panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 136055  36690      0         0x2          0    0  syz-executor.1
*467773    907      0        0x12          0    1  sshd
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8241665c) at panic+0x15c sys/kern/subr_prf.c:207
witness_checkorder(ffffffff828eb410,9,0) at witness_checkorder+0x10e0 sys/kern/subr_witness.c:821
__mp_lock(ffffffff828eb208) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff828eb208) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff828eb208) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
pageflttrap(ffff800020e04740,0) at pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180
kerntrap(ffff800020e04740) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:302
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
pool_cache_get(ffffffff828cba90) at pool_cache_get+0x118 pool_cache_list_alloc sys/kern/subr_pool.c:1809 [inline]
pool_cache_get(ffffffff828cba90) at pool_cache_get+0x118 sys/kern/subr_pool.c:1879
pool_get(ffffffff828cba90,2) at pool_get+0x91 sys/kern/subr_pool.c:572
m_copym(fffffd80642fc800,474,464,2) at m_copym+0x174 m_get sys/kern/uipc_mbuf.c:250 [inline]
m_copym(fffffd80642fc800,474,464,2) at m_copym+0x174 sys/kern/uipc_mbuf.c:667
tcp_output(ffff800000ad9760) at tcp_output+0x15ba sys/netinet/tcp_output.c:673
tcp_usrreq(fffffd806eae6968,9,fffffd80642fcb00,0,0,ffff800020e3f280) at tcp_usrreq+0xa55
sosend(fffffd806eae6968,0,ffff800020e04da8,0,0,80) at sosend+0x671 sys/kern/uipc_socket.c:555
dofilewritev(ffff800020e3f280,4,ffff800020e04da8,0,ffff800020e04e90) at dofilewritev+0x1b6 sys/kern/sys_generic.c:365
end trace frame: 0xffff800020e04e30, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff8241665c) at panic+0x15c sys/kern/subr_prf.c:207
witness_checkorder(ffffffff828eb410,9,0) at witness_checkorder+0x10e0 sys/kern/subr_witness.c:821
__mp_lock(ffffffff828eb208) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff828eb208) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff828eb208) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
pageflttrap(ffff800020e04740,0) at pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180
kerntrap(ffff800020e04740) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:302
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
pool_cache_get(ffffffff828cba90) at pool_cache_get+0x118 pool_cache_list_alloc sys/kern/subr_pool.c:1809 [inline]
pool_cache_get(ffffffff828cba90) at pool_cache_get+0x118 sys/kern/subr_pool.c:1879
pool_get(ffffffff828cba90,2) at pool_get+0x91 sys/kern/subr_pool.c:572
m_copym(fffffd80642fc800,474,464,2) at m_copym+0x174 m_get sys/kern/uipc_mbuf.c:250 [inline]
m_copym(fffffd80642fc800,474,464,2) at m_copym+0x174 sys/kern/uipc_mbuf.c:667
tcp_output(ffff800000ad9760) at tcp_output+0x15ba sys/netinet/tcp_output.c:673
tcp_usrreq(fffffd806eae6968,9,fffffd80642fcb00,0,0,ffff800020e3f280) at tcp_usrreq+0xa55
sosend(fffffd806eae6968,0,ffff800020e04da8,0,0,80) at sosend+0x671 sys/kern/uipc_socket.c:555
dofilewritev(ffff800020e3f280,4,ffff800020e04da8,0,ffff800020e04e90) at dofilewritev+0x1b6 sys/kern/sys_generic.c:365
sys_write(ffff800020e3f280,ffff800020e04e40,ffff800020e04e90) at sys_write+0x83 sys/kern/sys_generic.c:285
syscall(ffff800020e04f10) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020e04f10) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffbab90, count: -17
ddb{1}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff800020e044b0
rbx               0xffff800020e04560
rdx                             0x8b
rcx                              0x2
rax                              0x1
r8                0xffffffff8169567f    kprintf+0x16f
r9                               0x1
r10                              0x2
r11               0xc6f17b56d6b57d12
r12                     0x3000000008
r13               0xffff800020e044c0
r14                            0x100
r15                              0x1
rip               0xffffffff8138f5b8    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800020e044a0
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb{1}> show proc
PROC (sshd) pid=467773 stat=onproc
    flags process=12<EXEC,SUGID,8ORPHAN> proc=0
    pri=50, usrpri=50, nice=20
    forw=0xffffffffffffffff, list=0xffff800020e3f4f0,0xffff800020e3fc50
    process=0xffff8000ffffe3f8 user=0xffff800020dff000, vmspace=0xfffffd806e8faa18
    estcpu=0, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 91006   85218      0      0  3     0x14200  bored         sosplice
 36690  136055  66847      0  7         0x2                syz-executor.1
 10856   83049  66847      0  3        0x82  nanosleep     syz-executor.0
 66847  365951  67892      0  3        0x82  nanosleep     syz-fuzzer
 66847  439780  67892      0  3   0x4000082  nanosleep     syz-fuzzer
 66847  364591  67892      0  3   0x4000082  thrsleep      syz-fuzzer
 66847  476746  67892      0  3   0x4000082  thrsleep      syz-fuzzer
 66847    5915  67892      0  3   0x4000082  thrsleep      syz-fuzzer
 66847    4471  67892      0  3   0x4000082  thrsleep      syz-fuzzer
 66847  430349  67892      0  3   0x4000082  thrsleep      syz-fuzzer
 66847  438443  67892      0  3   0x4000082  thrsleep      syz-fuzzer
 66847  383863  67892      0  3   0x4000082  kqread        syz-fuzzer
 66847  416493  67892      0  3   0x4000082  thrsleep      syz-fuzzer
 67892  502439    907      0  3    0x10008a  pause         ksh
*  907  467773  14706      0  7        0x12                sshd
 12769  416634      1      0  3    0x100083  ttyin         getty
 14706  121791      1      0  3        0x80  select        sshd
 14052   79672  78368     74  3    0x100092  bpf           pflogd
 78368  333406      1      0  3        0x80  netio         pflogd
 26225  135753  41500     73  3    0x100090  kqread        syslogd
 41500   81795      1      0  3    0x100082  netio         syslogd
  6946   68253      1     77  3    0x100090  poll          dhclient
 46076  459021      1      0  3        0x80  poll          dhclient
 98183  274069      0      0  3     0x14200  bored         smr
 84001  224007      0      0  3     0x14200  pgzero        zerothread
 16854  278340      0      0  3     0x14200  aiodoned      aiodoned
 69356  414281      0      0  3     0x14200  syncer        update
 26997   66111      0      0  3     0x14200  cleaner       cleaner
 10388  257838      0      0  3     0x14200  reaper        reaper
 81518  359338      0      0  3     0x14200  pgdaemon      pagedaemon
 22060  424704      0      0  3     0x14200  bored         crynlk
 73615  428813      0      0  3     0x14200  bored         crypto
 24625  499890      0      0  3  0x40014200  acpi0         acpi0
 88956  168146      0      0  3  0x40014200                idle1
 28475  105896      0      0  3     0x14200  bored         softnet
 46304  364416      0      0  3     0x14200  bored         systqmp
 56848  449379      0      0  3     0x14200  bored         systq
 78688  203264      0      0  3  0x40014200  bored         softclock
 25116  182398      0      0  3  0x40014200                idle0
     1  487575      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex mbufpl r = 0 (0xffffffff828cbb88)
#0  witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0  witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1  mtx_enter_try+0x102
#2  pool_cache_get+0xa3 pl_enter_try sys/kern/subr_pool.c:109 [inline]
#2  pool_cache_get+0xa3 pool_list_enter sys/kern/subr_pool.c:1789 [inline]
#2  pool_cache_get+0xa3 pool_cache_list_alloc sys/kern/subr_pool.c:1806 [inline]
#2  pool_cache_get+0xa3 sys/kern/subr_pool.c:1879
#3  pool_get+0x91 sys/kern/subr_pool.c:572
#4  m_copym+0x174 m_get sys/kern/uipc_mbuf.c:250 [inline]
#4  m_copym+0x174 sys/kern/uipc_mbuf.c:667
#5  tcp_output+0x15ba sys/netinet/tcp_output.c:673
#6  tcp_usrreq+0xa55
#7  sosend+0x671 sys/kern/uipc_socket.c:555
#8  dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#9  sys_write+0x83 sys/kern/sys_generic.c:285
#10 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#11 Xsyscall+0x128
Process 36690 (syz-executor.1) thread 0xffff800020e0aae8 (136055)
exclusive rrwlock inode r = 0 (0xfffffd806b8a2e70)
#0  witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0  witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1  rw_enter+0x453 sys/kern/kern_rwlock.c:311
#2  rrw_enter+0x88 sys/kern/kern_rwlock.c:462
#3  VOP_LOCK+0x4b sys/kern/vfs_vops.c:603
#4  vn_lock+0x81 sys/kern/vfs_vnops.c:575
#5  vget+0x1c8 sys/kern/vfs_subr.c:671
#6  ufs_ihashget+0x141 sys/ufs/ufs/ufs_ihash.c:119
#7  ffs_vget+0x74 sys/ufs/ffs/ffs_vfsops.c:1329
#8  ufs_lookup+0x14b7 sys/ufs/ufs/ufs_lookup.c:487
#9  VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
#10 vfs_lookup+0x7a6 sys/kern/vfs_lookup.c:568
#11 namei+0x63c sys/kern/vfs_lookup.c:249
#12 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1853
#13 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#13 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806b2042b8)
#0  witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0  witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1  rw_enter+0x453 sys/kern/kern_rwlock.c:311
#2  rrw_enter+0x88 sys/kern/kern_rwlock.c:462
#3  VOP_LOCK+0x4b sys/kern/vfs_vops.c:603
#4  vn_lock+0x81 sys/kern/vfs_vnops.c:575
#5  vfs_lookup+0xe6 sys/kern/vfs_lookup.c:419
#6  namei+0x63c sys/kern/vfs_lookup.c:249
#7  dounlinkat+0x99 sys/kern/vfs_syscalls.c:1853
#8  syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8  syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#9  Xsyscall+0x128
Process 907 (sshd) thread 0xffff800020e3f280 (467773)
exclusive rwlock netlock r = 0 (0xffffffff82711af8)
#0  witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0  witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1  solock+0x5a sys/kern/uipc_socket2.c:282
#2  sosend+0x559 sys/kern/uipc_socket.c:543
#3  dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#4  sys_write+0x83 sys/kern/sys_generic.c:285
#5  syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5  syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#6  Xsyscall+0x128
exclusive mutex mbufpl r = 0 (0xffffffff828cbb88)
#0  witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0  witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1  mtx_enter_try+0x102
#2  pool_cache_get+0xa3 pl_enter_try sys/kern/subr_pool.c:109 [inline]
#2  pool_cache_get+0xa3 pool_list_enter sys/kern/subr_pool.c:1789 [inline]
#2  pool_cache_get+0xa3 pool_cache_list_alloc sys/kern/subr_pool.c:1806 [inline]
#2  pool_cache_get+0xa3 sys/kern/subr_pool.c:1879
#3  pool_get+0x91 sys/kern/subr_pool.c:572
#4  m_copym+0x174 m_get sys/kern/uipc_mbuf.c:250 [inline]
#4  m_copym+0x174 sys/kern/uipc_mbuf.c:667
#5  tcp_output+0x15ba sys/netinet/tcp_output.c:673
#6  tcp_usrreq+0xa55
#7  sosend+0x671 sys/kern/uipc_socket.c:555
#8  dofilewritev+0x1b6 sys/kern/sys_generic.c:365
#9  sys_write+0x83 sys/kern/sys_generic.c:285
#10 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#11 Xsyscall+0x128
ddb{1}>