Warning: Permanently added '10.128.0.180' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program panic: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/setuid/kernel/sys/arch/amd64/amd64/intr.c", line 699 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 34890 4246 0 0 0 0 syz-executor2807978047 db_enter() at db_enter+0x1c panic(ffffffff827a3511) at panic+0x17b __assert(ffffffff82820737,ffffffff8283f743,2bb,ffffffff827a547f) at __assert+0x29 splraise(93b6a9e0) at splraise+0xb4 mtx_enter_try(fffffd806f2c8288) at mtx_enter_try+0x73 mtx_enter(fffffd806f2c8288) at mtx_enter+0x4f knote_remove(ffff80002122c570,fffffd806f2c8288,fffffd806f2c8310,3,0) at knote_remove+0x20d knote_fdclose(ffff80002122c570,3) at knote_fdclose+0xae fdfree(ffff80002122c570) at fdfree+0xdf exit1(ffff80002122c570,0,0,1) at exit1+0x3e4 sys_exit(ffff80002122c570,ffff800021291850,ffff8000212918a0) at sys_exit+0x1a syscall(ffff800021291920) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73ea998a8f10, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/setuid/kernel/sys/arch/amd64/amd64/intr.c", line 699 ddb{1}> trace db_enter() at db_enter+0x1c panic(ffffffff827a3511) at panic+0x17b __assert(ffffffff82820737,ffffffff8283f743,2bb,ffffffff827a547f) at __assert+0x29 splraise(93b6a9e0) at splraise+0xb4 mtx_enter_try(fffffd806f2c8288) at mtx_enter_try+0x73 mtx_enter(fffffd806f2c8288) at mtx_enter+0x4f knote_remove(ffff80002122c570,fffffd806f2c8288,fffffd806f2c8310,3,0) at knote_remove+0x20d knote_fdclose(ffff80002122c570,3) at knote_fdclose+0xae fdfree(ffff80002122c570) at fdfree+0xdf exit1(ffff80002122c570,0,0,1) at exit1+0x3e4 sys_exit(ffff80002122c570,ffff800021291850,ffff8000212918a0) at sys_exit+0x1a syscall(ffff800021291920) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73ea998a8f10, count: -13 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800021291490 rbx 0xffff800020d59b9f rdx 0x3fd rcx 0 rax 0x8f r8 0x101010101010101 r9 0x8080808080808080 r10 0x4c770d73f26a8aee r11 0x4edcf5e3abc8738b r12 0xffff800020d599a0 r13 0 r14 0 r15 0x1 rip 0xffffffff81b6e27c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800021291480 ss 0 db_enter+0x1c: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor2807978047) pid=129976 stat=onproc flags process=1008 proc=2000 pri=0, usrpri=69, nice=20 forw=0xffffffffffffffff, list=0xffff80002122cd68,0xffff80002122dd68 process=0xffff800021288448 user=0xffff80002128c000, vmspace=0xfffffd8071da31f0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 65689 121501 20886 0 2 0 syz-executor2807978047 65689 360331 20886 0 2 0x4000000 syz-executor2807978047 44871 162595 27710 0 2 0 syz-executor2807978047 44871 516372 27710 0 2 0x4000000 syz-executor2807978047 4953 441530 23322 0 2 0 syz-executor2807978047 27710 460287 89654 0 3 0x80 nanoslp syz-executor2807978047 4246 34890 89654 0 7 0 syz-executor2807978047 4813 53601 89654 0 3 0x80 nanoslp syz-executor2807978047 13576 155144 89654 0 3 0x80 nanoslp syz-executor2807978047 