uvm_fault(fffffd806a841e20,200a0000,0,1) at uvm_fault+0x112 sys/uvm/uvm_fault.c:600 kpageflttrap(ffff8000371f1590,200a0000) at kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279 kerntrap(ffff8000371f1590) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b _copyin() at _copyin+0x57 syscall(ffff8000371f19e0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371f19e0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe0e065d4230, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: mutex 0xfffffd806a841f38 not held in mtx_leave ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83078e14) at panic+0x1e5 sys/kern/subr_prf.c:198 mtx_leave(fffffd806a841f38) at mtx_leave+0x17c sys/kern/kern_lock.c:335 msleep(fffffd806a841e50,fffffd806a841f38,4,ffffffff832a21d0,0) at msleep+0x125 sys/kern/kern_synch.c:249 vm_map_lock_ln(fffffd806a841e20,ffffffff830d8373,6f3) at vm_map_lock_ln+0xd4 sys/uvm/uvm_map.c:5250 uvmfault_lookup(ffff8000371f13f0,1) at uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1779 uvm_fault_check(ffff8000371f13f0,ffff8000371f1428,ffff8000371f1450) at uvm_fault_check+0x83e uvmfault_amapcopy sys/uvm/uvm_fault.c:236 [inline] uvm_fault_check(ffff8000371f13f0,ffff8000371f1428,ffff8000371f1450) at uvm_fault_check+0x83e sys/uvm/uvm_fault.c:710 uvm_fault(fffffd806a841e20,200a0000,0,1) at uvm_fault+0x112 sys/uvm/uvm_fault.c:600 kpageflttrap(ffff8000371f1590,200a0000) at kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279 kerntrap(ffff8000371f1590) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b _copyin() at _copyin+0x57 syscall(ffff8000371f19e0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371f19e0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe0e065d4230, count: -14 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000371f1010 rbx 0xffffffff834aedbf cpu_info_full_primary+0x2dbf rdx 0xffff80000127d240 rcx 0xffff800033f9c2a8 rax 0xffffffff834adff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x166768cdb3af755f r11 0xa6ba8c296644918c r12 0xffffffff834aebc0 cpu_info_full_primary+0x2bc0 r13 0 r14 0 r15 0x1 rip 0xffffffff816a99e5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000371f1000 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=74058 pid=22045 tcnt=3 stat=sleep flags process=10 proc=4000020 runpri=32, usrpri=62, slppri=4, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff76e0,0xffff800033f9d1e8 process=0xffff8000371d0db8 user=0xffff8000371ec000, vmspace=0xfffffd806a841e20 estcpu=12, cpticks=7, pctcpu=0.0, user=0, sys=7, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 61665 181999 6237 32767 2 0x10 syz-executor 22045 117439 67542 32767 2 0x10 syz-executor *22045 74058 67542 32767 3 0x4000030 syz-executor 22045 218218 67542 32767 7 0x4000010 syz-executor 24161 349574 99900 32767 2 0x10 syz-executor 24161 177371 99900 32767 3 0x4000090 fsleep syz-executor 73205 382214 77095 0 2 0x2 ndp 77095 127954 12222 0 3 0x10008a sigsusp sh 1366 273193 27407 32767 2 0x10 syz-executor 1366 169650 27407 32767 3 0x4000090 fsleep syz-executor 53622 82476 42919 32767 2 0x490 syz-executor 53622 511269 42919 32767 3 0x4000090 kqpoll syz-executor 53622 298683 42919 32767 3 0x4000090 fsleep syz-executor 6237 45549 61315 32767 3 0x90 nanoslp syz-executor 7563 101587 58489 32767 2 0x490 syz-executor 42919 422190 82022 32767 2 0x490 syz-executor 67542 118151 22784 32767 2 0x490 syz-executor 12222 310976 78207 0 3 0x80 wait syz-executor 99900 410028 58514 32767 3 0x90 nanoslp syz-executor 1274 219747 64771 32767 2 0x10 syz-executor 27407 356541 84139 32767 3 0x90 nanoslp syz-executor 61315 427421 17429 0 3 0x82 wait syz-executor 22784 284006 17429 0 3 0x82 wait syz-executor 82022 379468 17429 0 3 0x82 wait syz-executor 58489 456070 17429 0 3 0x82 wait syz-executor 64771 25599 17429 0 3 0x82 wait syz-executor 84139 125147 17429 0 3 0x82 wait syz-executor 78207 163476 17429 0 3 0x82 wait syz-executor 58514 196784 17429 0 3 0x82 wait syz-executor 17429 346174 63928 0 2 0x82 syz-executor 63928 412363 99437 0 3 0x10008a sigsusp ksh 99437 186829 45496 0 3 0x98 kqread sshd-session 45496 68826 92942 0 3 0x92 kqread sshd-session 19304 20465 1 0 3 0x100083 ttyin getty 92942 96012 1 0 3 0x88 kqread sshd 5331 200561 1638 73 3 0x1100090 kqread syslogd 1638 252005 1 0 3 0x100082 sbwait syslogd 46230 207439 1 0 3 0x100080 kqread resolvd 27083 191009 67765 77 3 0x100092 kqread dhcpleased 74964 375318 67765 77 3 0x100092 kqread dhcpleased 67765 131487 1 0 3 0x80 kqread dhcpleased 80407 393389 0 0 3 0x14200 bored smr 41529 40835 0 0 2 0x14200 zerothread 41656 241649 0 0 3 0x14200 aiodoned aiodoned 64840 147545 0 0 3 0x14200 syncer update 41345 156880 0 0 3 0x14200 cleaner cleaner 10030 279085 0 0 2 0x14200 reaper 22389 188553 0 0 3 0x14200 pgdaemon pagedaemon 65154 335371 0 0 3 0x14200 bored viomb 4226 77991 0 0 3 0x40014200 acpi0 acpi0 48792 497492 0 0 3 0x40014200 idle1 20962 514464 0 0 3 0x14200 bored softnet3 84876 329501 0 0 3 0x14200 bored softnet2 71857 397570 0 0 3 0x14200 bored softnet1 58866 235999 0 0 3 0x14200 bored softnet0 45947 271228 0 0 3 0x14200 bored systqmp 74938 221702 0 0 3 0x14200 bored systq 66710 434390 0 0 3 0x14200 tmoslp softclockmp 1177 185949 0 0 3 0x40014200 tmoslp softclock 42756 2269 0 0 3 0x40014200 idle0 1 514669 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &map->flags_lock r = 0 (0xfffffd806a841f78) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 vm_map_lock_ln+0x6b sys/uvm/uvm_map.c:5244 #4 uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1779 #5 uvm_fault_check+0x83e uvmfault_amapcopy sys/uvm/uvm_fault.c:236 [inline] #5 uvm_fault_check+0x83e sys/uvm/uvm_fault.c:710 #6 uvm_fault+0x112 sys/uvm/uvm_fault.c:600 #7 kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279 #8 kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 #9 alltraps_kern_meltdown+0x7b #10 _copyin+0x57 #11 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #11 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #12 Xsyscall+0x128 CPU 1: exclusive mutex &uvm.pageqlock r = 0 (0xffffffff83512f78) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 uvm_map_clean+0x602 sys/uvm/uvm_map.c:4528 #4 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #4 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #5 Xsyscall+0x128 Process 22045 (syz-executor) thread 0xffff800033f9ccc8 (218218) exclusive rwlock amaplk r = 0 (0xfffffd806c0aa550) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 uvm_map_clean+0x411 sys/uvm/uvm_map.c:4498 #2 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #2 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #3 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff835a2200) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 __mp_acquire_count+0x58 #2 mi_switch+0x4b7 sys/kern/sched_bsd.c:441 #3 sleep_finish+0x21e sys/kern/kern_synch.c:416 #4 rw_enter+0x348 sys/kern/kern_rwlock.c:285 #5 vm_map_lock_ln+0x142 sys/uvm/uvm_map.c:5257 #6 uvm_map_clean+0x11b sys/uvm/uvm_map.c:4450 #7 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #7 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #8 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10177 11046K 11059K 166960K 11255 0 pcb 17 12K 12K 166960K 17 0 rtable 232 6K 6K 166960K 338 0 pf 31 16K 16K 166960K 31 0 ifaddr 42 7K 7K 166960K 44 0 ifgroup 50 2K 2K 166960K 50 0 counters 64 36K 36K 166960K 64 0 ioctlops 0 0K 2K 166960K 30 0 iov 0 0K 0K 166960K 2 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1364 86K 86K 166960K 1380 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 25 93K 125K 166960K 149 0 proc 58 79K 115K 166960K 473 0 subproc 104 6K 6K 166960K 104 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 99 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 37 175K 175K 166960K 37 0 exec 0 0K 1K 166960K 333 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 257 76K 76K 166960K 2690 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 47 94K 116K 166960K 1132 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 27 2K 2K 166960K 27 0 temp 34 6810K 6874K 166960K 3591 0 kqueue 14 22K 22K 166960K 23 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 34 0 30 1 0 1 1 0 8 0 rtentry 112 110 0 1 4 0 4 4 0 8 0 unpcb 144 40 0 23 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 808 15 0 8 1 0 1 1 0 8 0 arp 120 18 0 0 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 1 0 0 1 0 1 1 0 8 0 inpcb 336 72 0 56 2 0 2 2 0 8 0 nd6 136 23 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 451 0 0 29 0 29 29 0 8 0 art_table 32 452 0 0 4 0 4 4 0 8 0 art_node 16 109 0 10 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 1 1 0 1 1 0 8 1 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1544 0 44 94 0 94 94 0 8 0 ffsino 272 1544 0 44 101 0 101 101 0 8 0 nchpl 144 1733 0 59 63 0 63 63 0 8 0 uvmvnodes 80 1657 0 0 34 0 34 34 0 8 0 vnodes 216 1657 0 0 93 0 93 93 0 8 0 namei 1024 5017 0 5017 2 0 2 2 0 8 2 percpumem 16 46 0 0 1 0 1 1 0 8 0 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 5350 0 5350 9 1 8 8 1 8 8 plimitpl 152 36 0 10 1 0 1 1 0 8 0 sigapl 424 419 0 362 8 0 8 8 0 8 0 futexpl 64 138 0 135 1 0 1 1 0 8 0 knotepl 120 300 0 0 10 0 10 10 0 8 0 kqueuepl 216 21 0 9 1 0 1 1 0 8 0 pipepl 320 99 0 71 3 0 3 3 0 8 0 fdescpl 496 401 0 364 7 1 6 6 0 8 0 filepl 152 1325 0 1073 10 0 10 10 0 8 0 lockfpl 104 8 0 4 1 0 1 1 0 8 0 lockfspl 48 6 0 2 1 0 1 1 0 8 0 sessionpl 144 21 0 5 1 0 1 1 0 8 0 pgrppl 48 29 0 5 1 0 1 1 0 8 0 ucredpl 104 78 0 60 1 0 1 1 0 8 0 zombiepl 144 364 0 362 1 0 1 1 0 8 0 processpl 1160 419 0 362 5 0 5 5 0 8 0 procpl 648 437 0 371 6 0 6 6 0 8 0 sockpl 664 146 0 109 4 0 4 4 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 127 0 0 16 0 16 16 0 8 0 mcl2k 2048 20 0 0 3 0 3 3 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 212 0 0 14 0 14 14 0 8 0 bufpl 280 4675 0 94 328 0 328 328 0 8 0 anonpl 24 145221 0 136939 50 0 50 50 0 185 0 amapchunkpl 152 8988 0 8159 34 0 34 34 0 158 0 amappl16 200 3894 0 3874 5 0 5 5 0 8 3 amappl15 192 70 0 70 1 0 1 1 0 8 1 amappl14 184 103 0 92 1 0 1 1 0 8 0 amappl13 176 10 0 10 1 0 1 1 0 8 1 amappl12 168 999 0 961 2 0 2 2 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 8 0 8 1 0 1 1 0 8 1 amappl9 144 149 0 149 1 0 1 1 0 8 1 amappl8 136 22 0 21 1 0 1 1 0 8 0 amappl7 128 91 0 80 1 0 1 1 0 8 0 amappl6 120 162 0 160 1 0 1 1 0 8 0 amappl5 112 129 0 121 1 0 1 1 0 8 0 amappl4 104 276 0 260 1 0 1 1 0 8 0 amappl3 96 1653 0 1522 4 0 4 4 0 8 0 amappl2 88 629 0 568 2 0 2 2 0 8 0 amappl1 80 7184 0 6620 15 1 14 14 0 8 1 amappl 88 2363 0 2165 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 401 0 362 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 401 0 362 1 0 1 1 0 8 0 vmmpekpl 168 4602 0 4564 2 0 2 2 0 8 0 vmmpepl 168 33409 0 31380 89 0 89 89 0 357 0 vmsppl 448 400 0 362 5 0 5 5 0 8 0 rwobjpl 56 15625 0 13094 38 0 38 38 0 8 1 pdppl 4096 809 0 724 111 14 97 97 0 8 12 pvpl 32 28411 0 0 230 0 230 230 0 265 0 pmappl 248 400 0 362 4 1 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 387 0 16 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83078e14) at panic+0x1e5 sys/kern/subr_prf.c:198 mtx_leave(fffffd806a841f38) at mtx_leave+0x17c sys/kern/kern_lock.c:335 msleep(fffffd806a841e50,fffffd806a841f38,4,ffffffff832a21d0,0) at msleep+0x125 sys/kern/kern_synch.c:249 vm_map_lock_ln(fffffd806a841e20,ffffffff830d8373,6f3) at vm_map_lock_ln+0xd4 sys/uvm/uvm_map.c:5250 uvmfault_lookup(ffff8000371f13f0,1) at uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1779 uvm_fault_check(ffff8000371f13f0,ffff8000371f1428,ffff8000371f1450) at uvm_fault_check+0x83e uvmfault_amapcopy sys/uvm/uvm_fault.c:236 [inline] uvm_fault_check(ffff8000371f13f0,ffff8000371f1428,ffff8000371f1450) at uvm_fault_check+0x83e sys/uvm/uvm_fault.c:710 uvm_fault(fffffd806a841e20,200a0000,0,1) at uvm_fault+0x112 sys/uvm/uvm_fault.c:600 kpageflttrap(ffff8000371f1590,200a0000) at kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279 kerntrap(ffff8000371f1590) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b _copyin() at _copyin+0x57 syscall(ffff8000371f19e0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371f19e0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe0e065d4230, count: -14 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x68 savectx() at savectx+0xae end of kernel end trace frame: 0xe0ebd296b90, count: 10 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x68 savectx() at savectx+0xae end of kernel end trace frame: 0xe0ebd296b90, count: -5