panic: size_on_all_streams = 244 smaller than control length 4096 cpuid = 0 time = 1652309727 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe0053b23b50 kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe0053b23cb0 vpanic() at vpanic+0x2b8/frame 0xfffffe0053b23d90 panic() at panic+0xb5/frame 0xfffffe0053b23e50 sctp_deliver_reasm_check() at sctp_deliver_reasm_check+0x2729/frame 0xfffffe0053b23f90 sctp_process_data() at sctp_process_data+0x32d8/frame 0xfffffe0053b24680 sctp_common_input_processing() at sctp_common_input_processing+0x168d/frame 0xfffffe0053b248a0 sctp6_input_with_port() at sctp6_input_with_port+0x597/frame 0xfffffe0053b24a70 sctp6_input() at sctp6_input+0x1f/frame 0xfffffe0053b24a90 ip6_input() at ip6_input+0x1f40/frame 0xfffffe0053b24cf0 swi_net() at swi_net+0x2f0/frame 0xfffffe0053b24d90 ithread_loop() at ithread_loop+0x4f1/frame 0xfffffe0053b24ef0 fork_exit() at fork_exit+0xd0/frame 0xfffffe0053b24f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0053b24f30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 12 tid 100031 ] Stopped at kdb_enter+0x6b: movq $0,0x26fef9a(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0x9c1d256934c669e8 rdx 0xdffff7c000000000 rbx 0 rsp 0xfffffe0053b23c90 rbp 0xfffffe0053b23cb0 rsi 0x1 rdi 0 r8 0x3 r9 0xffffffff r10 0 r11 0xbf r12 0xfffffe0053e98560 r13 0xfffffe0053b23d01 r14 0xffffffff82bc7e60 .str.26 r15 0xffffffff82bc7e60 .str.26 rip 0xffffffff817756fb kdb_enter+0x6b rflags 0x46 kdb_enter+0x6b: movq $0,0x26fef9a(%rip) db> show proc Process 12 (intr) at 0xfffffe0053dd7548: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff83e17d00 ABI: null flag: 0x10000284 flag2: 0 reaper: 0xffffffff83e17d00 reapsubtree: 12 sigparent: 20 vmspace: 0xffffffff83e18ca0 (map 0xffffffff83e18ca0) (map.pmap 0xffffffff83e18d60) (pmap 0xffffffff83e18dc8) threads: 22 100015 I [swi5: fast taskq] 100018 I [swi6: task queue] 100019 I [swi6: Giant taskq] 100031 Run CPU 0 [swi1: netisr 0] 100032 I [swi1: hpts] 100033 I [swi1: hpts] 100046 I [irq24: virtio_pci0] 100047 I [irq25: virtio_pci0] 100048 I [irq26: virtio_pci0] 100049 I [irq27: virtio_pci0] 100050 I [irq28: virtio_pci1] 100051 I [irq29: virtio_pci1] 100052 I [irq30: virtio_pci1] 100053 I [irq31: virtio_pci1] 100054 I [irq32: virtio_pci1] 100059 I [irq33: virtio_pci2] 100060 I [irq34: virtio_pci2] 100061 I [irq35: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] db> ps pid ppid pgrp uid state wmesg wchan cmd 1329 785 785 0 R syz-executor3968357 785 783 785 0 Rs nanslp 0xffffffff83e41d01 syz-executor3968357 783 781 783 0 Ss pause 0xfffffe0058bd3b40 csh 781 688 781 0 Ss select 0xfffffe0058aa16c0 sshd 754 1 754 0 Ss+ ttyin 0xfffffe0056fde8b0 getty 753 1 753 0 Ss+ ttyin 0xfffffe00586b98b0 getty 752 1 752 0 Ss+ ttyin 0xfffffe00586ba0b0 getty 751 1 751 0 Ss+ ttyin 0xfffffe00586ba8b0 getty 750 1 750 0 Ss+ ttyin 0xfffffe0053f330b0 getty 749 1 749 0 Ss+ ttyin 0xfffffe0053f338b0 getty 748 1 748 0 Ss+ ttyin 0xfffffe0053f340b0 getty 747 1 747 0 Ss+ ttyin 0xfffffe0053f348b0 getty 746 1 746 0 Ss+ ttyin 0xfffffe0053f350b0 getty 692 1 692 0 Ss nanslp 0xffffffff83e41d01 cron 688 1 688 0 Ss select 0xfffffe009e7cc840 sshd 501 1 501 0 Ss select 0xfffffe0058aa2140 syslogd 430 1 430 0 Ss select 0xfffffe0058aa2240 devd 429 1 429 65 Ss select 0xfffffe009e7ccf40 dhclient 344 1 344 0 Ss select 0xfffffe0058aa22c0 dhclient 341 1 341 0 Ss select 0xfffffe009e7ccb40 dhclient 17 0 0 0 DL vlruwt 0xfffffe0056fa6548 [vnlru] 16 0 0 0 DL syncer 0xffffffff83f67560 [syncer] 15 