panic: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/main/kernel/sys/arch/amd64/amd64/intr.c", line 775 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *263359 93799 0 0x1000 0x4080000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b1fd0) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83066d18,ffffffff8305e5f2,307,ffffffff8301945d) at __assert+0x29 splraise(deaf4152) at splraise+0xad sys/arch/amd64/amd64/intr.c:775 mtx_enter(ffff8000012cbe08) at mtx_enter+0x9e sys/kern/kern_lock.c:308 klist_mutex_lock(ffff8000012cbe08) at klist_mutex_lock+0x32 sys/kern/kern_event.c:2352 klist_invalidate(ffff8000012cbea8) at klist_invalidate+0xe6 klist_lock sys/kern/kern_event.c:2317 [inline] klist_invalidate(ffff8000012cbea8) at klist_invalidate+0xe6 sys/kern/kern_event.c:2283 bpfsdetach(ffff800001271780) at bpfsdetach+0xff sys/net/bpf.c:1800 bpfdetach(ffff800001277800) at bpfdetach+0x76 if_detach(ffff800001277800) at if_detach+0x14f sys/net/if.c:1193 tun_clone_destroy(ffff800001277800) at tun_clone_destroy+0x2aa sys/net/if_tun.c:338 if_clone_destroy(ffff800035c0fa60) at if_clone_destroy+0x1d7 sys/net/if.c:1382 sys_ioctl(ffff80002a4d1968,ffff800035c0fc40,ffff800035c0fb90) at sys_ioctl+0x678 syscall(ffff800035c0fc40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 end trace frame: 0xffff800035c0fcc0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/main/kernel/sys/arch/amd64/amd64/intr.c", line 775 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b1fd0) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83066d18,ffffffff8305e5f2,307,ffffffff8301945d) at __assert+0x29 splraise(deaf4152) at splraise+0xad sys/arch/amd64/amd64/intr.c:775 mtx_enter(ffff8000012cbe08) at mtx_enter+0x9e sys/kern/kern_lock.c:308 klist_mutex_lock(ffff8000012cbe08) at klist_mutex_lock+0x32 sys/kern/kern_event.c:2352 klist_invalidate(ffff8000012cbea8) at klist_invalidate+0xe6 klist_lock sys/kern/kern_event.c:2317 [inline] klist_invalidate(ffff8000012cbea8) at klist_invalidate+0xe6 sys/kern/kern_event.c:2283 bpfsdetach(ffff800001271780) at bpfsdetach+0xff sys/net/bpf.c:1800 bpfdetach(ffff800001277800) at bpfdetach+0x76 if_detach(ffff800001277800) at if_detach+0x14f sys/net/if.c:1193 tun_clone_destroy(ffff800001277800) at tun_clone_destroy+0x2aa sys/net/if_tun.c:338 if_clone_destroy(ffff800035c0fa60) at if_clone_destroy+0x1d7 sys/net/if.c:1382 sys_ioctl(ffff80002a4d1968,ffff800035c0fc40,ffff800035c0fb90) at sys_ioctl+0x678 syscall(ffff800035c0fc40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9b0fe2750e0, count: -15 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800035c0f700 rbx 0xffffffff8347b700 cdevsw+0x730 rdx 0 rcx 0 rax 0xffff80002a4d1968 r8 0 r9 0x8080808080808080 r10 0x60079e584ea3ba2e r11 0x616bf72a189bf20d r12 0 r13 0xffff8000012cbea8 r14 0 r15 0x1 rip 0xffffffff82d2c085 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800035c0f6f0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=263359 pid=93799 tcnt=2 stat=onproc flags process=1000 proc=4080000 runpri=32, usrpri=76, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a4d0a38 scnt=1 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4d0a38,0xffff80002a4e3988 process=0xffff8000307f5138 user=0xffff800035c0a000, vmspace=0xfffffd806c22b820 estcpu=26, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 16873 20513 13655 0 2 0 syz-executor 16873 20436 13655 0 2 0x4000000 syz-executor 14189 244526 1672 0 2 0 syz-executor 14189 382579 1672 0 2 0x4000000 syz-executor 24135 120055 99108 0 2 0 syz-executor 24135 318365 99108 0 3 0x4000000 futex syz-executor 24135 418997 99108 0 3 0x4000080 fsleep syz-executor 2937 144968 70070 0 2 0 syz-executor 2937 350106 70070 0 2 0x4000000 syz-executor 2937 15886 70070 0 3 0x4000000 futex syz-executor 81291 210792 93918 0 2 0x4000000 syz-executor 81291 69169 93918 0 3 0x4000080 fsleep syz-executor 81291 41020 93918 0 3 0x4000080 fsleep syz-executor 81291 352099 93918 0 3 0x4000000 futex syz-executor 93799 233503 25243 0 3 0x3000 suspend syz-executor *93799 263359 25243 0 7 0x4081000 syz-executor 34197 282091 1 0 3 0x100083 ttyin getty 75770 405298 0 0 3 0x14200 acct acct 58116 180787 0 0 3 0x14200 bored sosplice 56570 487910 78374 0 2 0x3 syz-executor 34402 265841 78374 0 2 0x2 syz-executor 93918 512632 78374 0 3 0x82 nanoslp syz-executor 1672 176386 78374 0 2 0x3 syz-executor 13655 209363 78374 0 2 0x3 syz-executor 25243 259284 78374 0 3 0x82 nanoslp syz-executor 70070 252039 78374 0 3 0x82 nanoslp syz-executor 99108 392828 78374 0 3 0x82 nanoslp syz-executor 78374 318163 33897 0 3 0x82 kqread syz-executor 33897 511384 69472 0 3 0x10008a sigsusp ksh 69472 373014 16947 0 3 0x98 kqread sshd-session 16947 435274 2462 0 3 0x92 kqread sshd-session 2462 395584 1 0 3 0x88 kqread sshd 46769 119517 20425 73 3 0x1100090 kqread syslogd 20425 380821 1 0 3 0x100082 sbwait syslogd 97227 514322 1 0 3 0x100080 kqread resolvd 59223 216774 77352 77 3 0x100092 kqread dhcpleased 91191 396593 77352 77 3 0x100092 kqread dhcpleased 77352 183998 1 0 3 0x80 kqread dhcpleased 43703 254045 0 0 3 0x14200 bored smr 65391 258831 0 0 2 0x14200 zerothread 38706 290747 0 0 3 0x14200 aiodoned aiodoned 15244 329035 0 0 3 0x14200 syncer update 86705 163212 0 0 3 0x14200 cleaner cleaner 38226 14128 0 0 3 0x14200 reaper reaper 7549 300705 0 0 3 0x14200 pgdaemon pagedaemon 32876 421263 0 0 3 0x14200 bored viomb 50180 414433 0 0 3 0x40014200 acpi0 acpi0 84697 453968 0 0 3 0x14200 bored softnet3 18682 501657 0 0 3 0x14200 bored softnet2 42580 321717 0 0 3 0x14200 bored softnet1 26790 78359 0 0 3 0x14200 bored softnet0 13934 247348 0 0 3 0x14200 bored systqmp 97775 431644 0 0 3 0x14200 bored systq 66756 174757 0 0 2 0x40014200 softclock 45193 419545 0 0 3 0x40014200 idle0 1 524038 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10188 11306K 11382K 166960K 12530 0 pcb 17 13K 14K 166960K 241 0 rtable 216 9K 10K 166960K 526 0 pf 35 14K 22K 166960K 81 0 ifaddr 39 7K 7K 166960K 65 0 ifgroup 46 2K 2K 166960K 81 0 sysctl 3 0K 0K 166960K 3 0 counters 29 17K 17K 166960K 41 0 ioctlops 0 0K 4K 166960K 187 0 iov 0 0K 16K 166960K 138 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1427 90K 90K 166960K 2139 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 14 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 23 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 16 57K 73K 166960K 910 0 sigio 0 0K 0K 166960K 17 0 proc 60 59K 75K 166960K 586 0 subproc 104 6K 6K 166960K 104 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 105 0 in_multi 84 6K 7K 166960K 139 0 ether_multi 1 0K 0K 166960K 9 0 mrt 1 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 420 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 221 72K 88K 166960K 10394 0 UVM aobj 17 2K 2K 166960K 19 0 pinsyscall 37 74K 86K 166960K 1930 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 35 0 NDP 10 0K 2K 166960K 39 0 temp 70 6814K 6953K 166960K 51142 0 kqueue 15 20K 30K 166960K 153 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 137 0 133 1 0 1 1 0 8 0 rtentry 112 164 0 69 4 0 4 4 0 8 0 unpcb 144 746 0 730 6 0 6 6 0 8 5 syncache 336 4 0 4 2 1 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 808 355 0 351 8 0 8 8 0 8 7 arp 88 32 0 12 1 0 1 1 0 8 0 ipq 40 2 0 2 1 0 1 1 0 8 1 ipqe 40 3 0 3 1 0 1 1 0 8 1 inpcb 336 1289 0 1280 11 2 9 10 0 8 8 nd6 104 33 0 13 1 0 1 1 0 8 0 pkpcb 40 8 0 8 2 1 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 8 0 8 2 1 1 1 0 8 1 pfstscr 40 69 0 67 2 1 1 1 0 8 0 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pfanchor 1288 2 0 0 1 0 1 1 0 8 0 pfstitem 24 8 0 4 1 0 1 1 0 8 0 pfstkey 128 77 0 71 2 1 1 1 0 8 0 pfstate 344 71 0 69 2 1 1 1 0 8 0 pfrule 1344 9 0 7 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 569 0 183 30 0 30 30 0 8 2 art_table 32 571 0 183 4 0 4 4 0 8 0 art_node 16 161 0 80 1 0 1 1 0 8 0 sysvmsgpl 40 45 0 9 2 1 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 21 0 11 1 0 1 1 0 8 0 shmpl 112 16 0 2 1 0 1 1 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 3046 0 1552 95 0 95 95 0 8 0 ffsino 240 3046 0 1552 89 0 89 89 0 8 0 nchpl 144 4467 0 2788 63 0 63 63 0 8 0 uvmvnodes 80 3634 0 0 75 0 75 75 0 8 0 vnodes 216 3634 0 0 202 0 202 202 0 8 0 namei 1024 14696 0 14696 4 2 2 2 0 8 2 kstatmem 264 44 0 24 2 0 2 2 0 8 0 scsiplug 72 4 0 4 1 0 1 1 0 8 1 scxspl 216 12536 0 12536 10 2 8 8 1 8 8 plimitpl 152 204 0 187 1 0 1 1 0 8 0 sigapl 424 1190 0 1143 6 0 6 6 0 8 0 futexpl 64 12950 0 12946 1 0 1 1 0 8 0 knotepl 120 32367 0 32319 10 0 10 10 0 8 7 kqueuepl 184 266 0 256 3 0 3 3 0 8 2 pipepl 288 244 0 217 8 1 7 7 0 8 5 fdescpl 432 1172 0 1144 4 0 4 4 0 8 0 filepl 120 7862 0 7610 15 3 12 12 0 8 3 lockfpl 104 290 0 286 1 0 1 1 0 8 0 lockfspl 48 135 0 131 1 0 1 1 0 8 0 sessionpl 144 25 0 17 1 0 1 1 0 8 0 pgrppl 48 43 0 27 1 0 1 1 0 8 0 ucredpl 104 1063 0 1052 1 0 1 1 0 8 0 zombiepl 144 1667 0 1665 1 0 1 1 0 8 0 processpl 1096 1190 0 1143 4 0 4 4 0 8 0 procpl 648 2626 0 2569 6 0 6 6 0 8 0 sosppl 168 10 0 10 2 1 1 1 0 8 1 sockpl 504 2189 0 2160 32 20 12 20 0 8 7 mcl64k 65536 6 0 6 2 1 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 24 0 24 2 1 1 1 0 8 1 mcl4k 4096 3857 0 3802 17 9 8 17 0 8 0 mcl2k 2048 1154 0 1151 2 0 2 2 0 8 1 mtagpl 96 125 0 85 4 1 3 3 0 8 1 mbufpl 256 15329 0 15186 20 0 20 20 0 8 5 bufpl 280 3775 0 105 263 0 263 263 0 8 0 anonpl 24 188759 0 185545 49 3 46 46 0 187 23 amapchunkpl 152 34446 0 33973 35 1 34 34 0 158 9 amappl16 200 4132 0 4102 23 12 11 15 0 8 8 amappl15 192 12 0 12 1 1 0 1 0 8 0 amappl14 184 115 0 105 1 0 1 1 0 8 0 amappl13 176 42 0 42 1 1 0 1 0 8 0 amappl12 168 1777 0 1749 2 0 2 2 0 8 0 amappl11 160 48 0 38 1 0 1 1 0 8 0 amappl10 152 5 