panic: pfi_attach_ifnet: pfi_kif_get failed
0 views
Skip to first unread message
syzbot
Sep 22, 2024, 12:05:29 PM (6 days ago) Sep 22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4cda312e06fb Check that .In is callable and parsed. Trigge..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11884107980000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=d5c8044430cb10ccbb6e
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0f1046fd06aa/disk-4cda312e.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/0174b6df4635/bsd-4cda312e.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e3ea605e30a3/kernel-4cda312e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d5c804...@syzkaller.appspotmail.com
panic: pfi_attach_ifnet: pfi_kif_get failed
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*146153 27483 0 0x2 0 1K syz-executor
150893 49921 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307fac1) at panic+0x1e5 sys/kern/subr_prf.c:198
pfi_attach_ifnet(ffff8000015a5000) at pfi_attach_ifnet+0x194 sys/net/pf_if.c:318
if_attachsetup(ffff8000015a5000) at if_attachsetup+0xe8 sys/net/if.c:490
if_attach(ffff8000015a5000) at if_attach+0x6d sys/net/if.c:575
tun_create(ffffffff83485fd0,7,800) at tun_create+0x40c sys/net/if_tun.c:276
if_clone_create(ffff80002f573c90,0) at if_clone_create+0x15f sys/net/if.c:1331
tun_dev_open(5d07,ffffffff83485fd0,0,ffff8000ffff62a8) at tun_dev_open+0x1a0 sys/net/if_tun.c:405
spec_open(ffff80002f573d88) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806cd8de88,7,fffffd807f7d3208,ffff8000ffff62a8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80002f573fd8,7,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff8000ffff62a8,ffffff9c,744e87e8e5b0,6,0,ffff80002f574180) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff80002f574230) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002f574230) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x744e87e8e530, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pfi_attach_ifnet: pfi_kif_get failed
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307fac1) at panic+0x1e5 sys/kern/subr_prf.c:198
pfi_attach_ifnet(ffff8000015a5000) at pfi_attach_ifnet+0x194 sys/net/pf_if.c:318
if_attachsetup(ffff8000015a5000) at if_attachsetup+0xe8 sys/net/if.c:490
if_attach(ffff8000015a5000) at if_attach+0x6d sys/net/if.c:575
tun_create(ffffffff83485fd0,7,800) at tun_create+0x40c sys/net/if_tun.c:276
if_clone_create(ffff80002f573c90,0) at if_clone_create+0x15f sys/net/if.c:1331
tun_dev_open(5d07,ffffffff83485fd0,0,ffff8000ffff62a8) at tun_dev_open+0x1a0 sys/net/if_tun.c:405
spec_open(ffff80002f573d88) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806cd8de88,7,fffffd807f7d3208,ffff8000ffff62a8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80002f573fd8,7,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff8000ffff62a8,ffffff9c,744e87e8e5b0,6,0,ffff80002f574180) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff80002f574230) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002f574230) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x744e87e8e530, count: -14
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002f573a50
rbx 0xffff800029b7cd87
rdx 0
rcx 0xffff8000ffff62a8
rax 0xffff800029b7bff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8c9dc829fa155821
r11 0x8f8d1c1322b300cf
r12 0xffff800029b7cb88
r13 0
r14 0
r15 0x1
rip 0xffffffff81fab715 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002f573a40
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor) tid=146153 pid=27483 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=80, usrpri=80, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffff6020,0xffff8000ffff6f60
process=0xffff8000371ced70 user=0xffff80002f56f000, vmspace=0xfffffd806c119018
estcpu=36, cpticks=2, pctcpu=0.2, user=0, sys=4, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
28948 41053 9304 0 3 0x80 nanoslp syz-executor
28948 137013 9304 0 2 0x4000000 syz-executor
28948 497909 9304 0 3 0x4000080 fsleep syz-executor
27267 414447 75485 0 2 0 syz-executor
27267 455949 75485 0 3 0x4000080 fsleep syz-executor
27267 248849 75485 0 3 0x4000080 fsleep syz-executor
97240 100698 49780 0 2 0x10 syz-executor
97240 139814 49780 0 3 0x4000090 pipewr syz-executor
97240 250362 49780 0 3 0x4000090 fsleep syz-executor
97240 47213 49780 0 3 0x4000090 fsleep syz-executor
97240 417233 49780 0 3 0x4000090 fsleep syz-executor
97240 240926 49780 0 3 0x4000090 fsleep syz-executor
81911 218162 26929 0 3 0x3000 suspend syz-executor
81911 209078 26929 0 2 0x4081000 syz-executor
*27483 146153 94128 0 7 0x2 syz-executor
9304 253899 94128 0 2 0x482 syz-executor
75485 20583 94128 0 2 0x482 syz-executor
8105 57017 94128 0 3 0x2 biowait syz-executor
87090 208252 94128 0 3 0x82 piperd syz-executor
49780 384166 94128 0 2 0x2 syz-executor
26929 111464 94128 0 3 0x82 nanoslp syz-executor
62242 371233 94128 0 3 0x2 biowait syz-executor
57753 40743 0 0 3 0x14200 bored sosplice
94128 472483 23570 0 2 0x2 syz-executor
23570 347510 69052 0 3 0x10008a sigsusp ksh
69052 6723 9605 0 3 0x98 kqread sshd-session
9605 81663 51709 0 3 0x92 kqread sshd-session
82772 465540 1 0 3 0x100083 ttyopn getty
51709 204880 1 0 3 0x88 kqread sshd
38519 302105 8651 74 3 0x1100092 bpf pflogd
8651 411521 1 0 3 0x80 sbwait pflogd
8948 261914 2696 73 2 0x1100010 syslogd
2696 59646 1 0 3 0x100082 sbwait syslogd
80646 515239 1 0 3 0x100080 kqread resolvd
39152 309049 5836 77 2 0x100092 dhcpleased
85701 382956 5836 77 3 0x100092 kqread dhcpleased
5836 116885 1 0 3 0x80 kqread dhcpleased
54200 183403 0 0 3 0x14200 bored smr
7560 90118 0 0 2 0x14200 zerothread
42096 148553 0 0 3 0x14200 aiodoned aiodoned
56175 188758 0 0 3 0x14200 syncer update
16680 220220 0 0 3 0x14200 cleaner cleaner
49921 150893 0 0 7 0x14200 reaper
88898 58367 0 0 3 0x14200 pgdaemon pagedaemon
26046 196818 0 0 3 0x14200 bored viomb
87800 189842 0 0 3 0x40014200 acpi0 acpi0
64546 322673 0 0 3 0x40014200 idle1
68552 244992 0 0 3 0x14200 bored softnet3
7962 183891 0 0 3 0x14200 bored softnet2
32441 175506 0 0 3 0x14200 bored softnet1
29007 354611 0 0 3 0x14200 bored softnet0
14138 519272 0 0 3 0x14200 bored systqmp
58050 427800 0 0 3 0x14200 bored systq
40671 232495 0 0 3 0x14200 tmoslp softclockmp
99382 401364 0 0 3 0x40014200 tmoslp softclock
24813 350486 0 0 3 0x40014200 idle0
1 159796 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 28948 (syz-executor) thread 0xffff800032f9b978 (137013)
exclusive rwlock pfioctl_rw r = 0 (0xffffffff83478950)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 pfioctl+0x1bb sys/net/pf_ioctl.c:1179
#2 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#3 vn_ioctl+0xf6 sys/kern/vfs_vnops.c:525
#4 sys_ioctl+0x67c
#5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#6 Xsyscall+0x128
Process 27483 (syz-executor) thread 0xffff8000ffff62a8 (146153)
exclusive rwlock pf_lock r = 0 (0xffffffff834788f0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 pfi_attach_ifnet+0x2e sys/net/pf_if.c:315
#2 if_attachsetup+0xe8 sys/net/if.c:490
#3 if_attach+0x6d sys/net/if.c:575
#4 tun_create+0x40c sys/net/if_tun.c:276
#5 if_clone_create+0x15f sys/net/if.c:1331
#6 tun_dev_open+0x1a0 sys/net/if_tun.c:405
#7 spec_open+0x2e9 sys/kern/spec_vnops.c:150
#8 VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
#9 vn_open+0x708 sys/kern/vfs_vnops.c:177
#10 doopenat+0x31d sys/kern/vfs_syscalls.c:1123
#11 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#11 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#12 Xsyscall+0x128
exclusive rwlock netlock r = 0 (0xffffffff8340b300)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 if_attach+0x3b sys/net/if.c:573
#2 tun_create+0x40c sys/net/if_tun.c:276
#3 if_clone_create+0x15f sys/net/if.c:1331
#4 tun_dev_open+0x1a0 sys/net/if_tun.c:405
#5 spec_open+0x2e9 sys/kern/spec_vnops.c:150
#6 VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
#7 vn_open+0x708 sys/kern/vfs_vnops.c:177
#8 doopenat+0x31d sys/kern/vfs_syscalls.c:1123
#9 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#9 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#10 Xsyscall+0x128
exclusive rwlock clonelk r = 0 (0xffffffff8340b270)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 if_clone_create+0x65
#2 tun_dev_open+0x1a0 sys/net/if_tun.c:405
#3 spec_open+0x2e9 sys/kern/spec_vnops.c:150
#4 VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
#5 vn_open+0x708 sys/kern/vfs_vnops.c:177
#6 doopenat+0x31d sys/kern/vfs_syscalls.c:1123
#7 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#7 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#8 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8354a848)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#1 syscall+0xad6 sys/arch/amd64/amd64/trap.c:577
#2 Xsyscall+0x128
Process 8105 (syz-executor) thread 0xffff8000ffff76e8 (57017)
exclusive rrwlock inode r = 0 (0xfffffd80757201a8)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 vget+0x2bd sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x192 sys/ufs/ufs/ufs_ihash.c:98
#7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1201
#8 ufs_lookup+0x19f8 sys/ufs/ufs/ufs_lookup.c:478
#9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566
#11 namei+0x7aa sys/kern/vfs_lookup.c:250
#12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1852
#13 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#13 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8075720f78)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 vget+0x2bd sys/kern/vfs_subr.c:676
#6 cache_lookup+0x36e sys/kern/vfs_cache.c:222
#7 ufs_lookup+0x218 sys/ufs/ufs/ufs_lookup.c:160
#8 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#9 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566
#10 namei+0x7aa sys/kern/vfs_lookup.c:250
#11 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1852
#12 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#12 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#13 Xsyscall+0x128
