login: panic: Assertion in_epoch(net_epoch_preempt) failed at /syzkaller/managers/i386/kernel/sys/netinet6/ip6_output.c:409
cpuid = 0
time = 1582085290
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00247d0f70
vpanic() at vpanic+0x1ce/frame 0xfffffe00247d0fe0
panic() at panic+0x43/frame 0xfffffe00247d1040
ip6_output() at ip6_output+0x3a9a/frame 0xfffffe00247d1320
sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x18ea/frame 0xfffffe00247d1470
sctp_send_initiate() at sctp_send_initiate+0xa53/frame 0xfffffe00247d1570
sctp_lower_sosend() at sctp_lower_sosend+0x3f73/frame 0xfffffe00247d1780
sctp_sosend() at sctp_sosend+0x4fe/frame 0xfffffe00247d18b0
sosend() at sosend+0xc6/frame 0xfffffe00247d1920
kern_sendit() at kern_sendit+0x32d/frame 0xfffffe00247d19d0
freebsd32_sendmsg() at freebsd32_sendmsg+0x256/frame 0xfffffe00247d1ab0
ia32_syscall() at ia32_syscall+0x2cf/frame 0xfffffe00247d1bf0
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x8142fc9
KDB: enter: panic
[ thread pid 790 tid 100078 ]
Stopped at kdb_enter+0x67: movq $0,0x1464f96(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0
rax 0x12
rcx 0x80 ll+0x5f
rdx 0xffffffff818f4ce4
rbx 0
rsp 0xfffffe00247d0f50
rbp 0xfffffe00247d0f70
rsi 0x1
rdi 0
r8 0
r9 0xffffffff
r10 0xe056 ll+0xe035
r11 0xfffffe0004cf5300
r12 0xffffffff82068f00 ddb_dbbe
r13 0
r14 0xffffffff8193ce0b
r15 0xffffffff8193ce0b
rip 0xffffffff810b2127 kdb_enter+0x67
rflags 0x200082 kernphys+0x82
kdb_enter+0x67: movq $0,0x1464f96(%rip)
db> show proc
Process 790 (syz-executor.0) at 0xfffff80003c0aa60:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 773 at 0xfffff8003a805000
ABI: FreeBSD ELF32
arguments: /root/syz-executor.0
reaper: 0xfffff800032d3000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00249779e8
(map 0xfffffe00249779e8)
(map.pmap 0xfffffe0024977aa8)
(pmap 0xfffffe0024977b08)
threads: 1
100078 Run CPU 0 syz-executor.0
db> ps
pid ppid pgrp uid state wmesg wchan cmd
790 773 773 0 R CPU 0 syz-executor.0
788 422 422 0 R CPU 1 sh
773 771 773 0 Ss nanslp 0xffffffff824ffcc0 syz-executor.0
771 769 769 0 S (threaded) syz-execprog
100083 S uwait 0xfffff80003c10000 syz-execprog
100103 S uwait 0xfffff80003c0b800 syz-execprog
100104 S uwait 0xfffff80003c0bb80 syz-execprog
100105 S uwait 0xfffff80003c0bc80 syz-execprog
100106 S uwait 0xfffff80003c11500 syz-execprog
100107 S uwait 0xfffff80003c11600 syz-execprog
100108 S uwait 0xfffff80003c0ba80 syz-execprog
100109 S uwait 0xfffff800039b5100 syz-execprog
100110 S kqread 0xfffff80003aa2900 syz-execprog
769 767 769 0 Ss pause 0xfffff80003c590a8 csh
767 680 767 0 Ss select 0xfffff800035435c0 sshd
746 1 746 0 Ss+ ttyin 0xfffff800033a78b0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003a920b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003a924b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003a928b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003a92cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003a950b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003a954b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003a958b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003a95cb0 getty
736 1 22 0 S+ piperd 0xfffff8003a0ec2f8 logger
735 734 22 0 S+ nanslp 0xffffffff824ffcc0 sleep
734 1 22 0 S+ wait 0xfffff8003a2e4a60 sh
684 1 684 0 Ss nanslp 0xffffffff824ffcc0 cron
680 1 680 0 Ss select 0xfffff800039d1a40 sshd
493 1 493 0 Ss select 0xfffff8000352a840 syslogd
422 1 422 0 Ss wait 0xfffff80003bf8000 devd
421 1 421 65 Ss select 0xfffff8000352a9c0 dhclient
336 1 336 0 Ss select 0xfffff8000352aac0 dhclient
333 1 333 0 Ss select 0xfffff8000352a7c0 dhclient
