kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Tue Aug 31 21:18:46 PDT 2021 OpenBSD/amd64 (ci-openbsd-multicore-7.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.211' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *372396 4791 0 0 0 0 syz-executor2143 517559 90868 0 0x12 0x48 1K sshd db_enter() at db_enter+0x18 panic(ffffffff82464b8f) at panic+0x177 witness_checkorder(ffffffff82838c20,9,0) at witness_checkorder+0x11eb __mp_lock(ffffffff82838a18) at __mp_lock+0xa1 intr_handler(ffff80002123b690,ffff80000006a400) at intr_handler+0x5e Xintr_ioapic_edge17_untramp() at Xintr_ioapic_edge17_untramp+0x18f __sanitizer_cov_trace_cmp4(fffffd806c3b5758,160) at __sanitizer_cov_trace_cmp4+0xc pool_do_get(ffffffff829e4270,9,ffff80002123b8b8) at pool_do_get+0x1b4 pool_get(ffffffff829e4270,9) at pool_get+0xeb uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x3d vm_impl_init_vmx(ffff8000212d5ac8,ffff800021192008) at vm_impl_init_vmx+0x71 vm_create(ffff800000b29800,ffff800021192008) at vm_create+0x19b vmmioctl(a00,c5005601,ffff800000b29800,1,ffff800021192008) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e0cf830,c5005601,ffff800000b29800,1,fffffd807f7d8960,ffff800021192008) at VOP_IOCTL+0x9a end trace frame: 0xffff80002123bc30, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff82464b8f) at panic+0x177 witness_checkorder(ffffffff82838c20,9,0) at witness_checkorder+0x11eb __mp_lock(ffffffff82838a18) at __mp_lock+0xa1 intr_handler(ffff80002123b690,ffff80000006a400) at intr_handler+0x5e Xintr_ioapic_edge17_untramp() at Xintr_ioapic_edge17_untramp+0x18f __sanitizer_cov_trace_cmp4(fffffd806c3b5758,160) at __sanitizer_cov_trace_cmp4+0xc pool_do_get(ffffffff829e4270,9,ffff80002123b8b8) at pool_do_get+0x1b4 pool_get(ffffffff829e4270,9) at pool_get+0xeb uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x3d vm_impl_init_vmx(ffff8000212d5ac8,ffff800021192008) at vm_impl_init_vmx+0x71 vm_create(ffff800000b29800,ffff800021192008) at vm_create+0x19b vmmioctl(a00,c5005601,ffff800000b29800,1,ffff800021192008) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e0cf830,c5005601,ffff800000b29800,1,fffffd807f7d8960,ffff800021192008) at VOP_IOCTL+0x9a vn_ioctl(fffffd806e4a5990,c5005601,ffff800000b29800,ffff800021192008) at vn_ioctl+0xba sys_ioctl(ffff800021192008,ffff80002123bd58,ffff80002123bda0) at sys_ioctl+0x4a2 syscall(ffff80002123be20) at syscall+0x5a9 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc3f00, count: -18 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002123b480 rbx 0xffffffff8280abff cpu_info_full_primary+0x2bff rdx 0x8b rcx 0x2 rax 0x68 r8 0xffffffff81a0be34 kprintf+0x144 r9 0x1 r10 0xe56b4943a89fecef r11 0x4ff3a2c36bd3f15a r12 0xffffffff8280aa00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff81e3e908 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002123b470 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor2143) pid=372396 stat=onproc flags process=0 proc=0 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff6a90,0xffffffff82913618 process=0xffff80002120b250 user=0xffff800021236000, vmspace=0xfffffd806c3b5d08 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND * 4791 372396 16594 0 7 0 syz-executor2143 44313 505314 64815 0 3 0 biowait syz-executor2143 16594 269406 64815 0 3 0x80 nanoslp syz-executor2143 64815 390446 32793 0 3 0x82 nanoslp syz-executor2143 32793 14648 90868 0 3 0x10008a sigsusp ksh 90868 517559 4763 0 7 0x5a sshd 88698 237634 1 0 3 0x100083 ttyin getty 4763 370372 1 0 3 0x88 select sshd 15463 332874 52863 74 3 0x100092 bpf pflogd 52863 70218 1 0 3 0x80 netio pflogd 89568 204639 34257 73 3 0x100090 kqread syslogd 34257 204451 1 0 3 0x100082 netio syslogd 13346 337057 1 0 3 0x100080 kqread resolvd 78109 349465 76381 77 3 0x100092 kqread dhcpleased 59475 463935 76381 77 3 0x100092 kqread dhcpleased 76381 326443 1 0 3 0x80 kqread dhcpleased 99065 369610 0 0 3 0x14200 bored smr 43250 172079 0 0 3 0x14200 pgzero zerothread 81356 354552 0 0 3 0x14200 aiodoned aiodoned 47499 490551 0 0 3 0x14200 syncer update 95803 472253 0 0 3 0x14200 cleaner cleaner 32226 73724 0 0 3 0x14200 reaper reaper 20546 517544 0 0 3 0x14200 pgdaemon pagedaemon 864 411692 0 0 3 0x14200 bored crynlk 10186 381793 0 0 3 0x14200 bored crypto 94208 280366 0 0 3 0x14200 bored viomb 71571 491758 0 0 3 0x40014200 acpi0 acpi0 66030 243436 0 0 3 0x40014200 idle1 81646 55299 0 0 2 0x14200 softnet 22604 280978 0 0 3 0x14200 bored systqmp 70479 59618 0 0 3 0x14200 bored systq 14410 61659 0 0 3 0x40014200 bored softclock 72643 221754 0 0 3 0x40014200 idle0 1 324807 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex vmsppl r = 0 (0xffffffff829e4280) #0 witness_lock+0x4b0 #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 pool_get+0xbf #4 uvmspace_alloc+0x3d #5 vm_impl_init_vmx+0x71 #6 vm_create+0x19b #7 vmmioctl+0x1f2 #8 VOP_IOCTL+0x9a #9 vn_ioctl+0xba #10 sys_ioctl+0x4a2 #11 syscall+0x5a9 #12 Xsyscall+0x128 Process 4791 (syz-executor2143) thread 0xffff800021192008 (372396) exclusive rwlock vmlistlock r = 0 (0xffff800000655c78) #0 witness_lock+0x4b0 #1 vm_create+0x12e #2 vmmioctl+0x1f2 #3 VOP_IOCTL+0x9a #4 vn_ioctl+0xba #5 sys_ioctl+0x4a2 #6 syscall+0x5a9 #7 Xsyscall+0x128 exclusive mutex vmsppl r = 0 (0xffffffff829e4280) #0 witness_lock+0x4b0 #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 pool_get+0xbf #4 uvmspace_alloc+0x3d #5 vm_impl_init_vmx+0x71 #6 vm_create+0x19b #7 vmmioctl+0x1f2 #8 VOP_IOCTL+0x9a #9 vn_ioctl+0xba #10 sys_ioctl+0x4a2 #11 syscall+0x5a9 #12 Xsyscall+0x128 Process 44313 (syz-executor2143) thread 0xffff8000ffff6a90 (505314) exclusive rrwlock inode r = 0 (0xfffffd806fc6bd68) #0 witness_lock+0x4b0 #1 rw_enter+0x3e2 #2 rrw_enter+0x8b #3 ufs_ihashins+0x45 #4 ffs_vget+0x141 #5 ffs_inode_alloc+0x1c3 #6 ufs_mkdir+0xf4 #7 VOP_MKDIR+0xc6 #8 domkdirat+0x121 #9 syscall+0x5a9 #10 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806fc6b4e8) #0 witness_lock+0x4b0 #1 rw_enter+0x3e2 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vfs_lookup+0xdd #6 namei+0x55a #7 domkdirat+0x75 #8 syscall+0x5a9 #9 Xsyscall+0x128 Process 90868 (sshd) thread 0xffff8000ffff6fd0 (517559) exclusive rwlock netlock r = 0 (0xffffffff827cea90) #0 witness_lock+0x4b0 #1 solock+0x86 #2 sosend+0x547 #3 dofilewritev+0x1a3 #4 sys_write+0x83 #5 syscall+0x5a9 #6 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10111 6416K 6417K 78643K 11201 0 pcb 13 8K 8K 78643K 13 0 rtable 62 2K 2K 78643K 112 0 ifaddr 29 8K 8K 78643K 30 0 counters 40 33K 33K 78643K 40 0 ioctlops 1 2K 4K 78643K 1730 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 6 0 vnodes 1183 74K 75K 78643K 1188 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 1 0K 0K 78643K 1 0 proc 67 87K 87K 78643K 278 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 2K 78643K 347 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 842 4082K 4082K 78643K 2741 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 4 0K 0K 78643K 4 0 temp 23 4193K 4257K 78643K 2463 0 kqueue 9 12K 12K 78643K 9 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 17 0 14 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 120 35 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 304 32 0 26 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 8 0 2 1 0 1 1 0 8 0 pfstkey 112 8 0 2 1 0 1 1 0 8 0 pfstate 320 8 0 2 1 0 1 1 0 8 0 pfrule 1360 21 0 15 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1667 0 273 88 0 88 88 0 8 0 ffsino 272 1667 0 273 93 0 93 93 0 8 0 nchpl 144 2093 0 542 58 0 58 58 0 8 0 uvmvnodes 72 1677 0 0 31 0 31 31 0 8 0 vnodes 224 1677 0 0 99 0 99 99 0 8 0 namei 1024 5406 0 5405 2 1 1 1 0 8 0 percpumem 16 32 0 0 1 0 1 1 0 8 0 vcpupl 2048 250 0 0 32 0 32 32 0 8 0 vmpool 560 251 0 0 18 0 18 18 0 8 0 scxspl 216 5198 0 5197 10 6 4 8 0 8 3 plimitpl 152 16 0 9 1 0 1 1 0 8 0 sigapl 424 508 0 474 4 0 4 4 0 8 0 knotepl 112 23 0 0 1 0 1 1 0 8 0 kqueuepl 216 5 0 0 1 0 1 1 0 8 0 pipepl 336 69 0 66 2 1 1 1 0 8 0 fdescpl 496 492 0 474 3 0 3 3 0 8 0 filepl 152 1585 0 1526 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 69 0 57 1 0 1 1 0 8 0 zombiepl 144 474 0 474 2 1 1 1 0 8 1 processpl 1072 508 0 474 3 0 3 3 0 8 0 procpl 672 508 0 474 3 0 3 3 0 8 0 sockpl 480 84 0 60 5 1 4 4 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 72 0 0 9 0 9 9 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 127 0 0 8 0 8 8 0 8 0 bufpl 280 2267 0 92 156 0 156 156 0 8 0 anonpl 24 34766 0 32240 19 3 16 17 0 186 0 amapchunkpl 152 3318 0 3155 9 2 7 8 0 158 0 amappl16 200 347 0 91 14 0 14 14 0 8 0 amappl13 176 18 0 17 2 1 1 1 0 8 0 amappl12 168 17 0 17 2 2 0 1 0 8 0 amappl11 160 48 0 34 1 0 1 1 0 8 0 amappl10 152 24 0 20 1 0 1 1 0 8 0 amappl9 144 228 0 225 1 0 1 1 0 8 0 amappl8 136 274 0 274 2 1 1 1 0 8 1 amappl7 128 51 0 44 1 0 1 1 0 8 0 amappl6 120 86 0 81 1 0 1 1 0 8 0 amappl5 112 167 0 148 1 0 1 1 0 8 0 amappl4 104 527 0 507 1 0 1 1 0 8 0 amappl3 96 296 0 293 1 0 1 1 0 8 0 amappl2 88 399 0 354 3 1 2 2 0 8 0 amappl1 80 8540 0 8150 11 2 9 9 0 8 0 amappl 88 1994 0 1670 8 0 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 742 0 474 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 742 0 474 2 0 2 2 0 8 0 vmmpekpl 168 6580 0 6562 1 0 1 1 0 8 0 vmmpepl 168 30551 0 29128 66 4 62 62 0 357 0 vmsppl 368 741 0 474 25 0 25 25 0 8 0 pool(0xffffffff829e4270:vmsppl): page inconsistency: page 0xfffffd806c3b5000; 6 on list, 4 missing, 11 items per page rwobjpl 56 7462 0 6396 18 2 16 16 0 8 0 pdppl 4096 1492 0 1198 313 18 295 295 0 8 1 pvpl 32 123328 0 118815 44 6 38 38 0 265 1 pmappl 224 741 0 474 16 0 16 16 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 590 0 22 17 0 17 17 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff82464b8f) at panic+0x177 witness_checkorder(ffffffff82838c20,9,0) at witness_checkorder+0x11eb __mp_lock(ffffffff82838a18) at __mp_lock+0xa1 intr_handler(ffff80002123b690,ffff80000006a400) at intr_handler+0x5e Xintr_ioapic_edge17_untramp() at Xintr_ioapic_edge17_untramp+0x18f __sanitizer_cov_trace_cmp4(fffffd806c3b5758,160) at __sanitizer_cov_trace_cmp4+0xc pool_do_get(ffffffff829e4270,9,ffff80002123b8b8) at pool_do_get+0x1b4 pool_get(ffffffff829e4270,9) at pool_get+0xeb uvmspace_alloc(0,200000,1,0) at uvmspace_alloc+0x3d vm_impl_init_vmx(ffff8000212d5ac8,ffff800021192008) at vm_impl_init_vmx+0x71 vm_create(ffff800000b29800,ffff800021192008) at vm_create+0x19b vmmioctl(a00,c5005601,ffff800000b29800,1,ffff800021192008) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e0cf830,c5005601,ffff800000b29800,1,fffffd807f7d8960,ffff800021192008) at VOP_IOCTL+0x9a vn_ioctl(fffffd806e4a5990,c5005601,ffff800000b29800,ffff800021192008) at vn_ioctl+0xba sys_ioctl(ffff800021192008,ffff80002123bd58,ffff80002123bda0) at sys_ioctl+0x4a2 syscall(ffff80002123be20) at syscall+0x5a9 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc3f00, count: -18 ddb{0}> machine ddbcpu 1