kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Tue Mar 22 01:46:17 PDT 2022 OpenBSD/amd64 (ci-openbsd-multicore-7.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.1.101' (ED25519) to the list of known hosts. 2022/03/22 01:49:00 parsed 1 programs 2022/03/22 01:49:05 executed programs: 0 login: panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *253545 63905 0 0 0 0 syz-executor.6 363325 59646 0 0x2 0 1 syz-executor.6 db_enter() at db_enter+0x18 panic(ffffffff825a0385) at panic+0x177 witness_checkorder(ffffffff82b7e900,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82b7e6f8) at __mp_lock+0xa1 selwakeup(fffffd806e410138) at selwakeup+0x16 sorwakeup(fffffd806e410020) at sorwakeup+0xc9 rip6_input(ffff8000212598e8,ffff8000212598f4,85,18) at rip6_input+0x692 ip_deliver(ffff8000212598e8,ffff8000212598f4,85,18) at ip_deliver+0x322 ip6_input_if(ffff8000212598e8,ffff8000212598f4,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd807ad70e00) at ipv6_input+0x48 if_input_local(ffff80000019f2a8,fffffd807ad70e00,18) at if_input_local+0x136 ip6_output(fffffd8076794b00,ffff800000c09200,fffffd806f67a7c8,0,0,fffffd806f67a750) at ip6_output+0xf57 rip6_output(fffffd8076794b00,fffffd806e4105c0,ffff800021259c50,0) at rip6_output+0x4ad rip6_usrreq(fffffd806e4105c0,9,fffffd8076794b00,0,0,ffff8000ffff1510) at rip6_usrreq+0x5d3 end trace frame: 0xffff800021259dd0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff825a0385) at panic+0x177 witness_checkorder(ffffffff82b7e900,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82b7e6f8) at __mp_lock+0xa1 selwakeup(fffffd806e410138) at selwakeup+0x16 sorwakeup(fffffd806e410020) at sorwakeup+0xc9 rip6_input(ffff8000212598e8,ffff8000212598f4,85,18) at rip6_input+0x692 ip_deliver(ffff8000212598e8,ffff8000212598f4,85,18) at ip_deliver+0x322 ip6_input_if(ffff8000212598e8,ffff8000212598f4,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd807ad70e00) at ipv6_input+0x48 if_input_local(ffff80000019f2a8,fffffd807ad70e00,18) at if_input_local+0x136 ip6_output(fffffd8076794b00,ffff800000c09200,fffffd806f67a7c8,0,0,fffffd806f67a750) at ip6_output+0xf57 rip6_output(fffffd8076794b00,fffffd806e4105c0,ffff800021259c50,0) at rip6_output+0x4ad rip6_usrreq(fffffd806e4105c0,9,fffffd8076794b00,0,0,ffff8000ffff1510) at rip6_usrreq+0x5d3 sosend(fffffd806e4105c0,0,ffff800021259e88,0,0,0) at sosend+0x632 dofilewritev(ffff8000ffff1510,4,ffff800021259e88,0,ffff800021259f80) at dofilewritev+0x19c sys_write(ffff8000ffff1510,ffff800021259f28,ffff800021259f80) at sys_write+0x83 syscall(ffff800021259ff0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcb630, count: -19 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800021259400 rbx 0xffffffff82949bff cpu_info_full_primary+0x2bff rdx 0x3fd rcx 0 rax 0x68 r8 0x101010101010101 r9 0x8080808080808080 r10 0xb298f5fcd8ce524b r11 0x99c61fb53a979718 r12 0xffffffff82949a00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff81828e88 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000212593f0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.6) pid=253545 stat=onproc flags process=0 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff0a90,0xffff8000ffff1d00 process=0xffff8000fffec440 user=0xffff800021255000, vmspace=0xfffffd806c406e78 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 14873 106578 70072 0 2 0x40 syz-executor.2 50214 384021 86239 0 2 0x2 sh 95112 473879 59584 0 2 0x2 ndp *63905 253545 59646 0 7 0 syz-executor.6 88662 328032 29651 0 2 0 syz-executor.3 42630 434528 85694 0 2 0x2 sh 59584 74118 96249 0 3 0x10008a sigsusp sh 47620 301553 54162 0 3 0x10008a sigsusp sh 54162 336967 87479 0 3 0x82 wait syz-executor.5 29651 266119 87479 0 3 0x82 nanoslp syz-executor.3 85694 453085 87479 0 3 0x82 wait syz-executor.7 86239 183300 87479 0 3 0x82 wait syz-executor.1 70072 5584 87479 0 3 0x82 ppwait syz-executor.2 59646 363325 87479 0 7 0x2 syz-executor.6 57807 463114 87479 0 2 0x2 syz-executor.4 