panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) kmmaplk Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 194499 93357 0 0 0 1 syz-executor.1 *312729 94092 -1 0x10 0 0K syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823d0545) at panic+0x15e sys/kern/subr_prf.c:218 witness_checkorder(ffffffff828b3da8,1,0) at witness_checkorder+0x1046 sys/kern/subr_witness.c:821 rw_enter_read(ffffffff828b3d98) at rw_enter_read+0x66 sys/kern/kern_rwlock.c:111 uvmfault_lookup(ffff8000234d3028,0) at uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1495 uvm_fault_check(ffff8000234d3028,ffff8000234d2fd0,ffff8000234d2fb8,2) at uvm_fault_check+0x3d sys/uvm/uvm_fault.c:513 uvm_fault(ffffffff828b3d90,ffff8000232c3000,0,2) at uvm_fault+0xdb sys/uvm/uvm_fault.c:694 kpageflttrap(ffff8000234d31b0,ffff8000232c3fd0) at kpageflttrap+0x202 sys/arch/amd64/amd64/trap.c:265 setsockopt(r4, 0x400, 0xfffffffd, &(0x7f0000000100)="559c9a8f1f235fe7bc8e59a95377da854caa57072ab43a2da9c37c29340962ccd38321b478fdd717738ae00d5dbf00300b34cff898cf44b0e1cd4d135c6996dcb3259cba5d1c05c07d4b6989870b3182eda79866e2d66a9ff0e3b1e31d76c633f78ef17132a4ce30c0260247dd86a48b1ed258d03bddd13e79bb4773ce43346c49033bc9e03965989fe2586f807dcefecea0214cb11443fcd8dc52a6fb7888d883ef7bb81d46ae64b4ec4ae51aacd621369f98030eb127ee6bf00f1baf721955e9416b3513c13cb3fce4ade9ec011983d88ed3b73713acdc9e3c50815980c40c752596a5c34bb21c002ca2c482d6fb622fd3e6a71a91daef3b367c2920fd1f06836578ed7a7c3b42834609bfcd3eafd86d8320f628c67de054f9239c6d36e9e6f5e1987d6f5ff8e382848de97de931380e19f40397ef1cd03e8e44171a160b5b827de47e48e3275ba589ca3423777cd152ed4ab9382de59374cbbfc85b70e4c0ad207e86c7b9f45302614b33c5569a4f28f08615088ad083418d761a8ae1bed0161509e599734bb527c897ae76dbdd91a02ff22d23e3a62e638ba8b5c5728049f185e74e37f5b06356bebadd3580e9c815cd1cf18eab9a698aa75ad0292b273fbfe1f880677e7fb7dbee2bdc8c12c1ad320d8adfcaf9a03d673ec28ca91c72a0d9e21988c054583ee073f09c6c083ceb028ab441e0d32b492e3f4329d4f71391e5599026375036e99dcbe8ca6d084a8a1c8959e000df3a33e40027e75bda93dad0648e13749c1cd30fd2f4aa3ed3e2ce827cb3ef58b317fba871d1881b3de72589fccee939f2ee7c7f8e3fa062607f95dc14d5d9ba19a66e3908edbc6e7e0ed26dec7d6adc9714a222cd75123f35f6306a0528a93b02e79e167e8a803c27226dd34aa4fe12dfa2440e229ad4d98a11ca04e50ea1b5de232c8374dcf4170cb890b63de9504929a3247acc142fc0f6f56ef08aebc925a294a04608a1d854fcb3e057063e4e965ddb5b908cee3757cdb7461217b2345e38bcf9722262f91fc17f0ab06ed76a1930913f20c0ae420a771b4041fa2ecb9d0450301b3319eb14f4e0bfdb7e42d2878e38e03578245dd6aa1949307d5d9ed75e3fa2d9ace7983d875e34cb88be6ca23d93371791ea13e9755d6b68a31bc5272079bb0f5f534d2a02df58f41822773b0bd018284a35535e17a016f86fa4e87a14e129b3fcb75f9e816603fb55025055f55c2ab443c8bafa1d567c558de3a5315a78699b4569e249291cec120382970834e56a23a46708696e5f3187c74d3bee2eb0e1d25339b4ebe5e69447e9645784dc39c9b54da9006b94de0a7e01f6227d2fbd17f039956fa0a5b6a28e6f11b3831af59601923c672eee4cdcd0dd1b46d967e01de806a77919169dcd5b1bfd4ca7a9ede4c109d0d8d5fd52203aa39bfa4dc05ff4cbc97573b58bc10dc6284966c04d67a7efd5114f6cfebdf68df86fd17e21f8c2878f494d89fde9d82a29fec41c57151a91058973abfe34904255688966427afb75d91e94305c15374e822cdb1a805f592f00fcc05667eee2e2a95a024b6654fe576c73094a71a885708895db39b1fd7ef59cc62468e80b828c553502308f29402bdb2b24958ef726e0e3a157424d2e873b90f0a8b52cf89e69c6f3db4b202f8ddbf52c83455094e92d55b0872edcab2f6f12f39c146a7bc2a81dc21e712b4a73d2a309177f7a664cf7fb6bd3ba91d1dfe5664cd5a497d521a8b7184cb56bb80c158c12798e505c1f2675dc2e267cabef3f83da81032be0a2b26abcb22acbd571599efde8e58e8e085d23f3e424f1e5d9c0dff93569abf9b297b2f26e0855eeadb091ad654c20de15fccc47052e5a7d884e76c7a11b4043fbf0dd5d5cfdd950883df3ffa9352a09e5ff19c081baf7829bbb241c290b4b9d56327d4dc9df6bb07a8d48eb11b53727ca60257be191844789767cca49b364bad903cd276d3a7853d72bdc3404acc61dd70a4bc2d83fc3c640d215ef1499f2fa60cafba9c978bb093ee78fde1bab9584edb78b3e2ee61c3858d710488a9be5678d58d13e2b9b0f065e2b2772921d7b6d7717ab6d1814cd55feb79a5e0435d6f6bbd9dba19c2e32fb6d244e4995fec084e8252a4e21809bd5dcb07d947ce7ee81e3e674b0cb5dd75e7e427938c666e9bf278c17c1408e64958bbe029e697dc3990c0a54467113e108d613554e9ada204d8822a8667688feecef3fedf8db5498fcaff21812206c0f77658ff5efe1b7b90e9f17ed290506ebbd12920eccd5a7874b43899a130e4219eb4d643098d1b4cc58637e7be40e174713a0509e98580f722db4c2d0f7f9038946cf19c0ca54469d3ce502019243c55093e4dcb54fdf03e1565f2c72d4281bbabe3c1af1a91f70af2948e2f6d7c449d715383ee44f348299786796118d89953b1a90c54b1a93fb436bd716eead77dd988efbfaf24cda7a29fdf9cc4dad9da73d0d80dae2bef3922cfcd79f7b33e3ea5cb936fd15f7ffc1f75fedae18069a42b029b1d1dd00d9cd7cd7af3997fbdfa70906cd9035154c30e1ac68454e36326cd9d8672ec8191de3e310900875270002e5c0ed3c5f2af332b042f63f3bf51ce1410a017c5266862cb1b72324cf46399d18feb7e86a76f30c975bc109d39f54d0dc5c16b18ff6b1633590a8677c7f38ff27f3ac2d5d66027cad7ff01671eaec6305f4c431fd03e478ee87298009d6265380129545e161e5948a992dc2605e8f1c16d8d0d8db5f840a0cc65578edf48e1f9e557960361ab56a0d055bc630c0b72ffa51a28129f5046baa64d98d11f31e0ddcc5910c8f94cef7b61d6ea43d5ce7f0306fbad72ff6f8a0980008448e26ed616e7ee095c9f658e58c8dc7d24844ab9ef49aa1c6db30a29446e41778ec46ecb67b0901c21a679bbf34092f8177c396efae6831f502c833c79d58c314b2664a00c1d88f028ccc4ef4da9fea6ba9125532fd52e53c85f529b4b69867208e5c76b7b71ebb7e10ce4e74ae959d97d59aa410fb9640302030ddddccbfe7d8cb142eb965671b184ff97475fc429afcadee931907fe06027bf84022ca36a1987ce773eb4ff534b129d9587c759d7a41932a4335cbe6a18b35c2189ea32ab01aec65647bda296bdea4b0060c555050f08cfb37a80becb9aaf908ce82c37184d7aa3ed7fe439aa14019820577995f26a9850bf7a854abde51d7e3db6b349c20703780223883154c70270ff9d9f7f72d7b19b641a71fab98d13fe967070ed56fbdaa0c8e82b42cd8851510b33c0dad7a290576db28d10bce4cdcae63df2a0b1f1e2eefa02e7da9622441dc425dc5972511c2500e880e42b272c07f5f7bf0b13e659e8dfdb2ec3450fa3484b72114a3477f26299f27e068ef997fea9bcb4c5dce3592b442ad17c92676466d61bf893504360efd800791cd95e4326ddd57858d4a1024aef078d9f53a662d6f2af164c176dc8e99