kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Mon Mar 21 15:35:30 PDT 2022 OpenBSD/amd64 (ci-openbsd-multicore-0.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.1.28' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 470528 78163 0 0x14000 0x200 1 reaper *113537 25093 0 0x14000 0x200 0 softnet db_enter() at db_enter+0x18 panic(ffffffff825a56b6) at panic+0x177 witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 selwakeup(fffffd806d47c318) at selwakeup+0x16 sorwakeup(fffffd806d47c200) at sorwakeup+0xc9 rip6_input(ffff800021117c38,ffff800021117c44,3a,18) at rip6_input+0x692 icmp6_input(ffff800021117c38,ffff800021117c44,3a,18) at icmp6_input+0x8e8 ip_deliver(ffff800021117c38,ffff800021117c44,3a,18) at ip_deliver+0x322 ip6_input_if(ffff800021117c38,ffff800021117c44,29,0,ffff800000689000) at ip6_input_if+0xe95 ipv6_input(ffff800000689000,fffffd806d460a00) at ipv6_input+0x48 if_input_local(ffff800000689000,fffffd806d460a00,18) at if_input_local+0x136 loinput(ffff800000689000,fffffd806d460a00) at loinput+0x4c if_input_process(ffff800000689000,ffff800021117d78) at if_input_process+0xd2 end trace frame: 0xffff800021117dc0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff825a56b6) at panic+0x177 witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 selwakeup(fffffd806d47c318) at selwakeup+0x16 sorwakeup(fffffd806d47c200) at sorwakeup+0xc9 rip6_input(ffff800021117c38,ffff800021117c44,3a,18) at rip6_input+0x692 icmp6_input(ffff800021117c38,ffff800021117c44,3a,18) at icmp6_input+0x8e8 ip_deliver(ffff800021117c38,ffff800021117c44,3a,18) at ip_deliver+0x322 ip6_input_if(ffff800021117c38,ffff800021117c44,29,0,ffff800000689000) at ip6_input_if+0xe95 ipv6_input(ffff800000689000,fffffd806d460a00) at ipv6_input+0x48 if_input_local(ffff800000689000,fffffd806d460a00,18) at if_input_local+0x136 loinput(ffff800000689000,fffffd806d460a00) at loinput+0x4c if_input_process(ffff800000689000,ffff800021117d78) at if_input_process+0xd2 ifiq_process(ffff800000689450) at ifiq_process+0x80 taskq_thread(ffff80000002c000) at taskq_thread+0xe5 end trace frame: 0x0, count: -16 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800021117640 rbx 0xffffffff8294ebff cpu_info_full_primary+0x2bff rdx 0x3fd rcx 0 rax 0x68 r8 0x101010101010101 r9 0x8080808080808080 r10 0x4ef05c5792c77760 r11 0x944a3268baba75f5 r12 0xffffffff8294ea00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff81f18858 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021117630 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (softnet) pid=113537 stat=onproc flags process=14000 proc=200 pri=32, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000210f8540,0xffff8000210f82b0 process=0xffff8000ffffc428 user=0xffff800021112000, vmspace=0xffffffff829d33f8 estcpu=1, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 22476 411219 28738 0 2 0 syz-executor59972376 88869 410976 37062 0 3 0x80 nanoslp syz-executor59972376 3501 394224 37062 0 3 0 biowait syz-executor59972376 49024 344050 37062 0 3 0x80 nanoslp syz-executor59972376 74251 179379 37062 0 3 0 getblk syz-executor59972376 50990 161436 37062 0 3 0x80 nanoslp syz-executor59972376 91814 481831 37062 0 3 0x80 nanoslp syz-executor59972376 95413 363119 37062 0 3 0 getblk syz-executor59972376 28738 339739 37062 0 3 0x80 nanoslp syz-executor59972376 37062 502313 54903 0 3 0x82 nanoslp syz-executor59972376 54903 91218 98515 0 3 0x10008a sigsusp ksh 98515 1453 45231 0 3 0x9a kqread sshd 97970 90223 1 0 3 0x100083 ttyin getty 45231 103687 1 0 3 0x88 kqread sshd 38995 229061 78786 74 3 0x1100092 bpf pflogd 78786 380565 1 0 3 0x80 netio pflogd 46748 239854 16733 73 3 0x1100090 kqread syslogd 16733 129205 1 0 3 0x100082 netio syslogd 74578 273501 1 0 3 0x100080 kqread resolvd 99936 196730 68023 77 3 0x100092 kqread dhcpleased 29889 258563 68023 77 3 