kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Tue Jan 29 12:26:29 PST 2019 OpenBSD/amd64 (ci-openbsd-setuid-9.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. 2019/01/29 12:27:28 parsed 1 programs 2019/01/29 12:27:33 executed programs: 0 login: witness: userret: returning with the following locks held: exclusive rrwlock inode r = 0 (0xfffffd806d581708) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 panic: witness_warn Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 4306 10906 0 0 0x4000000 1 syz-executor1 228178 70948 73 0x100010 0 0 syslogd db_enter() at db_enter+0x18 panic() at panic+0x16c witness_warn(2f8cb670b892b889,0,ffff800020b74710) at witness_warn+0x700 userret(4d1b097219586c54) at userret+0x361 syscall(3688afb5cf941363) at syscall+0x680 Xsyscall(6,5,c,0,3,4496cb36010) at Xsyscall+0x128 end of kernel end trace frame: 0x44b98b4fc80, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic witness_warn ddb{1}> trace db_enter() at db_enter+0x18 panic() at panic+0x16c witness_warn(2f8cb670b892b889,0,ffff800020b74710) at witness_warn+0x700 userret(4d1b097219586c54) at userret+0x361 syscall(3688afb5cf941363) at syscall+0x680 Xsyscall(6,5,c,0,3,4496cb36010) at Xsyscall+0x128 end of kernel end trace frame: 0x44b98b4fc80, count: -6 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020c7ad00 rbx 0xffff800020c7ada0 rdx 0xffffffff81ec4a97 cmd0646_9_tim_udma+0x1642a rcx 0x201 rax 0x1 r8 0xffffffff815ebf54 kprintf+0x174 r9 0x1 r10 0xe596a199b60f0f2f r11 0xb10bf11875f4bede r12 0x3000000008 r13 0xffff800020c7ad10 r14 0x100 r15 0x1 rip 0xffffffff81388a48 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c7acf0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=4306 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=69, nice=20 forw=0xffffffffffffffff, list=0xffff800020b74260,0xffff800020b75788 process=0xffff800020b95a50 user=0xffff800020c76000, vmspace=0xfffffd807f00d870 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 52916 504746 51352 0 2 0 syz-executor0 52916 207816 51352 0 3 0x4000080 fsleep syz-executor0 10906 490992 59081 0 2 0 syz-executor1 *10906 4306 59081 0 7 0x4000000 syz-executor1 10906 435920 59081 0 2 0x4000000 syz-executor1 10906 305041 59081 0 2 0x4000000 syz-executor1 51352 226133 20062 0 3 0x82 nanosleep syz-executor0 59081 93610 20062 0 2 0x482 syz-executor1 20062 213041 39464 0 3 0x82 thrsleep syz-execprog 20062 338370 39464 0 3 0x4000082 thrsleep syz-execprog 20062 213308 39464 0 3 0x4000082 thrsleep syz-execprog 20062 304150 39464 0 3 0x4000082 thrsleep syz-execprog 20062 14062 39464 0 3 0x4000082 thrsleep syz-execprog 20062 506642 39464 0 3 0x4000082 thrsleep syz-execprog 20062 511163 39464 0 3 0x4000082 thrsleep syz-execprog 20062 158661 39464 0 3 0x4000082 kqread syz-execprog 20062 423436 39464 0 3 0x4000082 thrsleep syz-execprog 39464 283391 79122 0 3 0x10008a pause ksh 79122 492678 77391 0 3 0x92 select sshd 32496 243130 1 0 3 0x100083 ttyin getty 77391 30863 1 0 3 0x80 select sshd 70948 228178 87734 73 7 0x100010 syslogd 87734 246300 1 0 3 0x100082 netio syslogd 96883 285911 1 77 3 0x100090 poll dhclient 1483 343835 1 0 3 0x80 poll dhclient 18533 126458 0 0 2 0x14200 zerothread 57152 297771 0 0 3 0x14200 aiodoned aiodoned 69465 505813 0 0 3 0x14200 syncer update 88471 153201 0 0 3 0x14200 cleaner cleaner 86524 81678 0 0 3 0x14200 reaper reaper 51974 107344 0 0 3 0x14200 pgdaemon pagedaemon 29807 139311 0 0 3 0x14200 bored crynlk 25961 359597 0 0 3 0x14200 bored crypto 74261 281412 0 0 3 0x40014200 acpi0 acpi0 78452 396334 0 0 3 0x40014200 idle1 23251 50777 0 0 3 0x14200 bored softnet 92603 243821 0 0 3 0x14200 bored systqmp 40062 370663 0 0 3 0x14200 bored systq 93382 239531 0 0 3 0x40014200 bored softclock 46706 165694 0 0 3 0x40014200 idle0 1 304014 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}>