witness: userret: returning with the following locks held: exclusive rrwlock inode r = 0 (0xfffffd8068e56c58) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 rw_enter+0x46d sys/kern/kern_rwlock.c:306 #2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:602 #4 vn_read+0xa9 vn_lock sys/kern/vfs_vnops.c:561 [inline] #4 vn_read+0xa9 sys/kern/vfs_vnops.c:348 #5 dofilereadv+0x1a2 sys/kern/sys_generic.c:236 #6 sys_read+0x83 sys/kern/sys_generic.c:156 #7 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:92 [inline] #7 syscall+0x552 sys/arch/amd64/amd64/trap.c:555 #8 Xsyscall+0x128 panic: witness_warn Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 66394 21422 32767 0x10 0x4000080 1 syz-executor.1 * 59598 21422 32767 0x10 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 witness_warn(2,0,ffffffff822072f8) at witness_warn+0x69e witness_debugger sys/kern/subr_witness.c:2509 [inline] witness_warn(2,0,ffffffff822072f8) at witness_warn+0x69e sys/kern/subr_witness.c:1454 userret(ffff800020a88880) at userret+0x36a sys/kern/kern_sig.c:1916 syscall(ffff800024fc1b90) at syscall+0x44a mi_syscall_return sys/sys/syscall_mi.h:115 [inline] syscall(ffff800024fc1b90) at syscall+0x44a sys/arch/amd64/amd64/trap.c:577 Xsyscall(6,0,ffffffffffffffb8,0,3,348e90f1b0) at Xsyscall+0x128 end of kernel end trace frame: 0x36b26ac3d0, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic witness_warn ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 witness_warn(2,0,ffffffff822072f8) at witness_warn+0x69e witness_debugger sys/kern/subr_witness.c:2509 [inline] witness_warn(2,0,ffffffff822072f8) at witness_warn+0x69e sys/kern/subr_witness.c:1454 userret(ffff800020a88880) at userret+0x36a sys/kern/kern_sig.c:1916 syscall(ffff800024fc1b90) at syscall+0x44a mi_syscall_return sys/sys/syscall_mi.h:115 [inline] syscall(ffff800024fc1b90) at syscall+0x44a sys/arch/amd64/amd64/trap.c:577 Xsyscall(6,0,ffffffffffffffb8,0,3,348e90f1b0) at Xsyscall+0x128 end of kernel end trace frame: 0x36b26ac3d0, count: -6 ddb{0}> show registers rdi 0 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800024fc18d0 rbx 0xffff800024fc1980 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800020f56000 rax 0xffff800000a70340 r8 0xffffffff81b89d03 kprintf+0x173 r9 0x1 r10 0x25 r11 0xae4a3aab474e59e2 r12 0x3000000008 r13 0xffff800024fc18e0 r14 0x100 r15 0x1 rip 0xffffffff817ece58 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800024fc18c0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.1) pid=59598 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020a88390,0xffffffff8262bb10 process=0xffff800020a8b890 user=0xffff800024fbc000, vmspace=0xfffffd807f00b8a0 estcpu=36, cpticks=5, pctcpu=0.0 user=0, sys=5, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 21422 304495 71563 32767 2 0x10 syz-executor.1 21422 66394 71563 32767 7 0x4000090 syz-executor.1 21422 169867 71563 32767 2 0x4000010 syz-executor.1 *21422 59598 71563 32767 7 0x4000010 syz-executor.1 45743 176342 96811 32767 3 0x90 nanosleep syz-executor.0 45743 296526 96811 32767 3 0x4000090 netio syz-executor.0 45743 189785 96811 32767 3 0x4000090 fsleep syz-executor.0 96811 503777 7545 32767 3 0x90 nanosleep syz-executor.0 7545 209568 3463 0 3 0x82 wait syz-executor.0 71563 184565 87769 32767 3 0x90 nanosleep syz-executor.1 87769 488137 3463 0 3 0x82 wait syz-executor.1 32941 423339 0 0 3 0x14200 bored sosplice 3463 318106 74058 0 3 0x82 thrsleep syz-fuzzer 3463 309916 74058 0 2 0x4000482 syz-fuzzer 3463 421233 74058 0 