Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: mtx_lock() of spin mutex (null) @ /syzkaller/managers/main/kernel/sys/modules/tcp/bbr/../../../netinet/tcp_stacks/bbr.c:12576 cpuid = 1 time = 1587256379 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe002586d540 vpanic() at vpanic+0x1c7/frame 0xfffffe002586d5a0 panic() at panic+0x43/frame 0xfffffe002586d600 __mtx_lock_flags() at __mtx_lock_flags+0x202/frame 0xfffffe002586d660 bbr_output_wtime() at bbr_output_wtime+0x8a12/frame 0xfffffe002586d920 bbr_output() at bbr_output+0x67/frame 0xfffffe002586d950 tcp_usr_connect() at tcp_usr_connect+0x22e/frame 0xfffffe002586d9c0 soconnectat() at soconnectat+0x183/frame 0xfffffe002586da20 kern_connectat() at kern_connectat+0x209/frame 0xfffffe002586da80 sys_connect() at sys_connect+0xd9/frame 0xfffffe002586dac0 amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe002586dbf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe002586dbf0 --- syscall (0, FreeBSD ELF64, nosys), rip = 0x45764a, rsp = 0x7fffdffdcf88, rbp = 0x6b5c00 --- KDB: enter: panic [ thread pid 804 tid 100199 ] Stopped at kdb_enter+0x67: movq $0,0x14a9f36(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0x80 ll+0x5f rdx 0xffffffff818a9130 rbx 0 rsp 0xfffffe002586d520 rbp 0xfffffe002586d540 rsi 0x1 rdi 0 r8 0 r9 0xffffffff r10 0 r11 0x46eaa4f3 r12 0xffffffff82068ea0 ddb_dbbe r13 0 r14 0xffffffff8194920c r15 0xffffffff8194920c rip 0xffffffff810ad937 kdb_enter+0x67 rflags 0x82 ll+0x61 kdb_enter+0x67: movq $0,0x14a9f36(%rip) db> show proc Process 804 (syz-executor7334336) at 0xfffff8003b39e000: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 773 at 0xfffff8003b38b000 ABI: FreeBSD ELF64 arguments: ./syz-executor733433686 reaper: 0xfffff8000331a000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00257a99e8 (map 0xfffffe00257a99e8) (map.pmap 0xfffffe00257a9aa8) (pmap 0xfffffe00257a9b08) threads: 4 100107 Run CPU 0 syz-executor7334336 100198 S connec 0xfffffe00239da0f0 syz-executor7334336 100199 Run CPU 1 syz-executor7334336 100200 RunQ syz-executor7334336 db> ps pid ppid pgrp uid state wmesg wchan cmd 804 773 771 0 R (threaded) syz-executor7334336 100107 Run CPU 0 syz-executor7334336 100198 S connec 0xfffffe00239da0f0 syz-executor7334336 100199 Run CPU 1 syz-executor7334336 100200 RunQ syz-executor7334336 773 771 771 0 S nanslp 0xffffffff8252c1f0 syz-executor7334336 771 769 771 0 Ss pause 0xfffff8003b39e5c8 csh 769 682 769 0 Ss select 0xfffff8003b4ebbc0 sshd 748 1 748 0 Ss+ ttyin 0xfffff8000356f8b0 getty 747 1 747 0 Ss+ ttyin 0xfffff80003b6fcb0 getty 746 1 746 0 Ss+ ttyin 0xfffff80003b6e4b0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003b6ecb0 getty 744 1 744 0 Ss+ ttyin 0xfffff800033b74b0 getty 743 1 743 0 Ss+ ttyin 0xfffff800033b7cb0 getty 742 1 742 0 Ss+ ttyin 0xfffff800033b64b0 getty 741 1 741 0 Ss+ ttyin 0xfffff800033b6cb0 getty 740 1 740 0 Ss+ ttyin 0xfffff800033b94b0 getty 738 1 24 0 S+ piperd 0xfffff80003cc2be0 logger 737 736 24 0 S+ nanslp 0xffffffff8252c1f0 sleep 736 1 24 0 S+ wait 0xfffff80003ca4520 sh 686 1 686 0 Ss nanslp 0xffffffff8252c1f0 cron 682 1 682 0 Ss select 0xfffff80003c03140 sshd 495 1 495 0 Ss select 0xfffff80003c04b40 syslogd 424 1 424 0 Ss