panic: kernel diagnostic assertion "bpfilter_lookup(unit) == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/net/bpf.c", line 379 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *438417 37861 0 0 0x4000000 1K syz-executor 49592 1201 0 0 0 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344aac0) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff8348ad45,ffffffff8349dfaf,17b,ffffffff834a8a78) at __assert+0x29 sys/kern/subr_prf.c:-1 bpfopen(11700,21,2000,ffff8000317baa80) at bpfopen+0x2bd bpfilter_lookup sys/net/bpf.c:1832 [inline] bpfopen(11700,21,2000,ffff8000317baa80) at bpfopen+0x2bd sys/net/bpf.c:379 spec_open_clone(ffff80002a26dd48) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722 spec_open(ffff80002a26dd48) at spec_open+0x319 sys/kern/spec_vnops.c:148 VOP_OPEN(fffffd80611e77a0,21,fffffd80097fd000,ffff8000317baa80) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138 vn_open(ffff80002a26df88,21,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177 doopenat(ffff8000317baa80,ffffff9c,200000000000,20,0,0,eeabfd00fd3bef44) at doopenat+0x35b sys/kern/vfs_syscalls.c:1155 sys_open(ffff8000317baa80,ffff80002a26e240,ffff80002a26e190) at sys_open+0x59 sys/kern/vfs_syscalls.c:1063 syscall(ffff80002a26e240) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a26e240) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x523d591dd20, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: kernel diagnostic assertion "bpfilter_lookup(unit) == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/net/bpf.c", line 379 ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344aac0) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff8348ad45,ffffffff8349dfaf,17b,ffffffff834a8a78) at __assert+0x29 sys/kern/subr_prf.c:-1 bpfopen(11700,21,2000,ffff8000317baa80) at bpfopen+0x2bd bpfilter_lookup sys/net/bpf.c:1832 [inline] bpfopen(11700,21,2000,ffff8000317baa80) at bpfopen+0x2bd sys/net/bpf.c:379 spec_open_clone(ffff80002a26dd48) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722 spec_open(ffff80002a26dd48) at spec_open+0x319 sys/kern/spec_vnops.c:148 VOP_OPEN(fffffd80611e77a0,21,fffffd80097fd000,ffff8000317baa80) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138 vn_open(ffff80002a26df88,21,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177 doopenat(ffff8000317baa80,ffffff9c,200000000000,20,0,0,eeabfd00fd3bef44) at doopenat+0x35b sys/kern/vfs_syscalls.c:1155 sys_open(ffff8000317baa80,ffff80002a26e240,ffff80002a26e190) at sys_open+0x59 sys/kern/vfs_syscalls.c:1063 syscall(ffff80002a26e240) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a26e240) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x523d591dd20, count: -12 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80002a26db20 rbx 0xffff8000299bee07 rdx 0 rcx 0xffff8000317baa80 rax 0xffff8000299bdff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x6b4cae4827e2d5f1 r11 0xe32a6bd983bcac4f r12 0xffff8000299bec08 r13 0 r14 0 r15 0x1 rip 0xffffffff81e5aea5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a26db10 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=438417 pid=37861 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=82, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000317ba7e8,0xffff8000317bd268 process=0xffff8000ffff61b8 user=0xffff80002a269000, vmspace=0xfffffd800b063000 estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 24089 408711 39540 0 2 0 syz-executor 24089 499437 39540 0 3 0x4000080 kqread syz-executor 24089 360336 39540 0 2 0x4000000 syz-executor 37861 412549 2886 0 2 0 syz-executor *37861 438417 2886 0 7 0x4000000 syz-executor 37861 402364 2886 0 