Warning: Permanently added '10.128.0.156' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program panic: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/setuid/kernel/sys/arch/amd64/amd64/intr.c", line 699 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 13368 98591 0 0 0 0 syz-executor2527858354 db_enter() at db_enter+0x1c panic(ffffffff8279dbba) at panic+0x17b __assert(ffffffff828207b6,ffffffff8283ac67,2bb,ffffffff827a0b89) at __assert+0x29 splraise(8b9ea199) at splraise+0xb4 mtx_enter_try(fffffd8074652510) at mtx_enter_try+0x73 mtx_enter(fffffd8074652510) at mtx_enter+0x4f knote_remove(ffff80002120c568,fffffd8074652510,fffffd8074652598,3,0) at knote_remove+0x20d knote_fdclose(ffff80002120c568,3) at knote_fdclose+0xae fdfree(ffff80002120c568) at fdfree+0xdf exit1(ffff80002120c568,0,0,1) at exit1+0x3ff sys_exit(ffff80002120c568,ffff80002128dca0,ffff80002128dcf0) at sys_exit+0x1a syscall(ffff80002128dd70) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7136e6680c80, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/setuid/kernel/sys/arch/amd64/amd64/intr.c", line 699 ddb{1}> trace db_enter() at db_enter+0x1c panic(ffffffff8279dbba) at panic+0x17b __assert(ffffffff828207b6,ffffffff8283ac67,2bb,ffffffff827a0b89) at __assert+0x29 splraise(8b9ea199) at splraise+0xb4 mtx_enter_try(fffffd8074652510) at mtx_enter_try+0x73 mtx_enter(fffffd8074652510) at mtx_enter+0x4f knote_remove(ffff80002120c568,fffffd8074652510,fffffd8074652598,3,0) at knote_remove+0x20d knote_fdclose(ffff80002120c568,3) at knote_fdclose+0xae fdfree(ffff80002120c568) at fdfree+0xdf exit1(ffff80002120c568,0,0,1) at exit1+0x3ff sys_exit(ffff80002120c568,ffff80002128dca0,ffff80002128dcf0) at sys_exit+0x1a syscall(ffff80002128dd70) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7136e6680c80, count: -13 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80002128d8e0 rbx 0xffff800020d59b9f rdx 0x3fd rcx 0 rax 0x8f r8 0x101010101010101 r9 0x8080808080808080 r10 0xb514563717cfe59e r11 0x721ad332e61894d4 r12 0xffff800020d599a0 r13 0 r14 0 r15 0x1 rip 0xffffffff819b68ac db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002128d8d0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor2527858354) pid=222685 stat=onproc flags process=1008 proc=2000 pri=0, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff80002120d800,0xffff80002120cd70 process=0xffff8000212ae5c8 user=0xffff800021288000, vmspace=0xfffffd806f550018 estcpu=8, cpticks=2, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 98591 13368 44977 0 7 0 syz-executor2527858354 80333 122784 89430 0 2 0 syz-executor2527858354 80333 216637 89430 0 2 0x4000000 syz-executor2527858354 17433 222650 4777 0 2 0 syz-executor2527858354 80488 384008 99132 0 2 0 syz-executor2527858354 90394 112654 57889 0 2 0 syz-executor2527858354 90394 83822 57889 0 3 0x4000080 fsleep syz-executor2527858354 84267 381807 33101 0 2 0 syz-executor2527858354 84267 71312 33101 0 3 0x4000080 fsleep syz-executor2527858354 99132 75931 28310 0 2 0 syz-executor2527858354 89430 260265 28310 0 3 0x80 nanoslp syz-executor2527858354 44977 167467 28310 0 3 0x80 nanoslp syz-executor2527858354 58807 251440 28310 0 3 0x80 nanoslp syz-executor2527858354 40528 292217 28310 0 2 0 syz-executor2527858354 4777 221958 28310 0 2 0 syz-executor2527858354 57889 266410 28310 0 3 0x80 nanoslp syz-executor2527858354 33101 51144 28310 0 2 0 syz-executor2527858354 28310 