Warning: Permanently added '10.128.1.25' (ECDSA) to the list of known hosts. 2019/09/08 00:38:09 fuzzer started 2019/09/08 00:38:09 dialing manager at 10.128.0.248:48358 2019/09/08 00:38:09 syscalls: 496 2019/09/08 00:38:09 code coverage: enabled 2019/09/08 00:38:09 comparison tracing: enabled 2019/09/08 00:38:09 extra coverage: support is not implemented in syzkaller 2019/09/08 00:38:09 setuid sandbox: support is not implemented in syzkaller 2019/09/08 00:38:09 namespace sandbox: support is not implemented in syzkaller 2019/09/08 00:38:09 Android sandbox: support is not implemented in syzkaller 2019/09/08 00:38:09 fault injection: support is not implemented in syzkaller 2019/09/08 00:38:09 leak checking: support is not implemented in syzkaller 2019/09/08 00:38:09 net packet injection: enabled 2019/09/08 00:38:09 net device setup: support is not implemented in syzkaller login: Expensive timeout(9) function: 0xffffffff8189eaf0(0xffffffff828209e0) 0.002550044 s 00:40:03 executing program 0: dup(0xffffffffffffffff) shutdown(0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/169, 0xa9}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, 0x0}, 0x2) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x73a0d56, 0x2, 0x0, 0x800e00549) shutdown(r1, 0x0) r3 = dup(r2) setsockopt$inet6_udp(r1, 0x11, 0x0, 0x0, 0x0) recvfrom$inet(r3, 0x0, 0xe5, 0x2, 0x0, 0x800e00551) shutdown(r3, 0x0) 00:40:03 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) poll(&(0x7f0000000100)=[{}, {}, {}, {}, {}, {r0}, {}], 0x7, 0x4e) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x1aa6, 0x0, 0x0, 0x800e00506) setsockopt$sock_timeval(r1, 0xffff, 0x1006, &(0x7f0000000040)={0x4}, 0x10) socketpair(0x0, 0x0, 0x0, 0x0) recvfrom$inet(r1, 0x0, 0x1789836bed901fc7, 0x0, 0x0, 0x800e0050e) shutdown(r1, 0x0) 00:40:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001540)=[{&(0x7f00000015c0)=""/4096, 0x1000}], 0x1, 0x0}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xfd1d, 0x0, 0x0, 0x800e00505) shutdown(r0, 0x0) r2 = dup(r1) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = dup2(r2, r4) setsockopt$sock_timeval(r5, 0xffff, 0x1006, &(0x7f0000000240)={0x1}, 0xdc1c0d6f39485fbd) setsockopt$inet_int(r3, 0x0, 0x4, &(0x7f0000000000), 0x4) recvfrom$inet(r4, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e) shutdown(r3, 0x0) 00:40:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_int(r0, 0x0, 0x0, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0xd02d, 0x0, 0x0, 0x800e0077e) shutdown(r0, 0x0) 00:40:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) readv(r0, &(0x7f0000000840)=[{&(0x7f0000000200)=""/223, 0xdf}], 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x2769, 0x0, 0x0, 0x800e00505) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = dup(r3) readv(r4, &(0x7f0000000980)=[{&(0x7f0000000140)=""/7, 0x7}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0xa) r5 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r5, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e) shutdown(r4, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r5, 0x0) shutdown(r2, 0x0) Sep 8 00:40:13 ci-freebsd-main-9 kernel: pid 754 (syz-fuzzer), jid 0, uid 0, was killed: out of swap space Sep 8 00:40:17 ci-freebsd-main-9 kernel: pid 760 (syz-executor.3), jid 0, uid 0, was killed: out of swap space Sep 8 00:40:19 ci-freebsd-main-9 kernel: pid 759 (syz-executor.0), jid 0, uid 0, was killed: out of swap space Sep 8 00:40:20 ci-freebsd-main-9 kernel: pid 789 (syz-executor.1), jid 0, uid 0, was killed: out of swap space Sep 8 00:40:21 ci-freebsd-main-if_delmulti_locked: detaching ifnet instance 0xfffff800041af800 9 kernel: pid 76if_delmulti_locked: detaching ifnet instance 0xfffff800041af800 1 (syz-executor.if_delmulti_locked: detaching ifnet instance 0xfffff800041af800 1), jid 0, uid 0, was killed: out of swap space if_delmulti_locked: detaching ifnet instance 0xfffff80004bd2800 if_delmulti_locked: detaching ifnet instance 0xfffff80004bd2800 if_delmulti_locked: detaching ifnet instance 0xfffff80004bd2800 Sep 8 00:40:22 ci-freebsd-main-9 kernel: pid 780 (syz-executor.2), jid 0, uid 0, was killed: out of swap space if_delmulti_locked: detaching ifnet instance 0xfffff800041af800 if_delmulti_locked: detaching ifnet instance 0xfffff800041af800 if_delmulti_locked: detaching ifnet instance 0xfffff800041af800 if_delmulti_locked: detaching ifnet instance 0xfffff800041af800 if_delmulti_locked: detaching ifnet instance 0xfffff80004bd2800 if_delmulti_locked: detaching ifnet instance 0xfffff80004bd2800 if_delmulti_locked: detaching ifnet instance 0xfffff80004bd2800 if_delmulti_locked: detaching ifnet instance 0xfffff80004bd2800 Killed panic: rcv_start < rcv_end cpuid = 0 time = 1567903232 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0019f6c250 vpanic() at vpanic+0x1e0/frame 0xfffffe0019f6c2b0 panic() at panic+0x43/frame 0xfffffe0019f6c310 tcp_update_dsack_list() at tcp_update_dsack_list+0x962/frame 0xfffffe0019f6c3c0 tcp_do_segment() at tcp_do_segment+0x4252/frame 0xfffffe0019f6c4d0 tcp_input() at tcp_input+0x1583/frame 0xfffffe0019f6c640 ip_input() at ip_input+0x2c4/frame 0xfffffe0019f6c700 netisr_dispatch_src() at netisr_dispatch_src+0xe9/frame 0xfffffe0019f6c770 ether_demux() at ether_demux+0x24a/frame 0xfffffe0019f6c7c0 ether_nh_input() at ether_nh_input+0x7c6/frame 0xfffffe0019f6c840 netisr_dispatch_src() at netisr_dispatch_src+0xe9/frame 0xfffffe0019f6c8b0 ether_input() at ether_input+0xbf/frame 0xfffffe0019f6c900 vtnet_rxq_eof() at vtnet_rxq_eof+0xb22/frame 0xfffffe0019f6c9b0 vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0xa5/frame 0xfffffe0019f6c9f0 ithread_loop() at ithread_loop+0x2f2/frame 0xfffffe0019f6ca60 fork_exit() at fork_exit+0xb0/frame 0xfffffe0019f6cab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0019f6cab0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 12 tid 100039 ] Stopped at kdb_enter+0x6a: movq $0,kdb_why db>