panic: kernel diagnostic assertion "_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_map.c", line 3641 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *108370 83975 0 0 0x4000000 1 syz-executor.1 354406 90976 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff824502ee) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff824bffea,ffffffff824cd928,e39,ffffffff824ce6c6) at __assert+0x25 sys/kern/subr_prf.c:161 uvmspace_free(fffffd806ee75e68) at uvmspace_free+0xe4 sys/uvm/uvm_map.c:3641 vm_impl_init_vmx(ffff800021295c70,ffff800021262fc0) at vm_impl_init_vmx+0x159 vm_create(ffff800000b66800,ffff800021262fc0) at vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline] vm_create(ffff800000b66800,ffff800021262fc0) at vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510 vmmioctl(a00,c5005601,ffff800000b66800,1,ffff800021262fc0) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e38b830,c5005601,ffff800000b66800,1,fffffd807f7d8660,ffff800021262fc0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295 vn_ioctl(fffffd8069be61e8,c5005601,ffff800000b66800,ffff800021262fc0) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531 sys_ioctl(ffff800021262fc0,ffff800022ead908,ffff800022ead950) at sys_ioctl+0x4a2 syscall(ffff800022ead9d0) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800022ead9d0) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x89521665c90, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: kernel diagnostic assertion "_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_map.c", line 3641 ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff824502ee) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff824bffea,ffffffff824cd928,e39,ffffffff824ce6c6) at __assert+0x25 sys/kern/subr_prf.c:161 uvmspace_free(fffffd806ee75e68) at uvmspace_free+0xe4 sys/uvm/uvm_map.c:3641 vm_impl_init_vmx(ffff800021295c70,ffff800021262fc0) at vm_impl_init_vmx+0x159 vm_create(ffff800000b66800,ffff800021262fc0) at vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline] vm_create(ffff800000b66800,ffff800021262fc0) at vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510 vmmioctl(a00,c5005601,ffff800000b66800,1,ffff800021262fc0) at vmmioctl+0x1f2 VOP_IOCTL(fffffd806e38b830,c5005601,ffff800000b66800,1,fffffd807f7d8660,ffff800021262fc0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295 vn_ioctl(fffffd8069be61e8,c5005601,ffff800000b66800,ffff800021262fc0) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531 sys_ioctl(ffff800021262fc0,ffff800022ead908,ffff800022ead950) at sys_ioctl+0x4a2 syscall(ffff800022ead9d0) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800022ead9d0) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x89521665c90, count: -12 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800022ead400 rbx 0xffff800020d39bff rdx 0x8b rcx 0x2 rax 0x8a r8 0xffffffff81a0be34 kprintf+0x144 r9 0x1 r10 0x324f258e8a1e7b35 r11 0x2810d4c242613b5c r12 0xffff800020d39a00 r13 0 r14 0 r15 0x1 rip 0xffffffff81e3e908 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800022ead3f0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.1) pid=108370 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=74, nice=20 forw=0xffffffffffffffff, list=0xffff800021262000,0xffffffff82913618 process=0xffff8000ffffa188 user=0xffff800022ea8000, vmspace=0xfffffd806ee755c8 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 83975 135525 88489 0 2 0 syz-executor.1 *83975 108370 88489 0 7 0x4000000 syz-executor.1 88489 96575 47522 0 3 0x82 nanoslp syz-executor.1 28959 348733 47522 0 3 0x82 nanoslp syz-executor.0 47522 349034 92509 0 3 0x82 thrsleep syz-fuzzer 47522 9384 92509 0 3 0x4000082 thrsleep syz-fuzzer 47522 63850 92509 0 3 0x4000082 thrsleep syz-fuzzer 47522 268158 92509 0 3 0x4000082 thrsleep syz-fuzzer 47522 381793 92509 0 3 0x4000082 thrsleep syz-fuzzer 47522 83387 92509 0 3 0x4000082 thrsleep syz-fuzzer 47522 282260 92509 0 3 0x4000082 kqread syz-fuzzer 47522 309734 92509 0 3 0x4000082 thrsleep syz-fuzzer 92509 153408 7928 0 3 0x10008a sigsusp ksh 7928 206772 62068 0 3 0x9a select sshd 13263 218800 1 0 3 0x100083 ttyin getty 62068 320453 1 0 3 0x88 select sshd 48532 82663 56133 74 3 0x100092 bpf pflogd 56133 167659 1 0 3 0x80 netio pflogd 88927 200394 76258 73 3 0x100090 kqread syslogd 76258 264302 1 0 3 0x100082 netio syslogd 2505 144614 1 0 3 0x100080 kqread resolvd 3567 306921 96392 77 3 0x100092 kqread dhcpleased 27445 243637 96392 77 3 0x100092 kqread dhcpleased 96392 420276 1 0 3 0x80 kqread dhcpleased 89909 441484 0 0 3 0x14200 bored smr 10810 206019 0 0 2 0x14200 zerothread 47761 369254 0 0 3 0x14200 aiodoned aiodoned 15722 113415 0 0 3 0x14200 syncer update 30111 144356 0 0 3 0x14200 cleaner cleaner 90976 354406 0 0 7 0x14200 reaper 96282 424233 0 0 3 0x14200 pgdaemon pagedaemon 98619 82135 0 0 3 0x14200 bored crynlk 39947 422382 0 0 3 0x14200 bored crypto 61942 130955 0 0 3 0x14200 bored viomb 27379 482852 0 0 3 0x40014200 acpi0 acpi0 59695 410915 0 0 3 0x40014200 idle1 8710 65714 0 0 3 0x14200 bored softnet 76470 192603 0 0 3 0x14200 bored systqmp 51602 147832 0 0 3 0x14200 bored systq 40868 312696 0 0 3 0x40014200 bored softclock 87770 204075 0 0 3 0x40014200 idle0 1 53763 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: