syzbot


panic: tcp_output: mbuf chain shorter than expected: 0 + 60 + 24 - 0 != 60

Status: fixed on 2019/03/23 14:21
Reported-by: syzbot+adb5836b8a9ff621b2aa@syzkaller.appspotmail.com
Fix commit: 05fb056c068d Fix a KASSERT() in tcp_output().
First crash: 2078d, last: 2078d

Sample crash report:
panic: tcp_output: mbuf chain shorter than expected: 0 + 60 + 24 - 0 != 60
cpuid = 0
time = 1552813207
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0016ad95c0
vpanic() at vpanic+0x1e0/frame 0xfffffe0016ad9620
panic() at panic+0x43/frame 0xfffffe0016ad9680
tcp_output() at tcp_output+0x3fe2/frame 0xfffffe0016ad9850
tcp_timer_rexmt() at tcp_timer_rexmt+0x87d/frame 0xfffffe0016ad98e0
softclock_call_cc() at softclock_call_cc+0x1dd/frame 0xfffffe0016ad99b0
softclock() at softclock+0xa3/frame 0xfffffe0016ad99f0
ithread_loop() at ithread_loop+0x2f2/frame 0xfffffe0016ad9a60
fork_exit() at fork_exit+0xb0/frame 0xfffffe0016ad9ab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0016ad9ab0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100018 ]
Stopped at      kdb_enter+0x6a: movq    $0,kdb_why

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/03/17 09:03 freebsd 310a121be6b8 bab43553 console log report syz C ci-freebsd-main
2019/03/17 08:21 freebsd 310a121be6b8 bab43553 console log report ci-freebsd-main
* Struck through repros no longer work on HEAD.