Starting background file system checks in 60 seconds. Mon Mar 6 09:19:34 UTC 2023 FreeBSD/amd64 (ci-freebsd-main-9.c.syzkaller.internal) (ttyu0) Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. 2023/03/06 09:19:48 ignoring optional flag "sandboxArg"="0" 2023/03/06 09:19:48 parsed 1 programs 2023/03/06 09:19:48 executed programs: 0 2023/03/06 09:19:55 executed programs: 2 2023/03/06 09:20:01 executed programs: 4 login: panic: in_pcblookup_hash_locked: invalid local address cpuid = 0 time = 1678094404 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe0092c68310 kdb_backtrace() at kdb_backtrace+0xd1/frame 0xfffffe0092c68470 vpanic() at vpanic+0x254/frame 0xfffffe0092c68550 panic() at panic+0xb5/frame 0xfffffe0092c68610 in_pcblookup_hash_locked() at in_pcblookup_hash_locked+0xf32/frame 0xfffffe0092c68750 in_pcb_lport_dest() at in_pcb_lport_dest+0x476/frame 0xfffffe0092c68810 in_pcbconnect_setup() at in_pcbconnect_setup+0x7e5/frame 0xfffffe0092c68970 in_pcbconnect() at in_pcbconnect+0x174/frame 0xfffffe0092c68a80 tcp_connect() at tcp_connect+0x11c/frame 0xfffffe0092c68ad0 tcp_usr_connect() at tcp_usr_connect+0x246/frame 0xfffffe0092c68bb0 soconnectat() at soconnectat+0x1b9/frame 0xfffffe0092c68c10 kern_connectat() at kern_connectat+0x2cc/frame 0xfffffe0092c68cf0 sys_connect() at sys_connect+0xfb/frame 0xfffffe0092c68d30 amd64_syscall() at amd64_syscall+0x410/frame 0xfffffe0092c68f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0092c68f30 --- syscall (198, FreeBSD ELF64, __syscall), rip = 0x28e66a, rsp = 0x82076e7d8, rbp = 0x82076e840 --- KDB: enter: panic [ thread pid 900 tid 100121 ] Stopped at kdb_enter+0x6b: movq $0,0x257885a(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe00033eee30 rdx 0xdffff7c000000000 rbx 0 rsp 0xfffffe0092c68450 rbp 0xfffffe0092c68470 rsi 0x1 rdi 0 r8 0x3 r9 0xffffffff r10 0 r11 0x71395e85 r12 0 r13 0xfffffe0092b36720 r14 0xffffffff82af6ae0 .str.26 r15 0xffffffff82af6ae0 .str.26 rip 0xffffffff8171823b kdb_enter+0x6b rflags 0x46 kdb_enter+0x6b: movq $0,0x257885a(%rip) db> show proc Process 900 (syz-executor.0) at 0xfffffe009272c018: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 781 at 0xfffffe0092b29000 ABI: FreeBSD ELF64 flag: 0x10000000 flag2: 0 arguments: /root/syz-executor.0 exec reaper: 0xfffffe00541ea010 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe0092ba3000 (map 0xfffffe0092ba3000) (map.pmap 0xfffffe0092ba30c0) (pmap 0xfffffe0092ba3130) threads: 1 100121 Run CPU 0 syz-executor.0 db> ps pid ppid pgrp uid state wmesg wchan cmd 900 781 781 0 R CPU 0 syz-executor.0 899 893 899 0 Ss select 0xfffffe0092370940 dhclient 896 1 896 0 Ss select 0xfffffe0058b5b340 dhclient 893 886 430 65 S select 0xfffffe0092370ac0 dhclient 886 430 430 0 S wait 0xfffffe00579b3010 sh 781 779 781 0 Ss nanslp 0xffffffff83c5e201 syz-executor.0 779 777 777 0 S (threaded) syz-execprog 100111 S kqread 0xfffffe0058b23d00 syz-execprog 100114 S uwait 0xfffffe005789c800 syz-execprog 100115 S uwait 0xfffffe005789c900 syz-execprog 100116 S uwait 0xfffffe005789ca00 syz-execprog 100117 S uwait 0xfffffe005789cb00 syz-execprog 100118 S uwait 0xfffffe00574a3c00 syz-execprog 100119 S uwait 0xfffffe00574a3d00 syz-execprog 100120 S wait 0xfffffe0092729558 syz-execprog 777 775 777 0 Ss pause 0xfffffe009272c620 csh 775 688 775 0 Ss select 0xfffffe00923705c0 sshd 754 1 754 0 Ss+ ttyin 0xfffffe00574794b0 getty 753 1 753 0 Ss+ ttyin 0xfffffe00586ed8b0 getty 752 1 752 0 Ss+ ttyin 0xfffffe00586ee0b0 getty 751 1 751 0 Ss+ ttyin 0xfffffe00586ee8b0 getty 750 1 750 0 Ss+ ttyin 0xfffffe0007b4f0b0 getty 749 1 749 0 Ss+ ttyin 0xfffffe0007b4f8b0 getty 748 1 748 0 Ss+ ttyin 0xfffffe0007b500b0 getty 747 1 747 0 Ss+ ttyin 0xfffffe0007b508b0 getty 746 1 746 0 Ss+ ttyin 0xfffffe0007b510b0 getty 744 1 18 0 S+ piperd 0xfffffe0058bb3c70 logger 743 742 18 0 S+ nanslp 0xffffffff83c5e200 sleep 742 1 18 0 S+ wait 0xfffffe0056f92ab8 sh 692 1 692 0 Ss nanslp 0xffffffff83c5e200 cron 688 1 688 0 Ss select 0xfffffe0092371340 sshd 501 1 501 0 Ss select 0xfffffe0092370f40 syslogd 430 1 430 0 Ss wait 0xfffffe00579b4570 devd 429 1 429 65 Ss select 0xfffffe00923711c0 dhclient 