panic: kernel diagnostic assertion "panic: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_fork.c", line 689
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
416259 38682 32767 0x10 0x4000000 0 syz-executor.1
*190437 38682 32767 0x10 0x4000000 1 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x174 sys/kern/subr_prf.c:208
__assert(ffffffff81f7dcd5,ffffffff81f56a8f,2b1,ffffffff81f50a83) at __assert+0x2e sys/kern/subr_prf.c:155
proc_trampoline_mp() at proc_trampoline_mp+0x13b
end trace frame: 0x0, count: 11
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel diagnostic assertion "tname->un_flags & UNVEIL_USERSET" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_unveil.c", line 879
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x174 sys/kern/subr_prf.c:208
__assert(ffffffff81f7dcd5,ffffffff81f56a8f,2b1,ffffffff81f50a83) at __assert+0x2e sys/kern/subr_prf.c:155
proc_trampoline_mp() at proc_trampoline_mp+0x13b
end trace frame: 0x0, count: -4
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020c63310
rbx 0xffff800020c633c0
rdx 0xffffffff81f1fdc9 cmd0646_9_tim_udma+0x134a6
rcx 0
rax 0
r8 0xffffffff814ea2c3 kprintf+0x183
r9 0x1
r10 0x25
r11 0x89327ac8ebb8da23
r12 0x3000000008
r13 0xffff800020c63320
r14 0x104
r15 0x1
rip 0xffffffff81c97598 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020c63300
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.1) pid=190437 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020b64e28,0xffffffff82349db8
process=0xffff800020b2a9e8 user=0xffff800020c5e000, vmspace=0xfffffd807effe708
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
38682 221374 83238 32767 2 0x10 syz-executor.1
38682 416259 83238 32767 7 0x4000010 syz-executor.1
38682 450575 83238 32767 2 0x4000010 syz-executor.1
*38682 190437 83238 32767 7 0x4000010 syz-executor.1
41345 198279 43225 32767 2 0x10 syz-executor.0
41345 105547 43225 32767 3 0x4000090 kqread syz-executor.0
83238 133704 72660 32767 3 0x90 nanosleep syz-executor.1
72660 230671 29186 0 3 0x82 wait syz-executor.1
43225 52723 85601 32767 3 0x90 nanosleep syz-executor.0
85601 460198 29186 0 3 0x82 wait syz-executor.0
49479 302311 0 0 3 0x14200 bored sosplice
29186 80868 97271 0 3 0x82 thrsleep syz-fuzzer
29186 481873 97271 0 3 0x4000082 thrsleep syz-fuzzer
29186 214753 97271 0 3 0x4000082 thrsleep syz-fuzzer
29186 467793 97271 0 3 0x4000082 thrsleep syz-fuzzer
29186 92924 97271 0 3 0x4000082 thrsleep syz-fuzzer
29186 401412 97271 0 3 0x4000082 thrsleep syz-fuzzer
29186 166150 97271 0 3 0x4000082 thrsleep syz-fuzzer
29186 495143 97271 0 3 0x4000082 kqread syz-fuzzer
29186 469040 97271 0 3 0x4000082 thrsleep syz-fuzzer
29186 268571 97271 0 3 0x4000082 thrsleep syz-fuzzer
97271 37554 93827 0 3 0x10008a pause ksh
93827 396210 37810 0 3 0x92 select sshd
71919 287212 1 0 3 0x100083 ttyin getty
37810 367441 1 0 3 0x80 select sshd
88324 7055 9583 73 3 0x100090 kqread syslogd
9583 369926 1 0 3 0x100082 netio syslogd
70571 216129 1 77 3 0x100090 poll dhclient
58682 269897 1 0 3 0x80 poll dhclient
68786 484315 0 0 2 0x14200 zerothread
38346 36033 0 0 3 0x14200 aiodoned aiodoned