Process 62242 (syz-executor) thread 0xffff800032f9b1e0 (371233)
exclusive rrwlock inode r = 0 (0xfffffd8075720808)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:169
#5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1230
#6 ffs_inode_alloc+0x283 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112
#8 VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394
#9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3099
#10 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#10 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806eec75f0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
#6 namei+0x7aa sys/kern/vfs_lookup.c:250
#7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3084
#8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 8948 (syslogd) thread 0xffff8000ffffdbe8 (261914)
exclusive rrwlock inode r = 0 (0xfffffd806e1612c0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 sys_fsync+0x152 sys/kern/vfs_syscalls.c:2926
#6 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
Process 49921 (reaper) thread 0xffff800029fd8290 (150893)
exclusive rwlock kmmaplk r = 0 (0xffffffff83623b58)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 vm_map_lock_ln+0x143 sys/uvm/uvm_map.c:5252
#3 uvm_unmap+0x81 sys/uvm/uvm_map.c:1792
#4 uvm_uarea_free+0x42 sys/uvm/uvm_glue.c:288
#5 reaper+0x1fe sys/kern/kern_exit.c:469
#6 proc_trampoline+0x10
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10205 14262K 14640K 166960K 11502 0
pcb 19 14K 15K 166960K 64 0
rtable 213 6K 7K 166960K 803 0
pf 34 229389K 229389K 166960K 87 0
ifaddr 41 7K 7K 166960K 112 0
ifgroup 53 2K 2K 166960K 129 0
sysctl 2 0K 0K 166960K 2 0
counters 64 36K 36K 166960K 104 0
ioctlops 0 0K 4K 166960K 1515 0
iov 0 0K 12K 166960K 12 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1370 86K 86K 166960K 1766 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 5 0
VM map 2 1K 1K 166960K 2 0
sem 9 0K 0K 166960K 9 0
dirhash 12 2K 2K 166960K 18 0
ACPI 1690 195K 286K 166960K 12418 0
file desc 14 49K 93K 166960K 561 0
sigio 0 0K 0K 166960K 10 0
proc 72 91K 140K 166960K 956 0
subproc 104 6K 6K 166960K 299 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 15 0
in_multi 87 6K 7K 166960K 270 0
ether_multi 1 0K 0K 166960K 3 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 97 440K 440K 166960K 97 0
exec 0 0K 1K 166960K 574 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 224 72K 92K 166960K 5826 0
UVM aobj 8 2K 2K 166960K 9 0
pinsyscall 39 78K 104K 166960K 2003 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 6 0
NDP 12 0K 2K 166960K 78 0
temp 49 6816K 6884K 166960K 18524 0
kqueue 13 20K 26K 166960K 64 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 109 0 106 2 1 1 2 0 8 0
rtentry 112 274 0 176 4 0 4 4 0 8 0
unpcb 144 312 0 293 6 5 1 6 0 8 0
syncache 336 4 0 4 2 2 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 808 121 0 113 8 7 1 8 0 8 0
arp 120 46 0 30 1 0 1 1 0 8 0
inpcb 336 476 0 459 18 16 2 18 0 8 0
nd6 136 70 0 49 1 0 1 1 0 8 0
kcovpl 48 23 0 15 1 0 1 1 0 8 0
ppxss 1168 3 0 3 3 2 1 1 0 8 1
pfstscr 40 1 0 1 1 1 0 1 0 8 0
pffrag 232 34 0 33 1 0 1 1 0 482 0
pffrnode 88 34 0 33 1 0 1 1 0 8 0
pffrent 40 144 0 143 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 55 0 23 1 0 1 1 0 8 0
pfstkey 128 57 0 25 2 0 2 2 0 8 0
pfstate 376 57 0 25 4 0 4 4 0 8 0
pfrule 1344 22 0 16 2 0 2 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 1140 0 734 32 2 30 30 0 8 3
art_table 32 1142 0 734 4 0 4 4 0 8 0
art_node 16 273 0 185 1 0 1 1 0 8 0
sysvmsgpl 40 5 0 0 1 0 1 1 0 8 0
semapl 112 7 0 0 1 0 1 1 0 8 0
shmpl 112 6 0 1 1 0 1 1 0 8 0
dirhash 1024 21 0 4 3 0 3 3 0 8 0
dino2pl 256 2030 0 494 97 0 97 97 0 8 0
ffsino 272 2030 0 494 103 0 103 103 0 8 0
nchpl 144 2553 0 1994 63 38 25 63 0 8 1
uvmvnodes 80 2410 0 0 50 0 50 50 0 8 0
vnodes 216 2410 0 0 134 0 134 134 0 8 0
namei 1024 9465 0 9464 3 2 1 2 0 8 0
percpumem 16 66 0 20 1 0 1 1 0 8 0
kstatmem 264 64 0 40 2 0 2 2 0 8 0
scxspl 216 11307 0 11305 10 2 8 8 1 8 7
plimitpl 152 87 0 70 1 0 1 1 0 8 0
sigapl 424 831 0 784 9 2 7 7 0 8 1
futexpl 64 3118 0 3111 2 1 1 1 0 8 0
knotepl 120 316 0 0 10 0 10 10 0 8 0
kqueuepl 216 79 0 70 1 0 1 1 0 8 0
pipepl 320 176 0 148 3 0 3 3 0 8 0
fdescpl 496 812 0 784 6 1 5 5 0 8 1
filepl 152 3788 0 3524 20 9 11 19 0 8 0
lockfpl 104 50 0 48 1 0 1 1 0 8 0
lockfspl 48 25 0 23 1 0 1 1 0 8 0
sessionpl 144 38 0 29 1 0 1 1 0 8 0
pgrppl 48 61 0 44 1 0 1 1 0 8 0
ucredpl 104 447 0 433 1 0 1 1 0 8 0
zombiepl 144 785 0 784 1 0 1 1 0 8 0
processpl 1160 831 0 784 5 1 4 5 0 8 0
procpl 648 1199 0 1141 7 1 6 6 0 8 0
srpgc 96 2 0 2 1 1 0 1 0 8 0
sosppl 168 3 0 3 2 2 0 1 0 8 0
sockpl 664 903 0 864 20 16 4 20 0 8 0
mcl64k 65536 1 0 0 1 0 1 1 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 234 0 0 30 0 30 30 0 8 0
mtagpl 96 8 0 0 1 0 1 1 0 8 0
mbufpl 256 308 0 0 19 0 19 19 0 8 0
bufpl 280 5567 0 100 391 0 391 391 0 8 0
anonpl 24 202705 0 199199 63 5 58 63 0 185 28
amapchunkpl 152 18891 0 18447 36 3 33 36 0 158 13
