papanic: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_fork.c", line 675 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 437840 42125 0 0 0x4000000 0 syz-executor.6 *160962 42125 0 0 0x4000000 1 syz-executor.6 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8278f1ff) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff8280cee1,ffffffff827effff,2a3,ffffffff827c6cbc) at __assert+0x29 sys/kern/subr_prf.c:157 proc_trampoline_mp() at proc_trampoline_mp+0x135 end trace frame: 0x0, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu0: vop_generic_badop cpu1: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_fork.c", line 675 ddb{1}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8278f1ff) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff8280cee1,ffffffff827effff,2a3,ffffffff827c6cbc) at __assert+0x29 sys/kern/subr_prf.c:157 proc_trampoline_mp() at proc_trampoline_mp+0x135 end trace frame: 0x0, count: -4 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800022f30f10 rbx 0xffff800020d59b8f rdx 0 rcx 0 rax 0xffff8000212ad648 r8 0x101010101010101 r9 0x8080808080808080 r10 0xa5326da352207d47 r11 0x6524d97be16f89f4 r12 0xffff800020d59990 r13 0 r14 0xffffffff82c1e990 cpu_info_full_primary+0x2990 r15 0x1 rip 0xffffffff81969fac db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800022f30f00 ss 0 db_enter+0x1c: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.6) pid=160962 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000212ac5f8,0xffff8000212ac098 process=0xffff80002af9f690 user=0xffff800022f2c000, vmspace=0xfffffd807effb720 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 42125 232764 30731 0 2 0 syz-executor.6 42125 437840 30731 0 7 0x4000000 syz-executor.6 42125 152045 30731 0 2 0x4000000 syz-executor.6 *42125 160962 30731 0 7 0x4000000 syz-executor.6 42125 383729 30731 0 2 0x4000000 syz-executor.6 74232 166660 467 0 3 0x4081000 smrbar syz-executor.4 74232 474649 467 0 3 0x4003000 suspend syz-executor.4 49334 289409 34666 0 3 0x82 piperd syz-executor.0 58204 268113 34666 0 3 0x2 biowait syz-executor.3 467 403893 34666 0 3 0x82 nanoslp syz-executor.4 54769 392639 34666 0 3 0x2 biowait syz-executor.1 60028 368109 34666 0 3 0x2 biowait syz-executor.2 30731 275103 34666 0 3 0x82 nanoslp syz-executor.6 82325 204246 34666 0 3 0x82 nanoslp syz-executor.7 28506 37415 1 0 3 0x100083 ttyin getty 9080 409073 34666 0 3 0x82 nanoslp syz-executor.5 88969 345285 0 0 3 0x14280 nfsidl nfsio 82920 14786 0 0 3 0x14280 nfsidl nfsio 47649 382151 0 0 3 0x14280 nfsidl nfsio 32670 44612 0 0 3 0x14280 nfsidl nfsio 97902 106892 0 0 3 0x14280 nfsidl nfsio 43904 386676 0 0 3 0x14280 nfsidl nfsio 72431 501545 0 0 3 0x14280 nfsidl nfsio 9667 204044 0 0 3 0x14280 nfsidl nfsio 18474 187057 0 0 3 0x14280 nfsidl nfsio 28734 168110 0 0 3 0x14280 nfsidl nfsio 13142 345516 0 0 3 0x14280 nfsidl nfsio 81827 403811 0 0 3 0x14280 nfsidl nfsio 97227 275918 0 0 3 0x14280 nfsidl nfsio 14310 391286 0 0 3 0x14280 nfsidl nfsio 88032 286910 0 0 3 0x14280 nfsidl nfsio 74433 502550 0 0 3 0x14280 nfsidl nfsio 14135 193396 0 0 3 0x14280 nfsidl nfsio 94043 457819 0 0 3 0x14280 nfsidl nfsio 5644 26907 0 0 3 0x14280 nfsidl nfsio 69996 482995 0 0 3 0x14280 nfsidl nfsio 96624 343757 0 0 3 0x14200 bored sosplice 34666 504295 2066 0 3 0x82 thrsleep syz-fuzzer 34666 139894 2066 0 3 0x4000082 thrsleep syz-fuzzer 34666 207540 2066 0 3 