60206 456367 0 0 3 0x14200 syncer update
80608 213041 0 0 3 0x14200 cleaner cleaner
82459 275839 0 0 3 0x14200 reaper reaper
82097 404638 0 0 3 0x14200 pgdaemon pagedaemon
18191 28402 0 0 3 0x14200 bored crynlk
26537 392454 0 0 3 0x14200 bored crypto
67103 91729 0 0 3 0x40014200 acpi0 acpi0
32751 251168 0 0 3 0x40014200 idle1
49598 333330 0 0 3 0x14200 bored softnet
1662 217247 0 0 3 0x14200 bored systqmp
6546 118131 0 0 3 0x14200 bored systq
40881 166970 0 0 3 0x40014200 bored softclock
30674 378078 0 0 3 0x40014200 idle0
65180 469311 0 0 3 0x14200 bored smr
1 63594 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 38682 (syz-executor.1) thread 0xffff800020b659e0 (416259)
exclusive rrwlock inode r = 0 (0xfffffd807b34f1a8) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547
#0 witness_lock+0x594 sys/kern/subr_witness.c:1201
#1 _rw_enter+0x45d sys/kern/kern_rwlock.c:280
#2 _rrw_enter+0x60 sys/kern/kern_rwlock.c:410
#3 VOP_LOCK+0x57 sys/kern/vfs_vops.c:602
#4 vn_lock+0x6e sys/kern/vfs_vnops.c:549
#5 vget+0x1c3 sys/kern/vfs_subr.c:672
#6 ufs_ihashget+0x151 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x84 sys/ufs/ffs/ffs_vfsops.c:1323
#8 ufs_lookup+0x143c sys/ufs/ufs/ufs_lookup.c:582
#9 VOP_LOOKUP+0x67 sys/kern/vfs_vops.c:90
#10 vfs_lookup+0x556 sys/kern/vfs_lookup.c:523
#11 namei+0x4b2 sys/kern/vfs_lookup.c:224
#12 domkdirat+0x81 sys/kern/vfs_syscalls.c:2866
#13 syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#13 syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
#14 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82350b68) locked @ /syzkaller/managers/setuid/kernel/sys/sys/syscall_mi.h:90
#0 witness_lock+0x594 sys/kern/subr_witness.c:1201
#1 syscall+0x48b mi_syscall sys/sys/syscall_mi.h:91 [inline]
#1 syscall+0x48b sys/arch/amd64/amd64/trap.c:574
#2 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9460 6321K 6321K 78643K 10862 0 0
pcb 23 9K 11K 78643K 1058 0 0
rtable 97 3K 3K 78643K 2202 0 0
ifaddr 36 12K 12K 78643K 423 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 2K 78643K 94 0 0
iov 0 0K 24K 78643K 177 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1201 75K 75K 78643K 2738 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 31 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 12 0K 1K 78643K 276 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12628 0 0
file desc 8 25K 33K 78643K 2029 0 0
sigio 0 0K 0K 78643K 24 0 0
proc 44 50K 70K 78643K 1742 0 0
subproc 68 69634K 69634K 78643K 2210 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 234 0 0
in_multi 33 2K 2K 78643K 795 0 0
ether_multi 1 0K 0K 78643K 19 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 60 265K 265K 78643K 60 0 0
exec 0 0K 1K 78643K 618 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 91 21K 30K 78643K 7122 0 0
UVM aobj 107 3K 3K 78643K 124 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 102 0 0
NDP 5 0K 0K 78643K 198 0 0
temp 121 2378K 2444K 78643K 11338 0 0
kqueue 0 0K 0K 78643K 20 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 67 0 63 1 0 1 1 0 8 0
inpcbpl 280 1013 0 1006 1 0 1 1 0 8 0
