panic: Assertion done != job_total_nbytes failed at /syzkaller/managers/main/kernel/sys/kern/sys_socket.c:690 cpuid = 1 time = 9 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00570ff8d0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00570ffa30 vpanic() at vpanic+0x257/frame 0xfffffe00570ffbf0 panic() at panic+0xb5/frame 0xfffffe00570ffcb0 soaio_process_sb() at soaio_process_sb+0x11e2/frame 0xfffffe00570ffea0 soaio_kproc_loop() at soaio_kproc_loop+0x17b/frame 0xfffffe00570ffef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe00570fff30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00570fff30 --- trap 0xc, rip = 0x3a697a, rsp = 0x82773dfc8, rbp = 0x82773dff0 --- KDB: enter: panic [ thread pid 1144 tid 100559 ] Stopped at kdb_enter+0x6e: movq $0,0x2587a77(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff8283c160 .str.27 rsp 0xfffffe00570ffa10 rbp 0xfffffe00570ffa30 rsi 0 rdi 0xffffffff81664139 printf+0x149 r8 0 r9 0xffffffff r10 0x952a6c5d913c5218 r11 0xfffffe0058b85550 r12 0xfffffe0058ba2780 r13 0xfffffffffffffffd r14 0xffffffff8283c160 .str.27 r15 0 rip 0xffffffff8164d41e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x2587a77(%rip) db> show proc Process 1144 (soaiod2) at 0xfffffe0058b92ac0: state: NORMAL uid: 0 gid: 0 supp gids: 0 parent: pid 0 at 0xffffffff83b5ef60 ABI: null flag: 0x10000204 flag2: 0 reaper: 0xffffffff83b5ef60 reapsubtree: 1144 sigparent: 20 vmspace: 0xfffffe0007811db0 (map 0xfffffe0007811db0) (map.pmap 0xfffffe0007811e50) (pmap 0xfffffe0007811ec0) threads: 1 100559 Run CPU 1 [soaiod2] db> ps pid ppid pgrp uid state wmesg wchan cmd 1172 1107 1107 0 R (threaded) syz-executor 100600 RunQ syz-executor 100607 S uwait 0xfffffe007ae59580 syz-executor 100609 S uwait 0xfffffe007ae58880 syz-executor 1171 765 765 0 R (threaded) syz-executor 100586 RunQ syz-executor 100606 S uwait 0xfffffe007ae58580 syz-executor 1170 766 766 0 R (threaded) syz-executor 100169 RunQ syz-executor 100605 S uwait 0xfffffe007aebcb00 syz-executor 100608 RunQ syz-executor 1166 1 1107 0 S uwait 0xfffffe007ae59e00 syz-executor 1162 1 766 0 S uwait 0xfffffe007aebc900 syz-executor 1146 0 0 0 DL - 0xffffffff83cd60c0 [soaiod4] 1145 0 0 0 DL - 0xffffffff83cd60c0 [soaiod3] 1144 0 0 0 RL CPU 1 [soaiod2] 1143 0 0 0 DL - 0xffffffff83cd60c0 [soaiod1] 1141 1 1107 0 S uwait 0xfffffe007aebd300 syz-executor 1135 1 1134 0 S uwait 0xfffffe007aebe000 syz-executor 1130 1 765 0 S uwait 0xfffffe00585f3d00 syz-executor 1126 1 765 0 S uwait 0xfffffe007ae58c80 syz-executor 1117 1113 1113 0 S tun_con 0xfffffe00584cd538 ifconfig 1113 762 1113 0 S wait 0xfffffe0058b03010 syz-executor 1107 762 1107 0 S nanslp 0xffffffff83bb5f41 