syzbot

 sign-in | mailing list | source | docs
🐞 Open [144]
🐞 Fixed [274]
🐞 Invalid [739]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk (3)

Status: upstream: reported on 2023/10/24 06:13
Reported-by: syzbot+7b6b9003a6b59dff1abb@syzkaller.appspotmail.com
First crash: 394d, last: 8d00h
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk (2) 1 739d 739d 0/3 auto-obsoleted due to no activity on 2023/02/11 01:27
openbsd panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk 3 1648d 1669d 0/3 closed as dup on 2020/04/28 07:03

Sample crash report:
login: panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 133512  74110      0      0x1000  0x4080000    1  syz-executor
*339126  67731      0           0  0x4000000    0  syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307ff84) at panic+0x1e5 sys/kern/subr_prf.c:198
witness_checkorder(fffffd806c007ba0,1,0) at witness_checkorder+0x1113 sys/kern/subr_witness.c:843
rw_enter_read(fffffd806c007b90) at rw_enter_read+0xab sys/kern/kern_rwlock.c:112
uvmfault_lookup(ffff8000371ff7c8,0) at uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1819
uvm_fault_check(ffff8000371ff7c8,ffff8000371ff800,ffff8000371ff830,0) at uvm_fault_check+0x49 sys/uvm/uvm_fault.c:672
uvm_fault(fffffd806c007aa8,20000000,0,2) at uvm_fault+0xf5 sys/uvm/uvm_fault.c:600
kpageflttrap(ffff8000371ff970,20000100) at kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff8000371ff970) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x62
kern_sysctl(ffff8000371ffcf4,5,20000100,ffff8000371ffd28,0,37,4b1e373314fe9aa) at kern_sysctl+0x492 sys/kern/kern_sysctl.c:506
sys_sysctl(ffff8000371d4ce8,ffff8000371ffe60,ffff8000371ffdb0) at sys_sysctl+0x425
syscall(ffff8000371ffe60) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline]
syscall(ffff8000371ffe60) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
end trace frame: 0xffff8000371ffee0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307ff84) at panic+0x1e5 sys/kern/subr_prf.c:198
witness_checkorder(fffffd806c007ba0,1,0) at witness_checkorder+0x1113 sys/kern/subr_witness.c:843
rw_enter_read(fffffd806c007b90) at rw_enter_read+0xab sys/kern/kern_rwlock.c:112
uvmfault_lookup(ffff8000371ff7c8,0) at uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1819
uvm_fault_check(ffff8000371ff7c8,ffff8000371ff800,ffff8000371ff830,0) at uvm_fault_check+0x49 sys/uvm/uvm_fault.c:672
uvm_fault(fffffd806c007aa8,20000000,0,2) at uvm_fault+0xf5 sys/uvm/uvm_fault.c:600
kpageflttrap(ffff8000371ff970,20000100) at kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff8000371ff970) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x62
kern_sysctl(ffff8000371ffcf4,5,20000100,ffff8000371ffd28,0,37,4b1e373314fe9aa) at kern_sysctl+0x492 sys/kern/kern_sysctl.c:506
sys_sysctl(ffff8000371d4ce8,ffff8000371ffe60,ffff8000371ffdb0) at sys_sysctl+0x425
syscall(ffff8000371ffe60) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline]
syscall(ffff8000371ffe60) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4705be22e70, count: -15
ddb{0}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff8000371ff410
rbx               0xffffffff83474dbf    cpu_info_full_primary+0x2dbf
rdx               0xffff80000133f780
rcx               0xffff8000371d4ce8
rax               0xffffffff83473ff0    cpu_info_full_primary+0x1ff0
r8                 0x101010101010101
r9                0x8080808080808080
r10               0x3f4c06e3096258cc
r11               0x90a5fddf5218f3b8
r12               0xffffffff83474bc0    cpu_info_full_primary+0x2bc0
r13                                0
r14                                0
r15                              0x1
rip               0xffffffff8292af95    db_enter+0x25
cs                               0x8
rflags                         0x246
rsp               0xffff8000371ff400
ss                              0x10
db_enter+0x25:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=339126 pid=67731 tcnt=3 stat=onproc
    flags process=0 proc=4000000<THREAD>
    runpri=84, usrpri=84, slppri=32, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff8000371d4040,0xffff8000371d4f80
    process=0xffff80003729db38 user=0xffff8000371fa000, vmspace=0xfffffd806c007aa8
    estcpu=34, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 74110   97116  95498      0  3      0x3000  suspend       syz-executor
 74110  133512  95498      0  7   0x4081000                syz-executor
  1058  254583  15350      0  2           0                syz-executor
  1058  116860  15350      0  3   0x4000080  fsleep        syz-executor
  1058  232525  15350      0  3   0x4000080  fsleep        syz-executor
 35761  315703  40250      0  2           0                syz-executor
 35761  123805  40250      0  3   0x4000080  fsleep        syz-executor
 35761   22994  40250      0  3   0x4000080  fsleep        syz-executor
 67731  271604  46091      0  2           0                syz-executor
*67731  339126  46091      0  7   0x4000000                syz-executor
 67731  435388  46091      0  2   0x4000000                syz-executor
 85809  179023  13207      0  2           0                syz-executor
 85809  313459  13207      0  2   0x4000000                syz-executor
 85809  517020  13207      0  3   0x4000080  fsleep        syz-executor
 50797  288611  36255      0  2    0x400000                syz-executor
 50797  346392  36255      0  3   0x4400080  ttyout        syz-executor
 50797  199148  36255      0  3   0x4400080  fsleep        syz-executor
 50797  211936  36255      0  2   0x4400000                syz-executor
 67907   42007  64639      0  2           0                syz-executor
 67907  411573  64639      0  3   0x4000080  fsleep        syz-executor
 67907  257792  64639      0  3   0x4000080  fsleep        syz-executor
 11346  270432   5985      0  2        0x10                syz-executor
 11346  311369   5985      0  3   0x4000090  sbwait        syz-executor
 11346  117186   5985      0  2   0x4000010                syz-executor
 11346  185164   5985      0  2   0x4000010                syz-executor
 31174  484636      1      0  3    0x100083  ttyin         getty
 64639  509567   5030      0  3        0x82  nanoslp       syz-executor
 45280  336244      0      0  3     0x14280  nfsidl        nfsio
 84971  153512      0      0  3     0x14280  nfsidl        nfsio
 21065   54805      0      0  3     0x14280  nfsidl        nfsio
 36291  157711      0      0  3     0x14280  nfsidl        nfsio
  7396  494737      0      0  3     0x14280  nfsidl        nfsio
 12487  362108      0      0  3     0x14280  nfsidl        nfsio
 82134  212427      0      0  3     0x14280  nfsidl        nfsio
 61736  124072      0      0  3     0x14280  nfsidl        nfsio
 51570  107023      0      0  3     0x14280  nfsidl        nfsio
 39615  255218      0      0  3     0x14280  nfsidl        nfsio
  9870  317548      0      0  3     0x14280  nfsidl        nfsio
 36463  254119      0      0  3     0x14280  nfsidl        nfsio
 58949  375771      0      0  3     0x14280  nfsidl        nfsio
 21088  283450      0      0  3     0x14280  nfsidl        nfsio
 88305  297201      0      0  3     0x14280  nfsidl        nfsio
 24085   26618      0      0  3     0x14280  nfsidl        nfsio
 15061    1494      0      0  3     0x14280  nfsidl        nfsio
 20732  246230      0      0  3     0x14280  nfsidl        nfsio
 30629  285149      0      0  3     0x14280  nfsidl        nfsio
 36490  371465      0      0  3     0x14280  nfsidl        nfsio
 46091  265755   5030      0  2         0x3                syz-executor
 96473  387016      0      0  3     0x14200  bored         sosplice
 95498  278378   5030      0  3        0x82  nanoslp       syz-executor
 13207  489892   5030      0  3        0x82  nanoslp       syz-executor
  5985  280390   5030      0  2         0x3                syz-executor
 15350  200938   5030      0  2         0x3                syz-executor
 36255  224861   5030      0  2         0x3                syz-executor
 40250  348881   5030      0  3        0x82  nanoslp       syz-executor
  5030  467632  79394      0  3        0x82  kqread        syz-executor
 79394  360516  78777      0  3    0x10008a  sigsusp       ksh
 78777  163019  22169      0  3        0x98  kqread        sshd-session
 22169  414465  68379      0  3        0x92  kqread        sshd-session
 68379    6161      1      0  3        0x88  kqread        sshd
 65149  369832  84411     74  3   0x1100092  bpf           pflogd
 84411   43079      1      0  3        0x80  sbwait        pflogd
 63321  182195  98711     73  3   0x1100090  kqread        syslogd
 98711  448868      1      0  3    0x100082  sbwait        syslogd
 74130  487114      1      0  3    0x100080  kqread        resolvd
 40019   77345  54554     77  3    0x100092  kqread        dhcpleased
 14850  393511  54554     77  3    0x100092  kqread        dhcpleased
 54554  113835      1      0  3        0x80  kqread        dhcpleased
