panic: witness_warn Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *155253 30383 32767 0x10 0x4000000 1 syz-executor0 38926 74885 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 witness_warn(b65122eeb3bce43e,0,ffff800020b93080) at witness_warn+0x700 witness_debugger sys/kern/subr_witness.c:2549 [inline] witness_warn(b65122eeb3bce43e,0,ffff800020b93080) at witness_warn+0x700 sys/kern/subr_witness.c:1465 userret(eaa991b988b08025) at userret+0x361 sys/kern/kern_sig.c:1899 syscall(36701e6ae652811d) at syscall+0x680 mi_syscall_return sys/sys/syscall_mi.h:122 [inline] syscall(36701e6ae652811d) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605 Xsyscall(6,5,c,0,3,804373161a0) at Xsyscall+0x128 end of kernel end trace frame: 0x806cc679970, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic witness_warn ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 witness_warn(b65122eeb3bce43e,0,ffff800020b93080) at witness_warn+0x700 witness_debugger sys/kern/subr_witness.c:2549 [inline] witness_warn(b65122eeb3bce43e,0,ffff800020b93080) at witness_warn+0x700 sys/kern/subr_witness.c:1465 userret(eaa991b988b08025) at userret+0x361 sys/kern/kern_sig.c:1899 syscall(36701e6ae652811d) at syscall+0x680 mi_syscall_return sys/sys/syscall_mi.h:122 [inline] syscall(36701e6ae652811d) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605 Xsyscall(6,5,c,0,3,804373161a0) at Xsyscall+0x128 end of kernel end trace frame: 0x806cc679970, count: -6 ddb{1}> show registers rdi 0xffffffff816f2377 db_enter+0x17 rsi 0x4905 __ALIGN_SIZE+0x3905 rbp 0xffff800020c93550 rbx 0xffff800020c935f0 rdx 0x4906 __ALIGN_SIZE+0x3906 rcx 0xffff800004b53000 rax 0xffff800004b53000 r8 0xffffffff819810f4 kprintf+0x174 r9 0x1 r10 0x5c06fa758cf89a41 r11 0x49aedd11328a9cff r12 0x3000000008 r13 0xffff800020c93560 r14 0x100 r15 0x1 rip 0xffffffff816f2378 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c93540 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor0) pid=155253 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff800020b92bd0,0xffff800020b92730 process=0xffff800020b95708 user=0xffff800020c8e000, vmspace=0xfffffd806e9259e0 estcpu=32, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 38095 338386 51158 32767 2 0x10 syz-executor1 38095 50686 51158 32767 2 0x4000010 syz-executor1 30383 309200 64430 32767 2 0x10 syz-executor0 30383 515639 64430 32767 2 0x4000010 syz-executor0 30383 372937 64430 32767 3 0x4000090 fsleep syz-executor0 *30383 155253 64430 32767 7 0x4000010 syz-executor0 30383 201083 64430 32767 3 0x4000090 fsleep syz-executor0 30383 96024 64430 32767 3 0x4000090 fsleep syz-executor0 51158 128476 95213 32767 2 0x490 syz-executor1 95213 143676 61406 0 3 0x82 wait syz-executor1 64430 135387 73744 32767 2 0x490 syz-executor0 73744 431934 61406 0 3 0x82 wait syz-executor0 37139 9762 0 0 3 0x14200 bored sosplice 61406 168162 28510 0 3 0x82 thrsleep syz-fuzzer 61406 495746 28510 0 2 0x4000482 syz-fuzzer 61406 95049 28510 0 3 0x4000082 thrsleep syz-fuzzer 61406 167612 