kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Wed Mar 23 00:43:11 PDT 2022 OpenBSD/amd64 (ci-openbsd-multicore-5.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.125' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 120816 71841 0 0 0 0 syz-executor3335769445 *516958 10349 0 0 0x4000000 1 syz-executor3335769445 db_enter() at db_enter+0x18 panic(ffffffff825a4184) at panic+0x177 witness_checkorder(ffffffff82a6f1a0,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 selwakeup(fffffd8075287148) at selwakeup+0x16 sorwakeup(fffffd8075287030) at sorwakeup+0xc9 rip6_input(ffff80002121ad38,ffff80002121ad44,3a,18) at rip6_input+0x6bc icmp6_input(ffff80002121ad38,ffff80002121ad44,3a,18) at icmp6_input+0x8e8 ip_deliver(ffff80002121ad38,ffff80002121ad44,3a,18) at ip_deliver+0x322 ip6_input_if(ffff80002121ad38,ffff80002121ad44,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd806e525c00) at ipv6_input+0x48 if_input_local(ffff80000019f2a8,fffffd806e525c00,18) at if_input_local+0x136 ip6_output(fffffd806f2eae00,ffff800000bc6180,fffffd806f682558,0,0,fffffd806f6824e0) at ip6_output+0xf57 rip6_output(fffffd807f00d000,fffffd8075287210,ffff80002121b0a0,0) at rip6_output+0x4ad end trace frame: 0xffff80002121b140, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{1}> trace db_enter() at db_enter+0x18 panic(ffffffff825a4184) at panic+0x177 witness_checkorder(ffffffff82a6f1a0,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 selwakeup(fffffd8075287148) at selwakeup+0x16 sorwakeup(fffffd8075287030) at sorwakeup+0xc9 rip6_input(ffff80002121ad38,ffff80002121ad44,3a,18) at rip6_input+0x6bc icmp6_input(ffff80002121ad38,ffff80002121ad44,3a,18) at icmp6_input+0x8e8 ip_deliver(ffff80002121ad38,ffff80002121ad44,3a,18) at ip_deliver+0x322 ip6_input_if(ffff80002121ad38,ffff80002121ad44,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd806e525c00) at ipv6_input+0x48 if_input_local(ffff80000019f2a8,fffffd806e525c00,18) at if_input_local+0x136 ip6_output(fffffd806f2eae00,ffff800000bc6180,fffffd806f682558,0,0,fffffd806f6824e0) at ip6_output+0xf57 rip6_output(fffffd807f00d000,fffffd8075287210,ffff80002121b0a0,0) at rip6_output+0x4ad rip6_usrreq(fffffd8075287210,9,fffffd807f00d000,0,0,ffff8000ffff47e8) at rip6_usrreq+0x5d3 sosend(fffffd8075287210,0,ffff80002121b2d8,0,0,0) at sosend+0x632 dofilewritev(ffff8000ffff47e8,4,ffff80002121b2d8,0,ffff80002121b3d0) at dofilewritev+0x19c sys_write(ffff8000ffff47e8,ffff80002121b378,ffff80002121b3d0) at sys_write+0x83 syscall(ffff80002121b440) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x617be5a7560, count: -20 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80002121a740 rbx 0xffff800020ce9bff rdx 0x3fd rcx 0 rax 0x68 r8 0x101010101010101 r9 0x8080808080808080 r10 0xbf02893c4075f2b2 r11 0xd3c2f82308a646ba r12 0xffff800020ce9a00 r13 0 r14 0 r15 0x1 rip 0xffffffff815a2d98 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002121a730 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor3335769445) pid=516958 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff57a8,0xffff8000ffff4d38 process=0xffff80002120f1f8 user=0xffff800021216000, vmspace=0xfffffd806d3ffa20 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 71841 120816 73211 0 7 0 syz-executor3335769445 71841 255984 73211 0 2 0x4000000 syz-executor3335769445 64778 152248 81976 0 2 0 syz-executor3335769445 64778 72398 81976 0 3 0x4000080 fsleep syz-executor3335769445 3014 45641 20047 0 2 0 syz-executor3335769445 3014 304605 20047 0 3 0x4000080 fsleep syz-executor3335769445 94693 34454 45227 0 2 0 syz-executor3335769445 94693 386627 45227 0 3 0x4000080 fsleep syz-executor3335769445 10349 384430 36825 0 2 0 syz-executor3335769445 *10349 516958 36825 0 7 0x4000000 syz-executor3335769445 10349 182247 36825 0 3 0x4000080 fsleep syz-executor3335769445 65014 244746 88885 0 2 0 syz-executor3335769445 65014 388818 88885 0 2 0x4000000 syz-executor3335769445 23563 229470 45639 0 2 0 syz-executor3335769445 23563 13545 45639 0 2 0x4000000 syz-executor3335769445 23563 178443 45639 0 3 0x4000080 fsleep syz-executor3335769445 53727 431277 63524 0 3 0x80 nanoslp syz-executor3335769445 45639 231103 63524 0 3 0x80 nanoslp syz-executor3335769445 20047 267504 63524 0 3 0x80 nanoslp syz-executor3335769445 36825 25143 63524 0 3 0x80 nanoslp syz-executor3335769445 88885 521584 63524 0 3 0x80 nanoslp syz-executor3335769445 45227 223730 63524 0 2 0x480 syz-executor3335769445 73211 203177 63524 0 2 0x480 syz-executor3335769445 81976 499982 63524 0 2 0x480 syz-executor3335769445 63524 98959 99885 0 3 0x82 nanoslp syz-executor3335769445 99885 5972 3788 0 3 0x10008a sigsusp ksh 3788 454111 74283 0 3 0x9a kqread sshd 40078 2413 1 0 3 0x100083 ttyin getty 74283 75078 1 0 3 0x88 kqread sshd 45557 457305 24510 74 3 0x1100092 bpf pflogd 24510 323196 1 0 3 0x80 netio pflogd 12994 182956 79675 73 3 0x1100090 kqread syslogd 79675 106197 1 0 3 0x100082 netio syslogd 20549 396312 1 0 3 0x100080 kqread resolvd 55422 73150 1555 77 3 0x100092 kqread dhcpleased 48713 453764 1555 77 3 0x100092 kqread dhcpleased 1555 311638 1 0 3 0x80 kqread dhcpleased 48535 222780 0 0 3 0x14200 bored smr 92164 93291 0 0 2 0x14200 zerothread 54429 88368 0 0 3 0x14200 aiodoned aiodoned 75053 302844 0 0 3 0x14200 syncer update 58732 427678 0 0 3 0x14200 cleaner cleaner 24975 336203 0 0 3 0x14200 reaper reaper 59853 490998 0 0 3 0x14200 pgdaemon pagedaemon 39195 450035 0 0 3 0x14200 bored viomb 66670 64492 0 0 3 0x40014200 acpi0 acpi0 84788 257508 0 0 3 0x40014200 idle1 4683 338952 0 0 3 0x14200 bored softnet 93430 471191 0 0 3 0x14200 bored systqmp 21633 387252 0 0 3 0x14200 bored systq 9160 118161 0 0 3 0x40014200 bored softclock 76226 179388 0 0 3 0x40014200 idle0 1 158581 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 1: exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a21700) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 rip6_input+0x28f #4 icmp6_input+0x8e8 #5 ip_deliver+0x322 #6 ip6_input_if+0x920 #7 ipv6_input+0x48 #8 if_input_local+0x136 #9 ip6_output+0xf57 #10 rip6_output+0x4ad #11 rip6_usrreq+0x5d3 #12 sosend+0x632 #13 dofilewritev+0x19c #14 sys_write+0x83 #15 syscall+0x489 #16 Xsyscall+0x128 Process 10349 (syz-executor3335769445) thread 0xffff8000ffff47e8 (516958) exclusive rwlock netlock r = 0 (0xffffffff829bbd70) #0 witness_lock+0x44d #1 solock+0x86 #2 sosend+0x517 #3 dofilewritev+0x19c #4 sys_write+0x83 #5 syscall+0x489 #6 Xsyscall+0x128 exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a21700) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 rip6_input+0x28f #4 icmp6_input+0x8e8 #5 ip_deliver+0x322 #6 ip6_input_if+0x920 #7 ipv6_input+0x48 #8 if_input_local+0x136 #9 ip6_output+0xf57 #10 rip6_output+0x4ad #11 rip6_usrreq+0x5d3 #12 sosend+0x632 #13 dofilewritev+0x19c #14 sys_write+0x83 #15 syscall+0x489 #16 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10149 6454K 6455K 78643K 11239 0 pcb 26 8K 8K 78643K 268 0 rtable 62 2K 2K 78643K 121 0 ifaddr 29 8K 8K 78643K 32 0 counters 40 33K 33K 78643K 40 0 ioctlops 0 0K 4K 78643K 1479 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1167 73K 73K 78643K 1180 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 67 87K 87K 78643K 282 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 7 0K 0K 78643K 124 0 in_multi 19 1K 1K 78643K 160 0 ether_multi 2 0K 0K 78643K 26 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 452 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 208 71K 71K 78643K 4068 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 12 0K 0K 78643K 246 0 NDP 4 0K 0K 78643K 4 0 temp 24 4694K 4757K 78643K 3355 0 kqueue 11 16K 18K 78643K 24 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 21 0 18 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 136 35 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 132 0 89 5 0 5 5 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 312 527 0 502 2 0 2 2 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 250 0 2 2 0 2 2 0 8 0 pfstkey 112 250 0 2 8 0 8 8 0 8 0 pfstate 320 250 0 2 21 0 21 21 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1424 0 39 87 0 87 87 0 8 0 ffsino 272 1424 0 39 93 0 93 93 0 8 0 nchpl 144 1599 0 49 58 0 58 58 0 8 0 uvmvnodes 80 1434 0 0 30 0 30 30 0 8 0 vnodes 224 1434 0 0 85 0 85 85 0 8 0 namei 1024 4488 0 4488 2 1 1 1 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 scxspl 216 4115 0 4115 10 7 3 8 0 8 3 plimitpl 152 24 0 9 1 0 1 1 0 8 0 sigapl 424 464 0 419 6 0 6 6 0 8 0 futexpl 64 1289 0 1284 1 0 1 1 0 8 0 knotepl 120 41 0 0 2 0 2 2 0 8 0 kqueuepl 216 20 0 13 1 0 1 1 0 8 0 pipepl 336 90 0 87 2 1 1 1 0 8 0 fdescpl 496 450 0 420 4 0 4 4 0 8 0 filepl 152 1664 0 1587 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 69 0 57 1 0 1 1 0 8 0 zombiepl 144 420 0 419 2 1 1 1 0 8 0 processpl 1064 464 0 419 4 0 4 4 0 8 0 procpl 672 650 0 596 5 0 5 5 0 8 0 sockpl 480 583 0 540 7 1 6 6 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 65 0 0 8 0 8 8 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 120 0 0 7 0 7 7 0 8 0 bufpl 288 2021 0 90 138 0 138 138 0 8 0 anonpl 24 84428 0 79554 35 4 31 32 0 186 0 amapchunkpl 152 7993 0 7614 16 0 16 16 0 158 0 amappl16 200 153 0 146 2 1 1 1 0 8 0 amappl15 192 71 0 68 1 0 1 1 0 8 0 amappl13 176 34 0 33 2 1 1 1 0 8 0 amappl12 168 14 0 14 2 1 1 1 0 8 1 amappl11 160 53 0 39 1 0 1 1 0 8 0 amappl10 152 2 0 0 1 0 1 1 0 8 0 amappl9 144 462 0 460 1 0 1 1 0 8 0 amappl8 136 520 0 501 1 0 1 1 0 8 0 amappl7 128 66 0 63 1 0 1 1 0 8 0 amappl6 120 119 0 106 1 0 1 1 0 8 0 amappl5 112 181 0 169 1 0 1 1 0 8 0 amappl4 104 660 0 639 1 0 1 1 0 8 0 amappl3 96 126 0 117 1 0 1 1 0 8 0 amappl2 88 393 0 355 1 0 1 1 0 8 0 amappl1 80 11080 0 10566 13 2 11 11 0 8 0 amappl 88 3644 0 3468 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 450 0 420 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 450 0 420 1 0 1 1 0 8 0 vmmpekpl 168 7061 0 7039 2 0 2 2 0 8 0 vmmpepl 168 35921 0 34482 71 5 66 66 0 357 0 vmsppl 368 449 0 420 3 0 3 3 0 8 0 rwobjpl 56 12831 0 10665 31 0 31 31 0 8 0 pdppl 4096 907 0 840 97 28 69 69 0 8 2 pvpl 32 188078 0 180905 66 6 60 60 0 265 0 pmappl 248 449 0 420 2 0 2 2 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 461 0 33 13 0 13 13 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff82986ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7ffffbcba0, count: 12 ddb{0}> trace x86_ipi_db(ffffffff82986ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7ffffbcba0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x18: addq $0x8,%rsp db_enter() at db_enter+0x18 panic(ffffffff825a4184) at panic+0x177 witness_checkorder(ffffffff82a6f1a0,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 selwakeup(fffffd8075287148) at selwakeup+0x16 sorwakeup(fffffd8075287030) at sorwakeup+0xc9 rip6_input(ffff80002121ad38,ffff80002121ad44,3a,18) at rip6_input+0x6bc icmp6_input(ffff80002121ad38,ffff80002121ad44,3a,18) at icmp6_input+0x8e8 ip_deliver(ffff80002121ad38,ffff80002121ad44,3a,18) at ip_deliver+0x322 ip6_input_if(ffff80002121ad38,ffff80002121ad44,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd806e525c00) at ipv6_input+0x48 if_input_local(ffff80000019f2a8,fffffd806e525c00,18) at if_input_local+0x136 ip6_output(fffffd806f2eae00,ffff800000bc6180,fffffd806f682558,0,0,fffffd806f6824e0) at ip6_output+0xf57 rip6_output(fffffd807f00d000,fffffd8075287210,ffff80002121b0a0,0) at rip6_output+0x4ad end trace frame: 0xffff80002121b140, count: 0 ddb{1}> trace db_enter() at db_enter+0x18 panic(ffffffff825a4184) at panic+0x177 witness_checkorder(ffffffff82a6f1a0,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 selwakeup(fffffd8075287148) at selwakeup+0x16 sorwakeup(fffffd8075287030) at sorwakeup+0xc9 rip6_input(ffff80002121ad38,ffff80002121ad44,3a,18) at rip6_input+0x6bc icmp6_input(ffff80002121ad38,ffff80002121ad44,3a,18) at icmp6_input+0x8e8 ip_deliver(ffff80002121ad38,ffff80002121ad44,3a,18) at ip_deliver+0x322 ip6_input_if(ffff80002121ad38,ffff80002121ad44,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd806e525c00) at ipv6_input+0x48 if_input_local(ffff80000019f2a8,fffffd806e525c00,18) at if_input_local+0x136 ip6_output(fffffd806f2eae00,ffff800000bc6180,fffffd806f682558,0,0,fffffd806f6824e0) at ip6_output+0xf57 rip6_output(fffffd807f00d000,fffffd8075287210,ffff80002121b0a0,0) at rip6_output+0x4ad rip6_usrreq(fffffd8075287210,9,fffffd807f00d000,0,0,ffff8000ffff47e8) at rip6_usrreq+0x5d3 sosend(fffffd8075287210,0,ffff80002121b2d8,0,0,0) at sosend+0x632 dofilewritev(ffff8000ffff47e8,4,ffff80002121b2d8,0,ffff80002121b3d0) at dofilewritev+0x19c sys_write(ffff8000ffff47e8,ffff80002121b378,ffff80002121b3d0) at sys_write+0x83 syscall(ffff80002121b440) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x617be5a7560, count: -20 ddb{1}>