 74323   28585      0      0  3     0x14200  bored         smr
 13251  318369      0      0  3     0x14200  pgzero        zerothread
 90183  362835      0      0  3     0x14200  aiodoned      aiodoned
 49880   73674      0      0  3     0x14200  syncer        update
 14390  354503      0      0  3     0x14200  cleaner       cleaner
 30827  437424      0      0  3     0x14200  reaper        reaper
 96432  421298      0      0  3     0x14200  pgdaemon      pagedaemon
 34847   73872      0      0  3     0x14200  bored         viomb
  7533   53069      0      0  3  0x40014200  acpi0         acpi0
 75034  287265      0      0  3  0x40014200                idle1
 75893   39042      0      0  3     0x14200  bored         softnet3
 78911  504388      0      0  3     0x14200  bored         softnet2
   973  395972      0      0  3     0x14200  bored         softnet1
 89318   50973      0      0  3     0x14200  bored         softnet0
 10044  375827      0      0  3     0x14200  bored         systqmp
 20216  312977      0      0  3     0x14200  bored         systq
 29055  176790      0      0  3     0x14200  tmoslp        softclockmp
 10204   68794      0      0  3  0x40014200  tmoslp        softclock
 59450   48384      0      0  3  0x40014200                idle0
     1   67388      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff83560d78)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1  mtx_enter_try+0x178
#2  mtx_enter+0x60 sys/kern/kern_lock.c:239
#3  sysctl_file+0x9fd
#4  kern_sysctl+0x492 sys/kern/kern_sysctl.c:506
#5  sys_sysctl+0x425
#6  syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline]
#6  syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#7  Xsyscall+0x128
Process 67731 (syz-executor) thread 0xffff8000371d4ce8 (339126)
exclusive rwlock netlock r = 0 (0xffffffff8342b7a0)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1  sysctl_file+0x9e8 sys/kern/kern_sysctl.c:1681
#2  kern_sysctl+0x492 sys/kern/kern_sysctl.c:506
#3  sys_sysctl+0x425
#4  syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline]
#4  syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#5  Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83561540)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1  __mp_acquire_count+0x58
#2  mi_switch+0x4b7 sys/kern/sched_bsd.c:441
#3  yield+0x6a sys/kern/sched_bsd.c:320
#4  malloc+0xe5 sys/kern/kern_malloc.c:170
#5  sysctl_file+0x1c7 sys/kern/kern_sysctl.c:1655
#6  kern_sysctl+0x492 sys/kern/kern_sysctl.c:506
#7  sys_sysctl+0x425
#8  syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline]
#8  syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#9  Xsyscall+0x128
exclusive rwlock sysctllk r = 0 (0xffffffff8345f0f0)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1  rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2  sysctl_vslock+0x45 sys/kern/kern_sysctl.c:181
#3  kern_sysctl+0x1ad sys/kern/kern_sysctl.c:504
#4  sys_sysctl+0x425
#5  syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline]
#5  syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#6  Xsyscall+0x128
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff83560d78)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1  mtx_enter_try+0x178
#2  mtx_enter+0x60 sys/kern/kern_lock.c:239
#3  sysctl_file+0x9fd
#4  kern_sysctl+0x492 sys/kern/kern_sysctl.c:506
#5  sys_sysctl+0x425
#6  syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline]
#6  syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#7  Xsyscall+0x128
Process 67731 (syz-executor) thread 0xffff8000ffffdbe8 (435388)
exclusive rwlock futex r = 0 (0xffffffff8347a2b0)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1  rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2  sys_futex+0x69 sys/kern/sys_futex.c:98
#3  syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline]
#3  syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#4  Xsyscall+0x128
Process 11346 (syz-executor) thread 0xffff8000371d5c18 (311369)
exclusive rwlock sbufrcv r = 0 (0xffff8000013bb0a0)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1  rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2  sblock+0xb7 sys/kern/uipc_socket2.c:549
#3  soreceive+0x295 sys/kern/uipc_socket.c:945
#4  recvit+0x40a sys/kern/uipc_syscalls.c:1079
#5  sys_recvmmsg+0x3d3 sys/kern/uipc_syscalls.c:970
#6  syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline]
#6  syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#7  Xsyscall+0x128
