login: panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *161176 5401 0 0 0x4000000 1 syz-executor.3 399105 97870 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff825a4184) at panic+0x177 sys/kern/subr_prf.c:202 witness_checkorder(ffffffff82a6f1a0,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833 __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline] __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline] __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 sys/kern/kern_lock.c:142 selwakeup(fffffd8066dc1710) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline] selwakeup(fffffd8066dc1710) at selwakeup+0x16 sys/kern/sys_generic.c:885 sorwakeup(fffffd8066dc15f8) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699 rip6_input(ffff80002e3d6258,ffff80002e3d6264,3a,18) at rip6_input+0x6bc sys/netinet6/raw_ip6.c:224 icmp6_input(ffff80002e3d6258,ffff80002e3d6264,3a,18) at icmp6_input+0x8e8 sys/netinet6/icmp6.c:762 ip_deliver(ffff80002e3d6258,ffff80002e3d6264,3a,18) at ip_deliver+0x322 sys/netinet/ip_input.c:657 ip6_input_if(ffff80002e3d6258,ffff80002e3d6264,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd806d2d3a00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:169 if_input_local(ffff80000019f2a8,fffffd806d2d3a00,18) at if_input_local+0x136 sys/net/if.c:778 ip6_output(fffffd806756b500,ffff800000cb7a00,fffffd807d36bf20,0,0,fffffd807d36bea8) at ip6_output+0xf57 rip6_output(fffffd806756ba00,fffffd807d371970,ffff80002e3d65c0,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:490 end trace frame: 0xffff80002e3d6660, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff825a4184) at panic+0x177 sys/kern/subr_prf.c:202 witness_checkorder(ffffffff82a6f1a0,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833 __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline] __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline] __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 sys/kern/kern_lock.c:142 selwakeup(fffffd8066dc1710) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline] selwakeup(fffffd8066dc1710) at selwakeup+0x16 sys/kern/sys_generic.c:885 sorwakeup(fffffd8066dc15f8) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699 rip6_input(ffff80002e3d6258,ffff80002e3d6264,3a,18) at rip6_input+0x6bc sys/netinet6/raw_ip6.c:224 icmp6_input(ffff80002e3d6258,ffff80002e3d6264,3a,18) at icmp6_input+0x8e8 sys/netinet6/icmp6.c:762 ip_deliver(ffff80002e3d6258,ffff80002e3d6264,3a,18) at ip_deliver+0x322 sys/netinet/ip_input.c:657 ip6_input_if(ffff80002e3d6258,ffff80002e3d6264,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd806d2d3a00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:169 if_input_local(ffff80000019f2a8,fffffd806d2d3a00,18) at if_input_local+0x136 sys/net/if.c:778 ip6_output(fffffd806756b500,ffff800000cb7a00,fffffd807d36bf20,0,0,fffffd807d36bea8) at ip6_output+0xf57 rip6_output(fffffd806756ba00,fffffd807d371970,ffff80002e3d65c0,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:490 rip6_usrreq(fffffd807d371970,9,fffffd806756ba00,0,0,ffff8000fffeba48) at rip6_usrreq+0x5d3 sys/netinet6/raw_ip6.c:679 sosend(fffffd807d371970,0,ffff80002e3d67f8,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582 