0x100092 kqread dhcpleased 68023 52942 1 0 3 0x80 kqread dhcpleased 59933 447669 0 0 3 0x14200 bored smr 66349 78155 0 0 2 0x14200 zerothread 33977 275067 0 0 3 0x14200 aiodoned aiodoned 30690 63358 0 0 3 0x14200 syncer update 83555 430474 0 0 3 0x14200 cleaner cleaner 78163 470528 0 0 7 0x14200 reaper 94015 390860 0 0 3 0x14200 pgdaemon pagedaemon 78975 323644 0 0 3 0x14200 bored viomb 37112 124312 0 0 3 0x40014200 acpi0 acpi0 30759 78933 0 0 3 0x40014200 idle1 *25093 113537 0 0 7 0x14200 softnet 73217 516135 0 0 3 0x14200 bored systqmp 1889 123244 0 0 3 0x14200 bored systq 79519 73345 0 0 3 0x40014200 bored softclock 44817 122888 0 0 3 0x40014200 idle0 1 411969 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a900b0) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 rip6_input+0x1cf #4 icmp6_input+0x8e8 #5 ip_deliver+0x322 #6 ip6_input_if+0xe95 #7 ipv6_input+0x48 #8 if_input_local+0x136 #9 loinput+0x4c #10 if_input_process+0xd2 #11 ifiq_process+0x80 #12 taskq_thread+0xe5 #13 proc_trampoline+0x1c Process 3501 (syz-executor59972376) thread 0xffff8000211437a8 (394224) exclusive rrwlock inode r = 0 (0xfffffd806cc24098) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 ufs_ihashins+0x42 #5 ffs_vget+0x141 #6 ffs_inode_alloc+0x1be #7 ufs_mkdir+0xf4 #8 VOP_MKDIR+0xbf #9 domkdirat+0x121 #10 syscall+0x489 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d4275f8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vfs_lookup+0xd1 #6 namei+0x36a #7 domkdirat+0x75 #8 syscall+0x489 #9 Xsyscall+0x128 Process 74251 (syz-executor59972376) thread 0xffff800021142fc8 (179379) exclusive rrwlock inode r = 0 (0xfffffd806cc243c8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vget+0x1d3 #6 ufs_ihashget+0x121 #7 ffs_vget+0x7c #8 ufs_lookup+0x13ba #9 VOP_LOOKUP+0x58 #10 vfs_lookup+0x6e5 #11 namei+0x36a #12 dounlinkat+0x99 #13 syscall+0x489 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d427708) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vfs_lookup+0xd1 #6 namei+0x36a #7 dounlinkat+0x99 #8 syscall+0x489 #9 Xsyscall+0x128 Process 95413 (syz-executor59972376) thread 0xffff8000ffff7510 (363119) exclusive rrwlock inode r = 0 (0xfffffd806cc24c48) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 ufs_ihashins+0x42 #5 ffs_vget+0x141 #6 ffs_inode_alloc+0x1be #7 ufs_mkdir+0xf4 #8 VOP_MKDIR+0xbf #9 domkdirat+0x121 #10 syscall+0x489 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d4270a8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vfs_lookup+0xd1 #6 namei+0x36a #7 domkdirat+0x75 #8 syscall+0x489 #9 Xsyscall+0x128 Process 25093 (softnet) thread 0xffff8000210f8000 (113537) exclusive rwlock netlock r = 0 (0xffffffff828f7720) #0 witness_lock+0x44d #1 if_input_process+0xa1 #2 ifiq_process+0x80 #3 taskq_thread+0xe5 #4 proc_trampoline+0x1c shared rwlock softnet r = 0 (0xffff80000002c070) #0 witness_lock+0x44d #1 taskq_thread+0xca #2 proc_trampoline+0x1c exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a900b0) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 rip6_input+0x1cf #4 icmp6_input+0x8e8 #5 ip_deliver+0x322 #6 ip6_input_if+0xe95 #7 ipv6_input+0x48 #8 if_input_local+0x136 #9 loinput+0x4c #10 if_input_process+0xd2 #11 ifiq_process+0x80 #12 taskq_thread+0xe5 #13 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10149 6454K 6455K 78643K 11239 0 pcb 14 8K 8K 78643K 52 0 rtable 62 2K 2K 78643K 112 0 ifaddr 29 8K 8K 78643K 32 0 counters 40 33K 33K 78643K 40 0 ioctlops 0 0K 4K 78643K 1479 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1167 73K 73K 78643K 1180 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 67 87K 87K 78643K 282 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 432 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 145 69K 70K 78643K 2340 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 4 0K 0K 78643K 