panic: sleeping thread[ htholredsa d tpuin_dm 2tx ti dc pu10id00 =3 01 ]tim Seto p=p e1d7 a53t489967 KDB: stack backtrace: sdbmp__trrenacdeez_sveoluf_sw_aracptpioenr(+0) x a5tddb_trace_self_wrappe:r + 0 xc 6 / f r a me 0 x f f f f fe 00 56 a 7 c9 b0 cmpl 0x25ab56d(%rip),%eax db> db> kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056a7cb10 vpanic() at vpanic+0x257/frame 0xfffffe0056a7ccd0 panic() at panic+0xb5/frame 0xfffffe0056a7cd90 propagate_priority() at propagate_priority+0x521/frame 0xfffffe0056a7cde0 turnstile_wait() at turnstile_wait+0x663/frame 0xfffffe0056a7ce50 __mtx_lock_sleep() at __mtx_lock_sleep+0x452/frame 0xfffffe0056a7cf90 __mtx_lock_flags() at __mtx_lock_flags+0x1fe/frame 0xfffffe0056a7d080 tunstart_l2() at tunstart_l2+0x74/frame 0xfffffe0056a7d0e0 tap_transmit() at tap_transmit+0x1d0/frame 0xfffffe0056a7d130 ether_output_frame() at ether_output_frame+0x30c/frame 0xfffffe0056a7d1f0 ether_output() at ether_output+0x114b/frame 0xfffffe0056a7d360 ip6_output_send() at ip6_output_send+0x1b6/frame 0xfffffe0056a7d3e0 set $lines = 0 db> ip6_output() at ip6_output+0x484b/frame 0xfffffe0056a7d930 mld_dispatch_packet() at mld_dispatch_packet+0x8d1/frame 0xfffffe0056a7da90 mld_fasttimo() at mld_fasttimo+0x1900/frame 0xfffffe0056a7dcd0 softclock_call_cc() at softclock_call_cc+0x422/frame 0xfffffe0056a7de80 softclock_thread() at softclock_thread+0x200/frame 0xfffffe0056a7def0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0056a7df30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0056a7df30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- Uptime: 44s Automatic reboot in 15 seconds - press a key on the console to abort set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0 rax 0x1 rcx 0xfffffe0073600000 rdx 0x7ffff rbx 0x1 rsp 0xfffffe0056dbe570 rbp 0xfffffe0056dbe5b0 rsi 0x80001 rdi 0xffffffff8162d265 smp_rendezvous_action+0x55 r8 0 r9 0x1 r10 0 r11 0x1ff r12 0x2 r13 0 r14 0x2 r15 0x1 rip 0xffffffff8162d26d smp_rendezvous_action+0x5d rflags 0x2 smp_rendezvous_action+0x5d: cmpl 0x25ab56d(%rip),%eax db> show proc Process 2 (clock) at 0xfffffe0007808020: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff83b4d000 ABI: null flag: 0x10000284 flag2: 0 reaper: 0xffffffff83b4d000 reapsubtree: 2 sigparent: 20 vmspace: 0xffffffff83b4dfe0 (map 0xffffffff83b4dfe0) (map.pmap 0xffffffff83b4e080) (pmap 0xffffffff83b4e0f0) threads: 2 100031 L *tun_mtx 0xfffffe00079f9c00 [clock (0)] 100032 I [clock (1)] db> ps pid ppid pgrp uid state wmesg wchan cmd 837 835 765 0 N syz-executor 836 835 765 0 S uwait 0xfffffe000776cc80 syz-executor 835 765 765 0 RL (threaded) syz-executor 100113 RunQ syz-executor 100153 Run CPU 1 syz-executor 834 764 764 0 R (threaded) syz-executor 100126 RunQ syz-executor 100151 RunQ syz-executor 100154 S uwait 0xfffffe006e55ea00 syz-executor 832 1 764 0 S uwait 0xfffffe000776c480 syz-executor 829 0 0 0 DL mdwait 0xfffffe006b750000 [md0] 827 0 0 0 DL aiordy 0xfffffe005410c580 [aiod4] 826 0 0 0 DL aiordy 0xfffffe005410cae0 [aiod3] 825 0 0 0 DL aiordy 0xfffffe005410d040 [aiod2] 824 0 0 0 DL aiordy 0xfffffe005410d5a0 [aiod1] 821 0 0 0 DL mdwait 0xfffffe006b751000 [md2147483646] 819 818 423 0 L *tun_mtx 0xfffffe00079f9c00 ifconfig 818 811 423 0 S wait 0xfffffe00540f3b00 sh 817 1 817 0 Ss select 0xfffffe00077e58c0 