witness: userret: returning with the following locks held: exclusive rwlock solock r = 0 (0xfffffd806a6f9608) #0 witness_lock+0x44d #1 unp_solock_peer+0xa6 sys/kern/uipc_usrreq.c:163 #2 uipc_usrreq+0x7c6 sys/kern/uipc_usrreq.c:350 #3 sosend+0x61b sys/kern/uipc_socket.c:657 #4 sendit+0x65d sys/kern/uipc_syscalls.c:682 #5 sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:589 #6 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] #6 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 panic: witness_warn Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 32587 37771 32767 0x10 0 1 syz-executor.6 *229236 22147 32767 0x10 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82595df3) at panic+0x177 sys/kern/subr_prf.c:202 witness_warn(2,0,ffffffff8262507e) at witness_warn+0x65e witness_debugger sys/kern/subr_witness.c:2505 [inline] witness_warn(2,0,ffffffff8262507e) at witness_warn+0x65e sys/kern/subr_witness.c:1473 userret(ffff8000fffec7e8) at userret+0x265 sys/kern/kern_sig.c:2012 syscall(ffff80002b05adb0) at syscall+0x57e mi_syscall_return sys/sys/syscall_mi.h:128 [inline] syscall(ffff80002b05adb0) at syscall+0x57e sys/arch/amd64/amd64/trap.c:607 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x828a9bb8080, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: witness_warn ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82595df3) at panic+0x177 sys/kern/subr_prf.c:202 witness_warn(2,0,ffffffff8262507e) at witness_warn+0x65e witness_debugger sys/kern/subr_witness.c:2505 [inline] witness_warn(2,0,ffffffff8262507e) at witness_warn+0x65e sys/kern/subr_witness.c:1473 userret(ffff8000fffec7e8) at userret+0x265 sys/kern/kern_sig.c:2012 syscall(ffff80002b05adb0) at syscall+0x57e mi_syscall_return sys/sys/syscall_mi.h:128 [inline] syscall(ffff80002b05adb0) at syscall+0x57e sys/arch/amd64/amd64/trap.c:607 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x828a9bb8080, count: -6 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002b05aae0 rbx 0xffffffff82926bb7 cpu_info_full_primary+0x2bb7 rdx 0xffff800000bcdac0 rcx 0 rax 0xffff8000fffec7e8 r8 0x101010101010101 r9 0x8080808080808080 r10 0xc5fcce2593775316 r11 0x2fd286c514415880 r12 0xffffffff829269b8 cpu_info_full_primary+0x29b8 r13 0 r14 0 r15 0x1 rip 0xffffffff81844108 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002b05aad0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.3) pid=229236 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffef7a0,0xffff8000fffeed30 process=0xffff8000ffff2150 user=0xffff80002b055000, vmspace=0xfffffd800874e000 estcpu=36, cpticks=5, pctcpu=0.0 user=0, sys=5, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 37771 32587 36268 32767 7 0x10 syz-executor.6 37771 187434 36268 32767 3 0x4000090 fsleep syz-executor.6 37771 290372 36268 32767 2 0x4000010 syz-executor.6 22147 84093 95769 32767 2 0x10 syz-executor.3 *22147 229236 95769 32767 7 0x4000010 syz-executor.3 96720 314399 43796 32767 2 0x10 syz-executor.7 96720 395874 43796 32767 3 0x4000090 fsleep syz-executor.7 90988 296020 32886 32767 2 0x10 syz-executor.5 90988 137910 32886 32767 3 0x4000090 fsleep syz-executor.5 82755 122603 2363 32767 3 0x90 piperd syz-executor.0 2363 142729 36996 0 3 0x82 wait syz-executor.0 34337 273295 10658 32767 3 0x90 piperd syz-executor.4 10658 223151 36996 0 3 0x82 wait syz-executor.4 32886 203627 69090 32767 2 0x490 syz-executor.5 69090 191201 36996 0 3 0x82 wait syz-executor.5 43796 4233 79447 32767 3 0x90 nanoslp syz-executor.7 79447 500711 36996 0 3 0x82 wait syz-executor.7 37264 379781 17858 32767 2 0x490 syz-executor.1 17858 434285 36996 0 3 0x82 wait syz-executor.1 36268 396289 98234 32767 2 0x490 syz-executor.6 98234 130881 36996 0 3 0x82 wait syz-executor.6 58491 180051 55012 32767 3 0x90 piperd syz-executor.2 55012 57850 36996 0 3 0x82 wait syz-executor.2 95769 521680 16846 32767 3 0x90 nanoslp syz-executor.3 16846 455897 36996 0 3 0x82 wait syz-executor.3 92227 233125 0 0 3 0x14200 bored sosplice 36996 78648 75598 0 2 0x482 syz-fuzzer 36996 66958 75598 0 3 0x4000082 nanoslp syz-fuzzer 36996 448850 75598 0 3 0x4000082 thrsleep syz-fuzzer 36996 36338 75598 0 3 0x4000082 thrsleep syz-fuzzer 36996 257439 75598 0 3 0x4000082 thrsleep syz-fuzzer 36996 367574 75598 0 3 0x4000082 thrsleep syz-fuzzer 36996 160564 75598 0 3 0x4000082 thrsleep syz-fuzzer 36996 439224 75598 0 3 0x4000082 thrsleep syz-fuzzer 36996 329827 75598 0 3 0x4000082 thrsleep syz-fuzzer 75598 83419 3712 0 3 0x10008a sigsusp ksh 3712 29155 55130 0 3 0x9a kqread sshd 37488 109843 1 0 3 0x100083 ttyin getty 55130 350166 1 0 3 0x88 kqread sshd 99080 271387 3315 73 3 0x1100090 kqread syslogd 3315 280319 1 0 3 0x100082 netio syslogd 30208 307902 1 0 3 0x100080 kqread resolvd 4149 33671 82855 77 3 0x100092 kqread dhcpleased 46521 482839 82855 77 3 0x100092 kqread dhcpleased 82855 319883 1 0 3 0x80 kqread dhcpleased 45476 133632 0 0 3 0x14200 bored smr 58534 105085 0 0 2 0x14200 zerothread 94385 64848 0 0 3 0x14200 aiodoned aiodoned 85224 490331 0 0 3 0x14200 syncer update 42511 299552 0 0 3 0x14200 cleaner cleaner 50096 487508 0 0 3 0x14200 reaper reaper 37852 171942 0 0 3 0x14200 pgdaemon pagedaemon 42903 478983 0 0 3 0x14200 bored viomb 30847 337735 0 0 3 0x40014200 acpi0 acpi0 45971 16427 0 0 3 0x40014200 idle1 84473 383116 0 0 3 0x14200 bored softnet 49339 74059 0 0 3 0x14200 bored softnet 16929 163933 0 0 3 0x14200 bored softnet 96782 507644 0 0 3 0x14200 bored softnet 13233 388937 0 0 2 0x14200 systqmp 26513 365312 0 0 3 0x14200 bored systq 27429 363369 0 0 2 0x40014200 softclock 85185 162581 0 0 3 0x40014200 idle0 1 107671 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 22147 (syz-executor.3) thread 0xffff8000fffec7e8 (229236) exclusive rwlock solock r = 0 (0xfffffd806a6f9608) #0 witness_lock+0x44d #1 unp_solock_peer+0xa6 sys/kern/uipc_usrreq.c:163 #2 uipc_usrreq+0x7c6 sys/kern/uipc_usrreq.c:350 #3 sosend+0x61b sys/kern/uipc_socket.c:657 #4 sendit+0x65d sys/kern/uipc_syscalls.c:682 #5 sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:589 #6 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] #6 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10207 6412K 6420K 78643K 11377 0 pcb 13 16K 18K 78643K 19 0 rtable 240 6K 7K 78643K 2435 0 ifaddr 81 17K 17K 78643K 266 0 sysctl 3 1K 1K 78643K 3 0 counters 56 35K 35K 78643K 108 0 ioctlops 0 0K 2K 78643K 177 0 iov 0 0K 28K 78643K 2546 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1271 79K 79K 78643K 4694 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 179 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 2968 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 22 81K 117K 78643K 15900 0 sigio 0 0K 0K 78643K 602 0 proc 56 78K 115K 78643K 2378 0 subproc 104 6K 6K 78643K 442 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1482 0 in_multi 99 6K 7K 78643K 652 0 ether_multi 1 0K 0K 78643K 69 0 mrt 1 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 241 1076K 1076K 78643K 241 0 exec 0 0K 2K 78643K 4528 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 314 90K 106K 78643K 98246 0 UVM aobj 131 5K 5K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 472 0 NDP 11 0K 2K 78643K 105 0 temp 125 4726K 4806K 78643K 41659 0 kqueue 12 18K 26K 78643K 1393 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1361 0 1358 17 14 3 3 0 8 2 rtentry 112 407 0 294 4 0 4 4 0 8 0 unpcb 144 15626 0 15611 173 170 3 10 0 8 2 syncache 296 172 0 172 27 27 0 1 0 8 0 tcpqe 32 70 0 70 21 21 0 1 0 8 0 tcpcb 736 8161 0 8152 197 187 10 15 0 8 8 arp 120 74 0 55 1 0 1 1 0 8 0 ipq 40 2 0 2 2 2 0 1 0 8 0 ipqe 40 7 0 7 2 2 0 1 0 8 0 inpcb 320 29021 0 29007 261 252 9 24 0 8 7 nd6 48 108 0 82 1 0 1 1 0 8 0 kcovpl 48 34 0 26 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1622 0 1160 29 0 29 29 0 8 0 art_table 32 1623 0 1160 4 0 4 4 0 8 0 art_node 16 406 0 303 1 0 1 1 0 8 0 sysvmsgpl 40 48 0 8 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 2962 0 2952 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 22478 0 20988 94 0 94 94 0 8 0 ffsino 272 22478 0 20988 100 0 100 100 0 8 0 nchpl 144 43495 0 41853 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 154283 0 154283 3 2 1 2 0 8 1 percpumem 16 66 0 26 1 0 1 1 0 8 0 kstatmem 264 74 0 52 2 0 2 2 0 8 0 scxspl 216 125708 0 125708 51 50 1 8 0 8 1 plimitpl 152 3535 0 3512 14 13 1 2 0 8 0 sigapl 424 16136 0 16084 7 0 7 7 0 8 0 futexpl 64 148179 0 148176 3 2 1 1 0 8 0 knotepl 120 1238 0 0 19 2 17 17 0 8 0 kqueuepl 224 11225 0 11215 121 116 5 7 0 8 3 pipepl 336 4463 0 4435 134 126 8 13 0 8 5 fdescpl 496 16118 0 16085 7 2 5 6 0 8 0 filepl 152 135093 0 134848 219 200 19 22 0 8 8 lockfpl 104 3024 0 3022 4 3 1 2 0 8 0 lockfspl 48 690 0 688 1 0 1 1 0 8 0 sessionpl 144 49 0 33 1 0 1 1 0 8 0 pgrppl 48 96 0 80 1 0 1 1 0 8 0 ucredpl 104 19939 0 19921 1 0 1 1 0 8 0 zombiepl 144 16085 0 16084 1 0 1 1 0 8 0 processpl 1064 16136 0 16084 4 0 4 4 0 8 0 procpl 672 47867 0 47802 31 23 8 9 0 8 1 sosppl 168 246 0 246 26 25 1 1 0 8 1 sockpl 504 46583 0 46551 990 972 18 38 0 8 13 mcl64k 65536 49 0 0 4 1 3 3 0 8 0 mcl16k 16384 26 0 0 4 1 3 3 0 8 0 mcl12k 12288 41 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 25 0 0 4 1 3 3 0 8 0 mcl4k 4096 47 0 0 4 2 2 3 0 8 0 mcl2k2 2112 15 0 0 1 0 1 1 0 8 0 mcl2k 2048 309 0 0 20 4 16 20 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 4707 0 0 287 1 286 286 0 8 0 bufpl 288 28749 0 22419 453 0 453 453 0 8 0 anonpl 24 3313723 0 3300791 258 150 108 130 0 186 5 amapchunkpl 152 323800 0 323232 170 140 30 42 0 158 2 amappl16 200 51020 0 50631 270 240 30 47 0 8 7 amappl15 192 916 0 916 5 5 0 1 0 8 0 amappl14 184 1098 0 1094 1 0 1 1 0 8 0 amappl13 176 4046 0 4038 1 0 1 1 0 8 0 amappl12 168 3994 0 3984 2 1 1 1 0 8 0 amappl11 160 2913 0 2896 1 0 1 1 0 8 0 amappl10 152 37 0 33 1 0 1 1 0 8 0 amappl9 144 838 0 834 1 0 1 1 0 8 0 amappl8 136 5117 0 4966 6 0 6 6 0 8 0 amappl7 128 3888 0 3875 1 0 1 1 0 8 0 amappl6 120 743 0 714 2 1 1 2 0 8 0 amappl5 112 6287 0 6276 1 0 1 1 0 8 0 amappl4 104 7787 0 7750 2 0 2 2 0 8 0 amappl3 96 56142 0 56083 5 2 3 3 0 8 1 amappl2 88 24432 0 24344 4 1 3 3 0 8 0 amappl1 80 388588 0 387919 31 14 17 19 0 8 1 amappl 88 96638 0 96473 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 16118 0 16085 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 16118 0 16085 1 0 1 1 0 8 0 vmmpekpl 168 135185 0 135125 4 0 4 4 0 8 0 vmmpepl 168 1603975 0 1601311 348 208 140 151 0 357 7 vmsppl 368 16117 0 16085 4 0 4 4 0 8 0 rwobjpl 56 404744 0 397260 143 33 110 113 0 8 0 pdppl 4096 32243 0 32170 437 356 81 91 0 8 8 pvpl 32 6239022 0 6220735 620 425 195 241 0 265 22 pmappl 248 16117 0 16085 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 2771 0 1655 33 0 33 33 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82595df3) at panic+0x177 sys/kern/subr_prf.c:202 witness_warn(2,0,ffffffff8262507e) at witness_warn+0x65e witness_debugger sys/kern/subr_witness.c:2505 [inline] witness_warn(2,0,ffffffff8262507e) at witness_warn+0x65e sys/kern/subr_witness.c:1473 userret(ffff8000fffec7e8) at userret+0x265 sys/kern/kern_sig.c:2012 syscall(ffff80002b05adb0) at syscall+0x57e mi_syscall_return sys/sys/syscall_mi.h:128 [inline] syscall(ffff80002b05adb0) at syscall+0x57e sys/arch/amd64/amd64/trap.c:607 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x828a9bb8080, count: -6 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7ffffbe710, count: 12 ddb{1}> trace x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7ffffbe710, count: -3