3 0x4000082 thrsleep syz-fuzzer 3463 436530 74058 0 3 0x4000082 thrsleep syz-fuzzer 3463 50967 74058 0 3 0x4000082 thrsleep syz-fuzzer 3463 306516 74058 0 2 0x4000482 syz-fuzzer 3463 354358 74058 0 3 0x4000082 kqread syz-fuzzer 3463 63886 74058 0 3 0x4000082 thrsleep syz-fuzzer 3463 199225 74058 0 3 0x4000082 thrsleep syz-fuzzer 3463 88855 74058 0 3 0x4000082 thrsleep syz-fuzzer 74058 125589 25887 0 3 0x10008a pause ksh 25887 346382 44817 0 3 0x92 select sshd 92627 293406 1 0 3 0x100083 ttyin getty 44817 214592 1 0 3 0x80 select sshd 74138 459614 19256 73 2 0x100010 syslogd 19256 242534 1 0 3 0x100082 netio syslogd 20013 13324 1 77 3 0x100090 poll dhclient 91012 3433 1 0 3 0x80 poll dhclient 57074 88706 0 0 3 0x14200 pgzero zerothread 8904 492226 0 0 3 0x14200 aiodoned aiodoned 69760 432516 0 0 3 0x14200 syncer update 15626 163473 0 0 3 0x14200 cleaner cleaner 5668 482311 0 0 3 0x14200 reaper reaper 68398 175765 0 0 3 0x14200 pgdaemon pagedaemon 76796 161475 0 0 3 0x14200 bored crynlk 15193 18080 0 0 3 0x14200 bored crypto 98013 186757 0 0 3 0x40014200 acpi0 acpi0 28336 20509 0 0 3 0x40014200 idle1 61479 509663 0 0 3 0x14200 bored softnet 53994 64157 0 0 3 0x14200 bored systqmp 63710 361938 0 0 3 0x14200 bored systq 73593 78931 0 0 3 0x40014200 bored softclock 17421 125033 0 0 3 0x40014200 idle0 57434 327912 0 0 3 0x14200 bored smr 1 133073 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 21422 (syz-executor.1) thread 0xffff800020a88880 (59598) exclusive rrwlock inode r = 0 (0xfffffd8068e56c58) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 rw_enter+0x46d sys/kern/kern_rwlock.c:306 #2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:602 #4 vn_read+0xa9 vn_lock sys/kern/vfs_vnops.c:561 [inline] #4 vn_read+0xa9 sys/kern/vfs_vnops.c:348 #5 dofilereadv+0x1a2 sys/kern/sys_generic.c:236 #6 sys_read+0x83 sys/kern/sys_generic.c:156 #7 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:92 [inline] #7 syscall+0x552 sys/arch/amd64/amd64/trap.c:555 #8 Xsyscall+0x128 Process 74138 (syslogd) thread 0xffff800020ac1158 (459614) exclusive rrwlock inode r = 0 (0xfffffd806eb3f3c8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 rw_enter+0x46d sys/kern/kern_rwlock.c:306 #2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:602 #4 vn_lock+0x6e sys/kern/vfs_vnops.c:561 #5 sys_fsync+0x114 sys/kern/vfs_syscalls.c:2806 #6 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:92 [inline] #6 syscall+0x552 sys/arch/amd64/amd64/trap.c:555 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9465 6322K 6322K 78643K 11587 0 0 pcb 13 8K 8K 78643K 13 0 0 rtable 105 3K 3K 78643K 9485 0 0 ifaddr 36 14K 15K 78643K 1307 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 478 0 0 iov 0 0K 32K 78643K 734 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1215 76K 76K 78643K 6232 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 133 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 1K 78643K 1134 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 8 25K 33K 78643K 10623 0 0 sigio 0 0K 0K 78643K 123 0 0 proc 41 38K 70K 78643K 9623 0 0 subproc 34 2K 2K 78643K 3553 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1212 0 0 in_multi 33 2K 2K 78643K 2592 0 0 ether_multi 1 0K 0K 78643K 50 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 3523 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 101 21K 31K 78643K 35319 0 0 UVM aobj 130 6K 6K 78643K 156 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 601 0 0 NDP 5 0K 0K 78643K 630 0 0 