""ppanic: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_fork.c", line 690 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *309919 34193 0 0 0 1 syz-executor.1 494788 66746 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82201c69,ffffffff821eca41,2b2,ffffffff821d0648) at __assert+0x2b sys/kern/subr_prf.c:154 proc_trampoline_mp() at proc_trampoline_mp+0x123 end trace frame: 0x0, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic attempt to execute user address 0x0 in supervisor mode ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82201c69,ffffffff821eca41,2b2,ffffffff821d0648) at __assert+0x2b sys/kern/subr_prf.c:154 proc_trampoline_mp() at proc_trampoline_mp+0x123 end trace frame: 0x0, count: -4 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800022d7fc00 rbx 0xffff800022d7fcb0 rdx 0xffff800020ab0780 rcx 0 rax 0 r8 0xffffffff819ff24f kprintf+0x16f r9 0x1 r10 0x25 r11 0x5376a61c90c1e162 r12 0x3000000008 r13 0xffff800022d7fc10 r14 0x104 r15 0x1 rip 0xffffffff81c4c418 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800022d7fbf0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.1) pid=309919 stat=onproc flags process=0 proc=0 pri=51, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800020ab0290,0xffffffff8263bed0 process=0xffff800020addc00 user=0xffff800022d7a000, vmspace=0xfffffd807f00ccf0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND *34193 309919 31248 0 7 0 syz-executor.1 66746 20217 66549 0 2 0 syz-executor.0 66746 494788 66549 0 7 0x4000000 syz-executor.0 31248 149306 79518 0 2 0x2 syz-executor.1 34848 204717 1 0 3 0x100083 ttyin getty 8073 61083 0 0 3 0x14200 acct acct 66549 150169 79518 0 3 0x82 nanosleep syz-executor.0 63163 230313 0 0 3 0x14200 bored sosplice 79518 288426 42105 0 3 0x82 thrsleep syz-fuzzer 79518 127681 42105 0 3 0x4000082 nanosleep syz-fuzzer 79518 352369 42105 0 3 0x4000082 thrsleep syz-fuzzer 79518 291273 42105 0 3 0x4000082 thrsleep syz-fuzzer 79518 366233 42105 0 3 0x4000082 thrsleep syz-fuzzer 79518 378690 42105 0 3 0x4000082 nanosleep syz-fuzzer 79518 351043 42105 0 2 0x4000082 syz-fuzzer 79518 295467 42105 0 3 0x4000082 thrsleep syz-fuzzer 79518 134661 42105 0 3 0x4000082 thrsleep syz-fuzzer 79518 231340 42105 0 3 0x4000082 thrsleep syz-fuzzer 42105 247094 23491 0 3 0x10008a pause ksh 23491 459975 97816 0 3 0x92 select sshd 97816 402948 1 0 3 0x80 select sshd 8082 121997 80543 74 3 0x100092 bpf pflogd 80543 433692 1 0 3 0x80 netio pflogd 42143 230587 98008 73 3 0x100090 kqread syslogd 98008 350972 1 0 3 0x100082 netio syslogd 73345 17102 1 77 3 0x100090 poll dhclient 33717 384447 1 0 3 0x80 poll dhclient 11096 193630 0 0 3 0x14200 pgzero zerothread 50571 203114 0 0 3 0x14200 aiodoned aiodoned 23986 129220 0 0 3 0x14200 syncer update 31558 114643 0 0 3 0x14200 cleaner cleaner 13171 92296 0 0 3 0x14200 reaper reaper 60242 213060 0 0 3 0x14200 pgdaemon pagedaemon 36619 58499 0 0 3 0x14200 bored crynlk 39666 265306 0 0 3 0x14200 bored crypto 71916 192172 0 0 3 0x40014200 acpi0 acpi0 6702 243011 0 0 3 0x40014200 idle1 6391 329989 0 0 3 0x14200 bored softnet 85252 156581 0 0 3 0x14200 bored systqmp 51359 126414 0 0 3 0x14200 bored systq 77418 94518 0 0 3 0x40014200 bored softclock 16884 262682 0 0 3 0x40014200 idle0 30675 222767 0 0 3 0x14200 