kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Fri May 3 06:04:29 PDT 2019 OpenBSD/amd64 (ci-openbsd-setuid-2.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: witness: panic: kernel diagnostic assertion "_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_event.c", line 1076 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *311700 6806 32767 0x10 0x4000000 1 syz-executor4079 524263 34869 32767 0x10 0x480 0 syz-executor4079 db_enter() at db_enter+0x18 panic() at panic+0x15c __assert(ffffffff81f8c2bf,ffffffff81f90d96,434,ffffffff81f96de6) at __assert+0x2e knote_enqueue(fffffd806ec57d20) at knote_enqueue+0x216 knote(ffffffff8234b168,1000000) at knote+0xbd selwakeup(ffffffff8234b168) at selwakeup+0x3b logwakeup() at logwakeup+0x3b printf(ffffffff81f6acf3) at printf+0x9f witness_warn(2,0,ffffffff81f92281) at witness_warn+0x211 userret(ffff800020b14008) at userret+0x32a syscall(ffff800020be5c90) at syscall+0x614 Xsyscall(6,5,e9eef3fb288,0,e9eef3fb268,e9eef3fb260) at Xsyscall+0x128 end of kernel end trace frame: 0xea1384dfa10, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel diagnostic assertion "_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_event.c", line 1076 ddb{1}> trace db_enter() at db_enter+0x18 panic() at panic+0x15c __assert(ffffffff81f8c2bf,ffffffff81f90d96,434,ffffffff81f96de6) at __assert+0x2e knote_enqueue(fffffd806ec57d20) at knote_enqueue+0x216 knote(ffffffff8234b168,1000000) at knote+0xbd selwakeup(ffffffff8234b168) at selwakeup+0x3b logwakeup() at logwakeup+0x3b printf(ffffffff81f6acf3) at printf+0x9f witness_warn(2,0,ffffffff81f92281) at witness_warn+0x211 userret(ffff800020b14008) at userret+0x32a syscall(ffff800020be5c90) at syscall+0x614 Xsyscall(6,5,e9eef3fb288,0,e9eef3fb268,e9eef3fb260) at Xsyscall+0x128 end of kernel end trace frame: 0xea1384dfa10, count: -12 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020be5800 rbx 0xffff800020be58b0 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff81df1983 kprintf+0x173 r9 0x1 r10 0xbc7e49610bab61f9 r11 0xbffcad399a1fdb0c r12 0x3000000008 r13 0xffff800020be5810 r14 0x100 r15 0x1 rip 0xffffffff81c2c858 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020be57f0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor4079) pid=311700 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=63, nice=20 forw=0xffffffffffffffff, list=0xffff800020b14710,0xffff800020b15530 process=0xffff800020b3a6a0 user=0xffff800020be0000, vmspace=0xfffffd807effd708 estcpu=13, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 65336 393080 34620 32767 2 0x10 syz-executor4079 65336 244198 34620 32767 3 0x4000090 fsleep syz-executor4079 65336 433116 34620 32767 2 0x4000090 syz-executor4079 6806 264436 34869 32767 2 0x10 syz-executor4079 * 6806 311700 34869 32767 7 0x4000010 syz-executor4079 6806 40847 34869 32767 3 0x4000090 fsleep syz-executor4079 6806 485940 34869 32767 2 0x4000010 syz-executor4079 34620 380345 35052 32767 3 0x90 nanosleep syz-executor4079 34869 524263 36380 32767 7 0x490 syz-executor4079 35052 160964 65466 0 3 0x80 wait syz-executor4079 36380 308764 65466 0 3 0x80 wait syz-executor4079 65466 317990 65088 0 3 0x82 nanosleep syz-executor4079 65088 178656 11103 0 3 0x10008a pause ksh 11103 290261 80348 0 3 0x92 select sshd 6558 333422 1 0 3 0x100083 ttyin getty 80348 143113 1 0 3 0x80 select sshd 18416 362853 99472 73 3 0x100090 kqread syslogd 99472 255932 1 0 3 0x100082 netio syslogd 69013 313742 1 77 3 0x100090 poll dhclient 69575 318374 1 0 3 0x80 poll dhclient 76534 345340 0 0 3 0x14200 pgzero zerothread 25686 141498 0 0 3 0x14200 aiodoned aiodoned 80179 122887 0 0 3 0x14200 syncer update 70940 339976 0 0 3 0x14200 cleaner cleaner 9758 337158 0 0 3 0x14200 reaper reaper 84386 82687 0 0 3 0x14200 pgdaemon pagedaemon 86482 47439 0 0 3 0x14200 bored crynlk 50168 363702 