panic: mutex 0xffffffff83968220 not held in in_pcb_iterator Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *357713 53928 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833b79e6) at panic+0x1cf sys/kern/subr_prf.c:198 in_pcb_iterator(ffffffff83968220,fffffd806cc86e48,ffff800035d1ba70) at in_pcb_iterator+0x20c sys/netinet/in_pcb.c:683 sysctl_file(ffff800035d1bd38,4,200000000100,ffff800035d1bd68,ffff80002a8d4a58) at sysctl_file+0xa52 sys/kern/kern_sysctl.c:-1 kern_sysctl(ffff800035d1bd34,5,200000000100,ffff800035d1bd68,0,37,10e50d69a450a53c) at kern_sysctl+0x251 sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a8d4a58,ffff800035d1bea0,ffff800035d1bdf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1 syscall(ffff800035d1bea0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800035d1bea0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a31f2c8c70, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: mutex 0xffffffff83968220 not held in in_pcb_iterator ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833b79e6) at panic+0x1cf sys/kern/subr_prf.c:198 in_pcb_iterator(ffffffff83968220,fffffd806cc86e48,ffff800035d1ba70) at in_pcb_iterator+0x20c sys/netinet/in_pcb.c:683 sysctl_file(ffff800035d1bd38,4,200000000100,ffff800035d1bd68,ffff80002a8d4a58) at sysctl_file+0xa52 sys/kern/kern_sysctl.c:-1 kern_sysctl(ffff800035d1bd34,5,200000000100,ffff800035d1bd68,0,37,10e50d69a450a53c) at kern_sysctl+0x251 sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a8d4a58,ffff800035d1bea0,ffff800035d1bdf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1 syscall(ffff800035d1bea0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800035d1bea0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a31f2c8c70, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800035d1b950 rbx 0 rdx 0xffff80000146b180 rcx 0 rax 0xffff80002a8d4a58 r8 0 r9 0x8080808080808080 r10 0x966f10102dda150d r11 0x4556dfb77b145a32 r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff82d07ac5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800035d1b940 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=357713 pid=53928 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a8d4f78,0xffffffff838c08a0 process=0xffff80003c96cdb8 user=0xffff800035d16000, vmspace=0xfffffd807ebb1b40 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 53928 264633 80551 0 2 0 syz-executor *53928 357713 80551 0 7 0x4000000 syz-executor 375 318305 82221 0 2 0x10 syz-executor 375 83431 82221 0 2 0x4000010 syz-executor 375 420334 82221 0 2 0x4000010 syz-executor 97285 287188 23256 0 2 0x2 syz-executor 83069 300527 23256 0 2 0x2 syz-executor 75810 15769 23256 0 2 0xc82 syz-executor 25167 184053 23256 0 2 0xc82 syz-executor 4408 65568 23256 0 2 0x2 syz-executor 19152 163334 1 0 3 0x100083 ttyopn getty 33438 512714 0 0 3 0x14200 acct acct 82221 500062 23256 0 2 0xc82 syz-executor 73511 161388 0 0 3 0x14200 bored sosplice 87958 434150 23256 0 2 0x2 syz-executor 80551 183228 23256 0 2 0xc82 syz-executor 23256 146617 19766 0 2 0x2 syz-executor 19766 378961 7141 0 3 0x10008a sigsusp ksh 7141 227925 81306 0 3 0x98 kqread sshd-session 81306 38240 28485 0 3 0x92 kqread sshd-session 28485 344719 1 0 3 0x88 kqread sshd 25026 481288 74078 73 3 0x1100090 kqread syslogd 74078 404406 1 0 3 0x100082 sbwait syslogd 26932 333896 1 0 3 0x100080 kqread resolvd 11603 413075 22347 77 3 0x100092 kqread dhcpleased 4948 225798 22347 77 3 0x100092 kqread dhcpleased 22347 308150 1 0 3 0x80 kqread dhcpleased 54324 206850 0 0 3 0x14200 bored smr 72536 494330 0 0 2 0x14200 zerothread 54156 332290 0 0 3 0x14200 