kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Tue Aug 31 23:26:16 PDT 2021 OpenBSD/amd64 (ci-openbsd-multicore-9.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *501048 82757 0 0 0 0 syz-executor1943 db_enter() at db_enter+0x18 panic(ffffffff82464b8f) at panic+0x177 witness_checkorder(ffffffff82838c20,9,0) at witness_checkorder+0x11eb __mp_lock(ffffffff82838a18) at __mp_lock+0xa1 intr_handler(ffff80002123ad80,ffff800000255d80) at intr_handler+0x5e Xintr_ioapic_edge20_untramp() at Xintr_ioapic_edge20_untramp+0x18f Xspllower() at Xspllower+0x19 mtx_enter_try(ffffffff829b8d10) at mtx_enter_try+0x100 mtx_enter(ffffffff829b8d10) at mtx_enter+0x4b pool_get(ffffffff829b8d10,9) at pool_get+0xbf vm_create(ffff800000b29000,ffff8000211922a8) at vm_create+0x261 vmmioctl(a00,c5005601,ffff800000b29000,1,ffff8000211922a8) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e213830,c5005601,ffff800000b29000,1,fffffd807f7d8840,ffff8000211922a8) at VOP_IOCTL+0x9a vn_ioctl(fffffd806e4aca28,c5005601,ffff800000b29000,ffff8000211922a8) at vn_ioctl+0xba end trace frame: 0xffff80002123b380, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff82464b8f) at panic+0x177 witness_checkorder(ffffffff82838c20,9,0) at witness_checkorder+0x11eb __mp_lock(ffffffff82838a18) at __mp_lock+0xa1 intr_handler(ffff80002123ad80,ffff800000255d80) at intr_handler+0x5e Xintr_ioapic_edge20_untramp() at Xintr_ioapic_edge20_untramp+0x18f Xspllower() at Xspllower+0x19 mtx_enter_try(ffffffff829b8d10) at mtx_enter_try+0x100 mtx_enter(ffffffff829b8d10) at mtx_enter+0x4b pool_get(ffffffff829b8d10,9) at pool_get+0xbf vm_create(ffff800000b29000,ffff8000211922a8) at vm_create+0x261 vmmioctl(a00,c5005601,ffff800000b29000,1,ffff8000211922a8) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e213830,c5005601,ffff800000b29000,1,fffffd807f7d8840,ffff8000211922a8) at VOP_IOCTL+0x9a vn_ioctl(fffffd806e4aca28,c5005601,ffff800000b29000,ffff8000211922a8) at vn_ioctl+0xba sys_ioctl(ffff8000211922a8,ffff80002123b398,ffff80002123b3e0) at sys_ioctl+0x4a2 syscall(ffff80002123b460) at syscall+0x5a9 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff2370, count: -17 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002123ab70 rbx 0xffffffff8280abff cpu_info_full_primary+0x2bff rdx 0x8b rcx 0x2 rax 0x68 r8 0xffffffff81a0be34 kprintf+0x144 r9 0x1 r10 0xa59aaaf8bd8325af r11 0x34f19efd222e11b2 r12 0xffffffff8280aa00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff81e3e908 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002123ab60 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor1943) pid=501048 stat=onproc flags process=0 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff67f0,0xffffffff82913618 process=0xffff80002120a190 user=0xffff800021236000, vmspace=0xfffffd806d447e60 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *82757 501048 53985 0 7 0 syz-executor1943 30680 115859 67703 0 3 0x80 nanoslp syz-executor1943 53985 391055 67703 0 3 0x80 nanoslp syz-executor1943 67703 374285 93982 0 3 0x82 nanoslp syz-executor1943 93982 14454 77391 0 3 0x10008a sigsusp ksh 77391 318935 42469 0 3 0x9a select sshd 99726 304687 1 0 3 0x100083 ttyin getty 42469 361517 1 0 3 0x88 select sshd 24816 278467 84592 74 3 0x100092 bpf pflogd 84592 444822 1 0 3 0x80 netio pflogd 5805 40948 78667 73 3 0x100090 kqread syslogd 78667 501351 1 0 3 0x100082 netio syslogd 89323 522629 1 0 3 0x100080 kqread resolvd 18952 354680 72489 77 3 0x100092 kqread dhcpleased 86706 111807 72489 77 3 0x100092 kqread dhcpleased 72489 371956 1 0 3 0x80 kqread dhcpleased 69676 167235 0 0 3 0x14200 bored smr 71596 74860 0 0 3 0x14200 pgzero zerothread 14994 229278 0 0 3 0x14200 aiodoned aiodoned 75730 241255 0 0 3 0x14200 syncer update 92449 341165 0 0 3 0x14200 cleaner cleaner 87661 393417 0 0 3 0x14200 reaper reaper 55274 57132 0 0 3 0x14200 pgdaemon pagedaemon 19669 491297 0 0 3 0x14200 bored crynlk 68016 350999 0 0 3 0x14200 bored crypto 58646 288913 0 0 3 0x14200 bored viomb 76454 376116 0 0 3 0x40014200 acpi0 acpi0 83532 225964 0 0 7 0x40014200 idle1 77325 418219 0 0 3 0x14200 bored softnet 89444 244436 0 0 3 0x14200 bored systqmp 77467 37670 0 0 3 0x14200 bored systq 41342 371787 0 0 3 0x40014200 bored softclock 67285 325111 0 0 3 0x40014200 idle0 1 94723 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex vcpupl r = 0 (0xffffffff829b8d20) #0 witness_lock+0x4b0 #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 pool_get+0xbf #4 vm_create+0x261 #5 vmmioctl+0x1f2 #6 VOP_IOCTL+0x9a #7 vn_ioctl+0xba #8 sys_ioctl+0x4a2 #9 syscall+0x5a9 #10 Xsyscall+0x128 Process 82757 (syz-executor1943) thread 0xffff8000211922a8 (501048) exclusive rwlock vmlistlock r = 0 (0xffff800000655c78) #0 witness_lock+0x4b0 #1 vm_create+0x12e #2 vmmioctl+0x1f2 #3 VOP_IOCTL+0x9a #4 vn_ioctl+0xba #5 sys_ioctl+0x4a2 #6 syscall+0x5a9 #7 Xsyscall+0x128 exclusive mutex vcpupl r = 0 (0xffffffff829b8d20) #0 witness_lock+0x4b0 #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 pool_get+0xbf #4 vm_create+0x261 #5 vmmioctl+0x1f2 #6 VOP_IOCTL+0x9a #7 vn_ioctl+0xba #8 sys_ioctl+0x4a2 #9 syscall+0x5a9 #10 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10111 6416K 6417K 78643K 11201 0 pcb 13 8K 8K 78643K 13 0 rtable 62 2K 2K 78643K 112 0 ifaddr 29 8K 8K 78643K 30 0 counters 40 33K 33K 78643K 40 0 ioctlops 1 2K 4K 78643K 1545 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 6 0 vnodes 1183 74K 75K 78643K 1188 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 1 0K 0K 78643K 1 0 proc 67 87K 87K 78643K 278 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 2K 78643K 348 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 293 1096K 1096K 78643K 2017 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 4 0K 0K 78643K 4 0 temp 23 4193K 4257K 78643K 2092 0 kqueue 9 12K 12K 78643K 9 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 17 0 14 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 120 35 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 304 32 0 26 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 9 0 7 2 1 1 1 0 8 0 pfstkey 112 9 0 7 2 1 1 1 0 8 0 pfstate 320 9 0 7 2 1 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1481 0 87 88 0 88 88 0 8 0 ffsino 272 1481 0 87 93 0 93 93 0 8 0 nchpl 144 1722 0 170 58 0 58 58 0 8 0 uvmvnodes 72 1491 0 0 28 0 28 28 0 8 0 vnodes 224 1491 0 0 88 0 88 88 0 8 0 namei 1024 4478 0 4478 2 1 1 1 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 vcpupl 2048 65 0 0 9 0 9 9 0 8 0 vmpool 560 66 0 0 5 0 5 5 0 8 0 scxspl 216 4103 0 4103 22 21 1 8 0 8 1 plimitpl 152 18 0 9 1 0 1 1 0 8 0 sigapl 424 323 0 289 4 0 4 4 0 8 0 knotepl 112 23 0 0 1 0 1 1 0 8 0 kqueuepl 216 5 0 0 1 0 1 1 0 8 0 pipepl 336 69 0 66 2 1 1 1 0 8 0 fdescpl 496 307 0 289 3 0 3 3 0 8 0 filepl 152 1214 0 1155 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 20 0 9 1 0 1 1 0 8 0 pgrppl 48 20 0 9 1 0 1 1 0 8 0 ucredpl 96 69 0 57 1 0 1 1 0 8 0 zombiepl 144 289 0 288 2 1 1 1 0 8 0 processpl 1072 323 0 288 3 0 3 3 0 8 0 procpl 672 323 0 288 3 0 3 3 0 8 0 sockpl 480 84 0 60 5 1 4 4 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 82 0 0 10 0 10 10 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 143 0 0 8 0 8 8 0 8 0 bufpl 280 2083 0 93 143 0 143 143 0 8 0 anonpl 24 33442 0 30916 19 3 16 17 0 186 0 amapchunkpl 152 3135 0 2973 9 2 7 8 0 158 0 amappl16 200 163 0 92 4 0 4 4 0 8 0 amappl13 176 18 0 17 2 1 1 1 0 8 0 amappl12 168 12 0 12 2 1 1 1 0 8 1 amappl11 160 42 0 28 1 0 1 1 0 8 0 amappl10 152 23 0 19 1 0 1 1 0 8 0 amappl9 144 224 0 222 1 0 1 1 0 8 0 amappl8 136 274 0 274 2 1 1 1 0 8 1 amappl7 128 52 0 45 1 0 1 1 0 8 0 amappl6 120 88 0 83 1 0 1 1 0 8 0 amappl5 112 176 0 157 1 0 1 1 0 8 0 amappl4 104 528 0 509 1 0 1 1 0 8 0 amappl3 96 112 0 109 1 0 1 1 0 8 0 amappl2 88 400 0 355 3 1 2 2 0 8 0 amappl1 80 7911 0 7522 11 2 9 9 0 8 0 amappl 88 1634 0 1493 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 373 0 289 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 373 0 289 1 0 1 1 0 8 0 vmmpekpl 168 6172 0 6155 1 0 1 1 0 8 0 vmmpepl 168 24865 0 23800 51 4 47 47 0 357 0 vmsppl 368 372 0 289 8 0 8 8 0 8 0 rwobjpl 56 7132 0 6440 12 2 10 10 0 8 0 pdppl 4096 754 0 644 129 18 111 111 0 8 1 pvpl 32 115045 0 110502 44 6 38 38 0 265 1 pmappl 224 372 0 289 5 0 5 5 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 368 0 23 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff82464b8f) at panic+0x177 witness_checkorder(ffffffff82838c20,9,0) at witness_checkorder+0x11eb __mp_lock(ffffffff82838a18) at __mp_lock+0xa1 intr_handler(ffff80002123ad80,ffff800000255d80) at intr_handler+0x5e Xintr_ioapic_edge20_untramp() at Xintr_ioapic_edge20_untramp+0x18f Xspllower() at Xspllower+0x19 mtx_enter_try(ffffffff829b8d10) at mtx_enter_try+0x100 mtx_enter(ffffffff829b8d10) at mtx_enter+0x4b pool_get(ffffffff829b8d10,9) at pool_get+0xbf vm_create(ffff800000b29000,ffff8000211922a8) at vm_create+0x261 vmmioctl(a00,c5005601,ffff800000b29000,1,ffff8000211922a8) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e213830,c5005601,ffff800000b29000,1,fffffd807f7d8840,ffff8000211922a8) at VOP_IOCTL+0x9a vn_ioctl(fffffd806e4aca28,c5005601,ffff800000b29000,ffff8000211922a8) at vn_ioctl+0xba sys_ioctl(ffff8000211922a8,ffff80002123b398,ffff80002123b3e0) at sys_ioctl+0x4a2 syscall(ffff80002123b460) at syscall+0x5a9 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff2370, count: -17 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x2eb sched_idle(ffff800020d38ff0) at sched_idle+0x417 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x2eb sched_idle(ffff800020d38ff0) at sched_idle+0x417 end trace frame: 0x0, count: -5