Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program panic: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/setuid/kernel/sys/arch/amd64/amd64/intr.c", line 699 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 182293 10578 0 0 0 0 syz-executor4141521370 db_enter() at db_enter+0x1c panic(ffffffff8279eeb4) at panic+0x17b __assert(ffffffff82820513,ffffffff8283fa89,2bb,ffffffff827a57e4) at __assert+0x29 splraise(ac5bab41) at splraise+0xb4 mtx_enter_try(fffffd806f1fc288) at mtx_enter_try+0x73 mtx_enter(fffffd806f1fc288) at mtx_enter+0x4f knote_remove(ffff8000211feac0,fffffd806f1fc288,fffffd806f1fc310,4,0) at knote_remove+0x20d knote_fdclose(ffff8000211feac0,4) at knote_fdclose+0xae fdfree(ffff8000211feac0) at fdfree+0xdf exit1(ffff8000211feac0,0,0,1) at exit1+0x3ff sys_exit(ffff8000211feac0,ffff8000212a5780,ffff8000212a57d0) at sys_exit+0x1a syscall(ffff8000212a5850) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7624cd69c750, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/setuid/kernel/sys/arch/amd64/amd64/intr.c", line 699 ddb{1}> trace db_enter() at db_enter+0x1c panic(ffffffff8279eeb4) at panic+0x17b __assert(ffffffff82820513,ffffffff8283fa89,2bb,ffffffff827a57e4) at __assert+0x29 splraise(ac5bab41) at splraise+0xb4 mtx_enter_try(fffffd806f1fc288) at mtx_enter_try+0x73 mtx_enter(fffffd806f1fc288) at mtx_enter+0x4f knote_remove(ffff8000211feac0,fffffd806f1fc288,fffffd806f1fc310,4,0) at knote_remove+0x20d knote_fdclose(ffff8000211feac0,4) at knote_fdclose+0xae fdfree(ffff8000211feac0) at fdfree+0xdf exit1(ffff8000211feac0,0,0,1) at exit1+0x3ff sys_exit(ffff8000211feac0,ffff8000212a5780,ffff8000212a57d0) at sys_exit+0x1a syscall(ffff8000212a5850) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7624cd69c750, count: -13 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff8000212a53c0 rbx 0xffff800020d59b9f rdx 0x3fd rcx 0 rax 0x8f r8 0x101010101010101 r9 0x8080808080808080 r10 0xdf642cbbb25114f r11 0x852b9d67971f15b4 r12 0xffff800020d599a0 r13 0 r14 0 r15 0x1 rip 0xffffffff8266b7ec db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000212a53b0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor4141521370) pid=422802 stat=onproc flags process=1008 proc=2000 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000211fe818,0xffff8000211ff2c8 process=0xffff8000212af258 user=0xffff8000212a0000, vmspace=0xfffffd806cade3c0 estcpu=4, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 10578 182293 46909 0 7 0 syz-executor4141521370 75120 340984 88444 0 2 0 syz-executor4141521370 75120 308016 88444 0 3 0x4000080 fsleep syz-executor4141521370 86004 372770 21932 0 2 0 syz-executor4141521370 86004 519950 21932 0 2 0x4000000 syz-executor4141521370 15726 228794 76702 0 2 0 syz-executor4141521370 15726 471518 76702 0 3 0x4000080 fsleep syz-executor4141521370 46909 78774 95019 0 3 0x80 nanoslp syz-executor4141521370 67424 121750 95019 0 3 0 biowait syz-executor4141521370 88444 158371 95019 0 3 0x80 nanoslp syz-executor4141521370 15872 354509 95019 0 3 0x80 nanoslp syz-executor4141521370 97557 149034 95019 0 3 0 biowait syz-executor4141521370 21932 423990 95019 0 3 0x80 nanoslp syz-executor4141521370 54771 505354 95019 0 3 0x80 nanoslp syz-executor4141521370 76702 373865 95019 0 3 0x80 nanoslp syz-executor4141521370 95019 308537 5490 0 3 0x82 nanoslp syz-executor4141521370 5490 482790 261 0 3 0x10008a sigsusp ksh 261 200779 44034 0 3 0x9a kqread sshd 455 204963 1 0 3 0x100083 ttyin getty 44034 386393 1 0 3 0x88 kqread sshd 65747 143401 65387 73 3 0x1100090 kqread syslogd 65387 477295 1 0 3 0x100082 netio syslogd 89295 490000 1 0 3 0x100080 kqread resolvd 10374 7899 29961 77 3 0x100092 kqread dhcpleased 316 151530 29961 77 3 0x100092 kqread dhcpleased 29961 189633 1 0 3 0x80 kqread dhcpleased 18866 103882 0 0 3 0x14200 bored smr 88309 491647 0 0 2 0x14200 zerothread 12396 123195 0 0 3 0x14200 aiodoned aiodoned 91088 316165 0 0 3 0x14200 syncer update 24413 411271 0 0 3 0x14200 cleaner cleaner 3744 80186 0 0 2 0x14200 reaper 27565 361601 0 0 3 0x14200 pgdaemon pagedaemon 24879 262315 0 0 3 0x14200 bored viomb 15306 386643 0 0 3 0x40014200 acpi0 acpi0 63076 52336 0 0 3 0x40014200 idle1 33937 137807 0 0 3 0x14200 bored softnet3 60206 331706 0 0 3 0x14200 bored softnet2 28018 342342 0 0 3 0x14200 bored softnet1 84043 115739 0 0 3 0x14200 bored softnet0 68363 470768 0 0 3 0x14200 bored systqmp 36097 418934 0 0 3 0x14200 bored systq 62471 29573 0 0 3 0x40014200 bored softclock 38356 168104 0 0 3 0x40014200 idle0 1 370673 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 10578 (syz-executor4141521370) thread 0xffff8000211ffd58 (182293) shared rwlock vmmaplk r = 0 (0xfffffd806cade118) #0 witness_lock+0x447 #1 uvmfault_lookup+0xd9 #2 uvm_fault_check+0x3e #3 uvm_fault+0xf2 #4 upageflttrap+0x86 #5 usertrap+0x226 #6 recall_trap+0x8 Process 67424 (syz-executor4141521370) thread 0xffff80002120dd50 (121750) exclusive rrwlock inode r = 0 (0xfffffd806d3a3c48) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 ufs_ihashins+0x46 #5 ffs_vget+0x141 #6 ffs_inode_alloc+0x1c2 #7 ufs_mkdir+0xf8 #8 VOP_MKDIR+0xc3 #9 domkdirat+0x125 #10 syscall+0x5e2 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d8445f8) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 vn_lock+0x84 #5 vfs_lookup+0xd5 #6 namei+0x55a #7 domkdirat+0x79 #8 syscall+0x5e2 #9 Xsyscall+0x128 Process 97557 (syz-executor4141521370) thread 0xffff8000211ee010 (149034) exclusive rrwlock inode r = 0 (0xfffffd806d3a3e68) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 vn_lock+0x84 #5 vget+0x200 #6 ufs_ihashget+0x121 #7 ffs_vget+0x7c #8 ufs_lookup+0x13ba #9 VOP_LOOKUP+0x5c #10 vfs_lookup+0x6e2 #11 namei+0x55a #12 dounlinkat+0x9d #13 syscall+0x5e2 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d8441b8) #0 witness_lock+0x447 #1 rw_enter+0x3c8 #2 rrw_enter+0x8c #3 VOP_LOCK+0x8b #4 vn_lock+0x84 #5 vfs_lookup+0xd5 #6 namei+0x55a #7 dounlinkat+0x9d #8 syscall+0x5e2 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10156 6389K 6420K 78643K 11234 0 pcb 13 8K 8K 78643K 13 0 rtable 58 1K 2K 78643K 110 0 pf 12 6K 6K 78643K 12 0 ifaddr 12 9K 9K 78643K 12 0 ifgroup 17 1K 1K 78643K 17 0 counters 44 33K 33K 78643K 44 0 ioctlops 0 0K 2K 78643K 21 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1174 73K 74K 78643K 1187 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 55 78K 79K 78643K 246 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 1K 78643K 243 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 134 6K 7K 78643K 2770 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 3 0K 0K 78643K 3 0 temp 1 5904K 5968K 78643K 3007 0 kqueue 12 18K 24K 78643K 110 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 20 0 17 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 144 33 0 20 1 0 1 1 0 8 0 syncache 304 5 0 5 2 1 1 1 0 8 1 tcpqe 32 202 0 202 1 1 0 1 0 8 0 tcpcb 808 8 0 5 1 0 1 1 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 368 286 0 273 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1520 0 119 88 0 88 88 0 8 0 ffsino 272 1520 0 119 94 0 94 94 0 8 0 nchpl 144 1792 0 221 59 0 59 59 0 8 0 uvmvnodes 80 1529 0 0 32 0 32 32 0 8 0 vnodes 216 1529 0 0 85 0 85 85 0 8 0 namei 1024 4624 0 4623 3 1 2 2 0 8 1 percpumem 16 35 0 0 1 0 1 1 0 8 0 kstatmem 264 6 0 0 1 0 1 1 0 8 0 scxspl 216 5678 0 5676 11 9 2 8 1 8 1 plimitpl 152 16 0 10 1 0 1 1 0 8 0 sigapl 424 406 0 362 6 0 6 6 0 8 0 futexpl 64 539 0 537 1 0 1 1 0 8 0 knotepl 120 48 0 0 2 0 2 2 0 8 0 kqueuepl 216 106 0 98 1 0 1 1 0 8 0 pipepl 320 87 0 84 2 1 1 1 0 8 0 fdescpl 496 389 0 363 5 1 4 4 0 8 0 filepl 152 1469 0 1409 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 104 66 0 56 1 0 1 1 0 8 0 zombiepl 144 364 0 362 2 1 1 1 0 8 0 processpl 1072 406 0 362 4 0 4 4 0 8 0 procpl 680 494 0 446 5 0 5 5 0 8 0 sockpl 488 339 0 310 5 0 5 5 0 8 1 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 248 0 0 31 0 31 31 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 257 0 0 17 1 16 17 0 8 0 bufpl 288 2606 0 84 181 0 181 181 0 8 0 anonpl 24 184301 0 182162 28 14 14 24 0 186 0 amapchunkpl 152 9750 0 9479 14 1 13 13 0 158 1 amappl16 200 5437 0 5427 6 5 1 5 0 8 0 amappl15 192 12 0 12 1 1 0 1 0 8 0 amappl14 184 104 0 95 1 0 1 1 0 8 0 amappl13 176 10 0 10 1 1 0 1 0 8 0 amappl12 168 885 0 861 2 0 2 2 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 14 0 14 2 1 1 1 0 8 1 amappl9 144 179 0 178 1 0 1 1 0 8 0 amappl8 136 31 0 29 1 0 1 1 0 8 0 amappl7 128 114 0 100 1 0 1 1 0 8 0 amappl6 120 141 0 128 1 0 1 1 0 8 0 amappl5 112 104 0 96 1 0 1 1 0 8 0 amappl4 104 412 0 383 1 0 1 1 0 8 0 amappl3 96 2649 0 2593 2 0 2 2 0 8 0 amappl2 88 557 0 509 3 1 2 2 0 8 0 amappl1 80 9386 0 8924 15 4 11 11 0 8 0 amappl 88 2501 0 2406 3 0 3 3 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 389 0 363 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 389 0 363 1 0 1 1 0 8 0 vmmpekpl 168 7158 0 7136 2 0 2 2 0 8 0 vmmpepl 168 37238 0 35972 68 8 60 60 0 357 3 vmsppl 464 388 0 363 5 1 4 4 0 8 0 rwobjpl 56 19623 0 17398 33 1 32 32 0 8 0 pdppl 4096 786 0 726 88 22 66 66 0 8 6 pvpl 32 284758 0 279698 64 21 43 52 0 265 1 pmappl 248 388 0 363 3 1 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 526 0 26 15 0 15 15 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffffffff82bffff0) at x86_ipi_db+0x1e x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82cd6528) at __mp_lock+0x122 intr_handler(ffff8000212b5430,ffff80000067b200) at intr_handler+0x62 Xintr_ioapic_edge25_untramp() at Xintr_ioapic_edge25_untramp+0x18f __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x3a syscall(ffff8000212b5610) at syscall+0x5cd Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7624cd69c7c0, count: 6 ddb{0}> trace x86_ipi_db(ffffffff82bffff0) at x86_ipi_db+0x1e x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82cd6528) at __mp_lock+0x122 intr_handler(ffff8000212b5430,ffff80000067b200) at intr_handler+0x62 Xintr_ioapic_edge25_untramp() at Xintr_ioapic_edge25_untramp+0x18f __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x3a syscall(ffff8000212b5610) at syscall+0x5cd Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7624cd69c7c0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x1c: addq $0x8,%rsp db_enter() at db_enter+0x1c panic(ffffffff8279eeb4) at panic+0x17b __assert(ffffffff82820513,ffffffff8283fa89,2bb,ffffffff827a57e4) at __assert+0x29 splraise(ac5bab41) at splraise+0xb4 mtx_enter_try(fffffd806f1fc288) at mtx_enter_try+0x73 mtx_enter(fffffd806f1fc288) at mtx_enter+0x4f knote_remove(ffff8000211feac0,fffffd806f1fc288,fffffd806f1fc310,4,0) at knote_remove+0x20d knote_fdclose(ffff8000211feac0,4) at knote_fdclose+0xae fdfree(ffff8000211feac0) at fdfree+0xdf exit1(ffff8000211feac0,0,0,1) at exit1+0x3ff sys_exit(ffff8000211feac0,ffff8000212a5780,ffff8000212a57d0) at sys_exit+0x1a syscall(ffff8000212a5850) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7624cd69c750, count: 2 ddb{1}> trace db_enter() at db_enter+0x1c panic(ffffffff8279eeb4) at panic+0x17b __assert(ffffffff82820513,ffffffff8283fa89,2bb,ffffffff827a57e4) at __assert+0x29 splraise(ac5bab41) at splraise+0xb4 mtx_enter_try(fffffd806f1fc288) at mtx_enter_try+0x73 mtx_enter(fffffd806f1fc288) at mtx_enter+0x4f knote_remove(ffff8000211feac0,fffffd806f1fc288,fffffd806f1fc310,4,0) at knote_remove+0x20d knote_fdclose(ffff8000211feac0,4) at knote_fdclose+0xae fdfree(ffff8000211feac0) at fdfree+0xdf exit1(ffff8000211feac0,0,0,1) at exit1+0x3ff sys_exit(ffff8000211feac0,ffff8000212a5780,ffff8000212a57d0) at sys_exit+0x1a syscall(ffff8000212a5850) at syscall+0x5e2 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7624cd69c750, count: -13