panic: kernel diagnostic assertion "(TAILQ_NEXT(inp, inp_queue) == NULL) || (TAILQ_NEXT(inp, inp_queue) == _Q_INVALID)" failed: file "/syzkaller/managers/main/kernel/sys/netinet/in_pcb.c", line 673 Starting stack trace... panic(ffffffff8342cfde) at panic+0x1ba sys/kern/subr_prf.c:229 __assert(ffffffff833df4e4,ffffffff833caf1a,2a1,ffffffff833a396f) at __assert+0x29 sys/kern/subr_prf.c:-1 in_pcbunref(fffffd807131ee18) at in_pcbunref+0x206 sys/netinet/in_pcb.c:672 tcp_input_solocked(ffff80002a74b440,ffff80002a74b44c,0,2,ffff80002a74b438) at tcp_input_solocked+0xfd sys/netinet/tcp_input.c:2229 tcp_input_mlist(ffffffff838ebd20,2) at tcp_input_mlist+0x93 sys/netinet/tcp_input.c:-1 if_input_process(ffff800000b11800,ffff80002a74b518,0) at if_input_process+0x229 sys/net/if.c:1015 ifiq_process(ffff800000b11c18) at ifiq_process+0xcd sys/net/ifq.c:874 taskq_thread(ffff80000002c000) at taskq_thread+0xd4 sys/kern/kern_task.c:446 end trace frame: 0x0, count: 249 End of stack trace. syncing disks...30 24 1 1 1 set $lines = 0 1 1 1 1 set $maxwidth = 0 1 1 show panic 1 1 trace 1 1 show registers 1 show proc 1 ps 1 1 show all locks 1 show malloc giving up WARNING: SPL NOT LOWERED ON SYSCALL 110 53 EXIT 0 3 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *344257 29610 0 0x2 0 0 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x735e2b98d5f0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 460 0 456 3 0 3 3 0 8 2 rtentry 136 374 0 294 4 0 4 4 0 8 0 unpcb 144 3655 0 3640 12 3 9 9 0 8 8 syncache 336 11 0 11 2 1 1 1 0 8 1 sackhl 24 1 0 1 1 0 1 1 0 8 1 tcpqe 32 6 0 6 2 1 1 1 0 8 1 tcpcb 736 1453 0 1446 12 5 7 7 0 8 6 arp 88 56 0 44 1 0 1 1 0 8 0 ipq 40 20 0 20 1 0 1 1 0 8 1 ipqe 40 28 0 28 1 0 1 1 0 8 1 inpcb 328 4673 0 4663 23 14 9 12 0 8 8 ip6q 72 10 0 9 1 0 1 1 0 8 0 ip6af 40 15 0 14 1 0 1 1 0 8 0 nd6 104 89 0 66 1 0 1 1 0 8 0 pkpcb 40 169 0 169 2 1 1 1 0 8 1 kcovpl 48 23 0 15 1 0 1 1 0 8 0 mppekey 1024 2 0 2 1 0 1 1 0 8 1 ppxss 1072 158 0 158 2 1 1 1 0 8 1 pppxif 1384 77 0 77 2 1 1 1 0 8 1 pfstscr 40 11 0 11 2 1 1 1 0 8 1 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pfanchor 1288 4 0 0 1 0 1 1 0 8 0 pfstkey 128 21 0 21 2 1 1 1 0 8 1 pfstate 384 17 0 17 2 1 1 1 0 8 1 pfrule 1344 18 0 10 1 0 1 1 0 8 0 rttmr 136 5 0 5 2 1 1 1 0 8 1 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1645 0 1278 36 6 30 31 0 8 4 art_table 32 1649 0 1278 4 0 4 4 0 8 0 art_node 16 359 0 289 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 2 2 1 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 42 0 17 1 0 1 1 0 8 0 shmpl 112 135 0 7 4 0 4 4 0 8 0 dirhash 1024 35 0 18 3 0 3 3 0 8 0 dino2pl 256 8817 0 7293 96 0 96 96 0 8 0 ffsino 248 8817 0 7293 96 0 96 96 0 8 0 nchpl 144 14897 0 14340 64 33 31 64 0 8 8 rtmask 32 17 0 17 2 1 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 