./file03Ρn/5zN0 x8I_+){Q>Wig/M3\">} +dC!rыprȁn.ʼn6./file0! "Th$l q47./file0 .panic: kernel diagnostic assertion "(TAILQ_NEXT(inp, inp_queue) == NULL) || (TAILQ_NEXT(inp, inp_queue) == _Q_INVALID)" failed: file "/syzkaller/managers/main/kernel/sys/netinet/in_pcb.c", line 673 Starting stack trace... panic(ffffffff8342de09) at panic+0x1ba sys/kern/subr_prf.c:229 __assert(ffffffff833de45c,ffffffff833c8dfd,2a1,ffffffff833a183a) at __assert+0x29 sys/kern/subr_prf.c:-1 in_pcbunref(fffffd806ebdbcd0) at in_pcbunref+0x206 sys/netinet/in_pcb.c:672 tcp_input_solocked(ffff80002a74b9a0,ffff80002a74b9ac,0,2,ffff80002a74b998) at tcp_input_sol ocked+0xfd tcp_input_mlist(ffffffff839cae60,2) at tcp_input_mlist+0x93 sys/netinet/tcp_input.c:-1 if_input_process(ffff800000b11800,ffff80002a74ba78,0) at if_input_process+0x229 sys/net/if.c:1015 ifiq_process(ffff800000b11c18) at ifiq_process+0xcd sys/net/ifq.c:874 taskq_thread(ffff80000002c000) at taskq_thread+0xd4 sys/kern/kern_task.c:446 end trace frame: 0x0, count: 249 End of stack trace. syncing disks...31 12 done OpenBSD/amd64 (ci-openbsd-main-9.us-central1-b.c.syzkaller.internal) (tty00) login: WARNING: SPL NOT LOWERED ON SYSCALL 3 0 EXIT 0 3 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND * 8696 76463 0 0x100003 0 0 getty savectx() at savectx+0xae end of kernel end trace frame: 0x7a1cf9432910, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "(TAILQ_NEXT(inp, inp_queue) == NULL) || (TAILQ_NEXT(inp, inp_queue) == _Q_INVALID)" failed: file "/syzkaller/managers/main/kernel/sys/netinet/in_pcb.c", line 673 ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7a1cf9432910, count: -1 ddb> show registers rdi 0 rsi 0 rbp 0xffff800037912ff0 rbx 0 rdx 0 rcx 0 rax 0x31 r8 0xffff800037912f20 r9 0 r10 0x1bf14d6f81711eff r11 0xdcaaebdecfb396d2 r12 0 r13 0 r14 0xffff80002a7f0f80 r15 0 rip 0xffffffff818273ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff800037912f70 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb> show proc PROC (getty) tid=8696 pid=76463 tcnt=1 stat=onproc flags process=100003 proc=0 runpri=66, usrpri=66, slppri=25, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7c39b8,0xffff80003c972a78 process=0xffff800037916458 user=0xffff80003790e000, vmspace=0xfffffd806c4129f0 estcpu=16, cpticks=1, pctcpu=0.73, user=0, sys=75, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 19381 452617 34327 0 2 0 syz-executor 58682 77254 79526 0 2 0 syz-executor 32808 135416 41007 0 2 0x10 syz-executor 32808 454800 41007 0 3 0x4000090 fsleep syz-executor 32808 182839 41007 0 3 0x4000090 fsleep syz-executor 32808 143876 41007 0 3 0x4000090 fsleep syz-executor 79836 340200 83975 0 2 0 syz-executor 79836 345109 83975 0 3 0x4000080 fsleep syz-executor 97017 451014 22544 0 2 0 syz-executor 97017 494739 22544 0 3 0x4000000 netlock syz-executor 97017 186919 22544 0 3 0x4000080 fsleep syz-executor 16159 209444 86167 0 2 0 syz-executor 16159 117368 86167 0 3 0x4000080 kqread syz-executor 16159 297969 86167 0 3 0x4000080 fsleep syz-executor 63021 296809 0 0 3 0x14200 acct acct 28828 502734 72040 0 2 0x2 syz-executor 86167 448243 72040 0 2 0x2 syz-executor 34327 341945 72040 0 2 0xc82 syz-executor *76463 8696 1 0 7 0x100003 getty 55431 187396 0 0 3 0x14200 bored sosplice 41007 