dofilewritev(ffff8000fffeba48,4,ffff80002e3d67f8,0,ffff80002e3d68f0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_write(ffff8000fffeba48,ffff80002e3d6898,ffff80002e3d68f0) at sys_write+0x83 sys/kern/sys_generic.c:301 syscall(ffff80002e3d6960) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e3d6960) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x859659f2cf0, count: -20 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80002e3d5c60 rbx 0xffff800020ce9bff rdx 0 rcx 0 rax 0xffff8000fffeba48 r8 0x101010101010101 r9 0x8080808080808080 r10 0xe8bc3aa030be95e r11 0xdc33025314d4d099 r12 0xffff800020ce9a00 r13 0 r14 0 r15 0x1 rip 0xffffffff815a2d98 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e3d5c50 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.3) pid=161176 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff80002118e7f0,0xffff8000fffea7f8 process=0xffff8000fffedd38 user=0xffff80002e3d1000, vmspace=0xfffffd80777648c0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 93520 219140 98248 0 2 0 syz-executor.5 5401 65593 99154 0 2 0 syz-executor.3 * 5401 161176 99154 0 7 0x4000000 syz-executor.3 5401 191249 99154 0 3 0x4000080 fsleep syz-executor.3 5401 70181 99154 0 3 0x4000080 fsleep syz-executor.3 56671 293319 58054 0 2 0 syz-executor.4 9868 213766 11822 0 2 0 syz-executor.6 9868 147192 11822 0 3 0x4000080 fsleep syz-executor.6 9868 240771 11822 0 2 0x4000000 syz-executor.6 9868 105667 11822 0 3 0x4000080 fsleep syz-executor.6 20950 488519 1 0 3 0x100083 ttyin getty 21146 3173 0 0 3 0x14200 acct acct 18580 374683 0 0 3 0x14280 nfsidl nfsio 55445 252724 0 0 3 0x14280 nfsidl nfsio 44806 231068 0 0 3 0x14280 nfsidl nfsio 78061 364752 0 0 3 0x14280 nfsidl nfsio 98904 247884 0 0 3 0x14280 nfsidl nfsio 43601 228899 0 0 3 0x14280 nfsidl nfsio 63584 232079 0 0 3 0x14280 nfsidl nfsio 65671 343570 0 0 3 0x14280 nfsidl nfsio 69295 81203 0 0 3 0x14280 nfsidl nfsio 66324 285954 0 0 3 0x14280 nfsidl nfsio 45452 336332 0 0 3 0x14280 nfsidl nfsio 4901 219634 0 0 3 0x14280 nfsidl nfsio 48059 79325 0 0 3 0x14280 nfsidl nfsio 21083 261944 0 0 3 0x14280 nfsidl nfsio 94106 199776 0 0 3 0x14280 nfsidl nfsio 63377 451374 0 0 3 0x14280 nfsidl nfsio 41822 293920 0 0 3 0x14280 nfsidl nfsio 83364 119574 0 0 3 0x14280 nfsidl nfsio 5957 188398 0 0 3 0x14280 nfsidl nfsio 22262 147264 0 0 3 0x14280 nfsidl nfsio 34948 343919 0 0 3 0x14200 bored sosplice 54744 524119 83809 0 2 0x2 syz-executor.7 98248 256652 83809 0 3 0x82 nanoslp syz-executor.5 58054 483951 83809 0 2 0x2 syz-executor.4 11822 339369 83809 0 3 0x82 nanoslp syz-executor.6 99154 523807 83809 0 3 0x82 nanoslp syz-executor.3 43070 215710 83809 0 2 0x2 syz-executor.2 7814 352993 83809 0 3 0x82 nanoslp syz-executor.1 99173 452670 83809 0 3 0x82 nanoslp syz-executor.0 83809 422438 70364 0 3 0x82 thrsleep syz-fuzzer 83809 366338 70364 0 3 0x4000082 nanoslp syz-fuzzer 83809 497502 70364 0 3 0x4000082 nanoslp syz-fuzzer 83809 168219 70364 0 3 0x4000082 thrsleep syz-fuzzer 83809 464545 70364 0 3 0x4000082 thrsleep syz-fuzzer 83809 51137 70364 0 3 0x4000082 thrsleep syz-fuzzer 83809 136789 70364 0 3 0x4000082 kqread syz-fuzzer 83809 357902 70364 0 3 0x4000082 thrsleep syz-fuzzer 70364 68742 76516 0 3 0x10008a sigsusp ksh 76516 1113 17959 0 3 0x9a kqread sshd 17959 450016 1 0 3 0x88 kqread sshd 