panic: thread 0xffff800020b74008 cannot exit while holding sleeplocks Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 121483 57724 73 0x100010 0 1 syslogd *164354 16995 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 witness_thread_exit(25a3f67309449157) at witness_thread_exit+0x244 sys/kern/subr_witness.c:1377 reaper(0) at reaper+0x14f sys/kern/kern_exit.c:412 end trace frame: 0x0, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic thread 0xffff800020b74008 cannot exit while holding sleeplocks ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 witness_thread_exit(25a3f67309449157) at witness_thread_exit+0x244 sys/kern/subr_witness.c:1377 reaper(0) at reaper+0x14f sys/kern/kern_exit.c:412 end trace frame: 0x0, count: -4 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020b67df0 rbx 0xffff800020b67e90 rdx 0xffffffff81ec88ae cmd0646_9_tim_udma+0x18cbf rcx 0x201 rax 0x1 r8 0xffffffff81aa9b64 kprintf+0x174 r9 0x1 r10 0x576b7784dd747e12 r11 0xda8aeb62a3204a71 r12 0x3000000008 r13 0xffff800020b67e00 r14 0x100 r15 0x1 rip 0xffffffff819d4fa8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020b67de0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (reaper) pid=164354 stat=onproc flags process=14000 proc=200 pri=4, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800020b21068,0xffff800020b219d8 process=0xffff800020b5a698 user=0xffff800020b62000, vmspace=0xffffffff822dc6f0 estcpu=1, cpticks=2, pctcpu=0.5 user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 19293 430767 51050 0 2 0x482 syz-executor0 51050 441926 62508 0 3 0x82 thrsleep syz-execprog 51050 482858 62508 0 3 0x4000082 thrsleep syz-execprog 51050 240485 62508 0 3 0x4000082 thrsleep syz-execprog 51050 302089 62508 0 3 0x4000082 thrsleep syz-execprog 51050 246432 62508 0 3 0x4000082 thrsleep syz-execprog 51050 233791 62508 0 3 0x4000082 thrsleep syz-execprog 51050 42092 62508 0 3 0x4000082 thrsleep syz-execprog 51050 18612 62508 0 3 0x4000082 kqread syz-execprog 62508 381627 79789 0 3 0x10008a pause ksh 79789 39466 78554 0 3 0x92 select sshd 83121 166437 1 0 3 0x100083 ttyin getty 78554 224566 1 0 3 0x80 select sshd 57724 121483 49273 73 7 0x100010 syslogd 49273 500460 1 0 3 0x100082 netio syslogd 7632 224779 1 77 3 0x100090 poll dhclient 84269 78001 1 0 3 0x80 poll dhclient 82034 453128 0 0 3 0x14200 pgzero zerothread 39825 10463 0 0 3 0x14200 aiodoned aiodoned 95923 483451 0 0 3 0x14200 syncer update 82149 338002 0 0 3 0x14200 cleaner cleaner *16995 164354 0 0 7 0x14200 reaper 67259 49578 0 0 3 0x14200 pgdaemon pagedaemon 16561 248307 0 0 3 0x14200 bored crynlk 80785 123939 0 0 3 0x14200 bored crypto 10773 441348 0 0 3 0x40014200 acpi0 acpi0 29247 236619 0 0 3 0x40014200 idle1 4399 5494 0 0 3 0x14200 bored softnet 91613 450181 0 0 3 0x14200 bored systqmp 5253 117292 0 0 3 0x14200 bored systq 44752 448101 0 0 3 0x40014200 bored softclock 1338 207388 0 0 3 0x40014200 idle0 1 435205 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 57724 (syslogd) thread 0xffff800020be59d8 (121483) exclusive rrwlock inode r = 0 (0xfffffd806eb96808) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9449 6318K 6318K 78643K 10536 0 0 pcb 23 9K 9K 78643K 55 0 0 rtable 79 2K 2K 78643K 141 0 0 ifaddr 28 8K 8K 78643K 28 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 14 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1166 73K 73K 78643K 1194 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0