0 5 1 1 0 1 0 8 0 amappl9 144 129 0 129 1 1 0 1 0 8 0 amappl8 136 20 0 19 1 0 1 1 0 8 0 amappl7 128 100 0 89 1 0 1 1 0 8 0 amappl6 120 157 0 156 1 0 1 1 0 8 0 amappl5 112 129 0 119 1 0 1 1 0 8 0 amappl4 104 286 0 270 1 0 1 1 0 8 0 amappl3 96 6354 0 6263 3 0 3 3 0 8 0 amappl2 88 1450 0 1373 2 0 2 2 0 8 0 amappl1 80 9800 0 9294 13 0 13 13 0 8 0 amappl 88 9963 0 9797 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 7 0 7 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 18 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1172 0 1144 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1172 0 1144 1 0 1 1 0 8 0 vmmpekpl 168 10977 0 10941 3 0 3 3 0 8 0 vmmpepl 168 77426 0 75733 89 0 89 89 0 357 9 vmsppl 344 1171 0 1144 3 0 3 3 0 8 0 rwobjpl 24 26720 0 22224 28 0 28 28 0 8 0 pdppl 4096 2350 0 2288 90 24 66 70 0 8 4 pvpl 32 502234 0 493743 113 0 113 113 0 265 36 pmappl 216 1171 0 1144 2 0 2 2 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 422 0 63 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b1fd0) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83066d18,ffffffff8305e5f2,307,ffffffff8301945d) at __assert+0x29 splraise(deaf4152) at splraise+0xad sys/arch/amd64/amd64/intr.c:775 mtx_enter(ffff8000012cbe08) at mtx_enter+0x9e sys/kern/kern_lock.c:308 klist_mutex_lock(ffff8000012cbe08) at klist_mutex_lock+0x32 sys/kern/kern_event.c:2352 klist_invalidate(ffff8000012cbea8) at klist_invalidate+0xe6 klist_lock sys/kern/kern_event.c:2317 [inline] klist_invalidate(ffff8000012cbea8) at klist_invalidate+0xe6 sys/kern/kern_event.c:2283 bpfsdetach(ffff800001271780) at bpfsdetach+0xff sys/net/bpf.c:1800 bpfdetach(ffff800001277800) at bpfdetach+0x76 if_detach(ffff800001277800) at if_detach+0x14f sys/net/if.c:1193 tun_clone_destroy(ffff800001277800) at tun_clone_destroy+0x2aa sys/net/if_tun.c:338 if_clone_destroy(ffff800035c0fa60) at if_clone_destroy+0x1d7 sys/net/if.c:1382 sys_ioctl(ffff80002a4d1968,ffff800035c0fc40,ffff800035c0fb90) at sys_ioctl+0x678 syscall(ffff800035c0fc40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9b0fe2750e0, count: -15 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b1fd0) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83066d18,ffffffff8305e5f2,307,ffffffff8301945d) at __assert+0x29 splraise(deaf4152) at splraise+0xad sys/arch/amd64/amd64/intr.c:775 mtx_enter(ffff8000012cbe08) at mtx_enter+0x9e sys/kern/kern_lock.c:308 klist_mutex_lock(ffff8000012cbe08) at klist_mutex_lock+0x32 sys/kern/kern_event.c:2352 klist_invalidate(ffff8000012cbea8) at klist_invalidate+0xe6 klist_lock sys/kern/kern_event.c:2317 [inline] klist_invalidate(ffff8000012cbea8) at klist_invalidate+0xe6 sys/kern/kern_event.c:2283 bpfsdetach(ffff800001271780) at bpfsdetach+0xff sys/net/bpf.c:1800 bpfdetach(ffff800001277800) at bpfdetach+0x76 if_detach(ffff800001277800) at if_detach+0x14f sys/net/if.c:1193 tun_clone_destroy(ffff800001277800) at tun_clone_destroy+0x2aa sys/net/if_tun.c:338 if_clone_destroy(ffff800035c0fa60) at if_clone_destroy+0x1d7 sys/net/if.c:1382 sys_ioctl(ffff80002a4d1968,ffff800035c0fc40,ffff800035c0fb90) at sys_ioctl+0x678 syscall(ffff800035c0fc40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9b0fe2750e0, count: -15