syz-executor 1095 1 764 0 S uwait 0xfffffe007aebc500 syz-executor 1094 1 765 0 S uwait 0xfffffe007aebd500 syz-executor 1093 1 764 0 S uwait 0xfffffe007ae59700 syz-executor 1086 1085 766 0 S uwait 0xfffffe0007a95c80 syz-executor 1085 1 766 0 SV wait 0xfffffe0058b7a568 syz-executor 1080 1 766 0 S uwait 0xfffffe007aebd400 syz-executor 1076 1 765 0 S uwait 0xfffffe007aebd000 syz-executor 1075 1 765 0 S uwait 0xfffffe007aebd800 syz-executor 1073 1 766 0 S uwait 0xfffffe007aebda00 syz-executor 1066 1 1064 0 S uwait 0xfffffe007aebce80 syz-executor 1061 1 764 0 SV uwait 0xfffffe007ae59b00 syz-executor 1050 1 764 0 S uwait 0xfffffe0007a95100 syz-executor 1048 1 764 0 S uwait 0xfffffe00585f4280 syz-executor 1044 1 766 0 T uwait 0xfffffe00585f4a00 syz-executor 1037 1 764 0 S uwait 0xfffffe007aebcd80 syz-executor 1033 1 763 0 SV uwait 0xfffffe007aebcc80 syz-executor 1031 1 763 0 S uwait 0xfffffe007aebd900 syz-executor 1028 1 763 0 S uwait 0xfffffe007aebd700 syz-executor 1027 1 764 0 S uwait 0xfffffe007aebd600 syz-executor 1023 0 0 0 DL mdwait 0xfffffe006eae1000 [md0] 1019 1 765 0 SV uwait 0xfffffe007ae5a380 syz-executor 1016 1 763 0 S uwait 0xfffffe00585f2680 syz-executor 1015 1 763 0 S uwait 0xfffffe0007a95b80 syz-executor 1006 1 763 0 S uwait 0xfffffe0007a95780 syz-executor 1003 1 763 0 S uwait 0xfffffe007ae59f00 syz-executor 997 1 765 0 T uwait 0xfffffe00585f4b00 syz-executor 993 1 765 0 T uwait 0xfffffe007ae5a080 syz-executor 983 1 764 0 S uwait 0xfffffe007ae5a280 syz-executor 976 1 765 0 T syz-executor 972 0 0 0 DL (threaded) [KTLS] 100320 D - 0xfffffe0054239e00 [thr_0] 100321 D - 0xfffffe0054239e80 [thr_1] 100322 D - 0xffffffff83cd78e8 [reclaim_0] 967 1 765 0 T uwait 0xfffffe007ae59900 syz-executor 957 1 766 0 SV uwait 0xfffffe0058695000 syz-executor 953 1 763 -1 S uwait 0xfffffe00585f1300 syz-executor 935 1 765 0 T uwait 0xfffffe007aebe100 syz-executor 915 1 763 0 S uwait 0xfffffe00585f4800 syz-executor 914 1 763 0 S uwait 0xfffffe0007a95880 syz-executor 913 1 763 0 S uwait 0xfffffe00585f1000 syz-executor 907 1 763 0 S uwait 0xfffffe00585f3600 syz-executor 903 1 763 -1 S uwait 0xfffffe007aebe400 syz-executor 901 1 766 0 T uwait 0xfffffe0007a95480 syz-executor 900 1 763 0 S uwait 0xfffffe007aebe200 syz-executor 896 1 766 0 T uwait 0xfffffe0058695200 syz-executor 888 1 765 0 T uwait 0xfffffe0058694d80 syz-executor 885 1 764 0 S uwait 0xfffffe0007a95680 syz-executor 884 1 884 0 Ts rtsol 883 1 883 0 Ts rtsol 882 1 882 0 Ts rtsol 863 0 0 0 DL aiordy 0xfffffe0058b17ac0 [aiod4] 860 0 0 0 DL aiordy 0xfffffe0058b28ab0 [aiod3] 859 1 764 0 S uwait 0xfffffe00585f4900 syz-executor 857 0 0 0 DL aiordy 0xfffffe0058b29ab8 [aiod2] 856 0 0 0 DL aiordy 0xfffffe0058b29008 [aiod1] 851 1 765 0 T uwait 0xfffffe0007a95280 syz-executor 834 0 0 0 DL (threaded) [so_splice] 100134 D - 0xfffffe00585f4680 [thr_0] 100137 D - 0xfffffe00585f46c0 [thr_1] 811 1 765 60929 T uwait 0xfffffe0007a95d80 syz-executor 766 762 766 0 R syz-executor 765 762 765 0 R syz-executor 762 1 760 0 S select 0xfffffe0070f66640 syz-executor 747 1 747 0 Ts+ getty 746 1 746 0 Ts+ getty 745 1 745 0 Ts+ getty 744 1 744 0 Ts+ getty 743 1 743 0 Ts+ getty 742 1 742 0 Ts+ getty 741 1 741 0 Ts+ getty 740 1 740 0 Ts+ getty 739 1 739 0 Ts+ getty 737 1 17 0 T+ logger 736 735 17 0 S+ nanslp 0xffffffff83bb5f41 sleep 735 1 17 0 T+ sh 685 1 685 0 Ts cron 681 1 681 0 Ts sshd 494 1 494 0 Ts syslogd 423 1 423 0 Ts devd 422 1 422 65 Ts dhclient 337 1 337 0 Ts dhclient 334 1 334 0 Ts dhclient 16 0 0 0 DL syncer 0xffffffff83ce3ae0 [syncer] 15 0 0 0 DL vlruwt 0xfffffe0058a02558 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83ce2020 [bufdaemon] 100082 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100094 D sdflush 0xfffffe0057f1fce8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d23380 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83d09448 [dom0] 100080 D launds 0xffffffff83d09454 [laundry: dom0] 100081 D umarcl 0xffffffff81e37c30 [uma] 7 0 0 0 DL - 0xffffffff8392e510 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff84580f80 [pf purge] 5 0 0 0 DL waiting 0xffffffff84916700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100045 D - 0xffffffff838f8340 [doneq0] 100046 D - 0xffffffff838f82c0 [async] 100075 D - 0xffffffff838f8140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83d04ce0 [crypto] 100043 D crypto_ 0xfffffe00077af830 [crypto returns 0] 100044 D crypto_ 0xfffffe00077af880 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b5e520 [g_event] 100038 D - 0xffffffff83b5e540 [g_up] 100039 D - 0xffffffff83b5e560 [g_down] 2 0 0 0 WL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809010 [init] 10 0 0 0 DL audit_w 0xffffffff83d05780 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D - 0xffffffff84c5dff0 [kernel] 100005 D - 0xfffffe00077cb000 [softirq_0] 100006 D - 0xfffffe00077cae00 [softirq_1] 100007 D - 0xfffffe00077cad00 [if_io_tqg_0] 100008 D - 0xfffffe00077cac00 [if_io_tqg_1] 100009 D - 0xfffffe00077cab00 [if_config_tqg_0] 100010 D - 0xfffffe00077caa00 [kqueue_ctx taskq] 100011 D - 0xfffffe00077ca900 [jail_remove taskq] 100012 D - 0xfffffe00077ca800 [bus taskq] 100015 D - 0xfffffe00077ca500 [thread taskq] 100017 D - 0xfffffe00077ca300 [aiod_kick taskq] 100018 D - 0xfffffe00077ca200 [deferred_unmount ta] 100019 D - 0xfffffe00077ca100 [inm_free taskq] 100020 D - 