Warning: Permanently added '10.128.1.39' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program panic: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/intr.c", line 699 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 308505 63549 0 0 0x4000000 0 syz-executor2123468665 db_enter() at db_enter+0x1c panic(ffffffff827a19e2) at panic+0x17b __assert(ffffffff8281ff79,ffffffff827aa473,2bb,ffffffff827a1cb3) at __assert+0x29 splraise(da70f2f5) at splraise+0xb4 mtx_enter_try(fffffd8076862438) at mtx_enter_try+0x73 mtx_enter(fffffd8076862438) at mtx_enter+0x4f knote_remove(ffff8000212257e8,fffffd8076862438,fffffd80768624c0,0,0) at knote_remove+0x20d knote_fdclose(ffff8000212257e8,0) at knote_fdclose+0xae fdfree(ffff8000212257e8) at fdfree+0xdf exit1(ffff8000212257e8,0,0,1) at exit1+0x3e4 sys_exit(ffff8000212257e8,ffff800021287820,ffff800021287870) at sys_exit+0x1a syscall(ffff8000212878f0) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x721b865b6680, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/intr.c", line 699 ddb{1}> trace db_enter() at db_enter+0x1c panic(ffffffff827a19e2) at panic+0x17b __assert(ffffffff8281ff79,ffffffff827aa473,2bb,ffffffff827a1cb3) at __assert+0x29 splraise(da70f2f5) at splraise+0xb4 mtx_enter_try(fffffd8076862438) at mtx_enter_try+0x73 mtx_enter(fffffd8076862438) at mtx_enter+0x4f knote_remove(ffff8000212257e8,fffffd8076862438,fffffd80768624c0,0,0) at knote_remove+0x20d knote_fdclose(ffff8000212257e8,0) at knote_fdclose+0xae fdfree(ffff8000212257e8) at fdfree+0xdf exit1(ffff8000212257e8,0,0,1) at exit1+0x3e4 sys_exit(ffff8000212257e8,ffff800021287820,ffff800021287870) at sys_exit+0x1a syscall(ffff8000212878f0) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x721b865b6680, count: -13 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800021287460 rbx 0xffff800020d59b9f rdx 0x3fd rcx 0 rax 0x92 r8 0x101010101010101 r9 0x8080808080808080 r10 0x242de5f9933709ce r11 0x50c405d6752c91ec r12 0xffff800020d599a0 r13 0 r14 0 r15 0x1 rip 0xffffffff810eab1c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800021287450 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor2123468665) pid=491086 stat=onproc flags process=1008 proc=2000 pri=0, usrpri=55, nice=20 forw=0xffffffffffffffff, list=0xffff800021225d38,0xffff8000212252a8 process=0xffff8000ffff5508 user=0xffff800021282000, vmspace=0xfffffd8008a16570 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 61102 49642 593 0 2 0 syz-executor2123468665 61102 449609 593 0 2 0x4000080 syz-executor2123468665 63549 292676 3804 0 2 0 syz-executor2123468665 63549 308505 3804 0 7 0x4000000 syz-executor2123468665 4037 88971 47023 0 2 0 syz-executor2123468665 4037 240325 47023 0 3 0x4000080 fsleep syz-executor2123468665 1565 66372 5448 0 2 0 syz-executor2123468665 1565 518403 5448 0 3 0x4000080 fsleep syz-executor2123468665 1565 73134 5448 0 3 0x4000080 netcon syz-executor2123468665 57934 41956 0 0 3 0x14200 bored sosplice 593 95872 2212 0 3 0x80 nanoslp syz-executor2123468665 3804 273024 2212 0 3 0x80 nanoslp syz-executor2123468665 85683 339589 2212 0 3 0 biowait syz-executor2123468665 39514 19833 2212 0 3 0 biowait syz-executor2123468665 65662 448035 2212 0 3 0x80 nanoslp syz-executor2123468665 47023 506189 2212 0 3 0x80 nanoslp syz-executor2123468665 5448 149799 2212 0 3 0x80 nanoslp syz-executor2123468665 10350 388645 2212 0 3 0x80 nanoslp syz-executor2123468665 2212 90097 40630 0 3 0x82 nanoslp syz-executor2123468665 40630 132571 41593 0 3 0x10008a sigsusp ksh 41593 446553 10792 0 3 0x9a kqread sshd 9698 125153 1 0 3 0x100083 ttyin getty 10792 315312 1 0 3 0x88 kqread sshd 86117 283987 15220 74 3 0x1100092 bpf pflogd 15220 281181 1 0 3 0x80 netio pflogd 76009 183712 30753 73 3 0x1100090 kqread syslogd 30753 107952 1 0 3 0x100082 netio syslogd 71315 425538 1 0 3 0x100080 kqread resolvd 31137 333223 93001 77 3 0x100092 kqread dhcpleased 93742 