panic: kernel diagnostic assertion "(rule != NULL) && (rule->ruleset != NULL)" failed: file "/syzkaller/managers/multicore/kernel/sys/net/pf_ioctl.c", line 330 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 104721 48844 74 0x100012 0 1 pflogd *244686 9200 0 0x14000 0x200 0K softnet db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823fc819) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff8246a918,ffffffff824a6afd,14a,ffffffff82437187) at __assert+0x2b sys/kern/subr_prf.c:154 pf_purge_rule(ffff800000aaafd8) at pf_purge_rule+0xc9 sys/net/pf_ioctl.c:330 pf_purge(ffffffff829210f0) at pf_purge+0xd2 pf_purge_expired_rules sys/net/pf.c:1245 [inline] pf_purge(ffffffff829210f0) at pf_purge+0xd2 sys/net/pf.c:1280 taskq_thread(ffff80000002c000) at taskq_thread+0xec sys/kern/kern_task.c:437 end trace frame: 0x0, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel diagnostic assertion "(rule != NULL) && (rule->ruleset != NULL)" failed: file "/syzkaller/managers/multicore/kernel/sys/net/pf_ioctl.c", line 330 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823fc819) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff8246a918,ffffffff824a6afd,14a,ffffffff82437187) at __assert+0x2b sys/kern/subr_prf.c:154 pf_purge_rule(ffff800000aaafd8) at pf_purge_rule+0xc9 sys/net/pf_ioctl.c:330 pf_purge(ffffffff829210f0) at pf_purge+0xd2 pf_purge_expired_rules sys/net/pf.c:1245 [inline] pf_purge(ffffffff829210f0) at pf_purge+0xd2 sys/net/pf.c:1280 taskq_thread(ffff80000002c000) at taskq_thread+0xec sys/kern/kern_task.c:437 end trace frame: 0x0, count: -6 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020da92b0 rbx 0xffff800020da9360 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff812843bf kprintf+0x16f r9 0x1 r10 0x2 r11 0xac671fddb4969ce9 r12 0x3000000008 r13 0xffff800020da92c0 r14 0x100 r15 0x1 rip 0xffffffff822e63c8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020da92a0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (softnet) pid=244686 stat=onproc flags process=14000 proc=200 pri=32, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800020d88c30,0xffff800020d88010 process=0xffff800020d8ab88 user=0xffff800020da4000, vmspace=0xffffffff8292b878 estcpu=1, cpticks=1, pctcpu=0.16 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 50781 416263 67707 0 2 0x480 syz-executor.1 50781 374198 67707 0 3 0x4000080 netcon2 syz-executor.1 50781 258821 67707 0 3 0x4000080 fsleep syz-executor.1 94167 218764 63660 0 2 0x482 syz-executor.0 87467 468678 0 0 3 0x14200 bored sosplice 67707 380777 63660 0 2 0x482 syz-executor.1 63660 248291 71739 0 3 0x82 thrsleep syz-fuzzer 63660 66230 71739 0 3 0x4000082 thrsleep syz-fuzzer 63660 97392 71739 0 3 0x4000082 thrsleep syz-fuzzer 63660 28659 71739 0 3 0x4000082 thrsleep syz-fuzzer 63660 170399 71739 0 3 0x4000082 thrsleep syz-fuzzer 63660 272155 71739 0 3 0x4000082 kqread syz-fuzzer 63660 260107 71739 0 3 0x4000082 thrsleep syz-fuzzer 63660 349491 71739 0 3 0x4000082 thrsleep syz-fuzzer 63660 24725 71739 0 3 0x4000082 thrsleep syz-fuzzer 63660 296505 71739 0 3 0x4000082 thrsleep syz-fuzzer 71739 23767 52942 0 3 0x10008a pause ksh 52942 450263 8481 0 3 0x92 select sshd 5240 233268 1 0 3 0x100083 ttyin getty 8481 52371 1 0 3 0x80 select sshd 48844 104721 68569 74 7 0x100012 pflogd 68569 345279 1 0 3 0x80 netio pflogd 87809 21021 72991 73 2 0x100090 syslogd 72991 224610 1 0 3 0x100082 netio syslogd 7924 398431 1 77 3 0x100090 poll dhclient 18634 65775 1 0 3 0x80 poll dhclient 6122 31741 0 0 3 0x14200 bored smr 83749 407608 0 0 3 0x14200 pgzero zerothread 42679 407630 0 0 3 0x14200 aiodoned aiodoned 46585 115371 0 0 3 0x14200 syncer update 5014 101363 0 0 3 0x14200 cleaner cleaner 18333 221783 0 0 3 0x14200 reaper reaper 85154 453353 0 0 3 0x14200 pgdaemon pagedaemon 60381 456240 0 0 3 0x14200 bored crynlk 54618 348006 0 0 3 0x14200 bored crypto 87247 274298 0 0 3 0x40014200 acpi0 acpi0 88607 448877 0 0 3 0x40014200 idle1 * 9200 244686 0 0 7 0x14200 softnet 5318 134590 0 0 3 0x14200 bored systqmp 5025 45991 0 0 3 0x14200 bored systq 79765 56551 0 0 3 0x40014200 bored softclock 63853 244550 0 0 3 0x40014200 idle0 1 508715 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 9200 (softnet) thread 0xffff800020d88750 (244686) exclusive rwlock netlock r = 0 (0xffffffff827a4a28) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 pf_purge+0x27 sys/net/pf.c:1273 #2 taskq_thread+0xec sys/kern/kern_task.c:437 #3 proc_trampoline+0x1c exclusive kernel_lock &kernel_lock r = 0 (0xffffffff828b1058) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 pf_purge+0x1b sys/net/pf.c:1264 #2 taskq_thread+0xec sys/kern/kern_task.c:437 #3 proc_trampoline+0x1c shared rwlock softnet r = 0 (0xffff80000002c070) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 taskq_thread+0xdf sys/kern/kern_task.c:436 #2 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9520 6416K 6798K 78643K 11188 0 pcb 13 8K 8K 78643K 112 0 rtable 96 8K 10K 78643K 529 0 ifaddr 85 17K 17K 78643K 155 0 sysctl 2 0K 0K 78643K 2 0 counters 43 33K 34K 78643K 53 0 ioctlops 0 0K 4K 78643K 1563 0 iov 0 0K 16K 78643K 55 0 mount 1 1K 1K 78643K 1 0 vnodes 1229 77K 78K 78643K 1444 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 8 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 128 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 517 0 sigio 0 0K 0K 78643K 5 0 proc 62 63K 95K 78643K 526 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 41 0 in_multi 66 3K 3K 78643K 169 0 ether_multi 1 0K 0K 78643K 12 0 mrt 0 0K 0K 78643K 16 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 245 0 pfkey data 0 0K 0K 78643K 2 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 125 39K 55K 78643K 2631 0 UVM aobj 24 2K 2K 78643K 26 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 52 0 NDP 12 0K 0K 78643K 33 0 temp 124 3872K 3937K 78643K 9831 0 kqueue 3 4K 10K 78643K 15 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 10 0 4 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 52 0 50 1 0 1 1 0 8 0 rtentry 112 102 0 74 2 0 2 2 0 8 0 unpcb 120 945 0 935 2 1 1 2 0 8 0 syncache 264 7 0 7 3 2 1 1 0 8 1 tcpqe 32 27 0 27 1 1 0 1 0 8 0 tcpcb 544 197 0 191 3 1 2 2 0 8 1 inpcb 296 1004 0 995 3 1 2 2 0 8 1 rttmr 72 5 0 5 2 2 0 1 0 8 0 nd6 48 23 0 21 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pffrag 232 5 0 3 1 0 1 1 0 482 0 pffrnode 88 5 0 3 1 0 1 1 0 8 0 pffrent 40 138 0 136 1 0 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 59 0 48 2 0 2 2 0 8 1 pfstitem 24 40 0 20 1 0 1 1 0 8 0 pfstkey 112 42 0 22 1 0 1 1 0 8 0 pfstate 328 41 0 21 3 0 3 3 0 8 0 pfrule 1360 44 0 31 3 1 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 542 0 396 15 3 12 13 0 8 0 art_table 32 543 0 396 2 0 2 2 0 8 0 art_node 16 101 0 75 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 2 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 118 0 108 1 0 1 1 0 8 0 shmpl 112 24 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2047 0 638 89 0 89 89 0 8 0 ffsino 272 2047 0 638 95 0 95 95 0 8 0 nchpl 144 2950 0 1351 61 1 60 61 0 8 0 uvmvnodes 72 2254 0 0 41 0 41 41 0 8 0 vnodes 208 2254 0 0 119 0 119 119 0 8 0 namei 1024 8032 0 8032 2 1 1 1 0 8 1 percpumem 16 37 0 5 1 0 1 1 0 8 0 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 560 4 0 2 2 1 1 1 0 8 0 pfiaddrpl 120 25 0 16 1 0 1 1 0 8 0 scxspl 192 8961 0 8961 8 7 1 7 0 8 1 plimitpl 152 42 0 34 1 0 1 1 0 8 0 sigapl 424 750 0 718 6 2 4 6 0 8 0 futexpl 56 7402 0 7401 2 1 1 1 0 8 0 knotepl 112 87 0 68 1 0 1 1 0 8 0 kqueuepl 144 48 0 46 1 0 1 1 0 8 0 pipepl 304 159 0 149 3 1 2 2 0 8 1 fdescpl 496 714 0 698 3 0 3 3 0 8 0 filepl 152 4760 0 4658 7 1 6 6 0 8 2 lockfpl 104 113 0 112 1 0 1 1 0 8 0 lockfspl 48 32 0 31 1 0 1 1 0 8 0 sessionpl 112 19 0 8 1 0 1 1 0 8 0 pgrppl 48 25 0 14 1 0 1 1 0 8 0 ucredpl 96 364 0 354 1 0 1 1 0 8 0 zombiepl 144 718 0 717 1 0 1 1 0 8 0 processpl 984 750 0 717 7 2 5 7 0 8 0 procpl 624 1817 0 1773 6 1 5 6 0 8 0 sosppl 128 8 0 6 3 2 1 1 0 8 0 sockpl 400 2006 0 1985 9 4 5 6 0 8 2 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 12 0 0 2 0 2 2 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 11 0 0 2 0 2 2 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 159 0 0 19 0 19 19 0 8 0 mtagpl 96 33 0 0 1 0 1 1 0 8 0 mbufpl 256 367 0 0 22 0 22 22 0 8 0 bufpl 280 4972 0 136 346 0 346 346 0 8 0 anonpl 16 86764 0 70351 89 16 73 82 0 124 5 amapchunkpl 152 4686 0 4518 26 5 21 21 0 158 13 amappl16 192 3350 0 2484 59 11 48 55 0 8 4 amappl15 184 2 0 1 2 1 1 1 0 8 0 amappl14 176 253 0 246 1 0 1 1 0 8 0 amappl13 168 44 0 40 1 0 1 1 0 8 0 amappl12 160 16 0 13 1 0 1 1 0 8 0 amappl11 152 187 0 172 1 0 1 1 0 8 0 amappl10 144 138 0 132 1 0 1 1 0 8 0 amappl9 136 403 0 400 1 0 1 1 0 8 0 amappl8 128 360 0 329 1 0 1 1 0 8 0 amappl7 120 238 0 226 1 0 1 1 0 8 0 amappl6 112 150 0 145 1 0 1 1 0 8 0 amappl5 104 608 0 592 1 0 1 1 0 8 0 amappl4 96 512 0 482 1 0 1 1 0 8 0 amappl3 88 348 0 341 1 0 1 1 0 8 0 amappl2 80 4691 0 4623 2 0 2 2 0 8 0 amappl1 72 25465 0 25006 23 13 10 18 0 8 0 amappl 80 2071 0 2023 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 25 0 2 1 0 1 1 0 8 0 uaddrrnd 24 718 0 700 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 718 0 700 1 0 1 1 0 8 0 vmmpekpl 168 9326 0 9286 2 0 2 2 0 8 0 vmmpepl 168 93964 0 91914 138 32 106 122 0 357 12 vmsppl 368 717 0 700 2 0 2 2 0 8 0 pdppl 4096 1443 0 1402 6 0 6 6 0 8 0 pvpl 32 258272 0 238703 194 17 177 194 0 265 18 pmappl 232 717 0 700 3 1 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 282 0 13 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823fc819) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff8246a918,ffffffff824a6afd,14a,ffffffff82437187) at __assert+0x2b sys/kern/subr_prf.c:154 pf_purge_rule(ffff800000aaafd8) at pf_purge_rule+0xc9 sys/net/pf_ioctl.c:330 pf_purge(ffffffff829210f0) at pf_purge+0xd2 pf_purge_expired_rules sys/net/pf.c:1245 [inline] pf_purge(ffffffff829210f0) at pf_purge+0xd2 sys/net/pf.c:1280 taskq_thread(ffff80000002c000) at taskq_thread+0xec sys/kern/kern_task.c:437 end trace frame: 0x0, count: -6 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828b0e50) at __mp_lock+0x12e __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828b0e50) at __mp_lock+0x12e sys/kern/kern_lock.c:147 syscall(ffff800020e47ec0) at syscall+0x5a3 mi_syscall_return sys/sys/syscall_mi.h:130 [inline] syscall(ffff800020e47ec0) at syscall+0x5a3 sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff8620, count: 9 ddb{1}> trace x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828b0e50) at __mp_lock+0x12e __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828b0e50) at __mp_lock+0x12e sys/kern/kern_lock.c:147 syscall(ffff800020e47ec0) at syscall+0x5a3 mi_syscall_return sys/sys/syscall_mi.h:130 [inline] syscall(ffff800020e47ec0) at syscall+0x5a3 sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff8620, count: -6