panic: Thread 0xffff800020bbb9e0 cannot exit while holding sleeplocks Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 183866 60584 32767 0x10 0x480 0 syz-executor0 *518420 38399 0 0x14000 0x200 1 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 witness_thread_exit(4f145bfdd7d5800b) at witness_thread_exit+0x244 sys/kern/subr_witness.c:1377 reaper(0) at reaper+0x14f sys/kern/kern_exit.c:412 end trace frame: 0x0, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic Thread 0xffff800020bbb9e0 cannot exit while holding sleeplocks ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 witness_thread_exit(4f145bfdd7d5800b) at witness_thread_exit+0x244 sys/kern/subr_witness.c:1377 reaper(0) at reaper+0x14f sys/kern/kern_exit.c:412 end trace frame: 0x0, count: -4 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020b671e0 rbx 0xffff800020b67280 rdx 0xffffffff81ec5817 cmd0646_9_tim_udma+0x133e5 rcx 0 rax 0 r8 0xffffffff819810f4 kprintf+0x174 r9 0x1 r10 0xc327b5861a98a95 r11 0xb5c959b27dab825 r12 0x3000000008 r13 0xffff800020b671f0 r14 0x100 r15 0x1 rip 0xffffffff816f2378 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020b671d0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (reaper) pid=518420 stat=onproc flags process=14000 proc=200 pri=4, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020b204b0,0xffff800020b219d8 process=0xffff800020b5a9e0 user=0xffff800020b62000, vmspace=0xffffffff823219e8 estcpu=0, cpticks=1, pctcpu=0.30 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 15958 72037 92055 32767 3 0x90 nanosleep syz-executor1 15958 244452 92055 32767 3 0x4000090 poll syz-executor1 15958 113506 92055 32767 3 0x4000090 fsleep syz-executor1 92055 510767 12537 32767 3 0x90 nanosleep syz-executor1 12537 33161 66955 0 3 0x82 wait syz-executor1 60584 183866 33818 32767 7 0x490 syz-executor0 33818 347010 66955 0 3 0x82 wait syz-executor0 25381 186763 0 0 3 0x14200 bored sosplice 66955 366552 88574 0 3 0x82 thrsleep syz-fuzzer 66955 13883 88574 0 3 0x4000082 thrsleep syz-fuzzer 66955 247848 88574 0 3 0x4000082 thrsleep syz-fuzzer 66955 114189 88574 0 3 0x4000082 kqread syz-fuzzer 66955 91925 88574 0 3 0x4000082 thrsleep syz-fuzzer 66955 498948 88574 0 3 0x4000082 thrsleep syz-fuzzer 66955 367889 88574 0 3 0x4000082 thrsleep syz-fuzzer 66955 52040 88574 0 3 0x4000082 thrsleep syz-fuzzer 66955 497550 88574 0 3 0x4000082 thrsleep syz-fuzzer 66955 245096 88574 0 3 0x4000082 thrsleep syz-fuzzer 66955 83210 88574 0 3 0x4000082 thrsleep syz-fuzzer 66955 441320 88574 0 3 0x4000082 thrsleep syz-fuzzer 88574 352297 91411 0 3 0x10008a pause ksh 91411 363213 54836 0 3 0x92 select sshd 55252 363162 1 0 3 0x100083 ttyin getty 54836 455653 1 0 3 0x80 select sshd 53445 67836 4584 73 3 0x100010 ffs_fsync syslogd 4584 104392 1 0 3 0x100082 netio syslogd 1420 121689 1 77 3 0x100090 poll dhclient 81802 62992 1 0 3 0x80 poll dhclient 82794 236328 0 0 3 0x14200 pgzero zerothread 78444 389884 0 0 3 0x14200 aiodoned aiodoned 23332 121009 0 0 3 0x14200 syncer update 53425 173772 0 0 3 0x14200 cleaner cleaner *38399 518420 0 0 7 0x14200 reaper 94059 358279 0 0 3 0x14200 pgdaemon pagedaemon 20236 380301 0 0 3 0x14200 bored crynlk 47808 54178 0 0 3 0x14200 bored crypto 76342 142150 0 0 3 0x40014200 acpi0 acpi0 19909 160985 0 0 3 0x40014200 idle1 44059 247546 0 0 3 0x14200 bored softnet 83361 429116 0 0 3 0x14200 bored systqmp 89788 69362 0 0 3 0x14200 bored systq 7945 55944 0 0 3 0x40014200 bored softclock 49418 148791 0 0 3 0x40014200 idle0 1 156583 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 53445 (syslogd) thread 0xffff800020be5078 (67836) exclusive rrwlock inode r = 0 (0xfffffd806eb873c8) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9463 6321K 6321K 78643K 11055 0 0 pcb 23 9K 11K 78643K 2290 0 0 rtable 97 3K 3K 78643K 3399 0 0 ifaddr 37 12K 12K 78643K 654 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 134 0 0 iov 0 0K 24K 78643K 332 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1201 75K 75K 78643K 4254 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 51 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 0K 78643K 374 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 7 21K 33K 78643K 4688 0 0 sigio 0 0K 0K 78643K 88 0 0 proc 41 38K 70K 78643K 2929 0 0 subproc 68 69634K 69634K 78643K 3502 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 575 0 0 in_multi 33 2K 2K 78643K 1309 0 0 ether_multi 1 0K 0K 78643K 31 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 945 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 97 21K 30K 78643K 15178 0 0 UVM aobj 130 4K 4K 78643K 156 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 110 0 0 NDP 5 0K 0K 78643K 312 0 0 temp 121 2362K 2440K 78643K 19540 0 0 kqueue 0 0K 0K 78643K 54 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 105 0 101 1 0 1 1 0 8 0 inpcbpl 280 2157 0 2150 1 0 1 1 0 8 0 plimitpl 152 245 0 236 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 950 0 910 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 1010 0 1006 1 0 1 1 0 8 0 nd6 48 206 0 202 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 4424 0 4236 12 0 12 12 0 8 0 art_table 32 4425 0 4236 2 0 2 2 0 8 0 art_node 16 949 0 915 1 0 1 1 0 8 0 sysvmsgpl 40 24 0 6 1 0 1 1 0 8 0 semapl 112 372 0 362 1 0 1 1 0 8 0 shmpl 112 154 0 26 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 7399 0 5906 49 0 49 49 0 8 0 ffsino 272 7399 0 5906 100 0 100 100 0 8 0 nchpl 144 13783 0 12209 59 0 59 59 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 49210 0 49210 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 35822 0 35821 19 18 1 6 0 8 0 sigapl 432 4552 0 4537 3 1 2 3 0 8 0 futexpl 56 43837 0 43836 1 0 1 1 0 8 0 knotepl 112 2846 0 2819 7 6 1 2 0 8 0 kqueuepl 104 1368 0 1366 1 0 1 1 0 8 0 pipepl 112 3746 0 3727 16 15 1 2 0 8 0 fdescpl 488 4553 0 4537 3 0 3 3 0 8 0 filepl 152 30285 0 30189 15 10 5 7 0 8 1 lockfpl 96 1044 0 1044 7 6 1 1 0 8 1 lockfspl 24 2184 0 2184 6 5 1 1 0 8 1 sessionpl 112 118 0 108 1 0 1 1 0 8 0 pgrppl 48 173 0 163 1 0 1 1 0 8 0 ucredpl 96 10702 0 10693 1 0 1 1 0 8 0 zombiepl 144 4537 0 4536 1 0 1 1 0 8 0 processpl 840 4568 0 4536 4 0 4 4 0 8 0 procpl 600 12621 0 12574 8 4 4 5 0 8 0 srpgc 64 592 0 592 17 16 1 1 0 8 1 sosppl 128 79 0 79 19 19 0 1 0 8 0 sockpl 384 4503 0 4486 11 8 3 4 0 8 1 mcl64k 65536 6 0 0 1 0 1 1 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 16 0 0 2 0 2 2 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 11 0 0 1 0 1 1 0 8 0 mcl2k 2048 121 0 0 13 1 12 13 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 383 0 0 10 0 10 10 0 8 0 bufpl 256 11459 0 4490 436 0 436 436 0 8 0 anonpl 16 511151 0 506404 150 119 31 41 0 125 0 amapchunkpl 152 30203 0 30106 59 53 6 11 0 158 2 amappl16 192 26626 0 26357 180 164 16 28 0 8 0 amappl15 184 551 0 550 1 0 1 1 0 8 0 amappl14 176 599 0 598 2 1 1 1 0 8 0 amappl13 168 1297 0 1292 1 0 1 1 0 8 0 amappl12 160 354 0 345 1 0 1 1 0 8 0 amappl11 152 1052 0 1040 1 0 1 1 0 8 0 amappl10 144 290 0 285 1 0 1 1 0 8 0 amappl9 136 801 0 800 1 0 1 1 0 8 0 amappl8 128 1184 0 1129 2 0 2 2 0 8 0 amappl7 120 1328 0 1314 1 0 1 1 0 8 0 amappl6 112 597 0 586 1 0 1 1 0 8 0 amappl5 104 739 0 726 1 0 1 1 0 8 0 amappl4 96 865 0 837 2 1 1 2 0 8 0 amappl3 88 830 0 825 1 0 1 1 0 8 0 amappl2 80 39253 0 39184 2 0 2 2 0 8 0 amappl1 72 121044 0 120564 23 13 10 19 0 8 0 amappl 72 13639 0 13598 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 155 0 26 3 0 3 3 0 8 0 uaddrrnd 24 4553 0 4536 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4553 0 4536 1 0 1 1 0 8 0 vmmpekpl 168 40060 0 40036 2 0 2 2 0 8 0 vmmpepl 168 523844 0 522360 186 114 72 79 0 357 6 vmsppl 360 4552 0 4536 2 0 2 2 0 8 0 pdppl 4096 9113 0 9072 6 0 6 6 0 8 0 pvpl 32 1375748 0 1367694 279 183 96 118 0 265 13 pmappl 224 4552 0 4536 24 22 2 2 0 8 1 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 592 0 3 17 0 17 17 0 8 0