504515 72040 0 2 0xc82 syz-executor 2234 309958 72040 0 2 0x2 syz-executor 79526 237794 72040 0 2 0xc82 syz-executor 22544 205092 72040 0 2 0xc82 syz-executor 83975 268683 72040 0 2 0xc82 syz-executor 72040 168910 59978 0 3 0x2 netlock syz-executor 59978 237541 77794 0 3 0x10008a sigsusp ksh 77794 477664 92169 0 3 0x98 kqread sshd-session 92169 396788 24486 0 3 0x92 kqread sshd-session 24486 302833 1 0 3 0x88 kqread sshd 35060 115921 95867 73 3 0x1100090 kqread syslogd 95867 490285 1 0 3 0x100082 sbwait syslogd 22975 467934 1 0 3 0x100080 kqread resolvd 36194 135069 9054 77 3 0x100092 kqread dhcpleased 67364 317107 9054 77 3 0x100092 kqread dhcpleased 9054 327395 1 0 3 0x80 kqread dhcpleased 40965 47614 0 0 3 0x14200 bored smr 97275 48024 0 0 2 0x14200 zerothread 18796 192561 0 0 3 0x14200 aiodoned aiodoned 37734 276540 0 0 2 0x14200 update 52485 341682 0 0 3 0x14200 cleaner cleaner 86323 349894 0 0 3 0x14200 reaper reaper 93543 226534 0 0 3 0x14200 pgdaemon pagedaemon 60327 360406 0 0 3 0x14200 bored viomb 88256 153343 0 0 3 0x40014200 acpi0 acpi0 24984 247820 0 0 3 0x14200 bored softnet3 20319 25059 0 0 3 0x14200 bored softnet2 61666 427662 0 0 3 0x14200 bored softnet1 63836 487610 0 0 3 0x14200 netlock softnet0 9188 36372 0 0 3 0x14200 bored systqmp 732 506349 0 0 3 0x14200 bored systq 4603 170932 0 0 3 0x40014200 netlock softclock 8609 256643 0 0 3 0x40014200 idle0 1 497814 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10203 11084K 12263K 166960K 14054 0 pcb 18 15K 16K 166960K 320 0 rtable 153 8K 9K 166960K 677 0 pf 25 12K 17K 166960K 135 0 ifaddr 28 5K 8K 166960K 101 0 ifgroup 38 1K 2K 166960K 159 0 sysctl 4 1K 9K 166960K 16 0 counters 29 17K 18K 166960K 216 0 ioctlops 0 0K 4K 166960K 307 0 iov 0 0K 20K 166960K 102 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1460 92K 93K 166960K 2816 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 6K 166960K 22 0 VM map 2 1K 1K 166960K 2 0 sem 28 5K 5K 166960K 51 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 236K 166960K 1297 0 sigio 0 0K 0K 166960K 31 0 proc 60 59K 91K 166960K 719 0 subproc 72 4K 4K 166960K 100 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 150 0 in_multi 59 4K 7K 166960K 181 0 ether_multi 1 0K 0K 166960K 7 0 mrt 1 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 567 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 223 151K 172K 166960K 13288 0 UVM aobj 142 7K 7K 166960K 149 0 pinsyscall 39 78K 88K 166960K 2388 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 71 0 NDP 8 0K 1K 166960K 66 0 temp 78 8688K 8816K 166960K 53422 0 kqueue 14 22K 30K 166960K 246 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 136 0 133 1 0 1 1 0 8 0 rtentry 136 185 0 125 4 0 4 4 0 8 0 unpcb 144 653 0 637 3 1 2 2 0 8 1 syncache 336 4 0 4 2 1 1 1 0 8 1 tcpcb 736 443 0 437 10 6 4 7 0 8 3 arp 88 29 0 15 1 0 1 1 0 8 0 ipq 40 4 0 4 1 0 1 1 0 8 1 ipqe 40 6 0 6 1 0 1 1 0 8 1 inpcb 328 1431 0 1420 10 6 4 7 0 8 3 ip6q 72 2 0 0 1 0 1 1 0 8 0 ip6af 40 2 0 0 1 0 1 1 0 8 0 nd6 104 42 0 29 1 0 1 1 0 8 0 pkpcb 40 5 0 5 3 2 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 ppxss 1072 168 0 168 3 2 1 1 0 8 1 pppxif 1384 5 0 5 2 1 1 1 0 8 1 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfanchor 1288 5 0 0 1 0 1 1 0 8 0 pfstkey 