kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu Jun 10 19:59:34 PDT 2021 OpenBSD/amd64 (ci-openbsd-setuid-0.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: mutex 0xfffffd806e997a20 not held in knote_dequeue Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *268781 57485 0 0 0x4000000 1K syz-executor9499 157925 29810 0 0 0x4000000 0 syz-executor9499 db_enter() at db_enter+0x18 panic(ffffffff8246025e) at panic+0x177 knote_dequeue(fffffd806e89d1c0) at knote_dequeue+0x12b filt_timermodify(ffff800021258310,fffffd806e89d1c0) at filt_timermodify+0x6f kqueue_register(fffffd806e997a20,ffff800021258310,ffff8000211b2008) at kqueue_register+0xa89 sys_kevent(ffff8000211b2008,ffff8000212585a8,ffff8000212585f0) at sys_kevent+0x214 syscall(ffff800021258670) at syscall+0x5bf Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x21341784790, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: mutex 0xfffffd806e997a20 not held in knote_dequeue ddb{1}> trace db_enter() at db_enter+0x18 panic(ffffffff8246025e) at panic+0x177 knote_dequeue(fffffd806e89d1c0) at knote_dequeue+0x12b filt_timermodify(ffff800021258310,fffffd806e89d1c0) at filt_timermodify+0x6f kqueue_register(fffffd806e997a20,ffff800021258310,ffff8000211b2008) at kqueue_register+0xa89 sys_kevent(ffff8000211b2008,ffff8000212585a8,ffff8000212585f0) at sys_kevent+0x214 syscall(ffff800021258670) at syscall+0x5bf Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x21341784790, count: -8 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff8000212580e0 rbx 0xffff800020d59bf7 rdx 0x8b rcx 0x2 rax 0x3a r8 0xffffffff81bb3f14 kprintf+0x144 r9 0x1 r10 0xabb57340811bfb93 r11 0xcfc86882c5cf7c70 r12 0xffff800020d599f8 r13 0 r14 0 r15 0x1 rip 0xffffffff81b43698 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000212580d0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor9499) pid=268781 stat=onproc flags process=0 proc=4000000 pri=65, usrpri=65, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff6fd0,0xffff8000211b2a98 process=0xffff8000ffff3b28 user=0xffff800021253000, vmspace=0xfffffd806e9e0738 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 57485 19719 88605 0 3 0x80 nanoslp syz-executor9499 *57485 268781 88605 0 7 0x4000000 syz-executor9499 57485 352812 88605 0 2 0x4000000 syz-executor9499 57485 155039 88605 0 3 0x4000080 fsleep syz-executor9499 29810 172132 56941 0 2 0 syz-executor9499 29810 157925 56941 0 7 0x4000000 syz-executor9499 29810 93434 56941 0 3 0x4000080 fsleep syz-executor9499 88605 428568 40307 0 3 0x80 nanoslp syz-executor9499 56941 353292 40307 0 3 0x80 nanoslp syz-executor9499 40307 462644 13500 0 3 0x82 nanoslp syz-executor9499 13500 415989 64279 0 3 0x10008a sigsusp ksh 64279 346120 78589 0 3 0x92 select sshd 91301 378746 1 0 3 0x100083 ttyin getty 78589 203304 1 0 3 0x80 select sshd 58918 449291 62222 73 3 0x100090 kqread syslogd 62222 192181 1 0 3 0x100082 netio syslogd 20555 89564 1 77 3 0x100090 poll dhclient 96325 142872 1 0 3 0x80 poll dhclient 34975 378940 0 0 3 0x14200 bored smr 48676 381652 0 0 2 0x14200 zerothread 89504 360236 0 0 3 0x14200 aiodoned aiodoned 5100 507428 0 0 3 0x14200 syncer update 74563 131489 0 0 3 0x14200 cleaner cleaner 56845 121819 0 0 3 0x14200 reaper reaper 76479 470326 0 0 3 0x14200 pgdaemon pagedaemon 67431 282280 0 0 3 0x14200 bored crynlk 13852 492456 0 0 3 0x14200 bored crypto 88453 423784 0 0 3 0x14200 bored viomb 83642 442629 0 0 3 0x40014200 acpi0 acpi0 21810 211380 0 0 3 0x40014200 idle1 33119 179573 0 0 3 0x14200 bored softnet 23116 317794 0 0 3 0x14200 bored systqmp 47643 298169 0 0 3 0x14200 bored systq 72253 185856 0 0 3 0x40014200 bored softclock 19998 297588 0 0 3 0x40014200 idle0 1 172822 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 57485 (syz-executor9499) thread 0xffff8000211b2008 (268781) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff8294f968) #0 witness_lock+0x4b0 #1 syscall+0x439 #2 Xsyscall+0x128 Process 29810 (syz-executor9499) thread 0xffff8000ffff6fd0 (157925) exclusive rwlock amaplk r = 0 (0xfffffd806d9b0830) #0 witness_lock+0x4b0 #1 uvm_fault_check+0x3de #2 uvm_fault+0x102 #3 upageflttrap+0x82 #4 usertrap+0x21a #5 recall_trap+0x8 shared rwlock vmmaplk r = 0 (0xfffffd806e9e0470) #0 witness_lock+0x4b0 #1 uvmfault_lookup+0xd9 #2 uvm_fault_check+0x3a #3 uvm_fault+0x102 #4 upageflttrap+0x82 #5 usertrap+0x21a #6 recall_trap+0x8 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10106 6409K 6410K 78643K 11196 0 pcb 13 8K 8K 78643K 13 0 rtable 61 2K 2K 78643K 111 0 ifaddr 24 7K 7K 78643K 24 0 counters 40 33K 33K 78643K 40 0 ioctlops 0 0K 2K 78643K 13 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 1 0 vnodes 1182 74K 74K 78643K 1187 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 1 0K 0K 78643K 1 0 proc 47 50K 58K 78643K 274 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 2K 78643K 257 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 87 3K 4K 78643K 10142 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 3 0K 0K 78643K 3 0 temp 18 3973K 4037K 78643K 1431 0 kqueue 4 3K 5K 78643K 2296 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}>