ddb{0}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10219  11151K   11458K 166960K     12287        0
            pcb    19     14K      14K 166960K       300        0
         rtable   183      5K       7K 166960K       495        0
             pf    33     17K      21K 166960K        91        0
         ifaddr    36      6K       7K 166960K        76        0
        ifgroup    51      2K       2K 166960K       107        0
         sysctl     4      1K       3K 166960K         5        0
       counters    62     36K      36K 166960K        98        0
       ioctlops     0      0K       4K 166960K      1541        0
            iov     1      4K      24K 166960K        56        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1421     89K      90K 166960K      2231        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K       9K 166960K        19        0
         VM map     2      1K       1K 166960K         2        0
            sem    29      3K       3K 166960K        69        0
        dirhash    12      2K       2K 166960K        21        0
           ACPI  1690    195K     286K 166960K     12468        0
      file desc    18     65K      89K 166960K       987        0
          sigio     0      0K       0K 166960K        52        0
           proc    72     91K     140K 166960K       674        0
        subproc   104      6K       6K 166960K       130        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K       234        0
       in_multi    82      6K       7K 166960K       163        0
    ether_multi     1      0K       0K 166960K         3        0
            mrt     1      0K       0K 166960K         5        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys   187    837K     837K 166960K       187        0
           exec     0      0K       1K 166960K       497        0
   fusefs mount     1     32K      32K 166960K         1        0
     pfkey data     0      0K       0K 166960K         2        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   266     73K      87K 166960K     11089        0
       UVM aobj    14      2K       2K 166960K        15        0
     pinsyscall    43     86K     104K 166960K      2126        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       0K 166960K        57        0
            NDP    11      0K       2K 166960K        54        0
           temp    73   6828K    6917K 166960K     27840        0
         kqueue    14     22K      29K 166960K       165        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{0}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       24    0        0     1     0     1     1     0     8    0
rtpcb      120       86    0       83     1     0     1     1     0     8    0
rtentry    112      160    0       77     4     0     4     4     0     8    0
unpcb      144      757    0      733    11     7     4     6     0     8    3
syncache   336        5    0        5     1     1     0     1     0     8    0
tcpcb      808      399    0      393    11     7     4     5     0     8    3
arp        120       28    0       14     1     0     1     1     0     8    0
inpcb      336     1415    0     1400    22    13     9    10     0     8    7
nd6        136       38    0       15     1     0     1     1     0     8    0
pkpcb       40        7    0        7     3     2     1     1     0     8    1
kcovpl      48       10    0        2     1     0     1     1     0     8    0
ppxss      1168       9    0        9     3     3     0     1     0     8    0
pfstscr     40        1    0        0     1     0     1     1     0     8    0
pffrag     232        7    0        2     1     0     1     1     0   482    0
pffrnode    88        7    0        2     1     0     1     1     0     8    0
pffrent     40       10    0        5     1     0     1     1     0     8    0
pfosfp      40     1428    0     1005     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfanchor   1288       2    0        0     1     0     1     1     0     8    0
pfstitem    24       91    0       35     1     0     1     1     0     8    0
pfstkey    128       91    0       35     3     0     3     3     0     8    0
pfstate    376       90    0       35     7     0     7     7     0     8    0
pfrule     1344      24    0       17     2     0     2     2     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      703    0      310    29     3    26    29     0     8    0
art_table   32      704    0      310     4     0     4     4     0     8    0
art_node    16      158    0       83     1     0     1     1     0     8    0
sysvmsgpl   40       18    0       11     1     0     1     1     0     8    0
semapl     112       65    0       38     1     0     1     1     0     8    0
shmpl      112       12    0        1     1     0     1     1     0     8    0
dirhash    1024      23    0        6     3     0     3     3     0     8    0
dino2pl    256     3235    0     1729    95     0    95    95     0     8    0
ffsino     272     3235    0     1729   102     0   102   102     0     8    0
nchpl      144     4621    0     2928    64     0    64    64     0     8    0
uvmvnodes   80     3766    0        0    77     0    77    77     0     8    0
vnodes     216     3766    0        0   210     0   210   210     0     8    0
namei      1024   16302    0    16302     2     1     1     2     0     8    1
percpumem   16       63    0       18     1     0     1     1     0     8    0
kstatmem   264       58    0       36     2     0     2     2     0     8    0
scsiplug    72        6    0        6     3     3     0     1     0     8    0
scxspl     216    15010    0    15010     8     7     1     5     1     8    1
plimitpl   152      203    0      184     1     0     1     1     0     8    0
sigapl     424     1309    0     1238    10     1     9     9     0     8    0
futexpl     64    13273    0    13264     1     0     1     1     0     8    0
knotepl    120      556    0        0    17     0    17    17     0     8    0
kqueuepl   216      343    0      331     5     4     1     5     0     8    0
pipepl     320      252    0      223     6     0     6     6     0     8    3
fdescpl    496     1267    0     1235     5     0     5     5     0     8    0
filepl     152     8814    0     8540    23     6    17    17     0     8    4
lockfpl    104      276    0      274     1     0     1     1     0     8    0
lockfspl    48      113    0      111     1     0     1     1     0     8    0
sessionpl  144       28    0       19     1     0     1     1     0     8    0
pgrppl      48      125    0      107     1     0     1     1     0     8    0
ucredpl    104     1716    0     1702     1     0     1     1     0     8    0
zombiepl   144     1493    0     1492     1     0     1     1     0     8    0
processpl  1160    1309    0     1238     7     1     6     6     0     8    0
procpl     648     2812    0     2724     9     1     8     8     0     8    0
srpgc       96        6    0        6     2     2     0     1     0     8    0
sosppl     168        7    0        7     2     2     0     1     0     8    0
sockpl     664     2276    0     2234    27    16    11    14     0     8    7
mcl64k     65536      3    0        0     1     0     1     1     0     8    0
mcl12k     12288      1    0        0     1     0     1     1     0     8    0
mcl9k      9216       2    0        0     1     0     1     1     0     8    0
mcl8k      8192       2    0        0     1     0     1     1     0     8    0
mcl4k      4096     138    0        0    18     0    18    18     0     8    0
mcl2k      2048      36    0        0     5     0     5     5     0     8    0
mtagpl      96       18    0        0     1     0     1     1     0     8    0
mbufpl     256     1196    0        0    75     0    75    75     0     8    0
bufpl      280     4822    0      103   338     0   338   338     0     8    0
anonpl      24   244512    0   240531   108    34    74    74     0   185   27
amapchunkpl 152   35812    0    35209    34     5    29    29     0   158    3
amappl16   200     6657    0     6623    58    43    15    27     0     8    7
amappl15   192        9    0        8     1     0     1     1     0     8    0
amappl14   184      122    0      110     1     0     1     1     0     8    0
amappl13   176       11    0       11     1     1     0     1     0     8    0
amappl12   168     1941    0     1909     4     1     3     3     0     8    0
amappl11   160       55    0       41     1     0     1     1     0     8    0
amappl10   152       10    0       10     2     2     0     1     0     8    0
amappl9    144      156    0      156     1     1     0     1     0     8    0
amappl8    136      152    0      149     1     0     1     1     0     8    0
amappl7    128      114    0      101     1     0     1     1     0     8    0
amappl6    120      184    0      182     1     0     1     1     0     8    0