96249 93038 87479 0 3 0x82 wait syz-executor.0 87479 247439 36375 0 2 0x2 syz-execprog 87479 475522 36375 0 3 0x4000082 nanoslp syz-execprog 87479 88014 36375 0 3 0x4000082 thrsleep syz-execprog 87479 471826 36375 0 3 0x4000082 thrsleep syz-execprog 87479 237469 36375 0 2 0x4000002 syz-execprog 87479 183837 36375 0 3 0x4000082 thrsleep syz-execprog 87479 74858 36375 0 3 0x4000082 thrsleep syz-execprog 87479 486213 36375 0 2 0x4000002 syz-execprog 87479 331105 36375 0 3 0x4000082 thrsleep syz-execprog 87479 354669 36375 0 3 0x4000082 thrsleep syz-execprog 36375 301188 37428 0 3 0x10008a sigsusp ksh 37428 492456 9028 0 3 0x9a kqread sshd 42813 325183 1 0 3 0x100083 ttyin getty 9028 208773 1 0 3 0x88 kqread sshd 1779 415413 95882 74 3 0x1100092 bpf pflogd 95882 451015 1 0 3 0x80 netio pflogd 32924 291940 34757 73 3 0x1100090 kqread syslogd 34757 170159 1 0 3 0x100082 netio syslogd 91199 311362 1 0 3 0x100080 kqread resolvd 81356 272635 83026 77 3 0x100092 kqread dhcpleased 10403 433121 83026 77 3 0x100092 kqread dhcpleased 83026 192274 1 0 3 0x80 kqread dhcpleased 30266 263273 0 0 3 0x14200 bored smr 12428 40429 0 0 2 0x14200 zerothread 44685 347162 0 0 3 0x14200 aiodoned aiodoned 56047 199674 0 0 3 0x14200 syncer update 65276 419213 0 0 3 0x14200 cleaner cleaner 99521 178209 0 0 3 0x14200 reaper reaper 82882 155878 0 0 3 0x14200 pgdaemon pagedaemon 76062 484975 0 0 3 0x14200 bored viomb 48889 33139 0 0 3 0x40014200 acpi0 acpi0 47639 153968 0 0 3 0x40014200 idle1 91088 520496 0 0 3 0x14200 bored softnet 18556 39283 0 0 3 0x14200 bored systqmp 37925 169506 0 0 3 0x14200 bored systq 38588 332330 0 0 2 0x40014200 softclock 75980 182666 0 0 3 0x40014200 idle0 1 209088 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82b7fb80) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 rip6_input+0x1cf #4 ip_deliver+0x322 #5 ip6_input_if+0x920 #6 ipv6_input+0x48 #7 if_input_local+0x136 #8 ip6_output+0xf57 #9 rip6_output+0x4ad #10 rip6_usrreq+0x5d3 #11 sosend+0x632 #12 dofilewritev+0x19c #13 sys_write+0x83 #14 syscall+0x489 #15 Xsyscall+0x128 Process 63905 (syz-executor.6) thread 0xffff8000ffff1510 (253545) exclusive rwlock netlock r = 0 (0xffffffff82980490) #0 witness_lock+0x44d #1 solock+0x86 #2 sosend+0x517 #3 dofilewritev+0x19c #4 sys_write+0x83 #5 syscall+0x489 #6 Xsyscall+0x128 exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82b7fb80) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 rip6_input+0x1cf #4 ip_deliver+0x322 #5 ip6_input_if+0x920 #6 ipv6_input+0x48 #7 if_input_local+0x136 #8 ip6_output+0xf57 #9 rip6_output+0x4ad #10 rip6_usrreq+0x5d3 #11 sosend+0x632 #12 dofilewritev+0x19c #13 sys_write+0x83 #14 syscall+0x489 #15 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10173 6473K 6473K 78643K 11263 0 pcb 17 8K 8K 78643K 23 0 rtable 188 5K 5K 78643K 274 0 ifaddr 80 16K 16K 78643K 84 0 counters 56 35K 35K 78643K 56 0 ioctlops 0 0K 4K 78643K 1484 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1167 73K 73K 78643K 1180 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 19 69K 93K 78643K 120 0 proc 67 87K 111K 78643K 485 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 2 0K 0K 78643K 3 0 in_multi 72 4K 4K 78643K 74 0 ether_multi 2 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 623 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 211 73K 74K 78643K 2956 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 4 0K 0K 78643K 6 0 NDP 22 1K 1K 78643K 22 0 temp 57 4695K 4757K 78643K 4196 0 kqueue 12 18K 18K 78643K 25 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 26 0 22 1 0 1 1 0 8 0 rtentry 112 86 0 1 3 0 3 3 0 8 0 unpcb 136 35 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 11 0 5 1 0 1 1 0 8 0 arp 120 16 0 0 1 0 1 1 0 8 0 inpcb 312 70 0 60 1 0 1 1 0 8 0 nd6 48 13 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 16 0 6 2 1 1 1 0 8 0 pfstkey 112 16 0 6 2 1 1 1 0 8 0 pfstate 320 16 0 6 2 1 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 