Warning: Permanently added '10.128.1.120' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *423568 59238 0 0 0 0 syz-executor2016281203 187130 9876 0 0x12 0x88 1 sshd db_enter() at db_enter+0x18 panic(ffffffff825a183e) at panic+0x177 witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a73700) at __mp_lock+0xa1 selwakeup(fffffd807b7536d8) at selwakeup+0x16 sorwakeup(fffffd807b7535c0) at sorwakeup+0xc9 udp_sbappend(fffffd806f67a750,fffffd806f6d5100,fffffd806d88c1b0,0,14,fffffd806d88c1c4,8ec6d2d5293bddd2,0) at udp_sbappend+0x3b1 udp_input(ffff8000211f2538,ffff8000211f2544,11,2) at udp_input+0xbcb ip_deliver(ffff8000211f2538,ffff8000211f2544,11,2) at ip_deliver+0x322 ip_ours(ffff8000211f2538,ffff8000211f2544,fffffd806d88c1bc,0) at ip_ours+0x3ba ip_input_if(ffff8000211f2538,ffff8000211f2544,4,0,ffff800000689000) at ip_input_if+0x2a1 ipv4_input(ffff800000689000,fffffd806d88c100) at ipv4_input+0x48 if_input_local(ffff800000689000,fffffd806d88c100,2) at if_input_local+0x10e ip_output(fffffd806d64b000,0,fffffd806f67a420,0,0,fffffd806f67a3a8,b060e3909d37f943) at ip_output+0xb05 end trace frame: 0xffff8000211f27b0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff825a183e) at panic+0x177 witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a73700) at __mp_lock+0xa1 selwakeup(fffffd807b7536d8) at selwakeup+0x16 sorwakeup(fffffd807b7535c0) at sorwakeup+0xc9 udp_sbappend(fffffd806f67a750,fffffd806f6d5100,fffffd806d88c1b0,0,14,fffffd806d88c1c4,8ec6d2d5293bddd2,0) at udp_sbappend+0x3b1 udp_input(ffff8000211f2538,ffff8000211f2544,11,2) at udp_input+0xbcb ip_deliver(ffff8000211f2538,ffff8000211f2544,11,2) at ip_deliver+0x322 ip_ours(ffff8000211f2538,ffff8000211f2544,fffffd806d88c1bc,0) at ip_ours+0x3ba ip_input_if(ffff8000211f2538,ffff8000211f2544,4,0,ffff800000689000) at ip_input_if+0x2a1 ipv4_input(ffff800000689000,fffffd806d88c100) at ipv4_input+0x48 if_input_local(ffff800000689000,fffffd806d88c100,2) at if_input_local+0x10e ip_output(fffffd806d64b000,0,fffffd806f67a420,0,0,fffffd806f67a3a8,b060e3909d37f943) at ip_output+0xb05 udp_output(fffffd806f67a3a8,fffffd806d64b000,0,0) at udp_output+0x58d sosend(fffffd807b7537a0,0,ffff8000211f2948,0,0,0) at sosend+0x632 dofilewritev(ffff8000ffff4540,4,ffff8000211f2948,0,ffff8000211f2a40) at dofilewritev+0x19c sys_write(ffff8000ffff4540,ffff8000211f29e8,ffff8000211f2a40) at sys_write+0x83 syscall(ffff8000211f2ab0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc67c0, count: -20 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000211f1f70 rbx 0xffffffff828f2bff cpu_info_full_primary+0x2bff rdx 0x3fd rcx 0 rax 0x68 r8 0x101010101010101 r9 0x8080808080808080 r10 0x3ded2453fe4a66c6 r11 0x5047e31ee9664577 r12 0xffffffff828f2a00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff819ed3a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000211f1f60 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor2016281203) pid=423568 stat=onproc flags process=0 proc=0 pri=52, usrpri=52, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff4a80,0xffff8000ffff42b0 process=0xffff8000ffff29a8 user=0xffff8000211ed000, vmspace=0xfffffd806d90d5d0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 62812 445646 80382 0 2 0 syz-executor2016281203 97312 108256 87777 0 2 0 syz-executor2016281203 92639 451674 70169 0 2 0 syz-executor2016281203 71153 307219 89053 0 2 0 syz-executor2016281203 41881 389918 28718 0 3 0 netlock syz-executor2016281203 *59238 423568 70956 0 7 0 syz-executor2016281203 91114 67204 80437 0 2 0 syz-executor2016281203 28718 227010 88646 0 3 0x80 nanoslp syz-executor2016281203 70956 481235 88646 0 3 0x80 nanoslp syz-executor2016281203 89053 75215 88646 0 3 0x80 nanoslp syz-executor2016281203 80382 444264 88646 0 3 0x80 nanoslp syz-executor2016281203 87777 248409 88646 0 3 0x80 nanoslp syz-executor2016281203 93046 100118 88646 0 3 0x80 nanoslp syz-executor2016281203 70169 418153 88646 0 3 0x80 nanoslp syz-executor2016281203 80437 243359 88646 0 3 0x80 nanoslp syz-executor2016281203 88646 102340 24837 0 3 0x82 nanoslp syz-executor2016281203 24837 521482 9876 0 3 0x10008a sigsusp ksh 9876 187130 92254 0 7 0x9a sshd 23982 351769 1 0 3 0x100083 ttyin getty 92254 256308 1 0 3 0x88 kqread sshd 29957 512056 23878 73 3 0x1100090 kqread syslogd 23878 294044 1 0 3 0x100082 netio syslogd 7162 196248 1 0 3 0x100080 kqread resolvd 5020 168554 84588 77 3 0x100092 kqread dhcpleased 68934 109503 84588 77 3 0x100092 kqread dhcpleased 84588 239160 1 0 3 0x80 kqread dhcpleased 78381 121763 0 0 3 0x14200 bored smr 66653 393478 0 0 2 0x14200 zerothread 97667 22085 0 0 3 0x14200 aiodoned aiodoned 49153 219869 0 0 3 0x14200 syncer update 80421 212069 0 0 3 0x14200 cleaner cleaner 20427 174386 0 0 3 0x14200 reaper reaper 56550 198457 0 0 3 0x14200 pgdaemon pagedaemon 95875 479636 0 0 3 0x14200 bored viomb 99986 492741 0 0 3 0x40014200 acpi0 acpi0 4186 295867 0 0 3 0x40014200 idle1 99686 469813 0 0 3 0x14200 bored softnet 88292 261373 0 0 3 0x14200 bored systqmp 92651 99704 0 0 3 0x14200 bored systq 12558 53448 0 0 3 0x40014200 bored softclock 87094 50932 0 0 3 0x40014200 idle0 1 7942 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &table->inpt_mtx r = 0 (0xffffffff829cb1d0) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 udp_input+0x7b0 #4 ip_deliver+0x322 #5 ip_ours+0x3ba #6 ip_input_if+0x2a1 #7 ipv4_input+0x48 #8 if_input_local+0x10e #9 ip_output+0xb05 #10 udp_output+0x58d #11 sosend+0x632 #12 dofilewritev+0x19c #13 sys_write+0x83 #14 syscall+0x489 #15 Xsyscall+0x128 Process 59238 (syz-executor2016281203) thread 0xffff8000ffff4540 (423568) exclusive rwlock netlock r = 0 (0xffffffff828ee470) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 solock+0x86 #3 sosend+0x517 #4 dofilewritev+0x19c #5 sys_write+0x83 #6 syscall+0x489 #7 Xsyscall+0x128 exclusive mutex &table->inpt_mtx r = 0 (0xffffffff829cb1d0) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 