0x4000082 wait syz-fuzzer 34666 8661 2066 0 3 0x4000082 wait syz-fuzzer 34666 435456 2066 0 3 0x4000082 wait syz-fuzzer 34666 188910 2066 0 3 0x4000082 thrsleep syz-fuzzer 34666 396526 2066 0 3 0x4000082 wait syz-fuzzer 34666 368122 2066 0 3 0x4000082 thrsleep syz-fuzzer 34666 392916 2066 0 3 0x4000082 thrsleep syz-fuzzer 34666 237657 2066 0 3 0x4000082 wait syz-fuzzer 34666 496152 2066 0 3 0x4000082 thrsleep syz-fuzzer 34666 193785 2066 0 3 0x4000082 wait syz-fuzzer 34666 41814 2066 0 3 0x4000082 thrsleep syz-fuzzer 34666 211650 2066 0 3 0x4000082 kqread syz-fuzzer 34666 127062 2066 0 3 0x4000082 wait syz-fuzzer 34666 309361 2066 0 3 0x4000082 wait syz-fuzzer 2066 447588 11654 0 3 0x10008a sigsusp ksh 11654 174005 70581 0 3 0x9a kqread sshd 70581 74821 1 0 3 0x88 kqread sshd 16760 418903 47779 74 3 0x1100092 bpf pflogd 47779 515073 1 0 3 0x80 netio pflogd 80353 374192 43403 73 3 0x1100090 kqread syslogd 43403 437066 1 0 3 0x100082 netio syslogd 25953 126277 1 0 3 0x100080 kqread resolvd 17429 220836 0 0 3 0x14200 bored smr 48929 170500 0 0 2 0x14200 zerothread 73452 4154 0 0 3 0x14200 aiodoned aiodoned 85461 460683 0 0 3 0x14200 syncer update 67427 461818 0 0 3 0x14200 cleaner cleaner 44466 40744 0 0 3 0x14200 reaper reaper 22314 254618 0 0 3 0x14200 pgdaemon pagedaemon 69885 8227 0 0 3 0x14200 bored viomb 86847 270240 0 0 3 0x40014200 acpi0 acpi0 69833 214190 0 0 3 0x40014200 idle1 35329 299057 0 0 3 0x14200 bored softnet 60775 447526 0 0 3 0x14200 bored softnet 23615 418700 0 0 3 0x14200 bored softnet 17298 83298 0 0 3 0x14200 bored softnet 26094 358480 0 0 3 0x14200 bored systqmp 51262 405008 0 0 3 0x14200 bored systq 27655 42326 0 0 3 0x40014200 bored softclock 20157 17375 0 0 3 0x40014200 idle0 1 473299 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10228 6502K 8623K 78643K 15046 0 pcb 13 22K 24K 78643K 2445 0 rtable 230 18K 19K 78643K 3217 0 ifaddr 94 31K 31K 78643K 1463 0 sysctl 3 1K 1K 78643K 13 0 counters 62 36K 37K 78643K 1172 0 ioctlops 0 0K 4K 78643K 4443 0 iov 0 0K 32K 78643K 1685 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1595 100K 100K 78643K 9821 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 204 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 9562 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 12 41K 89K 78643K 18272 0 sigio 0 0K 0K 78643K 474 0 proc 66 67K 115K 78643K 2748 0 subproc 104 6K 6K 78643K 780 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1105 0 in_multi 95 6K 7K 78643K 1135 0 ether_multi 1 0K 0K 78643K 129 0 mrt 1 0K 0K 78643K 64 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 259 1155K 1155K 78643K 259 0 exec 0 0K 1K 78643K 2605 0 pfkey data 0 0K 0K 78643K 9 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 412 101K 113K 78643K 180533 0 UVM aobj 131 4K 4K 78643K 133 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 515 0 NDP 17 0K 1K 78643K 482 0 temp 149 5859K 6894K 78643K 186137 0 kqueue 6 10K 26K 78643K 1249 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1049 0 1048 9 8 1 3 0 8 0 rtentry 112 1082 0 988 4 1 3 4 0 8 0 unpcb 144 23850 0 23842 188 187 1 10 0 8 0 syncache 296 29 0 29 11 11 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 74 0 74 6 6 0 1 0 8 0 tcpcb 776 20970 0 20966 314 306 8 18 0 8 7 arp 120 142 0 124 1 0 1 1 0 8 0 inpcb 368 33935 0 33931 331 324 7 20 0 8 6 nd6 136 210 0 190 1 0 1 1 0 8 0 pkpcb 40 67 0 67 11 