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83f65b60 [bufdaemon] 100082 D - 0xffffffff83211f80 [bufspacedaemon-0] 100093 D sdflush 0xfffffe0056fad4e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83f99600 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83f8d4b8 [dom0] 100083 D launds 0xffffffff83f8d4c4 [laundry: dom0] 100084 D umarcl 0xffffffff81eb1da0 [uma] 7 0 0 0 DL - 0xffffffff83bfe328 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff84b6d530 [pf purge] 5 0 0 0 DL waiting 0xffffffff849964a0 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100044 D - 0xffffffff83aa12c0 [doneq0] 100045 D - 0xffffffff83aa1240 [async] 100076 D - 0xffffffff83aa10c0 [scanner] 14 0 0 0 DL seqstat 0xfffffe0053fafc88 [sequencer 00] 3 0 0 0 DL (threaded) [crypto] 100040 D crypto_ 0xffffffff83f88ce0 [crypto] 100041 D crypto_ 0xfffffe0053f6c030 [crypto returns 0] 100042 D crypto_ 0xfffffe0053f6c080 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100035 D - 0xffffffff83e17300 [g_event] 100036 D - 0xffffffff83e17320 [g_up] 100037 D - 0xffffffff83e17340 [g_down] 2 0 0 0 WL (threaded) [clock] 100029 I [clock (0)] 100030 I [clock (1)] 12 0 0 0 RL (threaded) [intr] 100015 I [swi5: fast taskq] 100018 I [swi6: task queue] 100019 I [swi6: Giant taskq] 100031 Run CPU 0 [swi1: netisr 0] 100032 I [swi1: hpts] 100033 I [swi1: hpts] 100046 I [irq24: virtio_pci0] 100047 I [irq25: virtio_pci0] 100048 I [irq26: virtio_pci0] 100049 I [irq27: virtio_pci0] 100050 I [irq28: virtio_pci1] 100051 I [irq29: virtio_pci1] 100052 I [irq30: virtio_pci1] 100053 I [irq31: virtio_pci1] 100054 I [irq32: virtio_pci1] 100059 I [irq33: virtio_pci2] 100060 I [irq34: virtio_pci2] 100061 I [irq35: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0053dd8000 [init] 10 0 0 0 DL audit_w 0xffffffff83f897c0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff83e17d00 [swapper] 100005 D - 0xfffffe00081f8e00 [if_config_tqg_0] 100006 D - 0xfffffe00081f8d00 [softirq_0] 100007 D - 0xfffffe00081f8c00 [softirq_1] 100008 D - 0xfffffe00081f8b00 [if_io_tqg_0] 100009 D - 0xfffffe00081f8a00 [if_io_tqg_1] 100010 D - 0xfffffe0007972600 [inm_free taskq] 100011 D - 0xfffffe0007972400 [linuxkpi_irq_wq] 100012 D - 0xfffffe0007972200 [in6m_free taskq] 100013 D - 0xfffffe0007972000 [deferred_unmount ta] 100014 D - 0xfffffe0007971d00 [thread taskq] 100016 D - 0xfffffe0007971900 [kqueue_ctx taskq] 100017 D - 0xfffffe0007971700 [pci_hp taskq] 100020 D - 0xfffffe0007971100 [aiod_kick taskq] 100021 D - 0xfffffe0007970e00 [linuxkpi_short_wq_0] 100022 D - 0xfffffe0007970e00 [linuxkpi_short_wq_1] 100023 D - 0xfffffe0007970e00 [linuxkpi_short_wq_2] 100024 D - 0xfffffe0007970e00 [linuxkpi_short_wq_3] 100025 D - 0xfffffe0007970900 [linuxkpi_long_wq_0] 100026 D - 0xfffffe0007970900 [linuxkpi_long_wq_1] 100027 D - 0xfffffe0007970900 [linuxkpi_long_wq_2] 100028 D - 0xfffffe0007970900 [linuxkpi_long_wq_3] 100034 D - 0xfffffe0053ee7300 [firmware taskq] 100038 D - 0xfffffe0053ee6d00 [crypto_0] 100039 D - 0xfffffe0053ee6d00 [crypto_1] 100055 D - 0xfffffe0053ee5b00 [vtnet0 rxq 0] 100056 D - 0xfffffe0053ee5a00 [vtnet0 txq 0] 100057 D - 0xfffffe0053ee5900 [vtnet0 rxq 1] 100058 D - 0xfffffe0053ee5800 [vtnet0 txq 1] 100062 D vtbslp 0xfffffe0056f7c280 [virtio_balloon] 100066 D - 0xffffffff82bcdce1 [deadlkres] 100070 D - 0xfffffe0007973200 [mca taskq] 100072 D - 0xfffffe005789a600 [acpi_task_0] 100073 D - 0xfffffe005789a600 [acpi_task_1] 100074 D - 0xfffffe005789a600 [acpi_task_2] 100075 D - 0xfffffe0053ee6600 [CAM taskq] db> show