panic: vmmaplk: lock not shared Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 40108 63523 32767 0x10 0 0 syz-executor1 *155762 63523 32767 0x10 0x4000000 1K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 _rw_exit_read(ffff800020b93080,304,ffff800020cab948) at _rw_exit_read+0x12b sys/kern/kern_rwlock.c:355 uvm_fault(e56c3b793bbf51b0,ffff800020b93080,0,ffffffff811221c0) at uvm_fault+0x23bb uvmfault_unlockall sys/uvm/uvm_fault.c:1388 [inline] uvm_fault(e56c3b793bbf51b0,ffff800020b93080,0,ffffffff811221c0) at uvm_fault+0x23bb sys/uvm/uvm_fault.c:1266 pageflttrap() at pageflttrap+0x216 sys/arch/amd64/amd64/trap.c:200 kerntrap(d5fc58c9dada72e7) at kerntrap+0xeb sys/arch/amd64/amd64/trap.c:288 alltraps_kern(6,10,ffff800020b93080,0,1,10) at alltraps_kern+0x7b copyin(95b3aa31f7428b4,ffff800020cabe00,1,ffff800020cabe18,ffff800020b93080,10c0) at copyin+0x4b sys_pwritev(54afa8f02ab23cf7,10,ffff800020b93080) at sys_pwritev+0x6b sys/kern/vfs_syscalls.c:3152 syscall(37d3f696050b91b) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(37d3f696050b91b) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:574 Xsyscall(6,0,ffffffffffffffb8,0,4,2ab67d690d8) at Xsyscall+0x128 end of kernel end trace frame: 0x2ae1ecb9e60, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic vmmaplk: lock not shared ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 _rw_exit_read(ffff800020b93080,304,ffff800020cab948) at _rw_exit_read+0x12b sys/kern/kern_rwlock.c:355 uvm_fault(e56c3b793bbf51b0,ffff800020b93080,0,ffffffff811221c0) at uvm_fault+0x23bb uvmfault_unlockall sys/uvm/uvm_fault.c:1388 [inline] uvm_fault(e56c3b793bbf51b0,ffff800020b93080,0,ffffffff811221c0) at uvm_fault+0x23bb sys/uvm/uvm_fault.c:1266 pageflttrap() at pageflttrap+0x216 sys/arch/amd64/amd64/trap.c:200 kerntrap(d5fc58c9dada72e7) at kerntrap+0xeb sys/arch/amd64/amd64/trap.c:288 alltraps_kern(6,10,ffff800020b93080,0,1,10) at alltraps_kern+0x7b copyin(95b3aa31f7428b4,ffff800020cabe00,1,ffff800020cabe18,ffff800020b93080,10c0) at copyin+0x4b sys_pwritev(54afa8f02ab23cf7,10,ffff800020b93080) at sys_pwritev+0x6b sys/kern/vfs_syscalls.c:3152 syscall(37d3f696050b91b) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(37d3f696050b91b) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:574 Xsyscall(6,0,ffffffffffffffb8,0,4,2ab67d690d8) at Xsyscall+0x128 end of kernel end trace frame: 0x2ae1ecb9e60, count: -11 ddb{1}> show registers rdi 0xffffffff819b4817 db_enter+0x17 rsi 0x1552 __ALIGN_SIZE+0x552 rbp 0xffff800020cab7b0 rbx 0xffff800020cab850 rdx 0x1553 __ALIGN_SIZE+0x553 rcx 0xffff800002348000 rax 0xffff800002348000 r8 0xffffffff813be534 kprintf+0x174 r9 0x1 r10 0x5074cc8ccdfa4aa3 r11 0xf55c540786770424 r12 0x3000000008 r13 0xffff800020cab7c0 r14 0x100 r15 0x1 rip 0xffffffff819b4818 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020cab7a0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=155762 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=56, nice=20 forw=0xffffffffffffffff, list=0xffff800020b92720,0xffffffff822d75d8 process=0xffff800020b95078 user=0xffff800020ca6000, vmspace=0xfffffd807f00d708 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 63523 40108 69314 32767 7 0x10 syz-executor1 63523 396670 69314 32767 2 0x4000010 syz-executor1 *63523 155762 69314 32767 7 0x4000010 syz-executor1 69314 484140 68426 32767 3 0x90 nanosleep syz-executor1 68426 178384 85927 0 3 0x82 wait syz-executor1 20540 285149 34628 32767 3 0x10 biowait syz-executor0 34628 152649 85927 0 3 0x82 wait syz-executor0 82032 187599 0 0 3 0x14200 bored sosplice 85927 209250 45146 0 3 0x82 thrsleep syz-fuzzer 85927 294248 45146 0 3 0x4000082 nanosleep syz-fuzzer 85927 75627 45146 0 3 0x4000082 thrsleep syz-fuzzer 85927 381978 45146 0 3 0x4000082 thrsleep syz-fuzzer 85927 369379 45146 0 3 0x4000082 kqread syz-fuzzer 85927 418807 45146 0 3 0x4000082 thrsleep syz-fuzzer 85927 247520 45146 0 3 0x4000082 thrsleep syz-fuzzer 85927 394466 45146 0 3 0x4000082 thrsleep syz-fuzzer 85927 420245 45146 0 3 0x4000082 thrsleep syz-fuzzer 85927 302787 45146 0 3 0x4000082 nanosleep syz-fuzzer 45146 429807 29914 0 3 0x10008a pause ksh 29914 173955 56903 0 3 0x92 select sshd 83487 269174 1 0 3 0x100083 ttyin getty 56903 130855 1 0 3 0x80 select sshd 74885 237760 74069 73 3 0x100090 kqread syslogd 74069 467805 1 0 3 0x100082 netio syslogd 84144 102738 1 77 3 0x100090 poll dhclient 15287 352348 1 0 3 0x80 poll dhclient 3483 290709 0 0 3 0x14200 pgzero zerothread 89428 156078 0 0 3 0x14200 aiodoned aiodoned 20537 135582 0 0 3 0x14200 syncer update 50135 318890 0 0 3 0x14200 cleaner cleaner 42226 348602 0 0 3 0x14200 reaper reaper 79006 262246 0 0 3 0x14200 pgdaemon pagedaemon 89499 469343 0 0 3 0x14200 bored crynlk 71807 328765 0 0 3 0x14200 bored crypto 44537 427767 0 0 3 0x40014200 acpi0 acpi0 57412 94644 0 0 3 0x40014200 idle1 40416 391894 0 0 3 0x14200 bored softnet 37925 142938 0 0 3 0x14200 bored systqmp 3054 347587 0 0 3 0x14200 bored systq 37124 252202 0 0 3 0x40014200 bored softclock 180 279529 0 0 3 0x40014200 idle0 1 425699 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 63523 (syz-executor1) thread 0xffff800020b93080 (155762) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822e2448) locked @ /syzkaller/managers/setuid/kernel/sys/kern/sched_bsd.c:436 Process 20540 (syz-executor0) thread 0xffff800020b93c38 (285149) exclusive rrwlock inode r = 0 (0xfffffd806e489b48) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 exclusive rrwlock inode r = 0 (0xfffffd807a57bd60) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9459 6321K 6321K 78643K 10721 0 0 pcb 23 9K 11K 78643K 648 0 0 rtable 97 3K 3K 78643K 1287 0 0 ifaddr 36 11K 11K 78643K 253 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 54 0 0 iov 0 0K 16K 78643K 83 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1201 75K 75K 78643K 2121 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 19 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 0K 78643K 142 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 7 21K 33K 78643K 1206 0 0 sigio 0 0K 0K 78643K 16 0 0 proc 41 38K 70K 78643K 1159 0 0 subproc 68 69634K 69634K 78643K 1258 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 125 0 0 in_multi 33 2K 2K 78643K 453 0 0 ether_multi 1 0K 0K 78643K 12 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 54 238K 238K 78643K 54 0 0 exec 0 0K 1K 78643K 390 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 96 21K 30K 78643K 4421 0 0 UVM aobj 85 3K 3K 78643K 95 