witness: userret: returning with the following locks held: exclusive rwlock solock r = 0 (0xfffffd8065a1aa18) #0 witness_lock+0x44d #1 unp_solock_peer+0xa6 sys/kern/uipc_usrreq.c:163 #2 uipc_usrreq+0x7c6 sys/kern/uipc_usrreq.c:350 #3 sosend+0x61b sys/kern/uipc_socket.c:657 #4 sendit+0x65d sys/kern/uipc_syscalls.c:682 #5 sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:589 #6 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] #6 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 #7 pXsyscall+0x128 anic: witness_warn Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *384814 36191 0 0 0x4000000 0 syz-executor.6 368505 93183 0 0x14000 0x200 1 systq db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82593e80) at panic+0x177 sys/kern/subr_prf.c:202 witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e witness_debugger sys/kern/subr_witness.c:2505 [inline] witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e sys/kern/subr_witness.c:1473 userret(ffff80002ac2f7b0) at userret+0x265 sys/kern/kern_sig.c:2012 syscall(ffff80002e515ad0) at syscall+0x57e mi_syscall_return sys/sys/syscall_mi.h:128 [inline] syscall(ffff80002e515ad0) at syscall+0x57e sys/arch/amd64/amd64/trap.c:607 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd191337cdc0, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: witness_warn ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82593e80) at panic+0x177 sys/kern/subr_prf.c:202 witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e witness_debugger sys/kern/subr_witness.c:2505 [inline] witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e sys/kern/subr_witness.c:1473 userret(ffff80002ac2f7b0) at userret+0x265 sys/kern/kern_sig.c:2012 syscall(ffff80002e515ad0) at syscall+0x57e mi_syscall_return sys/sys/syscall_mi.h:128 [inline] syscall(ffff80002e515ad0) at syscall+0x57e sys/arch/amd64/amd64/trap.c:607 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd191337cdc0, count: -6 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002e515800 rbx 0xffffffff82937bb7 cpu_info_full_primary+0x2bb7 rdx 0xffff800000c7aec0 rcx 0 rax 0xffff80002ac2f7b0 r8 0 r9 0x8080808080808080 r10 0x18087be1ec20be5b r11 0x32d29bd471a0ee43 r12 0xffffffff829379b8 cpu_info_full_primary+0x29b8 r13 0 r14 0 r15 0x1 rip 0xffffffff81d03c18 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e5157f0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.6) pid=384814 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff80002ac2efd0,0xffff80002ac2e560 process=0xffff80002e50f628 user=0xffff80002e510000, vmspace=0xfffffd807806b308 estcpu=33, cpticks=3, pctcpu=0.0 user=0, sys=3, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 2432 356710 73696 0 2 0 syz-executor.2 2432 389651 73696 0 2 0x4000000 syz-executor.2 7245 73672 69578 0 2 0x480 syz-executor.1 7245 514886 69578 0 3 0x4000080 fsleep syz-executor.1 57104 513641 26015 0 2 0 syz-executor.0 57104 162411 26015 0 3 0x4000080 fsleep syz-executor.0 99637 476526 17885 0 2 0 syz-executor.5 99637 83720 17885 0 3 0x4000080 fsleep syz-executor.5 99637 137081 17885 0 3 0x4000080 fsleep syz-executor.5 36191 213083 79535 0 2 0 syz-executor.6 *36191 384814 79535 0 7 0x4000000 syz-executor.6 50276 50907 49349 0 2 0 syz-executor.4 50276 199452 49349 