panic: sleeping thread[ htholredsa d tpuin_dm 2tx ti
dc pu10id00 =3 01
]tim
Seto p=p e1d7 a53t489967
KDB: stack backtrace:
sdbmp__trrenacdeez_sveoluf_sw_aracptpioenr(+0) x a5tddb_trace_self_wrappe:r + 0 xc 6 / f r a me 0 x f f f f fe 00 56 a 7 c9 b0
cmpl 0x25ab56d(%rip),%eax
db>
db> kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056a7cb10
vpanic() at vpanic+0x257/frame 0xfffffe0056a7ccd0
panic() at panic+0xb5/frame 0xfffffe0056a7cd90
propagate_priority() at propagate_priority+0x521/frame 0xfffffe0056a7cde0
turnstile_wait() at turnstile_wait+0x663/frame 0xfffffe0056a7ce50
__mtx_lock_sleep() at __mtx_lock_sleep+0x452/frame 0xfffffe0056a7cf90
__mtx_lock_flags() at __mtx_lock_flags+0x1fe/frame 0xfffffe0056a7d080
tunstart_l2() at tunstart_l2+0x74/frame 0xfffffe0056a7d0e0
tap_transmit() at tap_transmit+0x1d0/frame 0xfffffe0056a7d130
ether_output_frame() at ether_output_frame+0x30c/frame 0xfffffe0056a7d1f0
ether_output() at ether_output+0x114b/frame 0xfffffe0056a7d360
ip6_output_send() at ip6_output_send+0x1b6/frame 0xfffffe0056a7d3e0
set $lines = 0
db> ip6_output() at ip6_output+0x484b/frame 0xfffffe0056a7d930
mld_dispatch_packet() at mld_dispatch_packet+0x8d1/frame 0xfffffe0056a7da90
mld_fasttimo() at mld_fasttimo+0x1900/frame 0xfffffe0056a7dcd0
softclock_call_cc() at softclock_call_cc+0x422/frame 0xfffffe0056a7de80
softclock_thread() at softclock_thread+0x200/frame 0xfffffe0056a7def0
fork_exit() at fork_exit+0xcc/frame 0xfffffe0056a7df30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0056a7df30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Uptime: 44s
Automatic reboot in 15 seconds - press a key on the console to abort
set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0
rax 0x1
rcx 0xfffffe0073600000
rdx 0x7ffff
rbx 0x1
rsp 0xfffffe0056dbe570
rbp 0xfffffe0056dbe5b0
rsi 0x80001
rdi 0xffffffff8162d265 smp_rendezvous_action+0x55
r8 0
r9 0x1
r10 0
r11 0x1ff
r12 0x2
r13 0
r14 0x2
r15 0x1
rip 0xffffffff8162d26d smp_rendezvous_action+0x5d
rflags 0x2
smp_rendezvous_action+0x5d: cmpl 0x25ab56d(%rip),%eax
db> show proc
Process 2 (clock) at 0xfffffe0007808020:
state: NORMAL
uid: 0 gids: 0
parent: pid 0 at 0xffffffff83b4d000
ABI: null
flag: 0x10000284 flag2: 0
reaper: 0xffffffff83b4d000 reapsubtree: 2
sigparent: 20
vmspace: 0xffffffff83b4dfe0
(map 0xffffffff83b4dfe0)
(map.pmap 0xffffffff83b4e080)
(pmap 0xffffffff83b4e0f0)
threads: 2
100031 L *tun_mtx 0xfffffe00079f9c00 [clock (0)]
100032 I [clock (1)]
db> ps
pid ppid pgrp uid state wmesg wchan cmd
837 835 765 0 N syz-executor
836 835 765 0 S uwait 0xfffffe000776cc80 syz-executor
835 765 765 0 RL (threaded) syz-executor
100113 RunQ syz-executor
100153 Run CPU 1 syz-executor
834 764 764 0 R (threaded) syz-executor
100126 RunQ syz-executor
100151 RunQ syz-executor
100154 S uwait 0xfffffe006e55ea00 syz-executor
832 1 764 0 S uwait 0xfffffe000776c480 syz-executor
829 0 0 0 DL mdwait 0xfffffe006b750000 [md0]
827 0 0 0 DL aiordy 0xfffffe005410c580 [aiod4]
826 0 0 0 DL aiordy 0xfffffe005410cae0 [aiod3]
825 0 0 0 DL aiordy 0xfffffe005410d040 [aiod2]
824 0 0 0 DL aiordy 0xfffffe005410d5a0 [aiod1]
821 0 0 0 DL mdwait 0xfffffe006b751000 [md2147483646]
819 818 423 0 L *tun_mtx 0xfffffe00079f9c00 ifconfig
818 811 423 0 S wait 0xfffffe00540f3b00 sh
817 1 817 0 Ss select 0xfffffe00077e58c0 dhclient
816 0 0 0 DL (threaded) [so_splice]
100128 D - 0xfffffe000778cc00 [thr_0]
100129 D - 0xfffffe000778cc40 [thr_1]
813 763 763 0 T (threaded) syz-executor
100115 s syz-executor
100125 D tun_ioc 0xffffffff83cc3940 syz-executor
811 791 423 0 S wait 0xfffffe00540f45c0 dhclient
805 1 765 0 S uwait 0xfffffe000776c380 syz-executor
791 423 423 0 S wait 0xfffffe00540dc060 sh
766 762 766 0 R syz-executor
765 762 765 0 S nanslp 0xffffffff83ba3c81 syz-executor
764 762 764 0 S nanslp 0xffffffff83ba3c81 syz-executor
763 762 763 0 S nanslp 0xffffffff83ba3c81 syz-executor
762 760 760 0 R syz-executor
760 758 760 0 Ss sigsusp 0xfffffe00540040f0 csh
758 681 758 0 Ss select 0xfffffe00077e56c0 sshd
747 1 747 0 Ss+ ttyin 0xfffffe00582798b0 getty
746 1 746 0 Ss+ ttyin 0xfffffe00594d44b0 getty
745 1 745 0 Ss+ ttyin 0xfffffe00594d4cb0 getty
744 1 744 0 Ss+ ttyin 0xfffffe00594d54b0 getty
743 1 743 0 Ss+ ttyin 0xfffffe00594d5cb0 getty
742 1 742 0 Ss+ ttyin 0xfffffe0053f694b0 getty
741 1 741 0 Ss+ ttyin 0xfffffe0053f69cb0 getty
740 1 740 0 Ss+ ttyin 0xfffffe0053f6b4b0 getty
739 1 739 0 Ss+ ttyin 0xfffffe0053f6bcb0 getty
737 1 17 0 S+ piperd 0xfffffe006b43a9e0 logger
736 735 17 0 S+ nanslp 0xffffffff83ba3c80 sleep
735 1 17 0 S+ wait 0xfffffe00540d9560 sh
685 1 685 0 Ss nanslp 0xffffffff83ba3c81 cron
681 1 681 0 Ss select 0xfffffe0058649dc0 sshd
494 1 494 0 Ss select 0xfffffe00586499c0 syslogd
423 1 423 0 Ss wait 0xfffffe00540a9580 devd
422 1 422 65 Ss select 0xfffffe0058649ac0 dhclient
337 1 337 0 Ss select 0xfffffe00077e5e40 dhclient
334 1 334 0 Ss select 0xfffffe00077e5cc0 dhclient
16 0 0 0 DL syncer 0xffffffff83cc1720 [syncer]
15 0 0 0 DL vlruwt 0xfffffe000780a060 [vnlru]
14 0 0 0 DL (threaded) [bufdaemon]
100079 D psleep 0xffffffff83cbfc60 [bufdaemon]
100082 D - 0xffffffff83001ec0 [bufspacedaemon-0]
100094 D sdflush 0xfffffe00596efce8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d0abc0 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100077 D psleep 0xffffffff83cf0c88 [dom0]
100080 D launds 0xffffffff83cf0c94 [laundry: dom0]
100081 D umarcl 0xffffffff81ddfb90 [uma]
7 0 0 0 DL - 0xffffffff8391c5d8 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff8463d9e0 [pf purge]
5 0 0 0 DL waiting 0xffffffff848fc700 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100045 D - 0xffffffff838e6340 [doneq0]
100046 D - 0xffffffff838e62c0 [async]
100075 D - 0xffffffff838e6140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100042 D crypto_ 0xffffffff83cec540 [crypto]
100043 D crypto_ 0xfffffe0053eb5a30 [crypto returns 0]
100044 D crypto_ 0xfffffe0053eb5a80 [crypto returns 1]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b4c620 [g_event]
100038 D - 0xffffffff83b4c640 [g_up]
100039 D - 0xffffffff83b4c660 [g_down]
2 0 0 0 LL (threaded) [clock]
100031 L *tun_mtx 0xfffffe00079f9c00 [clock (0)]
100032 I [clock (1)]
12 0 0 0 WL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100047 I [irq24: virtio_pci0]
100048 I [irq25: virtio_pci0]
100049 I [irq26: virtio_pci0]
100050 I [irq27: virtio_pci0]
100051 I [irq28: virtio_pci1]
100052 I [irq29: virtio_pci1]
100053 I [irq30: virtio_pci1]
100054 I [irq31: virtio_pci1]
100055 I [irq32: virtio_pci1]
100060 I [irq10: virtio_pci2]
100062 I [irq1: atkbd0]
100063 I [irq12: psm0]
100064 I [swi0: uart uart++]
100068 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0007809040 [init]
10 0 0 0 DL audit_w 0xffffffff83cecfe0 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c3dff0 [swapper]
100005 D - 0xfffffe0053eb6100 [softirq_0]
100006 D - 0xfffffe0053eb6000 [softirq_1]
100007 D - 0xfffffe0053eb5e00 [if_io_tqg_0]
100008 D - 0xfffffe0053eb5d00 [if_io_tqg_1]
100009 D - 0xfffffe0053eb5c00 [if_config_tqg_0]
100010 D - 0xfffffe00083f7d00 [kqueue_ctx taskq]
100011 D - 0xfffffe00083f7c00 [jail_remove taskq]
100012 D - 0xfffffe00083f7b00 [bus taskq]
100015 D - 0xfffffe00083f7800 [thread taskq]
100017 D - 0xfffffe00083f7600 [aiod_kick taskq]
100018 D - 0xfffffe00083f7500 [deferred_unmount ta]
100019 D - 0xfffffe00083f7400 [inm_free taskq]
100020 D - 0xfffffe00083f7300 [in6m_free taskq]
100021 D - 0xfffffe00083f7200 [linuxkpi_irq_wq]
100022 D - 0xfffffe00083f7100 [linuxkpi_short_wq_0]
100023 D - 0xfffffe00083f7100 [linuxkpi_short_wq_1]
100024 D - 0xfffffe00083f7100 [linuxkpi_short_wq_2]
100025 D - 0xfffffe00083f7100 [linuxkpi_short_wq_3]
100026 D - 0xfffffe00083f7000 [linuxkpi_long_wq_0]
100027 D - 0xfffffe00083f7000 [linuxkpi_long_wq_1]
100028 D - 0xfffffe00083f7000 [linuxkpi_long_wq_2]
100029 D - 0xfffffe00083f7000 [linuxkpi_long_wq_3]
100036 D - 0xfffffe00083f6e00 [firmware taskq]
100040 D - 0xfffffe00083f6b00 [crypto_0]
100041 D - 0xfffffe00083f6b00 [crypto_1]
100056 D - 0xfffffe00083f6900 [vtnet0 rxq 0]
100057 D - 0xfffffe00083f6800 [vtnet0 txq 0]
100058 D - 0xfffffe00083f6700 [vtnet0 rxq 1]
100059 D - 0xfffffe00083f6600 [vtnet0 txq 1]
100061 D vtbslp 0xfffffe0057d7d700 [virtio_balloon]
100065 D - 0xffffffff827ceee0 [deadlkres]
100069 D - 0xfffffe005857c600 [acpi_task_0]
100070 D - 0xfffffe005857c600 [acpi_task_1]
100071 D - 0xfffffe005857c600 [acpi_task_2]
100073 D - 0xfffffe00083f8100 [mca taskq]
100074 D - 0xfffffe00083f6a00 [CAM taskq]
100076 D - 0xfffffe005857c400 [ipsec_offload]
db> show all locks
Process 835 (syz-executor) thread 0xfffffe0054113000 (100153)
exclusive sleep mutex descriptor tables (descriptor tables) r = 0 (0xffffffff83d27940) locked @ /syzkaller/managers/i386/kernel/sys/amd64/amd64/sys_machdep.c:551
shared sx killpg racer (killpg racer) r = 0 (0xfffffe00540a7760) locked @ /syzkaller/managers/i386/kernel/sys/kern/kern_fork.c:959
Process 819 (ifconfig) thread 0xfffffe00540a0000 (100114)
exclusive sx tun_ioctl (tun_ioctl) r = 0 (0xffffffff83cc3940) locked @ /syzkaller/managers/i386/kernel/sys/net/if_tuntap.c:1300
exclusive sx in_control (in_control) r = 0 (0xffffffff83cc6540) locked @ /syzkaller/managers/i386/kernel/sys/netinet/in.c:367
Process 813 (syz-executor) thread 0xfffffe005409e780 (100125)
exclusive sleep mutex tun_mtx (tun_mtx) r = 0 (0xfffffe006ddece08) locked @ /syzkaller/managers/i386/kernel/sys/net/if_tuntap.c:1601
Process 2 (clock) thread 0xfffffe000781a780 (100031)
exclusive sleep mutex mld_mtx (mld_mtx) r = 0 (0xffffffff83ce7c60) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/mld6.c:1349
exclusive sleep mutex in6_multi_list_mtx (in6_multi_list_mtx) r = 0 (0xffffffff83ce7a80) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/mld6.c:1348
shared rw vnet_rwlock (vnet_rwlock) r = 0 (0xffffffff83cc5cc0) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/mld6.c:1307
db> show malloc
Type InUse MemUse Requests
pf_hash 6 12804K 6
linker 376 5079K 502
tcp_hpts 7 4801K 7
devbuf 4187 4323K 4214
sysctloid 35008 2062K 35083
vtbuf panic: Assertion curthread->td_pinned > 0 failed at /syzkaller/managers/i386/kernel/sys/sys/sched.h:192
cpuid = 0
time = 1753489967
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d22bd0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d22d30
vpanic() at vpanic+0x257/frame 0xffffffff83d22ef0
panic() at panic+0xb5/frame 0xffffffff83d22fc0
DELAY() at DELAY+0x279/frame 0xffffffff83d23010
ns8250_putc() at ns8250_putc+0x172/frame 0xffffffff83d23070
uart_cnputc() at uart_cnputc+0xab/frame 0xffffffff83d230b0
cnputc() at cnputc+0x130/frame 0xffffffff83d230e0
db_putc() at db_putc+0x159/frame 0xffffffff83d23110
kvprintf() at kvprintf+0x1eda/frame 0xffffffff83d232d0
db_printf() at db_printf+0x125/frame 0xffffffff83d23420
db_show_malloc() at db_show_malloc+0x54e/frame 0xffffffff83d234b0
db_command() at db_command+0x5fc/frame 0xffffffff83d23650
db_command_loop() at db_command_loop+0x82/frame 0xffffffff83d23670
db_trap() at db_trap+0x27b/frame 0xffffffff83d237b0
kdb_trap() at kdb_trap+0x66c/frame 0xffffffff83d23970
nmi_call_kdb() at nmi_call_kdb+0x132/frame 0xffffffff83d239b0
nmi_call_kdb_smp() at nmi_call_kdb_smp+0x5f/frame 0xffffffff83d239f0
trap() at trap+0x232/frame 0xffffffff83d23be0
nmi_calltrap() at nmi_calltrap+0x8/frame 0xffffffff83d23be0
--- trap 0x13, rip = 0xffffffff8162d26d, rsp = 0xfffffe0056dbe570, rbp = 0xfffffe0056dbe5b0 ---
smp_rendezvous_action() at smp_rendezvous_action+0x5d/frame 0xfffffe0056dbe5b0
smp_rendezvous_cpus() at smp_rendezvous_cpus+0x2e7/frame 0xfffffe0056dbe7a0
smp_rendezvous() at smp_rendezvous+0x46/frame 0xfffffe0056dbe850
user_ldt_alloc() at user_ldt_alloc+0x3d0/frame 0xfffffe0056dbe950
cpu_fork() at cpu_fork+0x26a/frame 0xfffffe0056dbe9b0
vm_forkproc() at vm_forkproc+0x225/frame 0xfffffe0056dbea10
do_fork() at do_fork+0x1980/frame 0xfffffe0056dbeaf0
fork1() at fork1+0xd58/frame 0xfffffe0056dbec10
sys_fork() at sys_fork+0xe3/frame 0xfffffe0056dbed10
ia32_syscall() at ia32_syscall+0x4d2/frame 0xfffffe0056dbef30
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xdfffcf98
panic: Assertion kstack_contains(td, (vm_offset_t)et, sizeof(*et)) failed at /syzkaller/managers/i386/kernel/sys/kern/subr_epoch.c:470
cpuid = 0
time = 1753489967
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d22750
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d228b0
vpanic() at vpanic+0x257/frame 0xffffffff83d22a70
panic() at panic+0xb5/frame 0xffffffff83d22b30
_epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d22b70
tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d22c70
kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d22d30
vpanic() at vpanic+0x338/frame 0xffffffff83d22ef0
panic() at panic+0xb5/frame 0xffffffff83d22fc0
DELAY() at DELAY+0x279/frame 0xffffffff83d23010
ns8250_putc() at ns8250_putc+0x172/frame 0xffffffff83d23070
uart_cnputc() at uart_cnputc+0xab/frame 0xffffffff83d230b0
cnputc() at cnputc+0x130/frame 0xffffffff83d230e0
db_putc() at db_putc+0x159/frame 0xffffffff83d23110
kvprintf() at kvprintf+0x1eda/frame 0xffffffff83d232d0
db_printf() at db_printf+0x125/frame 0xffffffff83d23420
db_show_malloc() at db_show_malloc+0x54e/frame 0xffffffff83d234b0
db_command() at db_command+0x5fc/frame 0xffffffff83d23650
db_command_loop() at db_command_loop+0x82/frame 0xffffffff83d23670
db_trap() at db_trap+0x27b/frame 0xffffffff83d237b0
kdb_trap() at kdb_trap+0x66c/frame 0xffffffff83d23970
nmi_call_kdb() at nmi_call_kdb+0x132/frame 0xffffffff83d239b0
nmi_call_kdb_smp() at nmi_call_kdb_smp+0x5f/frame 0xffffffff83d239f0
trap() at trap+0x232/frame 0xffffffff83d23be0
nmi_calltrap() at nmi_calltrap+0x8/frame 0xffffffff83d23be0
--- trap 0x13, rip = 0xffffffff8162d26d, rsp = 0xfffffe0056dbe570, rbp = 0xfffffe0056dbe5b0 ---
smp_rendezvous_action() at smp_rendezvous_action+0x5d/frame 0xfffffe0056dbe5b0
smp_rendezvous_cpus() at smp_rendezvous_cpus+0x2e7/frame 0xfffffe0056dbe7a0
smp_rendezvous() at smp_rendezvous+0x46/frame 0xfffffe0056dbe850
user_ldt_alloc() at user_ldt_alloc+0x3d0/frame 0xfffffe0056dbe950
cpu_fork() at cpu_fork+0x26a/frame 0xfffffe0056dbe9b0
vm_forkproc() at vm_forkproc+0x225/frame 0xfffffe0056dbea10
do_fork() at do_fork+0x1980/frame 0xfffffe0056dbeaf0
fork1() at fork1+0xd58/frame 0xfffffe0056dbec10
sys_fork() at sys_fork+0xe3/frame 0xfffffe0056dbed10
ia32_syscall() at ia32_syscall+0x4d2/frame 0xfffffe0056dbef30
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xdfffcf98
panic: Assertion kstack_contains(td, (vm_offset_t)et, sizeof(*et)) failed at /syzkaller/managers/i386/kernel/sys/kern/subr_epoch.c:470
cpuid = 0
time = 1753489967
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d222d0
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d22430
vpanic() at vpanic+0x257/frame 0xffffffff83d225f0
panic() at panic+0xb5/frame 0xffffffff83d226b0
_epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d226f0
tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d227f0
kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d228b0
vpanic() at vpanic+0x338/frame 0xffffffff83d22a70
panic() at panic+0xb5/frame 0xffffffff83d22b30
_epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d22b70
tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d22c70
kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d22d30
vpanic() at vpanic+0x338/frame 0xffffffff83d22ef0
panic() at panic+0xb5/frame 0xffffffff83d22fc0
DELAY() at DELAY+0x279/frame 0xffffffff83d23010
ns8250_putc() at ns8250_putc+0x172/frame 0xffffffff83d23070
uart_cnputc() at uart_cnputc+0xab/frame 0xffffffff83d230b0
cnputc() at cnputc+0x130/frame 0xffffffff83d230e0
db_putc() at db_putc+0x159/frame 0xffffffff83d23110
kvprintf() at kvprintf+0x1eda/frame 0xffffffff83d232d0
db_printf() at db_printf+0x125/frame 0xffffffff83d23420
db_show_malloc() at db_show_malloc+0x54e/frame 0xffffffff83d234b0
db_command() at db_command+0x5fc/frame 0xffffffff83d23650
db_command_loop() at db_command_loop+0x82/frame 0xffffffff83d23670
db_trap() at db_trap+0x27b/frame 0xffffffff83d237b0
kdb_trap() at kdb_trap+0x66c/frame 0xffffffff83d23970
nmi_call_kdb() at nmi_call_kdb+0x132/frame 0xffffffff83d239b0
nmi_call_kdb_smp() at nmi_call_kdb_smp+0x5f/frame 0xffffffff83d239f0
trap() at trap+0x232/frame 0xffffffff83d23be0
nmi_calltrap() at nmi_calltrap+0x8/frame 0xffffffff83d23be0
--- trap 0x13, rip = 0xffffffff8162d26d, rsp = 0xfffffe0056dbe570, rbp = 0xfffffe0056dbe5b0 ---
smp_rendezvous_action() at smp_rendezvous_action+0x5d/frame 0xfffffe0056dbe5b0
smp_rendezvous_cpus() at smp_rendezvous_cpus+0x2e7/frame 0xfffffe0056dbe7a0
smp_rendezvous() at smp_rendezvous+0x46/frame 0xfffffe0056dbe850
user_ldt_alloc() at user_ldt_alloc+0x3d0/frame 0xfffffe0056dbe950
cpu_fork() at cpu_fork+0x26a/frame 0xfffffe0056dbe9b0
vm_forkproc() at vm_forkproc+0x225/frame 0xfffffe0056dbea10
do_fork() at do_fork+0x1980/frame 0xfffffe0056dbeaf0
fork1() at fork1+0xd58/frame 0xfffffe0056dbec10
sys_fork() at sys_fork+0xe3/frame 0xfffffe0056dbed10
ia32_syscall() at ia32_syscall+0x4d2/frame 0xfffffe0056dbef30
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xdfffcf98
panic: Assertion kstack_contains(td, (vm_offset_t)et, sizeof(*et)) failed at /syzkaller/managers/i386/kernel/sys/kern/subr_epoch.c:470
cpuid = 0
time = 1753489967
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d21e50
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d21fb0
vpanic() at vpanic+0x257/frame 0xffffffff83d22170
panic() at panic+0xb5/frame 0xffffffff83d22230
_epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d22270
tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d22370
kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d22430
vpanic() at vpanic+0x338/frame 0xffffffff83d225f0
panic() at panic+0xb5/frame 0xffffffff83d226b0
_epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d226f0
tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d227f0
kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d228b0
vpanic() at vpanic+0x338/frame 0xffffffff83d22a70
panic() at panic+0xb5/frame 0xffffffff83d22b30
_epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d22b70
tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d22c70
kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d22d30
vpanic() at vpanic+0x338/frame 0xffffffff83d22ef0
panic() at panic+0xb5/frame 0xffffffff83d22fc0
DELAY() at DELAY+0x279/frame 0xffffffff83d23010
ns8250_putc() at ns8250_putc+0x172/frame 0xffffffff83d23070
uart_cnputc() at uart_cnputc+0xab/frame 0xffffffff83d230b0
cnputc() at cnputc+0x130/frame 0xffffffff83d230e0
db_putc() at db_putc+0x159/frame 0xffffffff83d23110
kvprintf() at kvprintf+0x1eda/frame 0xffffffff83d232d0
db_printf() at db_printf+0x125/frame 0xffffffff83d23420
db_show_malloc() at db_show_malloc+0x54e/frame 0xffffffff83d234b0
db_command() at db_command+0x5fc/frame 0xffffffff83d23650
db_command_loop() at db_command_loop+0x82/frame 0xffffffff83d23670
db_trap() at db_trap+0x27b/frame 0xffffffff83d237b0
kdb_trap() at kdb_trap+0x66c/frame 0xffffffff83d23970
nmi_call_kdb() at nmi_call_kdb+0x132/frame 0xffffffff83d239b0
nmi_call_kdb_smp() at nmi_call_kdb_smp+0x5f/frame 0xffffffff83d239f0
trap() at trap+0x232/frame 0xffffffff83d23be0
nmi_calltrap() at nmi_calltrap+0x8/frame 0xffffffff83d23be0
--- trap 0x13, rip = 0xffffffff8162d26d, rsp = 0xfffffe0056dbe570, rbp = 0xfffffe0056dbe5b0 ---
smp_rendezvous_action() at smp_rendezvous_action+0x5d/frame 0xfffffe0056dbe5b0
smp_rendezvous_cpus() at smp_rendezvous_cpus+0x2e7/frame 0xfffffe0056dbe7a0
smp_rendezvous() at smp_rendezvous+0x46/frame 0xfffffe0056dbe850
user_ldt_alloc() at user_ldt_alloc+0x3d0/frame 0xfffffe0056dbe950
cpu_fork() at cpu_fork+0x26a/frame 0xfffffe0056dbe9b0
vm_forkproc() at vm_forkproc+0x225/frame 0xfffffe0056dbea10
do_fork() at do_fork+0x1980/frame 0xfffffe0056dbeaf0
fork1() at fork1+0xd58/frame 0xfffffe0056dbec10
sys_fork() atSeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 2d8230d0-732e-2058-9e61-e99101c24fa8
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=6291456 = 3072 MiB
drive 0x000f2820: PCHS=0/0/0 translation=lba LCHS=780/128/63 s=6291456
Sending Seabios boot VM event.
Booting from Hard Disk 0...