witness: userret: returning with the following locks held: exclusive rrwlock inode r = 0 (0xfffffd806c231928) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 panic: witness_warn Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *391618 735 0 0x1000 0x4080000 1 syz-executor0 176822 52552 73 0x100010 0 0 syslogd db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 witness_warn(fdd8fe9062a00d21,0,ffff800020b74bc0) at witness_warn+0x700 witness_debugger sys/kern/subr_witness.c:2549 [inline] witness_warn(fdd8fe9062a00d21,0,ffff800020b74bc0) at witness_warn+0x700 sys/kern/subr_witness.c:1465 userret(6dbdec8ee0d2d576) at userret+0x361 sys/kern/kern_sig.c:1899 syscall(63bf95ec7ea5ff49) at syscall+0x680 mi_syscall_return sys/sys/syscall_mi.h:122 [inline] syscall(63bf95ec7ea5ff49) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605 Xsyscall(6,5,c,0,3,ddf6060c0d8) at Xsyscall+0x128 end of kernel end trace frame: 0xde1bc905050, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic witness_warn ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 witness_warn(fdd8fe9062a00d21,0,ffff800020b74bc0) at witness_warn+0x700 witness_debugger sys/kern/subr_witness.c:2549 [inline] witness_warn(fdd8fe9062a00d21,0,ffff800020b74bc0) at witness_warn+0x700 sys/kern/subr_witness.c:1465 userret(6dbdec8ee0d2d576) at userret+0x361 sys/kern/kern_sig.c:1899 syscall(63bf95ec7ea5ff49) at syscall+0x680 mi_syscall_return sys/sys/syscall_mi.h:122 [inline] syscall(63bf95ec7ea5ff49) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605 Xsyscall(6,5,c,0,3,ddf6060c0d8) at Xsyscall+0x128 end of kernel end trace frame: 0xde1bc905050, count: -6 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020c5cfe0 rbx 0xffff800020c5d080 rdx 0xffffffff81ec9049 cmd0646_9_tim_udma+0x1780c rcx 0x201 rax 0x1 r8 0xffffffff816aa1c4 kprintf+0x174 r9 0x1 r10 0x6dd5c757c8972325 r11 0xec8bbe39a90d2692 r12 0x3000000008 r13 0xffff800020c5cff0 r14 0x100 r15 0x1 rip 0xffffffff8156b348 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c5cfd0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor0) pid=391618 stat=onproc flags process=1000 proc=4080000 pri=32, usrpri=54, nice=20 forw=0xffffffffffffffff, list=0xffff800020be52d0,0xffffffff823154f8 process=0xffff800020bca360 user=0xffff800020c58000, vmspace=0xfffffd806e928440 estcpu=4, cpticks=3, pctcpu=0.0 user=0, sys=3, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 735 20873 34089 0 3 0x3000 suspend syz-executor0 * 735 391618 34089 0 7 0x4081000 syz-executor0 34089 487275 8546 0 3 0x82 nanosleep syz-executor0 8546 352266 67522 0 3 0x82 thrsleep syz-execprog 8546 96048 67522 0 3 0x4000082 thrsleep syz-execprog 8546 229339 67522 0 3 0x4000082 thrsleep syz-execprog 8546 103762 67522 0 3 0x4000082 thrsleep syz-execprog 8546 267221 67522 0 3 0x4000082 thrsleep syz-execprog 8546 204948 67522 0 3 0x4000082 thrsleep syz-execprog 8546 22150 67522 0 3 0x4000082 thrsleep syz-execprog 8546 61565 67522 0 3 0x4000082 thrsleep syz-execprog 8546 503996 67522 0 3 0x4000082 kqread syz-execprog 67522 482096 86744 0 3 0x10008a pause ksh 86744 155661 27416 0 3 0x92 select sshd 60003 386042 1 0 3 0x100083 ttyin getty 27416 146236 1 0 3 0x80 select sshd 52552 176822 73657 73 7 0x100010 syslogd 73657 330764 1 0 3 0x100082 netio syslogd 45416 123551 1 77 3 0x100090 poll dhclient 42003 519974 1 0 3 0x80 poll dhclient 88767 346327 0 0 3 0x14200 pgzero zerothread 18408 412126 0 0 3 0x14200 aiodoned aiodoned 9892 423931 0 0 3 0x14200 syncer update 90716 117483 0 0 3 0x14200 cleaner cleaner 66960 207161 0 0 3 0x14200 reaper reaper 98853 131814 0 0 3 0x14200 pgdaemon pagedaemon 64960 288132 0 0 3 0x14200 bored crynlk 27024 137522 0 0 3 0x14200 bored crypto 59832 311388 0 0 3 0x40014200 acpi0 acpi0 83819 382285 0 0 3 0x40014200 idle1 43437 425512 0 0 3 0x14200 bored softnet 235 251675 0 0 3 0x14200 bored systqmp 26193 131739 0 0 3 0x14200 bored systq 52756 367982 0 0 3 0x40014200 bored softclock 72820 414692 0 0 3 0x40014200 idle0 1 119322 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 735 (syz-executor0) thread 0xffff800020b74bc0 (391618) exclusive rrwlock inode r = 0 (0xfffffd806c231928) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 Process 52552 (syslogd) thread 0xffff800020be5c30 (176822) exclusive rrwlock inode r = 0 (0xfffffd806eba9098) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 ddb{1}>