exclusive rrwlock inode r = 0 (0xfffffd806e5e8d68) locked @ /syzkallepanic:r/managers/multi thcore/kernel/sys/read 0xffff800020b74018 cannot exit while holding sleeplocks
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
196897 13911 0 0x2 0x480 0 syz-executor.0
*407016 50334 0 0x14000 0x200 1 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x174 sys/kern/subr_prf.c:208
witness_thread_exit(ffff800020b74018) at witness_thread_exit+0x283 sys/kern/subr_witness.c:1422
reaper(ffff800020ac1c20) at reaper+0x14f sys/kern/kern_exit.c:412
end trace frame: 0x0, count: 11
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
thread 0xffff800020b74018 cannot exit while holding sleeplocks
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x174 sys/kern/subr_prf.c:208
witness_thread_exit(ffff800020b74018) at witness_thread_exit+0x283 sys/kern/subr_witness.c:1422
reaper(ffff800020ac1c20) at reaper+0x14f sys/kern/kern_exit.c:412
end trace frame: 0x0, count: -4
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020b0d1f0
rbx 0xffff800020b0d2a0
rdx 0xffffffff81f834ca apollo_pio_rec+0x8fc0
rcx 0
rax 0
r8 0xffffffff81161783 kprintf+0x183
r9 0x1
r10 0x25
r11 0x1b9429cadf688d6b
r12 0x3000000008
r13 0xffff800020b0d200
r14 0x100
r15 0x1
rip 0xffffffff81e12a38 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020b0d1e0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (reaper) pid=407016 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=4, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff800020ac19c8,0xffff800020b15c38
process=0xffff800020afa698 user=0xffff800020b08000, vmspace=0xffffffff82383300
estcpu=1, cpticks=3, pctcpu=0.41
user=0, sys=3, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
13911 196897 25303 0 7 0x482 syz-executor.0
66882 189608 1 0 3 0x100083 ttyin getty
81408 371789 0 0 3 0x14200 bored sosplice
79251 254107 25303 0 3 0x82 piperd syz-executor.1
25303 291166 61418 0 3 0x82 thrsleep syz-fuzzer
25303 258046 61418 0 3 0x4000082 thrsleep syz-fuzzer
25303 71029 61418 0 3 0x4000082 thrsleep syz-fuzzer
25303 275890 61418 0 3 0x4000082 thrsleep syz-fuzzer
25303 9223 61418 0 3 0x4000082 thrsleep syz-fuzzer
25303 413792 61418 0 3 0x4000082 thrsleep syz-fuzzer
25303 422221 61418 0 3 0x4000082 thrsleep syz-fuzzer
25303 385081 61418 0 3 0x4000082 thrsleep syz-fuzzer
25303 253183 61418 0 3 0x4000082 thrsleep syz-fuzzer
25303 358552 61418 0 3 0x4000082 kqread syz-fuzzer
61418 49808 6188 0 3 0x10008a pause ksh
6188 339819 1076 0 3 0x92 select sshd
1076 462508 1 0 3 0x80 select sshd
40351 281377 19398 73 3 0x100010 ffs_fsync syslogd
19398 332960 1 0 3 0x100082 netio syslogd
37457 59322 1 77 3 0x100090 poll dhclient
52249 330113 1 0 3 0x80 poll dhclient
68570 445818 0 0 3 0x14200 pgzero zerothread
32919 221633 0 0 3 0x14200 aiodoned aiodoned
25899 482225 0 0 3 0x14200 syncer update
85789 373511 0 0 3 0x14200 cleaner cleaner
*50334 407016 0 0 7 0x14200 reaper
96923 423632 0 0 3 0x14200 pgdaemon pagedaemon
78315 471160 0 0 3 0x14200 bored crynlk
9217 291790 0 0 3 0x14200 bored crypto
34990 266619 0 0 3 0x40014200 acpi0 acpi0
78589 468593 0 0 3 0x40014200 idle1
19580 267175 0 0 3 0x14200 bored softnet
91749 279594 0 0 3 0x14200 bored systqmp
66948 406542 0 0 3 0x14200 bored systq
64651 60406 0 0 3 0x40014200 bored softclock
3139 235776 0 0 3 0x40014200 idle0
63413 288094 0 0 3 0x14200 bored smr
1 341385 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 40351 (syslogd) thread 0xffff800020b77078 (281377)
exclusive rrwlock inode r = 0 (0xfffffd806eba93c8) locked @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547
#0 witness_lock+0x594 sys/kern/subr_witness.c:1205
#1 _rw_enter+0x45d sys/kern/kern_rwlock.c:280
#2 _rrw_enter+0x60 sys/kern/kern_rwlock.c:410
#3 VOP_LOCK+0x57 sys/kern/vfs_vops.c:602
#4 vn_lock+0x6e sys/kern/vfs_vnops.c:549
#5 sys_fsync+0x114 sys/kern/vfs_syscalls.c:2704
#6 syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#6 syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
#7 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9517 6383K 6390K 78643K 10989 0 0
pcb 23 9K 11K 78643K 630 0 0
rtable 100 3K 4K 78643K 407 0 0
ifaddr 54 13K 13K 78643K 184 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 2K 78643K 31 0 0
