_;;C Eh̍RFw &R1frulI̳panic: vmmaplk: lock not shared Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *209429 63254 0 0x1000 0x4080000 1K syz-executor1 248109 95015 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 _rw_exit_read(ffff800020bbb9e0,310,ffff800020c87448) at _rw_exit_read+0x12b sys/kern/kern_rwlock.c:355 uvm_fault(6796753b0d6fb901,ffff800020bbb9e0,0,ffffffff81a74530) at uvm_fault+0x23bb uvmfault_unlockall sys/uvm/uvm_fault.c:1388 [inline] uvm_fault(6796753b0d6fb901,ffff800020bbb9e0,0,ffffffff81a74530) at uvm_fault+0x23bb sys/uvm/uvm_fault.c:1266 pageflttrap() at pageflttrap+0x216 sys/arch/amd64/amd64/trap.c:200 kerntrap(15b37661b9e06d92) at kerntrap+0xeb sys/arch/amd64/amd64/trap.c:294 alltraps_kern(6,4,2,0,fffffd806753edc8,ffff800020bbb9e0) at alltraps_kern+0x7b copyin(b6b25fa0af9d18ff,0,ffff800020bbb9e0,becad9fd0b8,0,760) at copyin+0x56 syscall(8941e623e14c4dbc) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(8941e623e14c4dbc) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffff43,0,5,bea7cf980d8) at Xsyscall+0x128 end of kernel end trace frame: 0xbecad9fd140, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic vmmaplk: lock not shared ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x16c sys/kern/subr_prf.c:208 _rw_exit_read(ffff800020bbb9e0,310,ffff800020c87448) at _rw_exit_read+0x12b sys/kern/kern_rwlock.c:355 uvm_fault(6796753b0d6fb901,ffff800020bbb9e0,0,ffffffff81a74530) at uvm_fault+0x23bb uvmfault_unlockall sys/uvm/uvm_fault.c:1388 [inline] uvm_fault(6796753b0d6fb901,ffff800020bbb9e0,0,ffffffff81a74530) at uvm_fault+0x23bb sys/uvm/uvm_fault.c:1266 pageflttrap() at pageflttrap+0x216 sys/arch/amd64/amd64/trap.c:200 kerntrap(15b37661b9e06d92) at kerntrap+0xeb sys/arch/amd64/amd64/trap.c:294 alltraps_kern(6,4,2,0,fffffd806753edc8,ffff800020bbb9e0) at alltraps_kern+0x7b copyin(b6b25fa0af9d18ff,0,ffff800020bbb9e0,becad9fd0b8,0,760) at copyin+0x56 syscall(8941e623e14c4dbc) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(8941e623e14c4dbc) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffff43,0,5,bea7cf980d8) at Xsyscall+0x128 end of kernel end trace frame: 0xbecad9fd140, count: -10 ddb{1}> show registers rdi 0xffffffff819a23b7 db_enter+0x17 rsi 0x126b __ALIGN_SIZE+0x26b rbp 0xffff800020c872b0 rbx 0xffff800020c87350 rdx 0x126c __ALIGN_SIZE+0x26c rcx 0xffff800002d49000 rax 0xffff800002d49000 r8 0xffffffff81ae3134 kprintf+0x174 r9 0x1 r10 0x1da4595b19ac524e r11 0xc644f8f91135fb03 r12 0x3000000008 r13 0xffff800020c872c0 r14 0x100 r15 0x1 rip 0xffffffff819a23b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c872a0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=209429 stat=onproc flags process=1000 proc=4080000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020bbabd0,0xffffffff822f33f0 process=0xffff800020b94010 user=0xffff800020c82000, vmspace=0xfffffd807f00d000 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 63254 465850 61511 0 3 0x3000 suspend syz-executor1 *63254 209429 61511 0 7 0x4081000 syz-executor1 92382 252440 1 0 3 0x100083 ttyin getty 40182 447309 0 0 3 0x14200 bored sosplice 61511 272456 43601 0 3 0x82 nanosleep syz-executor1 54617 417174 43601 0 3 0x2 