26278 93001 77 3 0x100092 kqread dhcpleased 93001 211363 1 0 3 0x80 kqread dhcpleased 94147 289955 0 0 3 0x14200 bored smr 85046 222993 0 0 2 0x14200 zerothread 11840 124784 0 0 3 0x14200 aiodoned aiodoned 64157 58574 0 0 3 0x14200 syncer update 62200 97333 0 0 3 0x14200 cleaner cleaner 74166 410904 0 0 2 0x14200 reaper 65123 332908 0 0 3 0x14200 pgdaemon pagedaemon 48045 294491 0 0 3 0x14200 bored viomb 45525 48209 0 0 3 0x40014200 acpi0 acpi0 43291 95125 0 0 3 0x40014200 idle1 28541 358936 0 0 3 0x14200 bored softnet3 17815 225477 0 0 3 0x14200 bored softnet2 76191 183813 0 0 3 0x14200 bored softnet1 105 484956 0 0 3 0x14200 bored softnet0 89273 366165 0 0 3 0x14200 bored systqmp 41660 3350 0 0 3 0x14200 bored systq 99020 127031 0 0 3 0x40014200 bored softclock 73223 235941 0 0 3 0x40014200 idle0 1 200251 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive sched_lock &sched_lock r = 0 (0xffffffff82cfb918) #0 witness_lock+0x447 #1 wakeup_n+0x37 #2 sched_idle+0x232 #3 proc_trampoline+0x1c Process 85683 (syz-executor2123468665) thread 0xffff8000211f5808 (339589) exclusive rrwlock inode r = 0 (0xfffffd806cc334e0) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 ufs_ihashins+0x46 #5 ffs_vget+0x141 #6 ffs_inode_alloc+0x1c2 #7 ufs_mkdir+0xf8 #8 VOP_MKDIR+0xc3 #9 domkdirat+0x125 #10 syscall+0x5e2 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806cd7b918) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 vn_lock+0x84 #5 vfs_lookup+0xd5 #6 namei+0x55a #7 domkdirat+0x79 #8 syscall+0x5e2 #9 Xsyscall+0x128 Process 39514 (syz-executor2123468665) thread 0xffff8000211f5ab0 (19833) exclusive rrwlock inode r = 0 (0xfffffd806cc330a0) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 vn_lock+0x84 #5 vget+0x200 #6 ufs_ihashget+0x121 #7 ffs_vget+0x7c #8 ufs_lookup+0x13ba #9 VOP_LOOKUP+0x5c #10 vfs_lookup+0x6e2 #11 namei+0x55a #12 dounlinkat+0x9d #13 syscall+0x5e2 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806cd7bb38) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 vn_lock+0x84 #5 vfs_lookup+0xd5 #6 namei+0x55a #7 dounlinkat+0x9d #8 syscall+0x5e2 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10163 6456K 6456K 78643K 11241 0 pcb 13 10K 12K 78643K 15 0 rtable 58 1K 2K 78643K 116 0 pf 15 6K 10K 78643K 26 0 ifaddr 13 9K 9K 78643K 13 0 ifgroup 22 1K 1K 78643K 22 0 counters 44 33K 33K 78643K 44 0 ioctlops 0 0K 4K 78643K 1475 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1176 74K 74K 78643K 1192 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 67 91K 91K 78643K 302 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 1K 78643K 272 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 155 7K 8K 78643K 3311 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 4 0K 0K 78643K 4 0 temp 1 5904K 5968K 78643K 3335 0 kqueue 12 18K 22K 78643K 145 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 21 0 18 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 144 35 0 20 1 0 1 1 0 8 0 syncache 304 126 0 126 1 0 1 1 0 8 1 tcpqe 32 323 0 323 1 0 1 1 0 8 1 tcpcb 808 495 0 356 15 0 15 15 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 368 644 0 500 14 0 14 14 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 9 0 0 1 0 1 1 0 8 0 pfstkey 128 9 0 0 1 0 1 1 0 8 0 pfstate 376 9 0 0 1 0 1 1 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1565 0 155 89 0 89 89 0 8 0 ffsino 272 1565 0 155 95 0 95 95 0 8 0 nchpl 144 1875 0 293 59 0 59 59 0 8 0 uvmvnodes 80 1579 0 0 33 0 33 33 0 8 0 vnodes 216 1579 0 0 88 0 88 88 0 8 0 namei 1024 5084 0 5083 2 0 2 2 0 8 1 percpumem 16 35 0 0 1 0 1 1 0 8 0 kstatmem 264 8 0 0 1 0 1 1 0 8 0 scxspl 216 5758 0 5756 3 1 2 2 1 8 1 plimitpl 152 17 0 10 1 0 1 1 0 8 0 sigapl 424 473 0 426 7 1 6 6 0 8 0 futexpl 64 1608 0 1606 1 0 1 1 0 8 0 knotepl 120 47 0 0 2 0 2 2 0 8 0 kqueuepl 216 141 0 133 1 0 1 1 0 8 0 pipepl 320 95 0 92 1 0 1 1 0 8 0 fdescpl 496 455 0 427 4 0 4 4 0 8 0 filepl 152 2011 0 1939 4 0 4 4 0 8 1 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 104 71 0 59 1 0 1 1 0 8 0 zombiepl 144 428 0 426 1 0 1 1 0 8 0 processpl 1072 473 0 426 4 0 4 4 0 8 0 procpl 680 598 0 545 6 1 5 5 0 8 0 sosppl 168 120 0 114 1 0 1 1 0 8 0 sockpl 488 700 0 537 21 0 21 21 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 267 0 0 34 0 34 34 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 280 0 0 18 0 18 18 0 8 0 bufpl 288 2703 0 90 187 0 187 187 0 8 0 anonpl 24 188194 0 185814 25 2 23 25 0 186 8 amapchunkpl 152 11242 0 10924 14 0 14 14 0 158 0 amappl16 200 5265 0 5254 5 2 3 5 0 8 2 amappl15 192 28 0 28 1 1 0 1 0 8 0 amappl14 184 115 0 104 1 0 1 1 0 8 0 amappl13 176 11 0 11 1 1 0 1 0 8 0 amappl12 168 1003 0 976 3 1 2 2 0 8 0 amappl11 160 66 0 52 1 0 1 1 0 8 0 amappl10 152 18 0 18 1 0 1 1 0 8 1 amappl9 144 161 0 161 1 0 1 1 0 8 1 amappl8 136 31 0 29 1 0 1 1 0 8 0 amappl7 128 151 0 136 1 0 1 1 0 8 0 amappl6 120 159 0 143 1 0 1 1 0 8 0 amappl5 112 118 0 107 1 0 1 1 0 8 0 amappl4 104 473 0 438 2 0 2 2 0 8 1 amappl3 96 2933 0 2866 3 1 2 2 0 8 0 amappl2 88 635 0 580 2 0 2 2 0 8 0 amappl1 80 9968 0 9451 12 0 12 12 0 8 0 amappl 88 3000 0 2891 3 0 3 3 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 455 0 427 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 455 0 427 1 0 1 1 0 8 0 vmmpekpl 168 7784 0 7762 2 0 2 2 0 8 0 vmmpepl 168 40943 0 39518 68 1 67 67 0 357 4 vmsppl 464 454 0 427 4 0 4 4 0 8 0 rwobjpl 56 20407 0 18033 35 1 34 34 0 8 0 pdppl 4096 918 0 854 84 14 70 70 0 8 6 pvpl 32 301232 0 295503 57 2 55 57 0 265 7 pmappl 248 454 0 427 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 560 0 17 16 0 16 16 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffffffff82be4ff0) at x86_ipi_db+0x1e x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82c82a60) at __mp_lock+0x122 intr_handler(ffff8000212c38e0,ffff80000006bc00) at intr_handler+0x62 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f Xsyscall() at Xsyscall+0x111 end of kernel end trace frame: 0xa68f1ffd20, count: 8 ddb{0}> trace x86_ipi_db(ffffffff82be4ff0) at x86_ipi_db+0x1e x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82c82a60) at __mp_lock+0x122 intr_handler(ffff8000212c38e0,ffff80000006bc00) at intr_handler+0x62 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f Xsyscall() at Xsyscall+0x111 end of kernel end trace frame: 0xa68f1ffd20, count: -7 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x1c: addq $0x8,%rsp db_enter() at db_enter+0x1c panic(ffffffff827a19e2) at panic+0x17b __assert(ffffffff8281ff79,ffffffff827aa473,2bb,ffffffff827a1cb3) at __assert+0x29 splraise(da70f2f5) at splraise+0xb4 mtx_enter_try(fffffd8076862438) at mtx_enter_try+0x73 mtx_enter(fffffd8076862438) at mtx_enter+0x4f knote_remove(ffff8000212257e8,fffffd8076862438,fffffd80768624c0,0,0) at knote_remove+0x20d knote_fdclose(ffff8000212257e8,0) at knote_fdclose+0xae fdfree(ffff8000212257e8) at fdfree+0xdf exit1(ffff8000212257e8,0,0,1) at exit1+0x3e4 sys_exit(ffff8000212257e8,ffff800021287820,ffff800021287870) at sys_exit+0x1a syscall(ffff8000212878f0) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x721b865b6680, count: 2 ddb{1}> trace db_enter() at db_enter+0x1c panic(ffffffff827a19e2) at panic+0x17b __assert(ffffffff8281ff79,ffffffff827aa473,2bb,ffffffff827a1cb3) at __assert+0x29 splraise(da70f2f5) at splraise+0xb4 mtx_enter_try(fffffd8076862438) at mtx_enter_try+0x73 mtx_enter(fffffd8076862438) at mtx_enter+0x4f knote_remove(ffff8000212257e8,fffffd8076862438,fffffd80768624c0,0,0) at knote_remove+0x20d knote_fdclose(ffff8000212257e8,0) at knote_fdclose+0xae fdfree(ffff8000212257e8) at fdfree+0xdf exit1(ffff8000212257e8,0,0,1) at exit1+0x3e4 sys_exit(ffff8000212257e8,ffff800021287820,ffff800021287870) at sys_exit+0x1a syscall(ffff8000212878f0) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x721b865b6680, count: -13 ddb{1}>