panic: kernel diagnostic assertion "bpfilter_lookup(unit) == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/net/bpf.c", line 379
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
482649 50950 0 0 0 1 syz-executor
*363093 13112 0 0 0x4000000 0K syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b2fa5) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833f0741,ffffffff834006bd,17b,ffffffff8340abb9) at __assert+0x29 sys/kern/subr_prf.c:-1
bpfopen(11700,21,2000,ffff80003c41f4e8) at bpfopen+0x2bd bpfilter_lookup sys/net/bpf.c:1832 [inline]
bpfopen(11700,21,2000,ffff80003c41f4e8) at bpfopen+0x2bd sys/net/bpf.c:379
spec_open_clone(ffff80003c44ebe8) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c44ebe8) at spec_open+0x319 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8070607630,21,fffffd80097fd5b0,ffff80003c41f4e8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80003c44ee30,21,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177
doopenat(ffff80003c41f4e8,ffffff9c,200000000000,20,0,ffff80003c44efe0) at doopenat+0x35b sys/kern/vfs_syscalls.c:1138
syscall(ffff80003c44f090) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c44f090) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3a3468abde0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "bpfilter_lookup(unit) == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/net/bpf.c", line 379
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b2fa5) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833f0741,ffffffff834006bd,17b,ffffffff8340abb9) at __assert+0x29 sys/kern/subr_prf.c:-1
bpfopen(11700,21,2000,ffff80003c41f4e8) at bpfopen+0x2bd bpfilter_lookup sys/net/bpf.c:1832 [inline]
bpfopen(11700,21,2000,ffff80003c41f4e8) at bpfopen+0x2bd sys/net/bpf.c:379
spec_open_clone(ffff80003c44ebe8) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c44ebe8) at spec_open+0x319 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8070607630,21,fffffd80097fd5b0,ffff80003c41f4e8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80003c44ee30,21,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177
doopenat(ffff80003c41f4e8,ffffff9c,200000000000,20,0,ffff80003c44efe0) at doopenat+0x35b sys/kern/vfs_syscalls.c:1138
syscall(ffff80003c44f090) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c44f090) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3a3468abde0, count: -11
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c44e9c0
rbx 0xffffffff83825e07 cpu_info_full_primary+0x2e07
rdx 0xffff80000155dbc0
rcx 0xffff80003c41f4e8
rax 0xffffffff83824ff0 cpu_info_full_primary+0x1ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xea9b75ce09f6f935
r11 0x394215f31a9d33d
r12 0xffffffff83825c08 cpu_info_full_primary+0x2c08
r13 0
r14 0
r15 0x1
rip 0xffffffff814a31b5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c44e9b0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=363093 pid=13112 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c41e028,0xffffffff839f6288
process=0xffff80003c415d00 user=0xffff80003c44a000, vmspace=0xfffffd806f61c7a8
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
50950 482649 11032 0 7 0 syz-executor
50950 176513 11032 0 3 0x4000080 fifow syz-executor
13112 433693 99365 0 2 0 syz-executor
*13112 363093 99365 0 7 0x4000000 syz-executor
54438 232498 22826 0 2 0 syz-executor
54438 344357 22826 0 3 0x4000080 fsleep syz-executor
53442 419118 6090 0 2 0 syz-executor
53442 357095 6090 0 3 0x4000080 fsleep syz-executor
42383 111558 57022 0 2 0 syz-executor
42383 82687 57022 0 3 0x4000080 kqpoll syz-executor
30369 108934 3709 0 2 0 syz-executor
30369 150606 3709 0 3 0x4000080 kqread syz-executor
30369 456646 3709 0 3 0x4000080 fsleep syz-executor
52420 43439 87645 0 2 0 syz-executor
52420 75268 87645 0 3 0x4000080 kqsel syz-executor
52420 358096 87645 0 3 0x4000080 fsleep syz-executor
57022 461466 36962 0 2 0x2 syz-executor
5837 194132 36962 0 2 0x2 syz-executor
87645 220075 36962 0 3 0x82 nanoslp syz-executor
3709 246299 36962 0 2 0x2 syz-executor
22826 333119 36962 0 3 0x82 nanoslp syz-executor
11032 429387 36962 0 2 0xc82 syz-executor
