panic: kernel diagnostic assertion "(TAILQ_NEXT(inp, inp_queue) == NULL) || (TAILQ_NEXT(inp, inp_queue) == _Q_INVALID)" failed: file "/syzkaller/managers/main/kernel/sys/netinet/in_pcb.c", line 673 Starting stack trace... panic(ffffffff8342cfde) at panic+0x1ba sys/kern/subr_prf.c:229 __assert(ffffffff833df4e4,ffffffff833caf1a,2a1,ffffffff833a396f) at __assert+0x29 sys/kern/subr_prf.c:-1 in_pcbunref(fffffd8068c73170) at in_pcbunref+0x206 sys/netinet/in_pcb.c:672 tcp_input_solocked(ffff80002a74ada0,ffff80002a74adac,0,2,ffff80002a74ad98) at tcp_input_solocked+0xfd sys/netinet/tcp_input.c:2229 tcp_input_mlist(ffffffff838ebd20,2) at tcp_input_mlist+0x93 sys/netinet/tcp_input.c:-1 if_input_process(ffff800000b11800,ffff80002a74ae78,0) at if_inp ut_process+0x229 ifiq_process(ffff800000b11c18) at ifiq_process+0xcd sys/net/ifq.c:874 taskq_thread(ffff80000002c000) at taskq_thread+0xd4 sys/kern/kern_task.c:446 end trace frame: 0x0, count: 249 End of stack trace. syncing disks...35 28 done OpenBSD/amd64 (Amnesiac) (tty00) login: WARNING: SPL NOT LOWERED ON SYSCALL 3 0 EXIT 0 3 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *398189 27223 0 0x100003 0 0 getty savectx() at savectx+0xae end of kernel end trace frame: 0x757ba09f1720, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "(TAILQ_NEXT(inp, inp_queue) == NULL) || (TAILQ_NEXT(inp, inp_queue) == _Q_INVALID)" failed: file "/syzkaller/managers/main/kernel/sys/netinet/in_pcb.c", line 673 ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x757ba09f1720, count: -1 ddb> show registers rdi 0 rsi 0 rbp 0xffff80003c1bf390 rbx 0 rdx 0 rcx 0 rax 0x31 r8 0xffff80003c1bf2c0 r9 0xffff80003c1bef98 r10 0x70d61a1723be2a73 r11 0xbb27928a1bf1cd43 r12 0 r13 0 r14 0xffff80003991f9c0 r15 0 rip 0xffffffff823ce3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80003c1bf310 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb> show proc PROC (getty) tid=398189 pid=27223 tcnt=1 stat=onproc flags process=100003 proc=0 runpri=69, usrpri=68, slppri=25, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a860f90,0xffff80002a86c568 process=0xffff8000ffff4018 user=0xffff80003c1ba000, vmspace=0xfffffd807713b170 estcpu=18, cpticks=0, pctcpu=0.75, user=0, sys=75, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 89039 470369 4073 60929 2 0x10 syz-executor 89039 345073 4073 60929 3 0x4000090 fsleep syz-executor 90959 468632 78427 0 2 0 syz-executor 90959 362571 78427 0 2 0x4000080 syz-executor 73854 490654 1987 0 2 0 syz-executor 73854 127270 1987 0 3 0x4000080 fsleep syz-executor 73854 496454 1987 0 2 0x4000000 syz-executor 30683 293893 58916 0 2 0 syz-executor 30683 405125 58916 0 2 0x4000000 syz-executor 30683 500272 58916 0 2 0x4000000 syz-executor 46423 185327 87330 0 2 0 syz-executor 46423 33593 87330 0 