udp_input+0x7b0 #4 ip_deliver+0x322 #5 ip_ours+0x3ba #6 ip_input_if+0x2a1 #7 ipv4_input+0x48 #8 if_input_local+0x10e #9 ip_output+0xb05 #10 udp_output+0x58d #11 sosend+0x632 #12 dofilewritev+0x19c #13 sys_write+0x83 #14 syscall+0x489 #15 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10143 6388K 6419K 78643K 11233 0 pcb 13 8K 8K 78643K 13 0 rtable 62 2K 2K 78643K 108 0 ifaddr 24 7K 7K 78643K 24 0 counters 40 33K 33K 78643K 40 0 ioctlops 0 0K 2K 78643K 25 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1166 73K 73K 78643K 1179 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 55 74K 75K 78643K 226 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 391 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 100 5K 5K 78643K 2236 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 3 0K 0K 78643K 3 0 temp 19 4694K 4757K 78643K 3049 0 kqueue 11 16K 18K 78643K 24 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 17 0 14 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 136 33 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 312 173 0 160 2 0 2 2 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1415 0 38 87 0 87 87 0 8 0 ffsino 272 1415 0 38 92 0 92 92 0 8 0 nchpl 144 1590 0 47 58 0 58 58 0 8 0 uvmvnodes 80 1424 0 0 30 0 30 30 0 8 0 vnodes 224 1424 0 0 84 0 84 84 0 8 0 namei 1024 4131 0 4131 2 1 1 1 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 scxspl 216 3976 0 3976 10 9 1 8 0 8 1 plimitpl 152 15 0 9 1 0 1 1 0 8 0 sigapl 424 354 0 311 5 0 5 5 0 8 0 knotepl 120 46 0 0 2 0 2 2 0 8 0 kqueuepl 216 20 0 13 1 0 1 1 0 8 0 pipepl 336 79 0 76 2 1 1 1 0 8 0 fdescpl 496 340 0 312 5 1 4 4 0 8 0 filepl 152 1158 0 1098 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 96 64 0 54 1 0 1 1 0 8 0 zombiepl 144 312 0 311 2 1 1 1 0 8 0 processpl 1064 354 0 311 4 1 3 3 0 8 0 procpl 672 354 0 311 4 0 4 4 0 8 0 sockpl 480 223 0 194 5 0 5 5 0 8 1 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 64 0 0 8 0 8 8 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 115 0 0 7 0 7 7 0 8 0 bufpl 288 1940 0 87 133 0 133 133 0 8 0 anonpl 24 43639 0 41260 20 4 16 16 0 186 1 amapchunkpl 152 4084 0 3919 8 1 7 7 0 158 0 amappl16 200 74 0 72 2 1 1 1 0 8 0 amappl15 192 59 0 56 1 0 1 1 0 8 0 amappl13 176 32 0 31 2 1 1 1 0 8 0 amappl12 168 18 0 18 2 1 1 1 0 8 1 amappl11 160 42 0 32 1 0 1 1 0 8 0 amappl9 144 446 0 442 1 0 1 1 0 8 0 amappl8 136 339 0 336 1 0 1 1 0 8 0 amappl7 128 60 0 57 1 0 1 1 0 8 0 amappl6 120 165 0 140 1 0 1 1 0 8 0 amappl5 112 171 0 163 1 0 1 1 0 8 0 amappl4 104 577 0 558 1 0 1 1 0 8 0 amappl3 96 112 0 103 1 0 1 1 0 8 0 amappl2 88 337 0 301 1 0 1 1 0 8 0 amappl1 80 8679 0 8278 10 1 9 9 0 8 0 amappl 88 1934 0 1853 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 340 0 312 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 340 0 312 1 0 1 1 0 8 0 vmmpekpl 168 6034 0 6021 1 0 1 1 0 8 0 vmmpepl 168 26271 0 25255 47 2 45 45 0 357 0 vmsppl 368 339 0 312 3 0 3 3 0 8 0 