21 0 0 0 DL syncer 0xffffffff825d6158 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003a62000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d5658 [bufdaemon]
100070 D - 0xffffffff8200a980 [bufspacedaemon-0]
100081 D sdflush 0xfffff800033a48e8 [/ worker]
18 0 0 0 DL psleep 0xffffffff825f10c8 [vmdaemon]
17 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff8261cfd8 [dom0]
100068 D launds 0xffffffff8261cfe4 [laundry: dom0]
100069 D umarcl 0xffffffff81542420 [uma]
16 0 0 0 DL - 0xffffffff8235a530 [rand_harvestq]
15 0 0 0 DL waiting 0xffffffff826625a0 [sctp_iterator]
9 0 0 0 DL - 0xffffffff825d505c [soaiod4]
8 0 0 0 DL - 0xffffffff825d505c [soaiod3]
7 0 0 0 DL - 0xffffffff825d505c [soaiod2]
6 0 0 0 DL - 0xffffffff825d505c [soaiod1]
5 0 0 0 DL (threaded) [cam]
100031 D - 0xffffffff82235940 [doneq0]
100062 D - 0xffffffff82235808 [scanner]
4 0 0 0 DL crypto_ 0xfffff800033aa190 [crypto returns 1]
3 0 0 0 DL crypto_ 0xfffff800033aa130 [crypto returns 0]
2 0 0 0 DL crypto_ 0xffffffff825eb138 [crypto]
14 0 0 0 DL seqstat 0xfffff80003321888 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100022 D - 0xffffffff8261b608 [g_event]
100023 D - 0xffffffff8261b618 [g_up]
100024 D - 0xffffffff8261b610 [g_down]
12 0 0 0 WL (threaded) [intr]
100005 I [swi5: fast taskq]
100009 I [swi6: task queue]
100010 I [swi6: Giant taskq]
100017 I [swi3: vm]
100018 I [swi1: netisr 0]
100019 I [swi4: clock (0)]
100020 I [swi4: clock (1)]
100032 I [irq24: virtio_pci0]
100033 I [irq25: virtio_pci0]
100034 I [irq26: virtio_pci0]
100035 I [irq27: virtio_pci0]
100036 I [irq28: virtio_pci1]
100037 I [irq29: virtio_pci1]
100038 I [irq30: virtio_pci1]
100039 I [irq31: virtio_pci1]
100040 I [irq32: virtio_pci1]
100045 I [irq10: virtio_pci2]
100047 I [irq1: atkbd0]
100048 I [irq12: psm0]
100049 I [swi0: uart uart++]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff800032d3000 [init]
10 0 0 0 DL audit_w 0xffffffff82663230 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8260ac48 [swapper]
100006 D - 0xfffff800031c5e00 [config_0]
100007 D - 0xfffff800031cce00 [kqueue_ctx taskq]
100008 D - 0xfffff800031ccd00 [aiod_kick taskq]
100011 D - 0xfffff800031cca00 [thread taskq]
100012 D - 0xfffff800031c5d00 [softirq_0]
100013 D - 0xfffff800031c5c00 [softirq_1]
100014 D - 0xfffff800031c5b00 [if_io_tqg_0]
100015 D - 0xfffff800031c5a00 [if_io_tqg_1]
100016 D - 0xfffff800031c5900 [if_config_tqg_0]
100021 D - 0xfffff800031cc900 [firmware taskq]
100026 D - 0xfffff800031cc800 [crypto_0]
100027 D - 0xfffff800031cc800 [crypto_1]
100041 D - 0xfffff800031cc600 [vtnet0 rxq 0]
100042 D - 0xfffff800031cc500 [vtnet0 txq 0]
100043 D - 0xfffff800031cc400 [vtnet0 rxq 1]
100044 D - 0xfffff800031cc300 [vtnet0 txq 1]
100046 D vtbslp 0xfffff80003542d80 [virtio_balloon]
100050 D - 0xfffff800031cc200 [mca taskq]
100055 D - 0xffffffff81ce0c31 [deadlkres]
100057 D - 0xfffff80003a82a00 [acpi_task_0]
100058 D - 0xfffff80003a82a00 [acpi_task_1]
100059 D - 0xfffff80003a82a00 [acpi_task_2]
100061 D - 0xfffff800031cc700 [CAM taskq]
db> show all locks
Process 790 (syz-executor.0) thread 0xfffffe0004cf4e00 (100078)
exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0024c2f380) locked @ /syzkaller/managers/i386/kernel/sys/netinet/sctp_output.c:13643
Process 788 (sh) thread 0xfffffe002497b700 (100112)
exclusive rw vm object (vm object) r = 0 (0xfffff8003a497738) locked @ /syzkaller/managers/i386/kernel/sys/vm/vm_object.c:662
db> show malloc
Type InUse MemUse Requests
devbuf 4213 4851K 4238
vtbuf 24 1968K 46
sysctloid 26636 1559K 26700
kobj 332 1328K 488
newblk 368 1116K 410
vfscache 4 1025K 4
pcb 23 539K 79
inodedep 54 539K 77