biowait syz-executor0 43601 95830 86123 0 3 0x82 thrsleep syz-fuzzer 43601 71134 86123 0 3 0x4000082 nanosleep syz-fuzzer 43601 72898 86123 0 3 0x4000082 thrsleep syz-fuzzer 43601 53299 86123 0 3 0x4000082 thrsleep syz-fuzzer 43601 266167 86123 0 3 0x4000082 thrsleep syz-fuzzer 43601 142297 86123 0 3 0x4000082 thrsleep syz-fuzzer 43601 191608 86123 0 3 0x4000082 thrsleep syz-fuzzer 43601 389839 86123 0 3 0x4000082 kqread syz-fuzzer 43601 434094 86123 0 3 0x4000082 thrsleep syz-fuzzer 43601 177882 86123 0 3 0x4000082 thrsleep syz-fuzzer 86123 379069 97794 0 3 0x10008a pause ksh 97794 83500 38471 0 3 0x92 select sshd 38471 128693 1 0 3 0x80 select sshd 40729 295764 8979 73 3 0x100090 kqread syslogd 8979 250656 1 0 3 0x100082 netio syslogd 44957 487523 1 77 3 0x100090 poll dhclient 30119 330192 1 0 3 0x80 poll dhclient 63777 477658 0 0 3 0x14200 pgzero zerothread 24037 78769 0 0 3 0x14200 aiodoned aiodoned 582 472036 0 0 3 0x14200 syncer update 29335 15115 0 0 3 0x14200 cleaner cleaner 95015 248109 0 0 7 0x14200 reaper 87378 293963 0 0 3 0x14200 pgdaemon pagedaemon 16660 193605 0 0 3 0x14200 bored crynlk 31828 216783 0 0 3 0x14200 bored crypto 47638 166887 0 0 3 0x40014200 acpi0 acpi0 20144 234653 0 0 3 0x40014200 idle1 69335 198113 0 0 3 0x14200 bored softnet 82950 181078 0 0 3 0x14200 bored systqmp 24070 435953 0 0 3 0x14200 bored systq 82705 170309 0 0 3 0x40014200 bored softclock 42913 348789 0 0 3 0x40014200 idle0 1 235217 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 63254 (syz-executor1) thread 0xffff800020bbb9e0 (209429) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822f1758) locked @ /syzkaller/managers/multicore/kernel/sys/kern/sched_bsd.c:436 Process 54617 (syz-executor0) thread 0xffff800020b75070 (417174) exclusive rrwlock inode r = 0 (0xfffffd806e5ef3c8) locked @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 exclusive rrwlock inode r = 0 (0xfffffd806cf31a30) locked @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9562 10464K 10473K 78643K 12613 0 0 pcb 23 9K 11K 78643K 4396 0 0 rtable 100 3K 4K 78643K 1116 0 0 ifaddr 69 18K 19K 78643K 622 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 59 0 0 iov 0 0K 32K 78643K 812 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1184 74K 75K 78643K 6631 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 155 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 1K 78643K 838 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 5 13K 25K 78643K 8611 0 0 sigio 2 0K 0K 78643K 160 0 0 proc 42 38K 70K 78643K 1547 0 0 subproc 64 65538K 67586K 78643K 94 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1175 0 0 in_multi 33 2K 2K 78643K 433 0 0 ether_multi 1 0K 0K 78643K 50 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 126 556K 556K 78643K 126 0 0 exec 0 0K 1K 78643K 823 0 0 pfkey data 0 0K 4K 78643K 4 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 125 23K 31K 78643K 28116 0 0 UVM aobj 130 4K 4K 78643K 143 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 240 0 0 NDP 15 0K 0K 78643K 175 0 0 temp 191 2368K 2448K 78643K 25517 0 0 kqueue 0 0K 0K 78643K 161 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 inpcbpl 280 3795 0 3786 2 1 1 2 0 8 0 plimitpl 152 121 0 114 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 41 0 1 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 544 1378 0 1372 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 swfcl 56 3 0 0 1 0 1 1 0 8 0 ppxss 1128 103 0 103 33 33 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 185 0 0 12 0 12 12 0 8 0 art_table 32 186 0 0 2 0 2 2 0 8 0 art_node 16 40 0 6 1 0 1 1 0 8 0 sysvmsgpl 40 20 0 13 2 1 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 834 0 824 1 0 1 1 0 8 0 shmpl 112 141 0 13 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 18218 0 16682 51 1 50 50 0 8 0 ffsino 272 18218 0 16682 103 0 103 103 0 8 0 nchpl 144 30776 0 29183 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 97417 0 97417 4 3 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scsiplug 64 18 0 18 15 14 1 1 0 8 1 scxspl 192 85488 0 85487 26 25 1 6 0 8 0 sigapl 432 8786 0 8773 2 0 2 2 0 8 0 futexpl 56 110688 0 110688 3 2 1 1 0 8 1 knotepl 112 2491 0 2464 24 23 1 2 0 8 0 kqueuepl 104 2963 0 2961 1 0 1 1 0 8 0 pipepl 112 5882 0 5863 19 18 1 2 0 8 0 fdescpl 488 8787 0 8773 3 1 2 3 0 8 0 filepl 152 55714 0 55617 27 22 5 7 0 8 1 lockfpl 104 2402 0 2402 28 27 1 1 0 8 1 lockfspl 32 4367 0 4367 27 26 1 1 0 8 1 sessionpl 112 25 0 15 1 0 1 1 0 8 0 pgrppl 48 122 0 112 1 0 1 1 0 8 0 ucredpl 96 18460 0 18453 1 0 1 1 0 8 0 zombiepl 144 8774 0 8773 3 2 1 1 0 8 0 processpl 840 8802 0 8773 4 0 4 4 0 8 0 procpl 600 27089 0 27049 4 0 4 4 0 8 0 sosppl 128 179 0 179 48 48 0 1 0 8 0 sockpl 384 8001 0 7982 17 14 3 4 0 8 1 mcl64k 65536 1234 0 0 120 76 44 65 0 8 0 mcl16k 16384 13 0 0 2 0 2 2 0 8 0 mcl12k 12288 42 0 0 3 1 2 2 0 8 0 mcl9k 9216 30 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 33 0 0 5 2 3 3 0 8 0 mcl2k2 2112 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 158 0 0 12 4 8 12 0 8 0 mtagpl 80 2 0 0 1 0 1 1 0 8 0 mbufpl 256 1321 0 0 36 2 34 35 0 8 0 bufpl 256 16894 0 9925 436 0 436 436 0 8 0 anonpl 16 953716 0 946026 373 325 48 49 0 125 13 amapchunkpl 152 51731 0 51638 65 59 6 9 0 158 0 amappl16 192 53053 0 52654 430 401 29 33 0 8 8 amappl15 184 5 0 3 1 0 1 1 0 8 0 amappl14 176 4284 0 4280 2 1 1 1 0 8 0 amappl13 168 25 0 21 1 0 1 1 0 8 0 amappl12 160 4336 0 4332 1 0 1 1 0 8 0 amappl11 152 186 0 177 1 0 1 1 0 8 0 amappl10 144 71 0 68 2 1 1 1 0 8 0 amappl9 136 347 0 345 1 0 1 1 0 8 0 amappl8 128 4593 0 4538 3 1 2 2 0 8 0 amappl7 120 33 0 28 1 0 1 1 0 8 0 amappl6 112 4327 0 4318 1 0 1 1 0 8 0 amappl5 104 188 0 178 1 0 1 1 0 8 0 amappl4 96 364 0 342 2 1 1 2 0 8 0 amappl3 88 466 0 460 1 0 1 1 0 8 0 amappl2 80 87272 0 87220 2 0 2 2 0 8 0 amappl1 72 194789 0 194358 24 14 10 19 0 8 0 amappl 72 27474 0 27438 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 142 0 13 3 0 3 3 0 8 0 uaddrrnd 24 8787 0 8773 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 8787 0 8773 1 0 1 1 0 8 0 vmmpekpl 168 74753 0 74732 2 0 2 2 0 8 0 vmmpepl 168 949573 0 948168 325 254 71 77 0 357 3 vmsppl 360 8786 0 8773 2 0 2 2 0 8 0 pdppl 4096 17581 0 17546 6 1 5 6 0 8 0 pvpl 32 2462757 0 2452020 661 537 124 133 0 265 31 pmappl 224 8786 0 8773 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 746 0 90 20 0 20 20 0 8 0