amappl16 200 4882 0 4857 19 17 2 14 0 8 0
amappl15 192 35 0 35 1 1 0 1 0 8 0
amappl14 184 146 0 133 1 0 1 1 0 8 0
amappl13 176 12 0 12 1 1 0 1 0 8 0
amappl12 168 1767 0 1739 4 2 2 3 0 8 0
amappl11 160 52 0 38 1 0 1 1 0 8 0
amappl10 152 6 0 6 1 1 0 1 0 8 0
amappl9 144 141 0 140 1 0 1 1 0 8 0
amappl8 136 22 0 20 1 0 1 1 0 8 0
amappl7 128 164 0 152 1 0 1 1 0 8 0
amappl6 120 312 0 310 1 0 1 1 0 8 0
amappl5 112 191 0 179 1 0 1 1 0 8 0
amappl4 104 357 0 339 1 0 1 1 0 8 0
amappl3 96 3599 0 3501 4 0 4 4 0 8 1
amappl2 88 884 0 816 2 0 2 2 0 8 0
amappl1 80 9789 0 9236 14 0 14 14 0 8 0
amappl 88 5324 0 5166 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 8 0 1 1 0 1 1 0 8 0
uaddrrnd 24 812 0 784 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 812 0 784 1 0 1 1 0 8 0
vmmpekpl 168 7582 0 7530 3 0 3 3 0 8 0
vmmpepl 168 58781 0 57071 94 10 84 94 0 357 1
vmsppl 440 811 0 784 6 2 4 5 0 8 0
rwobjpl 56 23137 0 19804 50 2 48 48 0 8 0
pdppl 4096 1631 0 1568 114 41 73 85 0 8 10
pvpl 32 27858 0 0 225 0 225 225 0 265 0
pmappl 248 811 0 784 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 441 0 74 12 0 12 12 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff834b9ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 sys/kern/kern_lock.c:144
intr_handler(ffff800029fe58e0,ffff800000079f80) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 sys/kern/kern_lock.c:144
uvm_map_splitentry(ffffffff83623a68,fffffd807e895dc8,fffffd806baded28,ffff8000351ee000) at uvm_map_splitentry+0x365 sys/uvm/uvm_map.c:2597
uvm_unmap_remove(ffffffff83623a68,ffff8000351e8000,ffff8000351ee000,ffff800029fe5af8,0,1,3f992dc0c641113c) at uvm_unmap_remove+0x5a5 sys/uvm/uvm_map.c:1984
uvm_unmap(ffffffff83623a68,ffff8000351e8000,ffff8000351ee000) at uvm_unmap+0xab sys/uvm/uvm_map.c:1793
uvm_uarea_free(ffff800036db5c08) at uvm_uarea_free+0x42 sys/uvm/uvm_glue.c:288
reaper(ffff800029fd8290) at reaper+0x1fe sys/kern/kern_exit.c:469
end trace frame: 0x0, count: 3
ddb{0}> trace
x86_ipi_db(ffffffff834b9ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 sys/kern/kern_lock.c:144
intr_handler(ffff800029fe58e0,ffff800000079f80) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 sys/kern/kern_lock.c:144
uvm_map_splitentry(ffffffff83623a68,fffffd807e895dc8,fffffd806baded28,ffff8000351ee000) at uvm_map_splitentry+0x365 sys/uvm/uvm_map.c:2597
uvm_unmap_remove(ffffffff83623a68,ffff8000351e8000,ffff8000351ee000,ffff800029fe5af8,0,1,3f992dc0c641113c) at uvm_unmap_remove+0x5a5 sys/uvm/uvm_map.c:1984
uvm_unmap(ffffffff83623a68,ffff8000351e8000,ffff8000351ee000) at uvm_unmap+0xab sys/uvm/uvm_map.c:1793
uvm_uarea_free(ffff800036db5c08) at uvm_uarea_free+0x42 sys/uvm/uvm_glue.c:288
reaper(ffff800029fd8290) at reaper+0x1fe sys/kern/kern_exit.c:469
end trace frame: 0x0, count: -12
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x25: addq $0x8,%rsp
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307fac1) at panic+0x1e5 sys/kern/subr_prf.c:198
pfi_attach_ifnet(ffff8000015a5000) at pfi_attach_ifnet+0x194 sys/net/pf_if.c:318
if_attachsetup(ffff8000015a5000) at if_attachsetup+0xe8 sys/net/if.c:490
if_attach(ffff8000015a5000) at if_attach+0x6d sys/net/if.c:575
tun_create(ffffffff83485fd0,7,800) at tun_create+0x40c sys/net/if_tun.c:276
if_clone_create(ffff80002f573c90,0) at if_clone_create+0x15f sys/net/if.c:1331
tun_dev_open(5d07,ffffffff83485fd0,0,ffff8000ffff62a8) at tun_dev_open+0x1a0 sys/net/if_tun.c:405
spec_open(ffff80002f573d88) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806cd8de88,7,fffffd807f7d3208,ffff8000ffff62a8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80002f573fd8,7,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff8000ffff62a8,ffffff9c,744e87e8e5b0,6,0,ffff80002f574180) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff80002f574230) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002f574230) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x744e87e8e530, count: 1
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307fac1) at panic+0x1e5 sys/kern/subr_prf.c:198
pfi_attach_ifnet(ffff8000015a5000) at pfi_attach_ifnet+0x194 sys/net/pf_if.c:318
if_attachsetup(ffff8000015a5000) at if_attachsetup+0xe8 sys/net/if.c:490
if_attach(ffff8000015a5000) at if_attach+0x6d sys/net/if.c:575
tun_create(ffffffff83485fd0,7,800) at tun_create+0x40c sys/net/if_tun.c:276
if_clone_create(ffff80002f573c90,0) at if_clone_create+0x15f sys/net/if.c:1331
tun_dev_open(5d07,ffffffff83485fd0,0,ffff8000ffff62a8) at tun_dev_open+0x1a0 sys/net/if_tun.c:405
spec_open(ffff80002f573d88) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806cd8de88,7,fffffd807f7d3208,ffff8000ffff62a8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80002f573fd8,7,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff8000ffff62a8,ffffff9c,744e87e8e5b0,6,0,ffff80002f574180) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff80002f574230) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002f574230) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x744e87e8e530, count: -14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4cda312e06fb Check that .In is callable and parsed. Trigge..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11884107980000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=d5c8044430cb10ccbb6e