aiodoned aiodoned 79295 104412 0 0 3 0x14200 syncer update 91406 8748 0 0 3 0x14200 cleaner cleaner 2004 55515 0 0 2 0x14200 reaper 20665 162247 0 0 3 0x14200 pgdaemon pagedaemon 34389 395993 0 0 3 0x14200 bored viomb 61867 451306 0 0 3 0x40014200 acpi0 acpi0 23308 245957 0 0 3 0x14200 bored softnet3 10299 395370 0 0 3 0x14200 bored softnet2 36795 305886 0 0 3 0x14200 bored softnet1 17344 104271 0 0 2 0x14200 softnet0 42680 86445 0 0 3 0x14200 bored systqmp 62032 202469 0 0 3 0x14200 bored systq 91836 92927 0 0 2 0x40014200 softclock 95634 452215 0 0 3 0x40014200 idle0 1 305532 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10199 11062K 11834K 166960K 17979 0 pcb 17 12K 12K 166960K 416 0 rtable 160 12K 13K 166960K 1057 0 pf 36 14K 20K 166960K 322 0 ifaddr 32 6K 7K 166960K 250 0 ifgroup 58 2K 2K 166960K 442 0 sysctl 3 1K 9K 166960K 19 0 counters 34 18K 18K 166960K 242 0 ioctlops 0 0K 4K 166960K 455 0 iov 0 0K 28K 166960K 146 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1396 88K 88K 166960K 4707 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 10K 166960K 34 0 VM map 2 1K 1K 166960K 2 0 sem 22 17K 17K 166960K 45 0 dirhash 12 2K 3K 166960K 75 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 13 45K 236K 166960K 5742 0 sigio 0 0K 0K 166960K 45 0 proc 60 59K 91K 166960K 1028 0 subproc 72 4K 4K 166960K 175 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 812 0 in_multi 46 3K 7K 166960K 401 0 ether_multi 1 0K 0K 166960K 42 0 mrt 1 0K 0K 166960K 19 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 103 466K 466K 166960K 103 0 exec 0 0K 1K 166960K 774 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 181 142K 167K 166960K 47423 0 UVM aobj 74 9K 9K 166960K 79 0 pinsyscall 34 68K 92K 166960K 7050 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 232 0 NDP 13 0K 2K 166960K 173 0 temp 75 8689K 8792K 166960K 119388 0 kqueue 13 20K 33K 166960K 542 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 212 0 209 1 0 1 1 0 8 0 rtentry 136 347 0 294 4 1 3 4 0 8 0 unpcb 144 1398 0 1382 4 3 1 4 0 8 0 syncache 336 7 0 7 1 1 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 808 591 0 584 2 1 1 2 0 8 0 arp 88 60 0 49 1 0 1 1 0 8 0 ipq 40 21 0 20 1 0 1 1 0 8 0 ipqe 40 64 0 63 1 0 1 1 0 8 0 inpcb 328 2406 0 2390 7 5 2 7 0 8 0 nd6 104 66 0 57 1 0 1 1 0 8 0 pkpcb 40 18 0 18 2 2 0 1 0 8 0 kcovpl 48 19 0 11 1 0 1 1 0 8 0 mppekey 1024 5 0 5 2 2 0 1 0 8 0 ppxss 1072 153 0 153 1 1 0 1 0 8 0 pppxif 1384 26 0 26 1 1 0 1 0 8 0 pfrktable 1344 5 0 5 1 1 0 1 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 6 0 1 5 0 5 5 0 8 0 art_heap4 256 1429 0 1181 30 10 20 29 0 8 0 art_table 32 1435 0 1182 4 1 3 4 0 8 0 art_node 16 335 0 293 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 11 1 0 1 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 34 0 14 1 0 1 1 0 8 0 shmpl 112 76 0 5 3 0 3 3 0 8 0 dirhash 1024 60 0 43 3 0 3 3 0 8 0 dino2pl 256 9807 0 8296 95 0 95 95 0 8 0 ffsino 248 9807 0 8296 95 0 95 95 0 8 0 nchpl 144 16319 0 14606 64 0 64 64 0 8 0 rtmask 32 33 0 33 1 1 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 42628 0 42628 3 2 1 3 0 8 1 kstatmem 264 264 0 238 3 1 2 3 0 8 0 acpiwqpl 32 3 0 3 1 0 1 1 1 8 1 scsiplug 72 19 0 19 3 2 1 1 0 8 1 scxspl 216 49848 0 49848 11 9 2 8 1 8 2 plimitpl 152 386 0 370 1 0 1 1 0 8 0 sigapl 424 5999 0 5954 8 2 6 8 0 8 0 knotepl 120 186376 0 186329 28 25 3 16 0 8 0 kqueuepl 184 725 0 716 1 0 1 1 0 8 0 pipepl 296 269 0 242 3 0 3 3 0 8 0 fdescpl 440 5960 0 5935 5 1 4 5 0 8 0 filepl 120 18249 0 18042 10 2 8 9 0 8 0 lockfpl 104 768 0 766 1 0 1 1 0 8 0 lockfspl 48 306 0 304 1 0 1 1 0 8 0 