panic: kernel diagnostic assertion "__mp_lock_held(&sched_lock, curcpu()) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/sched_bsd.c", line 439
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827a19e2) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff8281ff79,ffffffff8286d586,1b7,ffffffff82858c35) at __assert+0x29 sys/kern/subr_prf.c:157
mi_switch() at mi_switch+0x5a3 sys/kern/sched_bsd.c:448
sched_idle(ffff800020d58ff0) at sched_idle+0x1a6 sys/kern/kern_sched.c:174
end trace frame: 0x0, count: 10
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "__mp_lock_held(&sched_lock, curcpu()) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/sched_bsd.c", line 439
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827a19e2) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff8281ff79,ffffffff8286d586,1b7,ffffffff82858c35) at __assert+0x29 sys/kern/subr_prf.c:157
mi_switch() at mi_switch+0x5a3 sys/kern/sched_bsd.c:448
sched_idle(ffff800020d58ff0) at sched_idle+0x1a6 sys/kern/kern_sched.c:174
end trace frame: 0x0, count: -5
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002119f930
rbx 0xffff800020d59b9f
rdx 0
rcx 0xffff800021168ff0
rax 0xffff800020d58ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xb52cad0da3b59e4
r11 0xd7eb3714cc74fd83
r12 0xffff800020d599a0
r13 0
r14 0
r15 0x1
rip 0xffffffff810eab1c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002119f920
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
PROC (idle1) pid=146307 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
pri=0, usrpri=50, nice=20
forw=0x95a28e2492dfc02b, list=0xffff800021168d48,0xffff8000211692a8
process=0xffff8000ffffc000 user=0xffff80002119a000, vmspace=0xffffffff82d8bca0
estcpu=0, cpticks=54823, pctcpu=0.0
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
26390 135841 68128 0 3 0x82 piperd syz-executor.7
62069 204349 68128 0 3 0x82 piperd syz-executor.0
93301 410615 68128 0 3 0x82 piperd syz-executor.3
90794 496514 0 0 3 0x14280 nfsidl nfsio
2157 496499 0 0 3 0x14280 nfsidl nfsio
67874 378470 0 0 3 0x14280 nfsidl nfsio
30536 141152 0 0 3 0x14280 nfsidl nfsio
80901 321531 0 0 3 0x14280 nfsidl nfsio
61915 429685 0 0 3 0x14280 nfsidl nfsio
12946 10975 0 0 3 0x14280 nfsidl nfsio
93746 357742 0 0 3 0x14280 nfsidl nfsio
30097 383637 0 0 3 0x14280 nfsidl nfsio
18294 484897 0 0 3 0x14280 nfsidl nfsio
19994 127018 0 0 3 0x14280 nfsidl nfsio
8527 340287 0 0 3 0x14280 nfsidl nfsio
1072 403958 0 0 3 0x14280 nfsidl nfsio
13744 523949 0 0 3 0x14280 nfsidl nfsio
66130 372953 0 0 3 0x14280 nfsidl nfsio
69641 244975 0 0 3 0x14280 nfsidl nfsio
74433 196902 0 0 3 0x14280 nfsidl nfsio
11232 212368 0 0 3 0x14280 nfsidl nfsio
50676 164252 0 0 3 0x14280 nfsidl nfsio
35797 170043 0 0 3 0x14280 nfsidl nfsio
38696 410547 1 0 3 0x100083 ttyin getty
48305 506587 68128 0 3 0x82 piperd syz-executor.5
43923 301720 0 0 3 0x14200 acct acct
40220 339568 68128 0 3 0x82 piperd syz-executor.4
75472 261621 68128 0 3 0x82 wait syz-executor.1
66769 169066 68128 0 3 0x82 piperd syz-executor.6
34446 210145 68128 0 3 0x82 piperd syz-executor.2
83883 99152 0 0 3 0x14200 bored sosplice
48159 110115 5795 0 3 0x100082 netio ndp
5795 281986 1 0 3 0x10008a sigsusp sh
685 500631 5737 0 3 0x100082 netio arp
5737 22486 1 0 3 0x10008a sigsusp sh
68128 400514 81307 0 3 0x2000082 wait syz-fuzzer
68128 420239 81307 0 3 0x6000082 thrsleep syz-fuzzer
68128 229589 81307 0 3 0x6000082 thrsleep syz-fuzzer
68128 457543 81307 0 3 0x6000082 wait syz-fuzzer
68128 355268 81307 0 3 0x6000082 thrsleep syz-fuzzer
68128 84817 81307 0 3 0x6000082 wait syz-fuzzer
68128 377419 81307 0 3 0x6000082 thrsleep syz-fuzzer
68128 503430 81307 0 3 0x6000082 thrsleep syz-fuzzer
68128 384031 81307 0 3 0x6000082 wait syz-fuzzer
68128 424524 81307 0 3 0x6000082 kqread syz-fuzzer
68128 452673 81307 0 3 0x6000082 thrsleep syz-fuzzer
68128 284998 81307 0 3 0x6000082 wait syz-fuzzer
68128 160040 81307 0 3 0x6000082 wait syz-fuzzer
68128 451420 81307 0 3 0x6000082 thrsleep syz-fuzzer
68128 332356 81307 0 3 0x6000082 wait syz-fuzzer
68128 199542 81307 0 3 0x6000082 wait syz-fuzzer
81307 148862 6581 0 3 0x10008a sigsusp ksh
6581 470171 64379 0 3 0x9a kqread sshd
64379 64288 1 0 3 0x88 kqread sshd
72978 289148 35076 74 3 0x1100092 bpf pflogd
35076 150529 1 0 3 0x80 netio pflogd
90545 57549 46991 73 3 0x1100090 kqread syslogd
46991 315889 1 0 3 0x100082 netio syslogd
5096 69877 1 0 3 0x100080 kqread resolvd
72645 344442 4789 77 3 0x100092 kqread dhcpleased
65063 167067 4789 77 3 0x100092 kqread dhcpleased
4789 165638 1 0 3 0x80 kqread dhcpleased
65811 408370 0 0 3 0x14200 bored smr
25903 282239 0 0 3 0x14200 pgzero zerothread
3207 248732 0 0 3 0x14200 aiodoned aiodoned
44535 301436 0 0 3 0x14200 syncer update
28813 384040 0 0 3 0x14200 cleaner cleaner
13388 70390 0 0 3 0x14200 reaper reaper
85032 53483 0 0 3 0x14200 pgdaemon pagedaemon
94513 14555 0 0 3 0x14200 bored viomb
28538 189810 0 0 3 0x40014200 acpi0 acpi0
*22973 146307 0 0 7 0x40014200 idle1
20177 373339 0 0 3 0x14200 bored softnet3
34254 168817 0 0 3 0x14200 bored softnet2
2038 368532 0 0 3 0x14200 bored softnet1
48369 226304 0 0 3 0x14200 bored softnet0
13448 491740 0 0 3 0x14200 bored systqmp
56335 469140 0 0 3 0x14200 bored systq
19106 208305 0 0 3 0x40014200 bored softclock
78538 265249 0 0 7 0x40014200 idle0
1 279469 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive sched_lock &sched_lock r = 1 (0xffffffff82cfb918)
#0 witness_lock+0x447
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x484 sys/kern/sched_bsd.c:473
#3 sleep_finish+0x19b sys/kern/kern_synch.c:414
#4 msleep+0xea sys/kern/kern_synch.c:249
#5 single_thread_set+0x39e single_thread_wait sys/kern/kern_sig.c:2178 [inline]
#5 single_thread_set+0x39e sys/kern/kern_sig.c:2155
#6 exit1+0xaa
#7 sigexit+0xd3 sys/kern/kern_sig.c:1567
#8 postsig+0x4a9 sys/kern/kern_sig.c:1494
#9 userret+0x16e sys/kern/kern_sig.c:1987
#10 syscall+0x4e7 mi_syscall_return sys/sys/syscall_mi.h:137 [inline]
#10 syscall+0x4e7 sys/arch/amd64/amd64/trap.c:644
#11 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10220 6504K 7498K 78643K 38865 0
pcb 13 18K 21K 78643K 13201 0
rtable 243 7K 7K 78643K 1619 0
pf 32 9K 10K 78643K 411 0
ifaddr 45 17K 18K 78643K 301 0
ifgroup 55 2K 2K 78643K 619 0
sysctl 3 1K 3K 78643K 24 0
counters 60 35K 36K 78643K 388 0
ioctlops 0 0K 4K 78643K 1978 0
iov 0 0K 24K 78643K 1215 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1589 99K 99K 78643K 11854 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 164 0