28510 0 3 0x4000082 thrsleep syz-fuzzer 61406 91166 28510 0 3 0x4000082 thrsleep syz-fuzzer 61406 5366 28510 0 3 0x4000082 thrsleep syz-fuzzer 61406 243218 28510 0 3 0x4000082 thrsleep syz-fuzzer 61406 17147 28510 0 3 0x4000082 thrsleep syz-fuzzer 61406 128433 28510 0 3 0x4000082 thrsleep syz-fuzzer 61406 347014 28510 0 3 0x4000082 kqread syz-fuzzer 28510 212698 32085 0 3 0x10008a pause ksh 32085 70127 30240 0 3 0x92 select sshd 59910 311412 1 0 3 0x100083 ttyin getty 30240 179792 1 0 3 0x80 select sshd 91001 218243 46892 73 3 0x100010 ffs_fsync syslogd 46892 34392 1 0 3 0x100082 netio syslogd 18518 169476 1 77 3 0x100090 poll dhclient 37576 163005 1 0 3 0x80 poll dhclient 53766 69364 0 0 2 0x14200 zerothread 29343 124155 0 0 3 0x14200 aiodoned aiodoned 60026 338772 0 0 3 0x14200 syncer update 79881 299317 0 0 3 0x14200 cleaner cleaner 85784 43144 0 0 3 0x14200 reaper reaper 59966 131334 0 0 3 0x14200 pgdaemon pagedaemon 33796 327797 0 0 3 0x14200 bored crynlk 58587 2226 0 0 3 0x14200 bored crypto 65334 155880 0 0 3 0x40014200 acpi0 acpi0 9414 392653 0 0 3 0x40014200 idle1 32871 5011 0 0 3 0x14200 bored softnet 77847 400861 0 0 3 0x14200 bored systqmp 51387 158422 0 0 3 0x14200 bored systq 74885 38926 0 0 7 0x40014200 softclock 56770 284580 0 0 3 0x40014200 idle0 1 31203 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 30383 (syz-executor0) thread 0xffff800020b93080 (155253) exclusive rrwlock inode r = 0 (0xfffffd8067ca4a28) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 Process 91001 (syslogd) thread 0xffff800020be5c30 (218243) exclusive rrwlock inode r = 0 (0xfffffd806eb973c8) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9462 6321K 6321K 78643K 13364 0 0 pcb 23 9K 11K 78643K 11516 0 0 rtable 97 3K 3K 78643K 18183 0 0 ifaddr 36 22K 29K 78643K 3457 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 737 0 0 iov 0 0K 32K 78643K 2302 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1202 75K 75K 78643K 17825 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 308 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 0K 78643K 1658 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 8 25K 33K 78643K 28663 0 0 sigio 0 0K 0K 78643K 472 0 0 proc 41 38K 70K 78643K 14889 0 0 subproc 68 69634K 71682K 78643K 19210 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 3199 0 0 in_multi 33 2K 2K 78643K 7004 0 0 ether_multi 1 0K 0K 78643K 161 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 4437 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 126 23K 62K 78643K 86997 0 0 UVM aobj 130 5K 5K 78643K 163 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 568 0 0 NDP 5 0K 0K 78643K 1698 0 0 temp 121 2362K 2440K 78643K 102365 0 0 kqueue 0 0K 0K 78643K 332 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 567 0 563 1 0 1 1 0 8 0 inpcbpl 280 11267 0 11260 1 0 1 1 0 8 0 plimitpl 152 1349 0 1340 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 5108 0 5068 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpcb 544 4171 0 4167 1 0 1 1 0 8 0 nd6 48 1130 0 1126 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 23838 0 23647 30 18 12 13 0 8 0 art_table 32 23839 0 23647 2 0 2 2 0 8 0 art_node 16 5107 0 5073 1 0 1 1 0 8 0 sysvmsgpl 40 45 0 41 2 1 1 1 0 8 0 semapl 112 1646 0 1636 1 0 1 1 0 8 0 shmpl 112 161 0 33 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 37781 0 35913 61 0 61 61 0 8 0 ffsino 272 37781 0 35913 127 2 125 125 0 8 0 nchpl 144 75736 0 74121 61 0 61 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 266985 0 266985 10 9 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 232381 0 232380 152 151 1 6 0 8 0 sigapl 432 27141 0 27125 5 3 2 3 0 8 0 futexpl 56 247977 0 247974 5 4 1 1 0 8 0 knotepl 112 17340 0 17313 36 35 1 2 0 8 0 kqueuepl 104 8818 0 8816 1 0 1 1 0 8 0 pipepl 112 25766 0 25747 57 55 2 2 0 8 0 fdescpl 488 27142 0 27125 3 0 3 3 0 8 0 filepl 152 170005 0 169903 77 72 5 7 0 8 0 lockfpl 96 6600 0 6600 63 62 1 1 0 8 1 lockfspl 24 13442 0 13442 61 60 1 1 0 8 1 sessionpl 112 580 0 570 1 0 1 1 0 8 0 pgrppl 48 863 0 853 1 0 1 1 0 8 0 ucredpl 96 55588 0 55579 1 0 1 1 0 8 0 zombiepl 144 27125 0 27125 3 2 1 1 0 8 1 processpl 840 27157 0 27125 4 0 4 4 0 8 0 procpl 600 75075 0 75028 8 4 4 5 0 8 0 srpgc 64 3302 0 3302 118 117 1 1 0 8 1 sosppl 128 651 0 651 106 105 1 1 0 8 1 sockpl 384 23231 0 23214 52 49 3 4 0 8 1 mcl64k 65536 10 0 0 2 0 2 2 0 8 0 mcl16k 16384 25 0 0 4 1 3 3 0 8 0 mcl12k 12288 76 0 0 3 1 2 2 0 8 0 mcl9k 9216 81 0 0 4 2 2 2 0 8 0 mcl8k 8192 42 0 0 5 2 3 3 0 8 0 mcl4k 4096 47 0 0 5 2 3 3 0 8 0 mcl2k2 2112 12 0 0 1 0 1 1 0 8 0 mcl2k 2048 968 0 0 15 6 9 11 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 1567 0 0 11 1 10 11 0 8 0 bufpl 256 75260 0 68291 436 0 436 436 0 8 0 anonpl 16 2678465 0 2673428 443 403 40 51 0 125 1 amapchunkpl 152 182876 0 182784 617 581 36 189 0 158 32 amappl16 192 144735 0 144500 820 798 22 34 0 8 8 amappl15 184 3897 0 3896 1 0 1 1 0 8 0 amappl14 176 7272 0 7259 2 1 1 1 0 8 0 amappl13 168 3488 0 3483 1 0 1 1 0 8 0 amappl12 160 2759 0 2750 1 0 1 1 0 8 0 amappl11 152 5674 0 5665 1 0 1 1 0 8 0 amappl10 144 4149 0 4132 2 1 1 1 0 8 0 amappl9 136 3572 0 3570 1 0 1 1 0 8 0 amappl8 128 6987 0 6873 5 1 4 4 0 8 0 amappl7 120 3473 0 3463 1 0 1 1 0 8 0 amappl6 112 4430 0 4403 1 0 1 1 0 8 0 amappl5 104 3954 0 3943 1 0 1 1 0 8 0 amappl4 96 4506 0 4466 10 8 2 2 0 8 0 amappl3 88 2055 0 2050 1 0 1 1 0 8 0 amappl2 80 239860 0 239783 2 0 2 2 0 8 0 amappl1 72 676676 0 676218 24 14 10 18 0 8 0 amappl 72 80272 0 80233 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 162 0 33 3 0 3 3 0 8 0 uaddrrnd 24 27142 0 27125 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 27142 0 27125 1 0 1 1 0 8 0 vmmpekpl 168 227203 0 227179 2 0 2 2 0 8 0 vmmpepl 168 3047840 0 3046311 676 602 74 89 0 357 4 vmsppl 360 27141 0 27125 2 0 2 2 0 8 0 pdppl 4096 54291 0 54250 8 2 6 6 0 8 0 pvpl 32 7576605 0 7568137 1264 1158 106 130 0 265 10 pmappl 224 27141 0 27125 123 122 1 2 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 660 0 45 18 0 18 18 0 8 0