kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Sat Mar 12 11:55:46 PST 2022 OpenBSD/amd64 (ci-openbsd-setuid-3.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.16' (ED25519) to the list of known hosts. 2022/03/12 11:56:00 parsed 1 programs 2022/03/12 11:56:07 executed programs: 0 login: witness: lock order reversal: 1st 0xfffffd806c306a40 vmmaplk (&map->lock) 2nd 0xfffffd80714b2068 fdlock (&newfdp->fd_fd.fd_lock) lock order "&newfdp->fd_fd.fd_lock"(rwlock) -> "&map->lock"(rwlock) first seen at: #0 rw_enter_read+0x66 #1 uvmfault_lookup+0xd9 #2 uvm_fault_check+0x3a #3 uvm_fault+0x102 #4 kpageflttrap+0x209 #5 kerntrap+0xef #6 alltraps_kern_meltdown+0x7b #7 copyout+0x53 #8 syscall+0x489 #9 Xsyscall+0x128 lock order "&map->lock"(rwlock) -> "&newfdp->fd_fd.fd_lock"(rwlock) first seen at: #0 rw_enter_write+0x5b #1 fill_file+0xad2 #2 sysctl_file+0xe77 #3 kern_sysctl+0xfd #4 sys_sysctl+0x209 #5 syscall+0x489 #6 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 witness_checkorder(fffffd80714b2068,9,0) at witness_checkorder+0x10b7 rw_enter_write(fffffd80714b2058) at rw_enter_write+0x5b fill_file(ffff800000b93800,fffffd806ac11578,fffffd80714b2010,0,0,ffff8000fffed910,f09a33e63746b1cb,ff09,ffff80002127a548) at fill_file+0xad2 sysctl_file(ffff8000212d4888,4,20000080,ffff8000212d48b8,ffff80002127a548) at sysctl_file+0xe77 kern_sysctl(ffff8000212d4884,5,20000080,ffff8000212d48b8,0,0,3e4bf6cb8ece4654) at kern_sysctl+0xfd sys_sysctl(ffff80002127a548,ffff8000212d4928,ffff8000212d4980) at sys_sysctl+0x209 syscall(ffff8000212d49f0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffccb10, count: -9 ddb{0}> show registers rdi 0x3 rsi 0xffffffff8294abb0 __sancov_gen_cov_switch_values.134 rbp 0xffff8000212d41f0 rbx 0x3 rdx 0x3fd rcx 0 rax 0x1 r8 0xffff8000212d4160 r9 0x8080808080808080 r10 0xd6854106db3c5392 r11 0xca7d19c5a17a7e r12 0xffffffff82aad570 w_lodata+0x4fc00 r13 0 r14 0xffffffff82aacbd0 w_lodata+0x4f260 r15 0xfffffd8002f62c80 rip 0xffffffff8138d658 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000212d41e0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.6) pid=389575 stat=onproc flags process=0 proc=0 pri=52, usrpri=52, nice=20 forw=0xffffffffffffffff, list=0xffff80002127afc8,0xffff80002127aa98 process=0xffff8000fffed0c0 user=0xffff8000212cf000, vmspace=0xfffffd806c306a28 estcpu=2, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 73637 44995 15880 0 2 0 syz-executor.2 *94094 389575 64711 0 7 0 syz-executor.6 3538 301801 57924 0 2 0x2 ifconfig 57924 98294 52185 0 3 0x10008a sigsusp sh 63540 267171 85026 0 2 0x100000 sh 75595 507687 97686 0 2 0x100002 sh 85026 413742 88571 0 3 0x10008a sigsusp sh 84582 270187 45659 0 2 0x2 syz-executor.7 37363 74458 27834 0 2 0x2 arp 27834 447001 11789 0 3 0x10008a sigsusp sh 52185 437362 45659 0 3 0x82 wait syz-executor.1 18461 369708 45659 0 2 0x2 syz-executor.5 15880 271385 45659 0 7 0x2 syz-executor.2 88571 287202 45659 0 3 0x82 wait syz-executor.3 64711 251953 45659 0 2 0x2 syz-executor.6 97686 312011 45659 0 3 0x82 wait syz-executor.4 11789 286360 45659 0 3 0x82 wait syz-executor.0 45659 485275 35254 0 3 0x82 kqread syz-execprog 45659 369489 35254 0 3 0x4000082 nanoslp syz-execprog 45659 13561 35254 0 3 0x4000082 thrsleep syz-execprog 45659 249944 35254 0 3 0x4000082 thrsleep syz-execprog 45659 135957 35254 0 3 0x4000082 thrsleep syz-execprog 45659 56460 35254 0 3 0x4000082 thrsleep syz-execprog 45659 27165 35254 0 3 0x4000082 nanoslp syz-execprog 45659 70187 35254 0 3 0x4000082 thrsleep syz-execprog 35254 131571 26431 0 3 0x10008a sigsusp ksh 26431 211779 66154 0 3 0x9a kqread sshd 13075 317671 1 0 3 0x100083 ttyin getty 66154 391515 1 0 3 0x88 kqread sshd 66745 246883 96077 73 3 0x1100090 kqread syslogd 96077 88430 1 0 3 0x100082 netio syslogd 28063 273493 1 0 3 0x100080 kqread resolvd 4662 329237 1855 77 3 0x100092 kqread dhcpleased 75642 278195 1855 77 3 0x100092 kqread dhcpleased 1855 284699 1 0 3 0x80 kqread dhcpleased 54046 352964 0 0 3 0x14200 bored smr 65488 460979 0 0 2 0x14200 zerothread 17844 161731 0 0 3 0x14200 aiodoned aiodoned 44472 377935 0 0 3 0x14200 syncer update 49992 236011 0 0 3 0x14200 cleaner cleaner 53428 284634 0 0 3 0x14200 reaper reaper 58768 227651 0 0 3 0x14200 pgdaemon pagedaemon 70491 440550 0 0 3 0x14200 bored viomb 46107 103559 0 0 3 0x40014200 acpi0 acpi0 40732 157487 0 0 3 0x40014200 idle1 40280 280924 0 0 3 0x14200 bored softnet 40833 221819 0 0 3 0x14200 bored systqmp 75310 2167 0 0 3 0x14200 bored systq 87382 425808 0 0 3 0x40014200 bored softclock 96447 450826 0 0 3 0x40014200 idle0 1 93320 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 94094 (syz-executor.6) thread 0xffff80002127a548 (389575) shared rwlock vmmaplk r = 0 (0xfffffd806c306a40) #0 witness_lock+0x44d #1 uvm_vslock+0xc8 #2 sys_sysctl+0x2d8 #3 syscall+0x489 #4 Xsyscall+0x128 exclusive rwlock sysctllk r = 0 (0xffffffff82941f10) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 sys_sysctl+0x1b3 #3 syscall+0x489 #4 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff829de988) #0 witness_lock+0x44d #1 syscall+0x3ef #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10167 6406K 6419K 78643K 11257 0 pcb 13 8K 8K 78643K 13 0 rtable 140 4K 4K 78643K 210 0 ifaddr 68 13K 13K 78643K 69 0 counters 56 35K 35K 78643K 56 0 ioctlops 0 0K 2K 78643K 28 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1166 73K 73K 78643K 1179 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 19 69K 89K 78643K 99 0 proc 55 74K 99K 78643K 380 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 46 3K 3K 78643K 46 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 549 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 199 72K 73K 78643K 2685 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 17 1K 1K 78643K 17 0 temp 53 4692K 4753K 78643K 3787 0 kqueue 12 18K 18K 78643K 25 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 23 0 20 1 0 1 1 0 8 0 rtentry 112 62 0 1 2 0 2 2 0 8 0 unpcb 136 33 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 1 0 1 1 0 8 1 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 120 10 0 0 1 0 1 1 0 8 0 inpcb 304 47 0 41 1 0 1 1 0 8 0 nd6 48 9 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 238 0 0 15 0 15 15 0 8 0 art_table 32 239 0 0 2 0 2 2 0 8 0 art_node 16 61 0 5 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1472 0 48 89 0 89 89 0 8 0 ffsino 272 1472 0 48 95 0 95 95 0 8 0 nchpl 144 1719 0 57 62 0 62 62 0 8 0 uvmvnodes 80 1481 0 0 31 0 31 31 0 8 0 vnodes 224 1481 0 0 88 0 88 88 0 8 0 namei 1024 5391 0 5391 2 0 2 2 0 8 2 percpumem 16 40 0 0 1 0 1 1 0 8 0 scxspl 216 5276 0 5276 3 2 1 3 0 8 1 plimitpl 152 23 0 9 1 0 1 1 0 8 0 sigapl 424 378 0 334 6 0 6 6 0 8 0 knotepl 120 110 0 0 4 0 4 4 0 8 0 kqueuepl 216 21 0 13 1 0 1 1 0 8 0 pipepl 336 127 0 99 3 0 3 3 0 8 0 fdescpl 496 364 0 334 6 1 5 5 0 8 0 filepl 152 1341 0 1213 6 0 6 6 0 8 1 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 25 0 9 1 0 1 1 0 8 0 pgrppl 48 25 0 9 1 0 1 1 0 8 0 ucredpl 96 64 0 54 1 0 1 1 0 8 0 zombiepl 144 334 0 334 1 0 1 1 0 8 1 processpl 1064 378 0 334 5 1 4 4 0 8 0 procpl 672 385 0 334 5 0 5 5 0 8 0 sockpl 480 103 0 81 4 0 4 4 0 8 1 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 61 0 0 8 0 8 8 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 218 0 0 14 0 14 14 0 8 0 bufpl 288 3552 0 145 244 0 244 244 0 8 0 anonpl 24 51735 0 46830 45 1 44 44 0 186 10 amapchunkpl 152 5444 0 5042 20 1 19 19 0 158 1 amappl16 200 194 0 119 6 1 5 5 0 8 0 amappl15 192 86 0 81 1 0 1 1 0 8 0 amappl14 184 4 0 3 1 0 1 1 0 8 0 amappl13 176 91 0 82 1 0 1 1 0 8 0 amappl12 168 10 0 8 1 0 1 1 0 8 0 amappl11 160 44 0 32 1 0 1 1 0 8 0 amappl10 152 48 0 44 2 1 1 1 0 8 0 amappl9 144 442 0 436 1 0 1 1 0 8 0 amappl8 136 490 0 461 2 0 2 2 0 8 0 amappl7 128 111 0 98 1 0 1 1 0 8 0 amappl6 120 201 0 181 2 0 2 2 0 8 0 amappl5 112 180 0 170 1 0 1 1 0 8 0 amappl4 104 731 0 707 2 0 2 2 0 8 1 amappl3 96 152 0 140 1 0 1 1 0 8 0 amappl2 88 475 0 429 3 0 3 3 0 8 1 amappl1 80 9855 0 9340 18 0 18 18 0 8 5 amappl 88 2324 0 2174 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 364 0 334 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 364 0 334 1 0 1 1 0 8 0 vmmpekpl 168 7970 0 7947 2 0 2 2 0 8 0 vmmpepl 168 34714 0 33155 88 0 88 88 0 357 13 vmsppl 368 363 0 334 4 0 4 4 0 8 0 rwobjpl 56 11116 0 8746 40 0 40 40 0 8 5 pdppl 4096 735 0 668 89 12 77 77 0 8 10 pvpl 32 222188 0 213760 260 0 260 260 0 265 183 pmappl 248 363 0 334 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 573 0 14 16 0 16 16 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 witness_checkorder(fffffd80714b2068,9,0) at witness_checkorder+0x10b7 rw_enter_write(fffffd80714b2058) at rw_enter_write+0x5b fill_file(ffff800000b93800,fffffd806ac11578,fffffd80714b2010,0,0,ffff8000fffed910,f09a33e63746b1cb,ff09,ffff80002127a548) at fill_file+0xad2 sysctl_file(ffff8000212d4888,4,20000080,ffff8000212d48b8,ffff80002127a548) at sysctl_file+0xe77 kern_sysctl(ffff8000212d4884,5,20000080,ffff8000212d48b8,0,0,3e4bf6cb8ece4654) at kern_sysctl+0xfd sys_sysctl(ffff80002127a548,ffff8000212d4928,ffff8000212d4980) at sys_sysctl+0x209 syscall(ffff8000212d49f0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffccb10, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff829de780) at __mp_lock+0x122 syscall(ffff8000212be220) at syscall+0x3ef Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc6760, count: -6 ddb{1}>