select 0xfffff800030843c0 devd 423 1 423 65 Ss select 0xfffff80003c04f40 dhclient 338 1 338 0 Ss select 0xfffff80003084840 dhclient 335 1 335 0 Ss select 0xfffff80003c030c0 dhclient 23 0 0 0 DL vlruwt 0xfffff800033e0520 [vnlru] 22 0 0 0 DL syncer 0xffffffff82618118 [syncer] 21 0 0 0 DL (threaded) [bufdaemon] 100069 D qsleep 0xffffffff82617438 [bufdaemon] 100076 D - 0xffffffff8200aa00 [bufspacedaemon-0] 100087 D sdflush 0xfffff80003c25ce8 [/ worker] 20 0 0 0 DL psleep 0xffffffff8263e3c8 [vmdaemon] 19 0 0 0 DL (threaded) [pagedaemon] 100067 D psleep 0xffffffff82632998 [dom0] 100074 D launds 0xffffffff826329a4 [laundry: dom0] 100075 D umarcl 0xffffffff8154ac70 [uma] 18 0 0 0 DL - 0xffffffff8235fe20 [rand_harvestq] 17 0 0 0 DL pftm 0xffffffff82b533a0 [pf purge] 16 0 0 0 DL waiting 0xffffffff8261a890 [sctp_iterator] 15 0 0 0 DL - 0xffffffff82616a2c [soaiod4] 9 0 0 0 DL - 0xffffffff82616a2c [soaiod3] 8 0 0 0 DL - 0xffffffff82616a2c [soaiod2] 7 0 0 0 DL - 0xffffffff82616a2c [soaiod1] 6 0 0 0 DL (threaded) [cam] 100033 D - 0xffffffff82237b40 [doneq0] 100066 D - 0xffffffff82237a10 [scanner] 5 0 0 0 DL crypto_ 0xfffff8000320cd90 [crypto returns 1] 4 0 0 0 DL crypto_ 0xfffff8000320cd30 [crypto returns 0] 3 0 0 0 DL crypto_ 0xffffffff826300c0 [crypto] 14 0 0 0 DL seqstat 0xfffff80003363488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100024 D - 0xffffffff8250b180 [g_event] 100025 D - 0xffffffff8250b188 [g_up] 100026 D - 0xffffffff8250b190 [g_down] 2 0 0 0 DL (threaded) [KTLS] 100017 D - 0xfffff80003084a00 [thr_0] 100018 D - 0xfffff80003084a40 [thr_1] 12 0 0 0 WL (threaded) [intr] 100010 I [swi6: Giant taskq] 100013 I [swi5: fast taskq] 100016 I [swi6: task queue] 100019 I [swi3: vm] 100020 I [swi4: clock (0)] 100021 I [swi4: clock (1)] 100022 I [swi1: netisr 0] 100034 I [irq24: virtio_pci0] 100035 I [irq25: virtio_pci0] 100036 I [irq26: virtio_pci0] 100037 I [irq27: virtio_pci0] 100038 I [irq28: virtio_pci1] 100039 I [irq29: virtio_pci1] 100040 I [irq30: virtio_pci1] 100041 I [irq31: virtio_pci1] 100042 I [irq32: virtio_pci1] 100047 I [irq10: virtio_pci2] 100049 I [irq1: atkbd0] 100050 I [irq12: psm0] 100051 I [swi0: uart uart++] 100060 I [swi1: pf send] 100072 I [swi1: hpts] 100073 I [swi1: hpts] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff8000331a000 [init] 10 0 0 0 DL audit_w 0xffffffff82630598 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff8250b710 [swapper] 100005 D - 0xfffff80003338000 [if_config_tqg_0] 100006 D - 0xfffff80003339e00 [softirq_0] 100007 D - 0xfffff80003339d00 [softirq_1] 100008 D - 0xfffff80003339c00 [if_io_tqg_0] 100009 D - 0xfffff80003339b00 [if_io_tqg_1] 100011 D - 0xfffff8000333e000 [in6m_free taskq] 100012 D - 0xfffff8000333fe00 [thread taskq] 100014 D - 0xfffff8000333fc00 [kqueue_ctx taskq] 100015 D - 0xfffff8000333fb00 [aiod_kick taskq] 100023 D - 0xfffff8000333f900 [firmware taskq] 100028 D - 0xfffff8000333f800 [crypto_0] 100029 D - 0xfffff8000333f800 [crypto_1] 100043 D - 0xfffff8000333f500 [vtnet0 rxq 0] 100044 D - 0xfffff8000333f400 [vtnet0 txq 0] 100045 D - 0xfffff8000333f300 [vtnet0 rxq 1] 100046 D - 0xfffff8000333f200 [vtnet0 txq 1] 100048 D vtbslp 0xfffff800034fc580 [virtio_balloon] 100052 D - 0xfffff8000333f100 [mca taskq] 100056 D - 0xffffffff81cec7f0 [deadlkres] 100062 D - 0xfffff80003b5e300 [acpi_task_0] 100063 D - 0xfffff80003b5e300 [acpi_task_1] 100064 D - 0xfffff80003b5e300 [acpi_task_2] 100065 D - 0xfffff8000333f700 [CAM taskq] db> show all locks Process 804 (syz-executor7334336) thread 0xfffffe00257c3700 (100199) exclusive rw tcpinp (tcpinp) r = 0 (0xfffff8003b52bd78) locked @ /syzkaller/managers/main/kernel/sys/netinet/tcp_usrreq.c:549 db> show malloc Type InUse MemUse Requests pf_hash 5 11524K 5 devbuf 4213 4851K 4238 tcp_hpts 5 3201K 5 vtbuf 24 1968K 46 sysctloid 28335 1653K 28399 kobj 332 1328K 488 newblk 489 1146K 546 vfscache 4 1025K 4 pcb 23 537K 137 inodedep 28 526K 71 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 388K 4 subproc 105 217K 863 acpica 1674 185K 52709 vnet_data 1 168K 1 pagedep 8 130K 18 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 101 101K 110 linker 244 92K 265 bus 964 78K 3344 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 497 63K 497 umtx 270 34K 270 temp 18 33K 1537 hostcache 1 32K 1 shm 1 32K 1 msg 4 30K 4 DEVFS3 120 30K 130 kdtrace 151 29K 1757 DEVFS_RULE 56 27K 56 gtaskqueue 18 26K 18 vmem 3 22K 4 kbdmux 6 22K 6 BPF 10 18K 10 ufs_mount 3 17K 4 proc 3 17K 3 tty 16 16K 16 tidhash 1 16K 1 ithread 98 16K 98 bus-sc 30 14K 1431 KTRACE 100 13K 100 ifaddr 30 12K 32 kenv 95 12K 99 eventhandler 132 12K 132 pfs_nodes 20 10K 20 GEOM 60 10K 486 rman 82 10K 423 bmsafemap 2 9K 40 UART 12 9K 12 devstat 4 9K 4 rpc 2 8K 2 shmfd 1 8K 1 pfs_vncache 1 8K 1 audit_evclass 232 8K 290 CAM DEV 3 6K 510 vt 11 6K 11 cred 21 6K 234 sglist 5 6K 5 CAM queue 5 6K 1528 routetbl 28 5K 32 taskqueue 45 5K 45 ufs_dirhash 24 5K 24 plimit 17 5K 322 ifnet 3 5K 3 memdesc 1 4K 1 MCA 32 4K 32 UMA 249 4K 249 evdev 4 4K 4 filedesc 1 4K 1 lltable 11 4K 11 hhook 13 4K 13 ether_multi 40 4K 45 pf_ifnet 5 3K 6 in6_multi 25 3K 25 kqueue 47 3K 807 acpisem 22 3K 22 terminal 11 3K 11 session 20 3K 31 pgrp 20 3K 31 select 18 3K 18 uidinfo 3 3K 8 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 proc-args 39 2K 472 freefile 13 2K 22 CAM XPT 22 2K 543 lockf 15 2K 22 Unitno 25 2K 37 acpidev 20 2K 20 msi 9 2K 9 softdep 1 1K 1 dirrem 4 1K 28 ipsecpolicy 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 clone 8 1K 8 vnodemarker 2 1K 8 NFSD session 1 1K 1 CAM periph 4 1K 271 diradd 7 1K 36 indirdep 3 1K 3 nhops 6 1K 6 toponodes 6 1K 6 isadev 6 1K 6 mount 16 1K 86 pci_link 10 1K 10 ip6ndp 4 1K 5 sctp_ifa 5 1K 5 crypto 3 1K 3 newdirblk 4 1K 8 mkdir 4 1K 16 in_multi 2 1K 3 pfil 4 1K 4 chacha20random 1 1K 1 CAM SIM 2 1K 2 epoch 4 1K 4 cdev 2 1K 2 encap_export_host 8 1K 8 osd 3 1K 9 inpcbpolicy 8 1K 193 mld 2 1K 2 sctp_ifn 2 1K 2 igmp 2 1K 2 vnodes 1 1K 1 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 feeder 7 1K 7 tcpfunc 3 1K 3 loginclass 3 1K 7 soname 6 1K 5850 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 apmdev 1 1K 1 atkbddev 2 1K 2 CAM path 4 1K 1034 ktls 1 1K 1 pmchooks 1 1K 1 prison 4 1K 4 DEVFSP 2 1K 2 filecaps 4 1K 66 tun 3 1K 3 nexusdev 5 1K 5 entropy 2 1K 35 sctp_vrf 1 1K 1 vnet 1 1K 1 acpiintr 1 1K 1 pmc 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 freework 1 1K 26 p1003.1b 1 1K 1 pf_table 0 0K 0 pf_rule 