panic: Assertion done != job_total_nbytes failed at /syzkaller/managers/main/kernel/sys/kern/sys_socket.c:678 cpuid = 1 time = 1747552056 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00576778d0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057677a30 vpanic() at vpanic+0x257/frame 0xfffffe0057677bf0 panic() at panic+0xb5/frame 0xfffffe0057677cb0 soaio_process_sb() at soaio_process_sb+0x123d/frame 0xfffffe0057677ea0 soaio_kproc_loop() at soaio_kproc_loop+0x17b/frame 0xfffffe0057677ef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0057677f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0057677f30 --- trap 0xc, rip = 0x32f68c, rsp = 0x82631dee8, rbp = 0x82631df10 --- KDB: enter: panic [ thread pid 934 tid 100223 ] Stopped at kdb_enter+0x6e: movq $0,0x25bd7e7(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe00033eee30 rdx 0 rbx 0xffffffff827b0060 .str.27 rsp 0xfffffe0057677a10 rbp 0xfffffe0057677a30 rsi 0 rdi 0xffffffff81614819 printf+0x149 r8 0 r9 0xffffffff r10 0x1 r11 0x17 r12 0xfffffe0054941000 r13 0xfffffffffffffffd r14 0xffffffff827b0060 .str.27 r15 0 rip 0xffffffff815fe9ae kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25bd7e7(%rip) db> show proc Process 934 (soaiod2) at 0xfffffe0054933060: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff83b468e0 ABI: null flag: 0x10000204 flag2: 0 reaper: 0xffffffff83b468e0 reapsubtree: 934 sigparent: 20 vmspace: 0xfffffe00548b06d8 (map 0xfffffe00548b06d8) (map.pmap 0xfffffe00548b0778) (pmap 0xfffffe00548b07e8) threads: 1 100223 Run CPU 1 [soaiod2] db> ps pid ppid pgrp uid state wmesg wchan cmd 1095 865 865 0 R (threaded) syz-executor 100401 RunQ syz-executor 100414 RunQ syz-executor 100415 RunQ syz-executor 1094 1 865 0 S uwait 0xfffffe0007fec280 syz-executor 1092 1 865 0 S uwait 0xfffffe007a461600 syz-executor 1091 0 0 0 DL mdwait 0xfffffe006eb6e000 [md0] 1086 767 767 0 S (threaded) syz-executor 100392 S nanslp 0xffffffff83b9d501 syz-executor 100393 S connec 0xfffffe006bc9e8da syz-executor 100397 S uwait 0xfffffe007a461200 syz-executor 100399 S uwait 0xfffffe007a461300 syz-executor 100404 S uwait 0xfffffe007a526580 syz-executor 1083 764 1083 0 T (threaded) syz-executor 100367 s syz-executor 100389 RunQ syz-executor 100398 RunQ syz-executor 100400 RunQ syz-executor 1082 1 767 0 S uwait 0xfffffe0077c09280 syz-executor 1076 0 0 0 DL (threaded) [KTLS] 100372 D - 0xfffffe0054629600 [thr_0] 100373 D - 0xfffffe0054629680 [thr_1] 100374 D - 0xffffffff83caec28 [reclaim_0] 1075 0 0 0 DL (threaded) [so_splice] 100278 D - 0xfffffe007a526080 [thr_0] 100370 D - 0xfffffe007a5260c0 [thr_1] 1070 1 767 0 S uwait 0xfffffe0058a5c580 syz-executor 1069 1 767 0 S uwait 0xfffffe007a526180 syz-executor 1068 1 767 0 S uwait 0xfffffe0007fecc00 syz-executor 1066 1 767 0 S uwait 0xfffffe007a461f00 syz-executor 1065 1064 865 0 SV uwait 0xfffffe0077c0a880 syz-executor 1064 1063 865 0 DV ppwait 0xfffffe0054995540 syz-executor 1063 1062 865 0 DV ppwait 0xfffffe0054995aa0 syz-executor 1062 1061 865 0 DV ppwait 0xfffffe0054996000 syz-executor 1061 1060 865 0 DV ppwait 0xfffffe0054996560 syz-executor 1060 1059 865 0 DV ppwait 0xfffffe0054996ac0 syz-executor 1059 1058 865 0 DV ppwait 0xfffffe0054997500 syz-executor 1058 1057 865 0 DV ppwait 0xfffffe0054997a60 syz-executor 1057 1056 865 0 DV ppwait 0xfffffe0054997fc0 syz-executor 1056 1055 865 0 DV ppwait 0xfffffe0054809ac0 syz-executor 1055 1054 865 0 DV ppwait 0xfffffe000800aac0 syz-executor 1054 1053 865 0 DV ppwait 0xfffffe0054809000 syz-executor 1053 1052 865 0 DV ppwait 0xfffffe000800a560 syz-executor 1052 1051 865 0 DV ppwait 0xfffffe0054807fe0 syz-executor 1051 1050 865 0 DV ppwait 0xfffffe0054945520 syz-executor 1050 1049 865 0 DV ppwait 0xfffffe0054944500 syz-executor 1049 1048 865 0 DV ppwait 0xfffffe0054994fe0 syz-executor 1048 1047 865 0 DV ppwait 0xfffffe0054984a60 syz-executor 1047 1046 865 0 DV ppwait 0xfffffe0054984fc0 syz-executor 1046 1045 865 0 DV ppwait 0xfffffe0054985520 syz-executor 1045 1044 865 0 DV ppwait 0xfffffe0054985a80 syz-executor 1044 1043 865 0 DV ppwait 0xfffffe0054985fe0 syz-executor 1043 1042 865 0 DV ppwait 0xfffffe0054986540 syz-executor 1042 1041 865 0 DV ppwait 0xfffffe0054986aa0 syz-executor 1041 1040 865 0 DV ppwait 0xfffffe0054987000 syz-executor 1040 1039 865 0 DV ppwait 0xfffffe005497da80 syz-executor 1039 1038 865 0 DV ppwait 0xfffffe005497dfe0 syz-executor 1038 1037 865 0 DV ppwait 0xfffffe005497e540 syz-executor 1037 1036 865 0 DV ppwait 0xfffffe005497eaa0 syz-executor 1036 1035 865 0 DV ppwait 0xfffffe005497f000 syz-executor 1035 1034 865 0 DV ppwait 0xfffffe005497f560 syz-executor 1034 1033 865 0 DV ppwait 0xfffffe005497fac0 syz-executor 1033 1032 865 0 DV ppwait 0xfffffe0054984500 syz-executor 1032 1031 865 0 DV ppwait 0xfffffe0054976aa0 syz-executor 1031 1030 865 0 DV ppwait 0xfffffe0054977000 syz-executor 1030 1029 865 0 DV ppwait 0xfffffe0054977560 syz-executor 1029 1028 865 0 DV ppwait 0xfffffe0054977ac0 syz-executor 1028 1027 865 0 DV ppwait 0xfffffe005497c500 syz-executor 1027 1026 865 0 DV ppwait 0xfffffe005497ca60 syz-executor 1026 1025 865 0 DV ppwait 0xfffffe005497cfc0 syz-executor 1025 1024 865 0 DV ppwait 0xfffffe005497d520 syz-executor 1024 1023 865 0 DV ppwait 0xfffffe0054956ac0 syz-executor 1023 1022 865 0 DV ppwait 0xfffffe0054974500 syz-executor 1022 1021 865 0 DV ppwait 0xfffffe0054974a60 syz-executor 1021 1020 865 0 DV ppwait 0xfffffe0054974fc0 syz-executor 1020 1019 865 0 DV ppwait 0xfffffe0054975520 syz-executor 1019 1018 865 0 DV ppwait 0xfffffe0054975a80 syz-executor 1018 1017 865 0 DV ppwait 0xfffffe0054975fe0 syz-executor 1017 1016 865 0 DV ppwait 0xfffffe0054976540 syz-executor 1016 1015 865 0 DV ppwait 0xfffffe0054953fc0 syz-executor 1015 1014 865 0 DV ppwait 0xfffffe0054954520 syz-executor 1014 1013 865 0 DV ppwait 0xfffffe0054954a80 syz-executor 1013 1012 865 0 DV ppwait 0xfffffe0054954fe0 syz-executor 1012 1011 865 0 DV ppwait 0xfffffe0054955540 syz-executor 1011 1010 865 0 DV ppwait 0xfffffe0054955aa0 syz-executor 1010 1009 865 0 DV ppwait 0xfffffe0054956000 syz-executor 1009 1008 865 0 DV ppwait 0xfffffe0054956560 syz-executor 1008 1007 865 0 DV ppwait 0xfffffe0054953500 syz-executor 1007 1006 865 0 DV ppwait 0xfffffe0054947ac0 syz-executor 1006 1005 865 0 DV ppwait 0xfffffe0054945a80 syz-executor 1005 1004 865 0 DV ppwait 0xfffffe0054930a60 syz-executor 1004 1003 865 0 DV ppwait 0xfffffe0008028aa0 syz-executor 1003 1002 865 0 DV ppwait 0xfffffe00548dbac0 syz-executor 1002 1001 865 0 DV ppwait 0xfffffe0054807a80 syz-executor 1001 1 865 0 DV ppwait 0xfffffe0054808aa0 syz-executor 999 1 767 0 S uwait 0xfffffe0077c0a680 syz-executor 988 1 988 0 Ss+ ttyin 0xfffffe0058a974b0 getty 987 1 987 0 Ss+ ttyin 0xfffffe0058e288b0 getty 986 1 986 0 Ss+ ttyin 0xfffffe0058e28cb0 getty 985 1 985 0 Ss+ ttyin 0xfffffe0058e290b0 getty 984 1 984 0 Ss+ ttyin 0xfffffe0058e294b0 getty 983 1 983 0 Ss+ ttyin 0xfffffe0058e298b0 getty 982 1 982 0 Ss+ ttyin 0xfffffe0058e29cb0 getty 981 1 981 0 Ss+ ttyin 0xfffffe0058e2a0b0 getty 980 1 980 0 Ss+ ttyin 0xfffffe0058e2a4b0 getty 977 0 0 0 DL - 0xffffffff83b47d40 [accounting] 963 1 767 0 S uwait 0xfffffe0058a5a180 syz-executor 959 1 767 0 S uwait 0xfffffe0058a5a280 syz-executor 958 1 865 0 S uwait 0xfffffe0007fec780 syz-executor 954 1 865 0 S uwait 0xfffffe0077c09b00 syz-executor 948 1 767 0 S uwait 0xfffffe0058cf8100 syz-executor 946 1 767 0 S uwait 0xfffffe0007fecd00 syz-executor 936 0 0 0 DL - 0xffffffff83cad400 [soaiod4] 935 0 0 0 DL - 0xffffffff83cad400 [soaiod3] 934 0 0 0 RL CPU 1 [soaiod2] 933 0 0 0 DL - 0xffffffff83cad400 [soaiod1] 927 1 865 0 S uwait 0xfffffe0077c0a780 syz-executor 925 1 865 0 S uwait 0xfffffe0058a5b300 syz-executor 924 1 865 0 S uwait 0xfffffe0077c09700 syz-executor 920 1 767 0 S uwait 0xfffffe0058cf8000 syz-executor 909 780 424 0 S kqread 0xfffffe0007f67600 rtsol 865 763 865 0 S nanslp 0xffffffff83b9d500 syz-executor 859 858 766 0 SV uwait 0xfffffe0077c0a380 syz-executor 858 857 766 0 DV ppwait 0xfffffe0054930fc0 syz-executor 857 856 766 0 DV ppwait 0xfffffe0054931520 syz-executor 856 855 766 0 DV ppwait 0xfffffe0054931a80 syz-executor 855 854 766 0 DV ppwait 0xfffffe0054931fe0 syz-executor 854 853 766 0 DV ppwait 0xfffffe0054932540 syz-executor 853 852 766 0 DV ppwait 0xfffffe0054932aa0 syz-executor 852 851 766 0 DV ppwait 0xfffffe0054922520 syz-executor 851 850 766 0 TVL ppwait 0xfffffe0054922a80 syz-executor 850 849 766 0 DV ppwait 0xfffffe0054922fe0 syz-executor 849 848 766 0 DV ppwait 0xfffffe0054923540 syz-executor 848 847 766 0 DV ppwait 0xfffffe0054923aa0 syz-executor 847 846 766 0 DV ppwait 0xfffffe0054924000 syz-executor 846 845 766 0 DV ppwait 0xfffffe0054924560 syz-executor 845 844 766 0 DV ppwait 0xfffffe0054924ac0 syz-executor 844 843 766 0 DV ppwait 0xfffffe005491b540 syz-executor 843 842 766 0 DV ppwait 0xfffffe005491baa0 syz-executor 842 841 766 0 DV ppwait 0xfffffe005491c000 syz-executor 841 840 766 0 DV ppwait 0xfffffe005491c560 syz-executor 840 839 766 0 DV ppwait 0xfffffe005491cac0 syz-executor 839 838 766 0 DV ppwait 0xfffffe0054921500 syz-executor 838 837 766 0 DV ppwait 0xfffffe0054921a60 syz-executor 837 836 766 0 DV ppwait 0xfffffe0054921fc0 syz-executor 836 835 766 0 DV ppwait 0xfffffe005490c560 syz-executor 835 834 766 0 DV ppwait 0xfffffe005490cac0 syz-executor 834 833 766 0 DV ppwait 0xfffffe0054919500 syz-executor 833 832 766 0 DV ppwait 0xfffffe0054919a60 syz-executor 832 831 766 0 DV ppwait 0xfffffe0054919fc0 syz-executor 831 830 766 0 DV ppwait 0xfffffe005491a520 syz-executor 830 829 766 0 DV ppwait 0xfffffe005491aa80 syz-executor 829 828 766 0 DV ppwait 0xfffffe005491afe0 syz-executor 828 826 766 0 DV ppwait 0xfffffe00548f3a80 syz-executor 826 1 766 0 DV ppwait 0xfffffe00548f3fe0 syz-executor 825 1 767 0 SV uwait 0xfffffe0058a5ad80 syz-executor 822 1 767 0 S uwait 0xfffffe0058cf7180 syz-executor 818 1 766 0 S uwait 0xfffffe0058cf7380 syz-executor 811 0 0 0 DL aiordy 0xfffffe00548f4b00 [aiod4] 810 0 0 0 DL aiordy 0xfffffe005490b5a0 [aiod3] 809 0 0 0 DL aiordy 0xfffffe00548d8ac0 [aiod2] 808 0 0 0 DL aiordy 0xfffffe005490bb00 [aiod1] 803 765 765 0 T (threaded) syz-executor 100118 s syz-executor 100122 D reapst 0xfffffe00574b0a08 syz-executor 780 1 424 0 S wait 0xfffffe0054808040 sh 767 763 767 0 S nanslp 0xffffffff83b9d501 syz-executor 765 763 765 0 S wait 0xfffffe00548db060 syz-executor 764 763 764 0 S nanslp 0xffffffff83b9d501 syz-executor 763 761 761 0 S select 0xfffffe00547f95c0 syz-executor 761 1 761 0 Ss pause 0xfffffe00548da650 csh 737 1 18 0 S+ nanslp 0xffffffff83b9d500 sleep 495 1 495 0 Ss select 0xfffffe00547f96c0 syslogd 17 0 0 0 DL syncer 0xffffffff83cbada0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0008029060 [vnlru] 15 0 0 0 DL (threaded) [bufdaemon] 100080 D psleep 0xffffffff83cb9360 [bufdaemon] 100083 D - 0xffffffff83002140 [bufspacedaemon-0] 100094 D sdflush 0xfffffe0058e36ce8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d04380 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100078 D psleep 0xffffffff83cea2f8 [dom0] 100081 D launds 0xffffffff83cea304 [laundry: dom0] 100082 D umarcl 0xffffffff81dcf960 [uma] 7 0 0 0 DL - 0xffffffff8391acd0 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff84744850 [pf purge] 5 0 0 0 DL waiting 0xffffffff84498700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100046 D - 0xffffffff838e5340 [doneq0] 100047 D - 0xffffffff838e52c0 [async] 100076 D - 0xffffffff838e5140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100043 D crypto_ 0xffffffff83ce5b40 [crypto] 100044 D crypto_ 0xfffffe0058556030 [crypto returns 0] 100045 D crypto_ 0xfffffe0058556080 [crypto returns 1] 14 0 0 0 DL seqstat 0xfffffe00547d9088 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b45f00 [g_event] 100038 D - 0xffffffff83b45f20 [g_up] 100039 D - 0xffffffff83b45f40 [g_down] 2 0 0 0 WL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 RL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 Run CPU 0 [swi1: hpts] 100035 I [swi1: hpts] 100048 I [irq24: virtio_pci0] 100049 I [irq25: virtio_pci0] 