bored smr 1 51866 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 66746 (syz-executor.0) thread 0xffff800020ab0290 (494788) exclusive rwlock netlock r = 0 (0xffffffff824c74f8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 solock+0x5a sys/kern/uipc_socket2.c:282 #2 sys_connect+0x6b sys/kern/uipc_syscalls.c:362 #3 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #3 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #4 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 2 (0xffffffff82636290) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 Process 31248 (syz-executor.1) thread 0xffff800020ab18c8 (149306) exclusive rrwlock inode r = 0 (0xfffffd806ebf4d68) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 rw_enter+0x447 sys/kern/kern_rwlock.c:306 #2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435 #3 ufs_ihashins+0x45 sys/ufs/ufs/ufs_ihash.c:140 #4 ffs_vget+0x13e sys/ufs/ffs/ffs_vfsops.c:1352 #5 ffs_inode_alloc+0x1cf sys/ufs/ffs/ffs_alloc.c:392 #6 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1164 #7 VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:450 #8 domkdirat+0x121 sys/kern/vfs_syscalls.c:2983 #9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #10 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806ec234e0) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 rw_enter+0x447 sys/kern/kern_rwlock.c:306 #2 rrw_enter+0x4f sys/kern/kern_rwlock.c:435 #3 VOP_LOCK+0xf0 sys/kern/vfs_vops.c:615 #4 vn_lock+0x81 sys/kern/vfs_vnops.c:562 #5 vfs_lookup+0xe6 sys/kern/vfs_lookup.c:419 #6 namei+0x63c sys/kern/vfs_lookup.c:249 #7 domkdirat+0x75 sys/kern/vfs_syscalls.c:2968 #8 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #8 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9608 6456K 7315K 78643K 18448 0 0 pcb 13 10K 12K 78643K 495 0 0 rtable 117 12K 13K 78643K 1438 0 0 ifaddr 90 21K 22K 78643K 549 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1661 0 0 iov 0 0K 20K 78643K 322 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1222 77K 77K 78643K 4202 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 38 0 0 VM map 2 1K 1K 78643K 6 0 0 sem 12 0K 0K 78643K 472 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 6 17K 25K 78643K 3632 0 0 sigio 0 0K 0K 78643K 195 0 0 proc 61 63K 95K 78643K 1046 0 0 subproc 32 2K 2K 78643K 187 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 315 0 0 in_multi 34 2K 2K 78643K 250 0 0 ether_multi 1 0K 0K 78643K 29 0 0 mrt 0 0K 0K 78643K 23 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 186 821K 821K 78643K 186 0 0 exec 0 0K 1K 78643K 536 0 0 pfkey data 0 0K 1K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 116 22K 31K 78643K 13003 0 0 UVM aobj 130 4K 4K 78643K 137 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 551 0 0 NDP 22 0K 0K 78643K 160 0 0 temp 234 3557K 4197K 78643K 73855 0 0 kqueue 0 0K 0K 78643K 56 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 30 0 23 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 163 0 161 1 0 1 1 0 8 0 rtentry 112 164 0 119 2 0 2 2 0 8 0 unpcb 120 1581 0 1568 2 0 2 2 0 8 0 syncache 264 7 0 7 3 3 0 1 0 8 0 tcpqe 32 5527 0 5527 2 2 0 1 0 8 0 tcpcb 544 825 0 821 2 1 1 2 0 8 0 inpcb 280 2860 0 2850 28 27 1 13 0 8 0 rttmr 72 6 0 6 6 6 0 1 0 8 0 nd6 48 22 0 18 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 2 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 90 0 90 10 9 1 1 0 8 1 pffrag 232 8 0 8 5 5 0 1 0 482 0 pffrnode 88 8 0 8 5 5 0 1 0 8 0 pffrent 40 24 0 24 7 7 0 1 0 8 0 pfosfp 40 846 0 846 5 5 0 5 0 8 0 pfosfpen 112 1428 0 1428 21 21 0 21 0 8 0 pfstitem 24 103 0 82 1 0 1 1 0 8 0 pfstkey 112 103 0 82 1 0 1 1 0 8 0 pfstate 328 103 0 82 3 0 3 3 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 643 0 415 16 1 15 15 0 8 0 art_table 32 644 0 415 2 0 2 2 0 8 0 art_node 16 153 0 112 1 0 1 1 0 8 0 sysvmsgpl 40 32 0 24 1 0 1 1 0 8 0 semapl 112 470 0 460 1 0 1 1 0 8 0 shmpl 112 135 0 7 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 7137 0 5727 46 0 46 46 0 8 0 ffsino 272 7137 0 5727 95 0 95 95 0 8 0 nchpl 144 12475 0 10859 61 0 61 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 39305 0 39305 3 2 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vmpool 552 4 0 4 2 2 0 1 0 8 0 scsiplug 64 5 0 5 4 4 0 1 0 8 0 scxspl 192 35605 0 35605 24 23 1 7 0 8 1 plimitpl 152 317 0 309 1 0 1 1 0 8 0 sigapl 432 3806 0 3790 3 1 2 3 0 8 0 futexpl 56 71792 0 71792 1 0 1 1 0 8 1 knotepl 112 7914 0 7895 15 13 2 2 0 8 1 kqueuepl 104 6956 0 6954 3 2 1 2 0 8 0 pipepl 112 11618 0 11599 11 9 2 2 0 8 1 fdescpl 488 3807 0 3790 3 0 3 3 0 8 0 filepl 152 39405 0 39302 40 33 7 14 0 8 3 lockfpl 104 2105 0 2103 1 0 1 1 0 8 0 lockfspl 48 781 0 779 1 0 1 1 0 8 0 sessionpl 112 28 0 17 1 0 1 1 0 8 0 pgrppl 48 67 0 56 1 0 1 1 0 8 0 ucredpl 96 4051 0 4042 1 0 1 1 0 8 0 zombiepl 144 3790 0 3790 3 2 1 1 0 8 1 processpl 896 3824 0 3790 4 0 4 4 0 8 0 procpl 632 11744 0 11700 6 1 5 5 0 8 1 srpgc 64 19 0 19 9 8 1 1 0 8 1 sosppl 128 35 0 35 11 11 0 1 0 8 0 sockpl 384 4642 0 4617 55 51 4 22 0 8 1 mcl64k 65536 25 0 0 3 0 3 3 0 8 0 mcl16k 16384 15 0 0 2 0 2 2 0 8 0 mcl12k 12288 33 0 0 2 0 2 2 0 8 0 mcl9k 9216 25 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 135 0 0 16 0 16 16 0 8 0 mtagpl 80 94 0 0 2 0 2 2 0 8 0 mbufpl 256 370 0 0 14 0 14 14 0 8 0 bufpl 256 13961 0 6913 441 0 441 441 0 8 0 anonpl 16 365436 0 354012 160 90 70 78 0 124 7 amapchunkpl 152 22915 0 22805 24 18 6 12 0 158 0 amappl16 192 18911 0 18075 153 109 44 55 0 8 1 amappl15 184 181 0 181 1 1 0 1 0 8 0 amappl14 176 1899 0 1894 2 1 1 1 0 8 0 amappl13 168 448 0 448 4 3 1 1 0 8 1 amappl12 160 16 0 16 2 2 0 1 0 8 0 amappl11 152 377 0 361 1 0 1 1 0 8 0 amappl10 144 217 0 213 1 0 1 1 0 8 0 amappl9 136 1291 0 1285 1 0 1 1 0 8 0 amappl8 128 835 0 799 3 1 2 2 0 8 0 amappl7 120 293 0 284 1 0 1 1 0 8 0 amappl6 112 388 0 375 1 0 1 1 0 8 0 amappl5 104 561 0 546 1 0 1 1 0 8 0 amappl4 96 4350 0 4317 1 0 1 1 0 8 0 amappl3 88 833 0 828 1 0 1 1 0 8 0 amappl2 80 29244 0 29171 4 2 2 3 0 8 0 amappl1 72 91544 0 91106 25 15 10 20 0 8 0 amappl 80 12145 0 12106 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 136 0 7 3 0 3 3 0 8 0 uaddrrnd 24 3811 0 3790 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3811 0 3790 1 0 1 1 0 8 0 vmmpekpl 168 50704 0 50668 2 0 2 2 0 8 0 vmmpepl 168 466069 0 464023 280 162 118 118 0 357 26 vmsppl 368 3806 0 3790 2 0 2 2 0 8 0 pdppl 4096 7629 0 7588 7 1 6 6 0 8 0 pvpl 32 971127 0 956482 305 131 174 192 0 265 20 pmappl 232 3810 0 3794 3 2 1 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 615 0 8 18 0 18 18 0 8 0