login: witness: acquiring duplicate lock of same type: "&sc->sc_lock"
1st wsmuxlk @ /syzkaller/managers/multicore/kernel/sys/dev/wscons/wsmux.c:626
2nd wsmuxlk @ /syzkaller/managers/multicore/kernel/sys/dev/wscons/wsmux.c:242
Starting stack trace...
witness_checkorder(ffff800000026dd0,1,ffffffff81f354ca,f2,0) at witness_checkorder+0xe14 witness_debugger sys/kern/subr_witness.c:2650 [inline]
witness_checkorder(ffff800000026dd0,1,ffffffff81f354ca,f2,0) at witness_checkorder+0xe14 sys/kern/subr_witness.c:926
_rw_enter_read(ffff800000026dc0,ffffffff81f354ca,f2) at _rw_enter_read+0x80 sys/kern/kern_rwlock.c:102
wsmux_mux_open(ffff800000026d00,ffff80000069ed50) at wsmux_mux_open+0x82 wsmux_do_open sys/dev/wscons/wsmux.c:243 [inline]
wsmux_mux_open(ffff800000026d00,ffff80000069ed50) at wsmux_mux_open+0x82 sys/dev/wscons/wsmux.c:225
wsmux_attach_sc(ffff80000069ed00,ffff800000026d00) at wsmux_attach_sc+0x180 sys/dev/wscons/wsmux.c:667
VOP_IOCTL(fffffd806dc977d8,80085761,ffff800020baf4f0,f,fffffd807f7c7c60,ffff800020b95078) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290
vn_ioctl(fffffd806fcae1c8,80085761,ffff800020baf4f0,ffff800020b95078) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512
sys_ioctl(ffff800020b95078,ffff800020baf638,ffff800020baf620) at sys_ioctl+0x646
syscall(ffff800020baf6d0) at syscall+0x5ac mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020baf6d0) at syscall+0x5ac sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,7f7ffffcad68,0,1,7f7ffffcad78) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcad00, count: 248
End of stack trace.
Stopped at db_enter+0x18: addq $0x8,%rsp
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
witness_checkorder(ffff800000026dd0,1,ffffffff81f354ca,f2,0) at witness_checkorder+0xe19 witness_debugger sys/kern/subr_witness.c:2650 [inline]
witness_checkorder(ffff800000026dd0,1,ffffffff81f354ca,f2,0) at witness_checkorder+0xe19 sys/kern/subr_witness.c:926
_rw_enter_read(ffff800000026dc0,ffffffff81f354ca,f2) at _rw_enter_read+0x80 sys/kern/kern_rwlock.c:102
wsmux_mux_open(ffff800000026d00,ffff80000069ed50) at wsmux_mux_open+0x82 wsmux_do_open sys/dev/wscons/wsmux.c:243 [inline]
wsmux_mux_open(ffff800000026d00,ffff80000069ed50) at wsmux_mux_open+0x82 sys/dev/wscons/wsmux.c:225
wsmux_attach_sc(ffff80000069ed00,ffff800000026d00) at wsmux_attach_sc+0x180 sys/dev/wscons/wsmux.c:667
VOP_IOCTL(fffffd806dc977d8,80085761,ffff800020baf4f0,f,fffffd807f7c7c60,ffff800020b95078) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290
vn_ioctl(fffffd806fcae1c8,80085761,ffff800020baf4f0,ffff800020b95078) at vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512
sys_ioctl(ffff800020b95078,ffff800020baf638,ffff800020baf620) at sys_ioctl+0x646
syscall(ffff800020baf6d0) at syscall+0x5ac mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020baf6d0) at syscall+0x5ac sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,7f7ffffcad68,0,1,7f7ffffcad78) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcad00, count: -10
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff800020baf120
rbx 0x3
rdx 0xffffffff81f52f17 apollo_pio_rec+0xa34b
rcx 0x201
rax 0x14
r8 0xffffffff81316553 kprintf+0x183
r9 0x1
r10 0x67371e6496edc06b
r11 0x59e0b9fc10b215ae
r12 0xffffffff81f354ca substchar+0x955e
r13 0xf2
r14 0xffffffff81f25297 apollo_udma33_tim+0x16e4
r15 0xffffffff81f354ca substchar+0x955e
rip 0xffffffff81264218 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020baf110
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor4885) pid=339125 stat=onproc
flags process=2<EXEC> proc=0
pri=51, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff800020b94010,0xffffffff82334d38
process=0xffff800020b7a360 user=0xffff800020baa000, vmspace=0xfffffd806e9739e0
estcpu=1, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*92409 339125 41920 0 7 0x2 syz-executor4885
41920 152467 18834 0 3 0x10008a pause ksh
18834 213292 91967 0 3 0x92 select sshd
4663 522458 1 0 3 0x100083 ttyin getty
91967 384704 1 0 3 0x80 select sshd
54303 332731 44759 73 7 0x100090 syslogd
44759 183979 1 0 3 0x100082 netio syslogd
48617 151159 1 77 3 0x100090 poll dhclient
64938 261895 1 0 3 0x80 poll dhclient
11046 294389 0 0 3 0x14200 pgzero zerothread
47403 144960 0 0 3 0x14200 aiodoned aiodoned
22838 408602 0 0 3 0x14200 syncer update
29570 9065 0 0 3 0x14200 cleaner cleaner
23441 221776 0 0 3 0x14200 reaper reaper
74094 339835 0 0 3 0x14200 pgdaemon pagedaemon
7642 13249 0 0 3 0x14200 bored crynlk
69130 176507 0 0 3 0x14200 bored crypto
64478 508683 0 0 3 0x40014200 acpi0 acpi0
46057 51299 0 0 3 0x40014200 idle1
47849 449681 0 0 3 0x14200 bored softnet
46479 239090 0 0 3 0x14200 bored systqmp
49508 104188 0 0 3 0x14200 bored systq
61305 382881 0 0 3 0x40014200 bored softclock
7244 389438 0 0 3 0x40014200 idle0
1 371115 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 92409 (syz-executor4885) thread 0xffff800020b95078 (339125)
exclusive rwlock wsmuxlk r = 0 (0xffff80000069edd0) locked @ /syzkaller/managers/multicore/kernel/sys/dev/wscons/wsmux.c:626
#0 witness_lock+0x58a sys/kern/subr_witness.c:1205
#1 wsmux_attach_sc+0x48 sys/dev/wscons/wsmux.c:632
#2 VOP_IOCTL+0x9a sys/kern/vfs_vops.c:290
#3 vn_ioctl+0xc9 sys/kern/vfs_vnops.c:512
#4 sys_ioctl+0x646
#5 syscall+0x5ac mi_syscall sys/sys/syscall_mi.h:99 [inline]
#5 syscall+0x5ac sys/arch/amd64/amd64/trap.c:574
#6 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8235c720) locked @ /syzkaller/managers/multicore/kernel/sys/sys/syscall_mi.h:90
#0 witness_lock+0x58a sys/kern/subr_witness.c:1205
#1 syscall+0x47f mi_syscall sys/sys/syscall_mi.h:91 [inline]
#1 syscall+0x47f sys/arch/amd64/amd64/trap.c:574
#2 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9444 6323K 6323K 78643K 10532 0 0
pcb 23 9K 9K 78643K 55 0 0
rtable 61 2K 2K 78643K 115 0 0
ifaddr 21 7K 7K 78643K 21 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 2K 78643K 13 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1167 73K 73K 78643K 1172 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1792 194K 288K 78643K 12592 0 0
file desc 1 0K 0K 78643K 1 0 0
proc 40 38K 46K 78643K 207 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 11 0K 0K 78643K 11 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
exec 0 0K 1K 78643K 150 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 47 2K 3K 78643K 651 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 3 0K 0K 78643K 3 0 0
temp 30 2347K 2411K 78643K 1695 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 2 0 0 1 0 1 1 0 8 0
inpcbpl 280 22 0 16 1 0 1 1 0 8 0
plimitpl 152 13 0 8 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1383 0 17 45 0 45 45 0 8 0
ffsino 272 1383 0 17 92 0 92 92 0 8 0
nchpl 144 1555 0 30 57 0 57 57 0 8 0
uvmvnodes 72 1392 0 0 26 0 26 26 0 8 0
vnodes 200 1392 0 0 74 0 74 74 0 8 0
namei 1024 3262 0 3262 2 1 1 1 0 8 1
percpumem 16 30 0 0 1 0 1 1 0 8 0
scxspl 192 2230 0 2230 2 1 1 2 0 8 1
sigapl 432 174 0 164 2 0 2 2 0 8 0
knotepl 112 5 0 0 1 0 1 1 0 8 0
kqueuepl 104 1 0 0 1 0 1 1 0 8 0
pipepl 112 114 0 107 2 1 1 1 0 8 0
fdescpl 488 175 0 164 2 0 2 2 0 8 0
filepl 152 808 0 765 2 0 2 2 0 8 0
lockfpl 104 6 0 6 1 1 0 1 0 8 0
lockfspl 32 3 0 3 1 1 0 1 0 8 0
sessionpl 112 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 96 47 0 40 1 0 1 1 0 8 0
zombiepl 144 164 0 164 2 1 1 1 0 8 1
processpl 840 189 0 164 4 0 4 4 0 8 0
procpl 600 189 0 164 3 0 3 3 0 8 0
sockpl 384 64 0 48 2 0 2 2 0 8 0
mcl4k 4096 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 56 0 0 7 0 7 7 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 75 0 0 5 0 5 5 0 8 0
bufpl 256 1998 0 254 109 0 109 109 0 8 0
anonpl 16 16670 0 15588 6 1 5 6 0 125 0
amapchunkpl 152 487 0 452 2 0 2 2 0 158 0
amappl16 192 72 0 67 1 0 1 1 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 1 0 1 1 1 0 1 0 8 0
amappl13 168 16 0 13 1 0 1 1 0 8 0
amappl12 160 6 0 6 1 1 0 1 0 8 0
amappl11 152 174 0 165 1 0 1 1 0 8 0
amappl10 144 44 0 43 1 0 1 1 0 8 0
amappl9 136 205 0 204 1 0 1 1 0 8 0
amappl8 128 106 0 100 1 0 1 1 0 8 0
amappl7 120 29 0 25 1 0 1 1 0 8 0
amappl6 112 41 0 37 1 0 1 1 0 8 0
amappl5 104 139 0 128 1 0 1 1 0 8 0
amappl4 96 258 0 239 1 0 1 1 0 8 0
amappl3 88 112 0 107 1 0 1 1 0 8 0
amappl2 80 564 0 529 1 0 1 1 0 8 0
amappl1 72 11499 0 11118 14 4 10 14 0 8 0
amappl 72 365 0 346 1 0 1 1 0 75 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma64 64 259 0 259 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
uaddrrnd 24 175 0 164 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 175 0 164 1 0 1 1 0 8 0
vmmpekpl 168 5133 0 5113 1 0 1 1 0 8 0
vmmpepl 168 23435 0 22751 43 9 34 43 0 357 3
vmsppl 360 174 0 164 2 0 2 2 0 8 0
pdppl 4096 357 0 328 5 0 5 5 0 8 0
pvpl 32 68960 0 66254 29 3 26 26 0 265 1
pmappl 224 174 0 164 1 0 1 1 0 8 0
extentpl 40 39 0 25 1 0 1 1 0 8 0
phpool 112 234 0 3 7 0 7 7 0 8 0
ddb{0}>