329 0 0 21 0 21 21 0 8 0 art_table 32 330 0 0 3 0 3 3 0 8 0 art_node 16 85 0 7 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1481 0 49 90 0 90 90 0 8 0 ffsino 272 1481 0 49 96 0 96 96 0 8 0 nchpl 144 1730 0 59 62 0 62 62 0 8 0 uvmvnodes 80 1491 0 0 31 0 31 31 0 8 0 vnodes 224 1491 0 0 88 0 88 88 0 8 0 namei 1024 5832 0 5832 3 1 2 2 0 8 2 percpumem 16 40 0 0 1 0 1 1 0 8 0 scxspl 216 5542 0 5542 14 13 1 8 0 8 1 plimitpl 152 24 0 9 1 0 1 1 0 8 0 sigapl 424 425 0 379 6 0 6 6 0 8 0 knotepl 120 106 0 0 4 0 4 4 0 8 0 kqueuepl 216 21 0 13 1 0 1 1 0 8 0 pipepl 336 134 0 106 4 1 3 3 0 8 0 fdescpl 496 411 0 379 5 0 5 5 0 8 0 filepl 152 1506 0 1368 6 0 6 6 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 26 0 9 1 0 1 1 0 8 0 pgrppl 48 26 0 9 1 0 1 1 0 8 0 ucredpl 96 69 0 57 1 0 1 1 0 8 0 zombiepl 144 380 0 379 2 1 1 1 0 8 0 processpl 1064 425 0 379 4 0 4 4 0 8 0 procpl 672 434 0 379 6 0 6 6 0 8 0 sockpl 480 131 0 102 5 1 4 4 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 57 0 0 8 0 8 8 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 208 0 0 12 0 12 12 0 8 0 bufpl 288 3617 0 140 249 0 249 249 0 8 0 anonpl 24 57159 0 51882 51 5 46 47 0 186 10 amapchunkpl 152 5955 0 5517 21 1 20 20 0 158 0 amappl16 200 206 0 125 6 1 5 5 0 8 0 amappl15 192 104 0 96 1 0 1 1 0 8 0 amappl14 184 11 0 7 1 0 1 1 0 8 0 amappl13 176 90 0 85 2 1 1 1 0 8 0 amappl12 168 19 0 18 2 1 1 1 0 8 0 amappl11 160 50 0 34 1 0 1 1 0 8 0 amappl10 152 39 0 33 1 0 1 1 0 8 0 amappl9 144 439 0 437 1 0 1 1 0 8 0 amappl8 136 535 0 506 2 0 2 2 0 8 0 amappl7 128 118 0 106 1 0 1 1 0 8 0 amappl6 120 222 0 201 2 0 2 2 0 8 1 amappl5 112 224 0 205 1 0 1 1 0 8 0 amappl4 104 836 0 806 2 0 2 2 0 8 1 amappl3 96 159 0 147 1 0 1 1 0 8 0 amappl2 88 522 0 475 3 0 3 3 0 8 1 amappl1 80 10885 0 10312 21 2 19 19 0 8 5 amappl 88 2552 0 2393 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 411 0 379 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 411 0 379 1 0 1 1 0 8 0 vmmpekpl 168 8399 0 8378 2 0 2 2 0 8 0 vmmpepl 168 38224 0 36547 96 5 91 91 0 357 13 vmsppl 368 410 0 379 4 0 4 4 0 8 0 rwobjpl 56 12152 0 9691 41 0 41 41 0 8 4 pdppl 4096 829 0 758 105 22 83 83 0 8 12 pvpl 32 240276 0 231101 256 5 251 251 0 265 170 pmappl 248 410 0 379 3 0 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 605 0 27 17 0 17 17 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff825a0385) at panic+0x177 witness_checkorder(ffffffff82b7e900,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82b7e6f8) at __mp_lock+0xa1 selwakeup(fffffd806e410138) at selwakeup+0x16 sorwakeup(fffffd806e410020) at sorwakeup+0xc9 rip6_input(ffff8000212598e8,ffff8000212598f4,85,18) at rip6_input+0x692 ip_deliver(ffff8000212598e8,ffff8000212598f4,85,18) at ip_deliver+0x322 ip6_input_if(ffff8000212598e8,ffff8000212598f4,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd807ad70e00) at ipv6_input+0x48 if_input_local(ffff80000019f2a8,fffffd807ad70e00,18) at if_input_local+0x136 ip6_output(fffffd8076794b00,ffff800000c09200,fffffd806f67a7c8,0,0,fffffd806f67a750) at ip6_output+0xf57 rip6_output(fffffd8076794b00,fffffd806e4105c0,ffff800021259c50,0) at rip6_output+0x4ad rip6_usrreq(fffffd806e4105c0,9,fffffd8076794b00,0,0,ffff8000ffff1510) at rip6_usrreq+0x5d3 sosend(fffffd806e4105c0,0,ffff800021259e88,0,0,0) at sosend+0x632 dofilewritev(ffff8000ffff1510,4,ffff800021259e88,0,ffff800021259f80) at dofilewritev+0x19c sys_write(ffff8000ffff1510,ffff800021259f28,ffff800021259f80) at sys_write+0x83 syscall(ffff800021259ff0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcb630, count: -19 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82b7e6f8) at __mp_lock+0x122 syscall(ffff8000212946e0) at syscall+0x3ef Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcb790, count: 9 ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82b7e6f8) at __mp_lock+0x122 syscall(ffff8000212946e0) at syscall+0x3ef Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcb790, count: -6