login: panic: Assertion done != job_total_nbytes failed at /syzkaller/managers/main/kernel/sys/kern/sys_socket.c:678 cpuid = 1 time = 4 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00575f28d0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00575f2a30 vpanic() at vpanic+0x257/frame 0xfffffe00575f2bf0 panic() at panic+0xb5/frame 0xfffffe00575f2cb0 soaio_process_sb() at soaio_process_sb+0x123d/frame 0xfffffe00575f2ea0 soaio_kproc_loop() at soaio_kproc_loop+0x17b/frame 0xfffffe00575f2ef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe00575f2f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00575f2f30 --- trap 0xc, rip = 0x32f68c, rsp = 0x826717ee8, rbp = 0x826717f10 --- KDB: enter: panic [ thread pid 845 tid 100176 ] Stopped at kdb_enter+0x6e: movq $0,0x25bd807(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe00033eee30 rdx 0 rbx 0xffffffff827a8840 .str.27 rsp 0xfffffe00575f2a10 rbp 0xfffffe00575f2a30 rsi 0 rdi 0xffffffff816133a9 printf+0x149 r8 0 r9 0xffffffff r10 0x1 r11 0x1f r12 0xfffffe00548f7000 r13 0xfffffffffffffffd r14 0xffffffff827a8840 .str.27 r15 0 rip 0xffffffff815fd98e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25bd807(%rip) db> show proc Process 845 (soaiod3) at 0xfffffe0054954ac0: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff83b458e0 ABI: null flag: 0x10000204 flag2: 0 reaper: 0xffffffff83b458e0 reapsubtree: 845 sigparent: 20 vmspace: 0xfffffe0054960490 (map 0xfffffe0054960490) (map.pmap 0xfffffe0054960530) (pmap 0xfffffe00549605a0) threads: 1 100176 Run CPU 1 [soaiod3] db> ps pid ppid pgrp uid state wmesg wchan cmd 949 767 767 0 R (threaded) syz-executor 100087 S nanslp 0xffffffff83b9c500 syz-executor 100292 S uwait 0xfffffe006f37b680 syz-executor 100293 Run CPU 0 syz-executor 100294 S uwait 0xfffffe006f37bd80 syz-executor 948 946 764 0 SV lockf 0xfffffe0071ade400 syz-executor 947 943 766 0 S uwait 0xfffffe0058cf8b80 syz-executor 946 764 764 0 R (threaded) syz-executor 100133 RunQ syz-executor 100288 S lockf 0xfffffe0058da0480 syz-executor 100290 D ppwait 0xfffffe0054802fc0 syz-executor 100291 S lockf 0xfffffe0058da0780 syz-executor 943 766 766 0 S (threaded) syz-executor 100101 S nanslp 0xffffffff83b9c500 syz-executor 100285 S aiowc 0xfffffe00548e8388 syz-executor 100287 S uwait 0xfffffe006f37b480 syz-executor 100289 S uwait 0xfffffe006f37c000 syz-executor 937 765 937 0 Ss (threaded) syz-executor 100165 S nanslp 0xffffffff83b9c500 syz-executor 100275 S msgrcv 0xfffffe0058d4b078 syz-executor 100277 S uwait 0xfffffe005860f880 syz-executor 100283 S uwait 0xfffffe006f37b880 syz-executor 936 1 764 0 S uwait 0xfffffe006f37e380 syz-executor 929 928 767 60929 SV uwait 0xfffffe0054607c00 syz-executor 928 1 767 60929 DV ppwait 0xfffffe00548e9fe0 syz-executor 927 0 0 0 DL (threaded) [KTLS] 100093 D - 0xfffffe0007f5fe00 [thr_0] 100261 D - 0xfffffe0007f5fe80 [thr_1] 100262 D - 0xffffffff83cadc28 [reclaim_0] 921 1 767 0 S uwait 0xfffffe0054607f00 syz-executor 915 1 764 0 S uwait 0xfffffe005860c600 syz-executor 913 1 913 0 Ts+ ttyin 0xfffffe0058e344b0 getty 912 1 912 0 Ts+ ttyin 0xfffffe0058e348b0 getty 911 1 911 0 Ts+ ttyin 0xfffffe0058e360b0 getty 910 1 910 0 Ts+ ttyin 0xfffffe0058e34cb0 getty 906 1 906 0 Ts+ ttyin 0xfffffe0058e354b0 getty 905 1 905 0 Ts+ ttyin 0xfffffe0058e35cb0 getty 902 1 902 0 Ts+ ttyin 0xfffffe00082690b0 getty 897 1 897 0 Ts+ ttyin 0xfffffe0058e358b0 getty 894 1 894 0 Ts+ ttyin 0xfffffe0058e350b0 getty 879 0 0 0 DL - 0xffffffff83b46d40 [accounting] 875 1 765 0 S uwait 0xfffffe006f37c300 syz-executor 870 1 767 0 S uwait 0xfffffe007b022480 syz-executor 866 1 767 0 S uwait 0xfffffe006f37c700 syz-executor 861 1 764 0 S uwait 0xfffffe007b022380 syz-executor 860 1 764 0 S uwait 0xfffffe007b022280 syz-executor 858 1 857 0 S uwait 0xfffffe0058cf8d80 syz-executor 846 0 0 0 DL - 0xffffffff83cac400 [soaiod4] 845 0 0 0 RL CPU 1 [soaiod3] 844 0 0 0 DL - 0xffffffff83cac400 [soaiod2] 843 0 0 0 DL - 0xffffffff83cac400 [soaiod1] 840 1 766 0 S uwait 0xfffffe0058cf9000 syz-executor 836 1 764 0 S uwait 0xfffffe0058cf9700 syz-executor 829 1 766 60928 S uwait 0xfffffe0054607580 syz-executor 822 1 766 0 S uwait 0xfffffe0054607480 syz-executor 819 0 0 0 DL aiordy 0xfffffe0054941ae0 [aiod4] 818 0 0 0 DL aiordy 0xfffffe0054915580 [aiod3] 817 0 0 0 DL aiordy 0xfffffe0054915ae0 [aiod2] 816 0 0 0 DL aiordy 0xfffffe00548055c0 [aiod1] 812 1 765 0 S uwait 0xfffffe0058cf8c80 syz-executor 809 0 0 0 DL (threaded) [so_splice] 100125 D - 0xfffffe005860fe00 [thr_0] 100126 D - 0xfffffe005860fe40 [thr_1] 767 763 767 0 S nanslp 0xffffffff83b9c500 syz-executor 766 763 766 0 S nanslp 0xffffffff83b9c500 syz-executor 765 763 765 0 S nanslp 0xffffffff83b9c500 syz-executor 764 763 764 0 S nanslp 0xffffffff83b9c500 syz-executor 763 1 761 0 S select 0xfffffe0059bebac0 syz-executor 738 1 18 0 S+ piperd 0xfffffe006f031140 logger 737 736 18 0 S+ nanslp 0xffffffff83b9c500 sleep 736 1 18 0 S+ wait 0xfffffe0054915020 sh 686 1 686 0 Ss nanslp 0xffffffff83b9c500 cron 682 1 682 0 Ss select 0xfffffe0059bebcc0 sshd 495 1 495 0 Ss select 0xfffffe0059beb840 syslogd 17 0 0 0 DL syncer 0xffffffff83cb9da0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0008026040 [vnlru] 15 0 0 0 DL (threaded) [bufdaemon] 100080 D psleep 0xffffffff83cb8360 [bufdaemon] 100083 D - 0xffffffff83002140 [bufspacedaemon-0] 100095 D sdflush 0xfffffe0059dce8e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d03380 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100078 D psleep 0xffffffff83ce92f8 [dom0] 100084 D launds 0xffffffff83ce9304 [laundry: dom0] 100085 D umarcl 0xffffffff81dc7950 [uma] 7 0 0 0 DL - 0xffffffff83919cd0 [rand_harvestq] 6 0 0 0 TL pftm 0xffffffff84488850 [pf purge] 