syzbot


panic: tcp_output: mbuf chain shorter than expected: 0 + 60 + 28 - 0 != 60

Status: fixed on 2019/03/23 14:21
Reported-by: syzbot+16025fff7ee5f7c5957b@syzkaller.appspotmail.com
Fix commit: 05fb056c068d Fix a KASSERT() in tcp_output().
First crash: 1419d, last: 1419d

Sample crash report:
panic: tcp_output: mbuf chain shorter than expected: 0 + 60 + 28 - 0 != 60
cpuid = 0
time = 208
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0016ad95c0
vpanic() at vpanic+0x1e0/frame 0xfffffe0016ad9620
panic() at panic+0x43/frame 0xfffffe0016ad9680
tcp_output() at tcp_output+0x3fe2/frame 0xfffffe0016ad9850
tcp_timer_rexmt() at tcp_timer_rexmt+0x87d/frame 0xfffffe0016ad98e0
softclock_call_cc() at softclock_call_cc+0x1dd/frame 0xfffffe0016ad99b0
softclock() at softclock+0xa3/frame 0xfffffe0016ad99f0
ithread_loop() at ithread_loop+0x2f2/frame 0xfffffe0016ad9a60
fork_exit() at fork_exit+0xb0/frame 0xfffffe0016ad9ab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0016ad9ab0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100018 ]
Stopped at      kdb_enter+0x6a: movq    $0,kdb_why

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-freebsd-main 2019/03/20 04:06 freebsd 90d8cba8606b 2458c1c6 console log report
* Struck through repros no longer work on HEAD.