4 0 temp 24 4694K 4758K 78643K 3342 0 kqueue 11 16K 18K 78643K 24 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 17 0 14 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 136 109 0 93 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 312 180 0 170 2 0 2 2 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 8 0 0 1 0 1 1 0 8 0 pfstkey 112 8 0 0 1 0 1 1 0 8 0 pfstate 320 8 0 0 1 0 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1470 0 70 88 0 88 88 0 8 0 ffsino 272 1471 0 70 94 0 94 94 0 8 0 nchpl 144 1683 0 121 59 0 59 59 0 8 0 uvmvnodes 80 1481 0 0 31 0 31 31 0 8 0 vnodes 224 1481 0 0 88 0 88 88 0 8 0 namei 1024 4586 0 4584 3 1 2 2 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 scxspl 216 4277 0 4276 10 2 8 8 0 8 7 plimitpl 152 24 0 9 1 0 1 1 0 8 0 sigapl 424 365 0 323 5 0 5 5 0 8 0 knotepl 120 48 0 0 2 0 2 2 0 8 0 kqueuepl 216 20 0 13 1 0 1 1 0 8 0 pipepl 336 86 0 83 2 1 1 1 0 8 0 fdescpl 496 351 0 327 4 0 4 4 0 8 0 filepl 152 1399 0 1336 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 26 0 9 1 0 1 1 0 8 0 pgrppl 48 26 0 9 1 0 1 1 0 8 0 ucredpl 96 69 0 57 1 0 1 1 0 8 0 zombiepl 144 327 0 323 2 1 1 1 0 8 0 processpl 1064 365 0 323 3 0 3 3 0 8 0 procpl 672 365 0 323 4 0 4 4 0 8 0 sockpl 480 306 0 277 6 1 5 5 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 66 0 0 8 0 8 8 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 118 0 0 7 0 7 7 0 8 0 bufpl 288 2066 0 94 141 0 141 141 0 8 0 anonpl 24 43794 0 40572 23 3 20 20 0 186 0 amapchunkpl 152 4332 0 4102 10 0 10 10 0 158 1 amappl16 200 74 0 64 2 1 1 1 0 8 0 amappl15 192 68 0 64 1 0 1 1 0 8 0 amappl13 176 34 0 33 2 1 1 1 0 8 0 amappl12 168 19 0 19 2 1 1 1 0 8 1 amappl11 160 46 0 32 1 0 1 1 0 8 0 amappl10 152 2 0 0 1 0 1 1 0 8 0 amappl9 144 460 0 458 1 0 1 1 0 8 0 amappl8 136 371 0 368 1 0 1 1 0 8 0 amappl7 128 65 0 62 1 0 1 1 0 8 0 amappl6 120 133 0 111 1 0 1 1 0 8 0 amappl5 112 179 0 167 1 0 1 1 0 8 0 amappl4 104 668 0 646 1 0 1 1 0 8 0 amappl3 96 121 0 112 1 0 1 1 0 8 0 amappl2 88 370 0 332 1 0 1 1 0 8 0 amappl1 80 9231 0 8776 10 0 10 10 0 8 0 amappl 88 2034 0 1923 3 0 3 3 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 351 0 326 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 351 0 326 1 0 1 1 0 8 0 vmmpekpl 168 6283 0 6265 1 0 1 1 0 8 0 vmmpepl 168 28061 0 26900 53 0 53 53 0 357 1 vmsppl 368 350 0 326 3 0 3 3 0 8 0 rwobjpl 56 9831 0 7724 30 0 30 30 0 8 0 pdppl 4096 709 0 652 79 18 61 61 0 8 4 pvpl 32 140540 0 135098 46 1 45 45 0 265 1 pmappl 248 350 0 326 2 0 2 2 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 446 0 23 13 0 13 13 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff825a56b6) at panic+0x177 witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d __mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 selwakeup(fffffd806d47c318) at selwakeup+0x16 sorwakeup(fffffd806d47c200) at sorwakeup+0xc9 rip6_input(ffff800021117c38,ffff800021117c44,3a,18) at rip6_input+0x692 icmp6_input(ffff800021117c38,ffff800021117c44,3a,18) at icmp6_input+0x8e8 ip_deliver(ffff800021117c38,ffff800021117c44,3a,18) at ip_deliver+0x322 ip6_input_if(ffff800021117c38,ffff800021117c44,29,0,ffff800000689000) at ip6_input_if+0xe95 ipv6_input(ffff800000689000,fffffd806d460a00) at ipv6_input+0x48 if_input_local(ffff800000689000,fffffd806d460a00,18) at if_input_local+0x136 loinput(ffff800000689000,fffffd806d460a00) at loinput+0x4c if_input_process(ffff800000689000,ffff800021117d78) at if_input_process+0xd2 ifiq_process(ffff800000689450) at ifiq_process+0x80 taskq_thread(ffff80000002c000) at taskq_thread+0xe5 end trace frame: 0x0, count: -16 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc reaper(ffff8000210f97a0) at reaper+0x150 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc reaper(ffff8000210f97a0) at reaper+0x150 end trace frame: 0x0, count: -5 ddb{1}>