panic: kernel diagnostic assertion "(p->pfik_flagrefs == 0) || (p->pfik_flagrefs == 1)" failed: file "/syzkaller/managers/main/kernel/sys/net/pf_if.c", line 907
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*163740 42708 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83486d64) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff834c3e05,ffffffff834a981e,38b,ffffffff834351f4) at __assert+0x29 sys/kern/subr_prf.c:-1
pfi_clear_flags(ffff80002d0aad90,0) at pfi_clear_flags+0x41d sys/net/pf_if.c:893
pfioctl(34900,c028445a,ffff80002d0aad90,3,ffff80003c928fc0) at pfioctl+0xf6a sys/net/pf_ioctl.c:3910
VOP_IOCTL(fffffd806163e0d8,c028445a,ffff80002d0aad90,3,fffffd8007ffd6e8,ffff80003c928fc0) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806f253ad0,c028445a,ffff80002d0aad90,ffff80003c928fc0) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537
sys_ioctl(ffff80003c928fc0,ffff80002d0aaf60,ffff80002d0aaeb0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80002d0aaf60) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002d0aaf60) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf74c660f4c0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "(p->pfik_flagrefs == 0) || (p->pfik_flagrefs == 1)" failed: file "/syzkaller/managers/main/kernel/sys/net/pf_if.c", line 907
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83486d64) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff834c3e05,ffffffff834a981e,38b,ffffffff834351f4) at __assert+0x29 sys/kern/subr_prf.c:-1
pfi_clear_flags(ffff80002d0aad90,0) at pfi_clear_flags+0x41d sys/net/pf_if.c:893
pfioctl(34900,c028445a,ffff80002d0aad90,3,ffff80003c928fc0) at pfioctl+0xf6a sys/net/pf_ioctl.c:3910
VOP_IOCTL(fffffd806163e0d8,c028445a,ffff80002d0aad90,3,fffffd8007ffd6e8,ffff80003c928fc0) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806f253ad0,c028445a,ffff80002d0aad90,ffff80003c928fc0) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537
sys_ioctl(ffff80003c928fc0,ffff80002d0aaf60,ffff80002d0aaeb0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80002d0aaf60) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002d0aaf60) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf74c660f4c0, count: -10
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002d0aa940
rbx 0xffff80000040ba00
rdx 0xffff8000015e5e80
rcx 0
rax 0xffff80003c928fc0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xf12f74b1720536b6
r11 0xe4294a799148ecd6
r12 0
r13 0x2
r14 0
r15 0x1
rip 0xffffffff824d3c85 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002d0aa930
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=163740 pid=42708 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c9294f0,0xffffffff83a5c048
process=0xffff8000ffff9218 user=0xffff80002d0a6000, vmspace=0xfffffd806c996188
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb>