login: panic: mtx_lock() of spin mutex (null) @ /syzkaller/managers/main/kernel/sys/netinet/tcp_output.c:352 cpuid = 1 time = 1601841451 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0025e72660 vpanic() at vpanic+0x1c7/frame 0xfffffe0025e726c0 panic() at panic+0x43/frame 0xfffffe0025e72720 __mtx_lock_flags() at __mtx_lock_flags+0x202/frame 0xfffffe0025e72780 tcp_output() at tcp_output+0x717/frame 0xfffffe0025e72950 tcp_usr_connect() at tcp_usr_connect+0x258/frame 0xfffffe0025e729c0 soconnectat() at soconnectat+0x183/frame 0xfffffe0025e72a20 kern_connectat() at kern_connectat+0x1e1/frame 0xfffffe0025e72a80 sys_connect() at sys_connect+0xd9/frame 0xfffffe0025e72ac0 amd64_syscall() at amd64_syscall+0x25e/frame 0xfffffe0025e72bf0 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0025e72bf0 --- syscall (198, FreeBSD ELF64, nosys), rip = 0x2838ca, rsp = 0x7fffdfffdf08, rbp = 0x7fffdfffdf70 --- KDB: enter: panic [ thread pid 7250 tid 100181 ] Stopped at kdb_enter+0x67: movq $0,0x1480d96(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0x80 ll+0x5f rdx 0xffffffff818928e9 rbx 0 rsp 0xfffffe0025e72640 rbp 0xfffffe0025e72660 rsi 0x1 rdi 0 r8 0 r9 0xffffffff r10 0x489c6dfe r11 0xf4f789de r12 0xffffffff82066ae0 ddb_dbbe r13 0 r14 0xffffffff819377eb r15 0xffffffff819377eb rip 0xffffffff810d12e7 kdb_enter+0x67 rflags 0x86 ll+0x65 kdb_enter+0x67: movq $0,0x1480d96(%rip) db> show proc Process 7250 (syz-executor.1) at 0xfffff80019aed520: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 774 at 0xfffff800198f1000 ABI: FreeBSD ELF64 arguments: /root/syz-executor.1 reaper: 0xfffff80004312000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00258213d0 (map 0xfffffe00258213d0) (map.pmap 0xfffffe0025821490) (pmap 0xfffffe00258214f0) threads: 3 100165 RunQ syz-executor.1 100181 Run CPU 1 syz-executor.1 100183 S umtxn 0xfffff80019b3f980 syz-executor.1 db>