2 0x4000000 syz-executor 46423 43787 87330 0 3 0x4000080 fsleep syz-executor 10638 441790 76901 0 2 0 syz-executor 10638 69783 76901 0 3 0x4000080 fsleep syz-executor 10638 350365 76901 0 3 0x4000080 fsleep syz-executor 30867 192358 24036 0 2 0x1 syz-executor 30867 43798 24036 0 3 0x4000080 fsleep syz-executor 30867 117422 24036 0 3 0x4000080 fsleep syz-executor 8511 136914 0 0 3 0x14200 acct acct 76901 324995 11019 0 2 0xc82 syz-executor 73122 402519 11019 0 2 0x2 syz-executor 78427 41320 11019 0 2 0xc82 syz-executor *27223 398189 1 0 7 0x100003 getty 24749 418363 0 0 3 0x14280 nfsidl nfsio 52854 53785 0 0 3 0x14280 nfsidl nfsio 32851 37684 0 0 3 0x14280 nfsidl nfsio 70522 384254 0 0 3 0x14280 nfsidl nfsio 18632 130825 0 0 3 0x14280 nfsidl nfsio 19424 419480 0 0 3 0x14280 nfsidl nfsio 43815 157687 0 0 3 0x14280 nfsidl nfsio 52069 194975 0 0 3 0x14280 nfsidl nfsio 46922 172076 0 0 3 0x14280 nfsidl nfsio 93791 76181 0 0 3 0x14280 nfsidl nfsio 79066 101793 0 0 3 0x14280 nfsidl nfsio 13813 478963 0 0 3 0x14280 nfsidl nfsio 56497 411743 0 0 3 0x14280 nfsidl nfsio 60047 455008 0 0 3 0x14280 nfsidl nfsio 52698 220755 0 0 3 0x14280 nfsidl nfsio 47497 255734 0 0 3 0x14280 nfsidl nfsio 52489 499079 0 0 3 0x14280 nfsidl nfsio 41015 77779 0 0 3 0x14280 nfsidl nfsio 49346 211961 0 0 3 0x14280 nfsidl nfsio 91716 407661 0 0 3 0x14280 nfsidl nfsio 4073 170046 11019 0 2 0xc82 syz-executor 24036 456246 11019 0 2 0xc82 syz-executor 14736 44538 0 0 3 0x14200 bored sosplice 58916 215112 11019 0 2 0xc82 syz-executor 1987 495372 11019 0 2 0xc82 syz-executor 87330 204859 11019 0 2 0xc82 syz-executor 11019 484499 15899 0 3 0x2 netlock syz-executor 15899 31315 22569 0 3 0x10008a sigsusp ksh 22569 350530 50231 0 3 0x98 kqread sshd-session 50231 251755 26890 0 3 0x92 kqread sshd-session 26890 50613 1 0 3 0x88 kqread sshd 41087 515228 87624 73 3 0x1100090 kqread syslogd 87624 332534 1 0 3 0x100082 sbwait syslogd 7324 312531 1 0 3 0x100080 kqread resolvd 79751 242875 51724 77 3 0x100092 kqread dhcpleased 74083 206231 51724 77 3 0x100092 kqread dhcpleased 51724 39969 1 0 3 0x80 kqread dhcpleased 7725 164516 0 0 3 0x14200 bored smr 13830 413184 0 0 2 0x14200 zerothread 7672 319871 0 0 3 0x14200 aiodoned aiodoned 28622 308021 0 0 2 0x14200 update 55104 143503 0 0 3 0x14200 cleaner cleaner 85978 322130 0 0 3 0x14200 reaper reaper 39717 128141 0 0 3 0x14200 pgdaemon pagedaemon 7777 271852 0 0 3 0x14200 bored viomb 14311 471200 0 0 3 0x40014200 acpi0 acpi0 34753 84118 0 0 3 0x14200 bored softnet3 42655 346666 0 0 3 0x14200 bored softnet2 24219 205144 0 0 3 0x14200 bored softnet1 3922 213868 0 0 3 0x14200 netlock softnet0 52326 501784 0 0 3 0x14200 bored systqmp 51133 106064 0 0 3 0x14200 bored systq 10741 66098 0 0 3 0x40014200 netlock softclock 79843 441129 0 0 3 0x40014200 idle0 1 162054 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10218 11132K 12267K 166960K 20089 0 pcb 18 16K 18K 166960K 961 0 rtable 227 13K 14K 166960K 1158 0 pf 35 13K 21K 166960K 293 0 ifaddr 41 7K 9K 166960K 206 0 ifgroup 56 2K 2K 166960K 374 0 sysctl 4 1K 9K 166960K 92 0 counters 34 18K 18K 166960K 192 0 ioctlops 0 0K 4K 166960K 653 0 iov 0 0K 24K 166960K 235 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1617 102K 102K 166960K 6164 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 10K 166960K 66 0 VM map 2 1K 1K 166960K 2 0 sem 24 133K 133K 166960K 167 0 dirhash 9 1K 2K 166960K 78 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 4249 0 sigio 0 0K 0K 166960K 151 0 proc 60 59K 100K 166960K 1151 0 subproc 72 4K 4K 166960K 162 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 440 0 in_multi 88 6K 7K 166960K 324 0 ether_multi 1 0K 0K 166960K 33 0 mrt 1 0K 0K 166960K 25 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 247 1102K 1102K 166960K 247 0 exec 0 0K 1K 166960K 1189 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 6 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 235 152K 169K 166960K 40583 0 UVM aobj 218 17K 17K 166960K 245 0 pinsyscall 39 78K 94K 166960K 5524 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 272 0 NDP 13 0K 2K 166960K 145 0 temp 75 8688K 8800K 166960K 189399 0 kqueue 13 20K 30K 166960K 648 0 SYN cache 2 8K 16K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 365 0 361 2 0 2 2 0 8 1 rtentry 136 332 0 241 4 0 4 4 0 8 0 unpcb 144 2886 0 2871 11 5 6 6 0 8 5 syncache 336 16 0 16 2 1 1 1 0 8 1 tcpqe 32 9 0 9 2 1 1 1 0 8 1 tcpcb 736 1129 0 1122 11 6 5 7 0 8 4 arp 88 44 0 29 1 0 1 1 0 8 0 ipq 40 12 0 11 1 0 1 1 0 8 0 ipqe 40 111 0 110 1 0 1 1 0 8 0 inpcb 328 4355 0 4343 17 10 7 12 0 8 5 ip6q 72 15 0 13 1 0 1 1 0 8 0 ip6af 40 21 0 19 1 0 1 1 0 8 0 nd6 104 70 0 46 1 0 1 1 0 8 0 pkpcb 40 25 0 25 2 1 1 1 0 8 1 kcovpl 48 18 0 10 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 1 1 1 0 8 1 ppxss 1072 109 0 108 2 1 1 1 0 8 0 pppxif 1384 22 0 22 2 1 1 1 0 8 1 pftag 88 1 0 0 1 0 1 1 0 8 0 pfrule 1344 1 0 1 1 1 0 1 0 8 0 rttmr 136 5 0 5 2 1 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 1466 0 1033 32 0 32 32 0 8 1 art_table 32 1468 0 1033 5 0 5 5 0 8 1 art_node 16 320 0 238 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 13 1 0 1 1 0 8 0 semapl 112 160 0 138 1 0 1 1 0 8 0 shmpl 112 242 0 27 7 0 7 7 0 8 0 dirhash 1024 63 0 56 3 0 3 3 0 8 1 dino2pl 256 8915 0 7395 96 0 96 96 0 8 0 ffsino 248 8915 0 7395 96 0 96 96 0 8 0 nchpl 144 14778 0 13055 65 0 65 65 0 8 0 rtmask 32 27 0 27 2 1 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 55684 0 55684 4 2 2 2 0 8 2 kstatmem 264 218 0 192 4 1 3 3 0 8 1 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 11 0 11 2 1 1 1 0 8 1 scxspl 216 42593 0 42592 10 7 3 8 1 8 2 plimitpl 152 1021 0 1005 1 0 1 1 0 8 0 sigapl 424 4488 0 4420 8 0 8 8 0 8 0 knotepl 120 525381 0 525333 29 14 15 17 0 8 8 kqueuepl 184 1638 0 1628 7 3 4 4 0 8 3 pipepl 296 669 0 642 10 5 5 8 0 8 2 fdescpl 440 4437 0 4407 5 1 4 5 0 8 0 filepl 120 32296 0 32074 19 5 14 14 0 8 5 lockfpl 104 2016 0 2014 3 1 2 2 0 8 1 lockfspl 48 867 0 865 1 0 1 1 0 8 0 sessionpl 144 43 0 35 1 0 1 1 0 8 0 pgrppl 48 103 0 86 1 0 1 1 0 8 0 ucredpl 104 5128 0 5116 1 0 1 1 0 8 0 zombiepl 144 6723 0 6723 2 1 1 1 0 8 1 processpl 1160 4488 0 4420 5 0 5 5 0 8 0 procpl 656 11572 0 11492 8 0 8 8 0 8 0 sosppl 168 35 0 35 2 1 1 1 0 8 1 sockpl 528 7814 0 7783 20 10 10 11 0 8 7 mcl64k 65536 142 0 142 2 1 1 1 0 8 1 mcl16k 16384 15 0 15 2 1 1 1 0 8 1 mcl12k 12288 11 0 11 2 1 1 1 0 8 1 mcl9k 9216 8 0 8 2 1 1 1 0 8 1 mcl8k 8192 104 0 104 1 0 1 1 0 8 1 mcl4k 4096 8628 0 8575 14 6 8 13 0 8 1 mcl2k2 2112 8 0 8 1 0 1 1 0 8 1 mcl2k 2048 4520 0 4513 9 1 8 8 0 8 6 mtagpl 96 565 0 299 7 0 7 7 0 8 0 mbufpl 256 47681 0 47294 33 3 30 30 0 8 4 bufpl 280 10908 0 4681 446 0 446 446 0 8 0 anonpl 24 540625 0 530857 107 33 74 88 0 187 5 amapchunkpl 152 152664 0 152059 46 6 40 40 0 158 13 amappl16 200 8547 0 8226 44 19 25 33 0 8 3 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 147 0 136 1 0 1 1 0 8 0 amappl13 176 5 0 5 2 1 1 1 0 8 1 amappl12 168 5215 0 5184 2 0 2 2 0 8 0 amappl11 160 58 0 48 1 0 1 1 0 8 0 amappl10 152 22 0 22 1 1 0 1 0 8 0 amappl9 144 247 0 246 2 1 1 1 0 8 0 amappl8 136 20 0 18 1 0 1 1 0 8 0 amappl7 128 144 0 133 1 0 1 1 0 8 0 amappl6 120 284 0 280 1 0 1 1 0 8 0 amappl5 112 163 0 156 1 0 1 1 0 8 0 amappl4 104 354 0 337 1 0 1 1 0 8 0 amappl3 96 28890 0 28778 4 0 4 4 0 8 0 amappl2 88 836 0 778 2 0 2 2 0 8 0 amappl1 80 27140 0 26589 14 0 14 14 0 8 0 amappl 88 39036 0 38864 5 0 5 5 0 92 0 dma16384 16384 2 0 2 2 1 1 1 0 8 1 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 2 1 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 9 0 9 2 1 1 1 0 8 1 dma128 128 259 0 259 2 1 1 1 0 8 1 dma64 64 12 0 12 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 244 0 27 4 0 4 4 0 8 0 uaddrrnd 24 4437 0 4407 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4437 0 4407 1 0 1 1 0 8 0 vmmpekpl 168 34728 0 34667 4 0 4 4 0 8 0 vmmpepl 168 278401 0 276156 119 12 107 109 0 357 4 vmsppl 360 4436 0 4407 4 1 3 4 0 8 0 rwobjpl 32 71547 0 64241 61 0 61 61 0 8 1 pdppl 4096 8880 0 8814 183 117 66 80 0 8 0 pvpl 32 1764150 0 1748661 184 29 155 162 0 265 15 pmappl 216 4436 0 4407 3 1 2 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 404 0 143 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x757ba09f1720, count: -1 ddb> machine ddbcpu 1 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x757ba09f1720, count: -1