dhclient 816 0 0 0 DL (threaded) [so_splice] 100128 D - 0xfffffe000778cc00 [thr_0] 100129 D - 0xfffffe000778cc40 [thr_1] 813 763 763 0 T (threaded) syz-executor 100115 s syz-executor 100125 D tun_ioc 0xffffffff83cc3940 syz-executor 811 791 423 0 S wait 0xfffffe00540f45c0 dhclient 805 1 765 0 S uwait 0xfffffe000776c380 syz-executor 791 423 423 0 S wait 0xfffffe00540dc060 sh 766 762 766 0 R syz-executor 765 762 765 0 S nanslp 0xffffffff83ba3c81 syz-executor 764 762 764 0 S nanslp 0xffffffff83ba3c81 syz-executor 763 762 763 0 S nanslp 0xffffffff83ba3c81 syz-executor 762 760 760 0 R syz-executor 760 758 760 0 Ss sigsusp 0xfffffe00540040f0 csh 758 681 758 0 Ss select 0xfffffe00077e56c0 sshd 747 1 747 0 Ss+ ttyin 0xfffffe00582798b0 getty 746 1 746 0 Ss+ ttyin 0xfffffe00594d44b0 getty 745 1 745 0 Ss+ ttyin 0xfffffe00594d4cb0 getty 744 1 744 0 Ss+ ttyin 0xfffffe00594d54b0 getty 743 1 743 0 Ss+ ttyin 0xfffffe00594d5cb0 getty 742 1 742 0 Ss+ ttyin 0xfffffe0053f694b0 getty 741 1 741 0 Ss+ ttyin 0xfffffe0053f69cb0 getty 740 1 740 0 Ss+ ttyin 0xfffffe0053f6b4b0 getty 739 1 739 0 Ss+ ttyin 0xfffffe0053f6bcb0 getty 737 1 17 0 S+ piperd 0xfffffe006b43a9e0 logger 736 735 17 0 S+ nanslp 0xffffffff83ba3c80 sleep 735 1 17 0 S+ wait 0xfffffe00540d9560 sh 685 1 685 0 Ss nanslp 0xffffffff83ba3c81 cron 681 1 681 0 Ss select 0xfffffe0058649dc0 sshd 494 1 494 0 Ss select 0xfffffe00586499c0 syslogd 423 1 423 0 Ss wait 0xfffffe00540a9580 devd 422 1 422 65 Ss select 0xfffffe0058649ac0 dhclient 337 1 337 0 Ss select 0xfffffe00077e5e40 dhclient 334 1 334 0 Ss select 0xfffffe00077e5cc0 dhclient 16 0 0 0 DL syncer 0xffffffff83cc1720 [syncer] 15 0 0 0 DL vlruwt 0xfffffe000780a060 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cbfc60 [bufdaemon] 100082 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100094 D sdflush 0xfffffe00596efce8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d0abc0 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83cf0c88 [dom0] 100080 D launds 0xffffffff83cf0c94 [laundry: dom0] 100081 D umarcl 0xffffffff81ddfb90 [uma] 7 0 0 0 DL - 0xffffffff8391c5d8 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff8463d9e0 [pf purge] 5 0 0 0 DL waiting 0xffffffff848fc700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100045 D - 0xffffffff838e6340 [doneq0] 100046 D - 0xffffffff838e62c0 [async] 100075 D - 0xffffffff838e6140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83cec540 [crypto] 100043 D crypto_ 0xfffffe0053eb5a30 [crypto returns 0] 100044 D crypto_ 0xfffffe0053eb5a80 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b4c620 [g_event] 100038 D - 0xffffffff83b4c640 [g_up] 100039 D - 0xffffffff83b4c660 [g_down] 2 0 0 0 LL (threaded) [clock] 100031 L *tun_mtx 0xfffffe00079f9c00 [clock (0)] 100032 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809040 [init] 10 0 0 0 DL audit_w 0xffffffff83cecfe0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c3dff0 [swapper] 100005 D - 0xfffffe0053eb6100 [softirq_0] 100006 D - 0xfffffe0053eb6000 [softirq_1] 100007 D - 0xfffffe0053eb5e00 [if_io_tqg_0] 100008 D - 0xfffffe0053eb5d00 [if_io_tqg_1] 100009 D - 0xfffffe0053eb5c00 [if_config_tqg_0] 100010 D - 0xfffffe00083f7d00 [kqueue_ctx taskq] 100011 D - 0xfffffe00083f7c00 [jail_remove taskq] 100012 D - 0xfffffe00083f7b00 [bus taskq] 100015 D - 0xfffffe00083f7800 [thread taskq] 100017 D - 0xfffffe00083f7600 [aiod_kick taskq] 100018 D - 0xfffffe00083f7500 [deferred_unmount ta] 100019 D - 0xfffffe00083f7400 [inm_free taskq] 100020 D - 0xfffffe00083f7300 [in6m_free taskq] 100021 D - 0xfffffe00083f7200 [linuxkpi_irq_wq] 100022 D - 0xfffffe00083f7100 [linuxkpi_short_wq_0] 100023 D - 0xfffffe00083f7100 [linuxkpi_short_wq_1] 100024 D - 0xfffffe00083f7100 [linuxkpi_short_wq_2] 100025 D - 0xfffffe00083f7100 [linuxkpi_short_wq_3] 100026 D - 0xfffffe00083f7000 [linuxkpi_long_wq_0] 100027 D - 0xfffffe00083f7000 [linuxkpi_long_wq_1] 100028 D - 0xfffffe00083f7000 [linuxkpi_long_wq_2] 100029 D - 0xfffffe00083f7000 [linuxkpi_long_wq_3] 100036 D - 0xfffffe00083f6e00 [firmware taskq] 100040 D - 0xfffffe00083f6b00 [crypto_0] 100041 D - 0xfffffe00083f6b00 [crypto_1] 100056 D - 0xfffffe00083f6900 [vtnet0 rxq 0] 100057 D - 0xfffffe00083f6800 [vtnet0 txq 0] 100058 D - 0xfffffe00083f6700 [vtnet0 rxq 1] 100059 D - 0xfffffe00083f6600 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe0057d7d700 [virtio_balloon] 100065 D - 0xffffffff827ceee0 [deadlkres] 100069 D - 0xfffffe005857c600 [acpi_task_0] 100070 D - 0xfffffe005857c600 [acpi_task_1] 100071 D - 0xfffffe005857c600 [acpi_task_2] 100073 D - 0xfffffe00083f8100 [mca taskq] 100074 D - 0xfffffe00083f6a00 [CAM taskq] 100076 D - 0xfffffe005857c400 [ipsec_offload] db> show all locks Process 835 (syz-executor) thread 0xfffffe0054113000 (100153) exclusive sleep mutex descriptor tables (descriptor tables) r = 0 (0xffffffff83d27940) locked @ /syzkaller/managers/i386/kernel/sys/amd64/amd64/sys_machdep.c:551 shared sx killpg racer (killpg racer) r = 0 (0xfffffe00540a7760) locked @ /syzkaller/managers/i386/kernel/sys/kern/kern_fork.c:959 Process 819 (ifconfig) thread 0xfffffe00540a0000 (100114) exclusive sx tun_ioctl (tun_ioctl) r = 0 (0xffffffff83cc3940) locked @ /syzkaller/managers/i386/kernel/sys/net/if_tuntap.c:1300 exclusive sx in_control (in_control) r = 0 (0xffffffff83cc6540) locked @ /syzkaller/managers/i386/kernel/sys/netinet/in.c:367 Process 813 (syz-executor) thread 0xfffffe005409e780 (100125) exclusive sleep mutex tun_mtx (tun_mtx) r = 0 (0xfffffe006ddece08) locked @ /syzkaller/managers/i386/kernel/sys/net/if_tuntap.c:1601 Process 2 (clock) thread 0xfffffe000781a780 (100031) exclusive sleep mutex mld_mtx (mld_mtx) r = 0 (0xffffffff83ce7c60) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/mld6.c:1349 exclusive sleep mutex in6_multi_list_mtx (in6_multi_list_mtx) r = 0 (0xffffffff83ce7a80) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/mld6.c:1348 shared rw vnet_rwlock (vnet_rwlock) r = 0 (0xffffffff83cc5cc0) locked @ /syzkaller/managers/i386/kernel/sys/netinet6/mld6.c:1307 db> show malloc Type InUse MemUse Requests pf_hash 6 12804K 6 linker 376 5079K 502 tcp_hpts 7 4801K 7 devbuf 4187 4323K 4214 sysctloid 35008 2062K 35083 vtbuf panic: Assertion curthread->td_pinned > 0 failed at /syzkaller/managers/i386/kernel/sys/sys/sched.h:192 cpuid = 0 time = 1753489967 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d22bd0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d22d30 vpanic() at vpanic+0x257/frame 0xffffffff83d22ef0 panic() at panic+0xb5/frame 0xffffffff83d22fc0 DELAY() at DELAY+0x279/frame 0xffffffff83d23010 