panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *509025 96040 0 0 0x4000000 1 syz-executor.6 370162 34989 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff825a4184) at panic+0x177 sys/kern/subr_prf.c:202 witness_checkorder(ffffffff82a6f1a0,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833 __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline] __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline] __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 sys/kern/kern_lock.c:142 selwakeup(fffffd805ca43748) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline] selwakeup(fffffd805ca43748) at selwakeup+0x16 sys/kern/sys_generic.c:885 sorwakeup(fffffd805ca43630) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699 rip6_input(ffff80002e3efd08,ffff80002e3efd14,3a,18) at rip6_input+0x6bc sys/netinet6/raw_ip6.c:224 icmp6_input(ffff80002e3efd08,ffff80002e3efd14,3a,18) at icmp6_input+0x8e8 sys/netinet6/icmp6.c:762 ip_deliver(ffff80002e3efd08,ffff80002e3efd14,3a,18) at ip_deliver+0x322 sys/netinet/ip_input.c:657 ip6_input_if(ffff80002e3efd08,ffff80002e3efd14,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd8067083000) at ipv6_input+0x48 sys/netinet6/ip6_input.c:169 if_input_local(ffff80000019f2a8,fffffd8067083000,18) at if_input_local+0x136 sys/net/if.c:778 ip6_output(fffffd8076c41a00,ffff800000c79d80,fffffd805c8cfa38,0,0,fffffd805c8cf9c0) at ip6_output+0xf57 rip6_output(fffffd80680c8500,fffffd80701a0050,ffff80002e3f0070,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:490 end trace frame: 0xffff80002e3f0110, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff825a4184) at panic+0x177 sys/kern/subr_prf.c:202 witness_checkorder(ffffffff82a6f1a0,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833 __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline] __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline] __mp_lock(ffffffff82a6ef98) at __mp_lock+0xa1 sys/kern/kern_lock.c:142 selwakeup(fffffd805ca43748) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline] selwakeup(fffffd805ca43748) at selwakeup+0x16 sys/kern/sys_generic.c:885 sorwakeup(fffffd805ca43630) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699 rip6_input(ffff80002e3efd08,ffff80002e3efd14,3a,18) at rip6_input+0x6bc sys/netinet6/raw_ip6.c:224 icmp6_input(ffff80002e3efd08,ffff80002e3efd14,3a,18) at icmp6_input+0x8e8 sys/netinet6/icmp6.c:762 ip_deliver(ffff80002e3efd08,ffff80002e3efd14,3a,18) at ip_deliver+0x322 sys/netinet/ip_input.c:657 ip6_input_if(ffff80002e3efd08,ffff80002e3efd14,29,0,ffff80000019f2a8) at ip6_input_if+0x920 ipv6_input(ffff80000019f2a8,fffffd8067083000) at ipv6_input+0x48 sys/netinet6/ip6_input.c:169 if_input_local(ffff80000019f2a8,fffffd8067083000,18) at if_input_local+0x136 sys/net/if.c:778 ip6_output(fffffd8076c41a00,ffff800000c79d80,fffffd805c8cfa38,0,0,fffffd805c8cf9c0) at ip6_output+0xf57 rip6_output(fffffd80680c8500,fffffd80701a0050,ffff80002e3f0070,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:490 rip6_usrreq(fffffd80701a0050,9,fffffd80680c8500,0,0,ffff8000ffff2008) at rip6_usrreq+0x5d3 sys/netinet6/raw_ip6.c:679 sosend(fffffd80701a0050,0,ffff80002e3f02a8,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582 dofilewritev(ffff8000ffff2008,4,ffff80002e3f02a8,0,ffff80002e3f03a0) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_write(ffff8000ffff2008,ffff80002e3f0348,ffff80002e3f03a0) at sys_write+0x83 sys/kern/sys_generic.c:301 syscall(ffff80002e3f0410) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e3f0410) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x90342742ad0, count: -20 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80002e3ef710 rbx 0xffff800020ce9bff rdx 0 rcx 0 rax 0xffff8000ffff2008 r8 0x101010101010101 r9 0x8080808080808080 r10 0x16195eed20abb49b r11 0x39b292eacd7e3256 r12 0xffff800020ce9a00 r13 0 r14 0 r15 0x1 rip 0xffffffff815a2d98 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e3ef700 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.6) pid=509025 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff800021834a90,0xffff8000ffff3518 process=0xffff8000fffe6588 user=0xffff80002e3eb000, vmspace=0xfffffd80778888c8 estcpu=36, cpticks=3, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 57162 426058 11616 0 2 0 syz-executor.3 8813 227437 81866 0 2 0x4081000 syz-executor.0 8813 13417 81866 0 3 0x4003000 suspend syz-executor.0 9606 416048 67050 0 2 0 syz-executor.2 9606 121201 67050 0 3 0x4000080 fsleep syz-executor.2 69520 245276 99232 0 2 0 syz-executor.7 69520 330086 99232 0 2 0x4000080 syz-executor.7 69520 222771 99232 0 3 0x4000080 fsleep syz-executor.7 96040 519517 81218 0 2 0 syz-executor.6 *96040 509025 81218 0 7 0x4000000 syz-executor.6 96040 31397 81218 0 3 0x4000080 fsleep syz-executor.6 96040 15796 81218 0 3 0x4000080 fsleep syz-executor.6 7799 332564 76571 0 2 0x1000000 syz-executor.5 7799 306883 76571 0 3 0x5000080 fsleep syz-executor.5 99232 62129 31492 0 3 0x82 nanoslp syz-executor.7 81866 196049 31492 0 3 0x82 nanoslp syz-executor.0 36936 162366 31492 0 3 0x82 nanoslp syz-executor.1 91201 359852 0 0 3 0x14280 nfsidl nfsio 39689 479191 0 0 3 0x14280 nfsidl nfsio 37682 217159 0 0 3 0x14280 nfsidl nfsio 84377 127459 0 0 3 0x14280 nfsidl nfsio 26259 194588 0 0 3 0x14280 nfsidl nfsio 78813 280228 0 0 3 0x14280 nfsidl nfsio 68868 318304 0 0 3 0x14280 nfsidl nfsio 91054 424254 0 0 3 0x14280 nfsidl nfsio 89294 11030 0 0 3 0x14280 nfsidl nfsio 50713 38511 0 0 3 0x14280 nfsidl nfsio 11236 500052 0 0 3 0x14280 nfsidl nfsio 26442 229628 0 0 3 0x14280 nfsidl nfsio 42566 241082 0 0 3 0x14280 nfsidl nfsio 26226 293824 0 0 3 0x14280 nfsidl nfsio 67910 169931 0 0 3 0x14280 nfsidl nfsio 88195 85591 0 0 3 0x14280 nfsidl nfsio 85019 83181 0 0 3 0x14280 nfsidl nfsio 17273 183659 0 0 3 0x14280 nfsidl nfsio 89047 356899 0 0 3 0x14280 nfsidl nfsio 9569 359634 0 0 3 0x14280 nfsidl nfsio 67050 152928 31492 0 3 0x82 nanoslp syz-executor.2 76571 290447 31492 0 3 0x82 nanoslp syz-executor.5 85354 53082 0 0 3 0x14200 bored sosplice 81client_loop: send disconnect: Broken pipe