6090 71337 36962 0 2 0x2 syz-executor
99365 453315 36962 0 2 0xc82 syz-executor
36962 230929 73444 0 3 0x82 kqread syz-executor
73444 105058 16100 0 3 0x10008a sigsusp ksh
16100 72038 35284 0 3 0x98 kqread sshd-session
35284 12664 67251 0 3 0x92 kqread sshd-session
70449 359546 1 0 3 0x100083 ttyopn getty
67251 185771 1 0 3 0x88 kqread sshd
92737 415840 59161 74 3 0x1100092 bpf pflogd
59161 80684 1 0 3 0x80 sbwait pflogd
23981 298200 66327 73 3 0x1100090 kqread syslogd
66327 130844 1 0 3 0x100082 sbwait syslogd
13224 27674 1 0 3 0x100080 kqread resolvd
79552 490517 48088 77 3 0x100092 kqread dhcpleased
89894 502755 48088 77 3 0x100092 kqread dhcpleased
48088 16033 1 0 3 0x80 kqread dhcpleased
72137 434885 0 0 3 0x14200 bored smr
36189 89256 0 0 2 0x14200 zerothread
90520 174999 0 0 3 0x14200 aiodoned aiodoned
86446 294125 0 0 3 0x14200 syncer update
87418 113245 0 0 3 0x14200 cleaner cleaner
59248 159464 0 0 3 0x14200 reaper reaper
77713 475127 0 0 3 0x14200 pgdaemon pagedaemon
54623 304874 0 0 3 0x14200 bored viomb
84670 165088 0 0 3 0x40014200 acpi0 acpi0
87705 279543 0 0 3 0x40014200 idle1
15998 373148 0 0 3 0x14200 bored softnet1
37524 509672 0 0 3 0x14200 bored softnet0
35588 449003 0 0 3 0x14200 bored systqmp
17311 368435 0 0 3 0x14200 bored systq
55025 369349 0 0 3 0x14200 tmoslp softclockmp
73414 404177 0 0 3 0x40014200 tmoslp softclock
27106 7615 0 0 3 0x40014200 idle0
1 269318 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 13112 (syz-executor) thread 0xffff80003c41f4e8 (363093)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83903808)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 doopenat+0x345 sys/kern/vfs_syscalls.c:1138
#2 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#2 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#3 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11080 12289K 12510K 166960K 12998 0
pcb 17 14K 16K 166960K 248 0
rtable 212 8K 8K 166960K 485 0
pf 34 17K 18K 166960K 82 0
ifaddr 41 7K 7K 166960K 78 0
ifgroup 53 2K 2K 166960K 115 0
sysctl 3 1K 9K 166960K 13 0
counters 70 37K 37K 166960K 124 0
ioctlops 0 0K 4K 166960K 1532 0
iov 0 0K 28K 166960K 36 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1378 87K 87K 166960K 1868 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 6 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 35 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 236K 166960K 722 0
sigio 0 0K 0K 166960K 7 0
proc 72 115K 164K 166960K 641 0
subproc 72 4K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 2 0K 0K 166960K 69 0
in_multi 89 6K 7K 166960K 160 0
ether_multi 1 0K 0K 166960K 10 0
mrt 1 0K 0K 166960K 9 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 85 387K 387K 166960K 85 0
exec 0 0K 1K 166960K 632 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 252 151K 173K 166960K 8241 0
UVM aobj 14 8K 8K 166960K 15 0
pinsyscall 43 86K 100K 166960K 1912 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 39 0
NDP 12 0K 2K 166960K 52 0
temp 52 8673K 8799K 166960K 29065 0
kqueue 16 26K 32K 166960K 129 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 74 0 71 1 0 1 1 0 8 0
rtentry 176 144 0 55 6 0 6 6 0 8 0
unpcb 144 343 0 319 3 1 2 2 0 8 0
syncache 336 10 0 10 3 2 1 1 0 8 1
tcpcb 736 159 0 153 2 0 2 2 0 8 1
arp 136 22 0 8 1 0 1 1 0 8 0
inpcb 328 669 0 658 11 9 2 7 0 8 1
nd6 152 32 0 9 1 0 1 1 0 8 0
pkpcb 40 7 0 7 2 1 1 1 0 8 1
kcovpl 48 10 0 2 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1192 20 0 19 2 1 1 1 0 8 0
pffrag 232 6 0 3 1 0 1 1 0 482 0
pffrnode 88 6 0 3 1 0 1 1 0 8 0
pffrent 40 11 0 8 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
rttmr 136 2 0 2 1 0 1 1 0 8 1
art_heap8 4096 4 0 0 4 0 4 4 0 8 0
art_heap4 256 646 0 263 33 7 26 29 0 8 1
art_table 40 650 0 263 5 0 5 5 0 8 0
art_node 32 144 0 64 1 0 1 1 0 8 0
sysvmsgpl 40 16 0 2 1 0 1 1 0 8 0
semapl 112 32 0 22 1 0 1 1 0 8 0
shmpl 112 9 0 1 1 0 1 1 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 2623 0 1110 96 0 96 96 0 8 0
ffsino 296 2623 0 1110 117 0 117 117 0 8 0
nchpl 144 3575 0 1861 64 0 64 64 0 8 0
rtmask 32 3 0 3 2 1 1 1 0 8 1
vnodes 216 2985 0 0 166 0 166 166 0 8 0