3 0x4000080 fsleep syz-executor 1201 49592 91230 0 7 0 syz-executor 1201 85076 91230 0 2 0x4000000 syz-executor 1201 320478 91230 0 2 0x4000000 syz-executor 1201 486180 91230 0 3 0x4000080 fsleep syz-executor 30430 409250 82108 0 2 0 syz-executor 30430 41319 82108 0 3 0x4000080 fsleep syz-executor 30430 207205 82108 0 2 0x4000000 syz-executor 57739 135623 33192 0 2 0x10 syz-executor 57739 376832 33192 0 3 0x4000090 fsleep syz-executor 57739 129385 33192 0 3 0x4000090 fsleep syz-executor 59073 122042 1 0 3 0x100083 ttyin getty 69199 496343 0 0 3 0x14280 nfsidl nfsio 83848 152769 0 0 3 0x14280 nfsidl nfsio 5990 46961 0 0 3 0x14280 nfsidl nfsio 69343 221740 0 0 3 0x14280 nfsidl nfsio 51429 162526 0 0 3 0x14280 nfsidl nfsio 35272 324969 0 0 3 0x14280 nfsidl nfsio 69961 288429 0 0 3 0x14280 nfsidl nfsio 28681 284459 0 0 3 0x14280 nfsidl nfsio 13406 151754 0 0 3 0x14280 nfsidl nfsio 11149 173346 0 0 3 0x14280 nfsidl nfsio 86879 261621 0 0 3 0x14280 nfsidl nfsio 86966 466545 0 0 3 0x14280 nfsidl nfsio 79718 166488 0 0 3 0x14280 nfsidl nfsio 90825 37319 0 0 3 0x14280 nfsidl nfsio 30551 309045 0 0 3 0x14280 nfsidl nfsio 76884 115069 0 0 3 0x14280 nfsidl nfsio 13287 34471 0 0 3 0x14280 nfsidl nfsio 57160 502887 0 0 3 0x14280 nfsidl nfsio 25777 106388 0 0 3 0x14280 nfsidl nfsio 33820 152090 0 0 3 0x14280 nfsidl nfsio 15292 339755 87974 0 3 0x100082 sbwait arp 87974 258762 38277 0 3 0x10008a sigsusp sh 75288 374854 23859 0 3 0x82 nanoslp syz-executor 33192 274468 23859 0 3 0x82 nanoslp syz-executor 82108 453090 23859 0 3 0x82 nanoslp syz-executor 91230 5011 23859 0 3 0x82 nanoslp syz-executor 39540 293158 23859 0 3 0x82 nanoslp syz-executor 38277 258416 23859 0 3 0x82 wait syz-executor 2886 164817 23859 0 3 0x82 nanoslp syz-executor 15995 232323 23859 0 3 0x2 biowait syz-executor 23859 86511 1 0 3 0x82 kqread syz-executor 32264 186371 0 0 3 0x14200 bored smr 86952 410295 0 0 2 0x14200 zerothread 62604 73388 0 0 3 0x14200 aiodoned aiodoned 49643 427044 0 0 3 0x14200 syncer update 69598 403267 0 0 3 0x14200 cleaner cleaner 85222 217208 0 0 3 0x14200 reaper reaper 61424 9161 0 0 3 0x14200 pgdaemon pagedaemon 62980 324043 0 0 3 0x14200 bored viomb 89207 486273 0 0 3 0x40014200 acpi0 acpi0 50326 200301 0 0 3 0x40014200 idle1 31925 284065 0 0 3 0x14200 bored softnet1 84102 215329 0 0 3 0x14200 bored softnet0 8858 202258 0 0 3 0x14200 bored systqmp 26654 319298 0 0 3 0x14200 bored systq 96295 85668 0 0 3 0x14200 tmoslp softclockmp 5561 380791 0 0 3 0x40014200 tmoslp softclock 90338 98695 0 0 3 0x40014200 idle0 1 349712 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 37861 (syz-executor) thread 0xffff8000317baa80 (438417) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839d0b40) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:175 #3 checkalias+0x21c sys/kern/vfs_subr.c:594 #4 cdevvp+0xd2 getdevvp sys/kern/vfs_subr.c:-1 [inline] #4 cdevvp+0xd2 sys/kern/vfs_subr.c:517 #5 spec_open_clone+0x1e2 sys/kern/spec_vnops.c:713 #6 spec_open+0x319 sys/kern/spec_vnops.c:148 #7 VOP_OPEN+0x8b sys/kern/vfs_vops.c:138 #8 vn_open+0x6a0 sys/kern/vfs_vnops.c:177 #9 doopenat+0x35b sys/kern/vfs_syscalls.c:1155 #10 sys_open+0x59 sys/kern/vfs_syscalls.c:1063 #11 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #11 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #12 Xsyscall+0x128 Process 15995 (syz-executor) thread 0xffff8000ffffd230 (232323) exclusive rrwlock inode r = 0 (0xfffffd80611990c8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vget+0x2a2 sys/kern/vfs_subr.c:686 #6 ufs_ihashget+0x185 sys/ufs/ufs/ufs_ihash.c:98 #7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1203 #8 ufs_lookup+