364806 43029 0 3 0x82 nanoslp syz-executor2527858354 43029 323432 5288 0 3 0x10008a sigsusp ksh 5288 128840 38618 0 3 0x9a kqread sshd 159 365012 1 0 3 0x100083 ttyin getty 38618 428816 1 0 3 0x88 kqread sshd 42924 112718 96371 73 3 0x1100090 kqread syslogd 96371 124356 1 0 3 0x100082 netio syslogd 22417 187764 1 0 3 0x100080 kqread resolvd 20892 421216 1637 77 3 0x100092 kqread dhcpleased 6357 69093 1637 77 3 0x100092 kqread dhcpleased 1637 365053 1 0 3 0x80 kqread dhcpleased 75434 523094 0 0 3 0x14200 bored smr 10052 164895 0 0 2 0x14200 zerothread 49740 203849 0 0 3 0x14200 aiodoned aiodoned 9324 68319 0 0 3 0x14200 syncer update 14298 64935 0 0 3 0x14200 cleaner cleaner 5058 40046 0 0 3 0x14200 reaper reaper 75121 79809 0 0 3 0x14200 pgdaemon pagedaemon 77146 44258 0 0 3 0x14200 bored viomb 86074 28376 0 0 3 0x40014200 acpi0 acpi0 65480 378329 0 0 3 0x40014200 idle1 58803 358798 0 0 3 0x14200 bored softnet3 61339 346553 0 0 3 0x14200 bored softnet2 98468 462617 0 0 3 0x14200 bored softnet1 40419 144272 0 0 3 0x14200 bored softnet0 25022 427904 0 0 3 0x14200 bored systqmp 58801 33123 0 0 3 0x14200 bored systq 63065 476586 0 0 3 0x40014200 bored softclock 2404 459083 0 0 3 0x40014200 idle0 1 296594 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 98591 (syz-executor2527858354) thread 0xffff8000211ff2b8 (13368) shared rwlock vmmaplk r = 0 (0xfffffd806c5d04b8) #0 witness_lock+0x447 #1 uvmfault_lookup+0xd9 #2 uvm_fault_check+0x3e #3 uvm_fault+0xf2 #4 upageflttrap+0x86 #5 usertrap+0x226 #6 recall_trap+0x8 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10156 6389K 6420K 78643K 11234 0 pcb 13 8K 8K 78643K 13 0 rtable 58 1K 2K 78643K 110 0 pf 12 6K 6K 78643K 12 0 ifaddr 12 9K 9K 78643K 12 0 ifgroup 17 1K 1K 78643K 17 0 counters 44 33K 33K 78643K 44 0 ioctlops 0 0K 2K 78643K 21 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1174 73K 74K 78643K 1187 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 55 78K 79K 78643K 246 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 1K 78643K 243 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 139 6K 7K 78643K 2540 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 3 0K 0K 78643K 3 0 temp 1 5904K 5968K 78643K 2926 0 kqueue 12 18K 26K 78643K 60 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 20 0 17 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 144 33 0 20 1 0 1 1 0 8 0 syncache 304 5 0 5 1 0 1 1 0 8 1 tcpqe 32 97 0 97 1 0 1 1 0 8 1 tcpcb 808 8 0 5 1 0 1 1 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 368 63 0 54 2 0 2 2 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1471 0 70 88 0 88 88 0 8 0 ffsino 272 1471 0 70 94 0 94 94 0 8 0 nchpl 144 1694 0 121 59 0 59 59 0 8 0 uvmvnodes 80 1480 0 0 31 0 31 31 0 8 0 vnodes 216 1480 0 0 83 0 83 83 0 8 0 namei 1024 4426 0 4426 2 0 2 2 0 8 2 percpumem 16 35 0 0 1 0 1 1 0 8 0 kstatmem 264 6 0 0 1 0 1 1 0 8 0 scxspl 216 5104 0 5104 3 2 1 2 1 8 1 plimitpl 152 16 0 10 1 0 1 1 0 8 0 sigapl 424 358 0 312 6 0 6 6 0 8 0 futexpl 64 157 0 155 1 0 1 1 0 8 0 knotepl 120 50 0 0 2 0 2 2 0 8 0 kqueuepl 216 56 0 48 1 0 1 1 0 8 0 pipepl 320 87 0 84 1 0 1 1 0 8 0 fdescpl 496 341 0 313 5 1 4 4 0 8 0 filepl 152 1196 0 1140 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 104 66 0 56 1 0 1 1 0 8 0 zombiepl 144 314 0 312 1 0 1 1 0 8 0 processpl 1072 358 0 312 4 0 4 4 0 8 0 procpl 680 410 0 361 5 0 5 5 0 8 0 sockpl 488 116 0 91 4 0 4 4 