witness: userret: returning with the following locks held: exclusive rwlock netlock r = 0 (0xffffffff82748670) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 pfioctl+0x1fc7 #2 VOP_IOCTL+0x9a sys/kern/vfs_vops.c:297 #3 vn_ioctl+0xba sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4b0 #5 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:591 #6 Xsyscall+0x128 panic: witness_warn Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *246970 69269 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823becb8) at panic+0x15e sys/kern/subr_prf.c:218 witness_warn(2,0,ffffffff8243f0a3) at witness_warn+0x68f witness_debugger sys/kern/subr_witness.c:2493 [inline] witness_warn(2,0,ffffffff8243f0a3) at witness_warn+0x68f sys/kern/subr_witness.c:1455 userret(ffff8000212abc48) at userret+0x337 sys/kern/kern_sig.c:1932 syscall(ffff8000212a9a00) at syscall+0x55c mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff8000212a9a00) at syscall+0x55c sys/arch/amd64/amd64/trap.c:613 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xefa4a513f60, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic witness_warn ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823becb8) at panic+0x15e sys/kern/subr_prf.c:218 witness_warn(2,0,ffffffff8243f0a3) at witness_warn+0x68f witness_debugger sys/kern/subr_witness.c:2493 [inline] witness_warn(2,0,ffffffff8243f0a3) at witness_warn+0x68f sys/kern/subr_witness.c:1455 userret(ffff8000212abc48) at userret+0x337 sys/kern/kern_sig.c:1932 syscall(ffff8000212a9a00) at syscall+0x55c mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff8000212a9a00) at syscall+0x55c sys/arch/amd64/amd64/trap.c:613 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xefa4a513f60, count: -6 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000212a9750 rbx 0xffff8000212a9760 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff821a7fd6 kprintf+0x146 r9 0x1 r10 0x83666e8407881e3b r11 0xdbae5c9e7280a61 r12 0x3000000008 r13 0xffff8000212a9800 r14 0x100 r15 0x1 rip 0xffffffff81213b78 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000212a9740 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=246970 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff8000212ab9b8,0xffffffff82893308 process=0xffff80002125cc70 user=0xffff8000212a4000, vmspace=0xfffffd806e960a18 estcpu=31, cpticks=1, pctcpu=0.3 user=0, sys=4, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 69269 371280 75854 0 2 0 syz-executor.0 *69269 246970 75854 0 7 0x4000000 syz-executor.0 75854 224720 76593 0 2 0x482 syz-executor.0 81921 392716 76593 0 2 0x2 syz-executor.1 85976 166323 1 0 3 0x100083 ttyin getty 14426 230683 0 0 3 0x14200 bored sosplice 76593 62686 20433 0 2 0x482 syz-fuzzer 76593 462383 20433 0 2 0x4000482 syz-fuzzer 76593 328455 20433 0 3 0x4000082 thrsleep syz-fuzzer 76593 401687 20433 0 3 0x4000082 thrsleep syz-fuzzer 76593 52959 20433 0 3 0x4000082 thrsleep syz-fuzzer 76593 298317 20433 0 3 0x4000082 thrsleep syz-fuzzer 76593 340478 20433 0 3 0x4000082 kqread syz-fuzzer 76593 439662 20433 0 3 0x4000082 thrsleep syz-fuzzer 20433 180642 70598 0 3 0x10008a pause ksh 70598 16107 90463 0 3 0x92 select sshd 90463 516782 1 0 3 0x80 select sshd 24574 473018 92563 74 3 0x100092 bpf pflogd 92563 229754 1 0 3 0x80 netio pflogd 83772 267174 96844 73 2 0x100090 syslogd 96844 268051 1 0 3 0x100082 netio syslogd 3257 65614 1 77 3 0x100090 poll dhclient 62232 248668 1 0 3 0x80 poll dhclient 50069 394739 0 0 3 0x14200 bored smr 3727 493753 0 0 2 0x14200 zerothread 1081 443582 0 0 3 0x14200 aiodoned aiodoned 23542 276331 0 0 2 0x14200 update 70064 8148 0 0 3 0x14200 cleaner cleaner 61469 492538 0 0 3 0x14200 reaper reaper 76980 196844 0 0 3 0x14200 pgdaemon pagedaemon 87037 389988 0 0 3 0x14200 bored crynlk 77280 25109 0 0 3 0x14200 bored crypto 75890 164404 0 0 3 0x14200 bored viomb 9496 74923 0 0 3 0x40014200 acpi0 acpi0 88434 157305 0 0 7 0x40014200 idle1 68416 168196 0 0 3 0x14200 bored softnet 65509 90942 0 0 3 