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0f1046fd06aa/disk-4cda312e.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/0174b6df4635/bsd-4cda312e.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e3ea605e30a3/kernel-4cda312e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d5c804...@syzkaller.appspotmail.com
panic: pfi_attach_ifnet: pfi_kif_get failed
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*146153 27483 0 0x2 0 1K syz-executor
150893 49921 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307fac1) at panic+0x1e5 sys/kern/subr_prf.c:198
pfi_attach_ifnet(ffff8000015a5000) at pfi_attach_ifnet+0x194 sys/net/pf_if.c:318
if_attachsetup(ffff8000015a5000) at if_attachsetup+0xe8 sys/net/if.c:490
if_attach(ffff8000015a5000) at if_attach+0x6d sys/net/if.c:575
tun_create(ffffffff83485fd0,7,800) at tun_create+0x40c sys/net/if_tun.c:276
if_clone_create(ffff80002f573c90,0) at if_clone_create+0x15f sys/net/if.c:1331
tun_dev_open(5d07,ffffffff83485fd0,0,ffff8000ffff62a8) at tun_dev_open+0x1a0 sys/net/if_tun.c:405
spec_open(ffff80002f573d88) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806cd8de88,7,fffffd807f7d3208,ffff8000ffff62a8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80002f573fd8,7,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff8000ffff62a8,ffffff9c,744e87e8e5b0,6,0,ffff80002f574180) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff80002f574230) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002f574230) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x744e87e8e530, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pfi_attach_ifnet: pfi_kif_get failed
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307fac1) at panic+0x1e5 sys/kern/subr_prf.c:198
pfi_attach_ifnet(ffff8000015a5000) at pfi_attach_ifnet+0x194 sys/net/pf_if.c:318
if_attachsetup(ffff8000015a5000) at if_attachsetup+0xe8 sys/net/if.c:490
if_attach(ffff8000015a5000) at if_attach+0x6d sys/net/if.c:575
tun_create(ffffffff83485fd0,7,800) at tun_create+0x40c sys/net/if_tun.c:276
if_clone_create(ffff80002f573c90,0) at if_clone_create+0x15f sys/net/if.c:1331
tun_dev_open(5d07,ffffffff83485fd0,0,ffff8000ffff62a8) at tun_dev_open+0x1a0 sys/net/if_tun.c:405
spec_open(ffff80002f573d88) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806cd8de88,7,fffffd807f7d3208,ffff8000ffff62a8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80002f573fd8,7,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff8000ffff62a8,ffffff9c,744e87e8e5b0,6,0,ffff80002f574180) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff80002f574230) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002f574230) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x744e87e8e530, count: -14
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002f573a50
rbx 0xffff800029b7cd87
rdx 0
rcx 0xffff8000ffff62a8
rax 0xffff800029b7bff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8c9dc829fa155821
r11 0x8f8d1c1322b300cf
r12 0xffff800029b7cb88
r13 0
r14 0
r15 0x1
rip 0xffffffff81fab715 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002f573a40
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor) tid=146153 pid=27483 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=80, usrpri=80, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffff6020,0xffff8000ffff6f60
process=0xffff8000371ced70 user=0xffff80002f56f000, vmspace=0xfffffd806c119018
estcpu=36, cpticks=2, pctcpu=0.2, user=0, sys=4, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
28948 41053 9304 0 3 0x80 nanoslp syz-executor
28948 137013 9304 0 2 0x4000000 syz-executor
28948 497909 9304 0 3 0x4000080 fsleep syz-executor
27267 414447 75485 0 2 0 syz-executor
27267 455949 75485 0 3 0x4000080 fsleep syz-executor
27267 248849 75485 0 3 0x4000080 fsleep syz-executor
97240 100698 49780 0 2 0x10 syz-executor
97240 139814 49780 0 3 0x4000090 pipewr syz-executor
97240 250362 49780 0 3 0x4000090 fsleep syz-executor
97240 47213 49780 0 3 0x4000090 fsleep syz-executor
97240 417233 49780 0 3 0x4000090 fsleep syz-executor
97240 240926 49780 0 3 0x4000090 fsleep syz-executor
81911 218162 26929 0 3 0x3000 suspend syz-executor
81911 209078 26929 0 2 0x4081000 syz-executor
*27483 146153 94128 0 7 0x2 syz-executor
9304 253899 94128 0 2 0x482 syz-executor
75485 20583 94128 0 2 0x482 syz-executor
8105 57017 94128 0 3 0x2 biowait syz-executor
87090 208252 94128 0 3 0x82 piperd syz-executor
49780 384166 94128 0 2 0x2 syz-executor
26929 111464 94128 0 3 0x82 nanoslp syz-executor
62242 371233 94128 0 3 0x2 biowait syz-executor
57753 40743 0 0 3 0x14200 bored sosplice
94128 472483 23570 0 2 0x2 syz-executor
23570 347510 69052 0 3 0x10008a sigsusp ksh
69052 6723 9605 0 3 0x98 kqread sshd-session