VM map 2 1K 1K 78643K 2 0
sem 11 1K 1K 78643K 14 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 93K 78643K 16427 0
sigio 0 0K 0K 78643K 456 0
proc 70 91K 115K 78643K 2023 0
subproc 130 8K 8K 78643K 512 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 506 0
in_multi 99 7K 7K 78643K 530 0
ether_multi 1 0K 0K 78643K 13 0
mrt 1 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 187 837K 837K 78643K 187 0
exec 0 0K 1K 78643K 2544 0
pfkey data 0 0K 0K 78643K 10 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 451 97K 133K 78643K 159379 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 350 0
NDP 12 0K 1K 78643K 246 0
temp 82 5920K 6052K 78643K 118179 0
kqueue 12 18K 29K 78643K 1080 0
SYN cache 2 16K 24K 78643K 3 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 476 0 471 6 5 1 3 0 8 0
rtentry 112 504 0 391 4 0 4 4 0 8 0
unpcb 144 12044 0 12029 149 144 5 9 0 8 4
syncache 304 208 0 208 35 35 0 1 0 8 0
tcpqe 32 503 0 503 30 30 0 2 0 8 0
tcpcb 808 5562 0 5558 162 161 1 11 0 8 0
arp 120 75 0 57 1 0 1 1 0 8 0
ipq 40 3 0 3 1 1 0 1 0 8 0
ipqe 40 9 0 9 1 1 0 1 0 8 0
inpcb 368 24829 0 24822 324 320 4 23 0 8 3
nd6 136 119 0 92 2 0 2 2 0 8 0
pkpcb 40 22 0 22 5 5 0 1 0 8 0
kcovpl 48 37 0 27 1 0 1 1 0 8 0
ppxss 1256 66 0 66 19 19 0 1 0 8 0
pffrag 232 135 0 134 12 11 1 1 0 482 0
pffrnode 88 135 0 134 12 11 1 1 0 8 0
pffrent 40 343 0 342 13 12 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 505 0 501 1 0 1 1 0 8 0
pfstkey 128 505 0 501 4 3 1 2 0 8 0
pfstate 376 505 0 501 16 14 2 5 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1722 0 1243 34 3 31 31 0 8 0
art_table 32 1723 0 1243 4 0 4 4 0 8 0
art_node 16 426 0 323 1 0 1 1 0 8 0
semapl 112 12 0 3 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 23568 0 22045 96 0 96 96 0 8 0
ffsino 272 23568 0 22045 102 0 102 102 0 8 0
nchpl 144 45293 0 44800 63 40 23 63 0 8 0
uvmvnodes 80 9258 0 0 189 0 189 189 0 8 0
vnodes 216 9258 0 0 515 0 515 515 0 8 0
namei 1024 145628 0 145628 14 13 1 2 0 8 1
percpumem 16 207 0 164 1 0 1 1 0 8 0
vmpool 696 143 0 143 19 18 1 1 0 8 1
kstatmem 264 352 0 328 2 0 2 2 0 8 0
scxspl 216 171036 0 171036 43 42 1 8 1 8 1
plimitpl 152 1683 0 1665 1 0 1 1 0 8 0
sigapl 424 16763 0 16696 13 4 9 9 0 8 0
futexpl 64 135033 0 135033 17 16 1 1 0 8 1
knotepl 120 694 0 0 12 2 10 11 0 8 0
kqueuepl 216 2189 0 2181 37 36 1 5 0 8 0
pipepl 320 3660 0 3626 116 112 4 9 0 8 0
fdescpl 496 16681 0 16653 5 0 5 5 0 8 0
filepl 152 110060 0 109786 218 203 15 22 0 8 4
lockfpl 104 9106 0 9104 28 27 1 4 0 8 0
lockfspl 48 3811 0 3809 2 1 1 2 0 8 0
sessionpl 144 61 0 42 1 0 1 1 0 8 0
pgrppl 48 245 0 226 1 0 1 1 0 8 0
ucredpl 104 15443 0 15430 1 0 1 1 0 8 0
zombiepl 144 16697 0 16696 3 2 1 1 0 8 0
processpl 1072 16763 0 16696 5 0 5 5 0 8 0
procpl 680 46655 0 46572 15 6 9 10 0 8 0
srpgc 96 2 0 2 1 1 0 1 0 8 0
sosppl 168 788 0 788 30 30 0 1 0 8 0
sockpl 488 37465 0 37438 754 743 11 34 0 8 7
mcl64k 65536 25 0 0 3 0 3 3 0 8 0
mcl16k 16384 29 0 0 4 2 2 3 0 8 0
mcl12k 12288 25 0 0 2 0 2 2 0 8 0
mcl9k 9216 14 0 0 1 0 1 1 0 8 0
mcl8k 8192 34 0 0 3 0 3 3 0 8 0
mcl4k 4096 33 0 0 3 0 3 3 0 8 0
mcl2k2 2112 12 0 0 1 0 1 1 0 8 0
mcl2k 2048 815 0 0 56 22 34 43 0 8 0
mtagpl 96 1459 0 0 25 0 25 25 0 8 0
