panic: Thread 0xffff800020b93080 cannot exit while holding sleeplocks Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 302908 86842 0 0x2 0x4000000 1 syz-fuzzer *386720 60345 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 witness_thread_exit(9c0b02c94fad1db8) at witness_thread_exit+0x244 sys/kern/subr_witness.c:1377 reaper(0) at reaper+0x14f sys/kern/kern_exit.c:412 end trace frame: 0x0, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic Thread 0xffff800020b93080 cannot exit while holding sleeplocks ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 witness_thread_exit(9c0b02c94fad1db8) at witness_thread_exit+0x244 sys/kern/subr_witness.c:1377 reaper(0) at reaper+0x14f sys/kern/kern_exit.c:412 end trace frame: 0x0, count: -4 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020b67670 rbx 0xffff800020b67710 rdx 0xffffffff81ec7571 cmd0646_9_tim_udma+0x1299c rcx 0 rax 0 r8 0xffffffff81928b04 kprintf+0x174 r9 0x1 r10 0xd537a720021a95a r11 0x674c9861d7dcaf6e r12 0x3000000008 r13 0xffff800020b67680 r14 0x100 r15 0x1 rip 0xffffffff810e9c38 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020b67660 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (reaper) pid=386720 stat=onproc flags process=14000 proc=200 pri=4, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800020b212c0,0xffff800020b21780 process=0xffff800020b5a008 user=0xffff800020b62000, vmspace=0xffffffff82312950 estcpu=1, cpticks=3, pctcpu=0.21 user=0, sys=3, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 77957 334224 4499 32767 2 0x490 syz-executor1 4499 79206 86842 0 3 0x82 wait syz-executor1 54860 81269 0 0 3 0x14200 bored sosplice 86842 227174 37630 0 3 0x82 thrsleep syz-fuzzer 86842 441524 37630 0 2 0x4000482 syz-fuzzer 86842 263394 37630 0 3 0x4000082 thrsleep syz-fuzzer 86842 296710 37630 0 3 0x4000082 thrsleep syz-fuzzer 86842 397091 37630 0 3 0x4000082 thrsleep syz-fuzzer 86842 212369 37630 0 3 0x4000082 thrsleep syz-fuzzer 86842 283945 37630 0 3 0x4000082 thrsleep syz-fuzzer 86842 302908 37630 0 7 0x4000002 syz-fuzzer 86842 59611 37630 0 3 0x4000082 thrsleep syz-fuzzer 86842 171650 37630 0 3 0x4000082 thrsleep syz-fuzzer 86842 362358 37630 0 3 0x4000082 kqread syz-fuzzer 86842 230574 37630 0 3 0x4000082 thrsleep syz-fuzzer 37630 483389 20944 0 3 0x10008a pause ksh 20944 390086 16875 0 3 0x92 select sshd 50265 416033 1 0 3 0x100083 ttyin getty 16875 143987 1 0 3 0x80 select sshd 55155 51333 85916 73 2 0x100010 syslogd 85916 401379 1 0 3 0x100082 netio syslogd 62199 256531 1 77 3 0x100090 poll dhclient 63192 206868 1 0 3 0x80 poll dhclient 46303 175313 0 0 3 0x14200 pgzero zerothread 87197 263900 0 0 3 0x14200 aiodoned aiodoned 19793 15840 0 0 3 0x14200 syncer update 90584 418997 0 0 3 0x14200 cleaner cleaner *60345 386720 0 0 7 0x14200 reaper 94834 142197 0 0 3 0x14200 pgdaemon pagedaemon 37331 347375 0 0 3 0x14200 bored crynlk 6512 166207 0 0 3 0x14200 bored crypto 65750 155688 0 0 3 0x40014200 acpi0 acpi0 96313 133544 0 0 3 0x40014200 idle1 33474 38907 0 0 3 0x14200 bored softnet 40419 135251 0 0 3 0x14200 bored systqmp 81406 256259 0 0 3 0x14200 bored systq 96472 480103 0 0 3 0x40014200 bored softclock 63720 230430 0 0 3 0x40014200 idle0 1 154461 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 86842 (syz-fuzzer) thread 0xffff800020b74968 (302908) exclusive rrwlock inode r = 0 (0xfffffd8069bbf6f8) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 exclusive rrwlock inode r = 0 (0xfffffd8068d354e0) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9457 6319K 6321K 78643K 12794 0 0 pcb 23 9K 11K 78643K 9923 0 0 rtable 79 2K 3K 78643K 14541 0 0 ifaddr 30 17K 21K 78643K 2765 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 552 0 0 iov 0 0K 32K 78643K 1472 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1202 75K 75K 78643K 15167 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 248 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 1K 1K 78643K 1259 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 4 9K 33K 78643K 20441 0 0 sigio 0 0K 0K 78643K 270 0 0 proc 41 38K 70K 78643K 11933 0 0 subproc 34 34817K 71682K 78643K 15334 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 2969 0 0 in_multi 22 1K 2K 78643K 5605 0 0 ether_multi 1 0K 0K 78643K 151 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 3627 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 94 13K 213K 78643K 63285 0 0 UVM aobj 130 4K 4K 78643K 164 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 479 0 0 NDP 6 0K 0K 78643K 1356 0 0 temp 97 2361K 2442K 78643K 76446 0 0 kqueue 0 0K 0K 78643K 183 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 453 0 450 1 0 1 1 0 8 0 inpcbpl 280 9273 0 9266 1 0 1 1 0 8 0 plimitpl 152 1073 0 1066 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 4082 0 4051 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 544 3540 0 3536 1 0 1 1 0 8 0 nd6 48 902 0 900 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 19044 0 18893 33 20 13 13 0 8 1 art_table 32 19045 0 18893 2 0 2 2 0 8 0 art_node 16 4081 0 4053 1 0 1 1 0 8 0 sysvmsgpl 40 13 0 9 3 2 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 1255 0 1245 1 0 1 1 0 8 0 shmpl 112 162 0 34 5 1 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 28272 0 26493 58 0 58 58 0 8 0 ffsino 272 28272 0 26493 119 0 119 119 0 8 0 nchpl 144 55584 0 54006 59 0 59 59 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 208773 0 208773 3 2 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 141625 0 141625 96 95 1 6 0 8 1 sigapl 432 19261 0 19249 7 5 2 3 0 8 0 futexpl 56 197151 0 197151 3 2 1 1 0 8 1 knotepl 112 12190 0 12165 22 21 1 2 0 8 0 kqueuepl 104 5544 0 5542 1 0 1 1 0 8 0 pipepl 112 16450 0 16435 38 36 2 2 0 8 0 fdescpl 488 19262 0 19249 3 0 3 3 0 8 0 filepl 152 132052 0 131978 44 39 5 7 0 8 1 lockfpl 96 4669 0 4669 21 20 1 1 0 8 1 lockfspl 24 10796 0 10796 18 17 1 1 0 8 1 sessionpl 112 466 0 457 1 0 1 1 0 8 0 pgrppl 48 707 0 698 1 0 1 1 0 8 0 ucredpl 96 49246 0 49238 1 0 1 1 0 8 0 zombiepl 144 19249 0 19248 3 2 1 1 0 8 0 processpl 840 19277 0 19248 4 0 4 4 0 8 0 procpl 600 54174 0 54133 14 10 4 5 0 8 0 srpgc 64 2638 0 2638 76 75 1 1 0 8 1 sosppl 128 415 0 415 85 84 1 1 0 8 1 sockpl 384 19699 0 19682 21 17 4 4 0 8 2 mcl64k 65536 31 0 0 3 1 2 3 0 8 0 mcl16k 16384 24 0 0 3 1 2 3 0 8 0 mcl12k 12288 57 0 0 2 0 2 2 0 8 0 mcl9k 9216 71 0 0 4 2 2 2 0 8 0 mcl8k 8192 65 0 0 8 5 3 3 0 8 0 mcl4k 4096 65 0 0 5 2 3 3 0 8 0 mcl2k2 2112 13 0 0 1 0 1 1 0 8 0 mcl2k 2048 119 0 0 12 0 12 12 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 1094 0 0 11 1 10 10 0 8 0 bufpl 256 33113 0 26144 436 0 436 436 0 8 0 anonpl 16 1951238 0 1945361 358 319 39 43 0 125 0 amapchunkpl 152 174814 0 174732 1336 1258 78 189 0 158 74 amappl16 192 105776 0 105531 474 455 19 29 0 8 0 amappl15 184 2967 0 2966 1 0 1 1 0 8 0 amappl14 176 3678 0 3676 2 1 1 1 0 8 0 amappl13 168 3148 0 3145 1 0 1 1 0 8 0 amappl12 160 2485 0 2475 1 0 1 1 0 8 0 amappl11 152 3813 0 3802 1 0 1 1 0 8 0 amappl10 144 2723 0 2718 1 0 1 1 0 8 0 amappl9 136 2179 0 2177 1 0 1 1 0 8 0 amappl8 128 6246 0 6162 4 0 4 4 0 8 0 amappl7 120 3104 0 3092 1 0 1 1 0 8 0 amappl6 112 2425 0 2403 1 0 1 1 0 8 0 amappl5 104 3047 0 3037 1 0 1 1 0 8 0 amappl4 96 3873 0 3838 2 1 1 2 0 8 0 amappl3 88 1955 0 1950 1 0 1 1 0 8 0 amappl2 80 169054 0 168994 2 0 2 2 0 8 0 amappl1 72 488410 0 488011 22 12 10 18 0 8 0 amappl 72 57873 0 57843 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 163 0 34 3 0 3 3 0 8 0 uaddrrnd 24 19262 0 19249 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 19262 0 19249 1 0 1 1 0 8 0 vmmpekpl 168 162694 0 162666 2 0 2 2 0 8 0 vmmpepl 168 2208193 0 2206987 479 402 77 82 0 357 7 vmsppl 360 19261 0 19249 2 0 2 2 0 8 0 pdppl 4096 38531 0 38498 7 1 6 6 0 8 1 pvpl 32 5399177 0 5390315 1019 931 88 120 0 265 0 pmappl 224 19261 0 19249 89 87 2 2 0 8 1 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 647 0 35 18 0 18 18 0 8 0