panic: kernel diagnostic assertion "__mp_lock_held(&sched_lock, curcpu()) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_lock.c", line 63
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
__assert(ffffffff8172be34,ffff80002112b430,ffff800021085778,ffff80000002f180) at __assert+0x24 sys/kern/subr_prf.c:155
_kernel_lock(ffff800021085778,ffff800021126000) at _kernel_lock+0x125 sys/kern/kern_lock.c:63
pageflttrap() at pageflttrap+0x6c sys/arch/amd64/amd64/trap.c:163
kerntrap(9) at kerntrap+0x8d sys/arch/amd64/amd64/trap.c:294
alltraps_kern(6,82000,ffffffffffffffff,0,9,ffff800021085778) at alltraps_kern+0x7b
ptsignal(17ae,ffff800021085778,ffff800021071620) at ptsignal+0x115 sys/kern/kern_sig.c:944
mi_switch() at mi_switch+0x1fb sys/kern/sched_bsd.c:392
sleep_finish(1,ffff80002112b6c0) at sleep_finish+0xd3 sys/kern/kern_synch.c:312
sleep_finish_all(ffff80002112b6c0,32) at sleep_finish_all+0x22 sleep_finish_timeout sys/kern/kern_synch.c:336 [inline]
sleep_finish_all(ffff80002112b6c0,32) at sleep_finish_all+0x22 sys/kern/kern_synch.c:157
tsleep(ffff800021085778,3,0,ffff8000210716e8) at tsleep+0x142
single_thread_set(ffff800021085778,ffff800021085778,0) at single_thread_set+0x28b single_thread_wait sys/kern/kern_sig.c:2051 [inline]
single_thread_set(ffff800021085778,ffff800021085778,0) at single_thread_set+0x28b sys/kern/kern_sig.c:2042
exit1(ffff800021085778,9,0) at exit1+0x84 sys/kern/kern_exit.c:137
end trace frame: 0xffff80002112b890, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> show panic
kernel diagnostic assertion "__mp_lock_held(&sched_lock, curcpu()) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_lock.c", line 63
ddb{0}> trace
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
__assert(ffffffff8172be34,ffff80002112b430,ffff800021085778,ffff80000002f180) at __assert+0x24 sys/kern/subr_prf.c:155
_kernel_lock(ffff800021085778,ffff800021126000) at _kernel_lock+0x125 sys/kern/kern_lock.c:63
pageflttrap() at pageflttrap+0x6c sys/arch/amd64/amd64/trap.c:163
kerntrap(9) at kerntrap+0x8d sys/arch/amd64/amd64/trap.c:294
alltraps_kern(6,82000,ffffffffffffffff,0,9,ffff800021085778) at alltraps_kern+0x7b
ptsignal(17ae,ffff800021085778,ffff800021071620) at ptsignal+0x115 sys/kern/kern_sig.c:944
mi_switch() at mi_switch+0x1fb sys/kern/sched_bsd.c:392
sleep_finish(1,ffff80002112b6c0) at sleep_finish+0xd3 sys/kern/kern_synch.c:312
sleep_finish_all(ffff80002112b6c0,32) at sleep_finish_all+0x22 sleep_finish_timeout sys/kern/kern_synch.c:336 [inline]
sleep_finish_all(ffff80002112b6c0,32) at sleep_finish_all+0x22 sys/kern/kern_synch.c:157
tsleep(ffff800021085778,3,0,ffff8000210716e8) at tsleep+0x142
single_thread_set(ffff800021085778,ffff800021085778,0) at single_thread_set+0x28b single_thread_wait sys/kern/kern_sig.c:2051 [inline]
single_thread_set(ffff800021085778,ffff800021085778,0) at single_thread_set+0x28b sys/kern/kern_sig.c:2042
exit1(ffff800021085778,9,0) at exit1+0x84 sys/kern/kern_exit.c:137
postsig(100,ffff800021085778) at postsig+0x3ea sigexit sys/kern/kern_sig.c:1500 [inline]
postsig(100,ffff800021085778) at postsig+0x3ea sys/kern/kern_sig.c:1432
userret(0) at userret+0x11b sys/kern/kern_sig.c:1882
syscall(0) at syscall+0x54d mi_syscall_return sys/sys/syscall_mi.h:122 [inline]
syscall(0) at syscall+0x54d sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,58,3ceb4e87a00,53,0,3cecb9d9a40) at Xsyscall+0x128
end of kernel
end trace frame: 0x3cf36212fb0, count: -18
ddb{0}> show registers
rdi 0xffffffff81e3d210 kprintf_mutex
rsi 0x5
rbp 0xffff80002112b390
rbx 0xffff80002112b430
rdx 0x3fd
rcx 0
rax 0x1
r8 0xffff80002112b360
r9 0x8080808080808080
r10 0
r11 0xffffffff816984e0 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff80002112b3a0
r14 0x100
r15 0xffffffff81bf66f0 cmd0646_9_tim_udma+0x1ebfb
rip 0xffffffff8188a89a db_enter+0xa
cs 0x8
rflags 0x202
rsp 0xffff80002112b390
ss 0x10
db_enter+0xa: popq %rbp
ddb{0}> show proc
PROC (syz-executor5550) pid=119238 stat=sleep
flags process=1000<SINGLEEXIT> proc=4002000<WEXIT,THREAD>
pri=50, usrpri=50, nice=20
forw=0x0, list=0xffff8000210852c8,0xffff800021084978
process=0xffff800021071620 user=0xffff800021126000, vmspace=0xffffff007f125528
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*15395 119238 28346 0 3 0x4003000 suspend syz-executor5550
15395 417257 28346 0 2 0x4081000 syz-executor5550
28346 284878 94619 0 3 0x80 nanosleep syz-executor5550
60014 217522 94619 0 3 0x80 nanosleep syz-executor5550
94619 71961 32712 0 3 0x82 nanosleep syz-executor5550
32712 564 76317 0 3 0x10008a pause ksh
76317 67270 53563 0 3 0x92 select sshd
61787 344689 1 0 3 0x100083 ttyin getty
53563 340940 1 0 3 0x80 select sshd
96462 163327 62857 73 3 0x100090 kqread syslogd
62857 51166 1 0 3 0x100082 netio syslogd
82747 423381 1 77 3 0x100090 poll dhclient
61770 477583 1 0 3 0x80 poll dhclient
44288 141028 0 0 2 0x14200 zerothread
2949 95657 0 0 3 0x14200 aiodoned aiodoned
59569 2744 0 0 3 0x14200 syncer update
97615 18787 0 0 3 0x14200 cleaner cleaner
31075 516634 0 0 3 0x14200 reaper reaper
92050 406702 0 0 3 0x14200 pgdaemon pagedaemon
57938 307153 0 0 3 0x14200 bored crynlk
35754 9636 0 0 3 0x14200 bored crypto
28435 50474 0 0 3 0x40014200 acpi0 acpi0
27223 311074 0 0 3 0x40014200 idle1
51849 92683 0 0 3 0x14200 bored softnet
87709 391602 0 0 3 0x14200 bored systqmp
36507 388915 0 0 3 0x14200 bored systq
6364 371912 0 0 3 0x40014200 bored softclock
91853 126411 0 0 3 0x40014200 idle0
1 71431 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}>