witness: userret: returning with the following locks held: exclusive rwlock solock r = 0 (0xfffffd8077aea238) #0 witness_lock+0x44d #1 unp_solock_peer+0x64 sys/kern/uipc_usrreq.c:168 #2 uipc_usrreq+0x7c6 sys/kern/uipc_usrreq.c:350 #3 sosend+0x61b sys/kern/uipc_socket.c:657 #4 sendit+0x65d sys/kern/uipc_syscalls.c:682 #5 sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:589 #6 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] #6 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 panic: witness_warn Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *109711 45370 0 0 0x4000000 0 syz-executor.4 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82593e80) at panic+0x177 sys/kern/subr_prf.c:202 witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e witness_debugger sys/kern/subr_witness.c:2505 [inline] witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e sys/kern/subr_witness.c:1473 userret(ffff8000fffefce8) at userret+0x265 sys/kern/kern_sig.c:2012 syscall(ffff80002e4e61f0) at syscall+0x57e mi_syscall_return sys/sys/syscall_mi.h:128 [inline] syscall(ffff80002e4e61f0) at syscall+0x57e sys/arch/amd64/amd64/trap.c:607 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcd80c967190, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: witness_warn ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82593e80) at panic+0x177 sys/kern/subr_prf.c:202 witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e witness_debugger sys/kern/subr_witness.c:2505 [inline] witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e sys/kern/subr_witness.c:1473 userret(ffff8000fffefce8) at userret+0x265 sys/kern/kern_sig.c:2012 syscall(ffff80002e4e61f0) at syscall+0x57e mi_syscall_return sys/sys/syscall_mi.h:128 [inline] syscall(ffff80002e4e61f0) at syscall+0x57e sys/arch/amd64/amd64/trap.c:607 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcd80c967190, count: -6 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002e4e5f20 rbx 0xffffffff82937bb7 cpu_info_full_primary+0x2bb7 rdx 0xffff800000d88a00 rcx 0 rax 0xffff8000fffefce8 r8 0x101010101010101 r9 0x8080808080808080 r10 0x72677a0d26e3ee2c r11 0x7f7747767a3f13f8 r12 0xffffffff829379b8 cpu_info_full_primary+0x29b8 r13 0 r14 0 r15 0x1 rip 0xffffffff81d03c18 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e4e5f10 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.4) pid=109711 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=85, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffed260,0xffff800021232a98 process=0xffff8000ffffa148 user=0xffff80002e4e1000, vmspace=0xfffffd8067a2c450 estcpu=35, cpticks=5, pctcpu=0.0 user=0, sys=5, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 50769 460877 9636 0 2 0x4081000 syz-executor.6 50769 22081 9636 0 3 0x4003000 suspend syz-executor.6 58310 146594 72472 60928 2 0x10 syz-executor.7 58310 179141 72472 60928 3 0x4000090 fsleep syz-executor.7 29683 133161 27970 0 2 0 syz-executor.0 29683 296411 27970 0 3 0x4000080 fsleep syz-executor.0 4320 281493 99106 0 2 0 syz-executor.5 4320 191853 99106 0 3 0x4000080 fsleep syz-executor.5 4320 7289 99106 0 3 0x4000080 fsleep syz-executor.5 4320 101474 99106 0 3 0x4000080 fsleep syz-executor.5 45370 228496 36728 0 2 0 syz-executor.4 *45370 109711 36728 0 7 0x4000000 syz-executor.4 99106 75794 27201 0 2 0x482 syz-executor.5 72472 70687 27201 0 2 0x482 syz-executor.7 37066 337675 27201 0 2 0x482 syz-executor.1 49209 292965 27201 0 2 0x482 syz-executor.3 49190 116764 1 0 3 0x100083 ttyin getty 9636 155863 27201 0 2 0x482 syz-executor.6 81872 434424 0 0 3 0x14200 acct acct 36728 83046 27201 0 2 0x482 syz-executor.4 33010 451765 0 0 3 0x14280 nfsidl nfsio 30079 58934 0 0 3 0x14280 nfsidl nfsio 23168 24847 0 0 3 0x14280 nfsidl nfsio 84970 121081 0 0 3 0x14280 nfsidl nfsio 57475 361666 0 0 3 0x14280 nfsidl nfsio 87236 448807 0 0 3 0x14280 nfsidl nfsio 62221 87745 0 0 3 0x14280 nfsidl nfsio 30370 68629 0 0 3 0x14280 nfsidl nfsio 81928 375422 0 0 3 0x14280 nfsidl nfsio 99619 342936 0 0 3 0x14280 nfsidl nfsio 65567 310303 0 0 3 0x14280 nfsidl nfsio 91744 178972 0 0 3 0x14280 nfsidl nfsio 94561 297164 0 0 3 0x14280 nfsidl nfsio 37696 448635 0 0 3 0x14280 nfsidl nfsio 91837 329532 0 0 3 0x14280 nfsidl nfsio 36982 301882 0 0 3 0x14280 nfsidl nfsio 63794 93096 0 0 3 0x14280 nfsidl nfsio 51636 4644 0 0 3 0x14280 nfsidl nfsio 78392 323033 0 0 3 0x14280 nfsidl nfsio 26974 428405 0 0 3 0x14280 nfsidl nfsio 5479 92029 27201 0 2 0x482 syz-executor.2 27970 464265 27201 0 2 0x482 syz-executor.0 39313 80537 0 0 3 0x14200 bored sosplice 27201 200921 18483 0 3 0x82 thrsleep syz-fuzzer 27201 388947 18483 0 3 0x4000082 thrsleep syz-fuzzer 27201 399548 18483 0 3 0x4000082 thrsleep syz-fuzzer 27201 189015 18483 0 3 0x4000082 thrsleep syz-fuzzer 27201 319114 18483 0 3 0x4000082 thrsleep syz-fuzzer 27201 140190 18483 0 3 0x4000082 thrsleep syz-fuzzer 27201 518693 18483 0 3 0x4000082 kqread syz-fuzzer 27201 267365 18483 0 3 0x4000082 thrsleep syz-fuzzer 27201 353148 18483 0 3 0x4000082 thrsleep syz-fuzzer 27201 10675 18483 0 3 0x4000082 thrsleep syz-fuzzer 27201 161932 18483 0 3 0x4000082 thrsleep syz-fuzzer 18483 470101 52447 0 3 0x10008a sigsusp ksh 52447 283129 51326 0 3 0x9a kqread sshd 51326 443128 1 0 3 0x88 kqread sshd 81382 88346 47500 74 3 0x1100092 bpf pflogd 47500 395287 1 0 3 0x80 netio pflogd 63440 489320 93427 73 2 0x1100090 syslogd 93427 110845 1 0 3 0x100082 netio syslogd 71962 81738 1 0 3 0x100080 kqread resolvd 71624 126641 11519 77 3 0x100092 kqread dhcpleased 14749 65561 11519 77 3 0x100092 kqread dhcpleased 11519 157895 1 0 3 0x80 kqread dhcpleased 40614 128722 0 0 3 0x14200 bored smr 41181 244907 0 0 2 0x14200 zerothread 43894 477042 0 0 3 0x14200 aiodoned aiodoned 28436 385046 0 0 3 0x14200 syncer update 24499 5281 0 0 3 0x14200 cleaner cleaner 38494 385419 0 0 3 0x14200 reaper reaper 99537 267523 0 0 3 0x14200 pgdaemon pagedaemon 4912 243955 0 0 3 0x14200 bored viomb 6309 269190 0 0 3 0x40014200 acpi0 acpi0 30050 362580 0 0 7 0x40014200 idle1 7052 97846 0 0 3 0x14200 bored softnet 31749 518481 0 0 3 0x14200 bored softnet 49018 744 0 0 3 0x14200 bored softnet 20595 242926 0 0 3 0x14200 bored softnet 79044 501019 0 0 2 0x14200 systqmp 67417 92576 0 0 3 0x14200 bored systq 26940 375758 0 0 2 0x40014200 softclock 53904 90820 0 0 3 0x40014200 idle0 1 288737 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 45370 (syz-executor.4) thread 0xffff8000fffefce8 (109711) exclusive rwlock solock r = 0 (0xfffffd8077aea238) #0 witness_lock+0x44d #1 unp_solock_peer+0x64 sys/kern/uipc_usrreq.c:168 #2 uipc_usrreq+0x7c6 sys/kern/uipc_usrreq.c:350 #3 sosend+0x61b sys/kern/uipc_socket.c:657 #4 sendit+0x65d sys/kern/uipc_syscalls.c:682 #5 sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:589 #6 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] #6 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10227 6576K 7072K 78643K 36237 0 pcb 13 16K 18K 78643K 1885 0 rtable 228 11K 12K 78643K 3738 0 ifaddr 98 23K 23K 78643K 1336 0 sysctl 2 0K 0K 78643K 2 0 counters 56 35K 36K 78643K 324 0 ioctlops 0 0K 4K 78643K 5789 0 iov 0 0K 24K 78643K 1854 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1452 91K 91K 78643K 8097 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 17K 78643K 316 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1034 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 81K 78643K 12463 0 sigio 0 0K 0K 78643K 215 0 proc 71 91K 115K 78643K 2579 0 subproc 104 6K 6K 78643K 855 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 2632 0 in_multi 93 6K 7K 78643K 1012 0 ether_multi 1 0K 0K 78643K 60 0 mrt 1 0K 0K 78643K 37 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 235 1049K 1049K 78643K 235 0 exec 0 0K 2K 78643K 3227 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 452 810K 811K 78643K 69077 0 UVM aobj 131 4K 4K 78643K 216 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 451 0 NDP 14 0K 2K 78643K 297 0 temp 645 5736K 6046K 78643K 188743 0 kqueue 12 18K 26K 78643K 649 0 SYN cache 2 2352K 2360K 78643K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 488 0 485 5 4 1 3 0 8 0 rtentry 112 894 0 800 5 1 4 4 0 8 0 unpcb 144 5039 0 5020 68 64 4 10 0 8 3 syncache 296 42 0 42 13 13 0 1 0 8 0 tcpqe 32 182 0 182 8 8 0 1 0 8 0 tcpcb 736 8007 0 7999 135 133 2 16 0 8 0 arp 120 141 0 124 1 0 1 1 0 8 0 inpcb 320 15632 0 15624 153 144 9 12 0 8 8 ip6q 72 6 0 6 2 2 0 1 0 8 0 ip6af 40 18 0 18 2 2 0 1 0 8 0 nd6 48 220 0 199 1 0 1 1 0 8 0 pkpcb 40 15 0 15 3 3 0 1 0 8 0 kcovpl 48 65 0 57 1 0 1 1 0 8 0 ppxss 1256 30 0 30 10 9 1 1 0 8 1 pfstscr 40 16 0 16 4 4 0 1 0 8 0 pffrag 232 51 0 50 5 4 1 1 0 482 0 pffrnode 88 51 0 50 5 4 1 1 0 8 0 pffrent 40 144 0 143 6 5 1 1 0 8 0 pfosfp 40 1481 0 1054 5 0 5 5 0 8 0 pfosfpen 112 1481 0 757 21 0 21 21 0 8 0 pfrktable 1344 543 0 536 2 1 1 2 0 8 0 pftag 88 7 0 3 1 0 1 1 0 8 0 pfqueue 264 10 0 10 3 3 0 1 0 8 0 pfstitem 24 39 0 37 1 0 1 1 0 8 0 pfstkey 120 63 0 61 1 0 1 1 0 8 0 pfstate 336 51 0 49 2 1 1 2 0 8 0 pfrule 1360 417 0 361 6 1 5 5 0 8 0 rttmr 136 13 0 13 4 3 1 1 0 8 1 art_heap8 4096 3 0 1 3 1 2 3 0 8 0 art_heap4 256 3972 0 3531 46 18 28 30 0 8 0 art_table 32 3975 0 3532 4 0 4 4 0 8 0 art_node 16 890 0 809 1 0 1 1 0 8 0 sysvmsgpl 40 50 0 27 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 1032 0 1022 1 0 1 1 0 8 0 shmpl 112 213 0 85 5 1 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 16324 0 14854 93 0 93 93 0 8 0 ffsino 272 16324 0 14854 99 0 99 99 0 8 0 nchpl 144 32126 0 30482 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 115433 0 115433 6 4 2 2 0 8 2 percpumem 16 174 0 134 1 0 1 1 0 8 0 vcpupl 2048 115 0 1 15 0 15 15 0 8 0 vmpool 568 242 0 128 10 1 9 9 0 8 0 pfiaddrpl 120 161 0 152 1 0 1 1 0 8 0 kstatmem 264 296 0 268 10 7 3 3 0 8 1 scxspl 216 95194 0 95194 19 18 1 8 0 8 1 plimitpl 152 1769 0 1754 1 0 1 1 0 8 0 sigapl 424 12730 0 12660 11 3 8 9 0 8 0 futexpl 64 109082 0 109077 3 2 1 1 0 8 0 knotepl 120 684 0 0 18 4 14 17 0 8 0 kqueuepl 224 1745 0 1737 29 28 1 5 0 8 0 pipepl 336 1973 0 1943 51 43 8 8 0 8 5 fdescpl 496 12641 0 12613 5 1 4 5 0 8 0 filepl 152 76841 0 76593 158 141 17 23 0 8 7 lockfpl 104 4167 0 4165 12 11 1 4 0 8 0 lockfspl 48 1090 0 1088 1 0 1 1 0 8 0 sessionpl 144 85 0 68 1 0 1 1 0 8 0 pgrppl 48 274 0 256 1 0 1 1 0 8 0 ucredpl 104 7127 0 7112 1 0 1 1 0 8 0 zombiepl 144 12664 0 12660 1 0 1 1 0 8 0 processpl 1064 12730 0 12660 6 1 5 6 0 8 0 procpl 672 31157 0 31069 25 16 9 9 0 8 1 srpgc 96 102 0 102 14 14 0 1 0 8 0 sosppl 168 54 0 54 14 14 0 1 0 8 0 sockpl 504 21176 0 21144 377 364 13 35 0 8 8 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 360 0 0 22 1 21 22 0 8 0 mtagpl 96 1026 0 0 17 0 17 17 0 8 0 mbufpl 256 1316 0 0 58 0 58 58 0 8 0 bufpl 288 22126 0 15794 453 0 453 453 0 8 0 anonpl 24 2345534 0 2328045 230 112 118 163 0 186 0 amapchunkpl 152 203506 0 202789 65 33 32 39 0 158 0 amappl16 200 32222 0 31627 158 126 32 56 0 8 0 amappl15 192 3255 0 3253 1 0 1 1 0 8 0 amappl14 184 3929 0 3924 1 0 1 1 0 8 0 amappl13 176 1936 0 1929 1 0 1 1 0 8 0 amappl12 168 1009 0 1006 4 3 1 1 0 8 0 amappl11 160 1157 0 1138 4 3 1 2 0 8 0 amappl10 152 1172 0 1158 1 0 1 1 0 8 0 amappl9 144 1618 0 1613 1 0 1 1 0 8 0 amappl8 136 3841 0 3720 5 0 5 5 0 8 0 amappl7 128 2432 0 2415 1 0 1 1 0 8 0 amappl6 120 1532 0 1505 2 1 1 2 0 8 0 amappl5 112 8210 0 8192 1 0 1 1 0 8 0 amappl4 104 6725 0 6688 2 0 2 2 0 8 0 amappl3 96 37306 0 37252 2 0 2 2 0 8 0 amappl2 88 15346 0 15280 4 1 3 3 0 8 0 amappl1 80 295401 0 294746 26 10 16 20 0 8 0 amappl 88 67205 0 66969 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 215 0 85 3 0 3 3 0 8 0 uaddrrnd 24 12883 0 12741 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 12883 0 12741 1 0 1 1 0 8 0 vmmpekpl 168 85755 0 85678 4 0 4 4 0 8 0 vmmpepl 168 1231867 0 1229001 374 236 138 158 0 357 1 vmsppl 368 12882 0 12741 15 1 14 14 0 8 0 rwobjpl 56 293243 0 285438 129 16 113 117 0 8 0 pdppl 4096 25773 0 25596 755 572 183 183 0 8 6 pvpl 32 4708179 0 4686422 436 243 193 255 0 265 0 pmappl 248 12882 0 12741 12 2 10 10 0 8 1 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 2164 0 1150 30 0 30 30 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82593e80) at panic+0x177 sys/kern/subr_prf.c:202 witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e witness_debugger sys/kern/subr_witness.c:2505 [inline] witness_warn(2,0,ffffffff82620d13) at witness_warn+0x65e sys/kern/subr_witness.c:1473 userret(ffff8000fffefce8) at userret+0x265 sys/kern/kern_sig.c:2012 syscall(ffff80002e4e61f0) at syscall+0x57e mi_syscall_return sys/sys/syscall_mi.h:128 [inline] syscall(ffff80002e4e61f0) at syscall+0x57e sys/arch/amd64/amd64/trap.c:607 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcd80c967190, count: -6 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020dd8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020dd8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5