kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu Jan 31 05:43:59 PST 2019 OpenBSD/amd64 (ci-openbsd-multicore-8.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. 2019/01/31 05:44:20 parsed 1 programs 2019/01/31 05:44:26 executed programs: 0 login: panic: vmmaplk: lock not shared Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 83316 90077 0 0x1000 0x4080000 0 syz-executor0 216134 61836 0 0x14000 0x200 1 zerothread db_enter() at db_enter+0x18 panic() at panic+0x16c _rw_exit_read(ffff800020b74bc0,2a8,ffff800020c63978) at _rw_exit_read+0x12b uvm_fault(daf9ab3a87158316,ffff800020b74bc0,0,ffffffff81a74530) at uvm_fault+0x 23bb pageflttrap() at pageflttrap+0x216 kerntrap(3f6d4ba020f06669) at kerntrap+0xeb alltraps_kern(6,4,2,0,fffffd806d3bbdb8,ffff800020b74bc0) at alltraps_kern+0x7b copyin(3ebdb644363dfe00,0,ffff800020b74bc0,e0ac1745498,0,760) at copyin+0x56 syscall(48cc7e21c3cbe9d4) at syscall+0x5a0 Xsyscall(6,0,ffffffffffffff43,0,5,e08bfc751a0) at Xsyscall+0x128 end of kernel end trace frame: 0xe0ac1745520, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic vmmaplk: lock not shared ddb{0}> trace db_enter() at db_enter+0x18 panic() at panic+0x16c _rw_exit_read(ffff800020b74bc0,2a8,ffff800020c63978) at _rw_exit_read+0x12b uvm_fault(daf9ab3a87158316,ffff800020b74bc0,0,ffffffff81a74530) at uvm_fault+0x23bb pageflttrap() at pageflttrap+0x216 kerntrap(3f6d4ba020f06669) at kerntrap+0xeb alltraps_kern(6,4,2,0,fffffd806d3bbdb8,ffff800020b74bc0) at alltraps_kern+0x7b copyin(3ebdb644363dfe00,0,ffff800020b74bc0,e0ac1745498,0,760) at copyin+0x56 syscall(48cc7e21c3cbe9d4) at syscall+0x5a0 Xsyscall(6,0,ffffffffffffff43,0,5,e08bfc751a0) at Xsyscall+0x128 end of kernel end trace frame: 0xe0ac1745520, count: -10 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020c637e0 rbx 0xffff800020c63880 rdx 0xffffffff81f33597 apollo_pio_rec+0x9f13 rcx 0x201 rax 0x1 r8 0xffffffff81ae3134 kprintf+0x174 r9 0x1 r10 0x8f2ddba13c0a0e5e r11 0x33aab09d2d25088b r12 0x3000000008 r13 0xffff800020c637f0 r14 0x100 r15 0x1 rip 0xffffffff819a23b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c637d0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor0) pid=83316 stat=onproc flags process=1000 proc=4080000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020be59d8,0xffffffff822f33f0 process=0xffff800020bca360 user=0xffff800020c5e000, vmspace=0xfffffd806e92c5a8 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 90077 285831 76242 0 3 0x3000 suspend syz-executor0 *90077 83316 76242 0 7 0x4081000 syz-executor0 76242 86820 50233 0 3 0x82 nanosleep syz-executor0 50233 410318 41940 0 3 0x82 thrsleep syz-execprog 50233 203760 41940 0 3 0x4000082 thrsleep syz-execprog 50233 117236 41940 0 3 0x4000082 thrsleep syz-execprog 50233 113572 41940 0 3 0x4000082 thrsleep syz-execprog 50233 274103 41940 0 3 0x4000082 thrsleep syz-execprog 50233 16644 41940 0 3 0x4000082 thrsleep syz-execprog 50233 178647 41940 0 3 0x4000082 thrsleep syz-execprog 50233 95322 41940 0 3 0x4000082 kqread syz-execprog 50233 179677 41940 0 3 0x4000082 thrsleep syz-execprog 41940 213553 57376 0 3 0x10008a pause ksh 57376 442508 49188 0 3 0x92 select sshd 53779 206536 1 0 3 0x100083 ttyin getty 49188 80814 1 0 3 0x80 select sshd 43388 208495 37450 73 3 0x100090 kqread syslogd 37450 353527 1 0 3 0x100082 netio syslogd 42549 240911 1 77 3 0x100090 poll dhclient 41297 324100 1 0 3 0x80 poll dhclient 61836 216134 0 0 7 0x14200 zerothread 63285 190914 0 0 3 0x14200 aiodoned aiodoned 9126 429503 0 0 3 0x14200 syncer update 51475 82028 0 0 3 0x14200 cleaner cleaner 11318 210127 0 0 2 0x14200 reaper 40271 430427 0 0 3 0x14200 pgdaemon pagedaemon 64890 339453 0 0 3 0x14200 bored crynlk 5979 357828 0 0 3 0x14200 bored crypto 87018 375500 0 0 3 0x40014200 acpi0 acpi0 44553 143675 0 0 3 0x40014200 idle1 81343 427025 0 0 3 0x14200 bored softnet 78593 393871 0 0 3 0x14200 bored systqmp 60433 45021 0 0 3 0x14200 bored systq 15492 229933 0 0 3 0x40014200 bored softclock 82614 155425 0 0 3 0x40014200 idle0 1 162127 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 1: exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff822e8d28) locked @ /syzkaller/managers/multicore/kernel/sys/uvm/uvm_pmemrange.c:2008 Process 90077 (syz-executor0) thread 0xffff800020b74bc0 (83316) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822f1758) locked @ /syzkaller/managers/multicore/kernel/sys/kern/sched_bsd.c:436 ddb{0}>