rwobjpl 56 9416 0 7464 29 0 29 29 0 8 1 pdppl 4096 687 0 624 83 18 65 65 0 8 2 pvpl 32 130906 0 126551 38 1 37 37 0 265 1 pmappl 248 339 0 312 3 1 2 2 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 436 0 22 12 0 12 12 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff825a183e) at panic+0x177 witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82a73700) at __mp_lock+0xa1 selwakeup(fffffd807b7536d8) at selwakeup+0x16 sorwakeup(fffffd807b7535c0) at sorwakeup+0xc9 udp_sbappend(fffffd806f67a750,fffffd806f6d5100,fffffd806d88c1b0,0,14,fffffd806d88c1c4,8ec6d2d5293bddd2,0) at udp_sbappend+0x3b1 udp_input(ffff8000211f2538,ffff8000211f2544,11,2) at udp_input+0xbcb ip_deliver(ffff8000211f2538,ffff8000211f2544,11,2) at ip_deliver+0x322 ip_ours(ffff8000211f2538,ffff8000211f2544,fffffd806d88c1bc,0) at ip_ours+0x3ba ip_input_if(ffff8000211f2538,ffff8000211f2544,4,0,ffff800000689000) at ip_input_if+0x2a1 ipv4_input(ffff800000689000,fffffd806d88c100) at ipv4_input+0x48 if_input_local(ffff800000689000,fffffd806d88c100,2) at if_input_local+0x10e ip_output(fffffd806d64b000,0,fffffd806f67a420,0,0,fffffd806f67a3a8,b060e3909d37f943) at ip_output+0xb05 udp_output(fffffd806f67a3a8,fffffd806d64b000,0,0) at udp_output+0x58d sosend(fffffd807b7537a0,0,ffff8000211f2948,0,0,0) at sosend+0x632 dofilewritev(ffff8000ffff4540,4,ffff8000211f2948,0,ffff8000211f2a40) at dofilewritev+0x19c sys_write(ffff8000ffff4540,ffff8000211f29e8,ffff8000211f2a40) at sys_write+0x83 syscall(ffff8000211f2ab0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc67c0, count: -20 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82a73700) at __mp_lock+0x122 __mp_acquire_count(ffffffff82a73700,3) at __mp_acquire_count+0x48 mi_switch() at mi_switch+0x3d3 sleep_finish(ffff8000211a4458,1) at sleep_finish+0x198 msleep(fffffd806f6ff870,fffffd806f6ff870,318,ffffffff825f40a7,0) at msleep+0x152 kqueue_scan(ffff8000211a45e0,4,ffff8000211a46e0,0,ffff800021143268,ffff8000211a485c) at kqueue_scan+0x1ab doppoll(ffff800021143268,ad0ca0d6200,4,0,ffff8000211a48d4,ffff8000211a49b0) at doppoll+0x280 sys_ppoll(ffff800021143268,ffff8000211a4950,ffff8000211a49b0) at sys_ppoll+0x133 syscall(ffff8000211a4a20) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe6b40, count: 2 ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82a73700) at __mp_lock+0x122 __mp_acquire_count(ffffffff82a73700,3) at __mp_acquire_count+0x48 mi_switch() at mi_switch+0x3d3 sleep_finish(ffff8000211a4458,1) at sleep_finish+0x198 msleep(fffffd806f6ff870,fffffd806f6ff870,318,ffffffff825f40a7,0) at msleep+0x152 kqueue_scan(ffff8000211a45e0,4,ffff8000211a46e0,0,ffff800021143268,ffff8000211a485c) at kqueue_scan+0x1ab doppoll(ffff800021143268,ad0ca0d6200,4,0,ffff8000211a48d4,ffff8000211a49b0) at doppoll+0x280 sys_ppoll(ffff800021143268,ffff8000211a4950,ffff8000211a49b0) at sys_ppoll+0x133 syscall(ffff8000211a4a20) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe6b40, count: -13 ddb{1}>