11 0 1 0 8 0 kcovpl 48 60 0 52 1 0 1 1 0 8 0 mppekey 1024 3 0 3 2 2 0 1 0 8 0 ppxss 1256 366 0 365 31 30 1 1 0 8 0 pppxif 1456 211 0 211 16 16 0 1 0 8 0 pfstscr 40 10 0 10 1 1 0 1 0 8 0 pffrag 232 102 0 98 6 5 1 1 0 482 0 pffrnode 88 102 0 98 6 5 1 1 0 8 0 pffrent 40 348 0 344 7 6 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1288 5 0 0 1 0 1 1 0 8 0 pfstitem 24 688 0 610 1 0 1 1 0 8 0 pfstkey 128 698 0 620 5 2 3 3 0 8 0 pfstate 384 693 0 615 18 10 8 8 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 17 0 17 5 5 0 1 0 8 0 art_heap8 4096 6 0 5 4 3 1 3 0 8 0 art_heap4 256 4658 0 4224 60 30 30 31 0 8 0 art_table 32 4664 0 4229 4 0 4 4 0 8 0 art_node 16 1063 0 979 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 5 1 0 1 1 0 8 0 semapl 112 9560 0 9550 1 0 1 1 0 8 0 shmpl 112 130 0 2 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 25727 0 24210 95 0 95 95 0 8 0 ffsino 272 25727 0 24210 102 0 102 102 0 8 0 nchpl 144 51634 0 51107 63 40 23 63 0 8 0 rtmask 32 7 0 7 3 2 1 1 0 8 1 uvmvnodes 80 7548 0 0 155 0 155 155 0 8 0 vnodes 216 7548 0 0 420 0 420 420 0 8 0 namei 1024 176502 0 176499 12 11 1 3 0 8 0 percpumem 16 599 0 555 1 0 1 1 0 8 0 kstatmem 264 680 0 646 5 2 3 3 0 8 0 scsiplug 72 12 0 12 4 4 0 1 0 8 0 scxspl 216 157461 0 157458 35 33 2 8 0 8 1 plimitpl 152 1920 0 1905 1 0 1 1 0 8 0 sigapl 424 18517 0 18455 11 3 8 8 0 8 0 futexpl 64 166856 0 166856 8 7 1 1 0 8 1 knotepl 120 1128 0 0 13 0 13 13 0 8 0 kqueuepl 216 3300 0 3295 48 47 1 5 0 8 0 pipepl 320 3942 0 3914 95 92 3 10 0 8 0 fdescpl 496 18466 0 18444 6 2 4 5 0 8 0 filepl 152 145083 0 144862 225 212 13 22 0 8 2 lockfpl 104 3973 0 3972 9 8 1 2 0 8 0 lockfspl 48 949 0 948 1 0 1 1 0 8 0 sessionpl 144 78 0 62 1 0 1 1 0 8 0 pgrppl 48 151 0 135 1 0 1 1 0 8 0 ucredpl 104 17682 0 17669 1 0 1 1 0 8 0 zombiepl 144 18458 0 18455 1 0 1 1 0 8 0 processpl 1072 18517 0 18455 6 1 5 5 0 8 0 procpl 696 51183 0 51100 23 14 9 10 0 8 0 srpgc 96 60 0 60 20 20 0 1 0 8 0 sosppl 168 147 0 147 22 22 0 1 0 8 0 sockpl 488 58963 0 58950 1100 1089 11 44 0 8 8 mcl64k 65536 33 0 0 3 0 3 3 0 8 0 mcl16k 16384 61 0 0 6 4 2 3 0 8 0 mcl12k 12288 31 0 0 2 0 2 2 0 8 0 mcl9k 9216 41 0 0 3 1 2 2 0 8 0 mcl8k 8192 49 0 0 4 1 3 3 0 8 0 mcl4k 4096 58 0 0 3 0 3 3 0 8 0 mcl2k2 2112 17 0 0 2 0 2 2 0 8 0 mcl2k 2048 573 0 0 56 37 19 56 0 8 1 mtagpl 96 84 0 0 3 0 3 3 0 8 0 mbufpl 256 3679 0 0 211 0 211 211 0 8 0 bufpl 288 30787 0 23237 540 0 540 540 0 8 0 anonpl 24 1860979 0 1846945 275 163 112 132 0 186 0 amapchunkpl 152 581182 0 580359 165 120 45 53 0 158 7 amappl16 200 33392 0 32928 161 135 26 38 0 8 0 amappl15 192 9 0 7 1 0 1 1 0 8 0 amappl14 184 347 0 334 2 1 1 2 0 8 0 amappl13 176 46 0 46 4 4 0 1 0 8 0 amappl12 168 19934 0 19908 4 2 2 2 0 8 0 amappl11 160 49 0 41 1 0 1 1 0 8 0 amappl10 152 89 0 76 1 0 1 1 0 8 0 amappl9 144 282 0 281 2 1 1 2 0 8 0 amappl8 136 1345 0 1170 8 1 7 7 0 8 0 amappl7 128 227 0 209 1 0 1 1 0 8 0 amappl6 120 806 0 786 2 1 1 2 0 8 0 amappl5 112 653 0 647 1 0 1 1 0 8 0 amappl4 104 1693 0 1642 3 1 2 3 0 8 0 amappl3 96 111144 0 111075 4 1 3 3 0 8 0 amappl2 88 19317 0 19263 3 0 3 3 0 8 0 amappl1 80 76777 0 76331 23 11 12 23 0 8 0 amappl 88 179179 0 178955 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 132 0 2 3 0 3 3 0 8 0 uaddrrnd 24 18466 0 18444 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 18466 0 18444 1 0 1 1 0 8 0 vmmpekpl 168 140622 0 140538 5 0 5 5 0 