55638 0 55636 4 2 2 2 0 8 1 kstatmem 264 214 0 192 2 0 2 2 0 8 0 scsiplug 72 18 0 18 2 1 1 1 0 8 1 scxspl 216 42161 0 42159 9 7 2 8 1 8 1 plimitpl 152 1206 0 1189 1 0 1 1 0 8 0 sigapl 424 4605 0 4558 6 0 6 6 0 8 0 knotepl 120 253119 0 253071 29 17 12 17 0 8 8 kqueuepl 184 1586 0 1575 4 0 4 4 0 8 3 pipepl 296 667 0 640 13 5 8 8 0 8 5 fdescpl 440 4582 0 4553 4 0 4 4 0 8 0 filepl 120 33514 0 33299 20 6 14 15 0 8 5 lockfpl 104 2327 0 2325 3 1 2 2 0 8 1 lockfspl 48 1014 0 1012 1 0 1 1 0 8 0 sessionpl 144 42 0 34 1 0 1 1 0 8 0 pgrppl 48 170 0 154 1 0 1 1 0 8 0 ucredpl 104 5863 0 5851 1 0 1 1 0 8 0 zombiepl 144 7651 0 7650 1 0 1 1 0 8 0 processpl 1160 4605 0 4558 4 0 4 4 0 8 0 procpl 656 12302 0 12248 6 0 6 6 0 8 0 sosppl 168 16 0 16 1 0 1 1 0 8 1 sockpl 528 9142 0 9113 35 25 10 18 0 8 7 mcl64k 65536 256 0 256 2 1 1 1 0 8 1 mcl16k 16384 13 0 13 2 1 1 1 0 8 1 mcl12k 12288 11 0 11 1 0 1 1 0 8 1 mcl9k 9216 4 0 4 1 0 1 1 0 8 1 mcl8k 8192 104 0 104 2 1 1 1 0 8 1 mcl4k 4096 9698 0 9639 13 5 8 13 0 8 0 mcl2k2 2112 4 0 4 1 0 1 1 0 8 1 mcl2k 2048 5417 0 5415 4 1 3 3 0 8 2 mtagpl 96 253 0 178 3 0 3 3 0 8 0 mbufpl 256 53661 0 53444 25 4 21 21 0 8 3 bufpl 280 10698 0 4471 446 0 446 446 0 8 0 anonpl 24 576382 0 570806 74 14 60 60 0 187 12 amapchunkpl 152 143676 0 143168 40 7 33 33 0 158 12 amappl16 200 9876 0 9773 56 38 18 18 0 8 8 amappl15 192 12 0 12 1 1 0 1 0 8 0 amappl14 184 178 0 167 1 0 1 1 0 8 0 amappl13 176 11 0 11 1 1 0 1 0 8 0 amappl12 168 5431 0 5402 2 0 2 2 0 8 0 amappl11 160 43 0 32 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 1 0 1 0 8 0 amappl9 144 258 0 257 2 1 1 1 0 8 0 amappl8 136 22 0 20 1 0 1 1 0 8 0 amappl7 128 139 0 129 1 0 1 1 0 8 0 amappl6 120 325 0 321 1 0 1 1 0 8 0 amappl5 112 172 0 165 1 0 1 1 0 8 0 amappl4 104 353 0 337 1 0 1 1 0 8 0 amappl3 96 30163 0 30065 4 0 4 4 0 8 0 amappl2 88 873 0 816 2 0 2 2 0 8 0 amappl1 80 26646 0 26102 14 2 12 14 0 8 0 amappl 88 40030 0 39877 5 0 5 5 0 92 0 dma16384 16384 3 0 3 2 1 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 9 0 9 2 1 1 1 0 8 1 dma128 128 261 0 261 2 1 1 1 0 8 1 dma64 64 10 0 10 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 137 0 7 3 0 3 3 0 8 0 uaddrrnd 24 4582 0 4553 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4582 0 4553 1 0 1 1 0 8 0 vmmpekpl 168 32589 0 32526 4 0 4 4 0 8 0 vmmpepl 168 285021 0 283082 107 8 99 99 0 357 6 vmsppl 360 4581 0 4553 4 1 3 4 0 8 0 rwobjpl 32 74720 0 67756 59 0 59 59 0 8 0 pdppl 4096 9170 0 9106 178 112 66 76 0 8 2 pvpl 32 1843142 0 1832092 171 37 134 134 0 265 20 pmappl 216 4581 0 4553 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 390 0 142 9 1 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x735e2b98d5f0, count: -1 ddb> machine ddbcpu 1 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x735e2b98d5f0, count: -1