9605 81663 51709 0 3 0x92 kqread sshd-session
82772 465540 1 0 3 0x100083 ttyopn getty
51709 204880 1 0 3 0x88 kqread sshd
38519 302105 8651 74 3 0x1100092 bpf pflogd
8651 411521 1 0 3 0x80 sbwait pflogd
8948 261914 2696 73 2 0x1100010 syslogd
2696 59646 1 0 3 0x100082 sbwait syslogd
80646 515239 1 0 3 0x100080 kqread resolvd
39152 309049 5836 77 2 0x100092 dhcpleased
85701 382956 5836 77 3 0x100092 kqread dhcpleased
5836 116885 1 0 3 0x80 kqread dhcpleased
54200 183403 0 0 3 0x14200 bored smr
7560 90118 0 0 2 0x14200 zerothread
42096 148553 0 0 3 0x14200 aiodoned aiodoned
56175 188758 0 0 3 0x14200 syncer update
16680 220220 0 0 3 0x14200 cleaner cleaner
49921 150893 0 0 7 0x14200 reaper
88898 58367 0 0 3 0x14200 pgdaemon pagedaemon
26046 196818 0 0 3 0x14200 bored viomb
87800 189842 0 0 3 0x40014200 acpi0 acpi0
64546 322673 0 0 3 0x40014200 idle1
68552 244992 0 0 3 0x14200 bored softnet3
7962 183891 0 0 3 0x14200 bored softnet2
32441 175506 0 0 3 0x14200 bored softnet1
29007 354611 0 0 3 0x14200 bored softnet0
14138 519272 0 0 3 0x14200 bored systqmp
58050 427800 0 0 3 0x14200 bored systq
40671 232495 0 0 3 0x14200 tmoslp softclockmp
99382 401364 0 0 3 0x40014200 tmoslp softclock
24813 350486 0 0 3 0x40014200 idle0
1 159796 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 28948 (syz-executor) thread 0xffff800032f9b978 (137013)
exclusive rwlock pfioctl_rw r = 0 (0xffffffff83478950)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 pfioctl+0x1bb sys/net/pf_ioctl.c:1179
#2 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#3 vn_ioctl+0xf6 sys/kern/vfs_vnops.c:525
#4 sys_ioctl+0x67c
#5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#6 Xsyscall+0x128
Process 27483 (syz-executor) thread 0xffff8000ffff62a8 (146153)
exclusive rwlock pf_lock r = 0 (0xffffffff834788f0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 pfi_attach_ifnet+0x2e sys/net/pf_if.c:315
#2 if_attachsetup+0xe8 sys/net/if.c:490
#3 if_attach+0x6d sys/net/if.c:575
#4 tun_create+0x40c sys/net/if_tun.c:276
#5 if_clone_create+0x15f sys/net/if.c:1331
#6 tun_dev_open+0x1a0 sys/net/if_tun.c:405
#7 spec_open+0x2e9 sys/kern/spec_vnops.c:150
#8 VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
#9 vn_open+0x708 sys/kern/vfs_vnops.c:177
#10 doopenat+0x31d sys/kern/vfs_syscalls.c:1123
#11 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#11 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#12 Xsyscall+0x128
exclusive rwlock netlock r = 0 (0xffffffff8340b300)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 if_attach+0x3b sys/net/if.c:573
#2 tun_create+0x40c sys/net/if_tun.c:276
#3 if_clone_create+0x15f sys/net/if.c:1331
#4 tun_dev_open+0x1a0 sys/net/if_tun.c:405
#5 spec_open+0x2e9 sys/kern/spec_vnops.c:150
#6 VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
#7 vn_open+0x708 sys/kern/vfs_vnops.c:177
#8 doopenat+0x31d sys/kern/vfs_syscalls.c:1123
#9 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#9 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#10 Xsyscall+0x128
exclusive rwlock clonelk r = 0 (0xffffffff8340b270)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 if_clone_create+0x65
#2 tun_dev_open+0x1a0 sys/net/if_tun.c:405
#3 spec_open+0x2e9 sys/kern/spec_vnops.c:150
#4 VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
#5 vn_open+0x708 sys/kern/vfs_vnops.c:177
#6 doopenat+0x31d sys/kern/vfs_syscalls.c:1123
#7 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#7 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#8 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8354a848)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#1 syscall+0xad6 sys/arch/amd64/amd64/trap.c:577
#2 Xsyscall+0x128
Process 8105 (syz-executor) thread 0xffff8000ffff76e8 (57017)
exclusive rrwlock inode r = 0 (0xfffffd80757201a8)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 vget+0x2bd sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x192 sys/ufs/ufs/ufs_ihash.c:98
#7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1201
#8 ufs_lookup+0x19f8 sys/ufs/ufs/ufs_lookup.c:478
#9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566
#11 namei+0x7aa sys/kern/vfs_lookup.c:250
#12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1852
#13 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#13 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8075720f78)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 vget+0x2bd sys/kern/vfs_subr.c:676
#6 cache_lookup+0x36e sys/kern/vfs_cache.c:222
#7 ufs_lookup+0x218 sys/ufs/ufs/ufs_lookup.c:160
#8 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#9 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566
#10 namei+0x7aa sys/kern/vfs_lookup.c:250
#11 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1852
#12 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#12 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#13 Xsyscall+0x128
Process 62242 (syz-executor) thread 0xffff800032f9b1e0 (371233)
