g à ‘ÒÐÿÿÿÿÿg à ‘ÒÐÿÿÿÿÿpanic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *124612 32019 0 0 0x4000000 1 syz-executor.1 395251 23071 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 witness_checkorder(ffffffff8262c5a8,9,0) at witness_checkorder+0x10cc sys/kern/subr_witness.c:820 __mp_lock(ffffffff8262c3a0) at __mp_lock+0xa1 pageflttrap() at pageflttrap+0x6f sys/arch/amd64/amd64/trap.c:162 kerntrap(ffff800023d9ca90) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,0,600,0,fffffd8007de5054,fffffd806355ff40) at alltraps_kern_meltdown+0x7b frag6_input(ffff800023d9cdf8,ffff800023d9ce04,2c,18) at frag6_input+0x7d2 sys/netinet6/frag6.c:321 ip_deliver(ffff800023d9cdf8,ffff800023d9ce04,2c,18) at ip_deliver+0x353 sys/netinet/ip_input.c:665 ip6_input_if(ffff800023d9cdf8,ffff800023d9ce04,29,0,ffff80000066d000) at ip6_input_if+0x17d4 ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff800023d9cdf8,ffff800023d9ce04,29,0,ffff80000066d000) at ip6_input_if+0x17d4 sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000066d000,fffffd806d605c00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000066d000,fffffd806d605c00,18) at if_input_local+0x121 sys/net/if.c:783 ip6_output(fffffd80684ccf00,ffff800000afc100,fffffd806f6bd2a0,0,0,fffffd806f6bd230) at ip6_output+0xd59 rip6_output(fffffd80684ccf00,fffffd8075852338,ffff800023d9d168,0) at rip6_output+0x4c0 sys/netinet6/raw_ip6.c:481 end trace frame: 0xffff800023d9d200, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 witness_checkorder(ffffffff8262c5a8,9,0) at witness_checkorder+0x10cc sys/kern/subr_witness.c:820 __mp_lock(ffffffff8262c3a0) at __mp_lock+0xa1 pageflttrap() at pageflttrap+0x6f sys/arch/amd64/amd64/trap.c:162 kerntrap(ffff800023d9ca90) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,0,600,0,fffffd8007de5054,fffffd806355ff40) at alltraps_kern_meltdown+0x7b frag6_input(ffff800023d9cdf8,ffff800023d9ce04,2c,18) at frag6_input+0x7d2 sys/netinet6/frag6.c:321 ip_deliver(ffff800023d9cdf8,ffff800023d9ce04,2c,18) at ip_deliver+0x353 sys/netinet/ip_input.c:665 ip6_input_if(ffff800023d9cdf8,ffff800023d9ce04,29,0,ffff80000066d000) at ip6_input_if+0x17d4 ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff800023d9cdf8,ffff800023d9ce04,29,0,ffff80000066d000) at ip6_input_if+0x17d4 sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000066d000,fffffd806d605c00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000066d000,fffffd806d605c00,18) at if_input_local+0x121 sys/net/if.c:783 ip6_output(fffffd80684ccf00,ffff800000afc100,fffffd806f6bd2a0,0,0,fffffd806f6bd230) at ip6_output+0xd59 rip6_output(fffffd80684ccf00,fffffd8075852338,ffff800023d9d168,0) at rip6_output+0x4c0 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd8075852338,9,fffffd80684ccf00,0,0,ffff800020ab1b60) at rip6_usrreq+0x5cd sys/netinet6/raw_ip6.c:670 sosend(fffffd8075852338,0,ffff800023d9d398,0,0,0) at sosend+0x668 sys/kern/uipc_socket.c:524 dofilewritev(ffff800020ab1b60,3,ffff800023d9d398,0,ffff800023d9d4a0) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff800020ab1b60,ffff800023d9d438,ffff800023d9d4a0) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff800023d9d510) at syscall+0x552 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800023d9d510) at syscall+0x552 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,c,0,3,39b4b02b010) at Xsyscall+0x128 end of kernel end trace frame: 0x39e0b10de80, count: -20 ddb{1}> show registers rdi 0xffffffff81ae7517 db_enter+0x17 rsi 0x3343 __ALIGN_SIZE+0x2343 rbp 0xffff800023d9c7f0 rbx 0xffff800023d9c8a0 rdx 0x3344 __ALIGN_SIZE+0x2344 rcx 0xffff80002218c000 rax 0xffff80002218c000 r8 0xffffffff81048ff3 kprintf+0x173 r9 0x1 r10 0x25 r11 0xc84fde9cfe0e0897 r12 0x3000000008 r13 0xffff800023d9c800 r14 0x100 r15 0x1 rip 0xffffffff81ae7518 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800023d9c7e0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.1) pid=124612 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020ab0038,0xffffffff8262aaa8 process=0xffff800020adc000 user=0xffff800023d98000, vmspace=0xfffffd807f00c8a0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 32019 209128 18511 0 2 0 syz-executor.1 *32019 124612 18511 0 7 0x4000000 syz-executor.1 37287 171063 0 0 3 0x14200 acct acct 60541 87305 7698 0 3 0x82 nanosleep syz-executor.0 18511 167396 7698 0 3 0x82 nanosleep syz-executor.1 51028 77992 1 0 3 0x100083 ttyin getty 99520 121813 0 0 3 0x14200 bored sosplice 7698 268056 25206 0 3 0x82 thrsleep syz-fuzzer 7698 248810 25206 0 3 0x4000082 thrsleep syz-fuzzer 7698 160805 25206 0 3 0x4000082 thrsleep syz-fuzzer 7698 470069 25206 0 3 0x4000082 thrsleep syz-fuzzer 7698 340882 25206 0 3 0x4000082 thrsleep syz-fuzzer 7698 204933 25206 0 3 0x4000082 kqread syz-fuzzer 7698 325845 25206 0 3 0x4000082 thrsleep syz-fuzzer 7698 395889 25206 0 3 0x4000082 thrsleep syz-fuzzer 7698 341431 25206 0 3 0x4000082 thrsleep syz-fuzzer 7698 233019 25206 0 3 0x4000082 thrsleep syz-fuzzer 25206 302087 46995 0 3 0x10008a pause ksh 46995 103767 80191 0 3 0x92 select sshd 80191 494321 1 0 3 0x80 select sshd 67715 240879 82390 74 3 0x100092 bpf pflogd 82390 49810 1 0 3 0x80 netio pflogd 2495 164146 44842 73 3 0x100090 kqread syslogd 44842 279849 1 0 3 0x100082 netio syslogd 50649 515898 1 77 3 0x100090 poll dhclient 52790 371561 1 0 3 0x80 poll dhclient 26045 431210 0 0 2 0x14200 zerothread 68212 392356 0 0 3 0x14200 aiodoned aiodoned 23938 25504 0 0 3 0x14200 syncer update 66930 273430 0 0 3 0x14200 cleaner cleaner 23071 395251 0 0 7 0x14200 reaper 41443 238187 0 0 3 0x14200 pgdaemon pagedaemon 37142 294165 0 0 3 0x14200 bored crynlk 71076 239672 0 0 3 0x14200 bored crypto 77123 226711 0 0 3 0x40014200 acpi0 acpi0 60021 327095 0 0 3 0x40014200 idle1 61722 380734 0 0 3 0x14200 bored softnet 12700 255978 0 0 3 0x14200 bored systqmp 83388 421391 0 0 3 0x14200 bored systq 36703 77641 0 0 3 0x40014200 bored softclock 7586 318864 0 0 3 0x40014200 idle0 93745 270859 0 0 3 0x14200 bored smr 1 180781 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: