panic: unhandled af 132 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 78670 32317 0 0 0 0 syz-executor.0 *357879 37091 0 0x14000 0x200 1K softnet db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823f3fa0) at panic+0x15c sys/kern/subr_prf.c:207 unhandled_af(84) at unhandled_af+0x16 pf_build_tcp(ffffffff8290ad40,84,fffffd806d99b390,fffffd806d99b380,5cd2,60e1) at pf_build_tcp+0x3c8 pf_remove_state(fffffd8066591008) at pf_remove_state+0x9a pf_send_tcp sys/net/pf.c:2892 [inline] pf_remove_state(fffffd8066591008) at pf_remove_state+0x9a sys/net/pf.c:1382 pf_purge_expired_states(2) at pf_purge_expired_states+0x1ed pf_purge(ffffffff828a1198) at pf_purge+0x3f sys/net/pf.c:1278 taskq_thread(ffff80000002c000) at taskq_thread+0xec sys/kern/kern_task.c:437 end trace frame: 0x0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic unhandled af 132 ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823f3fa0) at panic+0x15c sys/kern/subr_prf.c:207 unhandled_af(84) at unhandled_af+0x16 pf_build_tcp(ffffffff8290ad40,84,fffffd806d99b390,fffffd806d99b380,5cd2,60e1) at pf_build_tcp+0x3c8 pf_remove_state(fffffd8066591008) at pf_remove_state+0x9a pf_send_tcp sys/net/pf.c:2892 [inline] pf_remove_state(fffffd8066591008) at pf_remove_state+0x9a sys/net/pf.c:1382 pf_purge_expired_states(2) at pf_purge_expired_states+0x1ed pf_purge(ffffffff828a1198) at pf_purge+0x3f sys/net/pf.c:1278 taskq_thread(ffff80000002c000) at taskq_thread+0xec sys/kern/kern_task.c:437 end trace frame: 0x0, count: -8 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020da9520 rbx 0xffff800020da95d0 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff81bc79af kprintf+0x16f r9 0x1 r10 0x2 r11 0xeed67f487ad811a6 r12 0x3000000008 r13 0xffff800020da9530 r14 0x100 r15 0x1 rip 0xffffffff81da3c38 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020da9510 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (softnet) pid=357879 stat=onproc flags process=14000 proc=200 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020d88000,0xffff800020d884f0 process=0xffff800020d8a3d8 user=0xffff800020da4000, vmspace=0xffffffff828b02b8 estcpu=0, cpticks=0, pctcpu=1.4 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 32317 78670 19728 0 7 0 syz-executor.0 32317 261244 19728 0 2 0x4000000 syz-executor.0 54409 90377 16392 0 2 0 syz-executor.1 54409 415710 16392 0 2 0x4000000 syz-executor.1 44111 302858 0 0 3 0x14200 acct acct 16392 324141 19935 0 2 0x482 syz-executor.1 19728 145481 19935 0 2 0x482 syz-executor.0 19935 167967 78200 0 3 0x82 thrsleep syz-fuzzer 19935 259832 78200 0 2 0x4000002 syz-fuzzer 19935 495004 78200 0 3 0x4000082 thrsleep syz-fuzzer 19935 201672 78200 0 3 0x4000082 thrsleep syz-fuzzer 19935 388339 78200 0 3 0x4000082 thrsleep syz-fuzzer 19935 350557 78200 0 3 0x4000082 kqread syz-fuzzer 19935 7563 78200 0 3 0x4000082 thrsleep syz-fuzzer 19935 486573 78200 0 3 0x4000082 thrsleep syz-fuzzer 19935 460120 78200 0 3 0x4000082 thrsleep syz-fuzzer 19935 81805 78200 0 3 0x4000082 thrsleep syz-fuzzer 78200 332432 62214 0 3 0x10008a pause ksh 62214 124326 81740 0 3 0x92 select sshd 32966 388945 1 0 3 0x100083 ttyin getty 81740 210448 1 0 3 0x80 select sshd 86317 302046 74882 74 3 0x100092 bpf pflogd 74882 198032 1 0 3 0x80 netio pflogd 78606 113832 1782 73 3 0x100090 kqread syslogd 1782 208745 1 0 3 0x100082 netio syslogd 65671 317535 1 77 3 0x100090 poll dhclient 48674 427959 1 0 3 0x80 poll dhclient 13489 480721 0 0 3 0x14200 bored smr 10650 77992 0 0 2 0x14200 zerothread 83597 323702 0 0 3 0x14200 aiodoned aiodoned 64194 262247 0 0 3 0x14200 syncer update 11961 157185 0 0 3 0x14200 cleaner cleaner 30083 143552 0 0 3 0x14200 reaper reaper 76473 439335 0 0 3 0x14200 pgdaemon pagedaemon 95284 465807 0 0 3 0x14200 bored crynlk 55349 479534 0 0 3 0x14200 bored crypto 65145 136901 0 0 3 0x40014200 acpi0 acpi0 60983 444094 0 0 3 0x40014200 idle1 *37091 357879 0 0 7 0x14200 softnet 70423 