temp 121 3554K 3628K 78643K 49196 0 0 kqueue 0 0K 0K 78643K 106 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 423 0 417 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 871 0 869 1 0 1 1 0 8 0 rtentry 112 2325 0 2281 2 0 2 2 0 8 0 unpcb 120 4055 0 4045 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 4450 0 4450 1 1 0 1 0 8 0 tcpcb 544 2347 0 2342 1 0 1 1 0 8 0 ipq 40 8 0 8 4 4 0 1 0 8 0 ipqe 40 19 0 19 4 4 0 1 0 8 0 inpcb 280 5645 0 5633 12 10 2 2 0 8 1 nd6 48 627 0 621 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 9530 0 9339 23 11 12 13 0 8 0 art_table 32 9531 0 9339 2 0 2 2 0 8 0 art_node 16 2324 0 2284 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 6 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 1130 0 1120 1 0 1 1 0 8 0 shmpl 112 154 0 26 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 11799 0 10349 48 1 47 47 0 8 0 ffsino 272 11799 0 10349 98 1 97 97 0 8 0 nchpl 144 24072 0 22441 61 0 61 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 103660 0 103660 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 65804 0 65804 34 33 1 5 0 8 1 plimitpl 152 1772 0 1763 1 0 1 1 0 8 0 sigapl 432 10173 0 10157 12 10 2 3 0 8 0 futexpl 56 97003 0 97002 1 0 1 1 0 8 0 knotepl 112 6415 0 6396 1 0 1 1 0 8 0 kqueuepl 104 2433 0 2431 1 0 1 1 0 8 0 pipepl 112 6768 0 6749 14 13 1 2 0 8 0 fdescpl 488 10174 0 10157 3 0 3 3 0 8 0 filepl 152 61728 0 61622 28 23 5 7 0 8 0 lockfpl 104 1905 0 1905 18 18 0 1 0 8 0 lockfspl 48 587 0 587 18 18 0 1 0 8 0 sessionpl 112 224 0 214 1 0 1 1 0 8 0 pgrppl 48 313 0 303 1 0 1 1 0 8 0 ucredpl 96 17062 0 17053 1 0 1 1 0 8 0 zombiepl 144 10157 0 10157 2 1 1 1 0 8 1 processpl 896 10190 0 10157 4 0 4 4 0 8 0 procpl 632 25828 0 25781 36 31 5 5 0 8 0 srpgc 64 414 0 414 28 27 1 1 0 8 1 sosppl 128 194 0 194 40 39 1 1 0 8 1 sockpl 384 10794 0 10774 12 9 3 4 0 8 1 mcl64k 65536 19 0 0 3 0 3 3 0 8 0 mcl16k 16384 13 0 0 2 0 2 2 0 8 0 mcl12k 12288 44 0 0 3 1 2 2 0 8 0 mcl9k 9216 38 0 0 2 0 2 2 0 8 0 mcl8k 8192 19 0 0 3 1 2 3 0 8 0 mcl4k 4096 26 0 0 3 1 2 3 0 8 0 mcl2k2 2112 10 0 0 1 0 1 1 0 8 0 mcl2k 2048 123 0 0 12 0 12 12 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 606 0 0 12 1 11 11 0 8 0 bufpl 256 23361 0 16347 439 0 439 439 0 8 0 anonpl 16 1099093 0 1091697 237 199 38 54 0 124 0 amapchunkpl 152 83526 0 83434 152 147 5 18 0 158 1 amappl16 192 45373 0 44981 305 283 22 38 0 8 1 amappl15 184 1120 0 1117 21 20 1 1 0 8 0 amappl14 176 2520 0 2515 1 0 1 1 0 8 0 amappl13 168 1646 0 1642 1 0 1 1 0 8 0 amappl12 160 897 0 895 6 5 1 1 0 8 0 amappl11 152 1758 0 1746 1 0 1 1 0 8 0 amappl10 144 2055 0 2054 1 0 1 1 0 8 0 amappl9 136 4246 0 4243 1 0 1 1 0 8 0 amappl8 128 3277 0 3248 3 1 2 2 0 8 0 amappl7 120 2410 0 2400 1 0 1 1 0 8 0 amappl6 112 1277 0 1268 1 0 1 1 0 8 0 amappl5 104 2437 0 2425 1 0 1 1 0 8 0 amappl4 96 10448 0 10417 1 0 1 1 0 8 0 amappl3 88 2192 0 2182 1 0 1 1 0 8 0 amappl2 80 65080 0 65001 3 1 2 3 0 8 0 amappl1 72 281536 0 281069 23 13 10 19 0 8 0 amappl 80 29435 0 29396 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 155 0 26 3 0 3 3 0 8 0 uaddrrnd 24 10174 0 10157 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 10174 0 10157 1 0 1 1 0 8 0 vmmpekpl 168 85086 0 85057 2 0 2 2 0 8 0 vmmpepl 168 1302448 0 1300739 348 269 79 93 0 357 4 vmsppl 368 10173 0 10157 2 0 2 2 0 8 0 pdppl 4096 20355 0 20314 6 0 6 6 0 8 0 pvpl 32 2986837 0 2976123 552 450 102 139 0 265 7 pmappl 232 10173 0 10157 22 21 1 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 612 0 18 18 0 18 18 0 8 0