syzbot


panic: Assertion td->td_epochnest failed at /syzkaller/managers/i386/kernel/sys/kern/subr_epoch.c:LINE

Status: fixed on 2019/10/16 16:57
Reported-by: syzbot+6d425244d3df90ae3157@syzkaller.appspotmail.com
Fix commit: ip6_output() has a complex set of gotos, and some can jump out of the epoch section towards return statement. Since entering epoch is cheap, it is easier to cover the whole function with epoch, rather than try to properly maintain its state.
First crash: 1872d, last: 1872d

Sample crash report:
panic: Assertion td->td_epochnest failed at /syzkaller/managers/i386/kernel/sys/kern/subr_epoch.c:398
cpuid = 0
time = 1570632839
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe00242ea190
vpanic() at vpanic+0x1e0/frame 0xfffffe00242ea1f0
panic() at panic+0x43/frame 0xfffffe00242ea250
_epoch_exit_preempt() at _epoch_exit_preempt+0x21c/frame 0xfffffe00242ea2a0
ip6_output() at ip6_output+0x379c/frame 0xfffffe00242ea550
udp6_send() at udp6_send+0xceb/frame 0xfffffe00242ea720
sosend_dgram() at sosend_dgram+0x550/frame 0xfffffe00242ea790
sosend() at sosend+0xc6/frame 0xfffffe00242ea800
kern_sendit() at kern_sendit+0x33d/frame 0xfffffe00242ea8b0
sendit() at sendit+0x227/frame 0xfffffe00242ea910
sys_sendto() at sys_sendto+0x5c/frame 0xfffffe00242ea970
ia32_syscall() at ia32_syscall+0x46a/frame 0xfffffe00242eaab0
int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0x814300f
KDB: enter: panic
[ thread pid 20131 tid 100207 ]
Stopped at      kdb_enter+0x6a: movq    $0,kdb_why

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/09 14:54 freebsd 6bf933c43450 312c6a5a console log report ci-freebsd-i386
2019/10/09 13:36 freebsd 6bf933c43450 312c6a5a console log report ci-freebsd-i386
2019/10/09 12:01 freebsd 6bf933c43450 312c6a5a console log report ci-freebsd-i386
* Struck through repros no longer work on HEAD.