mbufpl 256 2389 0 0 107 0 107 107 0 8 0
bufpl 288 32623 0 23365 662 0 662 662 0 8 0
anonpl 24 1816084 0 1801922 317 204 113 164 0 186 0
amapchunkpl 152 512825 0 512041 225 183 42 67 0 158 0
amappl16 200 36981 0 36528 246 220 26 39 0 8 0
amappl15 192 69 0 68 1 0 1 1 0 8 0
amappl14 184 266 0 246 5 3 2 2 0 8 0
amappl13 176 9 0 9 2 2 0 1 0 8 0
amappl12 168 17798 0 17763 4 1 3 3 0 8 0
amappl11 160 65 0 51 1 0 1 1 0 8 0
amappl10 152 72 0 54 1 0 1 1 0 8 0
amappl9 144 324 0 324 36 36 0 1 0 8 0
amappl8 136 892 0 697 7 0 7 7 0 8 0
amappl7 128 153 0 138 2 0 2 2 0 8 0
amappl6 120 591 0 558 4 2 2 3 0 8 0
amappl5 112 668 0 655 1 0 1 1 0 8 0
amappl4 104 1016 0 969 3 1 2 3 0 8 0
amappl3 96 96922 0 96858 5 2 3 4 0 8 0
amappl2 88 17426 0 17347 3 1 2 3 0 8 0
amappl1 80 106186 0 105536 25 9 16 23 0 8 0
amappl 88 158111 0 157883 8 1 7 8 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 16824 0 16796 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 16824 0 16796 1 0 1 1 0 8 0
vmmpekpl 168 127310 0 127235 5 0 5 5 0 8 0
vmmpepl 168 1034292 0 1031781 526 391 135 153 0 357 0
vmsppl 464 16823 0 16796 5 0 5 5 0 8 0
rwobjpl 56 274893 0 263707 189 29 160 160 0 8 0
pdppl 4096 33656 0 33592 1009 933 76 84 0 8 12
pvpl 32 5100076 0 5079460 936 739 197 367 0 265 0
pmappl 248 16823 0 16796 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2620 0 1481 34 1 33 33 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82be4ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x25 kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x25 sys/dev/kcov.c:158
__mp_lock(ffffffff82cfb710) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cfb710) at __mp_lock+0x133 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82cfb710,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x484 sys/kern/sched_bsd.c:473
sched_idle(ffffffff82be4ff0) at sched_idle+0x1a6 sys/kern/kern_sched.c:174
end trace frame: 0x0, count: 7
ddb{0}> trace
x86_ipi_db(ffffffff82be4ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x25 kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x25 sys/dev/kcov.c:158
__mp_lock(ffffffff82cfb710) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cfb710) at __mp_lock+0x133 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82cfb710,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x484 sys/kern/sched_bsd.c:473
sched_idle(ffffffff82be4ff0) at sched_idle+0x1a6 sys/kern/kern_sched.c:174
end trace frame: 0x0, count: -8
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x1c: addq $0x8,%rsp
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827a19e2) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff8281ff79,ffffffff8286d586,1b7,ffffffff82858c35) at __assert+0x29 sys/kern/subr_prf.c:157
mi_switch() at mi_switch+0x5a3 sys/kern/sched_bsd.c:448
sched_idle(ffff800020d58ff0) at sched_idle+0x1a6 sys/kern/kern_sched.c:174
end trace frame: 0x0, count: 10
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827a19e2) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff8281ff79,ffffffff8286d586,1b7,ffffffff82858c35) at __assert+0x29 sys/kern/subr_prf.c:157
mi_switch() at mi_switch+0x5a3 sys/kern/sched_bsd.c:448
sched_idle(ffff800020d58ff0) at sched_idle+0x1a6 sys/kern/kern_sched.c:174
end trace frame: 0x0, count: -5