sessionpl 144 40 0 32 1 0 1 1 0 8 0 pgrppl 48 79 0 63 1 0 1 1 0 8 0 ucredpl 104 2609 0 2597 1 0 1 1 0 8 0 zombiepl 144 6455 0 6453 2 1 1 1 0 8 0 processpl 1160 6000 0 5954 5 1 4 5 0 8 0 procpl 656 12402 0 12353 7 1 6 7 0 8 0 sosppl 168 51 0 51 2 2 0 1 0 8 0 sockpl 528 4077 0 4036 8 4 4 8 0 8 0 mcl64k 65536 1258 0 1258 3 2 1 1 0 8 1 mcl16k 16384 842 0 842 3 2 1 1 0 8 1 mcl12k 12288 550 0 550 3 2 1 1 0 8 1 mcl9k 9216 211 0 211 3 2 1 1 0 8 1 mcl8k 8192 1041 0 1041 3 2 1 1 0 8 1 mcl4k 4096 13065 0 13009 15 7 8 15 0 8 0 mcl2k2 2112 15 0 15 3 2 1 1 0 8 1 mcl2k 2048 2494 0 2489 4 2 2 2 0 8 1 mtagpl 96 317 0 251 5 0 5 5 0 8 0 mbufpl 256 68956 0 68766 134 103 31 76 0 8 8 bufpl 280 13586 0 7359 446 0 446 446 0 8 0 anonpl 24 598413 0 595607 68 36 32 68 0 187 0 amapchunkpl 152 163311 0 162990 41 17 24 33 0 158 4 amappl16 200 9174 0 9136 56 51 5 27 0 8 0 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 137 0 127 1 0 1 1 0 8 0 amappl13 176 7 0 7 1 1 0 1 0 8 0 amappl12 168 6742 0 6718 2 0 2 2 0 8 0 amappl11 160 42 0 32 1 0 1 1 0 8 0 amappl10 152 31 0 31 1 1 0 1 0 8 0 amappl9 144 253 0 253 1 1 0 1 0 8 0 amappl8 136 20 0 18 1 0 1 1 0 8 0 amappl7 128 126 0 115 1 0 1 1 0 8 0 amappl6 120 280 0 276 1 0 1 1 0 8 0 amappl5 112 169 0 163 1 0 1 1 0 8 0 amappl4 104 330 0 315 1 0 1 1 0 8 0 amappl3 96 36219 0 36145 4 0 4 4 0 8 0 amappl2 88 808 0 751 2 0 2 2 0 8 0 amappl1 80 31827 0 31295 13 0 13 13 0 8 0 amappl 88 46129 0 46012 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 8 0 8 1 1 0 1 0 8 0 dma128 128 263 0 263 2 2 0 1 0 8 0 dma64 64 8 0 8 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 78 0 5 2 0 2 2 0 8 0 uaddrrnd 24 5960 0 5935 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5960 0 5935 1 0 1 1 0 8 0 vmmpekpl 168 35075 0 35018 3 0 3 3 0 8 0 vmmpepl 168 347983 0 346364 104 17 87 103 0 357 1 vmsppl 360 5959 0 5933 4 1 3 4 0 8 0 rwobjpl 32 77088 0 70282 58 0 58 58 0 8 0 pdppl 4096 11926 0 11866 134 68 66 80 0 8 6 pvpl 32 2386785 0 2378892 155 54 101 151 0 265 2 pmappl 216 5959 0 5933 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 445 0 209 10 1 9 9 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833b79e6) at panic+0x1cf sys/kern/subr_prf.c:198 in_pcb_iterator(ffffffff83968220,fffffd806cc86e48,ffff800035d1ba70) at in_pcb_iterator+0x20c sys/netinet/in_pcb.c:683 sysctl_file(ffff800035d1bd38,4,200000000100,ffff800035d1bd68,ffff80002a8d4a58) at sysctl_file+0xa52 sys/kern/kern_sysctl.c:-1 kern_sysctl(ffff800035d1bd34,5,200000000100,ffff800035d1bd68,0,37,10e50d69a450a53c) at kern_sysctl+0x251 sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a8d4a58,ffff800035d1bea0,ffff800035d1bdf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1 syscall(ffff800035d1bea0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800035d1bea0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a31f2c8c70, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833b79e6) at panic+0x1cf sys/kern/subr_prf.c:198 in_pcb_iterator(ffffffff83968220,fffffd806cc86e48,ffff800035d1ba70) at in_pcb_iterator+0x20c sys/netinet/in_pcb.c:683 sysctl_file(ffff800035d1bd38,4,200000000100,ffff800035d1bd68,ffff80002a8d4a58) at sysctl_file+0xa52 sys/kern/kern_sysctl.c:-1 kern_sysctl(ffff800035d1bd34,5,200000000100,ffff800035d1bd68,0,37,10e50d69a450a53c) at kern_sysctl+0x251 sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a8d4a58,ffff800035d1bea0,ffff800035d1bdf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1 syscall(ffff800035d1bea0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800035d1bea0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a31f2c8c70, count: -8