ns8250_putc() at ns8250_putc+0x172/frame 0xffffffff83d23070 uart_cnputc() at uart_cnputc+0xab/frame 0xffffffff83d230b0 cnputc() at cnputc+0x130/frame 0xffffffff83d230e0 db_putc() at db_putc+0x159/frame 0xffffffff83d23110 kvprintf() at kvprintf+0x1eda/frame 0xffffffff83d232d0 db_printf() at db_printf+0x125/frame 0xffffffff83d23420 db_show_malloc() at db_show_malloc+0x54e/frame 0xffffffff83d234b0 db_command() at db_command+0x5fc/frame 0xffffffff83d23650 db_command_loop() at db_command_loop+0x82/frame 0xffffffff83d23670 db_trap() at db_trap+0x27b/frame 0xffffffff83d237b0 kdb_trap() at kdb_trap+0x66c/frame 0xffffffff83d23970 nmi_call_kdb() at nmi_call_kdb+0x132/frame 0xffffffff83d239b0 nmi_call_kdb_smp() at nmi_call_kdb_smp+0x5f/frame 0xffffffff83d239f0 trap() at trap+0x232/frame 0xffffffff83d23be0 nmi_calltrap() at nmi_calltrap+0x8/frame 0xffffffff83d23be0 --- trap 0x13, rip = 0xffffffff8162d26d, rsp = 0xfffffe0056dbe570, rbp = 0xfffffe0056dbe5b0 --- smp_rendezvous_action() at smp_rendezvous_action+0x5d/frame 0xfffffe0056dbe5b0 smp_rendezvous_cpus() at smp_rendezvous_cpus+0x2e7/frame 0xfffffe0056dbe7a0 smp_rendezvous() at smp_rendezvous+0x46/frame 0xfffffe0056dbe850 user_ldt_alloc() at user_ldt_alloc+0x3d0/frame 0xfffffe0056dbe950 cpu_fork() at cpu_fork+0x26a/frame 0xfffffe0056dbe9b0 vm_forkproc() at vm_forkproc+0x225/frame 0xfffffe0056dbea10 do_fork() at do_fork+0x1980/frame 0xfffffe0056dbeaf0 fork1() at fork1+0xd58/frame 0xfffffe0056dbec10 sys_fork() at sys_fork+0xe3/frame 0xfffffe0056dbed10 ia32_syscall() at ia32_syscall+0x4d2/frame 0xfffffe0056dbef30 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xdfffcf98 panic: Assertion kstack_contains(td, (vm_offset_t)et, sizeof(*et)) failed at /syzkaller/managers/i386/kernel/sys/kern/subr_epoch.c:470 cpuid = 0 time = 1753489967 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d22750 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d228b0 vpanic() at vpanic+0x257/frame 0xffffffff83d22a70 panic() at panic+0xb5/frame 0xffffffff83d22b30 _epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d22b70 tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d22c70 kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d22d30 vpanic() at vpanic+0x338/frame 0xffffffff83d22ef0 panic() at panic+0xb5/frame 0xffffffff83d22fc0 DELAY() at DELAY+0x279/frame 0xffffffff83d23010 ns8250_putc() at ns8250_putc+0x172/frame 0xffffffff83d23070 uart_cnputc() at uart_cnputc+0xab/frame 0xffffffff83d230b0 cnputc() at cnputc+0x130/frame 0xffffffff83d230e0 db_putc() at db_putc+0x159/frame 0xffffffff83d23110 kvprintf() at kvprintf+0x1eda/frame 0xffffffff83d232d0 db_printf() at db_printf+0x125/frame 0xffffffff83d23420 db_show_malloc() at db_show_malloc+0x54e/frame 0xffffffff83d234b0 db_command() at db_command+0x5fc/frame 0xffffffff83d23650 db_command_loop() at db_command_loop+0x82/frame 0xffffffff83d23670 db_trap() at db_trap+0x27b/frame 0xffffffff83d237b0 kdb_trap() at kdb_trap+0x66c/frame 0xffffffff83d23970 nmi_call_kdb() at nmi_call_kdb+0x132/frame 0xffffffff83d239b0 nmi_call_kdb_smp() at nmi_call_kdb_smp+0x5f/frame 0xffffffff83d239f0 trap() at trap+0x232/frame 0xffffffff83d23be0 nmi_calltrap() at nmi_calltrap+0x8/frame 0xffffffff83d23be0 --- trap 0x13, rip = 0xffffffff8162d26d, rsp = 0xfffffe0056dbe570, rbp = 