0 2 0x4000000 syz-executor.4 77793 24546 33407 0 2 0 syz-executor.7 77793 238684 33407 0 3 0x4000080 fsleep syz-executor.7 77793 262498 33407 0 3 0x4000080 fsleep syz-executor.7 77793 312461 33407 0 3 0x4000080 fsleep syz-executor.7 38845 398577 46382 0 2 0 syz-executor.3 38845 141171 46382 0 3 0x4000080 fsleep syz-executor.3 49349 124709 2593 0 2 0x482 syz-executor.4 46382 415913 2593 0 2 0x2 syz-executor.3 73696 206362 2593 0 3 0x82 nanoslp syz-executor.2 17885 28689 2593 0 3 0x82 nanoslp syz-executor.5 33407 13848 2593 0 2 0x482 syz-executor.7 79535 121928 2593 0 2 0x482 syz-executor.6 96962 25140 0 0 3 0x14200 bored sosplice 26500 141061 0 0 3 0x14200 acct acct 69578 35044 2593 0 3 0x82 nanoslp syz-executor.1 26015 418166 2593 0 2 0x482 syz-executor.0 2593 128395 55983 0 3 0x82 thrsleep syz-fuzzer 2593 113363 55983 0 3 0x4000082 thrsleep syz-fuzzer 2593 254275 55983 0 3 0x4000082 thrsleep syz-fuzzer 2593 63906 55983 0 3 0x4000082 kqread syz-fuzzer 2593 246503 55983 0 3 0x4000082 thrsleep syz-fuzzer 2593 502403 55983 0 3 0x4000082 thrsleep syz-fuzzer 2593 430797 55983 0 3 0x4000082 thrsleep syz-fuzzer 2593 110824 55983 0 3 0x4000082 thrsleep syz-fuzzer 2593 255613 55983 0 3 0x4000082 thrsleep syz-fuzzer 55983 18333 17078 0 3 0x10008a sigsusp ksh 17078 238671 61876 0 3 0x9a kqread sshd 35807 443115 1 0 3 0x100083 ttyin getty 61876 72335 1 0 3 0x88 kqread sshd 78166 333308 16324 74 3 0x1100092 bpf pflogd 16324 298422 1 0 3 0x80 netio pflogd 72063 5525 28579 73 2 0x1100090 syslogd 28579 97424 1 0 3 0x100082 netio syslogd 21578 165468 1 0 3 0x100080 kqread resolvd 6388 266050 2697 77 3 0x100092 kqread dhcpleased 70853 286565 2697 77 3 0x100092 kqread dhcpleased 2697 8345 1 0 3 0x80 kqread dhcpleased 25955 423419 0 0 3 0x14200 bored smr 34691 519202 0 0 2 0x14200 zerothread 39899 361806 0 0 3 0x14200 aiodoned aiodoned 58624 147223 0 0 3 0x14200 syncer update 87344 295511 0 0 3 0x14200 cleaner cleaner 46421 54173 0 0 3 0x14200 reaper reaper 11837 522640 0 0 3 0x14200 pgdaemon pagedaemon 90721 75927 0 0 3 0x14200 bored viomb 58031 356264 0 0 3 0x40014200 acpi0 acpi0 73553 487776 0 0 3 0x40014200 idle1 47329 328486 0 0 3 0x14200 bored softnet 12956 439040 0 0 3 0x14200 bored softnet 36927 21673 0 0 3 0x14200 bored softnet 67159 508857 0 0 3 0x14200 bored softnet 8327 156242 0 0 3 0x14200 bored systqmp 93183 368505 0 0 7 0x14200 systq 45703 212853 0 0 2 0x40014200 softclock 21717 100581 0 0 3 0x40014200 idle0 1 262013 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 36191 (syz-executor.6) thread 0xffff80002ac2f7b0 (384814) exclusive rwlock solock r = 0 (0xfffffd8065a1aa18) #0 witness_lock+0x44d #1 unp_solock_peer+0xa6 sys/kern/uipc_usrreq.c:163 #2 uipc_usrreq+0x7c6 sys/kern/uipc_usrreq.c:350 #3 sosend+0x61b sys/kern/uipc_socket.c:657 #4 sendit+0x65d sys/kern/uipc_syscalls.c:682 #5 sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:589 #6 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] #6 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10211 6508K 7099K 78643K 21535 0 pcb 13 14K 16K 78643K 1073 0 rtable 113 4K 8K 78643K 1456 0 ifaddr 69 15K 20K 78643K 594 0 sysctl 2 0K 0K 78643K 2 0 counters 50 34K 36K 78643K 212 0 ioctlops 0 0K 4K 78643K 2930 0 iov 0 0K 16K 78643K 391 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1331 83K 84K 78643K 4560 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 60 0 VM map 2 1K 1K 78643K 2 0 sem 14 2K 3K 78643K 39 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 18 65K 89K 78643K 7193 0 sigio 0 0K 0K 78643K 54 0 proc 70 91K 128K 78643K 1579 0 subproc 104 6K 6K 78643K 442 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 269 0 in_multi 48 3K 6K 78643K 630 0 ether_multi 1 0K 0K 78643K 27 0 mrt 1 0K 0K 78643K 15 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 181 811K 811K 78643K 181 0 exec 0 0K 2K 78643K 2075 0 pfkey data 0 0K 0K 78643K 3 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 393 573K 578K 78643K 43439 0 UVM aobj 131 4K 4K 78643K 137 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 1622 0 NDP 11 0K 2K 78643K 201 0 temp 125 4722K 70259K 78643K 65420 0 kqueue 13 20K 24K 78643K 514 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 348 0 344 3 2 1 3 0 8 0 rtentry 112 498 0 453 4 1 3 4 0 8 0 unpcb 144 2266 0 2247 22 18 4 6 0 8 3 syncache 296 49 0 49 9 8 1 1 0 8 1 tcpqe 32 136 0 136 5 5 0 1 0 8 0 tcpcb 736 4567 0 4561 93 88 5 16 0 8 3 arp 120 72 0 66 1 0 1 1 0 8 0 inpcb 320 8058 0 8047 84 75 9 12 0 8 8 nd6 48 148 0 139 1 0 1 1 0 8 0 pkpcb 40 21 0 21 6 6 0 1 0 8 0 kcovpl 48 34 0 26 1 0 1 1 0 8 0 ppxss 1256 33 0 33 6 6 0 1 0 8 0 pffrag 232 19 0 16 2 1 1 1 0 482 0 pffrnode 88 19 0 16 2 1 1 1 0 8 0 pffrent 40 46 0 43 2 1 1 1 0 8 0 pfosfp 40 1432 0 1008 5 0 5 5 0 8 0 pfosfpen 112 1432 0 714 21 0 21 21 0 8 0 pftag 88 3 0 0 1 0 1 1 0 8 0 pfstitem 24 196 0 141 1 0 1 1 0 8 0 pfstkey 120 196 0 141 2 0 2 2 0 8 0 pfstate 336 196 0 141 7 2 5 5 0 8 0 pfrule 1360 64 0 57 2 1 1 2 0 8 0 rttmr 136 2 0 2 1 1 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 1941 0 1686 40 20 20 30 0 8 0 art_table 32 1943 0 1686 4 0 4 4 0 8 0 art_node 16 493 0 454 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 0 1 0 1 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 30 0 18 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 10141 0 8696 92 0 92 92 0 8 0 ffsino 272 10141 0 8696 98 0 98 98 0 8 0 nchpl 144 19315 0 17666 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 68698 0 68698 3 2 1 2 0 8 1 percpumem 16 118 0 81 1 0 1 1 0 8 0 vcpupl 2048 162 0 0 21 0 21 21 0 8 0 vmpool 568 168 0 6 12 0 12 12 0 8 0 kstatmem 264 184 0 162 4 2 2 3 0 8 0 scxspl 216 56987 0 56987 16 15 1 8 0 8 1 plimitpl 152 805 0 789 1 0 1 1 0 8 0 sigapl 424 7476 0 7426 10 3 7 8 0 8 0 futexpl 64 54825 0 54817 1 0 1 1 0 8 0 knotepl 120 505 0 0 10 1 9 10 0 8 0 kqueuepl 224 1205 0 1195 22 21 1 5 0 8 0 pipepl 336 1113 0 1085 24 21 3 8 0 8 0 fdescpl 496 7437 0 7406 6 2 4 5 0 8 0 filepl 152 43663 0 43415 75 60 15 19 0 8 5 lockfpl 104 2091 0 2089 5 4 1 2 0 8 0 lockfspl 48 818 0 816 1 0 1 1 0 8 0 sessionpl 144 50 0 33 1 0 1 1 0 8 0 pgrppl 48 63 0 46 1 0 1 1 0 8 0 ucredpl 104 5091 0 5079 1 0 1 1 0 8 0 zombiepl 144 7426 0 7426 2 1 1 1 0 8 1 processpl 1064 7476 0 7426 5 0 5 5 0 8 0 procpl 672 20016 0 19947 17 10 7 9 0 8 0 srpgc 96 55 0 55 9 9 0 1 0 8 0 sosppl 168 33 0 32 7 6 1 1 0 8 0 sockpl 504 10703 0 10668 155 142 13 21 0 8 8 mcl64k 65536 25 0 0 4 1 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 16 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 22 0 0 3 1 2 3 0 8 0 mcl2k2 2112 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 227 0 0 21 0 21 21 0 8 0 mtagpl 96 401 0 0 9 0 9 9 0 8 0 mbufpl 256 1903 0 0 119 0 119 119 0 8 0 bufpl 288 13283 0 6954 453 0 453 453 0 8 0 anonpl 24 1431616 0 1414344 198 80 118 158 0 186 0 amapchunkpl 152 123934 0 123179 49 14 35 42 0 158 0 amappl16 200 19225 0 18623 104 71 33 57 0 8 0 amappl15 192 1837 0 1835 1 0 1 1 0 8 0 amappl14 184 1002 0 996 1 0 1 1 0 8 0 amappl13 176 434 0 430 1 0 1 1 0 8 0 amappl12 168 411 0 409 1 0 1 1 0 8 0 amappl11 160 349 0 327 1 0 1 1 0 8 0 amappl10 152 424 0 413 1 0 1 1 0 8 0 amappl9 144 2572 0 2568 1 0 1 1 0 8 0 amappl8 136 2392 0 2298 4 0 4 4 0 8 0 amappl7 128 1468 0 1452 1 0 1 1 0 8 0 amappl6 120 2505 0 2483 2 1 1 2 0 8 0 amappl5 112 6540 0 6517 1 0 1 1 0 8 0 amappl4 104 2193 0 2166 2 1 1 2 0 8 0 amappl3 96 21854 0 21796 2 0 2 2 0 8 0 amappl2 88 8280 0 8217 3 1 2 3 0 8 0 amappl1 80 176475 0 175771 20 5 15 20 0 8 0 amappl 88 42362 0 42136 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 136 0 6 3 0 3 3 0 8 0 uaddrrnd 24 7605 0 7412 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 7605 0 7412 2 0 2 2 0 8 0 vmmpekpl 168 53059 0 52988 4 0 4 4 0 8 0 vmmpepl 168 724430 0 721271 262 118 144 162 0 357 3 vmsppl 368 7604 0 7412 20 2 18 18 0 8 0 rwobjpl 56 181197 0 173406 123 11 112 117 0 8 0 pdppl 4096 15217 0 14986 517 286 231 231 0 8 0 pvpl 32 2865276 0 2843070 422 208 214 259 0 265 20 pmappl 248 7604 0 7412 13 0 13 13 0 8 1 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1692 0 574 33 0 33 33 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82593e80) at panic+0x177 sys/kern/subr_prf.c:202 witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e witness_debugger sys/kern/subr_witness.c:2505 [inline] witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e sys/kern/subr_witness.c:1473 userret(ffff80002ac2f7b0) at userret+0x265 sys/kern/kern_sig.c:2012 syscall(ffff80002e515ad0) at syscall+0x57e mi_syscall_return sys/sys/syscall_mi.h:128 [inline] syscall(ffff80002e515ad0) at syscall+0x57e sys/arch/amd64/amd64/trap.c:607 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd191337cdc0, count: -6 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82a57c00) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82a57c00) at __mp_lock+0x122 sys/kern/kern_lock.c:147 __mp_acquire_count(ffffffff82a57c00,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 msleep(ffffffff829920a0,ffffffff829920b8,20,ffffffff825d65b9,0) at msleep+0x175 taskq_next_work(ffffffff829920a0,ffff8000211fbb00) at taskq_next_work+0x6e sys/kern/kern_task.c:402 taskq_thread(ffffffff829920a0) at taskq_thread+0x135 sys/kern/kern_task.c:442 end trace frame: 0x0, count: 7 ddb{1}> trace x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82a57c00) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82a57c00) at __mp_lock+0x122 sys/kern/kern_lock.c:147 __mp_acquire_count(ffffffff82a57c00,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 msleep(ffffffff829920a0,ffffffff829920b8,20,ffffffff825d65b9,0) at msleep+0x175 taskq_next_work(ffffffff829920a0,ffff8000211fbb00) at taskq_next_work+0x6e sys/kern/kern_task.c:402 taskq_thread(ffffffff829920a0) at taskq_thread+0x135 sys/kern/kern_task.c:442 end trace frame: 0x0, count: -8