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 273 0 0 35 0 35 35 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 290 0 0 19 0 19 19 0 8 0 bufpl 288 2561 0 88 177 0 177 177 0 8 0 anonpl 24 168237 0 166100 24 2 22 23 0 186 8 amapchunkpl 152 8714 0 8427 14 1 13 13 0 158 1 amappl16 200 4804 0 4794 5 1 4 5 0 8 3 amappl15 192 45 0 43 1 0 1 1 0 8 0 amappl14 184 99 0 90 1 0 1 1 0 8 0 amappl13 176 12 0 12 1 1 0 1 0 8 0 amappl12 168 840 0 815 2 0 2 2 0 8 0 amappl11 160 54 0 44 1 0 1 1 0 8 0 amappl10 152 14 0 13 1 0 1 1 0 8 0 amappl9 144 148 0 148 1 0 1 1 0 8 1 amappl8 136 28 0 26 1 0 1 1 0 8 0 amappl7 128 72 0 57 1 0 1 1 0 8 0 amappl6 120 135 0 122 1 0 1 1 0 8 0 amappl5 112 111 0 103 1 0 1 1 0 8 0 amappl4 104 415 0 389 1 0 1 1 0 8 0 amappl3 96 2553 0 2493 2 0 2 2 0 8 0 amappl2 88 510 0 461 2 0 2 2 0 8 0 amappl1 80 9259 0 8793 11 0 11 11 0 8 0 amappl 88 2269 0 2169 3 0 3 3 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 341 0 313 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 341 0 313 1 0 1 1 0 8 0 vmmpekpl 168 6960 0 6935 2 0 2 2 0 8 0 vmmpepl 168 35406 0 34080 61 0 61 61 0 357 1 vmsppl 464 340 0 313 5 1 4 4 0 8 0 rwobjpl 56 18762 0 16582 32 1 31 31 0 8 0 pdppl 4096 690 0 626 82 16 66 66 0 8 2 pvpl 32 265708 0 260657 52 1 51 52 0 265 9 pmappl 248 340 0 313 3 1 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 520 0 18 15 0 15 15 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffffffff82b6fff0) at x86_ipi_db+0x1e x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82ca3c10) at __mp_lock+0x122 syscall(ffff8000212c1d20) at syscall+0x5cd Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7136e6680b00, count: 9 ddb{0}> trace x86_ipi_db(ffffffff82b6fff0) at x86_ipi_db+0x1e x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82ca3c10) at __mp_lock+0x122 syscall(ffff8000212c1d20) at syscall+0x5cd Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7136e6680b00, count: -6 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x1c: addq $0x8,%rsp db_enter() at db_enter+0x1c panic(ffffffff8279dbba) at panic+0x17b __assert(ffffffff828207b6,ffffffff8283ac67,2bb,ffffffff827a0b89) at __assert+0x29 splraise(8b9ea199) at splraise+0xb4 mtx_enter_try(fffffd8074652510) at mtx_enter_try+0x73 mtx_enter(fffffd8074652510) at mtx_enter+0x4f knote_remove(ffff80002120c568,fffffd8074652510,fffffd8074652598,3,0) at knote_remove+0x20d knote_fdclose(ffff80002120c568,3) at knote_fdclose+0xae fdfree(ffff80002120c568) at fdfree+0xdf exit1(ffff80002120c568,0,0,1) at exit1+0x3ff sys_exit(ffff80002120c568,ffff80002128dca0,ffff80002128dcf0) at sys_exit+0x1a syscall(ffff80002128dd70) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7136e6680c80, count: 2 ddb{1}> trace db_enter() at db_enter+0x1c panic(ffffffff8279dbba) at panic+0x17b __assert(ffffffff828207b6,ffffffff8283ac67,2bb,ffffffff827a0b89) at __assert+0x29 splraise(8b9ea199) at splraise+0xb4 mtx_enter_try(fffffd8074652510) at mtx_enter_try+0x73 mtx_enter(fffffd8074652510) at mtx_enter+0x4f knote_remove(ffff80002120c568,fffffd8074652510,fffffd8074652598,3,0) at knote_remove+0x20d knote_fdclose(ffff80002120c568,3) at knote_fdclose+0xae fdfree(ffff80002120c568) at fdfree+0xdf exit1(ffff80002120c568,0,0,1) at exit1+0x3ff sys_exit(ffff80002120c568,ffff80002128dca0,ffff80002128dcf0) at sys_exit+0x1a syscall(ffff80002128dd70) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7136e6680c80, count: -13 ddb{1}>