amappl5    112      158    0      146     1     0     1     1     0     8    0
amappl4    104      327    0      309     1     0     1     1     0     8    0
amappl3     96     6685    0     6571     3     0     3     3     0     8    0
amappl2     88     1560    0     1472     3     0     3     3     0     8    0
amappl1     80    10685    0    10116    14     0    14    14     0     8    1
amappl      88    10614    0    10410     5     0     5     5     0    92    0
dma8192    8192       2    0        2     1     0     1     1     0     8    1
dma4096    4096       2    0        2     2     2     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      254    0      254     2     2     0     1     0     8    0
dma64       64        7    0        7     2     2     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      72       14    0        1     1     0     1     1     0     8    0
uaddrrnd    24     1267    0     1235     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     1267    0     1235     1     0     1     1     0     8    0
vmmpekpl   168    11653    0    11605     4     0     4     4     0     8    0
vmmpepl    168    85442    0    83479   123    16   107   107     0   357   11
vmsppl     448     1266    0     1235     6     2     4     5     0     8    0
rwobjpl     56    30782    0    26018    73     0    73    73     0     8    0
pdppl      4096    2541    0     2470   107    36    71    83     0     8    0
pvpl        32    20734    0        0   167     0   167   167     0   265    0
pmappl     248     1266    0     1235     3     0     3     3     0     8    0
extentpl    40       55    0       38     1     0     1     1     0     8    0
phpool     112      487    0       69    12     0    12    12     0     8    0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8307ff84) at panic+0x1e5 sys/kern/subr_prf.c:198
witness_checkorder(fffffd806c007ba0,1,0) at witness_checkorder+0x1113 sys/kern/subr_witness.c:843
rw_enter_read(fffffd806c007b90) at rw_enter_read+0xab sys/kern/kern_rwlock.c:112
uvmfault_lookup(ffff8000371ff7c8,0) at uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1819
uvm_fault_check(ffff8000371ff7c8,ffff8000371ff800,ffff8000371ff830,0) at uvm_fault_check+0x49 sys/uvm/uvm_fault.c:672
uvm_fault(fffffd806c007aa8,20000000,0,2) at uvm_fault+0xf5 sys/uvm/uvm_fault.c:600
kpageflttrap(ffff8000371ff970,20000100) at kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff8000371ff970) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x62
kern_sysctl(ffff8000371ffcf4,5,20000100,ffff8000371ffd28,0,37,4b1e373314fe9aa) at kern_sysctl+0x492 sys/kern/kern_sysctl.c:506
sys_sysctl(ffff8000371d4ce8,ffff8000371ffe60,ffff8000371ffdb0) at sys_sysctl+0x425
syscall(ffff8000371ffe60) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline]
syscall(ffff8000371ffe60) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4705be22e70, count: -15
ddb{0}> machine ddbcpu 1
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83561338) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff83561338) at __mp_lock+0x192 sys/kern/kern_lock.c:144
single_thread_check_locked(ffff8000371d4550,0) at single_thread_check_locked+0x2b5 sys/kern/kern_sig.c:2078
userret(ffff8000371d4550) at userret+0x9c sys/kern/kern_sig.c:2021
syscall(ffff80003720bd90) at syscall+0x9a7 mi_syscall_return sys/sys/syscall_mi.h:205 [inline]
syscall(ffff80003720bd90) at syscall+0x9a7 sys/arch/amd64/amd64/trap.c:598
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf8c484b8700, count: 7
ddb{1}> trace
x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83561338) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff83561338) at __mp_lock+0x192 sys/kern/kern_lock.c:144
single_thread_check_locked(ffff8000371d4550,0) at single_thread_check_locked+0x2b5 sys/kern/kern_sig.c:2078
userret(ffff8000371d4550) at userret+0x9c sys/kern/kern_sig.c:2021
syscall(ffff80003720bd90) at syscall+0x9a7 mi_syscall_return sys/sys/syscall_mi.h:205 [inline]
syscall(ffff80003720bd90) at syscall+0x9a7 sys/arch/amd64/amd64/trap.c:598
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf8c484b8700, count: -8

