kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Sun Jan 27 22:33:12 PST 2019 OpenBSD/amd64 (ci-openbsd-setuid-0.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts. 2019/01/27 22:33:34 parsed 1 programs 2019/01/27 22:33:40 executed programs: 0 login: panic: vmmaplk: lock not shared Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 490737 39236 0 0 0 1 syz-executor0 *146711 39236 0 0 0x4000000 0K syz-executor0 db_enter() at db_enter+0x18 panic() at panic+0x16c _rw_exit_read(ffff800020b75778,288,ffff800020c5d8b8) at _rw_exit_read+0x12b uvm_fault(4010a9092bcffe90,ffff800020b75778,0,ffffffff81433cc0) at uvm_fault+0x 23bb pageflttrap() at pageflttrap+0x216 kerntrap(d1cf845f83ad44af) at kerntrap+0xeb alltraps_kern(6,70,ffff800020b75778,0,7,70) at alltraps_kern+0x7b copyin(7fe58652a77f519d,ffff800020c5dd70,7,ffff800020c5dd88,ffff800020b75778,10 c0) at copyin+0x4b sys_pwritev(7b8ca6efd08c1e6e,0,ffff800020b75778) at sys_pwritev+0x6b syscall(8e20ab797721b61c) at syscall+0x5a0 Xsyscall(6,0,ffffffffffffffb8,0,4,8f603d8c0d8) at Xsyscall+0x128 end of kernel end trace frame: 0x8f89315d2d0, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic vmmaplk: lock not shared ddb{0}> trace db_enter() at db_enter+0x18 panic() at panic+0x16c _rw_exit_read(ffff800020b75778,288,ffff800020c5d8b8) at _rw_exit_read+0x12b uvm_fault(4010a9092bcffe90,ffff800020b75778,0,ffffffff81433cc0) at uvm_fault+0x23bb pageflttrap() at pageflttrap+0x216 kerntrap(d1cf845f83ad44af) at kerntrap+0xeb alltraps_kern(6,70,ffff800020b75778,0,7,70) at alltraps_kern+0x7b copyin(7fe58652a77f519d,ffff800020c5dd70,7,ffff800020c5dd88,ffff800020b75778,10c0) at copyin+0x4b sys_pwritev(7b8ca6efd08c1e6e,0,ffff800020b75778) at sys_pwritev+0x6b syscall(8e20ab797721b61c) at syscall+0x5a0 Xsyscall(6,0,ffffffffffffffb8,0,4,8f603d8c0d8) at Xsyscall+0x128 end of kernel end trace frame: 0x8f89315d2d0, count: -11 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020c5d720 rbx 0xffff800020c5d7c0 rdx 0xffffffff81ec555e cmd0646_9_tim_udma+0x14e34 rcx 0x201 rax 0x1 r8 0xffffffff8185e574 kprintf+0x174 r9 0x1 r10 0xdab42df63de3a1b5 r11 0x87430c93c1500e74 r12 0x3000000008 r13 0xffff800020c5d730 r14 0x100 r15 0x1 rip 0xffffffff818accc8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c5d710 ss 0 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor0) pid=146711 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020be5078,0xffffffff822e2310 process=0xffff800020bcad38 user=0xffff800020c58000, vmspace=0xfffffd806e923008 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 39236 490737 54350 0 7 0 syz-executor0 39236 145569 54350 0 3 0x4000080 fsleep syz-executor0 *39236 146711 54350 0 7 0x4000000 syz-executor0 54350 318172 61240 0 3 0x82 nanosleep syz-executor0 61240 482578 5710 0 3 0x82 thrsleep syz-execprog 61240 512492 5710 0 2 0x4000482 syz-execprog 61240 318239 5710 0 3 0x4000082 thrsleep syz-execprog 61240 171113 5710 0 3 0x4000082 thrsleep syz-execprog 61240 389094 5710 0 3 0x4000082 thrsleep syz-execprog 61240 329634 5710 0 3 0x4000082 thrsleep syz-execprog 61240 66003 5710 0 3 0x4000082 thrsleep syz-execprog 61240 116369 5710 0 3 0x4000082 thrsleep syz-execprog 61240 251793 5710 0 3 0x4000082 kqread syz-execprog 5710 422342 62935 0 3 0x10008a pause ksh 62935 102431 85974 0 3 0x92 select sshd 5553 211796 1 0 3 0x100083 ttyin getty 85974 455380 1 0 3 0x80 select sshd 43317 352551 81857 73 3 0x100090 kqread syslogd 81857 192410 1 0 3 0x100082 netio syslogd 85905 266850 1 77 3 0x100090 poll dhclient 36070 360649 1 0 3 0x80 poll dhclient 45352 110930 0 0 2 0x14200 zerothread 56955 292645 0 0 3 0x14200 aiodoned aiodoned 52932 352362 0 0 3 0x14200 syncer update 23721 426583 0 0 3 0x14200 cleaner cleaner 78286 199044 0 0 3 0x14200 reaper reaper 45743 370194 0 0 3 0x14200 pgdaemon pagedaemon 46633 290546 0 0 3 0x14200 bored crynlk 26546 514114 0 0 3 0x14200 bored crypto 4277 319553 0 0 3 0x40014200 acpi0 acpi0 1415 11217 0 0 3 0x40014200 idle1 26097 455590 0 0 3 0x14200 bored softnet 43558 378100 0 0 3 0x14200 bored systqmp 18773 443937 0 0 3 0x14200 bored systq 58011 321180 0 0 3 0x40014200 bored softclock 35120 496586 0 0 3 0x40014200 idle0 1 397490 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 39236 (syz-executor0) thread 0xffff800020b75778 (146711) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822da9d0) locked @ /syzkaller/managers/setuid/kernel/sys/kern/sched_bsd.c:429 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9447 6317K 6317K 78643K 10534 0 0 pcb 23 9K 9K 78643K 55 0 0 rtable 79 2K 2K 78643K 141 0 0 ifaddr 28 8K 8K 78643K 28 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 14 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1166 73K 73K 78643K 1171 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 3 8K 12K 78643K 13 0 0 proc 40 38K 58K 78643K 221 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 22 1K 1K 78643K 22 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 18 79K 79K 78643K 18 0 0 exec 0 0K 1K 78643K 160 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 67 11K 11K 78643K 780 0 0 UVM aobj 2 2K 2K 78643K 2 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 6 0K 0K 78643K 6 0 0 temp 39 2345K 2409K 78643K 2654 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}>