kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Mon Mar 21 23:16:01 PDT 2022 OpenBSD/amd64 (ci-openbsd-setuid-3.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.1.28' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program login: panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *125961 23413 0 0 0x4000000 1 syz-executor4185261365 20240 10086 0 0 0x480 0 syz-executor4185261365 db_enter() at db_enter+0x18 panic(ffffffff825a183e) at panic+0x177 witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a73700) at __mp_lock+0xa1 selwakeup(fffffd806f1f08a0) at selwakeup+0x16 sorwakeup(fffffd806f1f0788) at sorwakeup+0xc9 udp_sbappend(fffffd806f67d000,fffffd806d625400,fffffd806f3821b0,0,14,fffffd806f3821c4,d56ac7aca31e740,0) at udp_sbappend+0x3b1 udp_input(ffff800021216918,ffff800021216924,11,2) at udp_input+0xbcb ip_deliver(ffff800021216918,ffff800021216924,11,2) at ip_deliver+0x322 ip_ours(ffff800021216918,ffff800021216924,fffffd806f3821bc,0) at ip_ours+0x3ba ip_input_if(ffff800021216918,ffff800021216924,4,0,ffff800000689000) at ip_input_if+0x2a1 ipv4_input(ffff800000689000,fffffd806f382100) at ipv4_input+0x48 if_input_local(ffff800000689000,fffffd806f382100,2) at if_input_local+0x10e ip_output(fffffd806f382c00,0,fffffd806f67d900,0,0,fffffd806f67d888,781dc4684bb5554c) at ip_output+0xb05 end trace frame: 0xffff800021216b90, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{1}> trace db_enter() at db_enter+0x18 panic(ffffffff825a183e) at panic+0x177 witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a73700) at __mp_lock+0xa1 selwakeup(fffffd806f1f08a0) at selwakeup+0x16 sorwakeup(fffffd806f1f0788) at sorwakeup+0xc9 udp_sbappend(fffffd806f67d000,fffffd806d625400,fffffd806f3821b0,0,14,fffffd806f3821c4,d56ac7aca31e740,0) at udp_sbappend+0x3b1 udp_input(ffff800021216918,ffff800021216924,11,2) at udp_input+0xbcb ip_deliver(ffff800021216918,ffff800021216924,11,2) at ip_deliver+0x322 ip_ours(ffff800021216918,ffff800021216924,fffffd806f3821bc,0) at ip_ours+0x3ba ip_input_if(ffff800021216918,ffff800021216924,4,0,ffff800000689000) at ip_input_if+0x2a1 ipv4_input(ffff800000689000,fffffd806f382100) at ipv4_input+0x48 if_input_local(ffff800000689000,fffffd806f382100,2) at if_input_local+0x10e ip_output(fffffd806f382c00,0,fffffd806f67d900,0,0,fffffd806f67d888,781dc4684bb5554c) at ip_output+0xb05 udp_output(fffffd806f67d888,fffffd806f382c00,0,0) at udp_output+0x58d sosend(fffffd806cf261f8,0,ffff800021216d28,0,0,0) at sosend+0x632 dofilewritev(ffff8000ffff4a80,4,ffff800021216d28,0,ffff800021216e20) at dofilewritev+0x19c sys_write(ffff8000ffff4a80,ffff800021216dc8,ffff800021216e20) at sys_write+0x83 syscall(ffff800021216e90) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3d3f56dc60, count: -20 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800021216350 rbx 0xffff800020ce9bff rdx 0x3fd rcx 0 rax 0x68 r8 0x101010101010101 r9 0x8080808080808080 r10 0xbf9c886e29e2ab56 r11 0xdeac69ce2f4e0bec r12 0xffff800020ce9a00 r13 0 r14 0 r15 0x1 rip 0xffffffff819ed3a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021216340 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor4185261365) pid=125961 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff57a0,0xffff8000ffff42b0 process=0xffff8000ffff10b8 user=0xffff800021211000, vmspace=0xfffffd806ef32cf8 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 47686 396494 66319 0 2 0 syz-executor4185261365 11600 191164 91043 0 2 0 syz-executor4185261365 11600 84908 91043 0 2 0x4000000 syz-executor4185261365 19601 248045 22071 0 2 0 syz-executor4185261365 19601 239851 22071 0 3 0x4000080 fsleep syz-executor4185261365 37654 190480 99439 0 2 0 syz-executor4185261365 78479 392037 90710 0 2 0 syz-executor4185261365 78479 309195 90710 0 3 0x4000080 fsleep syz-executor4185261365 78952 261452 70322 0 2 0 syz-executor4185261365 78952 427414 70322 0 3 0x4000080 fsleep syz-executor4185261365 28920 456202 61211 0 2 0 syz-executor4185261365 28920 88507 61211 0 3 0x4000080 fsleep syz-executor4185261365 90710 138074 64443 0 3 0x80 nanoslp syz-executor4185261365 70322 350023 64443 0 3 0x80 nanoslp syz-executor4185261365 91043 474336 64443 0 3 0x80 nanoslp syz-executor4185261365 23413 245474 10086 0 2 0 syz-executor4185261365 *23413 125961 10086 0 7 0x4000000 syz-executor4185261365 23413 391695 10086 0 3 0x4000080 fsleep syz-executor4185261365 99439 429193 64443 0 3 0x80 nanoslp syz-executor4185261365 61211 178564 64443 0 3 0x80 nanoslp syz-executor4185261365 66319 359268 64443 0 3 0x80 nanoslp syz-executor4185261365 10086 20240 64443 0 7 0x480 syz-executor4185261365 22071 9220 64443 0 2 0x480 syz-executor4185261365 64443 74979 23391 0 3 0x82 nanoslp syz-executor4185261365 23391 100118 80087 0 3 0x10008a sigsusp ksh 80087 16196 87419 0 2 0x12 sshd 62429 137145 1 0 3 0x100083 ttyin getty 87419 298698 1 0 3 0x88 kqread sshd 53461 268887 68008 73 3 0x1100090 kqread syslogd 68008 423414 1 0 3 0x100082 netio syslogd 61560 247270 1 0 3 0x100080 kqread resolvd 58014 238870 48088 77 3 0x100092 kqread dhcpleased 55761 359751 48088 77 3 0x100092 kqread dhcpleased 48088 214960 1 0 3 0x80 kqread dhcpleased 69252 335863 0 0 3 0x14200 bored smr 81847 301877 0 0 2 0x14200 zerothread 48388 469128 0 0 3 0x14200 aiodoned aiodoned 34550 152075 0 0 3 0x14200 syncer update 51103 241490 0 0 3 0x14200 cleaner cleaner 21468 169733 0 0 3 0x14200 reaper reaper 16816 490432 0 0 3 0x14200 pgdaemon pagedaemon 495 228856 0 0 3 0x14200 bored viomb 29595 457510 0 0 3 0x40014200 acpi0 acpi0 18912 239324 0 0 3 0x40014200 idle1 60620 455155 0 0 3 0x14200 bored softnet 26280 22607 0 0 3 0x14200 bored systqmp 89382 145086 0 0 3 0x14200 bored systq 43391 238165 0 0 3 0x40014200 bored softclock 37938 225735 0 0 3 0x40014200 idle0 1 129485 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 1: exclusive mutex &table->inpt_mtx r = 0 (0xffffffff829cb1d0) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 udp_input+0x7b0 #4 ip_deliver+0x322 #5 ip_ours+0x3ba #6 ip_input_if+0x2a1 #7 ipv4_input+0x48 #8 if_input_local+0x10e #9 ip_output+0xb05 #10 udp_output+0x58d #11 sosend+0x632 #12 dofilewritev+0x19c #13 sys_write+0x83 #14 syscall+0x489 #15 Xsyscall+0x128 Process 11600 (syz-executor4185261365) thread 0xffff800021166a88 (191164) exclusive rwlock vmmaplk r = 0 (0xfffffd806fb4fd18) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 vm_map_lock_ln+0xda #3 uvm_mapanon+0x22f #4 sys_mmap+0x870 #5 syscall+0x489 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82a73908) #0 witness_lock+0x44d #1 syscall+0x3ef #2 Xsyscall+0x128 Process 23413 (syz-executor4185261365) thread 0xffff8000ffff4a80 (125961) exclusive rwlock netlock r = 0 (0xffffffff828ee470) #0 witness_lock+0x44d #1 solock+0x86 #2 sosend+0x517 #3 dofilewritev+0x19c #4 sys_write+0x83 #5 syscall+0x489 #6 Xsyscall+0x128 exclusive mutex &table->inpt_mtx r = 0 (0xffffffff829cb1d0) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 udp_input+0x7b0 #4 ip_deliver+0x322 #5 ip_ours+0x3ba #6 ip_input_if+0x2a1 #7 ipv4_input+0x48 #8 if_input_local+0x10e #9 ip_output+0xb05 #10 udp_output+0x58d #11 sosend+0x632 #12 dofilewritev+0x19c #13 sys_write+0x83 #14 syscall+0x489 #15 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10143 6388K 6419K 78643K 11233 0 pcb 13 8K 8K 78643K 13 0 rtable 62 2K 2K 78643K 108 0 ifaddr 24 7K 7K 78643K 24 0 counters 40 33K 33K 78643K 40 0 ioctlops 0 0K 2K 78643K 25 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1166 73K 73K 78643K 1179 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 55 74K 75K 78643K 226 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 391 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 164 6K 6K 78643K 2144 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 3 0K 0K 78643K 3 0 temp 19 4694K 4757K 78643K 3102 0 kqueue 11 16K 18K 78643K 24 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 17 0 14 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 136 33 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 312 46 0 34 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1415 0 38 87 0 87 87 0 8 0 ffsino 272 1415 0 38 92 0 92 92 0 8 0 nchpl 144 1590 0 47 58 0 58 58 0 8 0 uvmvnodes 80 1424 0 0 30 0 30 30 0 8 0 vnodes 224 1424 0 0 84 0 84 84 0 8 0 namei 1024 4139 0 4139 2 1 1 1 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 scxspl 216 3975 0 3975 10 2 8 8 0 8 8 plimitpl 152 15 0 9 1 0 1 1 0 8 0 sigapl 424 313 0 270 5 0 5 5 0 8 0 futexpl 64 42 0 37 1 0 1 1 0 8 0 knotepl 120 44 0 0 2 0 2 2 0 8 0 kqueuepl 216 20 0 13 1 0 1 1 0 8 0 pipepl 336 79 0 76 2 1 1 1 0 8 0 fdescpl 496 299 0 270 5 1 4 4 0 8 0 filepl 152 1031 0 972 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 96 64 0 54 1 0 1 1 0 8 0 zombiepl 144 270 0 270 2 1 1 1 0 8 1 processpl 1064 313 0 270 4 1 3 3 0 8 0 procpl 672 325 0 275 5 0 5 5 0 8 0 sockpl 480 96 0 68 4 0 4 4 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 56 0 0 7 0 7 7 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 114 0 0 7 0 7 7 0 8 0 bufpl 288 1945 0 83 133 0 133 133 0 8 0 anonpl 24 41628 0 37802 28 3 25 25 0 186 1 amapchunkpl 152 3937 0 3630 14 1 13 13 0 158 0 amappl16 200 33 0 31 2 1 1 1 0 8 0 amappl15 192 59 0 56 1 0 1 1 0 8 0 amappl13 176 32 0 31 2 1 1 1 0 8 0 amappl12 168 16 0 16 2 1 1 1 0 8 1 amappl11 160 53 0 43 1 0 1 1 0 8 0 amappl10 152 11 0 11 1 1 0 1 0 8 0 amappl9 144 459 0 457 1 0 1 1 0 8 0 amappl8 136 361 0 342 1 0 1 1 0 8 0 amappl7 128 61 0 58 1 0 1 1 0 8 0 amappl6 120 107 0 94 1 0 1 1 0 8 0 amappl5 112 171 0 163 1 0 1 1 0 8 0 amappl4 104 577 0 559 1 0 1 1 0 8 0 amappl3 96 113 0 103 1 0 1 1 0 8 0 amappl2 88 350 0 307 1 0 1 1 0 8 0 amappl1 80 8222 0 7777 11 1 10 10 0 8 0 amappl 88 1879 0 1737 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 299 0 270 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 299 0 270 1 0 1 1 0 8 0 vmmpekpl 168 5905 0 5890 1 0 1 1 0 8 0 vmmpepl 168 25350 0 24062 59 1 58 58 0 357 1 vmsppl 368 298 0 270 3 0 3 3 0 8 0 rwobjpl 56 9146 0 7095 30 0 30 30 0 8 0 pdppl 4096 605 0 540 83 18 65 65 0 8 0 pvpl 32 127820 0 121811 52 1 51 51 0 265 2 pmappl 248 298 0 270 3 1 2 2 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 434 0 22 12 0 12 12 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff828f1ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x39 __mp_acquire_count(ffffffff82a73700,1) at __mp_acquire_count+0x48 mi_switch() at mi_switch+0x3d3 sleep_finish(ffff8000211c8200,1) at sleep_finish+0x198 tsleep(ffffffff829cb250,120,ffffffff82568f7d,2) at tsleep+0x12c sys_nanosleep(ffff800021142008,ffff8000211c8320,ffff8000211c8380) at sys_nanosleep+0x1f5 syscall(ffff8000211c83f0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd6780, count: 4 ddb{0}> trace x86_ipi_db(ffffffff828f1ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x39 __mp_acquire_count(ffffffff82a73700,1) at __mp_acquire_count+0x48 mi_switch() at mi_switch+0x3d3 sleep_finish(ffff8000211c8200,1) at sleep_finish+0x198 tsleep(ffffffff829cb250,120,ffffffff82568f7d,2) at tsleep+0x12c sys_nanosleep(ffff800021142008,ffff8000211c8320,ffff8000211c8380) at sys_nanosleep+0x1f5 syscall(ffff8000211c83f0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd6780, count: -11 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x18: addq $0x8,%rsp db_enter() at db_enter+0x18 panic(ffffffff825a183e) at panic+0x177 witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a73700) at __mp_lock+0xa1 selwakeup(fffffd806f1f08a0) at selwakeup+0x16 sorwakeup(fffffd806f1f0788) at sorwakeup+0xc9 udp_sbappend(fffffd806f67d000,fffffd806d625400,fffffd806f3821b0,0,14,fffffd806f3821c4,d56ac7aca31e740,0) at udp_sbappend+0x3b1 udp_input(ffff800021216918,ffff800021216924,11,2) at udp_input+0xbcb ip_deliver(ffff800021216918,ffff800021216924,11,2) at ip_deliver+0x322 ip_ours(ffff800021216918,ffff800021216924,fffffd806f3821bc,0) at ip_ours+0x3ba ip_input_if(ffff800021216918,ffff800021216924,4,0,ffff800000689000) at ip_input_if+0x2a1 ipv4_input(ffff800000689000,fffffd806f382100) at ipv4_input+0x48 if_input_local(ffff800000689000,fffffd806f382100,2) at if_input_local+0x10e ip_output(fffffd806f382c00,0,fffffd806f67d900,0,0,fffffd806f67d888,781dc4684bb5554c) at ip_output+0xb05 end trace frame: 0xffff800021216b90, count: 0 ddb{1}> trace db_enter() at db_enter+0x18 panic(ffffffff825a183e) at panic+0x177 witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a73700) at __mp_lock+0xa1 selwakeup(fffffd806f1f08a0) at selwakeup+0x16 sorwakeup(fffffd806f1f0788) at sorwakeup+0xc9 udp_sbappend(fffffd806f67d000,fffffd806d625400,fffffd806f3821b0,0,14,fffffd806f3821c4,d56ac7aca31e740,0) at udp_sbappend+0x3b1 udp_input(ffff800021216918,ffff800021216924,11,2) at udp_input+0xbcb ip_deliver(ffff800021216918,ffff800021216924,11,2) at ip_deliver+0x322 ip_ours(ffff800021216918,ffff800021216924,fffffd806f3821bc,0) at ip_ours+0x3ba ip_input_if(ffff800021216918,ffff800021216924,4,0,ffff800000689000) at ip_input_if+0x2a1 ipv4_input(ffff800000689000,fffffd806f382100) at ipv4_input+0x48 if_input_local(ffff800000689000,fffffd806f382100,2) at if_input_local+0x10e ip_output(fffffd806f382c00,0,fffffd806f67d900,0,0,fffffd806f67d888,781dc4684bb5554c) at ip_output+0xb05 udp_output(fffffd806f67d888,fffffd806f382c00,0,0) at udp_output+0x58d sosend(fffffd806cf261f8,0,ffff800021216d28,0,0,0) at sosend+0x632 dofilewritev(ffff8000ffff4a80,4,ffff800021216d28,0,ffff800021216e20) at dofilewritev+0x19c sys_write(ffff8000ffff4a80,ffff800021216dc8,ffff800021216e20) at sys_write+0x83 syscall(ffff800021216e90) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3d3f56dc60, count: -20 ddb{1}>