0xfffffe0056dbe5b0 --- smp_rendezvous_action() at smp_rendezvous_action+0x5d/frame 0xfffffe0056dbe5b0 smp_rendezvous_cpus() at smp_rendezvous_cpus+0x2e7/frame 0xfffffe0056dbe7a0 smp_rendezvous() at smp_rendezvous+0x46/frame 0xfffffe0056dbe850 user_ldt_alloc() at user_ldt_alloc+0x3d0/frame 0xfffffe0056dbe950 cpu_fork() at cpu_fork+0x26a/frame 0xfffffe0056dbe9b0 vm_forkproc() at vm_forkproc+0x225/frame 0xfffffe0056dbea10 do_fork() at do_fork+0x1980/frame 0xfffffe0056dbeaf0 fork1() at fork1+0xd58/frame 0xfffffe0056dbec10 sys_fork() at sys_fork+0xe3/frame 0xfffffe0056dbed10 ia32_syscall() at ia32_syscall+0x4d2/frame 0xfffffe0056dbef30 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xdfffcf98 panic: Assertion kstack_contains(td, (vm_offset_t)et, sizeof(*et)) failed at /syzkaller/managers/i386/kernel/sys/kern/subr_epoch.c:470 cpuid = 0 time = 1753489967 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d222d0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d22430 vpanic() at vpanic+0x257/frame 0xffffffff83d225f0 panic() at panic+0xb5/frame 0xffffffff83d226b0 _epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d226f0 tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d227f0 kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d228b0 vpanic() at vpanic+0x338/frame 0xffffffff83d22a70 panic() at panic+0xb5/frame 0xffffffff83d22b30 _epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d22b70 tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d22c70 kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d22d30 vpanic() at vpanic+0x338/frame 0xffffffff83d22ef0 panic() at panic+0xb5/frame 0xffffffff83d22fc0 DELAY() at DELAY+0x279/frame 0xffffffff83d23010 ns8250_putc() at ns8250_putc+0x172/frame 0xffffffff83d23070 uart_cnputc() at uart_cnputc+0xab/frame 0xffffffff83d230b0 cnputc() at cnputc+0x130/frame 0xffffffff83d230e0 db_putc() at db_putc+0x159/frame 0xffffffff83d23110 kvprintf() at kvprintf+0x1eda/frame 0xffffffff83d232d0 db_printf() at db_printf+0x125/frame 0xffffffff83d23420 db_show_malloc() at db_show_malloc+0x54e/frame 0xffffffff83d234b0 db_command() at db_command+0x5fc/frame 0xffffffff83d23650 db_command_loop() at db_command_loop+0x82/frame 0xffffffff83d23670 db_trap() at db_trap+0x27b/frame 0xffffffff83d237b0 kdb_trap() at kdb_trap+0x66c/frame 0xffffffff83d23970 nmi_call_kdb() at nmi_call_kdb+0x132/frame 0xffffffff83d239b0 nmi_call_kdb_smp() at nmi_call_kdb_smp+0x5f/frame 0xffffffff83d239f0 trap() at trap+0x232/frame 0xffffffff83d23be0 nmi_calltrap() at nmi_calltrap+0x8/frame 0xffffffff83d23be0 --- trap 0x13, rip = 0xffffffff8162d26d, rsp = 0xfffffe0056dbe570, rbp = 0xfffffe0056dbe5b0 --- smp_rendezvous_action() at smp_rendezvous_action+0x5d/frame 0xfffffe0056dbe5b0 smp_rendezvous_cpus() at smp_rendezvous_cpus+0x2e7/frame 0xfffffe0056dbe7a0 smp_rendezvous() at smp_rendezvous+0x46/frame 0xfffffe0056dbe850 user_ldt_alloc() at user_ldt_alloc+0x3d0/frame 0xfffffe0056dbe950 cpu_fork() at cpu_fork+0x26a/frame 0xfffffe0056dbe9b0 vm_forkproc() at vm_forkproc+0x225/frame 0xfffffe0056dbea10 do_fork() at do_fork+0x1980/frame 0xfffffe0056dbeaf0 fork1() at fork1+0xd58/frame 0xfffffe0056dbec10 sys_fork() at sys_fork+0xe3/frame 0xfffffe0056dbed10 ia32_syscall() at ia32_syscall+0x4d2/frame 0xfffffe0056dbef30 