66779 68071 89654 0 3 0x80 nanoslp syz-executor2807978047 33001 148356 89654 0 3 0 biowait syz-executor2807978047 20886 435754 89654 0 3 0x80 nanoslp syz-executor2807978047 23322 256655 89654 0 3 0x80 nanoslp syz-executor2807978047 89654 319188 98552 0 3 0x82 nanoslp syz-executor2807978047 98552 421282 71915 0 3 0x10008a sigsusp ksh 71915 155408 69141 0 3 0x9a kqread sshd 15898 371799 1 0 3 0x100083 ttyin getty 69141 433365 1 0 3 0x88 kqread sshd 87093 196624 81347 73 3 0x1100090 kqread syslogd 81347 146286 1 0 3 0x100082 netio syslogd 33852 434305 1 0 3 0x100080 kqread resolvd 92152 406001 73567 77 3 0x100092 kqread dhcpleased 11391 373173 73567 77 3 0x100092 kqread dhcpleased 73567 462468 1 0 3 0x80 kqread dhcpleased 5435 334620 0 0 3 0x14200 bored smr 32678 271767 0 0 2 0x14200 zerothread 58681 501028 0 0 3 0x14200 aiodoned aiodoned 2829 104206 0 0 3 0x14200 syncer update 79442 504401 0 0 3 0x14200 cleaner cleaner 95115 181598 0 0 2 0x14200 reaper 38543 513889 0 0 3 0x14200 pgdaemon pagedaemon 43622 205532 0 0 3 0x14200 bored viomb 92664 438529 0 0 3 0x40014200 acpi0 acpi0 22706 64209 0 0 3 0x40014200 idle1 21576 121733 0 0 3 0x14200 bored softnet3 10960 438090 0 0 3 0x14200 bored softnet2 45890 469678 0 0 3 0x14200 bored softnet1 27338 485654 0 0 3 0x14200 bored softnet0 637 184616 0 0 3 0x14200 bored systqmp 72700 306511 0 0 3 0x14200 bored systq 6387 492417 0 0 3 0x40014200 bored softclock 50107 113178 0 0 3 0x40014200 idle0 1 169142 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive sched_lock &sched_lock r = 0 (0xffffffff82cc8bd0) #0 witness_lock+0x447 #1 wakeup_n+0x37 #2 sched_idle+0x232 #3 proc_trampoline+0x1c Process 4246 (syz-executor2807978047) thread 0xffff80002120faa8 (34890) exclusive rrwlock inode r = 0 (0xfffffd806d7cec48) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 ufs_ihashins+0x46 #5 ffs_vget+0x141 #6 ffs_inode_alloc+0x1c2 #7 ufs_mkdir+0xf8 #8 VOP_MKDIR+0xc3 #9 domkdirat+0x125 #10 syscall+0x5e2 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d79df88) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 vn_lock+0x84 #5 vfs_lookup+0xd5 #6 namei+0x55a #7 domkdirat+0x79 #8 syscall+0x5e2 #9 Xsyscall+0x128 Process 33001 (syz-executor2807978047) thread 0xffff8000211ee2b8 (148356) exclusive rrwlock inode r = 0 (0xfffffd806d7ce1a8) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 ufs_ihashins+0x46 #5 ffs_vget+0x141 #6 ffs_inode_alloc+0x1c2 #7 ufs_mkdir+0xf8 #8 VOP_MKDIR+0xc3 #9 domkdirat+0x125 #10 syscall+0x5e2 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d79d5f8) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 vn_lock+0x84 #5 vfs_lookup+0xd5 #6 namei+0x55a #7 domkdirat+0x79 #8 syscall+0x5e2 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10156 6389K 6420K 78643K 11234 0 pcb 13 8K 8K 78643K 13 0 rtable 58 1K 2K 78643K 108 0 pf 12 6K 6K 78643K 12 0 ifaddr 12 9K 9K 78643K 12 0 ifgroup 17 1K 1K 78643K 17 0 counters 44 33K 33K 78643K 44 0 ioctlops 0 0K 2K 78643K 21 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1174 73K 74K 78643K 1187 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 55 78K 79K 78643K 246 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 1K 78643K 240 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 127 6K 7K 78643K 3498 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 3 0K 0K 78643K 3 0 temp 1 5904K 5968K 78643K 3231 0 kqueue 11 16K 22K 78643K 235 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 19 0 16 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 144 33 0 20 1 0 1 1 0 8 0 syncache 304 5 0 5 2 1 1 1 0 8 1 tcpqe 32 136 0 136 1 1 0 1 0 8 0 tcpcb 808 432 0 425 2 0 2 2 0 8 1 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 368 450 0 441 2 0 2 2 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1646 0 245 88 0 88 88 0 8 0 ffsino 272 1646 0 245 94 0 94 94 0 8 0 nchpl 144 2043 0 471 59 0 59 59 0 8 0 uvmvnodes 80 1655 0 0 34 0 34 34 0 8 0 vnodes 216 1655 0 0 92 0 92 92 0 8 0 namei 1024 5110 0 5108 3 1 2 2 0 8 1 percpumem 16 35 0 0 1 0 1 1 0 8 0 kstatmem 264 6 0 0 1 0 1 1 0 8 0 scxspl 216 6415 0 6414 10 9 1 8 1 8 0 plimitpl 152 16 0 10 1 0 1 1 0 8 0 sigapl 424 528 0 484 6 0 6 6 0 8 0 futexpl 64 828 0 828 1 0 1 1 0 8 1 knotepl 120 44 0 0 2 0 2 2 0 8 0 kqueuepl 216 231 0 224 1 0 1 1 0 8 0 pipepl 320 86 0 83 2 1 1 1 0 8 0 fdescpl 496 511 0 486 5 1 4 4 0 8 0 filepl 152 1752 0 1695 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 104 66 0 56 1 0 1 1 0 8 0 zombiepl 144 487 0 484 2 1 1 1 0 8 0 processpl 1072 528 0 484 4 0 4 4 0 8 0 procpl 680 743 0 696 5 0 5 5 0 8 0 sockpl 488 502 0 476 4 0 4 4 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 245 0 0 31 0 31 31 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 272 0 0 17 0 17 17 0 8 0 bufpl 288 2737 0 89 190 0 190 190 0 8 0 anonpl 24 173926 0 171827 28 14 14 24 0 186 0 amapchunkpl 152 11723 0 11473 13 1 12 12 0 158 2 amappl16 200 4892 0 4883 6 5 1 5 0 8 0 amappl15 192 14 0 14 1 1 0 1 0 8 0 amappl14 184 100 0 91 1 0 1 1 0 8 0 amappl13 176 6 0 6 1 1 0 1 0 8 0 amappl12 168 998 0 975 2 0 2 2 0 8 0 amappl11 160 50 0 40 1 0 1 1 0 8 0 amappl10 152 17 0 17 2 1 1 1 0 8 1 amappl9 144 165 0 165 2 1 1 1 0 8 1 amappl8 136 29 0 27 1 0 1 1 0 8 0 amappl7 128 294 0 281 1 0 1 1 0 8 0 amappl6 120 141 0 128 1 0 1 1 0 8 0 amappl5 112 103 0 95 1 0 1 1 0 8 0 amappl4 104 408 0 380 1 0 1 1 0 8 0 amappl3 96 3163 0 3111 3 1 2 2 0 8 0 amappl2 88 682 0 635 3 1 2 2 0 8 0 amappl1 80 9918 0 9454 15 4 11 11 0 8 0 amappl 88 3231 0 3143 3 0 3 3 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 511 0 486 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 511 0 486 1 0 1 1 0 8 0 vmmpekpl 168 7718 0 7697 2 0 2 2 0 8 0 vmmpepl 168 41399 0 40162 67 8 59 59 0 357 5 vmsppl 464 510 0 486 5 1 4 4 0 8 0 rwobjpl 56 19907 0 17561 35 1 34 34 0 8 0 pdppl 4096 1030 0 972 86 22 64 64 0 8 6 pvpl 32 283449 0 278492 64 22 42 52 0 265 0 pmappl 248 510 0 486 3 1 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 533 0 25 15 0 15 15 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffffffff82c05ff0) at x86_ipi_db+0x1e x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82ca0020) at __mp_lock+0x122 __mp_acquire_count(ffffffff82ca0020,1) at __mp_acquire_count+0x48 mi_switch() at mi_switch+0x46b sleep_finish(0,1) at sleep_finish+0x19b biowait(fffffd806f4eeb50) at biowait+0x91 bwrite(fffffd806f4eeb50) at bwrite+0x21c ffs_update(fffffd806d7cebb0,1) at ffs_update+0x281 ufs_mkdir(ffff80002126f7e0) at ufs_mkdir+0x672 VOP_MKDIR(fffffd806d75be68,ffff80002126f940,ffff80002126f970,ffff80002126f870) at VOP_MKDIR+0xc3 domkdirat(ffff80002120faa8,ffffff9c,73ea998a8f20,1ff) at domkdirat+0x125 syscall(ffff80002126faf0) at syscall+0x5e2 end trace frame: 0xffff80002126fb70, count: 0 ddb{0}> trace x86_ipi_db(ffffffff82c05ff0) at x86_ipi_db+0x1e x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82ca0020) at __mp_lock+0x122 __mp_acquire_count(ffffffff82ca0020,1) at __mp_acquire_count+0x48 mi_switch() at mi_switch+0x46b sleep_finish(0,1) at sleep_finish+0x19b biowait(fffffd806f4eeb50) at biowait+0x91 bwrite(fffffd806f4eeb50) at bwrite+0x21c ffs_update(fffffd806d7cebb0,1) at ffs_update+0x281 ufs_mkdir(ffff80002126f7e0) at ufs_mkdir+0x672 VOP_MKDIR(fffffd806d75be68,ffff80002126f940,ffff80002126f970,ffff80002126f870) at VOP_MKDIR+0xc3 domkdirat(ffff80002120faa8,ffffff9c,73ea998a8f20,1ff) at domkdirat+0x125 syscall(ffff80002126faf0) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73ea998a8f80, count: -15 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x1c: addq $0x8,%rsp db_enter() at db_enter+0x1c panic(ffffffff827a3511) at panic+0x17b __assert(ffffffff82820737,ffffffff8283f743,2bb,ffffffff827a547f) at __assert+0x29 splraise(93b6a9e0) at splraise+0xb4 mtx_enter_try(fffffd806f2c8288) at mtx_enter_try+0x73 mtx_enter(fffffd806f2c8288) at mtx_enter+0x4f knote_remove(ffff80002122c570,fffffd806f2c8288,fffffd806f2c8310,3,0) at knote_remove+0x20d knote_fdclose(ffff80002122c570,3) at knote_fdclose+0xae fdfree(ffff80002122c570) at fdfree+0xdf exit1(ffff80002122c570,0,0,1) at exit1+0x3e4 sys_exit(ffff80002122c570,ffff800021291850,ffff8000212918a0) at sys_exit+0x1a syscall(ffff800021291920) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73ea998a8f10, count: 2 ddb{1}> trace db_enter() at db_enter+0x1c panic(ffffffff827a3511) at panic+0x17b __assert(ffffffff82820737,ffffffff8283f743,2bb,ffffffff827a547f) at __assert+0x29 splraise(93b6a9e0) at splraise+0xb4 mtx_enter_try(fffffd806f2c8288) at mtx_enter_try+0x73 mtx_enter(fffffd806f2c8288) at mtx_enter+0x4f knote_remove(ffff80002122c570,fffffd806f2c8288,fffffd806f2c8310,3,0) at knote_remove+0x20d knote_fdclose(ffff80002122c570,3) at knote_fdclose+0xae fdfree(ffff80002122c570) at fdfree+0xdf exit1(ffff80002122c570,0,0,1) at exit1+0x3e4 sys_exit(ffff80002122c570,ffff800021291850,ffff8000212918a0) at sys_exit+0x1a syscall(ffff800021291920) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73ea998a8f10, count: -13