iov 0 0K 20K 78643K 141 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1208 76K 76K 78643K 1877 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 20 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 12 0K 1K 78643K 125 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12628 0 0
file desc 4 9K 25K 78643K 1048 0 0
sigio 0 0K 0K 78643K 10 0 0
proc 42 38K 70K 78643K 399 0 0
subproc 64 65538K 67586K 78643K 116 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 135 0 0
in_multi 33 2K 2K 78643K 95 0 0
ether_multi 1 0K 0K 78643K 11 0 0
mrt 0 0K 0K 78643K 18 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 72 318K 318K 78643K 72 0 0
exec 0 0K 1K 78643K 251 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 90 21K 25K 78643K 4184 0 0
UVM aobj 42 2K 2K 78643K 50 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 43 0 0
NDP 11 0K 0K 78643K 51 0 0
temp 163 2379K 3019K 78643K 5745 0 0
kqueue 0 0K 0K 78643K 6 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 5 0 1 1 0 1 1 0 8 0
inpcbpl 280 574 0 567 1 0 1 1 0 8 0
plimitpl 152 27 0 20 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtentry 112 56 0 16 2 0 2 2 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 764 0 764 1 1 0 1 0 8 0
tcpcb 544 189 0 185 1 0 1 1 0 8 0
rttmr 72 7 0 7 3 2 1 1 0 8 1
nd6 48 6 0 2 1 0 1 1 0 8 0
ppxss 1128 24 0 24 4 3 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 230 0 41 12 0 12 12 0 8 0
art_table 32 231 0 41 2 0 2 2 0 8 0
art_node 16 55 0 21 1 0 1 1 0 8 0
sysvmsgpl 40 17 0 5 1 0 1 1 0 8 0
semapl 112 123 0 113 1 0 1 1 0 8 0
shmpl 112 48 0 8 2 0 2 2 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 3443 0 2031 46 0 46 46 0 8 0
ffsino 272 3443 0 2031 95 0 95 95 0 8 0
nchpl 144 5170 0 3563 61 0 61 61 0 8 0
uvmvnodes 72 3635 0 0 67 0 67 67 0 8 0
vnodes 200 3635 0 0 192 0 192 192 0 8 0
namei 1024 14768 0 14768 3 2 1 1 0 8 1
percpumem 16 30 0 0 1 0 1 1 0 8 0
scsiplug 64 3 0 3 2 2 0 1 0 8 0
scxspl 192 15528 0 15527 13 12 1 6 0 8 0
sigapl 432 1214 0 1202 2 0 2 2 0 8 0
futexpl 56 12266 0 12266 1 0 1 1 0 8 1
knotepl 112 299 0 272 3 2 1 2 0 8 0
kqueuepl 104 283 0 281 1 0 1 1 0 8 0
pipepl 112 674 0 655 2 1 1 1 0 8 0
fdescpl 488 1215 0 1202 3 1 2 3 0 8 0
filepl 152 7377 0 7283 6 1 5 5 0 8 1
lockfpl 104 376 0 376 2 1 1 1 0 8 1
lockfspl 32 389 0 389 2 1 1 1 0 8 1
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 32 0 22 1 0 1 1 0 8 0
ucredpl 96 1842 0 1835 1 0 1 1 0 8 0
zombiepl 144 1202 0 1201 3 2 1 1 0 8 0
processpl 840 1231 0 1201 4 0 4 4 0 8 0
procpl 600 3532 0 3491 4 0 4 4 0 8 0
srpgc 64 11 0 11 3 2 1 1 0 8 1
sosppl 128 27 0 27 4 3 1 1 0 8 1
sockpl 384 1112 0 1095 4 1 3 4 0 8 1
mcl64k 65536 264 0 0 33 1 32 33 0 8 1
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 11 0 0 2 0 2 2 0 8 0
mcl9k 9216 5 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 6 0 0 1 0 1 1 0 8 0
mcl2k2 2112 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 129 0 0 14 0 14 14 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 421 0 0 20 0 20 20 0 8 0
bufpl 256 7983 0 1031 435 0 435 435 0 8 0
anonpl 16 123583 0 115325 83 44 39 51 0 125 4
amapchunkpl 152 6855 0 6751 13 8 5 9 0 158 0
amappl16 192 5747 0 5309 63 39 24 34 0 8 1
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 446 0 441 1 0 1 1 0 8 0
amappl13 168 193 0 186 1 0 1 1 0 8 0
amappl12 160 427 0 425 2 1 1 1 0 8 0
amappl11 152 707 0 697 1 0 1 1 0 8 0
amappl10 144 60 0 58 2 1 1 1 0 8 0
amappl9 136 870 0 865 1 0 1 1 0 8 0
amappl8 128 134 0 115 1 0 1 1 0 8 0
amappl7 120 111 0 105 1 0 1 1 0 8 0
amappl6 112 475 0 466 1 0 1 1 0 8 0
amappl5 104 143 0 132 1 0 1 1 0 8 0
amappl4 96 279 0 256 2 1 1 2 0 8 0
amappl3 88 212 0 207 1 0 1 1 0 8 0
amappl2 80 10437 0 10384 3 1 2 2 0 8 0
amappl1 72 34908 0 34482 23 13 10 19 0 8 0
amappl 72 3762 0 3723 1 0 1 1 0 75 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma64 64 259 0 259 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 49 0 8 1 0 1 1 0 8 0
uaddrrnd 24 1215 0 1201 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1215 0 1201 1 0 1 1 0 8 0
vmmpekpl 168 13748 0 13726 3 1 2 2 0 8 0
vmmpepl 168 134568 0 133170 137 67 70 76 0 357 5
vmsppl 360 1214 0 1201 2 0 2 2 0 8 0
pdppl 4096 2438 0 2402 6 1 5 6 0 8 0
pvpl 32 374960 0 363624 203 87 116 133 0 265 21
pmappl 224 1214 0 1201 1 0 1 1 0 8 0
extentpl 40 39 0 25 1 0 1 1 0 8 0
phpool 112 628 0 6 18 0 18 18 0 8 0