Warning: Permanently added '10.128.0.102' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program panic: kernel diagnostic assertion "__mp_lock_held(&sched_lock, curcpu()) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_lock.c", line 63 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0xa panic() at panic+0x147 __assert(ffffffff8172be34,ffff80002112b430,ffff800021085778,ffff80000002f180) a t __assert+0x24 _kernel_lock(ffff800021085778,ffff800021126000) at _kernel_lock+0x125 pageflttrap() at pageflttrap+0x6c kerntrap(9) at kerntrap+0x8d alltraps_kern(6,82000,ffffffffffffffff,0,9,ffff800021085778) at alltraps_kern+0 x7b ptsignal(17ae,ffff800021085778,ffff800021071620) at ptsignal+0x115 mi_switch() at mi_switch+0x1fb sleep_finish(1,ffff80002112b6c0) at sleep_finish+0xd3 sleep_finish_all(ffff80002112b6c0,32) at sleep_finish_all+0x22 tsleep(ffff800021085778,3,0,ffff8000210716e8) at tsleep+0x142 single_thread_set(ffff800021085778,ffff800021085778,0) at single_thread_set+0x2 8b exit1(ffff800021085778,9,0) at exit1+0x84 end trace frame: 0xffff80002112b890, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic kernel diagnostic assertion "__mp_lock_held(&sched_lock, curcpu()) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_lock.c", line 63 ddb{0}> trace db_enter() at db_enter+0xa panic() at panic+0x147 __assert(ffffffff8172be34,ffff80002112b430,ffff800021085778,ffff80000002f180) at __assert+0x24 _kernel_lock(ffff800021085778,ffff800021126000) at _kernel_lock+0x125 pageflttrap() at pageflttrap+0x6c kerntrap(9) at kerntrap+0x8d alltraps_kern(6,82000,ffffffffffffffff,0,9,ffff800021085778) at alltraps_kern+0x7b ptsignal(17ae,ffff800021085778,ffff800021071620) at ptsignal+0x115 mi_switch() at mi_switch+0x1fb sleep_finish(1,ffff80002112b6c0) at sleep_finish+0xd3 sleep_finish_all(ffff80002112b6c0,32) at sleep_finish_all+0x22 tsleep(ffff800021085778,3,0,ffff8000210716e8) at tsleep+0x142 single_thread_set(ffff800021085778,ffff800021085778,0) at single_thread_set+0x28b exit1(ffff800021085778,9,0) at exit1+0x84 postsig(100,ffff800021085778) at postsig+0x3ea userret(0) at userret+0x11b syscall(0) at syscall+0x54d Xsyscall(6,58,3ceb4e87a00,53,0,3cecb9d9a40) at Xsyscall+0x128 end of kernel end trace frame: 0x3cf36212fb0, count: -18 ddb{0}> show registers rdi 0xffffffff81e3d210 kprintf_mutex rsi 0x5 rbp 0xffff80002112b390 rbx 0xffff80002112b430 rdx 0x3fd rcx 0 rax 0x1 r8 0xffff80002112b360 r9 0x8080808080808080 r10 0 r11 0xffffffff816984e0 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff80002112b3a0 r14 0x100 r15 0xffffffff81bf66f0 cmd0646_9_tim_udma+0x1ebfb rip 0xffffffff8188a89a db_enter+0xa cs 0x8 rflags 0x202 rsp 0xffff80002112b390 ss 0x10 db_enter+0xa: popq %rbp ddb{0}> show proc PROC (syz-executor5550) pid=119238 stat=sleep flags process=1000 proc=4002000 pri=50, usrpri=50, nice=20 forw=0x0, list=0xffff8000210852c8,0xffff800021084978 process=0xffff800021071620 user=0xffff800021126000, vmspace=0xffffff007f125528 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *15395 119238 28346 0 3 0x4003000 suspend syz-executor5550 15395 417257 28346 0 2 0x4081000 syz-executor5550 28346 284878 94619 0 3 0x80 nanosleep syz-executor5550 60014 217522 94619 0 3 0x80 nanosleep syz-executor5550 94619 71961 32712 0 3 0x82 nanosleep syz-executor5550 32712 564 76317 0 3 0x10008a pause ksh 76317 67270 53563 0 3 0x92 select sshd 61787 344689 1 0 3 0x100083 ttyin getty 53563 340940 1 0 3 0x80 select sshd 96462 163327 62857 73 3 0x100090 kqread syslogd 62857 51166 1 0 3 0x100082 netio syslogd 82747 423381 1 77 3 0x100090 poll dhclient 61770 477583 1 0 3 0x80 poll dhclient 44288 141028 0 0 2 0x14200 zerothread 2949 95657 0 0 3 0x14200 aiodoned aiodoned 59569 2744 0 0 3 0x14200 syncer update 97615 18787 0 0 3 0x14200 cleaner cleaner 31075 516634 0 0 3 0x14200 reaper reaper 92050 406702 0 0 3 0x14200 pgdaemon pagedaemon 57938 307153 0 0 3 0x14200 bored crynlk 35754 9636 0 0 3 0x14200 bored crypto 28435 50474 0 0 3 0x40014200 acpi0 acpi0 27223 311074 0 0 3 0x40014200 idle1 51849 92683 0 0 3 0x14200 bored softnet 87709 391602 0 0 3 0x14200 bored systqmp 36507 388915 0 0 3 0x14200 bored systq 6364 371912 0 0 3 0x40014200 bored softclock 91853 126411 0 0 3 0x40014200 idle0 1 71431 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}>