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 114 222K 858
acpica 1674 185K 50140
vnet_data 1 168K 1
pagedep 17 132K 21
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 102 102K 113
linker 222 89K 244
bus 964 78K 3311
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 494 62K 494
filedesc 5 37K 17
gtaskqueue 22 34K 22
hostcache 1 32K 1
shm 1 32K 1
umtx 252 32K 252
DEVFS3 121 31K 131
msg 4 30K 4
kdtrace 152 30K 1640
DEVFS_RULE 56 27K 56
kbdmux 6 22K 6
vmem 3 21K 3
BPF 11 18K 11
temp 22 17K 1639
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ifaddr 40 15K 42
ithread 89 15K 89
bus-sc 30 14K 1397
KTRACE 100 13K 100
kenv 95 12K 99
eventhandler 122 11K 122
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 3 9K 45
devstat 4 9K 4
UART 12 9K 12
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 231 8K 289
lltable 20 7K 20
cred 27 7K 234
ifnet 4 7K 4
CAM DEV 3 6K 510
ether_multi 73 6K 78
routetbl 36 6K 40
vt 11 6K 11
kqueue 49 6K 795
sglist 5 6K 5
CAM queue 5 6K 1528
in6_multi 41 5K 41
ufs_dirhash 24 5K 24
plimit 18 5K 329
taskqueue 42 5K 42
dirrem 17 5K 28
memdesc 1 4K 1
MCA 32 4K 32
evdev 4 4K 4
diradd 31 4K 42
UMA 235 4K 235
hhook 13 4K 13
acpisem 22 3K 22
terminal 11 3K 11
session 21 3K 32
pgrp 21 3K 32
select 19 3K 19
uidinfo 4 3K 4
proc-args 41 3K 498
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
CAM XPT 22 2K 543
lockf 15 2K 22
Unitno 25 2K 39
ip6ndp 8 2K 9
acpidev 20 2K 20
mkdir 10 2K 22
crypto 2 2K 2
msi 9 2K 9
softdep 1 1K 1
indirdep 4 1K 4
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
sctp_ifa 8 1K 8
sctp_atcl 2 1K 2
sctp_stro 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 6
NFSD session 1 1K 1
CAM periph 4 1K 271
newdirblk 7 1K 11
in_multi 3 1K 4
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
CAM SIM 2 1K 2
pfil 4 1K 4
chacha20random 1 1K 1
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
mld 3 1K 3
sctp_ifn 3 1K 3
igmp 3 1K 3
tun 4 1K 4
osd 3 1K 9
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
inpcbpolicy 7 1K 143
feeder 7 1K 7
loginclass 3 1K 3
DEVFSP 3 1K 3
soname 5 1K 5763
CAM path 4 1K 1034
apmdev 1 1K 1
atkbddev 2 1K 2
sctp_atky 3 1K 3
pmchooks 1 1K 1
prison 4 1K 4
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
filecaps 4 1K 66
nexusdev 5 1K 5
entropy 2 1K 37
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
freework 1 1K 26
sctp_athm 2 1K 2
sctp_map 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
iov 1 1K 13167
p1003.1b 1 1K 1
CAM CCB 0 0K 1765
madt_table 0 0K 2
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
fpukern_ctx 0 0K 0
MVS driver 0 0K 0
xen_intr 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
MPSSAS 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
UMAHash 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 13
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefile 0 0K 9
freeblks 0 0K 25
freefrag 0 0K 5
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
sctp_iter 0 0K 5
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 5
sctp_aadr 0 0K 0
sctp_stri 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
mpr 0 0K 0
statfs 0 0K 196
export_host 0 0K 0
cl_savebuf 0 0K 2
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
mfibuf 0 0K 0
mbuf_tag 0 0K 46
accf 0 0K 0
pts 0 0K 0
ioctlops 0 0K 92
Witness 0 0K 0
stack 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 590
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
kcovinfo 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
ath_hal 0 0K 0
athdev 0 0K 0
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
db> show ktr
No such command; use "help" to list available commands