314104 0 0 2 0x14200 systqmp 6425 225263 0 0 3 0x14200 bored systq 87998 403094 0 0 2 0x40014200 softclock 22967 73010 0 0 3 0x40014200 idle0 1 72675 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 37091 (softnet) thread 0xffff800020d88270 (357879) exclusive rwlock netlock r = 0 (0xffffffff827254e8) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 pf_purge+0x27 sys/net/pf.c:1273 #2 taskq_thread+0xec sys/kern/kern_task.c:437 #3 proc_trampoline+0x1c exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82896708) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 pf_purge+0x1b sys/net/pf.c:1264 #2 taskq_thread+0xec sys/kern/kern_task.c:437 #3 proc_trampoline+0x1c shared rwlock softnet r = 0 (0xffff80000002c070) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 taskq_thread+0xdf sys/kern/kern_task.c:436 #2 proc_trampoline+0x1c ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9478 6463K 7048K 78643K 10934 0 pcb 13 8K 8K 78643K 17 0 rtable 108 4K 4K 78643K 206 0 ifaddr 48 11K 11K 78643K 53 0 counters 43 33K 34K 78643K 45 0 ioctlops 0 0K 4K 78643K 1761 0 iov 0 0K 0K 78643K 2 0 mount 1 1K 1K 78643K 1 0 vnodes 1224 77K 77K 78643K 1339 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 19 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 6 17K 25K 78643K 217 0 proc 60 63K 95K 78643K 444 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 33 2K 2K 78643K 33 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 31 148K 148K 78643K 31 0 exec 0 0K 1K 78643K 207 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 120 22K 23K 78643K 1585 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 2 0 NDP 6 0K 0K 78643K 11 0 temp 66 3843K 3907K 78643K 15896 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 41 0 31 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 137 0 137 1 1 0 1 0 8 0 tcpcb 544 12 0 8 1 0 1 1 0 8 0 inpcb 280 47 0 40 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 ppxss 1128 1 0 1 1 0 1 1 0 8 1 pfstscr 40 6 0 0 1 0 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 25 0 0 1 0 1 1 0 8 0 pfstkey 112 27 0 3 1 0 1 1 0 8 0 pfstate 328 20 0 1 2 0 2 2 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 15 0 5 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1727 0 318 89 0 89 89 0 8 0 ffsino 272 1727 0 318 95 0 95 95 0 8 0 nchpl 144 2282 0 671 60 0 60 60 0 8 0 uvmvnodes 72 1887 0 0 35 0 35 35 0 8 0 vnodes 208 1887 0 0 100 0 100 100 0 8 0 namei 1024 6077 0 6077 1 0 1 1 0 8 1 percpumem 16 33 0 1 1 0 1 1 0 8 0 scxspl 192 6525 0 6523 8 1 7 7 0 8 6 plimitpl 152 17 0 9 1 0 1 1 0 8 0 sigapl 424 433 0 400 4 0 4 4 0 8 0 futexpl 56 2012 0 2012 1 0 1 1 0 8 1 knotepl 112 61 0 42 1 0 1 1 0 8 0 kqueuepl 144 6 0 4 1 0 1 1 0 8 0 pipelkpl 48 79 0 69 1 0 1 1 0 8 0 pipepl 120 158 0 139 1 0 1 1 0 8 0 fdescpl 496 417 0 400 3 0 3 3 0 8 0 filepl 152 2062 0 1955 6 1 5 5 0 8 0 lockfpl 104 19 0 18 1 0 1 1 0 8 0 lockfspl 48 8 0 7 1 0 1 1 0 8 0 sessionpl 112 18 0 7 1 0 1 1 0 8 0 pgrppl 48 18 0 7 1 0 1 1 0 8 0 ucredpl 96 72 0 63 1 0 1 1 0 8 0 zombiepl 144 400 0 400 1 0 1 1 0 8 1 processpl 984 433 0 400 5 0 5 5 0 8 0 procpl 624 729 0 685 4 0 4 4 0 8 0 sockpl 400 107 0 88 3 0 3 3 0 8 1 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 1 0 0 1 0 1 1 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 208 0 0 25 0 25 25 0 8 0 mtagpl 80 48 0 0 1 0 1 1 0 8 0 mbufpl 256 210 0 0 13 0 13 13 0 8 0 bufpl 280 3760 0 133 260 0 260 260 0 8 0 anonpl 16 48575 0 33098 64 1 63 63 0 124 0 amapchunkpl 152 1844 0 1700 8 0 8 8 0 158 2 amappl16 192 1625 0 790 42 0 42 42 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 115 0 107 1 0 1 1 0 8 0 amappl13 168 30 0 26 1 0 1 1 0 8 0 amappl12 160 95 0 92 2 1 1 1 0 8 0 amappl11 152 58 0 43 1 0 1 1 0 8 0 amappl10 144 113 0 106 1 0 1 1 0 8 0 amappl9 136 386 0 385 1 0 1 1 0 8 0 amappl8 128 328 0 303 1 0 1 1 0 8 0 amappl7 120 117 0 106 1 0 1 1 0 8 0 amappl6 112 26 0 20 1 0 1 1 0 8 0 amappl5 104 228 0 213 1 0 1 1 0 8 0 amappl4 96 581 0 549 1 0 1 1 0 8 0 amappl3 88 276 0 266 1 0 1 1 0 8 0 amappl2 80 2359 0 2280 2 0 2 2 0 8 0 amappl1 72 18661 0 18204 23 11 12 18 0 8 2 amappl 80 969 0 926 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 417 0 400 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 417 0 400 1 0 1 1 0 8 0 vmmpekpl 168 6602 0 6564 2 0 2 2 0 8 0 vmmpepl 168 56165 0 54076 118 4 114 114 0 357 23 vmsppl 368 416 0 400 2 0 2 2 0 8 0 pdppl 4096 841 0 800 6 0 6 6 0 8 0 pvpl 32 165697 0 147002 151 0 151 151 0 265 0 pmappl 232 416 0 400 2 0 2 2 0 8 1 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 261 0 3 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff82791ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82896500) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82896500) at __mp_lock+0x127 sys/kern/kern_lock.c:147 intr_handler(ffff800022ef7120,ffff80000004a400) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:525 Xintr_ioapic_edge17_untramp() at Xintr_ioapic_edge17_untramp+0x19f __mp_lock(ffffffff82896500) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82896500) at __mp_lock+0x127 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:89 Xsoftclock() at Xsoftclock+0x1f __mp_lock(ffffffff82896500) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82896500) at __mp_lock+0x127 sys/kern/kern_lock.c:147 pageflttrap(ffff800022ef7460,1) at pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180 usertrap(ffff800022ef7460) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:384 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffe3830, count: 2 ddb{0}> trace x86_ipi_db(ffffffff82791ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82896500) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82896500) at __mp_lock+0x127 sys/kern/kern_lock.c:147 intr_handler(ffff800022ef7120,ffff80000004a400) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:525 Xintr_ioapic_edge17_untramp() at Xintr_ioapic_edge17_untramp+0x19f __mp_lock(ffffffff82896500) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82896500) at __mp_lock+0x127 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:89 Xsoftclock() at Xsoftclock+0x1f __mp_lock(ffffffff82896500) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82896500) at __mp_lock+0x127 sys/kern/kern_lock.c:147 pageflttrap(ffff800022ef7460,1) at pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180 usertrap(ffff800022ef7460) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:384 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffe3830, count: -13 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x18: addq $0x8,%rsp db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823f3fa0) at panic+0x15c sys/kern/subr_prf.c:207 unhandled_af(84) at unhandled_af+0x16 pf_build_tcp(ffffffff8290ad40,84,fffffd806d99b390,fffffd806d99b380,5cd2,60e1) at pf_build_tcp+0x3c8 pf_remove_state(fffffd8066591008) at pf_remove_state+0x9a pf_send_tcp sys/net/pf.c:2892 [inline] pf_remove_state(fffffd8066591008) at pf_remove_state+0x9a sys/net/pf.c:1382 pf_purge_expired_states(2) at pf_purge_expired_states+0x1ed pf_purge(ffffffff828a1198) at pf_purge+0x3f sys/net/pf.c:1278 taskq_thread(ffff80000002c000) at taskq_thread+0xec sys/kern/kern_task.c:437 end trace frame: 0x0, count: 7 ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823f3fa0) at panic+0x15c sys/kern/subr_prf.c:207 unhandled_af(84) at unhandled_af+0x16 pf_build_tcp(ffffffff8290ad40,84,fffffd806d99b390,fffffd806d99b380,5cd2,60e1) at pf_build_tcp+0x3c8 pf_remove_state(fffffd8066591008) at pf_remove_state+0x9a pf_send_tcp sys/net/pf.c:2892 [inline] pf_remove_state(fffffd8066591008) at pf_remove_state+0x9a sys/net/pf.c:1382 pf_purge_expired_states(2) at pf_purge_expired_states+0x1ed pf_purge(ffffffff828a1198) at pf_purge+0x3f sys/net/pf.c:1278 taskq_thread(ffff80000002c000) at taskq_thread+0xec sys/kern/kern_task.c:437 end trace frame: 0x0, count: -8