0 0 3 0x14200 bored crypto 49943 436723 0 0 3 0x40014200 acpi0 acpi0 18709 120089 0 0 3 0x40014200 idle1 93715 326062 0 0 3 0x14200 bored softnet 38828 227400 0 0 3 0x14200 bored systqmp 7275 8963 0 0 3 0x14200 bored systq 96276 381000 0 0 3 0x40014200 bored softclock 73351 309821 0 0 3 0x40014200 idle0 45081 444877 0 0 3 0x14200 bored smr 1 405788 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 6806 (syz-executor4079) thread 0xffff800020b14008 (311700) exclusive rrwlock inode r = 0 (0xfffffd806f7cfa30) #0 witness_lock+0x52e #1 rw_enter+0x414 #2 rrw_enter+0x4f #3 VOP_LOCK+0x4b #4 vn_write+0x169 #5 dofilewritev+0x1a9 #6 sys_write+0x83 #7 syscall+0x552 #8 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9447 6316K 6316K 78643K 10534 0 0 pcb 23 9K 9K 78643K 55 0 0 rtable 61 2K 2K 78643K 115 0 0 ifaddr 21 7K 7K 78643K 21 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 13 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1166 73K 73K 78643K 2078 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12628 0 0 file desc 3 4K 5K 78643K 1054 0 0 proc 41 38K 46K 78643K 208 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 11 0K 0K 78643K 11 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 48 212K 212K 78643K 48 0 0 exec 0 0K 1K 78643K 152 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 64 19K 19K 78643K 1994 0 0 UVM aobj 2 2K 2K 78643K 2 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 3 0K 0K 78643K 3 0 0 temp 30 2699K 2763K 78643K 2406 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 2 0 0 1 0 1 1 0 8 0 inpcbpl 280 22 0 16 1 0 1 1 0 8 0 plimitpl 152 15 0 8 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 syncache 264 5 0 5 2 2 0 1 0 8 0 tcpcb 544 8 0 5 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2641 0 1272 45 0 45 45 0 8 0 ffsino 272 2641 0 1272 92 0 92 92 0 8 0 nchpl 144 3165 0 1637 57 0 57 57 0 8 0 uvmvnodes 72 2650 0 0 49 0 49 49 0 8 0 vnodes 200 2650 0 0 140 0 140 140 0 8 0 namei 1024 10294 0 10294 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 5202 0 5202 13 12 1 6 0 8 1 sigapl 432 531 0 515 2 0 2 2 0 8 0 futexpl 56 3093 0 3091 1 0 1 1 0 8 0 knotepl 112 5 0 0 1 0 1 1 0 8 0 kqueuepl 104 1 0 0 1 0 1 1 0 8 0 pipepl 112 118 0 111 2 1 1 1 0 8 0 fdescpl 488 532 0 515 3 0 3 3 0 8 0 filepl 152 5376 0 5325 3 0 3 3 0 8 0 lockfpl 104 6 0 6 1 1 0 1 0 8 0 lockfspl 32 3 0 3 1 1 0 1 0 8 0 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 4262 0 4253 1 0 1 1 0 8 0 zombiepl 144 515 0 515 3 2 1 1 0 8 1 processpl 840 547 0 515 4 0 4 4 0 8 0 procpl 600 1521 0 1484 5 2 3 4 0 8 0 sockpl 384 64 0 48 2 0 2 2 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 87 0 0 10 0 10 10 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 123 0 0 7 0 7 7 0 8 0 bufpl 256 2435 0 245 137 0 137 137 0 8 0 anonpl 16 39620 0 38347 7 1 6 6 0 125 0 amapchunkpl 152 2796 0 2745 3 0 3 3 0 158 0 amappl16 192 619 0 608 1 0 1 1 0 8 0 amappl14 176 14 0 13 3 2 1 1 0 8 0 amappl12 160 10 0 10 2 2 0 1 0 8 0 amappl11 152 44 0 30 1 0 1 1 0 8 0 amappl10 144 46 0 46 2 2 0 1 0 8 0 amappl9 136 413 0 407 1 0 1 1 0 8 0 amappl8 128 84 0 80 1 0 1 1 0 8 0 amappl7 120 15 0 14 1 0 1 1 0 8 0 amappl6 112 45 0 40 1 0 1 1 0 8 0 amappl5 104 116 0 107 1 0 1 1 0 8 0 amappl4 96 1088 0 1059 1 0 1 1 0 8 0 amappl3 88 107 0 101 1 0 1 1 0 8 0 amappl2 80 3730 0 3672 2 0 2 2 0 8 0 amappl1 72 24121 0 23642 14 4 10 14 0 8 0 amappl 72 1700 0 1668 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 532 0 515 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 532 0 515 1 0 1 1 0 8 0 vmmpekpl 168 8055 0 8034 2 0 2 2 0 8 0 vmmpepl 168 56587 0 55621 62 19 43 44 0 357 0 vmsppl 360 531 0 515 2 0 2 2 0 8 0 pdppl 4096 1072 0 1030 6 0 6 6 0 8 0 pvpl 32 120993 0 117875 33 7 26 26 0 265 0 pmappl 232 531 0 515 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 268 0 3 8 0 8 8 0 8 0