exclusive rrwlock inode r = 0 (0xfffffd8075720808)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:169
#5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1230
#6 ffs_inode_alloc+0x283 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112
#8 VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394
#9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3099
#10 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#10 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806eec75f0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
#6 namei+0x7aa sys/kern/vfs_lookup.c:250
#7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3084
#8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 8948 (syslogd) thread 0xffff8000ffffdbe8 (261914)
exclusive rrwlock inode r = 0 (0xfffffd806e1612c0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 sys_fsync+0x152 sys/kern/vfs_syscalls.c:2926
#6 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
Process 49921 (reaper) thread 0xffff800029fd8290 (150893)
exclusive rwlock kmmaplk r = 0 (0xffffffff83623b58)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 vm_map_lock_ln+0x143 sys/uvm/uvm_map.c:5252
#3 uvm_unmap+0x81 sys/uvm/uvm_map.c:1792
#4 uvm_uarea_free+0x42 sys/uvm/uvm_glue.c:288
#5 reaper+0x1fe sys/kern/kern_exit.c:469
#6 proc_trampoline+0x10
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10205 14262K 14640K 166960K 11502 0
pcb 19 14K 15K 166960K 64 0
rtable 213 6K 7K 166960K 803 0
pf 34 229389K 229389K 166960K 87 0
ifaddr 41 7K 7K 166960K 112 0
ifgroup 53 2K 2K 166960K 129 0
sysctl 2 0K 0K 166960K 2 0
counters 64 36K 36K 166960K 104 0
ioctlops 0 0K 4K 166960K 1515 0
iov 0 0K 12K 166960K 12 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1370 86K 86K 166960K 1766 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 5 0
VM map 2 1K 1K 166960K 2 0
sem 9 0K 0K 166960K 9 0
dirhash 12 2K 2K 166960K 18 0
ACPI 1690 195K 286K 166960K 12418 0
file desc 14 49K 93K 166960K 561 0
sigio 0 0K 0K 166960K 10 0
proc 72 91K 140K 166960K 956 0
subproc 104 6K 6K 166960K 299 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 15 0
in_multi 87 6K 7K 166960K 270 0
ether_multi 1 0K 0K 166960K 3 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 97 440K 440K 166960K 97 0
exec 0 0K 1K 166960K 574 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 224 72K 92K 166960K 5826 0
UVM aobj 8 2K 2K 166960K 9 0
pinsyscall 39 78K 104K 166960K 2003 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 6 0
NDP 12 0K 2K 166960K 78 0
temp 49 6816K 6884K 166960K 18524 0
kqueue 13 20K 26K 166960K 64 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 109 0 106 2 1 1 2 0 8 0
rtentry 112 274 0 176 4 0 4 4 0 8 0
unpcb 144 312 0 293 6 5 1 6 0 8 0
syncache 336 4 0 4 2 2 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 808 121 0 113 8 7 1 8 0 8 0
arp 120 46 0 30 1 0 1 1 0 8 0
inpcb 336 476 0 459 18 16 2 18 0 8 0
nd6 136 70 0 49 1 0 1 1 0 8 0
kcovpl 48 23 0 15 1 0 1 1 0 8 0
ppxss 1168 3 0 3 3 2 1 1 0 8 1
pfstscr 40 1 0 1 1 1 0 1 0 8 0
pffrag 232 34 0 33 1 0 1 1 0 482 0
pffrnode 88 34 0 33 1 0 1 1 0 8 0
pffrent 40 144 0 143 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 55 0 23 1 0 1 1 0 8 0
pfstkey 128 57 0 25 2 0 2 2 0 8 0
pfstate 376 57 0 25 4 0 4 4 0 8 0
pfrule 1344 22 0 16 2 0 2 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 1140 0 734 32 2 30 30 0 8 3
art_table 32 1142 0 734 4 0 4 4 0 8 0
art_node 16 273 0 185 1 0 1 1 0 8 0
sysvmsgpl 40 5 0 0 1 0 1 1 0 8 0
semapl 112 7 0 0 1 0 1 1 0 8 0
shmpl 112 6 0 1 1 0 1 1 0 8 0
dirhash 1024 21 0 4 3 0 3 3 0 8 0
dino2pl 256 2030 0 494 97 0 97 97 0 8 0
ffsino 272 2030 0 494 103 0 103 103 0 8 0
nchpl 144 2553 0 1994 63 38 25 63 0 8 1
uvmvnodes 80 2410 0 0 50 0 50 50 0 8 0
vnodes 216 2410 0 0 134 0 134 134 0 8 0
namei 1024 9465 0 9464 3 2 1 2 0 8 0
percpumem 16 66 0 20 1 0 1 1 0 8 0
kstatmem 264 64 0 40 2 0 2 2 0 8 0
scxspl 216 11307 0 11305 10 2 8 8 1 8 7
plimitpl 152 87 0 70 1 0 1 1 0 8 0
sigapl 424 831 0 784 9 2 7 7 0 8 1
futexpl 64 3118 0 3111 2 1 1 1 0 8 0
knotepl 120 316 0 0 10 0 10 10 0 8 0
kqueuepl 216 79 0 70 1 0 1 1 0 8 0
pipepl 320 176 0 148 3 0 3 3 0 8 0
fdescpl 496 812 0 784 6 1 5 5 0 8 1
filepl 152 3788 0 3524 20 9 11 19 0 8 0
lockfpl 104 50 0 48 1 0 1 1 0 8 0
lockfspl 48 25 0 23 1 0 1 1 0 8 0
sessionpl 144 38 0 29 1 0 1 1 0 8 0
pgrppl 48 61 0 44 1 0 1 1 0 8 0
ucredpl 104 447 0 433 1 0 1 1 0 8 0
zombiepl 144 785 0 784 1 0 1 1 0 8 0
processpl 1160 831 0 784 5 1 4 5 0 8 0
procpl 648 1199 0 1141 7 1 6 6 0 8 0
srpgc 96 2 0 2 1 1 0 1 0 8 0
sosppl 168 3 0 3 2 2 0 1 0 8 0
sockpl 664 903 0 864 20 16 4 20 0 8 0
mcl64k 65536 1 0 0 1 0 1 1 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 234 0 0 30 0 30 30 0 8 0
mtagpl 96 8 0 0 1 0 1 1 0 8 0
mbufpl 256 308 0 0 19 0 19 19 0 8 0
bufpl 280 5567 0 100 391 0 391 391 0 8 0
anonpl 24 202705 0 199199 63 5 58 63 0 185 28
amapchunkpl 152 18891 0 18447 36 3 33 36 0 158 13
amappl16 200 4882 0 4857 19 17 2 14 0 8 0
amappl15 192 35 0 35 1 1 0 1 0 8 0
amappl14 184 146 0 133 1 0 1 1 0 8 0
amappl13 176 12 0 12 1 1 0 1 0 8 0
