kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Fri Feb 1 19:20:39 PST 2019 OpenBSD/amd64 (ci-openbsd-multicore-2.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. 2019/02/01 19:21:09 parsed 1 programs 2019/02/01 19:21:12 executed programs: 0 login: panic: vmmaplk: lock not shared Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 56134 45800 0 0x1000 0x4080000 1K syz-executor0 db_enter() at db_enter+0x18 panic() at panic+0x16c _rw_exit_read(ffff800020b74710,298,ffff800020c5d148) at _rw_exit_read+0x12b uvm_fault(7bb50248ea5c8152,ffff800020b74710,0,ffffffff81c0b1c0) at uvm_fault+0x 23bb pageflttrap() at pageflttrap+0x216 kerntrap(699a8b583795f664) at kerntrap+0xeb alltraps_kern(6,7f7fdfffbe00,20000200,0,ffff800020b74710,ffff800020c5d6a0) at a lltraps_kern+0x7b copyinstr(d8f317e93a094917,ffff800020c5d660,8001,1,ffff800020b74710,0) at copyi nstr+0x50 vn_open(55a4a2c103b00951,8001,8001) at vn_open+0xc3 doopenat(5174527150d094a6,0,ffff800020b74710,7cff6437468,0,50) at doopenat+0x2b 9 syscall(221112f4ecaf0bd6) at syscall+0x5a0 Xsyscall(6,0,ffffffffffffffac,0,3,7cdc3d040d8) at Xsyscall+0x128 end of kernel end trace frame: 0x7cff64374f0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic vmmaplk: lock not shared ddb{1}> trace db_enter() at db_enter+0x18 panic() at panic+0x16c _rw_exit_read(ffff800020b74710,298,ffff800020c5d148) at _rw_exit_read+0x12b uvm_fault(7bb50248ea5c8152,ffff800020b74710,0,ffffffff81c0b1c0) at uvm_fault+0x23bb pageflttrap() at pageflttrap+0x216 kerntrap(699a8b583795f664) at kerntrap+0xeb alltraps_kern(6,7f7fdfffbe00,20000200,0,ffff800020b74710,ffff800020c5d6a0) at alltraps_kern+0x7b copyinstr(d8f317e93a094917,ffff800020c5d660,8001,1,ffff800020b74710,0) at copyinstr+0x50 vn_open(55a4a2c103b00951,8001,8001) at vn_open+0xc3 doopenat(5174527150d094a6,0,ffff800020b74710,7cff6437468,0,50) at doopenat+0x2b9 syscall(221112f4ecaf0bd6) at syscall+0x5a0 Xsyscall(6,0,ffffffffffffffac,0,3,7cdc3d040d8) at Xsyscall+0x128 end of kernel end trace frame: 0x7cff64374f0, count: -12 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020c5cfb0 rbx 0xffff800020c5d050 rdx 0xffffffff81f31b5c cy_pio_rec+0x15d8 rcx 0x201 rax 0x1 r8 0xffffffff81b488b4 kprintf+0x174 r9 0x1 r10 0x2c67910d8ec53d6 r11 0xae8bad8ed1534dc6 r12 0x3000000008 r13 0xffff800020c5cfc0 r14 0x100 r15 0x1 rip 0xffffffff8135b538 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c5cfa0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor0) pid=56134 stat=onproc flags process=1000 proc=4080000 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020b752c8,0xffffffff822fd4d8 process=0xffff800020bca9f0 user=0xffff800020c58000, vmspace=0xfffffd806e924008 estcpu=3, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 45800 239335 77674 0 3 0x3000 suspend syz-executor0 *45800 56134 77674 0 7 0x4081000 syz-executor0 77674 434445 56126 0 3 0x82 nanosleep syz-executor0 56126 294847 25278 0 3 0x82 thrsleep syz-execprog 56126 63502 25278 0 3 0x4000082 thrsleep syz-execprog 56126 39652 25278 0 3 0x4000082 thrsleep syz-execprog 56126 2532 25278 0 3 0x4000082 thrsleep syz-execprog 56126 497852 25278 0 3 0x4000082 thrsleep syz-execprog 56126 31337 25278 0 3 0x4000082 thrsleep syz-execprog 56126 27758 25278 0 3 0x4000082 thrsleep syz-execprog 56126 215134 25278 0 3 0x4000082 thrsleep syz-execprog 56126 101476 25278 0 3 0x4000082 kqread syz-execprog 25278 189595 48495 0 3 0x10008a pause ksh 48495 44567 85691 0 3 0x92 select sshd 32852 331901 1 0 3 0x100083 ttyin getty 85691 89625 1 0 3 0x80 select sshd 30953 334011 10477 73 3 0x100090 kqread syslogd 10477 519035 1 0 3 0x100082 netio syslogd 14785 403087 1 77 3 0x100090 poll dhclient 29419 374021 1 0 3 0x80 poll dhclient 6766 43707 0 0 3 0x14200 pgzero zerothread 92870 111015 0 0 3 0x14200 aiodoned aiodoned 39991 265664 0 0 3 0x14200 syncer update 14398 195560 0 0 3 0x14200 cleaner cleaner 22788 419798 0 0 3 0x14200 reaper reaper 19113 270155 0 0 3 0x14200 pgdaemon pagedaemon 61528 332558 0 0 3 0x14200 bored crynlk 20102 220449 0 0 3 0x14200 bored crypto 93464 171161 0 0 3 0x40014200 acpi0 acpi0 39060 136551 0 0 3 0x40014200 idle1 95303 427787 0 0 3 0x14200 bored softnet 64883 312169 0 0 3 0x14200 bored systqmp 54453 169477 0 0 3 0x14200 bored systq 60068 350670 0 0 3 0x40014200 bored softclock 68701 106179 0 0 7 0x40014200 idle0 1 325575 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 45800 (syz-executor0) thread 0xffff800020b74710 (56134) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822d88a8) locked @ /syzkaller/managers/multicore/kernel/sys/kern/sched_bsd.c:436 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9447 6317K 6317K 78643K 10534 0 0 pcb 23 9K 9K 78643K 55 0 0 rtable 79 2K 2K 78643K 141 0 0 ifaddr 28 8K 8K 78643K 28 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 14 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1166 73K 73K 78643K 1171 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 3 8K 12K 78643K 10 0 0 proc 40 38K 58K 78643K 221 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 22 1K 1K 78643K 22 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 18 79K 79K 78643K 18 0 0 exec 0 0K 1K 78643K 160 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 64 11K 11K 78643K 762 0 0 UVM aobj 2 2K 2K 78643K 2 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 6 0K 0K 78643K 6 0 0 temp 39 2349K 2413K 78643K 2648 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 3 0 0 1 0 1 1 0 8 0 inpcbpl 280 26 0 18 1 0 1 1 0 8 0 plimitpl 152 14 0 8 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 32 0 1 1 0 1 1 0 8 0 syncache 264 5 0 5 1 0 1 1 0 8 1 tcpqe 32 7 0 7 1 1 0 1 0 8 0 tcpcb 544 10 0 5 1 0 1 1 0 8 0 nd6 48 2 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 145 0 0 10 0 10 10 0 8 0 art_table 32 146 0 0 2 0 2 2 0 8 0 art_node 16 31 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1400 0 18 45 0 45 45 0 8 0 ffsino 272 1400 0 18 93 0 93 93 0 8 0 nchpl 144 1614 0 34 59 0 59 59 0 8 0 uvmvnodes 72 1409 0 0 26 0 26 26 0 8 0 vnodes 200 1409 0 0 75 0 75 75 0 8 0 namei 1024 3526 0 3525 2 1 1 1 0 8 0 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 3544 0 3544 8 4 4 6 0 8 4 sigapl 432 185 0 173 2 0 2 2 0 8 0 futexpl 56 10 0 10 1 0 1 1 0 8 1 knotepl 112 43 0 28 1 0 1 1 0 8 0 kqueuepl 104 2 0 0 1 0 1 1 0 8 0 pipepl 112 130 0 117 2 1 1 1 0 8 0 fdescpl 488 186 0 173 2 0 2 2 0 8 0 filepl 152 917 0 860 3 0 3 3 0 8 0 lockfpl 104 6 0 6 1 1 0 1 0 8 0 lockfspl 32 3 0 3 1 1 0 1 0 8 0 sessionpl 112 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 47 0 40 1 0 1 1 0 8 0 zombiepl 144 174 0 173 2 1 1 1 0 8 0 processpl 840 200 0 173 4 0 4 4 0 8 0 procpl 600 211 0 175 3 0 3 3 0 8 0 sockpl 384 68 0 50 2 0 2 2 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 70 0 0 9 0 9 9 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 89 0 0 6 0 6 6 0 8 0 bufpl 256 4788 0 965 239 0 239 239 0 8 0 anonpl 16 19455 0 18005 15 2 13 13 0 125 7 amapchunkpl 152 624 0 559 4 0 4 4 0 158 1 amappl16 192 133 0 105 2 0 2 2 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 4 0 3 2 1 1 1 0 8 0 amappl13 168 19 0 15 1 0 1 1 0 8 0 amappl12 160 15 0 12 1 0 1 1 0 8 0 amappl11 152 187 0 176 1 0 1 1 0 8 0 amappl10 144 58 0 58 2 1 1 1 0 8 1 amappl9 136 136 0 134 1 0 1 1 0 8 0 amappl8 128 128 0 115 1 0 1 1 0 8 0 amappl7 120 33 0 27 1 0 1 1 0 8 0 amappl6 112 42 0 37 1 0 1 1 0 8 0 amappl5 104 256 0 245 1 0 1 1 0 8 0 amappl4 96 296 0 273 2 0 2 2 0 8 1 amappl3 88 131 0 126 1 0 1 1 0 8 0 amappl2 80 656 0 610 2 0 2 2 0 8 1 amappl1 72 12454 0 12028 24 6 18 19 0 8 8 amappl 72 418 0 389 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 186 0 173 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 186 0 173 1 0 1 1 0 8 0 vmmpekpl 168 5771 0 5750 2 0 2 2 0 8 0 vmmpepl 168 25664 0 24793 87 16 71 71 0 357 33 vmsppl 360 185 0 173 2 0 2 2 0 8 0 pdppl 4096 379 0 346 5 0 5 5 0 8 0 pvpl 32 94155 0 90434 95 3 92 92 0 265 61 pmappl 224 185 0 173 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 372 0 3 11 0 11 11 0 8 0 ddb{1}>