0x14200 bored systqmp 72802 491935 0 0 3 0x14200 bored systq 70952 148657 0 0 3 0x40014200 bored softclock 14841 259534 0 0 3 0x40014200 idle0 1 469344 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 69269 (syz-executor.0) thread 0xffff8000212abc48 (246970) exclusive rwlock netlock r = 0 (0xffffffff82748670) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 pfioctl+0x1fc7 #2 VOP_IOCTL+0x9a sys/kern/vfs_vops.c:297 #3 vn_ioctl+0xba sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4b0 #5 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:591 #6 Xsyscall+0x128 Process 81921 (syz-executor.1) thread 0xffff8000212ab498 (392716) exclusive rrwlock inode r = 0 (0xfffffd806e7eb1b0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 rw_enter+0x446 sys/kern/kern_rwlock.c:311 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:614 #4 vn_lock+0x6c sys/kern/vfs_vnops.c:575 #5 vget+0x1c6 sys/kern/vfs_subr.c:671 #6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119 #7 ffs_vget+0x6b sys/ufs/ffs/ffs_vfsops.c:1321 #8 ufs_lookup+0x151d sys/ufs/ufs/ufs_lookup.c:487 #9 VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90 #10 vfs_lookup+0x708 sys/kern/vfs_lookup.c:568 #11 namei+0x5f7 sys/kern/vfs_lookup.c:249 #12 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1848 #13 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] #13 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:591 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806c8411a8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 rw_enter+0x446 sys/kern/kern_rwlock.c:311 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:614 #4 vn_lock+0x6c sys/kern/vfs_vnops.c:575 #5 vfs_lookup+0xe6 sys/kern/vfs_lookup.c:419 #6 namei+0x5f7 sys/kern/vfs_lookup.c:249 #7 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1848 #8 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:591 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9558 6451K 7033K 78643K 17267 0 pcb 13 8K 8K 78643K 294 0 rtable 113 5K 6K 78643K 957 0 ifaddr 89 18K 18K 78643K 376 0 sysctl 2 0K 0K 78643K 2 0 counters 43 33K 34K 78643K 153 0 ioctlops 0 0K 4K 78643K 1865 0 iov 0 0K 24K 78643K 263 0 mount 1 1K 1K 78643K 1 0 vnodes 1227 77K 78K 78643K 3555 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 17 0 VM map 2 1K 1K 78643K 2 0 sem 10 1K 1K 78643K 17 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1825 197K 290K 78643K 13109 0 file desc 5 13K 25K 78643K 6563 0 sigio 0 0K 0K 78643K 33 0 proc 71 63K 95K 78643K 1364 0 subproc 32 2K 2K 78643K 123 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 420 0 in_multi 33 2K 2K 78643K 392 0 ether_multi 1 0K 0K 78643K 94 0 mrt 0 0K 0K 78643K 63 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 73 334K 334K 78643K 73 0 exec 0 0K 2K 78643K 668 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 207 96K 104K 78643K 14873 0 UVM aobj 37 3K 3K 78643K 42 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 309 0 NDP 15 0K 0K 78643K 103 0 temp 152 3975K 4039K 78643K 43181 0 kqueue 3 4K 16K 78643K 291 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 17 0 11 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 120 108 0 106 1 0 1 1 0 8 0 rtentry 112 144 0 100 2 0 2 2 0 8 0 unpcb 120 1523 0 1502 2 1 1 2 0 8 0 syncache 296 51 0 51 8 7 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 49 0 49 4 4 0 1 0 8 0 tcpcb 736 1022 0 1015 18 16 2 4 0 8 1 inpcb 296 2795 0 2787 11 9 2 2 0 8 1 rttmr 72 24 0 24 4 3 1 1 0 8 1 ip6q 72 8 0 8 1 1 0 1 0 8 0 ip6af 40 88 0 88 1 1 0 1 0 8 0 nd6 48 40 0 34 1 0 1 1 0 8 0 kcovpl 48 7 0 5 1 0 1 1 0 8 0 swfcl 56 12 0 0 1 0 1 1 0 8 0 ppxss 1128 10 0 10 2 2 0 1 0 8 0 pfstscr 40 9 0 9 2 1 1 1 0 8 1 pffrag 232 6 0 6 2 2 0 1 0 482 0 pffrnode 88 6 0 6 2 2 0 1 0 8 0 pffrent 40 12 0 12 2 2 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrke_plain 160 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 7 0 3 1 0 1 1 0 8 0 pftag 88 11 0 5 1 0 1 1 0 8 0 pfqueue 264 22 0 17 2 1 1 1 0 8 0 pfstitem 24 39 0 37 1 0 1 1 0 8 0 pfstkey 112 47 0 45 1 0 1 1 0 8 0 pfstate 328 42 0 40 3 2 1 3 0 8 0 pfrule 1360 199 0 136 7 1 6 6 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 415 0 224 12 0 12 12 0 8 0 art_table 32 416 0 224 2 0 2 2 0 8 0 art_node 16 143 0 103 1 0 1 1 0 8 0 sysvmsgpl 40 65 0 33 1 0 1 1 0 8 0 semupl 112 7 0 7 1 1 0 1 0 8 0 semapl 112 8 0 0 1 0 1 1 0 8 0 shmpl 112 39 0 5 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 9848 0 8447 89 0 89 89 0 8 0 ffsino 272 9848 0 8447 95 0 95 95 0 8 0 nchpl 144 17774 0 16184 60 0 60 60 0 8 0 rtmask 32 4 0 2 1 0 1 1 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 45552 0 45552 1 0 1 1 0 8 1 percpumem 16 87 0 55 1 0 1 1 0 8 0 vcpupl 1984 5 0 0 1 0 1 1 0 8 0 vmpool 560 7 0 2 1 0 1 1 0 8 0 pfiaddrpl 120 5 0 0 1 0 1 1 0 8 0 scsiplug 72 2 0 2 1 1 0 1 0 8 0 scxspl 216 54544 0 54544 9 8 1 8 0 8 1 plimitpl 152 292 0 284 1 0 1 1 0 8 0 sigapl 424 6769 0 6736 4 0 4 4 0 8 0 futexpl 56 56052 0 56052 1 0 1 1 0 8 1 knotepl 112 442 0 422 1 0 1 1 0 8 0 kqueuepl 152 3434 0 3419 1 0 1 1 0 8 0 pipepl 304 482 0 471 15 13 2 2 0 8 1 fdescpl 496 6750 0 6734 3 0 3 3 0 8 0 filepl 152 23921 0 23818 8 2 6 6 0 8 2 lockfpl 104 921 0 920 1 0 1 1 0 8 0 lockfspl 48 332 0 331 1 0 1 1 0 8 0 sessionpl 144 25 0 14 1 0 1 1 0 8 0 pgrppl 48 34 0 23 1 0 1 1 0 8 0 ucredpl 96 3198 0 3189 1 0 1 1 0 8 0 zombiepl 144 6736 0 6736 1 0 1 1 0 8 1 processpl 1056 6769 0 6736 3 0 3 3 0 8 0 procpl 656 13794 0 13753 5 1 4 5 0 8 0 sosppl 168 79 0 79 9 8 1 1 0 8 1 sockpl 400 4461 0 4422 9 3 6 7 0 8 0 mcl64k 65536 14 0 0 2 0 2 2 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 4 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 8 0 0 1 0 1 1 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 299 0 0 16 1 15 15 0 8 0 mtagpl 96 305 0 0 8 0 8 8 0 8 0 mbufpl 256 931 0 0 48 0 48 48 0 8 0 bufpl 280 13520 0 7271 447 0 447 447 0 8 0 anonpl 16 502106 0 494650 97 64 33 54 0 124 2 amapchunkpl 152 22704 0 22517 17 9 8 13 0 158 0 amappl16 192 23183 0 22899 75 59 16 33 0 8 1 amappl15 184 8 0 6 1 0 1 1 0 8 0 amappl14 176 1741 0 1736 1 0 1 1 0 8 0 amappl13 168 914 0 912 1 0 1 1 0 8 0 amappl12 160 2727 0 2721 1 0 1 1 0 8 0 amappl11 152 628 0 610 1 0 1 1 0 8 0 amappl10 144 10 0 8 1 0 1 1 0 8 0 amappl9 136 28 0 27 2 1 1 1 0 8 0 amappl8 128 1670 0 1568 4 0 4 4 0 8 0 amappl7 120 304 0 296 1 0 1 1 0 8 0 amappl6 112 94 0 76 1 0 1 1 0 8 0 amappl5 104 5969 0 5949 1 0 1 1 0 8 0 amappl4 96 4776 0 4751 1 0 1 1 0 8 0 amappl3 88 1152 0 1145 1 0 1 1 0 8 0 amappl2 80 48929 0 48856 3 0 3 3 0 8 0 amappl1 72 193755 0 193275 28 17 11 19 0 8 1 amappl 80 14177 0 14105 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 41 0 5 1 0 1 1 0 8 0 uaddrrnd 24 6757 0 6736 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6757 0 6736 1 0 1 1 0 8 0 vmmpekpl 168 34768 0 34734 2 0 2 2 0 8 0 vmmpepl 168 844379 0 842796 148 72 76 89 0 357 2 vmsppl 368 6756 0 6736 2 0 2 2 0 8 0 pdppl 4096 13521 0 13477 6 0 6 6 0 8 0 pvpl 32 2111048 0 2100405 241 140 101 135 0 265 11 pmappl 232 6756 0 6736 4 2 2 2 0 8 0 extentpl 40 57 0 39 1 0 1 1 0 8 0 phpool 112 315 0 23 9 0 9 9 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823becb8) at panic+0x15e sys/kern/subr_prf.c:218 witness_warn(2,0,ffffffff8243f0a3) at witness_warn+0x68f witness_debugger sys/kern/subr_witness.c:2493 [inline] witness_warn(2,0,ffffffff8243f0a3) at witness_warn+0x68f sys/kern/subr_witness.c:1455 userret(ffff8000212abc48) at userret+0x337 sys/kern/kern_sig.c:1932 syscall(ffff8000212a9a00) at syscall+0x55c mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff8000212a9a00) at syscall+0x55c sys/arch/amd64/amd64/trap.c:613 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xefa4a513f60, count: -6 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x2eb sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d70ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x2eb sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d70ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5