1 0 8 0
kcovpl 48 17 0 9 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 881 0 425 31 2 29 30 0 8 0
art_table 32 882 0 425 4 0 4 4 0 8 0
art_node 16 215 0 114 1 0 1 1 0 8 0
sysvmsgpl 40 28 0 9 1 0 1 1 0 8 0
semapl 112 1623 0 1613 1 0 1 1 0 8 0
shmpl 112 136 0 8 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 11404 0 9952 92 0 92 92 0 8 0
ffsino 272 11404 0 9952 98 0 98 98 0 8 0
nchpl 144 21764 0 20126 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 73580 0 73580 4 3 1 2 0 8 1
percpumem 16 49 0 9 1 0 1 1 0 8 0
kstatmem 264 40 0 18 2 0 2 2 0 8 0
scxspl 216 63139 0 63139 28 27 1 8 0 8 1
plimitpl 152 1470 0 1448 5 4 1 2 0 8 0
sigapl 424 8081 0 8027 7 0 7 7 0 8 0
futexpl 64 69722 0 69721 1 0 1 1 0 8 0
knotepl 120 823 0 0 18 1 17 17 0 8 0
kqueuepl 216 3157 0 3149 54 45 9 10 0 8 8
pipepl 320 3952 0 3924 76 68 8 13 0 8 5
fdescpl 496 8063 0 8030 6 1 5 6 0 8 0
filepl 152 64213 0 63977 105 87 18 24 0 8 8
lockfpl 104 1072 0 1070 2 1 1 2 0 8 0
lockfspl 48 296 0 294 1 0 1 1 0 8 0
sessionpl 144 32 0 16 1 0 1 1 0 8 0
pgrppl 48 598 0 582 1 0 1 1 0 8 0
ucredpl 104 7429 0 7411 1 0 1 1 0 8 0
zombiepl 144 8030 0 8027 1 0 1 1 0 8 0
processpl 1064 8081 0 8027 5 1 4 5 0 8 0
procpl 672 23457 0 23381 18 9 9 9 0 8 2
sosppl 168 131 0 130 9 8 1 1 0 8 0
sockpl 488 23381 0 23348 524 509 15 37 0 8 8
mcl64k 65536 18 0 0 3 0 3 3 0 8 0
mcl16k 16384 31 0 0 4 1 3 3 0 8 0
mcl12k 12288 25 0 0 2 0 2 2 0 8 0
mcl9k 9216 17 0 0 2 0 2 2 0 8 0
mcl8k 8192 33 0 0 4 1 3 3 0 8 0
mcl4k 4096 49 0 0 5 1 4 5 0 8 0
mcl2k2 2112 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 298 0 0 31 2 29 31 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 592 0 0 29 0 29 29 0 8 0
bufpl 288 16051 0 9724 453 0 453 453 0 8 0
anonpl 24 1651508 0 1640003 217 113 104 108 0 186 10
amapchunkpl 152 140738 0 140131 73 40 33 38 0 158 5
amappl16 200 26172 0 25793 146 117 29 33 0 8 8
amappl15 192 2178 0 2169 1 0 1 1 0 8 0
amappl14 184 972 0 964 1 0 1 1 0 8 0
amappl13 176 1118 0 1114 1 0 1 1 0 8 0
amappl12 168 1393 0 1386 1 0 1 1 0 8 0
amappl11 160 113 0 97 1 0 1 1 0 8 0
amappl10 152 918 0 910 1 0 1 1 0 8 0
amappl9 144 1504 0 1501 1 0 1 1 0 8 0
amappl8 136 2385 0 2248 6 1 5 5 0 8 0
amappl7 128 1530 0 1509 1 0 1 1 0 8 0
amappl6 120 1299 0 1281 2 1 1 2 0 8 0
amappl5 112 7764 0 7742 1 0 1 1 0 8 0
amappl4 104 2131 0 2094 2 0 2 2 0 8 0
amappl3 96 25730 0 25675 2 0 2 2 0 8 0
amappl2 88 1891 0 1850 2 0 2 2 0 8 0
amappl1 80 201234 0 200542 26 9 17 19 0 8 1
amappl 88 47624 0 47451 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 138 0 8 3 0 3 3 0 8 0
uaddrrnd 24 8064 0 8030 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 8064 0 8030 1 0 1 1 0 8 0
vmmpekpl 168 76094 0 76027 4 0 4 4 0 8 0
vmmpepl 168 796029 0 793333 220 82 138 140 0 357 9
vmsppl 368 8063 0 8030 4 0 4 4 0 8 0
rwobjpl 56 205858 0 198385 117 8 109 109 0 8 0
pdppl 4096 16135 0 16060 258 177 81 95 0 8 6
pvpl 32 3072608 0 3056074 405 222 183 252 0 265 18
pmappl 248 8063 0 8030 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1166 0 324 25 0 25 25 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82933ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:651
comcnputc(800,20) at comcnputc+0x1a7 sys/dev/ic/com.c:1269
cnputc(20) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(6b) at db_putchar+0x34a db_force_whitespace sys/ddb/db_output.c:96 [inline]
db_putchar(6b) at db_putchar+0x34a sys/ddb/db_output.c:153
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1064
db_printf(ffffffff8261ba78) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff825a1bd6) at panic+0xd7 sys/kern/subr_prf.c:216
__assert(ffffffff82619795,ffffffff826448c7,9b6,ffffffff825d77c8) at __assert+0x25 sys/kern/subr_prf.c:157
uvm_map_teardown(fffffd80695105d8) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2488
uvmspace_free(fffffd80695105d8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436
reaper(ffff800021232fc8) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: 1
ddb{0}> trace
x86_ipi_db(ffffffff82933ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:651
comcnputc(800,20) at comcnputc+0x1a7 sys/dev/ic/com.c:1269
cnputc(20) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(6b) at db_putchar+0x34a db_force_whitespace sys/ddb/db_output.c:96 [inline]
db_putchar(6b) at db_putchar+0x34a sys/ddb/db_output.c:153
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1064
db_printf(ffffffff8261ba78) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff825a1bd6) at panic+0xd7 sys/kern/subr_prf.c:216
__assert(ffffffff82619795,ffffffff826448c7,9b6,ffffffff825d77c8) at __assert+0x25 sys/kern/subr_prf.c:157
uvm_map_teardown(fffffd80695105d8) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2488
uvmspace_free(fffffd80695105d8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436
reaper(ffff800021232fc8) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000d0e470) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd806a87a1f8,fffffd80695a7200,fffffd806f6c3f00,fffffd807ae0d300) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff8000ffff57a8,3,ffff800025fd8680,0,ffff800025fd8770) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff8000ffff57a8,ffff800025fd8728,ffff800025fd8770) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff800025fd87f0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800025fd87f0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7d209a67d0, count: 6
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000d0e470) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd806a87a1f8,fffffd80695a7200,fffffd806f6c3f00,fffffd807ae0d300) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff8000ffff57a8,3,ffff800025fd8680,0,ffff800025fd8770) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff8000ffff57a8,ffff800025fd8728,ffff800025fd8770) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff800025fd87f0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800025fd87f0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7d209a67d0, count: -9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 8ffe6ae0af63 Adjust desired output after tbl_term.c rev. 1..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=127c3a83080000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=e8baa0aa39f6c60da041
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e8baa0...@syzkaller.appspotmail.com
panic: tcp_opuatpniuct
: Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*384724 35961 32767 0x10 0x4000000 1 syz-executor.0
243379 9876 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000d0e470) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd806a87a1f8,fffffd80695a7200,fffffd806f6c3f00,fffffd807ae0d300) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff8000ffff57a8,3,ffff800025fd8680,0,ffff800025fd8770) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff8000ffff57a8,ffff800025fd8728,ffff800025fd8770) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff800025fd87f0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800025fd87f0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7d209a67d0, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_map.c", line 2486
*cpu1: tcp_output
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000d0e470) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd806a87a1f8,fffffd80695a7200,fffffd806f6c3f00,fffffd807ae0d300) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff8000ffff57a8,3,ffff800025fd8680,0,ffff800025fd8770) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff8000ffff57a8,ffff800025fd8728,ffff800025fd8770) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff800025fd87f0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800025fd87f0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7d209a67d0, count: -9
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800025fd8160
rbx 0xffff800020dd9b8f
rdx 0xffff800000bb9200
rcx 0
rax 0xffff8000ffff57a8
r8 0x101010101010101
r9 0x8080808080808080
r10 0xddc87fa6ab56fe35
r11 0x9ee202081ea97298
r12 0xffff800020dd9990
r13 0
r14 0
r15 0x1
rip 0xffffffff823fc058 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800025fd8150
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.0) pid=384724 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff3270,0xffff800021233a58
process=0xffff8000262194e0 user=0xffff800025fd3000, vmspace=0xfffffd806c7a6740
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
61818 411406 4140 32767 2 0x10 syz-executor.1
99847 222100 20039 32767 2 0x10 syz-executor.2
88129 422927 80215 32767 2 0x10 syz-executor.5
88129 45469 80215 32767 3 0x4000090 fsleep syz-executor.5
35961 27774 77683 32767 2 0x10 syz-executor.0
*35961 384724 77683 32767 7 0x4000010 syz-executor.0
58854 160354 52133 32767 3 0x90 nanoslp syz-executor.7
52133 478750 65918 0 3 0x82 wait syz-executor.7
13684 371630 10081 32767 3 0x90 nanoslp syz-executor.6
10081 49723 65918 0 3 0x82 wait syz-executor.6
77196 253090 66213 32767 3 0x90 piperd syz-executor.4
66213 41923 65918 0 3 0x82 wait syz-executor.4
9783 411126 0 0 3 0x14200 bored sosplice
80215 97046 87297 32767 3 0x90 nanoslp syz-executor.5
28827 171873 4905 32767 3 0x90 nanoslp syz-executor.3
87297 506259 65918 0 3 0x82 wait syz-executor.5
4905 175125 65918 0 3 0x82 wait syz-executor.3
20039 50505 21984 32767 3 0x90 nanoslp syz-executor.2
21984 457169 65918 0 3 0x82 wait syz-executor.2
4140 309262 53958 32767 3 0x90 nanoslp syz-executor.1
53958 12620 65918 0 3 0x82 wait syz-executor.1
77683 353419 30878 32767 2 0x10 syz-executor.0
30878 35912 65918 0 3 0x82 wait syz-executor.0
65918 416871 26790 0 3 0x82 wait syz-fuzzer
65918 124992 26790 0 3 0x4000082 nanoslp syz-fuzzer
65918 241990 26790 0 3 0x4000082 thrsleep syz-fuzzer
65918 307982 26790 0 3 0x4000082 wait syz-fuzzer
65918 237597 26790 0 3 0x4000082 thrsleep syz-fuzzer
65918 72948 26790 0 3 0x4000082 thrsleep syz-fuzzer
65918 371407 26790 0 3 0x4000082 wait syz-fuzzer
65918 218271 26790 0 3 0x4000082 thrsleep syz-fuzzer
65918 91754 26790 0 3 0x4000082 thrsleep syz-fuzzer
65918 385266 26790 0 3 0x4000082 wait syz-fuzzer
65918 345854 26790 0 3 0x4000082 wait syz-fuzzer
65918 34019 26790 0 3 0x4000082 kqread syz-fuzzer
65918 31988 26790 0 3 0x4000082 wait syz-fuzzer
65918 443166 26790 0 3 0x4000082 wait syz-fuzzer
65918 275806 26790 0 3 0x4000082 wait syz-fuzzer
65918 259775 26790 0 3 0x4000082 thrsleep syz-fuzzer
26790 166969 87635 0 3 0x10008a sigsusp ksh
87635 66349 56412 0 3 0x9a kqread sshd
2412 402880 1 0 3 0x100083 ttyin getty
56412 36621 1 0 3 0x88 kqread sshd
32265 506240 48004 73 3 0x1100090 kqread syslogd
48004 161177 1 0 3 0x100082 netio syslogd
69560 290936 1 0 3 0x100080 kqread resolvd
64778 408923 68885 77 3 0x100092 kqread dhcpleased
67240 474287 68885 77 3 0x100092 kqread dhcpleased
68885 250301 1 0 3 0x80 kqread dhcpleased
87153 79271 0 0 3 0x14200 bored smr
28011 62956 0 0 2 0x14200 zerothread
8787 207159 0 0 3 0x14200 aiodoned aiodoned
51998 309203 0 0 3 0x14200 syncer update
34140 95537 0 0 3 0x14200 cleaner cleaner
9876 243379 0 0 7 0x14200 reaper
55837 242987 0 0 3 0x14200 pgdaemon pagedaemon
72573 53016 0 0 3 0x14200 bored viomb
92501 320311 0 0 3 0x40014200 acpi0 acpi0
80993 307138 0 0 3 0x40014200 idle1
71867 54092 0 0 3 0x14200 bored softnet
23334 214624 0 0 3 0x14200 bored softnet
18594 346832 0 0 3 0x14200 bored softnet
57350 421316 0 0 3 0x14200 bored softnet
9744 103423 0 0 3 0x14200 bored systqmp
15608 90704 0 0 3 0x14200 bored systq
44337 104211 0 0 3 0x40014200 bored softclock
70379 376083 0 0 3 0x40014200 idle0
1 334196 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive kernel: protection fault trap, code=0
Faulted in DDB; continuing...
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10209 6412K 6419K 78643K 11328 0
pcb 13 16K 18K 78643K 19 0
rtable 236 6K 7K 78643K 1161 0
ifaddr 82 17K 17K 78643K 149 0
sysctl 3 1K 1K 78643K 3 0
counters 56 35K 35K 78643K 74 0
ioctlops 0 0K 2K 78643K 188 0
iov 0 0K 20K 78643K 1197 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1271 79K 79K 78643K 2337 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 126 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 1625 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 22 81K 121K 78643K 7812 0
sigio 0 0K 0K 78643K 53 0
proc 56 78K 115K 78643K 1444 0
subproc 104 6K 6K 78643K 221 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 1 0K 0K 78643K 517 0
in_multi 99 6K 7K 78643K 291 0
ether_multi 1 0K 0K 78643K 48 0
mrt 2 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 235 1049K 1049K 78643K 235 0
exec 0 0K 2K 78643K 2074 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 62K 78643K 8 0
UVM amap 324 89K 102K 78643K 48659 0
UVM aobj 131 4K 4K 78643K 139 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 188 0
NDP 11 0K 2K 78643K 54 0
temp 124 4726K 4854K 78643K 22618 0
kqueue 12 18K 27K 78643K 839 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 554 0 551 6 5 1 3 0 8 0
rtentry 112 216 0 105 4 0 4 4 0 8 0
unpcb 144 8389 0 8376 85 76 9 11 0 8 8
syncache 296 77 0 77 16 16 0 1 0 8 0
tcpqe 32 171 0 171 10 10 0 1 0 8 0
tcpcb 768 3525 0 3511 99 95 4 14 0 8 1
arp 120 39 0 20 1 0 1 1 0 8 0
ipq 40 3 0 3 2 2 0 1 0 8 0
ipqe 40 42 0 42 2 2 0 1 0 8 0
inpcb 368 14112 0 14092 143 135 8 20 0 8 4
nd6 48 54 0 30 1 0 1 1 0 8 0
kcovpl 48 17 0 9 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 881 0 425 31 2 29 30 0 8 0
art_table 32 882 0 425 4 0 4 4 0 8 0
art_node 16 215 0 114 1 0 1 1 0 8 0
sysvmsgpl 40 28 0 9 1 0 1 1 0 8 0
semapl 112 1623 0 1613 1 0 1 1 0 8 0
shmpl 112 136 0 8 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 11404 0 9952 92 0 92 92 0 8 0
ffsino 272 11404 0 9952 98 0 98 98 0 8 0
nchpl 144 21764 0 20126 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 73580 0 73580 4 3 1 2 0 8 1
percpumem 16 49 0 9 1 0 1 1 0 8 0
kstatmem 264 40 0 18 2 0 2 2 0 8 0
scxspl 216 63139 0 63139 28 27 1 8 0 8 1
plimitpl 152 1470 0 1448 5 4 1 2 0 8 0
sigapl 424 8081 0 8027 7 0 7 7 0 8 0
futexpl 64 69722 0 69721 1 0 1 1 0 8 0
knotepl 120 823 0 0 18 1 17 17 0 8 0
kqueuepl 216 3157 0 3149 54 45 9 10 0 8 8
pipepl 320 3952 0 3924 76 68 8 13 0 8 5
fdescpl 496 8063 0 8030 6 1 5 6 0 8 0
filepl 152 64213 0 63977 105 87 18 24 0 8 8
lockfpl 104 1072 0 1070 2 1 1 2 0 8 0
lockfspl 48 296 0 294 1 0 1 1 0 8 0
sessionpl 144 32 0 16 1 0 1 1 0 8 0
pgrppl 48 598 0 582 1 0 1 1 0 8 0
ucredpl 104 7429 0 7411 1 0 1 1 0 8 0
zombiepl 144 8030 0 8027 1 0 1 1 0 8 0
processpl 1064 8081 0 8027 5 1 4 5 0 8 0
procpl 672 23457 0 23381 18 9 9 9 0 8 2
sosppl 168 131 0 130 9 8 1 1 0 8 0
sockpl 488 23381 0 23348 524 509 15 37 0 8 8
mcl64k 65536 18 0 0 3 0 3 3 0 8 0
mcl16k 16384 31 0 0 4 1 3 3 0 8 0
mcl12k 12288 25 0 0 2 0 2 2 0 8 0
mcl9k 9216 17 0 0 2 0 2 2 0 8 0
mcl8k 8192 33 0 0 4 1 3 3 0 8 0
mcl4k 4096 49 0 0 5 1 4 5 0 8 0
mcl2k2 2112 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 298 0 0 31 2 29 31 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 592 0 0 29 0 29 29 0 8 0
bufpl 288 16051 0 9724 453 0 453 453 0 8 0
anonpl 24 1651508 0 1640003 217 113 104 108 0 186 10
amapchunkpl 152 140738 0 140131 73 40 33 38 0 158 5
amappl16 200 26172 0 25793 146 117 29 33 0 8 8
amappl15 192 2178 0 2169 1 0 1 1 0 8 0
amappl14 184 972 0 964 1 0 1 1 0 8 0
amappl13 176 1118 0 1114 1 0 1 1 0 8 0
amappl12 168 1393 0 1386 1 0 1 1 0 8 0
amappl11 160 113 0 97 1 0 1 1 0 8 0
amappl10 152 918 0 910 1 0 1 1 0 8 0
amappl9 144 1504 0 1501 1 0 1 1 0 8 0
amappl8 136 2385 0 2248 6 1 5 5 0 8 0
amappl7 128 1530 0 1509 1 0 1 1 0 8 0
amappl6 120 1299 0 1281 2 1 1 2 0 8 0
amappl5 112 7764 0 7742 1 0 1 1 0 8 0
amappl4 104 2131 0 2094 2 0 2 2 0 8 0
amappl3 96 25730 0 25675 2 0 2 2 0 8 0
amappl2 88 1891 0 1850 2 0 2 2 0 8 0
amappl1 80 201234 0 200542 26 9 17 19 0 8 1
amappl 88 47624 0 47451 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 138 0 8 3 0 3 3 0 8 0
uaddrrnd 24 8064 0 8030 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 8064 0 8030 1 0 1 1 0 8 0
vmmpekpl 168 76094 0 76027 4 0 4 4 0 8 0
vmmpepl 168 796029 0 793333 220 82 138 140 0 357 9
vmsppl 368 8063 0 8030 4 0 4 4 0 8 0
rwobjpl 56 205858 0 198385 117 8 109 109 0 8 0
pdppl 4096 16135 0 16060 258 177 81 95 0 8 6
pvpl 32 3072608 0 3056074 405 222 183 252 0 265 18
pmappl 248 8063 0 8030 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1166 0 324 25 0 25 25 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82933ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:651
comcnputc(800,20) at comcnputc+0x1a7 sys/dev/ic/com.c:1269
cnputc(20) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(6b) at db_putchar+0x34a db_force_whitespace sys/ddb/db_output.c:96 [inline]
db_putchar(6b) at db_putchar+0x34a sys/ddb/db_output.c:153
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1064
db_printf(ffffffff8261ba78) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff825a1bd6) at panic+0xd7 sys/kern/subr_prf.c:216
__assert(ffffffff82619795,ffffffff826448c7,9b6,ffffffff825d77c8) at __assert+0x25 sys/kern/subr_prf.c:157
uvm_map_teardown(fffffd80695105d8) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2488
uvmspace_free(fffffd80695105d8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436
reaper(ffff800021232fc8) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: 1
ddb{0}> trace
x86_ipi_db(ffffffff82933ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:651
comcnputc(800,20) at comcnputc+0x1a7 sys/dev/ic/com.c:1269
cnputc(20) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(6b) at db_putchar+0x34a db_force_whitespace sys/ddb/db_output.c:96 [inline]
db_putchar(6b) at db_putchar+0x34a sys/ddb/db_output.c:153
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1064
db_printf(ffffffff8261ba78) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff825a1bd6) at panic+0xd7 sys/kern/subr_prf.c:216
__assert(ffffffff82619795,ffffffff826448c7,9b6,ffffffff825d77c8) at __assert+0x25 sys/kern/subr_prf.c:157
uvm_map_teardown(fffffd80695105d8) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2488
uvmspace_free(fffffd80695105d8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436
reaper(ffff800021232fc8) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000d0e470) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd806a87a1f8,fffffd80695a7200,fffffd806f6c3f00,fffffd807ae0d300) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff8000ffff57a8,3,ffff800025fd8680,0,ffff800025fd8770) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff8000ffff57a8,ffff800025fd8728,ffff800025fd8770) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff800025fd87f0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800025fd87f0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7d209a67d0, count: 6
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257befc) at panic+0x177 sys/kern/subr_prf.c:198
tcp_output(ffff800000d0e470) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727
tcp_send(fffffd806a87a1f8,fffffd80695a7200,fffffd806f6c3f00,fffffd807ae0d300) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline]
sosend(fffffd806a87a1f8,fffffd806f6c3f00,ffff800025fd8500,0,fffffd807ae0d300,0) at sosend+0x62a sys/kern/uipc_socket.c:646
sendit(ffff8000ffff57a8,3,ffff800025fd8680,0,ffff800025fd8770) at sendit+0x65d sys/kern/uipc_syscalls.c:694
sys_sendmsg(ffff8000ffff57a8,ffff800025fd8728,ffff800025fd8770) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601
syscall(ffff800025fd87f0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800025fd87f0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7d209a67d0, count: -9
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Greg Steuck
Aug 28, 2022, 11:57:49 PM8/28/22
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: panic: tcp_output
--
You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/000000000000bb52b205e75454f4%40google.com.
--
nest.cx is Gmail hosted, use PGP: https://pgp.key-server.io/0x0B1542BD8DF5A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Reply all
Reply to author
Forward
0 new messages