0xfffffe00077ca000 [in6m_free taskq] 100021 D - 0xfffffe00077c9e00 [linuxkpi_irq_wq] 100022 D - 0xfffffe00077c9d00 [linuxkpi_short_wq_0] 100023 D - 0xfffffe00077c9d00 [linuxkpi_short_wq_1] 100024 D - 0xfffffe00077c9d00 [linuxkpi_short_wq_2] 100025 D - 0xfffffe00077c9d00 [linuxkpi_short_wq_3] 100026 D - 0xfffffe00077c9c00 [linuxkpi_long_wq_0] 100027 D - 0xfffffe00077c9c00 [linuxkpi_long_wq_1] 100028 D - 0xfffffe00077c9c00 [linuxkpi_long_wq_2] 100029 D - 0xfffffe00077c9c00 [linuxkpi_long_wq_3] 100036 D - 0xfffffe00077c9b00 [firmware taskq] 100040 D - 0xfffffe00077c9100 [crypto_0] 100041 D - 0xfffffe00077c9100 [crypto_1] 100056 D - 0xfffffe00077c8900 [vtnet0 rxq 0] 100057 D - 0xfffffe00077c8800 [vtnet0 txq 0] 100058 D - 0xfffffe00077c8700 [vtnet0 rxq 1] 100059 D - 0xfffffe00077c8600 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe005800d900 [virtio_balloon] 100065 D - 0xffffffff82840840 [deadlkres] 100069 D - 0xfffffe00077c8b00 [acpi_task_0] 100070 D - 0xfffffe00077c8b00 [acpi_task_1] 100071 D - 0xfffffe00077c8b00 [acpi_task_2] 100073 D - 0xfffffe00077cb100 [mca taskq] 100074 D - 0xfffffe00077c8a00 [CAM taskq] 100076 D - 0xfffffe00077c8300 [ipsec_offload] 100465 D - 0xfffffe0059a57500 [netlink_socket (PID] 758 681 758 0 Z sshd 772 423 423 0 Z sh db> show all locks Process 1117 (ifconfig) thread 0xfffffe0058b71000 (100485) exclusive sx ifnet_detach_sx (ifnet_detach_sx) r = 0 (0xffffffff83ce4280) locked @ /syzkaller/managers/main/kernel/sys/net/if.c:2904 db> show malloc Type InUse MemUse Requests pf_hash 6 12804K 6 devbuf 8283 7252K 8309 linker 385 5207K 621 tcp_hpts 8 4865K 8 sysctloid 35512 2093K 35587 vtbuf 24 1968K 46 kobj 337 1348K 510 newblk 107 1051K 2172 vfscache 3 1025K 3 filedesc 106 842K 663 pcb 40 678K 395 inodedep 36 526K 625 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 subproc 235 494K 1303 intr 4 472K 4 vmem 5 272K 8 vnet_data 2 224K 2 acpitask 1 224K 1 KTRACE 101 201K 54354 acpica 1674 184K 56977 tidhash 3 141K 3 pagedep 24 134K 321 tfo_ccache 1 128K 1 IP reass 1 128K 1 DEVFS1 109 109K 130 sem 4 106K 4 gtaskqueue 18 98K 18 LRO 26 89K 28 bus 1015 83K 5167 mtx_pool 3 74K 3 syncache 1 68K 1 NFSD srvcache 3 68K 3 module 529 67K 529 ddb_capture 1 64K 1 kdtrace 302 55K 1784 umtx 416 52K 416 shm 3 36K 7 hostcache 1 32K 1 DEVFS3 128 32K 138 msg 4 30K 4 kbdmux 6 28K 6 filemon 3 24K 8 ifaddr 93 23K 97 routetbl 223 22K 649 temp 42 21K 2123 DEVFS_RULE 56 20K 56 lltable 64 19K 67 BPF 18 19K 40 ufs_mount 4 17K 5 proc 3 17K 3 tty 16 16K 16 ether_multi 190 16K 243 ithread 90 15K 90 bus-sc 34 15K 1690 eventhandler 170 14K 170 shmfd 10 12K 20 cred 31 12K 237 kenv 95 12K 95 GEOM 54 12K 470 in6_multi 76 11K 87 CAM queue 5 11K 1528 rman 75 10K 430 plimit 25 10K 357 ifnet 10 10K 11 rpc 8 9K 8 bmsafemap 3 9K 540 ksem 2 9K 4 devstat 4 9K 4 UART 12 9K 12 pfs_vncache 1 8K 1 audit_evclass 240 8K 306 taskqueue 72 8K 96 kqueue 113 8K 1446 pwddesc 109 7K 1200 sglist 6 7K 6 CAM DEV 3 6K 510 pfs_nodes 22 6K 22 ufs_dirhash 27 6K 30 pf_ifnet 13 5K 31 UMA 272 5K 272 DEVFSP 68 5K 261 vt 11 5K 11 md_disk 2 5K 2 memdesc 1 4K 1 MCA 32 4K 32 md_sectors 1 4K 1 evdev 4 4K 4 acpisem 28 4K 28 proc-args 132 4K 2262 kcovinfo 54 4K 63 session 25 4K 45 lockf 29 4K 140 terminal 11 3K 11 uidinfo 6 3K 12 acpidev 20 3K 20 ip6ndp 17 3K 20 selfd 38 3K 50589 hhook 8 3K 10 tun 6 3K 6 newdirblk 17 3K 294 netlink 2 3K 105 local_apic 1 2K 1 io_apic 1 2K 1 dirrem 8 2K 475 ipsec-saq 2 2K 2 in_multi 8 2K 14 clone 8 2K 8 sctp_ifa 15 2K 18 Unitno 33 2K 769 mkdir 14 2K 588 CC Mem 13 2K 293 CAM XPT 22 2K 543 sctp_atcl 4 2K 112 diradd 12 2K 498 toponodes 6 2K 6 ipsecpolicy 2 2K 2 sctp_timw 5 2K 5 mld 10 2K 10 igmp 10 2K 10 select 10 2K 56 msi 9 2K 9 freework 5 2K 604 inpcbpolicy 34 2K 625 softdep 1 1K 1 freefile 8 1K 382 freeblks 4 1K 331 indirdep 4 1K 418 sahead 1 1K 1 secasvar 1 1K 1 nhops 6 1K 8 vnodemarker 2 1K 37 NFSD session 1 1K 1 sctp_ifn 7 1K 18 CAM periph 4 1K 271 ipsec 3 1K 3 pfil 6 1K 6 iov 12 1K 15798 isadev 6 1K 6 osd 18 1K 311 mount 16 1K 296 pci_link 10 1K 10 ip_msource 11 1K 16 crypto 4 1K 25 encap_export_host 12 1K 12 procdesc 4 1K 10 eventfd 4 1K 5 cdev 2 1K 2 lkpikmalloc 8 1K 9 counter_rate 13 1K 13 ip6_msource 6 1K 11 in6_mfilter 6 1K 20 chacha20random 1 1K 1 biobuf 1 1K 1 ip6opt 2 1K 29 vnodes 2 1K 5 ktls 1 1K 14 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 CAM SIM 2 1K 2 cryptodev 3 1K 220 tcpfunc 3 1K 3 loginclass 3 1K 5 prison 6 1K 6 sctp_atky 4 1K 120 nexusdev 8 1K 8 apmdev 1 1K 1 atkbddev 2 1K 2 VN POLL 1 1K 11 aio 4 1K 9 pmchooks 1 1K 1 filedesc_to_leader 2 1K 3 CAM path 4 1K 1034 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 soname 4 1K 3668 filecaps 4 1K 79 ip6_moptions 3 1K 12 sctp_vrf 1 1K 1 sctp_athm 4 1K 114 ip_moptions 1 1K 11 in_mfilter 1 1K 30 vnet 1 1K 1 pmc 1 1K 1 entropy 2 1K 36 acpiintr 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 sctp_mcore 0 0K 0 sctp_socko 0 0K 25 sctp_iter 0 0K 15 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 1 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 15 sctp_aadr 0 0K 0 sctp_stro 0 0K 6 sctp_stri 0 0K 4 sctp_map 0 0K 14 mqdata 0 0K 0 ipcomp 0 0K 0 esp 0 0K 0 ah 0 0K 0 pf_table 0 0K 0 pf 0 0K 1 pf_rule 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_krule_item 0 0K 0 pf_temp 0 0K 0 tcp_pcm_rack 0 0K 3 tcp_do_rack 0 0K 0 tcp_fsb_rack 0 0K 6 madt_table 0 0K