all locks Process 12 (intr) thread 0xfffffe0053e98560 (100031) exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe009f0eca50) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:2138 db> show malloc Type InUse MemUse Requests pf_hash 5 11524K 5 tcp_hpts 7 4801K 7 devbuf 4217 4323K 4245 sysctloid 35322 2081K 35393 vtbuf 24 1968K 46 kobj 328 1312K 489 newblk 541 1159K 1138 vfscache 3 1025K 3 inodedep 236 601K 617 pcb 21 539K 1124 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 acpica 1674 184K 57552 subproc 96 174K 1388 vnet_data 1 168K 1 vmem 3 146K 4 tidhash 3 141K 3 linker 358 134K 386 pagedep 6 130K 563 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 105 105K 114 bus 994 81K 5207 mtx_pool 2 72K 2 syncache 1 68K 1 module 513 65K 513 acpitask 1 64K 1 ddb_capture 1 64K 1 dirrem 224 56K 570 umtx 264 33K 264 temp 17 33K 1631 kdtrace 157 33K 1449 hostcache 1 32K 1 shm 1 32K 1 DEVFS3 124 31K 134 msg 4 30K 4 freefile 224 28K 568 gtaskqueue 18 26K 18 kbdmux 6 22K 6 DEVFS_RULE 56 20K 56 BPF 10 18K 10 ufs_mount 4 17K 5 proc 3 17K 3 tty 16 16K 16 ithread 97 16K 97 bus-sc 34 15K 1681 sctp_timw 52 13K 52 KTRACE 100 13K 100 kenv 95 12K 95 eventhandler 134 12K 134 ifaddr 30 12K 32 rman 88 11K 431 GEOM 61 11K 490 routetbl 50 11K 176 CAM queue 5 11K 1528 bmsafemap 2 9K 586 UART 12 9K 12 devstat 4 9K 4 ksem 1 8K 1 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 pfs_nodes 20 8K 20 audit_evclass 237 8K 296 cred 29 8K 253 taskqueue 63 7K 63 sglist 5 7K 5 CAM DEV 3 6K 510 ufs_dirhash 24 5K 24 UMA 272 5K 272 plimit 17 5K 359 vt 11 5K 11 ifnet 3 5K 3 memdesc 1 4K 1 MCA 32 4K 32 filedesc 1 4K 1 evdev 4 4K 4 acpisem 28 4K 28 hhook 15 4K 17 ether_multi 40 4K 50 lltable 11 4K 11 pf_ifnet 5 3K 6 in6_multi 25 3K 25 terminal 11 3K 11 session 20 3K 34 kqueue 38 3K 1332 pwddesc 38 3K 1330 uidinfo 3 3K 10 local_apic 1 2K 1 io_apic 1 2K 1 fpukern_ctx 2 2K 2 ipsec-saq 2 2K 2 proc-args 57 2K 2291 selfd 27 2K 16104 lockf 16 2K 26 Unitno 27 2K 39 CAM XPT 22 2K 543 msi 12 2K 12 diradd 10 2K 581 ipsecpolicy 2 2K 2 acpidev 20 2K 20 sctp_atcl 3 2K 1582 clone 9 2K 9 sctp_stro 1 1K 543 softdep 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 vnodemarker 2 1K 14 NFSD session 1 1K 1 CAM periph 4 1K 271 select 7 1K 29 ipsec 3 1K 3 indirdep 3 1K 3 nhops 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 89 pci_link 10 1K 10 sctp_ifa 5 1K 6 crypto 4 1K 4 ip6ndp 4 1K 5 encap_export_host 12 1K 12 sctp_stri 1 1K 992 in_multi 2 1K 4 pfil 4 1K 4 cdev 2 1K 2 mkdir 3 1K 1104 chacha20random 1 1K 1 osd 7 1K 561 inpcbpolicy 10 1K 680 sctp_ifn 2 1K 6 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFSP 4 1K 9 DEVFS 9 1K 10 freework 1 1K 568 newdirblk 2 1K 552 mld 2 1K 2 igmp 2 1K 2 vnodes 1 1K 1 CAM SIM 2 1K 2 feeder 7 1K 7 sctp_atky 4 1K 2621 tcpfunc 3 1K 3 CC Mem 3 1K 550 loginclass 3 1K 7 prison 6 1K 6 lkpikmalloc 5 1K 6 aesni_data 2 1K 2 sctp_map 2 1K 2078 cryptodev 2 1K 49 nexusdev 8 1K 8 apmdev 1 1K 1 atkbddev 2 1K 2 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 CAM path 4 1K 1034 procdesc 1 1K 6 pmchooks 1 1K 1 soname 4 1K 4561 tun 3 1K 3 sctp_vrf 1 1K 1 vnet 1 1K 1 entropy 2 1K 37 pmc 1 1K 1 acpiintr 1 1K 1 sctp_athm 3 1K 2078 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 filecaps 1 1K 70 pf_table 0 0K 0 pf_rule 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_temp 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 543 sctp_iter 0 0K 4 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 4 sctp_aadr 0 0K 0 tcp_do 0 0K 0 tcp_fsb 0 0K 0 ipcomp