Crashes (168):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/13 18:17 openbsd 81e7fdf6c2d5 4dfba277 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/11/08 06:33 openbsd 35bbbbdda845 179b040e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/24 12:52 openbsd ee657da96042 092bf4ab .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/24 07:52 openbsd ee657da96042 15fa2979 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/22 14:30 openbsd 1a81a8e6e44b 9d74f456 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/18 21:51 openbsd 52c025e2290f 0270e729 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/18 00:19 openbsd ef4af84434df 666f77ed .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/17 19:01 openbsd af87264d7edb 666f77ed .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/16 23:15 openbsd 9a67f0c9d9b9 666f77ed .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/16 11:37 openbsd 3bf609606383 bde2d81c .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/16 04:34 openbsd 26dd3e34b386 bde2d81c .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/16 02:39 openbsd 26dd3e34b386 bde2d81c .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/16 00:21 openbsd 26dd3e34b386 bde2d81c .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/15 11:42 openbsd ff46e7d6ebc3 7eb57b4a .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/15 08:45 openbsd 22b55b0b9cd9 b01b6661 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/14 01:22 openbsd 6af255d52c85 084d8178 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/13 09:21 openbsd 8a978b4c9f73 084d8178 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/13 04:45 openbsd 8a978b4c9f73 084d8178 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/13 01:16 openbsd 8a978b4c9f73 084d8178 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/12 15:45 openbsd 1ca96170b48f 084d8178 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/12 11:34 openbsd deda38367d8c 084d8178 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/12 07:47 openbsd deda38367d8c 084d8178 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/12 03:16 openbsd deda38367d8c 084d8178 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/12 00:00 openbsd deda38367d8c 084d8178 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/11 12:32 openbsd 5c7cddd652b4 5e7b4bca .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/11 10:58 openbsd 5c7cddd652b4 5e7b4bca .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/11 08:36 openbsd 5101d665ac9b cd942402 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/10 00:27 openbsd 53b677a8a339 0278d004 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/09 19:46 openbsd bcc953340d3a 56fb2cb7 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/09 15:12 openbsd bcc953340d3a 56fb2cb7 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/08 20:08 openbsd 561287022138 402f1df0 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/08 17:31 openbsd 561287022138 402f1df0 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/08 13:01 openbsd 561287022138 402f1df0 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/08 00:54 openbsd c89f4e122d5e 402f1df0 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/06 23:23 openbsd e1668dfc1242 d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/06 02:56 openbsd 502b52cbdf55 d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/05 23:19 openbsd 502b52cbdf55 d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/05 03:17 openbsd 5d74ee2ca1b8 d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/04 23:22 openbsd ecf90ed7d782 d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/04 16:09 openbsd ecf90ed7d782 d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/04 12:21 openbsd 3c9ccb50785e d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/04 07:52 openbsd 3c9ccb50785e d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/04 01:50 openbsd 3c9ccb50785e d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/03 20:51 openbsd 770bc2e5805f d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/03 11:28 openbsd 770bc2e5805f d7906eff .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/10/03 03:34 openbsd 67e4adbbdf0e a4c7fd36 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/09/30 18:34 openbsd a1c6091a665e 179f4029 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/09/26 23:27 openbsd 9119eb3a9696 9314348a .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/09/26 05:06 openbsd f8f7dc1f1132 0d19f247 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2024/09/26 00:22 openbsd f8f7dc1f1132 0d19f247 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
2023/10/24 06:13 openbsd e0c1f4798a44 af8d2e46 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
* Struck through repros no longer work on HEAD.