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 23 0 0 NDP 7 0K 0K 78643K 114 0 0 temp 113 2360K 2424K 78643K 7565 0 0 kqueue 0 0K 0K 78643K 12 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 39 0 35 1 0 1 1 0 8 0 inpcbpl 280 512 0 505 1 0 1 1 0 8 0 plimitpl 152 96 0 87 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 356 0 316 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 197 0 193 1 0 1 1 0 8 0 nd6 48 74 0 70 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1669 0 1481 12 0 12 12 0 8 0 art_table 32 1670 0 1481 2 0 2 2 0 8 0 art_node 16 355 0 321 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 7 1 0 1 1 0 8 0 semapl 112 140 0 130 1 0 1 1 0 8 0 shmpl 112 93 0 10 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2885 0 1468 46 0 46 46 0 8 0 ffsino 272 2885 0 1468 95 0 95 95 0 8 0 nchpl 144 4647 0 3076 59 0 59 59 0 8 0 uvmvnodes 72 3523 0 0 65 0 65 65 0 8 0 vnodes 200 3523 0 0 186 0 186 186 0 8 0 namei 1024 15497 0 15497 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 11340 0 11339 9 8 1 6 0 8 0 sigapl 432 1268 0 1253 3 1 2 3 0 8 0 futexpl 56 10523 0 10523 1 0 1 1 0 8 1 knotepl 112 903 0 876 4 3 1 2 0 8 0 kqueuepl 104 263 0 261 1 0 1 1 0 8 0 pipepl 112 1130 0 1111 7 6 1 2 0 8 0 fdescpl 488 1269 0 1253 3 0 3 3 0 8 1 filepl 152 8258 0 8161 7 2 5 7 0 8 1 lockfpl 104 278 0 278 4 3 1 1 0 8 1 lockfspl 32 720 0 720 3 2 1 1 0 8 1 sessionpl 112 52 0 42 1 0 1 1 0 8 0 pgrppl 48 61 0 51 1 0 1 1 0 8 0 ucredpl 96 2605 0 2596 1 0 1 1 0 8 0 zombiepl 144 1253 0 1253 2 1 1 1 0 8 1 processpl 840 1284 0 1253 4 0 4 4 0 8 0 procpl 600 3182 0 3140 4 0 4 4 0 8 0 srpgc 64 202 0 202 4 3 1 1 0 8 1 sosppl 128 28 0 28 8 7 1 1 0 8 1 sockpl 384 1176 0 1159 4 1 3 4 0 8 1 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 10 0 0 1 0 1 1 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 16 0 0 2 0 2 2 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 108 0 0 13 0 13 13 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 199 0 0 9 0 9 9 0 8 0 bufpl 256 6466 0 965 344 0 344 344 0 8 0 anonpl 16 142303 0 137566 70 42 28 39 0 125 4 amapchunkpl 152 8097 0 8009 23 14 9 9 0 158 4 amappl16 192 6129 0 5844 55 38 17 26 0 8 2 amappl15 184 88 0 87 1 0 1 1 0 8 0 amappl14 176 164 0 158 2 1 1 1 0 8 0 amappl13 168 333 0 328 1 0 1 1 0 8 0 amappl12 160 139 0 139 6 5 1 1 0 8 1 amappl11 152 434 0 425 1 0 1 1 0 8 0 amappl10 144 118 0 114 2 1 1 1 0 8 0 amappl9 136 380 0 379 1 0 1 1 0 8 0 amappl8 128 553 0 521 2 0 2 2 0 8 0 amappl7 120 353 0 339 1 0 1 1 0 8 0 amappl6 112 159 0 146 1 0 1 1 0 8 0 amappl5 104 419 0 407 1 0 1 1 0 8 0 amappl4 96 497 0 474 2 1 1 2 0 8 0 amappl3 88 272 0 267 1 0 1 1 0 8 0 amappl2 80 9615 0 9562 2 0 2 2 0 8 0 amappl1 72 39114 0 38670 23 14 9 18 0 8 0 amappl 72 3664 0 3628 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 94 0 10 2 0 2 2 0 8 0 uaddrrnd 24 1269 0 1253 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1269 0 1253 1 0 1 1 0 8 0 vmmpekpl 168 13682 0 13659 2 0 2 2 0 8 0 vmmpepl 168 149210 0 147877 109 39 70 73 0 357 11 vmsppl 360 1268 0 1253 2 0 2 2 0 8 0 pdppl 4096 2545 0 2506 6 0 6 6 0 8 1 pvpl 32 404420 0 396545 154 69 85 108 0 265 11 pmappl 224 1268 0 1253 5 4 1 2 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 492 0 2 14 0 14 14 0 8 0