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_temp 0 0K 0 ath_hal 0 0K 0 madt_table 0 0K 2 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 amr 0 0K 0 scsi_da 0 0K 69 ata_da 0 0K 0 pvscsi 0 0K 0 smartpqi 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 iavf 0 0K 0 ixl 0 0K 0 nvme_da 0 0K 0 acpipwr 0 0K 0 twsbuf 0 0K 0 twe_commands 0 0K 0 twa_commands 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 fpukern_ctx 0 0K 0 mixer 0 0K 0 xen_intr 0 0K 0 ac97 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 qpidrv 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 dmar_dmamap 0 0K 0 hdaa 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 isci 0 0K 0 bxe_ilt 0 0K 0 xenbus 0 0K 0 SIIS driver 0 0K 0 vm_fictitious 0 0K 0 CAM CCB 0 0K 1835 PUC 0 0K 0 ppbusdev 0 0K 0 agtiapi_MemAlloc malloc 0 0K 0 osti_cacheable 0 0K 0 tempbuff 0 0K 0 tempbuff 0 0K 0 UMAHash 0 0K 0 ag_tgt_map_t malloc 0 0K 0 ag_slr_map_t malloc 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 13 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 3 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freeblks 0 0K 25 freefrag 0 0K 7 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 xform 0 0K 0 NLM 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 3 ip6_msource 0 0K 0 ip6_moptions 0 0K 0 in6_mfilter 0 0K 0 frag6 0 0K 0 tcplog 0 0K 0 lDevFlags * malloc 0 0K 0 LRO 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 0 sctp_iter 0 0K 3 sctp_mvrf 0 0K 0 sctp_timw 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_athm 0 0K 0 sctp_atky 0 0K 0 sctp_atcl 0 0K 0 sctp_a_it 0 0K 3 sctp_aadr 0 0K 0 sctp_stro 0 0K 0 sctp_stri 0 0K 0 sctp_map 0 0K 0 newreno data 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 0 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 0 fadvise 0 0K 0 tiDeviceHandle_t * malloc 0 0K 0 statfs 0 0K 195 export_host 0 0K 0 cl_savebuf 0 0K 3 ag_portal_data_t malloc 0 0K 0 ag_device_t malloc 0 0K 0 STLock malloc 0 0K 0 CCB List 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 CAM ccb queue 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 mps_user 0 0K 0 biobuf 0 0K 0 aios 0 0K 0 lio 0 0K 0 acl 0 0K 0 MPSSAS 0 0K 0 mbuf_tag 0 0K 25 accf 0 0K 0 pts 0 0K 0 iov 0 0K 13002 ioctlops 0 0K 86 Witness 0 0K 0 stack 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 mpr 0 0K 0 mfibuf 0 0K 0 md_sectors 0 0K 0 sbuf 0 0K 288 md_disk 0 0K 0 compressor 0 0K 0 malodev 0 0K 0 SWAP 0 0K 0 LED 0 0K 0 sysctltmp 0 0K 574 sysctl 0 0K 1 ekcd 0 0K 0 dumper 0 0K 0 sendfile 0 0K 0 rctl 0 0K 0 ix_sriov 0 0K 0 aacraidcam 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 iirbuf 0 0K 0 cache 0 0K 0 aacraid_buf 0 0K 0 kcovinfo 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 filedesc_to_leader 0 0K 0 pwd 0 0K 0 tty console 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 NFS FHA 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroffdiroff 0 0K 0 NEWdirectio 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 NFSD srvcache 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 scsi_pass 0 0K 0 ciss_data 0 0K 0 xnb 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 db> show ktr No such command; use "help" to list available commands db>