5 0 0 0 DL waiting 0xffffffff8473c6c0 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100046 D - 0xffffffff838e4340 [doneq0] 100047 D - 0xffffffff838e42c0 [async] 100076 D - 0xffffffff838e4140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100043 D crypto_ 0xffffffff83ce4b00 [crypto] 100044 D crypto_ 0xfffffe00546add30 [crypto returns 0] 100045 D crypto_ 0xfffffe00546add80 [crypto returns 1] 14 0 0 0 DL seqstat 0xfffffe0008bfa488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b44f00 [g_event] 100038 D - 0xffffffff83b44f20 [g_up] 100039 D - 0xffffffff83b44f40 [g_down] 2 0 0 0 RL (threaded) [clock] 100031 CanRun [clock (0)] 100032 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100048 I [irq24: virtio_pci0] 100049 I [irq25: virtio_pci0] 100050 I [irq26: virtio_pci0] 100051 I [irq27: virtio_pci0] 100052 I [irq28: virtio_pci1] 100053 I [irq29: virtio_pci1] 100054 I [irq30: virtio_pci1] 100055 I [irq31: virtio_pci1] 100056 I [irq32: virtio_pci1] 100061 I [irq10: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0008007040 [init] 10 0 0 0 DL audit_w 0xffffffff83ce55a0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c2aff0 [swapper] 100005 D - 0xfffffe00546bd100 [softirq_0] 100006 D - 0xfffffe00546bd000 [softirq_1] 100007 D - 0xfffffe00546bce00 [if_io_tqg_0] 100008 D - 0xfffffe00546bcd00 [if_io_tqg_1] 100009 D - 0xfffffe00546bcc00 [if_config_tqg_0] 100010 D - 0xfffffe0008be3c00 [kqueue_ctx taskq] 100011 D - 0xfffffe0008be3a00 [jail_remove taskq] 100012 D - 0xfffffe0008be3800 [bus taskq] 100015 D - 0xfffffe0008be3200 [thread taskq] 100017 D - 0xfffffe0008be2d00 [aiod_kick taskq] 100018 D - 0xfffffe0008be2b00 [deferred_unmount ta] 100019 D - 0xfffffe0008be2900 [inm_free taskq] 100020 D - 0xfffffe0008be2700 [in6m_free taskq] 100021 D - 0xfffffe0008be2500 [linuxkpi_irq_wq] 100022 D - 0xfffffe0008be2300 [linuxkpi_short_wq_0] 100023 D - 0xfffffe0008be2300 [linuxkpi_short_wq_1] 100024 D - 0xfffffe0008be2300 [linuxkpi_short_wq_2] 100025 D - 0xfffffe0008be2300 [linuxkpi_short_wq_3] 100026 D - 0xfffffe0008be1d00 [linuxkpi_long_wq_0] 100027 D - 0xfffffe0008be1d00 [linuxkpi_long_wq_1] 100028 D - 0xfffffe0008be1d00 [linuxkpi_long_wq_2] 100029 D - 0xfffffe0008be1d00 [linuxkpi_long_wq_3] 100036 D - 0xfffffe0008be1200 [firmware taskq] 100041 D - 0xfffffe005476d000 [crypto_0] 100042 D - 0xfffffe005476d000 [crypto_1] 100057 D - 0xfffffe005476c300 [vtnet0 rxq 0] 100058 D - 0xfffffe005476c200 [vtnet0 txq 0] 100059 D - 0xfffffe005476c100 [vtnet0 rxq 1] 100060 D - 0xfffffe005476c000 [vtnet0 txq 1] 100062 D vtbslp 0xfffffe0007f83400 [virtio_balloon] 100066 D - 0xffffffff827adb81 [deadlkres] 100070 D - 0xfffffe0058cfdd00 [acpi_task_0] 100071 D - 0xfffffe0058cfdd00 [acpi_task_1] 100072 D - 0xfffffe0058cfdd00 [acpi_task_2] 100074 D - 0xfffffe0008be4a00 [mca taskq] 100075 D - 0xfffffe005476ca00 [CAM taskq] 100077 D - 0xfffffe005476ab00 [ipsec_offload] 100264 D - 0xfffffe007b074a00 [netlink_socket (PID] 945 943 766 0 Z syz-executor db> show all locks db> show malloc Type InUse MemUse Requests pf_hash 6 12804K 6 linker 376 5063K 657 tcp_hpts 7 4801K 7 devbuf 4188 4324K 4213 sysctloid 35184 2073K 35259 vtbuf 24 1968K 46 kobj 331 1324K 501 newblk 492 1147K 1068 vfscache 3 1025K 3 pcb 38 685K 172 inodedep 91 546K 230 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 filedesc 54 425K 245 subproc 160 318K 1037 vnet_data 2 224K 2 acpitask 1 224K 1 KTRACE 102 201K 8953 acpica 1674 184K 54444 vmem 5 144K 7 tidhash 3 141K 3 pagedep 36 137K 120 tfo_ccache 1 128K 1 IP reass 1 128K 1 DEVFS1 109 109K 126 sem 4 106K 4 gtaskqueue 18 98K 18 bus 1006 82K 5090 mtx_pool 3 74K 3 syncache 1 68K 1 NFSD srvcache 3 68K 3 module 521 66K 527 ddb_capture 1 64K 1 kdtrace 231 45K 1245 umtx 336 42K 336 temp 36 38K 2013 shm 2 34K 2 hostcache 1 32K 1 DEVFS3 128 32K 138 msg 4 30K 4 kbdmux 6 28K 6 DEVFS_RULE 56 20K 56 ifaddr 67 19K 69 LRO 18 19K 18 ufs_mount 4 17K 5 proc 3 17K 3 tty 16 16K 16 routetbl 130 16K 410 ithread 90 15K 90 bus-sc 34 15K 1656 eventhandler 163 14K 163 lltable 43 14K 43 ifnet 7 13K 7 ether_multi 152 13K 165 kenv 95 12K 95 shmfd 7 11K 8 GEOM 61 11K 477 CAM queue 5 11K 1528 rman 82 10K 467 rpc 8 9K 8 bmsafemap 4 9K 202 in6_multi 65 9K 65 devstat 4 9K 4 UART 12 9K 12 ksem 1 8K 3 pfs_vncache 1 8K 1 audit_evclass 239 8K 301 taskqueue 72 8K 75 plimit 19 8K 810 cred 25 7K 244 kqueue 78 7K 1050 sglist 6 7K 6 CAM DEV 3 6K 510 pfs_nodes 22 6K 22 dirrem 21 6K 162 ufs_dirhash 24 5K 24 pwddesc 71 5K 954 UMA 269 5K 269 pf_ifnet 10 5K 20 diradd 34 5K 180 vt 11 5K 11 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 acpisem 28 4K 28 newdirblk 26 4K 97 lockf 34 4K 393 indirdep 12 3K 108 terminal 11 3K 11 DEVFSP 44 3K 70 sctp_atcl 7 3K 54 acpidev 20 3K 20 crypto 8 3K 13 uidinfo 4 3K 9 hhook 8 3K 10 mkdir 18 3K 194 clone 9 3K 9 kcovinfo 36 3K 36 proc-args 80 3K 2053 session 17 3K 62 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 ip6ndp 12 2K 13 Unitno 30 2K 758 sctp_ifa 13 2K 14 selfd 26 2K 9572 CAM XPT 22 2K 543 in_multi 6 2K 9 tun 4 2K 4 toponodes 6 2K 6 ipsecpolicy 2 2K 2 freefrag 10 2K 64 BPF 7 2K 30 msi 9 2K 9 netlink 2 2K 73 freework 5 2K 199 softdep 1 1K 1 freeblks 4 1K 122 sahead 1 1K 1 secasvar 1 1K 1 CC Mem 8 1K 41 nhops 6 1K 8 vnodemarker 2 1K 8 NFSD session 1 1K 1 CAM periph 4 1K 271 ipsec 3 1K 3 sctp_ifn 6 1K 14 mld 6 1K 6 igmp 6 1K 6 pfil 6 1K 6 isadev 6 1K 12 mount 16 1K 440 pci_link 10 1K 10 osd 13 1K 56 encap_export_host 12 1K 12 inpcbpolicy 18 1K 241 cdev 2 1K 2 lkpikmalloc 8 1K 9 freefile 3 1K 108 chacha20random 1 1K 1 biobuf 1 1K 1 select 3 1K 34 ktls 3 1K 8 sctp_timw 1 1K 1 vnodes 1 1K 1 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 CAM SIM 2 1K 2 sctp_atky 7 1K 55