kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Wed Dec 15 19:46:29 PST 2021 OpenBSD/amd64 (ci-openbsd-multicore-7.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.24' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: kernel diagnostic assertion "(rule != NULL) && (rule->ruleset != NULL)" failed: file "/syzkaller/managers/multicore/kernel/sys/net/pf_ioctl.c", line 330 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 338235 33889 0 0x2 0 1 syz-executor1742 *176350 79432 0 0x14000 0x200 0K systq db_enter() at db_enter+0x18 panic(ffffffff8244cf87) at panic+0x177 __assert(ffffffff824be1c4,ffffffff824f7e76,14a,ffffffff824840b5) at __assert+0x25 pf_purge_rule(ffff800000ba0558) at pf_purge_rule+0x1ab pf_purge_expired_rules() at pf_purge_expired_rules+0xbc pf_purge(ffffffff82981d30) at pf_purge+0xe0 taskq_thread(ffffffff827f67a0) at taskq_thread+0xe6 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "(rule != NULL) && (rule->ruleset != NULL)" failed: file "/syzkaller/managers/multicore/kernel/sys/net/pf_ioctl.c", line 330 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff8244cf87) at panic+0x177 __assert(ffffffff824be1c4,ffffffff824f7e76,14a,ffffffff824840b5) at __assert+0x25 pf_purge_rule(ffff800000ba0558) at pf_purge_rule+0x1ab pf_purge_expired_rules() at pf_purge_expired_rules+0xbc pf_purge(ffffffff82981d30) at pf_purge+0xe0 taskq_thread(ffffffff827f67a0) at taskq_thread+0xe6 end trace frame: 0x0, count: -7 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002115b260 rbx 0xffffffff827e3bff cpu_info_full_primary+0x2bff rdx 0x8b rcx 0x2 rax 0xa0 r8 0xffffffff817eb474 kprintf+0x144 r9 0x1 r10 0x2215bf137004de3 r11 0x8defe935bbda665e r12 0xffffffff827e3a00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff81552b08 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002115b250 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (systq) pid=176350 stat=onproc flags process=14000 proc=200 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000211497a0,0xffff8000211487f0 process=0xffff8000ffffe568 user=0xffff800021156000, vmspace=0xffffffff828c32f0 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 33889 338235 95218 0 7 0x2 syz-executor1742 95218 239022 22804 0 3 0x10008a sigsusp ksh 22804 513109 89373 0 3 0x9a kqread sshd 64474 83431 1 0 3 0x100083 ttyin getty 89373 265247 1 0 3 0x88 kqread sshd 77824 277959 44133 74 3 0x100092 bpf pflogd 44133 175672 1 0 3 0x80 netio pflogd 25871 453960 84595 73 3 0x100090 kqread syslogd 84595 72808 1 0 3 0x100082 netio syslogd 75466 960 1 0 3 0x100080 kqread resolvd 62939 454887 12945 77 3 0x100092 kqread dhcpleased 42298 311821 12945 77 3 0x100092 kqread dhcpleased 12945 514799 1 0 3 0x80 kqread dhcpleased 56399 124845 0 0 3 0x14200 bored smr 83192 148187 0 0 3 0x14200 pgzero zerothread 66029 503231 0 0 3 0x14200 aiodoned aiodoned 88280 90858 0 0 3 0x14200 syncer update 32991 366015 0 0 3 0x14200 cleaner cleaner 59866 352943 0 0 3 0x14200 reaper reaper 24894 318217 0 0 3 0x14200 pgdaemon pagedaemon 91883 311767 0 0 3 0x14200 bored viomb 95221 448356 0 0 3 0x40014200 acpi0 acpi0 96768 445830 0 0 3 0x40014200 idle1 88067 104980 0 0 3 0x14200 bored softnet 98432 444059 0 0 3 0x14200 bored systqmp *79432 176350 0 0 7 0x14200 systq 24079 390825 0 0 3 0x40014200 bored softclock 5518 276616 0 0 3 0x40014200 idle0 1 254187 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 79432 (systq) thread 0xffff800021149500 (176350) exclusive rwlock pf_lock r = 0 (0xffffffff82768fb0) #0 witness_lock+0x4b0 #1 pf_purge+0xa9 #2 taskq_thread+0xe6 #3 proc_trampoline+0x1c exclusive rwlock netlock r = 0 (0xffffffff82814800) #0 witness_lock+0x4b0 #1 pf_purge+0x38 #2 taskq_thread+0xe6 #3 proc_trampoline+0x1c shared rwlock systq r = 0 (0xffffffff827f6810) #0 witness_lock+0x4b0 #1 taskq_thread+0xcb #2 proc_trampoline+0x1c exclusive kernel_lock &kernel_lock r = 0 (0xffffffff828ba480) #0 witness_lock+0x4b0 #1 __mp_acquire_count+0x4c #2 mi_switch+0x3d3 #3 sleep_finish+0x1b2 #4 msleep+0x115 #5 taskq_next_work+0x6e #6 taskq_thread+0x145 #7 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10109 6415K 6416K 78643K 11199 0 pcb 13 8K 8K 78643K 244 0 rtable 67 3K 3K 78643K 119 0 ifaddr 30 8K 8K 78643K 31 0 counters 40 33K 33K 78643K 40 0 ioctlops 0 0K 4K 78643K 2172 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1183 74K 75K 78643K 1188 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 1 0K 0K 78643K 1 0 proc 67 87K 87K 78643K 278 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 2K 78643K 353 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 82 3K 6K 78643K 2862 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 462 0 NDP 4 0K 0K 78643K 4 0 temp 24 4183K 4245K 78643K 2200 0 kqueue 11 16K 16K 78643K 20 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 17 0 14 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 128 35 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 470 0 419 5 0 5 5 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 304 956 0 950 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 3 0 1 1 0 1 1 0 8 0 pfstitem 24 9 0 2 1 0 1 1 0 8 0 pfstkey 112 9 0 2 1 0 1 1 0 8 0 pfstate 320 9 0 2 1 0 1 1 0 8 0 pfrule 1360 483 0 246 20 0 20 20 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1413 0 23 87 0 87 87 0 8 0 ffsino 272 1413 0 23 93 0 93 93 0 8 0 nchpl 144 1587 0 40 58 0 58 58 0 8 0 uvmvnodes 72 1423 0 0 26 0 26 26 0 8 0 vnodes 224 1423 0 0 84 0 84 84 0 8 0 namei 1024 4842 0 4842 2 1 1 1 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 231 0 0 7 0 7 7 0 8 0 scxspl 216 3737 0 3737 10 9 1 8 0 8 1 plimitpl 152 16 0 9 1 0 1 1 0 8 0 sigapl 424 485 0 456 4 0 4 4 0 8 0 knotepl 112 42 0 0 2 0 2 2 0 8 0 kqueuepl 216 16 0 9 1 0 1 1 0 8 0 pipepl 336 69 0 66 2 1 1 1 0 8 0 fdescpl 496 471 0 456 3 0 3 3 0 8 0 filepl 152 2699 0 2641 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 69 0 57 1 0 1 1 0 8 0 zombiepl 144 456 0 455 2 1 1 1 0 8 0 processpl 1064 485 0 455 3 0 3 3 0 8 0 procpl 672 485 0 455 3 0 3 3 0 8 0 sockpl 480 1008 0 984 5 1 4 4 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 83 0 0 10 0 10 10 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 136 0 0 9 0 9 9 0 8 0 bufpl 280 2003 0 92 137 0 137 137 0 8 0 anonpl 24 58902 0 56590 18 3 15 17 0 186 1 amapchunkpl 152 5136 0 4993 8 2 6 8 0 158 0 amappl16 200 259 0 259 2 1 1 1 0 8 1 amappl15 192 66 0 63 1 0 1 1 0 8 0 amappl13 176 18 0 17 2 1 1 1 0 8 0 amappl12 168 10 0 9 1 0 1 1 0 8 0 amappl11 160 60 0 43 1 0 1 1 0 8 0 amappl10 152 11 0 9 1 0 1 1 0 8 0 amappl9 144 230 0 228 1 0 1 1 0 8 0 amappl8 136 280 0 278 1 0 1 1 0 8 0 amappl7 128 34 0 32 1 0 1 1 0 8 0 amappl6 120 268 0 263 1 0 1 1 0 8 0 amappl5 112 213 0 195 1 0 1 1 0 8 0 amappl4 104 534 0 513 1 0 1 1 0 8 0 amappl3 96 156 0 141 1 0 1 1 0 8 0 amappl2 88 295 0 263 1 0 1 1 0 8 0 amappl1 80 9639 0 9251 10 1 9 9 0 8 0 amappl 88 2385 0 2321 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 471 0 456 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 471 0 456 1 0 1 1 0 8 0 vmmpekpl 168 6502 0 6486 1 0 1 1 0 8 0 vmmpepl 168 29948 0 29095 46 4 42 42 0 357 1 vmsppl 368 470 0 456 2 0 2 2 0 8 0 rwobjpl 56 8796 0 8237 10 2 8 9 0 8 0 pdppl 4096 950 0 912 58 18 40 44 0 8 2 pvpl 32 145833 0 141704 43 6 37 37 0 265 2 pmappl 224 470 0 456 2 0 2 2 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 303 0 22 9 0 9 9 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff8244cf87) at panic+0x177 __assert(ffffffff824be1c4,ffffffff824f7e76,14a,ffffffff824840b5) at __assert+0x25 pf_purge_rule(ffff800000ba0558) at pf_purge_rule+0x1ab pf_purge_expired_rules() at pf_purge_expired_rules+0xbc pf_purge(ffffffff82981d30) at pf_purge+0xe0 taskq_thread(ffffffff827f67a0) at taskq_thread+0xe6 end trace frame: 0x0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc syscall(ffff80002121ee50) at syscall+0x3ef Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcfd70, count: 9 ddb{1}> trace x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc syscall(ffff80002121ee50) at syscall+0x3ef Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcfd70, count: -6