panic: vmmaplk: lock not shared Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *498813 67412 32767 0x10 0x4000000 0K syz-executor1 480227 49905 32767 0x10 0 1 syz-executor0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 _rw_exit_read(ffff800020b93788,2d0,ffff800020ca35f8) at _rw_exit_read+0x12b sys/kern/kern_rwlock.c:355 uvm_fault(fa09d9fcaba81c41,ffff800020b93788,0,ffffffff81433cc0) at uvm_fault+0x23bb uvmfault_unlockall sys/uvm/uvm_fault.c:1388 [inline] uvm_fault(fa09d9fcaba81c41,ffff800020b93788,0,ffffffff81433cc0) at uvm_fault+0x23bb sys/uvm/uvm_fault.c:1266 pageflttrap() at pageflttrap+0x216 sys/arch/amd64/amd64/trap.c:200 kerntrap(ef65aad527265a36) at kerntrap+0xeb sys/arch/amd64/amd64/trap.c:294 alltraps_kern(6,70,ffff800020b93788,0,7,70) at alltraps_kern+0x7b copyin(18957602928883d7,ffff800020ca3ab0,7,ffff800020ca3ac8,ffff800020b93788,10c0) at copyin+0x4b sys_pwritev(92ca72b40deacc24,10,ffff800020b93788) at sys_pwritev+0x6b sys/kern/vfs_syscalls.c:3152 syscall(4f31dc3968ef37ab) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(4f31dc3968ef37ab) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffb8,0,4,f577e96b0d8) at Xsyscall+0x128 end of kernel end trace frame: 0xf5a62211880, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic vmmaplk: lock not shared ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 _rw_exit_read(ffff800020b93788,2d0,ffff800020ca35f8) at _rw_exit_read+0x12b sys/kern/kern_rwlock.c:355 uvm_fault(fa09d9fcaba81c41,ffff800020b93788,0,ffffffff81433cc0) at uvm_fault+0x23bb uvmfault_unlockall sys/uvm/uvm_fault.c:1388 [inline] uvm_fault(fa09d9fcaba81c41,ffff800020b93788,0,ffffffff81433cc0) at uvm_fault+0x23bb sys/uvm/uvm_fault.c:1266 pageflttrap() at pageflttrap+0x216 sys/arch/amd64/amd64/trap.c:200 kerntrap(ef65aad527265a36) at kerntrap+0xeb sys/arch/amd64/amd64/trap.c:294 alltraps_kern(6,70,ffff800020b93788,0,7,70) at alltraps_kern+0x7b copyin(18957602928883d7,ffff800020ca3ab0,7,ffff800020ca3ac8,ffff800020b93788,10c0) at copyin+0x4b sys_pwritev(92ca72b40deacc24,10,ffff800020b93788) at sys_pwritev+0x6b sys/kern/vfs_syscalls.c:3152 syscall(4f31dc3968ef37ab) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(4f31dc3968ef37ab) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffb8,0,4,f577e96b0d8) at Xsyscall+0x128 end of kernel end trace frame: 0xf5a62211880, count: -11 ddb{0}> show registers rdi 0xffffffff818accc7 db_enter+0x17 rsi 0x12b8 __ALIGN_SIZE+0x2b8 rbp 0xffff800020ca3460 rbx 0xffff800020ca3500 rdx 0x12b9 __ALIGN_SIZE+0x2b9 rcx 0xffff80000454c000 rax 0xffff80000454c000 r8 0xffffffff8185e574 kprintf+0x174 r9 0x1 r10 0x3610894281edecd7 r11 0xcb329f244af8713c r12 0x3000000008 r13 0xffff800020ca3470 r14 0x100 r15 0x1 rip 0xffffffff818accc8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020ca3450 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor1) pid=498813 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020b92e28,0xffff800020b939f0 process=0xffff800020bca9f0 user=0xffff800020c9e000, vmspace=0xfffffd807f00c9d8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 67412 494488 3500 32767 2 0x10 syz-executor1 67412 39415 3500 32767 2 0x4000010 syz-executor1 *67412 498813 3500 32767 7 0x4000010 syz-executor1 67412 224559 3500 32767 2 0x4000010 syz-executor1 49905 480227 88007 32767 7 0x10 syz-executor0 49905 399755 88007 32767 2 0x4000010 syz-executor0 3500 234495 25826 32767 2 0x10 syz-executor1 25826 222900 4130 0 3 0x82 wait syz-executor1 88007 23596 25844 32767 3 0x90 nanosleep syz-executor0 25844 22766 4130 0 3 0x82 wait syz-executor0 56607 218059 0 0 3 0x14200 bored sosplice 4130 520974 94540 0 3 0x82 thrsleep syz-fuzzer 4130 488773 94540 0 3 0x4000082 thrsleep syz-fuzzer 4130 486955 94540 0 3 0x4000082 thrsleep syz-fuzzer 4130 18184 94540 0 3 0x4000082 thrsleep syz-fuzzer 4130 171240 94540 0 3 0x4000082 kqread syz-fuzzer 4130 519649 94540 0 3 0x4000082 thrsleep syz-fuzzer 4130 262674 94540 0 3 0x4000082 thrsleep syz-fuzzer 4130 322922 94540 0 3 0x4000082 thrsleep syz-fuzzer 4130 381634 94540 0 3 0x4000082 thrsleep syz-fuzzer 4130 376066 94540 0 3 0x4000082 thrsleep syz-fuzzer 94540 153572 50098 0 3 0x10008a pause ksh 50098 331345 70604 0 3 0x92 select sshd 66592 147053 1 0 3 0x100083 ttyin getty 70604 72519 1 0 3 0x80 select sshd 77213 126943 72789 73 3 0x100090 kqread syslogd 72789 262763 1 0 3 0x100082 netio syslogd 36146 456136 1 77 3 0x100090 poll dhclient 58500 194731 1 0 3 0x80 poll dhclient 56754 171722 0 0 2 0x14200 zerothread 51034 134649 0 0 3 0x14200 aiodoned aiodoned 43730 182345 0 0 3 0x14200 syncer update 53558 17491 0 0 3 0x14200 cleaner cleaner 64569 209893 0 0 3 0x14200 reaper reaper 96983 200413 0 0 3 0x14200 pgdaemon pagedaemon 153 477637 0 0 3 0x14200 bored crynlk 83131 172046 0 0 3 0x14200 bored crypto 49764 149815 0 0 3 0x40014200 acpi0 acpi0 61454 305031 0 0 3 0x40014200 idle1 51645 83765 0 0 3 0x14200 bored softnet 69356 285661 0 0 3 0x14200 bored systqmp 10343 142414 0 0 3 0x14200 bored systq 77800 250963 0 0 3 0x40014200 bored softclock 92110 514812 0 0 3 0x40014200 idle0 1 283423 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 67412 (syz-executor1) thread 0xffff800020b93788 (498813) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822da9d0) locked @ /syzkaller/managers/setuid/kernel/sys/kern/sched_bsd.c:429 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9461 6321K 6321K 78643K 12013 0 0 pcb 23 9K 11K 78643K 5814 0 0 rtable 97 3K 3K 78643K 9553 0 0 ifaddr 36 18K 21K 78643K 1813 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 345 0 0 iov 0 0K 32K 78643K 883 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1201 75K 75K 78643K 9931 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 160 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 1K 78643K 1017 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 8 25K 33K 78643K 12339 0 0 sigio 0 0K 0K 78643K 159 0 0 proc 41 38K 70K 78643K 7708 0 0 subproc 68 69634K 69634K 78643K 10030 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1819 0 0 in_multi 33 2K 2K 78643K 3665 0 0 ether_multi 1 0K 0K 78643K 88 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 66 291K 291K 78643K 66 0 0 exec 0 0K 1K 78643K 2341 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 94 21K 41K 78643K 38854 0 0 UVM aobj 130 6K 6K 78643K 173 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 248 0 0 NDP 5 0K 0K 78643K 888 0 0 temp 122 2364K 2434K 78643K 48783 0 0 kqueue 0 0K 0K 78643K 167 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 297 0 293 1 0 1 1 0 8 0 inpcbpl 280 5201 0 5194 1 0 1 1 0 8 0 plimitpl 152 694 0 685 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 2678 0 2638 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 6 0 6 1 1 0 1 0 8 0 tcpcb 544 2016 0 2012 1 0 1 1 0 8 0 nd6 48 590 0 586 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 12420 0 12229 15 3 12 13 0 8 0 art_table 32 12421 0 12229 2 0 2 2 0 8 0 art_node 16 2677 0 2643 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 16 1 0 1 1 0 8 0 semapl 112 1015 0 1005 1 0 1 1 0 8 0 shmpl 112 171 0 43 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 17397 0 15778 53 0 53 53 0 8 0 ffsino 272 17397 0 15778 109 0 109 109 0 8 0 nchpl 144 33808 0 32230 59 0 59 59 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 127531 0 127531 4 3 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 87877 0 87877 59 55 4 6 0 8 4 sigapl 432 11627 0 11611 5 3 2 3 0 8 0 futexpl 56 117274 0 117274 2 1 1 1 0 8 1 knotepl 112 8081 0 8053 27 26 1 2 0 8 0 kqueuepl 104 3439 0 3436 1 0 1 1 0 8 0 pipepl 112 10230 0 10211 22 21 1 2 0 8 0 fdescpl 488 11628 0 11611 3 0 3 3 0 8 0 filepl 152 79573 0 79473 23 18 5 7 0 8 1 lockfpl 96 2981 0 2981 24 23 1 1 0 8 1 lockfspl 24 6843 0 6843 21 20 1 1 0 8 1 sessionpl 112 310 0 300 1 0 1 1 0 8 0 pgrppl 48 428 0 418 1 0 1 1 0 8 0 ucredpl 96 29218 0 29209 1 0 1 1 0 8 0 zombiepl 144 11611 0 11611 2 1 1 1 0 8 1 processpl 840 11643 0 11611 4 0 4 4 0 8 0 procpl 600 32782 0 32737 7 3 4 5 0 8 0 srpgc 64 1730 0 1730 44 43 1 1 0 8 1 sosppl 128 252 0 252 47 46 1 1 0 8 1 sockpl 384 11335 0 11318 13 10 3 4 0 8 1 mcl64k 65536 22 0 0 3 1 2 3 0 8 0 mcl16k 16384 15 0 0 2 0 2 2 0 8 0 mcl12k 12288 33 0 0 2 0 2 2 0 8 0 mcl9k 9216 47 0 0 3 1 2 2 0 8 0 mcl8k 8192 34 0 0 5 3 2 3 0 8 0 mcl4k 4096 25 0 0 4 1 3 3 0 8 0 mcl2k2 2112 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 144 0 0 14 3 11 14 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 703 0 0 10 0 10 10 0 8 0 bufpl 256 21912 0 14943 436 0 436 436 0 8 0 anonpl 16 1268280 0 1262096 293 254 39 41 0 125 0 amapchunkpl 152 96839 0 96748 539 534 5 96 0 158 1 amappl16 192 64935 0 64621 404 386 18 28 0 8 0 amappl15 184 2582 0 2579 1 0 1 1 0 8 0 amappl14 176 2111 0 2107 2 1 1 1 0 8 0 amappl13 168 1500 0 1497 1 0 1 1 0 8 0 amappl12 160 1160 0 1151 1 0 1 1 0 8 0 amappl11 152 2488 0 2479 1 0 1 1 0 8 0 amappl10 144 1682 0 1675 1 0 1 1 0 8 0 amappl9 136 1483 0 1481 1 0 1 1 0 8 0 amappl8 128 3462 0 3404 3 0 3 3 0 8 0 amappl7 120 1524 0 1514 1 0 1 1 0 8 0 amappl6 112 1677 0 1661 1 0 1 1 0 8 0 amappl5 104 2437 0 2423 1 0 1 1 0 8 0 amappl4 96 2135 0 2102 2 1 1 2 0 8 0 amappl3 88 1414 0 1409 1 0 1 1 0 8 0 amappl2 80 100561 0 100488 2 0 2 2 0 8 0 amappl1 72 298851 0 298389 24 14 10 19 0 8 0 amappl 72 35214 0 35176 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 172 0 43 3 0 3 3 0 8 0 uaddrrnd 24 11628 0 11611 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 11628 0 11611 1 0 1 1 0 8 0 vmmpekpl 168 99711 0 99686 2 0 2 2 0 8 0 vmmpepl 168 1334545 0 1333033 345 275 70 85 0 357 3 vmsppl 360 11627 0 11611 2 0 2 2 0 8 0 pdppl 4096 23263 0 23222 7 1 6 6 0 8 0 pvpl 32 3432886 0 3423408 635 541 94 116 0 265 0 pmappl 224 11627 0 11611 50 49 1 2 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 616 0 17 19 1 18 18 0 8 0