namei 1024 12204 0 12204 3 2 1 2 0 8 1
percpumem 16 77 0 27 1 0 1 1 0 8 0
vcpupl 3968 3 0 0 1 0 1 1 0 8 0
vmpool 848 3 0 0 1 0 1 1 0 8 0
kstatmem 264 66 0 40 2 0 2 2 0 8 0
scsiplug 72 1 0 1 1 1 0 1 0 8 0
scxspl 216 19719 0 19719 11 3 8 8 1 8 8
plimitpl 152 177 0 159 1 0 1 1 0 8 0
sigapl 424 1009 0 961 7 1 6 7 0 8 0
knotepl 120 774 0 0 24 0 24 24 0 8 0
kqueuepl 224 185 0 170 2 0 2 2 0 8 0
pipepl 344 185 0 158 3 0 3 3 0 8 0
fdescpl 528 993 0 961 3 0 3 3 0 8 0
filepl 160 5422 0 5192 17 5 12 14 0 8 0
lockfpl 104 245 0 243 1 0 1 1 0 8 0
lockfspl 48 94 0 92 1 0 1 1 0 8 0
sessionpl 144 30 0 21 1 0 1 1 0 8 0
pgrppl 48 55 0 38 1 0 1 1 0 8 0
ucredpl 104 758 0 745 1 0 1 1 0 8 0
zombiepl 144 1099 0 1098 1 0 1 1 0 8 0
processpl 1232 1009 0 961 5 0 5 5 0 8 0
procpl 664 1961 0 1904 6 0 6 6 0 8 0
sosppl 176 5 0 5 3 2 1 1 0 8 1
sockpl 752 1114 0 1076 19 13 6 11 0 8 2
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 125 0 0 16 0 16 16 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 39 0 0 5 0 5 5 0 8 0
mtagpl 96 75 0 0 2 0 2 2 0 8 0
mbufpl 256 244 0 0 15 0 15 15 0 8 0
bufpl 280 7797 0 1661 439 0 439 439 0 8 0
anonpl 32 11857 0 0 97 1 96 97 0 246 0
amapchunkpl 152 25476 0 24951 38 13 25 33 0 158 4
amappl16 200 2355 0 2322 38 27 11 25 0 8 5
amappl15 192 2 0 2 1 1 0 1 0 8 0
amappl14 184 5 0 4 1 0 1 1 0 8 0
amappl13 176 451 0 450 1 0 1 1 0 8 0
amappl12 168 1381 0 1338 3 1 2 3 0 8 0
amappl11 160 92 0 92 1 1 0 1 0 8 0
amappl10 152 57 0 43 1 0 1 1 0 8 0
amappl9 144 259 0 259 1 1 0 1 0 8 0
amappl8 136 22 0 20 1 0 1 1 0 8 0
amappl7 128 89 0 87 1 0 1 1 0 8 0
amappl6 120 344 0 331 1 0 1 1 0 8 0
amappl5 112 75 0 64 1 0 1 1 0 8 0
amappl4 104 447 0 416 1 0 1 1 0 8 0
amappl3 96 4591 0 4490 4 1 3 3 0 8 0
amappl2 88 1158 0 1080 2 0 2 2 0 8 0
amappl1 80 13200 0 12608 15 1 14 14 0 8 0
amappl 88 7330 0 7155 5 0 5 5 0 92 0
uvmvnodes 80 121 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 7 0 7 2 1 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 14 0 1 1 0 1 1 0 8 0
uaddrrnd 24 993 0 961 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 993 0 961 1 0 1 1 0 8 0
vmmpekpl 168 10241 0 10197 3 0 3 3 0 8 0
vmmpepl 168 70607 0 68632 118 24 94 107 0 357 4
vmsppl 488 992 0 961 6 1 5 5 0 8 0
rwobjpl 80 21567 0 20497 31 1 30 31 0 8 0
pdppl 4096 1999 0 1925 104 30 74 83 0 8 0
pvpl 32 18302 0 0 148 0 148 148 0 265 0
pmappl 256 995 0 961 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 294 0 44 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833b2fa5) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833f0741,ffffffff834006bd,17b,ffffffff8340abb9) at __assert+0x29 sys/kern/subr_prf.c:-1
bpfopen(11700,21,2000,ffff80003c41f4e8) at bpfopen+0x2bd bpfilter_lookup sys/net/bpf.c:1832 [inline]
bpfopen(11700,21,2000,ffff80003c41f4e8) at bpfopen+0x2bd sys/net/bpf.c:379
spec_open_clone(ffff80003c44ebe8) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c44ebe8) at spec_open+0x319 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8070607630,21,fffffd80097fd5b0,ffff80003c41f4e8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80003c44ee30,21,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177
doopenat(ffff80003c41f4e8,ffffff9c,200000000000,20,0,ffff80003c44efe0) at doopenat+0x35b sys/kern/vfs_syscalls.c:1138
syscall(ffff80003c44f090) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c44f090) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3a3468abde0, count: -11
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xb kd_curproc sys/dev/kcov.c:580 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xb sys/dev/kcov.c:153
syscall(ffff80003b3f77c0) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
syscall(ffff80003b3f77c0) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7216ffa7b6b0, count: 9
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xb kd_curproc sys/dev/kcov.c:580 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xb sys/dev/kcov.c:153
syscall(ffff80003b3f77c0) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
syscall(ffff80003b3f77c0) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7216ffa7b6b0, count: -6