344 1 344 0 Ss select 0xfffffe0092371440 dhclient 341 1 341 0 Ss select 0xfffffe0058b5b3c0 dhclient 17 0 0 0 DL syncer 0xffffffff83d836a0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0056f91000 [vnlru] 15 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83d81cc0 [bufdaemon] 100082 D - 0xffffffff83012180 [bufspacedaemon-0] 100095 D sdflush 0xfffffe0058c9ace8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83db9400 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83dad2b8 [dom0] 100080 D launds 0xffffffff83dad2c4 [laundry: dom0] 100081 D umarcl 0xffffffff81e7bd80 [uma] 7 0 0 0 DL - 0xffffffff83a2be48 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff84394270 [pf purge] 5 0 0 0 DL waiting 0xffffffff84698f80 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100044 D - 0xffffffff838ce340 [doneq0] 100045 D - 0xffffffff838ce2c0 [async] 100076 D - 0xffffffff838ce140 [scanner] 14 0 0 0 DL seqstat 0xfffffe0056ee5c88 [sequencer 00] 3 0 0 0 DL (threaded) [crypto] 100040 D crypto_ 0xffffffff83da8b60 [crypto] 100041 D crypto_ 0xfffffe0007b63030 [crypto returns 0] 100042 D crypto_ 0xfffffe0007b63080 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100035 D - 0xffffffff83c33640 [g_event] 100036 D - 0xffffffff83c33660 [g_up] 100037 D - 0xffffffff83c33680 [g_down] 2 0 0 0 WL (threaded) [clock] 100030 I [clock (0)] 100031 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100010 I [swi5: fast taskq] 100013 I [swi6: task queue] 100018 I [swi6: Giant taskq] 100029 I [swi1: netisr 0] 100032 I [swi1: hpts] 100033 I [swi1: hpts] 100046 I [irq24: virtio_pci0] 100047 I [irq25: virtio_pci0] 100048 I [irq26: virtio_pci0] 100049 I [irq27: virtio_pci0] 100050 I [irq28: virtio_pci1] 100051 I [irq29: virtio_pci1] 100052 I [irq30: virtio_pci1] 100053 I [irq31: virtio_pci1] 100054 I [irq32: virtio_pci1] 100059 I [irq33: virtio_pci2] 100060 I [irq34: virtio_pci2] 100061 I [irq35: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 Run CPU 1 [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe00541ea010 [init] 10 0 0 0 DL audit_w 0xffffffff83da95a0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff83c34060 [swapper] 100005 D - 0xfffffe005409e000 [if_config_tqg_0] 100006 D - 0xfffffe005409de00 [softirq_0] 100007 D - 0xfffffe005409dd00 [softirq_1] 100008 D - 0xfffffe005409dc00 [if_io_tqg_0] 100009 D - 0xfffffe005409db00 [if_io_tqg_1] 100011 D - 0xfffffe00085f2500 [kqueue_ctx taskq] 100012 D - 0xfffffe00085f2400 [pci_hp taskq] 100014 D - 0xfffffe00085f2100 [inm_free taskq] 100015 D - 0xfffffe00085f2000 [aiod_kick taskq] 100016 D - 0xfffffe00085f1e00 [in6m_free taskq] 100017 D - 0xfffffe00085f1d00 [deferred_unmount ta] 100019 D - 0xfffffe00085f1a00 [thread taskq] 100020 D - 0xfffffe00085f1900 [linuxkpi_irq_wq] 100021 D - 0xfffffe00085f1800 [linuxkpi_short_wq_0] 100022 D - 0xfffffe00085f1800 [linuxkpi_short_wq_1] 100023 D - 0xfffffe00085f1800 [linuxkpi_short_wq_2] 100024 D - 0xfffffe00085f1800 [linuxkpi_short_wq_3] 100025 D - 0xfffffe00085f1700 [linuxkpi_long_wq_0] 100026 D - 0xfffffe00085f1700 [linuxkpi_long_wq_1] 100027 D - 0xfffffe00085f1700 [linuxkpi_long_wq_2] 100028 D - 0xfffffe00085f1700 [linuxkpi_long_wq_3] 100034 D - 0xfffffe00085f1200 [firmware taskq] 100038 D - 0xfffffe00085f0700 [crypto_0] 100039 D - 0xfffffe00085f0700 [crypto_1] 100055 D - 0xfffffe0056fdbe00 [vtnet0 rxq 0] 100056 D - 0xfffffe0056fdbd00 [vtnet0 txq 0] 100057 D - 0xfffffe0056fdbc00 [vtnet0 rxq 1] 100058 D - 0xfffffe0056fdbb00 [vtnet0 txq 1] 100062 D vtbslp 0xfffffe0056f45000 [virtio_balloon] 100066 D - 0xffffffff82afba20 [deadlkres] 100070 D - 0xfffffe00085f4100 [mca taskq] 100071 D - 0xfffffe00085f0200 [acpi_task_0] 100072 D - 0xfffffe00085f0200 [acpi_task_1] 100073 D - 0xfffffe00085f0200 [acpi_task_2] 100075 D - 0xfffffe00085f0000 [CAM taskq] db> show all locks Process 900 (syz-executor.0) thread 0xfffffe0092b36720 (100121) exclusive sleep mutex tcphash (tcphash) r = 0 (0xfffffe00540499f0) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:1435 exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe0092ba8550) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:493 db>