amappl12 168 1767 0 1739 4 2 2 3 0 8 0
amappl11 160 52 0 38 1 0 1 1 0 8 0
amappl10 152 6 0 6 1 1 0 1 0 8 0
amappl9 144 141 0 140 1 0 1 1 0 8 0
amappl8 136 22 0 20 1 0 1 1 0 8 0
amappl7 128 164 0 152 1 0 1 1 0 8 0
amappl6 120 312 0 310 1 0 1 1 0 8 0
amappl5 112 191 0 179 1 0 1 1 0 8 0
amappl4 104 357 0 339 1 0 1 1 0 8 0
amappl3 96 3599 0 3501 4 0 4 4 0 8 1
amappl2 88 884 0 816 2 0 2 2 0 8 0
amappl1 80 9789 0 9236 14 0 14 14 0 8 0
amappl 88 5324 0 5166 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 8 0 1 1 0 1 1 0 8 0
uaddrrnd 24 812 0 784 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 812 0 784 1 0 1 1 0 8 0
vmmpekpl 168 7582 0 7530 3 0 3 3 0 8 0
vmmpepl 168 58781 0 57071 94 10 84 94 0 357 1
vmsppl 440 811 0 784 6 2 4 5 0 8 0
rwobjpl 56 23137 0 19804 50 2 48 48 0 8 0
pdppl 4096 1631 0 1568 114 41 73 85 0 8 10
pvpl 32 27858 0 0 225 0 225 225 0 265 0
pmappl 248 811 0 784 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 441 0 74 12 0 12 12 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff834b9ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 sys/kern/kern_lock.c:144
intr_handler(ffff800029fe58e0,ffff800000079f80) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 sys/kern/kern_lock.c:144
uvm_map_splitentry(ffffffff83623a68,fffffd807e895dc8,fffffd806baded28,ffff8000351ee000) at uvm_map_splitentry+0x365 sys/uvm/uvm_map.c:2597
uvm_unmap_remove(ffffffff83623a68,ffff8000351e8000,ffff8000351ee000,ffff800029fe5af8,0,1,3f992dc0c641113c) at uvm_unmap_remove+0x5a5 sys/uvm/uvm_map.c:1984
uvm_unmap(ffffffff83623a68,ffff8000351e8000,ffff8000351ee000) at uvm_unmap+0xab sys/uvm/uvm_map.c:1793
uvm_uarea_free(ffff800036db5c08) at uvm_uarea_free+0x42 sys/uvm/uvm_glue.c:288
reaper(ffff800029fd8290) at reaper+0x1fe sys/kern/kern_exit.c:469
end trace frame: 0x0, count: 3
ddb{0}> trace
x86_ipi_db(ffffffff834b9ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 sys/kern/kern_lock.c:144
intr_handler(ffff800029fe58e0,ffff800000079f80) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8354a640) at __mp_lock+0x192 sys/kern/kern_lock.c:144
uvm_map_splitentry(ffffffff83623a68,fffffd807e895dc8,fffffd806baded28,ffff8000351ee000) at uvm_map_splitentry+0x365 sys/uvm/uvm_map.c:2597
uvm_unmap_remove(ffffffff83623a68,ffff8000351e8000,ffff8000351ee000,ffff800029fe5af8,0,1,3f992dc0c641113c) at uvm_unmap_remove+0x5a5 sys/uvm/uvm_map.c:1984
uvm_unmap(ffffffff83623a68,ffff8000351e8000,ffff8000351ee000) at uvm_unmap+0xab sys/uvm/uvm_map.c:1793
uvm_uarea_free(ffff800036db5c08) at uvm_uarea_free+0x42 sys/uvm/uvm_glue.c:288
reaper(ffff800029fd8290) at reaper+0x1fe sys/kern/kern_exit.c:469
end trace frame: 0x0, count: -12
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x25: addq $0x8,%rsp
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307fac1) at panic+0x1e5 sys/kern/subr_prf.c:198
pfi_attach_ifnet(ffff8000015a5000) at pfi_attach_ifnet+0x194 sys/net/pf_if.c:318
if_attachsetup(ffff8000015a5000) at if_attachsetup+0xe8 sys/net/if.c:490
if_attach(ffff8000015a5000) at if_attach+0x6d sys/net/if.c:575
tun_create(ffffffff83485fd0,7,800) at tun_create+0x40c sys/net/if_tun.c:276
if_clone_create(ffff80002f573c90,0) at if_clone_create+0x15f sys/net/if.c:1331
tun_dev_open(5d07,ffffffff83485fd0,0,ffff8000ffff62a8) at tun_dev_open+0x1a0 sys/net/if_tun.c:405
spec_open(ffff80002f573d88) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806cd8de88,7,fffffd807f7d3208,ffff8000ffff62a8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80002f573fd8,7,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff8000ffff62a8,ffffff9c,744e87e8e5b0,6,0,ffff80002f574180) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff80002f574230) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002f574230) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x744e87e8e530, count: 1
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307fac1) at panic+0x1e5 sys/kern/subr_prf.c:198
pfi_attach_ifnet(ffff8000015a5000) at pfi_attach_ifnet+0x194 sys/net/pf_if.c:318
if_attachsetup(ffff8000015a5000) at if_attachsetup+0xe8 sys/net/if.c:490
if_attach(ffff8000015a5000) at if_attach+0x6d sys/net/if.c:575
tun_create(ffffffff83485fd0,7,800) at tun_create+0x40c sys/net/if_tun.c:276
if_clone_create(ffff80002f573c90,0) at if_clone_create+0x15f sys/net/if.c:1331
tun_dev_open(5d07,ffffffff83485fd0,0,ffff8000ffff62a8) at tun_dev_open+0x1a0 sys/net/if_tun.c:405
spec_open(ffff80002f573d88) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806cd8de88,7,fffffd807f7d3208,ffff8000ffff62a8) at VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
vn_open(ffff80002f573fd8,7,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff8000ffff62a8,ffffff9c,744e87e8e5b0,6,0,ffff80002f574180) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff80002f574230) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002f574230) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x744e87e8e530, count: -14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages