kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Tue Aug 31 22:38:21 PDT 2021 OpenBSD/amd64 (ci-openbsd-multicore-0.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.226' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *350797 93200 0 0 0 0 syz-executor5708 db_enter() at db_enter+0x18 panic(ffffffff82464b8f) at panic+0x177 witness_checkorder(ffffffff82838c20,9,0) at witness_checkorder+0x11eb __mp_lock(ffffffff82838a18) at __mp_lock+0xa1 intr_handler(ffff80002123b720,ffff800000255d80) at intr_handler+0x5e Xintr_ioapic_edge20_untramp() at Xintr_ioapic_edge20_untramp+0x18f Xspllower() at Xspllower+0x19 mtx_enter_try(ffffffff829b8d10) at mtx_enter_try+0x100 mtx_enter(ffffffff829b8d10) at mtx_enter+0x4b pool_get(ffffffff829b8d10,9) at pool_get+0xbf vm_create(ffff800000b29000,ffff800021213500) at vm_create+0x261 vmmioctl(a00,c5005601,ffff800000b29000,1,ffff800021213500) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e41b830,c5005601,ffff800000b29000,1,fffffd807f7d8900,ffff800021213500) at VOP_IOCTL+0x9a vn_ioctl(fffffd806e4c2db8,c5005601,ffff800000b29000,ffff800021213500) at vn_ioctl+0xba end trace frame: 0xffff80002123bd20, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff82464b8f) at panic+0x177 witness_checkorder(ffffffff82838c20,9,0) at witness_checkorder+0x11eb __mp_lock(ffffffff82838a18) at __mp_lock+0xa1 intr_handler(ffff80002123b720,ffff800000255d80) at intr_handler+0x5e Xintr_ioapic_edge20_untramp() at Xintr_ioapic_edge20_untramp+0x18f Xspllower() at Xspllower+0x19 mtx_enter_try(ffffffff829b8d10) at mtx_enter_try+0x100 mtx_enter(ffffffff829b8d10) at mtx_enter+0x4b pool_get(ffffffff829b8d10,9) at pool_get+0xbf vm_create(ffff800000b29000,ffff800021213500) at vm_create+0x261 vmmioctl(a00,c5005601,ffff800000b29000,1,ffff800021213500) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e41b830,c5005601,ffff800000b29000,1,fffffd807f7d8900,ffff800021213500) at VOP_IOCTL+0x9a vn_ioctl(fffffd806e4c2db8,c5005601,ffff800000b29000,ffff800021213500) at vn_ioctl+0xba sys_ioctl(ffff800021213500,ffff80002123bd38,ffff80002123bd80) at sys_ioctl+0x4a2 syscall(ffff80002123be00) at syscall+0x5a9 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd87a0, count: -17 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002123b510 rbx 0xffffffff8280abff cpu_info_full_primary+0x2bff rdx 0x8b rcx 0x2 rax 0x68 r8 0xffffffff81a0be34 kprintf+0x144 r9 0x1 r10 0xe2bae300f5551ba7 r11 0x979000542e46d494 r12 0xffffffff8280aa00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff81e3e908 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002123b500 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor5708) pid=350797 stat=onproc flags process=0 proc=0 pri=56, usrpri=56, nice=20 forw=0xffffffffffffffff, list=0xffff8000212122a0,0xffffffff82913618 process=0xffff80002120ae20 user=0xffff800021236000, vmspace=0xfffffd806bbd2028 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *93200 350797 35068 0 7 0 syz-executor5708 43159 55915 51044 0 3 0x80 nanoslp syz-executor5708 35068 229901 51044 0 3 0x80 nanoslp syz-executor5708 51044 483874 68781 0 3 0x82 nanoslp syz-executor5708 68781 309628 17238 0 3 0x10008a sigsusp ksh 17238 391509 99945 0 3 0x9a select sshd 1848 164204 1 0 3 0x100083 ttyin getty 99945 268709 1 0 3 0x88 select sshd 39193 249718 6169 74 3 0x100092 bpf pflogd 6169 106377 1 0 3 0x80 netio pflogd 31490 6232 55724 73 3 0x100090 kqread syslogd 55724 266625 1 0 3 0x100082 netio syslogd 7386 429651 1 0 3 0x100080 kqread resolvd 49010 221337 75994 77 3 0x100092 kqread dhcpleased 85182 33553 75994 77 3 0x100092 kqread dhcpleased 75994 295958 1 0 3 0x80 kqread dhcpleased 82078 414715 0 0 3 0x14200 bored smr 48271 316617 0 0 3 0x14200 pgzero zerothread 34035 418101 0 0 3 0x14200 aiodoned aiodoned 1667 470223 0 0 3 0x14200 syncer update 60280 92505 0 0 3 0x14200 cleaner cleaner 64282 32826 0 0 3 0x14200 reaper reaper 71543 250854 0 0 3 0x14200 pgdaemon pagedaemon 29823 38153 0 0 3 0x14200 bored crynlk 62836 325568 0 0 3 0x14200 bored crypto 99025 326725 0 0 3 0x14200 bored viomb 40836 27955 0 0 3 0x40014200 acpi0 acpi0 26300 43644 0 0 7 0x40014200 idle1 75655 313151 0 0 3 0x14200 bored softnet 22605 89969 0 0 3 0x14200 bored systqmp 80064 516944 0 0 3 0x14200 bored systq 46200 453031 0 0 3 0x40014200 bored softclock 26766 341970 0 0 3 0x40014200 idle0 1 275806 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex vcpupl r = 0 (0xffffffff829b8d20) #0 witness_lock+0x4b0 #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 pool_get+0xbf #4 vm_create+0x261 #5 vmmioctl+0x1f2 #6 VOP_IOCTL+0x9a #7 vn_ioctl+0xba #8 sys_ioctl+0x4a2 #9 syscall+0x5a9 #10 Xsyscall+0x128 Process 93200 (syz-executor5708) thread 0xffff800021213500 (350797) exclusive rwlock vmlistlock r = 0 (0xffff800000655c78) #0 witness_lock+0x4b0 #1 vm_create+0x12e #2 vmmioctl+0x1f2 #3 VOP_IOCTL+0x9a #4 vn_ioctl+0xba #5 sys_ioctl+0x4a2 #6 syscall+0x5a9 #7 Xsyscall+0x128 exclusive mutex vcpupl r = 0 (0xffffffff829b8d20) #0 witness_lock+0x4b0 #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b #3 pool_get+0xbf #4 vm_create+0x261 #5 vmmioctl+0x1f2 #6 VOP_IOCTL+0x9a #7 vn_ioctl+0xba #8 sys_ioctl+0x4a2 #9 syscall+0x5a9 #10 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10111 6416K 6417K 78643K 11201 0 pcb 13 8K 8K 78643K 13 0 rtable 62 2K 2K 78643K 112 0 ifaddr 29 8K 8K 78643K 30 0 counters 40 33K 33K 78643K 40 0 ioctlops 1 2K 4K 78643K 1913 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 6 0 vnodes 1183 74K 75K 78643K 1188 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 1 0K 0K 78643K 1 0 proc 67 87K 87K 78643K 278 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 2K 78643K 347 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 961 7056K 7056K 78643K 3040 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 4 0K 0K 78643K 4 0 temp 23 4193K 4257K 78643K 2829 0 kqueue 9 12K 12K 78643K 9 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 17 0 14 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 120 35 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 304 32 0 26 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 9 0 2 1 0 1 1 0 8 0 pfstkey 112 9 0 2 1 0 1 1 0 8 0 pfstate 320 9 0 2 1 0 1 1 0 8 0 pfrule 1360 21 0 15 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1849 0 455 88 0 88 88 0 8 0 ffsino 272 1849 0 455 93 0 93 93 0 8 0 nchpl 144 2458 0 906 58 0 58 58 0 8 0 uvmvnodes 72 1859 0 0 34 0 34 34 0 8 0 vnodes 224 1859 0 0 110 0 110 110 0 8 0 namei 1024 6318 0 6318 2 1 1 1 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 vcpupl 2048 433 0 0 55 0 55 55 0 8 0 vmpool 560 434 0 0 31 0 31 31 0 8 0 scxspl 216 6298 0 6298 10 9 1 8 0 8 1 plimitpl 152 16 0 9 1 0 1 1 0 8 0 sigapl 424 691 0 657 5 0 5 5 0 8 0 knotepl 112 23 0 0 1 0 1 1 0 8 0 kqueuepl 216 438 0 433 1 0 1 1 0 8 0 pipepl 336 69 0 66 2 1 1 1 0 8 0 fdescpl 496 675 0 657 3 0 3 3 0 8 0 filepl 152 2383 0 2324 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 69 0 57 1 0 1 1 0 8 0 zombiepl 144 657 0 656 2 1 1 1 0 8 0 processpl 1072 691 0 656 3 0 3 3 0 8 0 procpl 672 691 0 656 4 0 4 4 0 8 0 sockpl 480 84 0 60 5 1 4 4 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 72 0 0 9 0 9 9 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 126 0 0 8 0 8 8 0 8 0 bufpl 280 2449 0 91 169 0 169 169 0 8 0 anonpl 24 35964 0 33008 21 3 18 18 0 186 0 amapchunkpl 152 3493 0 3331 8 1 7 8 0 158 0 amappl16 200 530 0 91 24 0 24 24 0 8 0 amappl13 176 18 0 17 2 1 1 1 0 8 0 amappl12 168 14 0 12 1 0 1 1 0 8 0 amappl11 160 43 0 29 1 0 1 1 0 8 0 amappl10 152 25 0 21 1 0 1 1 0 8 0 amappl9 144 231 0 228 1 0 1 1 0 8 0 amappl8 136 274 0 274 2 1 1 1 0 8 1 amappl7 128 52 0 45 1 0 1 1 0 8 0 amappl6 120 85 0 80 1 0 1 1 0 8 0 amappl5 112 173 0 154 1 0 1 1 0 8 0 amappl4 104 526 0 506 1 0 1 1 0 8 0 amappl3 96 478 0 475 1 0 1 1 0 8 0 amappl2 88 400 0 355 3 1 2 2 0 8 0 amappl1 80 9273 0 8890 11 2 9 9 0 8 0 amappl 88 2359 0 1852 12 0 12 12 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1109 0 657 3 0 3 3 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1109 0 657 3 0 3 3 0 8 0 vmmpekpl 168 6925 0 6908 1 0 1 1 0 8 0 vmmpepl 168 36749 0 34953 83 3 80 80 0 357 0 vmsppl 368 1108 0 657 42 0 42 42 0 8 0 rwobjpl 56 7833 0 6406 23 2 21 21 0 8 0 pdppl 4096 2226 0 1748 501 22 479 479 0 8 1 pvpl 32 131824 0 127313 43 5 38 38 0 265 1 pmappl 224 1108 0 657 27 0 27 27 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 818 0 26 23 0 23 23 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff82464b8f) at panic+0x177 witness_checkorder(ffffffff82838c20,9,0) at witness_checkorder+0x11eb __mp_lock(ffffffff82838a18) at __mp_lock+0xa1 intr_handler(ffff80002123b720,ffff800000255d80) at intr_handler+0x5e Xintr_ioapic_edge20_untramp() at Xintr_ioapic_edge20_untramp+0x18f Xspllower() at Xspllower+0x19 mtx_enter_try(ffffffff829b8d10) at mtx_enter_try+0x100 mtx_enter(ffffffff829b8d10) at mtx_enter+0x4b pool_get(ffffffff829b8d10,9) at pool_get+0xbf vm_create(ffff800000b29000,ffff800021213500) at vm_create+0x261 vmmioctl(a00,c5005601,ffff800000b29000,1,ffff800021213500) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e41b830,c5005601,ffff800000b29000,1,fffffd807f7d8900,ffff800021213500) at VOP_IOCTL+0x9a vn_ioctl(fffffd806e4c2db8,c5005601,ffff800000b29000,ffff800021213500) at vn_ioctl+0xba sys_ioctl(ffff800021213500,ffff80002123bd38,ffff80002123bd80) at sys_ioctl+0x4a2 syscall(ffff80002123be00) at syscall+0x5a9 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd87a0, count: -17 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x2eb sched_idle(ffff800020d38ff0) at sched_idle+0x417 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x2eb sched_idle(ffff800020d38ff0) at sched_idle+0x417 end trace frame: 0x0, count: -5 ddb{1}>