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xdfffcf98 panic: Assertion kstack_contains(td, (vm_offset_t)et, sizeof(*et)) failed at /syzkaller/managers/i386/kernel/sys/kern/subr_epoch.c:470 cpuid = 0 time = 1753489967 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xffffffff83d21e50 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xffffffff83d21fb0 vpanic() at vpanic+0x257/frame 0xffffffff83d22170 panic() at panic+0xb5/frame 0xffffffff83d22230 _epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d22270 tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d22370 kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d22430 vpanic() at vpanic+0x338/frame 0xffffffff83d225f0 panic() at panic+0xb5/frame 0xffffffff83d226b0 _epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d226f0 tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d227f0 kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d228b0 vpanic() at vpanic+0x338/frame 0xffffffff83d22a70 panic() at panic+0xb5/frame 0xffffffff83d22b30 _epoch_enter_preempt() at _epoch_enter_preempt+0x354/frame 0xffffffff83d22b70 tcp_rl_shutdown() at tcp_rl_shutdown+0x9f/frame 0xffffffff83d22c70 kern_reboot() at kern_reboot+0x54e/frame 0xffffffff83d22d30 vpanic() at vpanic+0x338/frame 0xffffffff83d22ef0 panic() at panic+0xb5/frame 0xffffffff83d22fc0 DELAY() at DELAY+0x279/frame 0xffffffff83d23010 ns8250_putc() at ns8250_putc+0x172/frame 0xffffffff83d23070 uart_cnputc() at uart_cnputc+0xab/frame 0xffffffff83d230b0 cnputc() at cnputc+0x130/frame 0xffffffff83d230e0 db_putc() at db_putc+0x159/frame 0xffffffff83d23110 kvprintf() at kvprintf+0x1eda/frame 0xffffffff83d232d0 db_printf() at db_printf+0x125/frame 0xffffffff83d23420 db_show_malloc() at db_show_malloc+0x54e/frame 0xffffffff83d234b0 db_command() at db_command+0x5fc/frame 0xffffffff83d23650 db_command_loop() at db_command_loop+0x82/frame 0xffffffff83d23670 db_trap() at db_trap+0x27b/frame 0xffffffff83d237b0 kdb_trap() at kdb_trap+0x66c/frame 0xffffffff83d23970 nmi_call_kdb() at nmi_call_kdb+0x132/frame 0xffffffff83d239b0 nmi_call_kdb_smp() at nmi_call_kdb_smp+0x5f/frame 0xffffffff83d239f0 trap() at trap+0x232/frame 0xffffffff83d23be0 nmi_calltrap() at nmi_calltrap+0x8/frame 0xffffffff83d23be0 --- trap 0x13, rip = 0xffffffff8162d26d, rsp = 0xfffffe0056dbe570, rbp = 0xfffffe0056dbe5b0 --- smp_rendezvous_action() at smp_rendezvous_action+0x5d/frame 0xfffffe0056dbe5b0 smp_rendezvous_cpus() at smp_rendezvous_cpus+0x2e7/frame 0xfffffe0056dbe7a0 smp_rendezvous() at smp_rendezvous+0x46/frame 0xfffffe0056dbe850 user_ldt_alloc() at user_ldt_alloc+0x3d0/frame 0xfffffe0056dbe950 cpu_fork() at cpu_fork+0x26a/frame 0xfffffe0056dbe9b0 vm_forkproc() at vm_forkproc+0x225/frame 0xfffffe0056dbea10 do_fork() at do_fork+0x1980/frame 0xfffffe0056dbeaf0 fork1() at fork1+0xd58/frame 0xfffffe0056dbec10 sys_fork() atSeaBIOS (version 1.8.2-google) Total RAM Size = 0x0000000080000000 = 2048 MiB CPUs found: 2 Max CPUs supported: 2 SeaBIOS (version 1.8.2-google) Machine UUID 2d8230d0-732e-2058-9e61-e99101c24fa8 found virtio-scsi at 0:3 virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0 virtio-scsi blksize=512 sectors=6291456 = 3072 MiB drive 0x000f2820: PCHS=0/0/0 translation=lba LCHS=780/128/63 s=6291456 Sending Seabios boot VM event. Booting from Hard Disk 0...