login: witness: panic: kernel diagnostic assertion "_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_event.c", line 1076
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*311700 6806 32767 0x10 0x4000000 1 syz-executor4079
524263 34869 32767 0x10 0x480 0 syz-executor4079
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:208
__assert(ffffffff81f8c2bf,ffffffff81f90d96,434,ffffffff81f96de6) at __assert+0x2e sys/kern/subr_prf.c:155
knote_enqueue(fffffd806ec57d20) at knote_enqueue+0x216 sys/kern/kern_event.c:1076
knote(ffffffff8234b168,1000000) at knote+0xbd sys/kern/kern_event.c:957
selwakeup(ffffffff8234b168) at selwakeup+0x3b sys/kern/sys_generic.c:795
logwakeup() at logwakeup+0x3b sys/kern/subr_log.c:310
printf(ffffffff81f6acf3) at printf+0x9f sys/kern/subr_prf.c:519
witness_warn(2,0,ffffffff81f92281) at witness_warn+0x211 sys/kern/subr_witness.c:1416
userret(ffff800020b14008) at userret+0x32a sys/kern/kern_sig.c:1902
syscall(ffff800020be5c90) at syscall+0x614 mi_syscall_return sys/sys/syscall_mi.h:122 [inline]
syscall(ffff800020be5c90) at syscall+0x614 sys/arch/amd64/amd64/trap.c:596
Xsyscall(6,5,e9eef3fb288,0,e9eef3fb268,e9eef3fb260) at Xsyscall+0x128
end of kernel
end trace frame: 0xea1384dfa10, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel diagnostic assertion "_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_event.c", line 1076
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:208
__assert(ffffffff81f8c2bf,ffffffff81f90d96,434,ffffffff81f96de6) at __assert+0x2e sys/kern/subr_prf.c:155
knote_enqueue(fffffd806ec57d20) at knote_enqueue+0x216 sys/kern/kern_event.c:1076
knote(ffffffff8234b168,1000000) at knote+0xbd sys/kern/kern_event.c:957
selwakeup(ffffffff8234b168) at selwakeup+0x3b sys/kern/sys_generic.c:795
logwakeup() at logwakeup+0x3b sys/kern/subr_log.c:310
printf(ffffffff81f6acf3) at printf+0x9f sys/kern/subr_prf.c:519
witness_warn(2,0,ffffffff81f92281) at witness_warn+0x211 sys/kern/subr_witness.c:1416
userret(ffff800020b14008) at userret+0x32a sys/kern/kern_sig.c:1902
syscall(ffff800020be5c90) at syscall+0x614 mi_syscall_return sys/sys/syscall_mi.h:122 [inline]
syscall(ffff800020be5c90) at syscall+0x614 sys/arch/amd64/amd64/trap.c:596
Xsyscall(6,5,e9eef3fb288,0,e9eef3fb268,e9eef3fb260) at Xsyscall+0x128
end of kernel
end trace frame: 0xea1384dfa10, count: -12
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020be5800
rbx 0xffff800020be58b0
rdx 0x8b
rcx 0x2
rax 0x1
r8 0xffffffff81df1983 kprintf+0x173
r9 0x1
r10 0xbc7e49610bab61f9
r11 0xbffcad399a1fdb0c
r12 0x3000000008
r13 0xffff800020be5810
r14 0x100
r15 0x1
rip 0xffffffff81c2c858 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020be57f0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor4079) pid=311700 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=63, nice=20
forw=0xffffffffffffffff, list=0xffff800020b14710,0xffff800020b15530
process=0xffff800020b3a6a0 user=0xffff800020be0000, vmspace=0xfffffd807effd708
estcpu=13, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
65336 393080 34620 32767 2 0x10 syz-executor4079
65336 244198 34620 32767 3 0x4000090 fsleep syz-executor4079
65336 433116 34620 32767 2 0x4000090 syz-executor4079
6806 264436 34869 32767 2 0x10 syz-executor4079
* 6806 311700 34869 32767 7 0x4000010 syz-executor4079
6806 40847 34869 32767 3 0x4000090 fsleep syz-executor4079
6806 485940 34869 32767 2 0x4000010 syz-executor4079
34620 380345 35052 32767 3 0x90 nanosleep syz-executor4079
34869 524263 36380 32767 7 0x490 syz-executor4079
35052 160964 65466 0 3 0x80 wait syz-executor4079
36380 308764 65466 0 3 0x80 wait syz-executor4079
65466 317990 65088 0 3 0x82 nanosleep syz-executor4079
65088 178656 11103 0 3 0x10008a pause ksh
11103 290261 80348 0 3 0x92 select sshd
6558 333422 1 0 3 0x100083 ttyin getty
80348 143113 1 0 3 0x80 select sshd
18416 362853 99472 73 3 0x100090 kqread syslogd
99472 255932 1 0 3 0x100082 netio syslogd
69013 313742 1 77 3 0x100090 poll dhclient
69575 318374 1 0 3 0x80 poll dhclient
76534 345340 0 0 3 0x14200 pgzero zerothread
25686 141498 0 0 3 0x14200 aiodoned aiodoned
80179 122887 0 0 3 0x14200 syncer update
70940 339976 0 0 3 0x14200 cleaner cleaner
9758 337158 0 0 3 0x14200 reaper reaper
84386 82687 0 0 3 0x14200 pgdaemon pagedaemon
86482 47439 0 0 3 0x14200 bored crynlk
50168 363702 0 0 3 0x14200 bored crypto
49943 436723 0 0 3 0x40014200 acpi0 acpi0
18709 120089 0 0 3 0x40014200 idle1
93715 326062 0 0 3 0x14200 bored softnet
38828 227400 0 0 3 0x14200 bored systqmp
7275 8963 0 0 3 0x14200 bored systq
96276 381000 0 0 3 0x40014200 bored softclock
73351 309821 0 0 3 0x40014200 idle0
45081 444877 0 0 3 0x14200 bored smr
1 405788 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 6806 (syz-executor4079) thread 0xffff800020b14008 (311700)
exclusive rrwlock inode r = 0 (0xfffffd806f7cfa30)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 rw_enter+0x414 sys/kern/kern_rwlock.c:278
#2 rrw_enter+0x4f sys/kern/kern_rwlock.c:407
#3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:602
#4 vn_write+0x169 vn_lock sys/kern/vfs_vnops.c:549 [inline]
#4 vn_write+0x169 sys/kern/vfs_vnops.c:393
#5 dofilewritev+0x1a9 sys/kern/sys_generic.c:364
#6 sys_write+0x83 sys/kern/sys_generic.c:284
#7 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#7 syscall+0x552 sys/arch/amd64/amd64/trap.c:574
#8 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9447 6316K 6316K 78643K 10534 0 0
pcb 23 9K 9K 78643K 55 0 0
rtable 61 2K 2K 78643K 115 0 0
ifaddr 21 7K 7K 78643K 21 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 2K 78643K 13 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1166 73K 73K 78643K 2078 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12628 0 0
file desc 3 4K 5K 78643K 1054 0 0
proc 41 38K 46K 78643K 208 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 11 0K 0K 78643K 11 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 48 212K 212K 78643K 48 0 0
exec 0 0K 1K 78643K 152 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 64 19K 19K 78643K 1994 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 3 0K 0K 78643K 3 0 0
temp 30 2699K 2763K 78643K 2406 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 2 0 0 1 0 1 1 0 8 0
inpcbpl 280 22 0 16 1 0 1 1 0 8 0
plimitpl 152 15 0 8 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
syncache 264 5 0 5 2 2 0 1 0 8 0
tcpcb 544 8 0 5 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 2641 0 1272 45 0 45 45 0 8 0
ffsino 272 2641 0 1272 92 0 92 92 0 8 0
nchpl 144 3165 0 1637 57 0 57 57 0 8 0
uvmvnodes 72 2650 0 0 49 0 49 49 0 8 0
vnodes 200 2650 0 0 140 0 140 140 0 8 0
namei 1024 10294 0 10294 2 1 1 1 0 8 1
percpumem 16 30 0 0 1 0 1 1 0 8 0
scxspl 192 5202 0 5202 13 12 1 6 0 8 1
sigapl 432 531 0 515 2 0 2 2 0 8 0
futexpl 56 3093 0 3091 1 0 1 1 0 8 0
knotepl 112 5 0 0 1 0 1 1 0 8 0
kqueuepl 104 1 0 0 1 0 1 1 0 8 0
pipepl 112 118 0 111 2 1 1 1 0 8 0
fdescpl 488 532 0 515 3 0 3 3 0 8 0
filepl 152 5376 0 5325 3 0 3 3 0 8 0
lockfpl 104 6 0 6 1 1 0 1 0 8 0
lockfspl 32 3 0 3 1 1 0 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 4262 0 4253 1 0 1 1 0 8 0
zombiepl 144 515 0 515 3 2 1 1 0 8 1
processpl 840 547 0 515 4 0 4 4 0 8 0
procpl 600 1521 0 1484 5 2 3 4 0 8 0
sockpl 384 64 0 48 2 0 2 2 0 8 0
mcl4k 4096 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 87 0 0 10 0 10 10 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 123 0 0 7 0 7 7 0 8 0
bufpl 256 2435 0 245 137 0 137 137 0 8 0
anonpl 16 39620 0 38347 7 1 6 6 0 125 0
amapchunkpl 152 2796 0 2745 3 0 3 3 0 158 0
amappl16 192 619 0 608 1 0 1 1 0 8 0
amappl14 176 14 0 13 3 2 1 1 0 8 0
amappl12 160 10 0 10 2 2 0 1 0 8 0
amappl11 152 44 0 30 1 0 1 1 0 8 0
amappl10 144 46 0 46 2 2 0 1 0 8 0
amappl9 136 413 0 407 1 0 1 1 0 8 0
amappl8 128 84 0 80 1 0 1 1 0 8 0
amappl7 120 15 0 14 1 0 1 1 0 8 0
amappl6 112 45 0 40 1 0 1 1 0 8 0
amappl5 104 116 0 107 1 0 1 1 0 8 0
amappl4 96 1088 0 1059 1 0 1 1 0 8 0
amappl3 88 107 0 101 1 0 1 1 0 8 0
amappl2 80 3730 0 3672 2 0 2 2 0 8 0
amappl1 72 24121 0 23642 14 4 10 14 0 8 0
amappl 72 1700 0 1668 1 0 1 1 0 75 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma64 64 259 0 259 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
uaddrrnd 24 532 0 515 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 532 0 515 1 0 1 1 0 8 0
vmmpekpl 168 8055 0 8034 2 0 2 2 0 8 0
vmmpepl 168 56587 0 55621 62 19 43 44 0 357 0
vmsppl 360 531 0 515 2 0 2 2 0 8 0
pdppl 4096 1072 0 1030 6 0 6 6 0 8 0
pvpl 32 120993 0 117875 33 7 26 26 0 265 0
pmappl 232 531 0 515 1 0 1 1 0 8 0
extentpl 40 39 0 25 1 0 1 1 0 8 0
phpool 112 268 0 3 8 0 8 8 0 8 0