128 1 0 1 1 0 1 1 0 8 1 pfstate 384 1 0 1 1 0 1 1 0 8 1 pfrule 1344 11 0 7 2 1 1 1 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 785 0 508 31 6 25 30 0 8 5 art_table 32 788 0 508 4 0 4 4 0 8 0 art_node 16 175 0 122 1 0 1 1 0 8 0 sysvmsgpl 40 54 0 46 1 0 1 1 0 8 0 semupl 112 3 0 3 2 1 1 1 0 8 1 semapl 112 43 0 17 1 0 1 1 0 8 0 shmpl 112 146 0 7 4 0 4 4 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 3674 0 2181 95 0 95 95 0 8 0 ffsino 248 3674 0 2181 95 0 95 95 0 8 0 nchpl 144 5529 0 4944 64 41 23 63 0 8 0 rtmask 32 12 0 12 3 2 1 1 0 8 1 uvmvnodes 80 4777 0 0 98 0 98 98 0 8 0 vnodes 216 4777 0 0 266 0 266 266 0 8 0 namei 1024 19760 0 19760 2 1 1 2 0 8 1 kstatmem 264 88 0 72 2 0 2 2 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 6 0 6 3 2 1 1 0 8 1 scxspl 216 16235 0 16234 10 2 8 8 1 8 7 plimitpl 152 318 0 302 1 0 1 1 0 8 0 sigapl 424 1561 0 1513 6 0 6 6 0 8 0 knotepl 120 313962 0 313913 40 28 12 17 0 8 8 kqueuepl 184 490 0 480 6 2 4 4 0 8 3 pipepl 296 411 0 384 13 5 8 8 0 8 5 fdescpl 440 1540 0 1510 4 0 4 4 0 8 0 filepl 120 10508 0 10298 18 5 13 13 0 8 5 lockfpl 104 473 0 471 1 0 1 1 0 8 0 lockfspl 48 207 0 205 1 0 1 1 0 8 0 sessionpl 144 25 0 17 1 0 1 1 0 8 0 pgrppl 48 89 0 73 1 0 1 1 0 8 0 ucredpl 104 1650 0 1637 1 0 1 1 0 8 0 zombiepl 144 1945 0 1945 2 1 1 1 0 8 1 processpl 1160 1561 0 1513 4 0 4 4 0 8 0 procpl 656 3412 0 3356 6 0 6 6 0 8 0 sosppl 168 10 0 10 3 2 1 1 0 8 1 sockpl 528 2288 0 2258 11 4 7 7 0 8 4 mcl64k 65536 27 0 27 3 2 1 1 0 8 1 mcl16k 16384 4 0 4 2 1 1 1 0 8 1 mcl9k 9216 2 0 2 1 1 0 1 0 8 0 mcl8k 8192 11 0 11 3 2 1 1 0 8 1 mcl4k 4096 3975 0 3918 14 6 8 14 0 8 0 mcl2k 2048 1380 0 1370 2 0 2 2 0 8 0 mtagpl 96 69 0 31 1 0 1 1 0 8 0 mbufpl 256 16332 0 16130 22 3 19 19 0 8 5 bufpl 280 4131 0 117 287 0 287 287 0 8 0 anonpl 24 244107 0 236088 108 9 99 99 0 187 26 amapchunkpl 152 45107 0 44569 60 22 38 38 0 158 13 amappl16 200 5572 0 5313 48 13 35 40 0 8 8 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 109 0 99 1 0 1 1 0 8 0 amappl13 176 8 0 7 1 0 1 1 0 8 0 amappl12 168 2195 0 2167 3 1 2 3 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 5 0 5 1 1 0 1 0 8 0 amappl9 144 253 0 251 1 0 1 1 0 8 0 amappl8 136 27 0 25 1 0 1 1 0 8 0 amappl7 128 108 0 97 1 0 1 1 0 8 0 amappl6 120 200 0 196 1 0 1 1 0 8 0 amappl5 112 123 0 116 1 0 1 1 0 8 0 amappl4 104 297 0 283 1 0 1 1 0 8 0 amappl3 96 8865 0 8762 5 1 4 4 0 8 0 amappl2 88 645 0 589 2 0 2 2 0 8 0 amappl1 80 12776 0 12232 13 1 12 13 0 8 0 amappl 88 12370 0 12210 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 8 0 8 2 1 1 1 0 8 1 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 148 0 7 3 0 3 3 0 8 0 uaddrrnd 24 1540 0 1510 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1540 0 1510 1 0 1 1 0 8 0 vmmpekpl 168 13414 0 13371 3 0 3 3 0 8 0 vmmpepl 168 102026 0 99944 124 8 116 116 0 357 14 vmsppl 360 1539 0 1510 4 1 3 4 0 8 0 rwobjpl 32 32731 0 26738 51 0 51 51 0 8 0 pdppl 4096 3086 0 3020 110 44 66 76 0 8 0 pvpl 32 681616 0 668371 199 10 189 189 0 265 43 pmappl 216 1539 0 1510 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 306 0 74 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7a1cf9432910, count: -1 ddb> machine ddbcpu 1 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7a1cf9432910, count: -1