kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons:.
Mon Jan 28 23:28:32 PST 2019

OpenBSD/amd64 (ci-openbsd-setuid-9.c.syzkaller.internal) (tty00)

Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
2019/01/28 23:28:55 parsed 1 programs
2019/01/28 23:29:00 executed programs: 0
login: witness: thread 0xffff800020b92bd0 exiting with the following locks held:

exclusive rrwlock inode r = 0 (0xfffffd806d4182c8) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547

panic: thread 0xffff800020b92bd0 cannot exit while holding sleeplocks

Stopped at      db_enter+0x18:  addq    $0x8,%rsp

    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND

 333022   3318      0         0x2      0x480    1  syz-executor1

*484807  30779      0     0x14000      0x200    0  reaper

db_enter() at db_enter+0x18

panic() at panic+0x16c

witness_thread_exit(1ff93726f03ccece) at witness_thread_exit+0x244

reaper(0) at reaper+0x14f

end trace frame: 0x0, count: 11

https://www.openbsd.org/ddb.html describes the minimum info required in bug

reports.  Insufficient info makes it difficult to find and fix bugs.

ddb{0}> 

ddb{0}> set $lines = 0

ddb{0}> show panic

thread 0xffff800020b92bd0 cannot exit while holding sleeplocks

ddb{0}> trace

db_enter() at db_enter+0x18

panic() at panic+0x16c

witness_thread_exit(1ff93726f03ccece) at witness_thread_exit+0x244

reaper(0) at reaper+0x14f

end trace frame: 0x0, count: -4

ddb{0}> show registers

rdi                                0

rsi                              0x1

rbp               0xffff800020b66fc0

rbx               0xffff800020b67060

rdx               0xffffffff81ec9049    cmd0646_9_tim_udma+0x1780c

rcx                            0x201

rax                              0x1

r8                0xffffffff816aa1c4    kprintf+0x174

r9                               0x1

r10               0x21b3e9815b17a6dd

r11               0x7b30f7d1b8340447

r12                     0x3000000008

r13               0xffff800020b66fd0

r14                            0x100

r15                              0x1

rip               0xffffffff8156b348    db_enter+0x18

cs                               0x8

rflags                         0x246

rsp               0xffff800020b66fb0

ss                              0x10

db_enter+0x18:  addq    $0x8,%rsp

ddb{0}> show proc

PROC (reaper) pid=484807 stat=onproc

    flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>

    pri=4, usrpri=51, nice=20

    forw=0xffffffffffffffff, list=0xffff800020b21068,0xffff800020b21c30

    process=0xffff800020b5b3b8 user=0xffff800020b62000, vmspace=0xffffffff822fcba8

    estcpu=1, cpticks=2, pctcpu=0.4

    user=0, sys=2, intr=0

ddb{0}> ps

   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND

 49671  174863   4877      0  2           0                syz-executor0

 49671  166090   4877      0  3   0x4000080  ttyout        syz-executor0

 49671   44921   4877      0  3   0x4000080  ttyout        syz-executor0

 49671   72754   4877      0  3   0x4000080  fsleep        syz-executor0

 49671  171421   4877      0  2   0x4000000                syz-executor0

 20792  117427   3318      0  3      0x3000  suspend       syz-executor1

 20792  471449   3318      0  3   0x4081000  inode         syz-executor1

  3318  333022  86051      0  7       0x482                syz-executor1

  4877  493323  86051      0  2       0x482                syz-executor0

 86051  437522  45588      0  3        0x82  thrsleep      syz-execprog

 86051  490166  45588      0  3   0x4000082  thrsleep      syz-execprog

 86051  461727  45588      0  3   0x4000082  thrsleep      syz-execprog

 86051  129796  45588      0  3   0x4000082  thrsleep      syz-execprog

 86051   35295  45588      0  3   0x4000082  thrsleep      syz-execprog

 86051  441405  45588      0  3   0x4000082  thrsleep      syz-execprog

 86051   21482  45588      0  3   0x4000082  thrsleep      syz-execprog

 86051  119855  45588      0  3   0x4000082  kqread        syz-execprog

 86051  283357  45588      0  3   0x4000082  thrsleep      syz-execprog

 45588  126181  18978      0  3    0x10008a  pause         ksh

 18978  231995  22677      0  3        0x92  select        sshd

  8716  409330      1      0  3    0x100083  ttyin         getty

 22677  121164      1      0  3        0x80  select        sshd

 81639   16610  70821     73  2    0x100010                syslogd

 70821  156111      1      0  3    0x100082  netio         syslogd

 23448  206415      1     77  3    0x100090  poll          dhclient

 11985  501700      1      0  3        0x80  poll          dhclient

 33660  369013      0      0  3     0x14200  pgzero        zerothread

 48750  144598      0      0  3     0x14200  aiodoned      aiodoned

 59506  303408      0      0  3     0x14200  syncer        update

 91133   58242      0      0  3     0x14200  cleaner       cleaner

*30779  484807      0      0  7     0x14200                reaper

 16568  509882      0      0  3     0x14200  pgdaemon      pagedaemon

 38747  464190      0      0  3     0x14200  bored         crynlk

 45659  381787      0      0  3     0x14200  bored         crypto

 44574  111639      0      0  3  0x40014200  acpi0         acpi0

 79298  170454      0      0  3  0x40014200                idle1

 69787  483523      0      0  3     0x14200  bored         softnet

 81224  118676      0      0  3     0x14200  bored         systqmp

 72516   69806      0      0  3     0x14200  bored         systq

 38483  152585      0      0  2  0x40014200                softclock

 41981  425814      0      0  3  0x40014200                idle0

     1  408727      0      0  3        0x82  wait          init

     0       0     -1      0  3     0x10200  scheduler     swapper

ddb{0}> show all locks

Process 81639 (syslogd) thread 0xffff800020be5c30 (16610)

exclusive kernel_lock &kernel_lock r = 0 (0xffffffff823260a0) locked @ /syzkaller/managers/setuid/kernel/sys/kern/sched_bsd.c:436

ddb{0}>