plimitpl 152 233 0 224 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtentry 112 608 0 568 2 0 2 2 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpcb 544 403 0 399 1 0 1 1 0 8 0
nd6 48 130 0 126 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2840 0 2651 13 0 13 13 0 8 1
art_table 32 2841 0 2651 2 0 2 2 0 8 0
art_node 16 607 0 573 1 0 1 1 0 8 0
sysvmsgpl 40 4 0 2 2 1 1 1 0 8 0
semapl 112 273 0 263 1 0 1 1 0 8 0
shmpl 112 122 0 17 3 0 3 3 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 3770 0 2281 49 0 49 49 0 8 0
ffsino 272 3770 0 2281 100 0 100 100 0 8 0
nchpl 144 6680 0 5028 62 0 62 62 0 8 0
uvmvnodes 72 4884 0 0 89 0 89 89 0 8 0
vnodes 200 4884 0 0 258 0 258 258 0 8 0
namei 1024 23601 0 23600 1 0 1 1 0 8 0
percpumem 16 30 0 0 1 0 1 1 0 8 0
scxspl 192 17523 0 17523 13 12 1 6 0 8 1
sigapl 432 2010 0 1994 4 2 2 3 0 8 0
futexpl 56 18444 0 18444 1 0 1 1 0 8 1
knotepl 112 1805 0 1786 2 1 1 2 0 8 0
kqueuepl 104 519 0 516 1 0 1 1 0 8 0
pipepl 112 1664 0 1641 5 4 1 2 0 8 0
fdescpl 488 2011 0 1994 3 0 3 3 0 8 0
filepl 152 13666 0 13565 9 4 5 7 0 8 1
lockfpl 104 472 0 472 6 5 1 1 0 8 1
lockfspl 32 1072 0 1072 5 4 1 1 0 8 1
sessionpl 112 80 0 70 1 0 1 1 0 8 0
pgrppl 48 105 0 95 1 0 1 1 0 8 0
ucredpl 96 4126 0 4117 1 0 1 1 0 8 0
zombiepl 144 1994 0 1994 2 1 1 1 0 8 1
processpl 840 2027 0 1994 4 0 4 4 0 8 0
procpl 600 5328 0 5282 4 0 4 4 0 8 0
srpgc 64 368 0 368 5 4 1 1 0 8 1
sosppl 128 35 0 35 9 8 1 1 0 8 1
sockpl 384 2088 0 2071 6 3 3 4 0 8 1
mcl64k 65536 5 0 0 1 0 1 1 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 14 0 0 2 0 2 2 0 8 0
mcl9k 9216 11 0 0 1 0 1 1 0 8 0
mcl8k 8192 12 0 0 2 0 2 2 0 8 0
mcl4k 4096 16 0 0 2 0 2 2 0 8 0
mcl2k2 2112 6 0 0 1 0 1 1 0 8 0
mcl2k 2048 127 0 0 15 0 15 15 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 212 0 0 10 0 10 10 0 8 0
bufpl 256 8531 0 1513 439 0 439 439 0 8 0
anonpl 16 231484 0 225368 90 49 41 43 0 125 10
amapchunkpl 152 14055 0 13966 25 20 5 9 0 158 1
amappl16 192 9717 0 9381 83 57 26 30 0 8 7
amappl15 184 385 0 378 1 0 1 1 0 8 0
amappl14 176 385 0 381 2 1 1 1 0 8 0
amappl13 168 257 0 254 1 0 1 1 0 8 0
amappl12 160 145 0 143 3 2 1 1 0 8 0
amappl11 152 666 0 653 1 0 1 1 0 8 0
amappl10 144 310 0 304 2 1 1 1 0 8 0
amappl9 136 938 0 934 1 0 1 1 0 8 0
amappl8 128 608 0 581 2 0 2 2 0 8 0
amappl7 120 304 0 297 1 0 1 1 0 8 0
amappl6 112 671 0 657 1 0 1 1 0 8 0
amappl5 104 332 0 320 1 0 1 1 0 8 0
amappl4 96 2106 0 2081 2 1 1 2 0 8 0
amappl3 88 379 0 374 1 0 1 1 0 8 0
amappl2 80 14522 0 14457 2 0 2 2 0 8 0
amappl1 72 58573 0 58102 23 13 10 19 0 8 0
amappl 72 6033 0 5996 1 0 1 1 0 75 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma64 64 259 0 259 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 123 0 17 2 0 2 2 0 8 0
uaddrrnd 24 2011 0 1994 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2011 0 1994 1 0 1 1 0 8 0
vmmpekpl 168 19717 0 19695 2 0 2 2 0 8 0
vmmpepl 168 238742 0 237250 121 46 75 84 0 357 10
vmsppl 360 2010 0 1994 2 0 2 2 0 8 0
pdppl 4096 4030 0 3988 6 0 6 6 0 8 0
pvpl 32 649364 0 639895 210 96 114 116 0 265 23
pmappl 224 2010 0 1994 9 8 1 2 0 8 0
extentpl 40 39 0 25 1 0 1 1 0 8 0
phpool 112 597 0 2 17 0 17 17 0 8 0