8 0 vmmpepl 168 1110925 0 1108778 370 242 128 136 0 357 2 vmsppl 456 18465 0 18444 6 2 4 5 0 8 0 rwobjpl 56 268642 0 259446 147 16 131 131 0 8 0 pdppl 4096 36939 0 36888 1090 1027 63 81 0 8 12 pvpl 32 5052766 0 5033556 671 482 189 341 0 265 0 pmappl 248 18465 0 18444 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2556 0 1471 32 0 32 32 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffffffff82c1dff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82d3d7d0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d3d7d0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 intr_handler(ffff800022f2b260,ffff80000006ba00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f Xspllower() at Xspllower+0x1d cnputc(61) at cnputc+0x4f sys/dev/cons.c:218 db_putchar(61) at db_putchar+0x3fc sys/ddb/db_output.c:155 kprintf() at kprintf+0x6bc sys/kern/subr_prf.c:724 db_printf(ffffffff828117e8) at db_printf+0x89 sys/kern/subr_prf.c:498 panic(ffffffff82781e43) at panic+0xdb sys/kern/subr_prf.c:216 vop_generic_badop(ffff800022f2b688) at vop_generic_badop+0x1f sys/kern/vfs_default.c:133 VOP_STRATEGY(fffffd8067eba010,fffffd806840f160) at VOP_STRATEGY+0x9f sys/kern/vfs_vops.c:628 end trace frame: 0xffff800022f2b730, count: 0 ddb{0}> trace x86_ipi_db(ffffffff82c1dff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82d3d7d0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d3d7d0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 intr_handler(ffff800022f2b260,ffff80000006ba00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f Xspllower() at Xspllower+0x1d cnputc(61) at cnputc+0x4f sys/dev/cons.c:218 db_putchar(61) at db_putchar+0x3fc sys/ddb/db_output.c:155 kprintf() at kprintf+0x6bc sys/kern/subr_prf.c:724 db_printf(ffffffff828117e8) at db_printf+0x89 sys/kern/subr_prf.c:498 panic(ffffffff82781e43) at panic+0xdb sys/kern/subr_prf.c:216 vop_generic_badop(ffff800022f2b688) at vop_generic_badop+0x1f sys/kern/vfs_default.c:133 VOP_STRATEGY(fffffd8067eba010,fffffd806840f160) at VOP_STRATEGY+0x9f sys/kern/vfs_vops.c:628 bwrite(fffffd806840f160) at bwrite+0x1f4 sys/kern/vfs_bio.c:760 VOP_BWRITE(fffffd806840f160) at VOP_BWRITE+0x4e sys/kern/vfs_vops.c:640 ufs_mkdir(ffff800022f2b920) at ufs_mkdir+0x6c4 sys/ufs/ufs/ufs_vnops.c:1235 VOP_MKDIR(fffffd805887de60,ffff800022f2ba80,ffff800022f2bab0,ffff800022f2b9b0) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388 domkdirat(ffff8000212adbb8,ffffff9c,200001c0,a6) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3074 syscall(ffff800022f2bc30) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff800022f2bc30) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:632 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a96c62aba0, count: -21 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x1c: addq $0x8,%rsp db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8278f1ff) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff8280cee1,ffffffff827effff,2a3,ffffffff827c6cbc) at __assert+0x29 sys/kern/subr_prf.c:157 proc_trampoline_mp() at proc_trampoline_mp+0x135 end trace frame: 0x0, count: 11 ddb{1}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8278f1ff) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff8280cee1,ffffffff827effff,2a3,ffffffff827c6cbc) at __assert+0x29 sys/kern/subr_prf.c:157 proc_trampoline_mp() at proc_trampoline_mp+0x135 end trace frame: 0x0, count: -4