100050 I [irq26: virtio_pci0] 100051 I [irq27: virtio_pci0] 100052 I [irq28: virtio_pci1] 100053 I [irq29: virtio_pci1] 100054 I [irq30: virtio_pci1] 100055 I [irq31: virtio_pci1] 100056 I [irq32: virtio_pci1] 100061 I [irq10: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0008009040 [init] 10 0 0 0 DL audit_w 0xffffffff83ce65e0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c2dff0 [swapper] 100005 D - 0xfffffe005462a000 [softirq_0] 100006 D - 0xfffffe0054629e00 [softirq_1] 100007 D - 0xfffffe0054629d00 [if_io_tqg_0] 100008 D - 0xfffffe0054629c00 [if_io_tqg_1] 100009 D - 0xfffffe0054629b00 [if_config_tqg_0] 100010 D - 0xfffffe0007f6a200 [kqueue_ctx taskq] 100011 D - 0xfffffe0007f6a100 [jail_remove taskq] 100012 D - 0xfffffe0007f6a000 [bus taskq] 100015 s [thread taskq] 100017 D - 0xfffffe0007f69a00 [aiod_kick taskq] 100018 D - 0xfffffe0007f69900 [deferred_unmount ta] 100019 D - 0xfffffe0007f69800 [inm_free taskq] 100020 D - 0xfffffe0007f69700 [in6m_free taskq] 100021 D - 0xfffffe0007f69600 [linuxkpi_irq_wq] 100022 D - 0xfffffe0007f69500 [linuxkpi_short_wq_0] 100023 D - 0xfffffe0007f69500 [linuxkpi_short_wq_1] 100024 D - 0xfffffe0007f69500 [linuxkpi_short_wq_2] 100025 D - 0xfffffe0007f69500 [linuxkpi_short_wq_3] 100026 D - 0xfffffe0007f69400 [linuxkpi_long_wq_0] 100027 D - 0xfffffe0007f69400 [linuxkpi_long_wq_1] 100028 D - 0xfffffe0007f69400 [linuxkpi_long_wq_2] 100029 D - 0xfffffe0007f69400 [linuxkpi_long_wq_3] 100036 D - 0xfffffe0007f69300 [firmware taskq] 100041 D - 0xfffffe0007f69100 [crypto_0] 100042 D - 0xfffffe0007f69100 [crypto_1] 100057 D - 0xfffffe0007f68e00 [vtnet0 rxq 0] 100058 D - 0xfffffe0007f68d00 [vtnet0 txq 0] 100059 D - 0xfffffe0007f68c00 [vtnet0 rxq 1] 100060 D - 0xfffffe0007f68b00 [vtnet0 txq 1] 100062 D vtbslp 0xfffffe005856dd00 [virtio_balloon] 100066 D - 0xffffffff827b53a1 [deadlkres] 100070 D - 0xfffffe0059be2000 [acpi_task_0] 100071 D - 0xfffffe0059be2000 [acpi_task_1] 100072 D - 0xfffffe0059be2000 [acpi_task_2] 100074 D - 0xfffffe0007f6ab00 [mca taskq] 100075 D - 0xfffffe0007f69000 [CAM taskq] 100077 D - 0xfffffe0007f68a00 [ipsec_offload] 100387 D - 0xfffffe0007f67800 [netlink_socket (PID] 1085 1083 1083 0 Z syz-executor db> show all locks Process 1095 (syz-executor) thread 0xfffffe005499e000 (100414) exclusive sleep mutex pipe mutex (pipe mutex) r = 0 (0xfffffe006eb0e110) locked @ /syzkaller/managers/main/kernel/sys/kern/sys_pipe.c:1506 Process 803 (syz-executor) thread 0xfffffe0054901740 (100122) exclusive sx sapblk (sapblk) r = 0 (0xffffffff83b8b800) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_proc.c:3464 Process 12 (intr) thread 0xfffffe0008021000 (100034) exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe007a543020) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_hpts.c:1267 db> show malloc Type InUse MemUse Requests pf_hash 6 12804K 6 linker 376 5063K 578 tcp_hpts 7 4801K 7 devbuf 4188 4324K 4214 sysctloid 35104 2068K 35179 filedesc 254 2028K 476 vtbuf 24 1968K 46 kobj 331 1324K 504 newblk