23309 77291 16357 74 3 0x1100092 bpf pflogd 16357 259272 1 0 3 0x80 netio pflogd 52801 317146 41555 73 3 0x1100090 kqread syslogd 41555 22853 1 0 3 0x100082 netio syslogd 49231 254993 1 0 3 0x100080 kqread resolvd 16003 358806 49962 77 3 0x100092 kqread dhcpleased 3092 482249 49962 77 3 0x100092 kqread dhcpleased 49962 433928 1 0 3 0x80 kqread dhcpleased 74825 216649 0 0 3 0x14200 bored smr 14892 236867 0 0 2 0x14200 zerothread 29540 439609 0 0 3 0x14200 aiodoned aiodoned 84948 359813 0 0 3 0x14200 syncer update 41454 309991 0 0 3 0x14200 cleaner cleaner 97870 399105 0 0 7 0x14200 reaper 96159 171528 0 0 3 0x14200 pgdaemon pagedaemon 89637 452323 0 0 3 0x14200 bored viomb 74955 401993 0 0 3 0x40014200 acpi0 acpi0 93964 452186 0 0 3 0x40014200 idle1 69379 281373 0 0 3 0x14200 bored softnet 7067 314500 0 0 3 0x14200 bored systqmp 54660 107326 0 0 3 0x14200 bored systq 65304 146602 0 0 3 0x40014200 bored softclock 83908 452684 0 0 3 0x40014200 idle0 1 289874 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff82b87938) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 uvm_pmr_freepageq+0xcc sys/uvm/uvm_pmemrange.c:1333 #4 amap_wipeout+0x1ff sys/uvm/uvm_amap.c:523 #5 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599 #6 uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789 #7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685 #8 reaper+0x18b sys/kern/kern_exit.c:457 #9 proc_trampoline+0x1c CPU 1: exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a21700) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 rip6_input+0x28f #4 icmp6_input+0x8e8 sys/netinet6/icmp6.c:762 #5 ip_deliver+0x322 sys/netinet/ip_input.c:657 #6 ip6_input_if+0x920 #7 ipv6_input+0x48 sys/netinet6/ip6_input.c:169 #8 if_input_local+0x136 sys/net/if.c:778 #9 ip6_output+0xf57 #10 rip6_output+0x4ad sys/netinet6/raw_ip6.c:490 #11 rip6_usrreq+0x5d3 sys/netinet6/raw_ip6.c:679 #12 sosend+0x632 sys/kern/uipc_socket.c:582 #13 dofilewritev+0x19c sys/kern/sys_generic.c:381 #14 sys_write+0x83 sys/kern/sys_generic.c:301 #15 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #15 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #16 Xsyscall+0x128 Process 5401 (syz-executor.3) thread 0xffff8000fffeba48 (161176) exclusive rwlock netlock r = 0 (0xffffffff829bbd70) #0 witness_lock+0x44d #1 solock+0x86 sys/kern/uipc_socket2.c:295 #2 sosend+0x517 sys/kern/uipc_socket.c:570 #3 dofilewritev+0x19c sys/kern/sys_generic.c:381 #4 sys_write+0x83 sys/kern/sys_generic.c:301 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a21700) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 rip6_input+0x28f #4 icmp6_input+0x8e8 sys/netinet6/icmp6.c:762 #5 ip_deliver+0x322 sys/netinet/ip_input.c:657 #6 ip6_input_if+0x920 #7 ipv6_input+0x48 sys/netinet6/ip6_input.c:169 #8 if_input_local+0x136 sys/net/if.c:778 #9 ip6_output+0xf57 #10 rip6_output+0x4ad sys/netinet6/raw_ip6.c:490 #11 rip6_usrreq+0x5d3 sys/netinet6/raw_ip6.c:679 #12 sosend+0x632 sys/kern/uipc_socket.c:582 #13 dofilewritev+0x19c sys/kern/sys_generic.c:381 #14 sys_write+0x83 sys/kern/sys_generic.c:301 #15 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #15 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #16 Xsyscall+0x128 Process 97870 (reaper) thread 0xffff8000210f97a0 (399105)