c9b5f650718618b005093399c24988cdc85b3482cf0c0229ceaffa643384ba413540d7f1dafbd555143c9dfeb7cd6fc4fb5f9bb8191710fb857c01b387f6c297a1dcf307cc9f44fefaf3ffc2df307fab5f78bae9f1bfb2bd786605615f80cec79d381154ed27cfac1906a04d6f1b6fa8d5e0fd990ccfecf454740d6a9b9f7d613c89d456ae027b197c5da1e63b8c1d2484b7ed62185de1aaa51afd99b05c7a16e0d09e3881921a3a7cdb5ecddcb337afb27c06eed77c681865ec08b88487aa4a2bf14d8efa2b2bd619fd052b1b33c613df1a30e12b09001baacfd47cdf46f828a3f01549be293e7a35fe184d49b79c59fd42df21cf22b18061b7f76ff8f42279e1eecbbf32c05c5723e08acbe10439045080d3b2cf82546725b49ed13097e32ddec3f275b3f03ddf069b6ee23dfe99e9fa9ba8f30a2af449cb107f37fa65bb02dd025da2ba950f501d50b3a24c04dd3582f1d127b9f5789c7a6f917904735bc3e12a5f5c742782cb5c1b90b57c4be5334278617c3291d8d6b96f56f13dfc16a650e1ccb74305d7bb7617e6924146de555f80237697c784809115bcc88fc09814ccd863ccb4ef41bc16dab61d09e7dd9d4e63e6eaa8a9a1141373d28c48f66a7857d1279fc01765d02073c178752e9439cde01e2613103cde1326ab805421aaa13bb125ff2e07b764fad5dbf49a0d369857219a786dff0581d7fb963d5e0b07abe20b8492938fa110fc526936d59781202ccd231bb9664413783783d14b082dd82b31e9c24b4e6def3271126c06c34c25daf58c19ecf95e9e9e90d073184cfc1af08c683ed73c98d1a1509dc9471e13ac7bb7f89709e8043a428211297fdb9da6eb794243aed1a67ea5ae0853c38d41231e15ad2e687650507a5680c43a368d1b741a693b7708e7ec13566d0ebeadc01105ec99e6cf53005d3778cb6e8803dd7f325387f015dcc67f7490d79cf80f6bf78d86c1548c66acb9231b3b159ed7af7ad560b7d3127855bb1bb4c042a7b89e4058556b346eac0bb9442dde5d17f38fd1c2a137cc288f2ab83cb40de60c71452e5929133d5c0fb25d7ef86e8b5015241669f6591b0b8839825c35c973f195bbba28e9fa5c0ffca806fc040bedbd80e2ad12795c1e47e53c5e107d629e05111c0df25c1314cc4b6918bf07edf1b3feecf016f03e4a422a74949db6dd192ab5a5fa5cd0ae386088bdfa8999c096be6a98f49a46762a58653f281acc4ef32eb8dfee27be2b11c50339cb33448039eba7ba1fe7118a601fa65656ebe939bdc3d32087b71c0d73666b52b2fd928d687479b09e14638e537bdfa41dadeb1a187365396071037b40e68e7841ef050adc1054d24d22ede2367c0e3108d4b3d1b761830bf1f237dcea65eb4e0f2b72a5fe3ebe5fef21250cae39456882d12bc020a3f649ef51e617cf94ad10bbcdf97c9ca7a4861106bdf5c72d9eccc937351577732eb2737a4fe002c4ac9d4df62fc111695b0e138b5088bb7374ccc97abe7c801b52b9af8d319f6f2e83c35085bbfeb7c0afb258bf175b411c84b064ed9afb87ffe9974312b068ab4a47ac4b8f34f43b2532608806e16242c80298b94df2cf952e3f8bc5c2be6230909c78b75f9e9d99fb5b900b201081765f33f36c3c45b186fd37cd9514732a765a7d44f4e7bc5c5209c0ed1014205ae4affe3df4039a5cd58688252b560dfa973c8019e6a0be1499f3100c24d9b34729128c0d1eeff858cd695178f162cf1b4badcc5eac5f55780beeee9f7f0b5c7353f34cd76265988064abffd064dbba0bdb0239a2a0fa9d99482381767b42d8d62dab5b2d844ba59575ac139c1498c812812eda57efe5734bb34f22a887d33223f37a1a68b802b67169ca089b6768f784f6687f2e11f6591b9474ab237b51c5fec8ff583b000592a20b2905dd0c81d255b851cfe12f5c5b264c9d2300013a6ccc733483ca098158a7e5d1e1ec8971013d713e710995be58df8d1511ed9e3e1edca915cdfb8835c23da2aa1869826834254ec2c94bb27329366485e928e38553be6ca1ce11e2abc4d68607afba49e1c258bb6c6df8c68dc3311a401f7dc071cd3753fc7ba834b3eeb14251d3ff33e304c40d2c4b5740626f31437524715f02ed2f3bf203234a9698123bdf0e76569c18cfd9bf46fed4f4f300f5dd5b9de5c8690e87bba657508b15b60cae5de1e77ebd19bcbc249c1c895581a6ca7f60be017bff8e8f60e22ca3b62bac375a149bbeb01d88dec92a932aa8b5b02729f7bd8c75a5bd3cd002003cb779be8bbd9b7461699493760f1309f9822e49b0b017e4c9779a83561d98196471d39a7a", 0x1000) msgctl$IPC_STAT(r2, 0x2, &(0x7f0000000040)=""/180) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 12:59:29 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x3, 0x10, r1, 0x0, 0x0) r2 = msgget(0x1, 0x0) msgctl$IPC_STAT(r2, 0x2, &(0x7f0000000040)=""/180) r3 = kqueue() r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r4, 0x0, 0x0) sendto$unix(r4, &(0x7f0000000040)="6307a4521f59c241301ff9e19a8baecfd1d4967f949fc8783b189348b41381451c8b9acdf002a263374910642a99796e8bb5f9c19eb3b688aa1bc00117cdecca6cc747f1763e44e1f340a95f6007def279a623d311ffa19e78bcf079959cbab625696252271f1964a776571ebce23b3d108818346d4de9e580c185b36cddd13227beba707f4d5bc774e45ddf991a443dad504d3401504a7aead99c6f6bda4f4b3c8f2654a93166266a34062c39dbc877d0d1f21d746258af9eeb425a8281ce01", 0xc0, 0x40c, &(0x7f0000000100)=@abs={0x0, 0x0, 0x2}, 0x8) ioctl$WSMOUSEIO_GTYPE(r4, 0x40045720, &(0x7f0000000200)) connect$unix(r4, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0xa) ioctl$WSKBDIO_GETBELL(r4, 0x40105704, &(0x7f0000001400)) ioctl$WSDISPLAYIO_USEFONT(r4, 0x80585750, &(0x7f0000000100)={'./file0\x00', 0x8000, 0x0, 0x9a0, 0x1, 0x2, 0xa656, 0x8, 0x1, 0x1, 0xff, 0x3}) mlockall(0x1) r5 = open(&(0x7f0000000240)='./file0\x00', 0xc7f9a757b49d2560, 0x92) ioctl$BIOCGHDRCMPLT(r5, 0x40044274, &(0x7f00000001c0)) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x1}) 12:59:29 executing program 1: r0 = kqueue() fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bpf\x00', 0x80, 0x0) ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) ioctl$BIOCSETWF(r1, 0x80104277, &(0x7f0000000140)={0x3, &(0x7f0000000080)=[{0x61}, {0x14}, {0x6, 0x0, 0x0, 0xfc}]}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) r2 = msgget(0x1, 0x0) msgctl$IPC_STAT(r2, 0x2, &(0x7f0000000040)=""/180) r3 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bpf\x00', 0x4000000001, 0x0) ioctl$BIOCSETIF(r3, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) ioctl$BIOCSETWF(r3, 0x80104277, &(0x7f0000000140)={0x3, &(0x7f0000000080)=[{0x61}, {0x14}, {0x6, 0x0, 0x0, 0xfc}]}) pwrite(r3, &(0x7f0000000280)="895e654f5c1d85047229b675851d", 0xe, 0x0, 0x0) r4 = kqueue() r5 = fcntl$dupfd(r4, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r5, 0x0, 0x0) sendto$unix(r5, &(0x7f0000000040)="6307a4521f59c241301ff9e19a8baecfd1d4967f949fc8783b189348b41381451c8b9acdf002a263374910642a99796e8bb5f9c19eb3b688aa1bc00117cdecca6cc747f1763e44e1f340a95f6007def279a623d311ffa19e78bcf079959cbab625696252271f1964a776571ebce23b3d108818346d4de9e580c185b36cddd13227beba707f4d5bc774e45ddf991a443dad504d3401504a7aead99c6f6bda4f4b3c8f2654a93166266a34062c39dbc877d0d1f21d746258af9eeb425a8281ce01", 0xc0, 0x40c, &(0x7f0000000100)=@abs={0x0, 0x0, 0x2}, 0x8) ioctl$TIOCNOTTY(r5, 0x20007471) ioctl$BIOCVERSION(r3, 0x40044271, &(0x7f0000000100)) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x1}) 12:59:29 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) r2 = msgget(0x1, 0x0) msgctl$IPC_STAT(r2, 0x2, &(0x7f0000000040)=""/180) kevent(r1, &(0x7f00000002c0)=[{{}, 0xfffffffffffffffc, 0x1, 0x2, 0xfffffffffffffff8}, {{}, 0xfffffffffffffffe, 0x0, 0x20000000, 0x8000, 0x400}, {{r0}, 0x7ffffffffffffffa, 0x1, 0xf0000000, 0x8, 0x7fffffff}], 0xd42, &(0x7f0000000340)=[{{}, 0x0, 0x18, 0x4, 0x8, 0x7f}, {{}, 0xfffffffffffffffb, 0xe6, 0x1, 0x40, 0x3}, {{r1}, 0xfffffffffffffffb, 0x80, 0x4, 0x9, 0xfa2f}, {{r1}, 0xfffffffffffffffd, 0xd3, 0x8, 0x200000, 0x5}, {{r0}, 0xfffffffffffffffc, 0x80, 0x80, 0x100, 0x7f}], 0x800, &(0x7f0000000400)={0x7, 0xe3c00a1}) semctl$GETNCNT(0x0, 0x1, 0x3, &(0x7f00000000c0)=""/35) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001400)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r3, 0xffff, 0x1022, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000100)=0x1) setuid(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001400)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r5, 0xffff, 0x1022, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000100)=0x1) setuid(r6) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) setregid(r7, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000000)={{0xfffffff9, r4, 0xffffffffffffffff, r6, r7, 0x48, 0x9}, 0x8a, 0x3ff}) r8 = geteuid() getsockopt$SO_PEERCRED(r1, 0xffff, 0x1022, &(0x7f0000000100)={0x0}, 0xc) msgctl$IPC_SET(r2, 0x1, &(0x7f0000000140)={{0x6, 0x0, r7, r8, 0xffffffffffffffff, 0x8, 0x9}, 0x8, 0x7f, r9, 0xffffffffffffffff, 0x26d5, 0x9, 0x6, 0x9}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x1}) 12:59:29 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x1010, r1, 0x0, 0x0) r2 = msgget(0x1, 0x0) msgctl$IPC_STAT(r2, 0x2, &(0x7f0000000040)=""/180) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x1}) kerntrap(ffff8000234d31b0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:321 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b memcpy() at memcpy+0x15 timeout_run(ffff80002123dd08) at timeout_run+0xd6 timeout_sync_leave sys/kern/kern_timeout.c:207 [inline] timeout_run(ffff80002123dd08) at timeout_run+0xd6 sys/kern/kern_timeout.c:676 softclock_process_tick_timeout(ffff80002123dd08,0) at softclock_process_tick_timeout+0x196 sys/kern/kern_timeout.c:721 softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:752 end trace frame: 0xffff8000234d33f0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic acquiring blockable sleep lock with spinlock or critical section held (rwlock) kmmaplk ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823d0545) at panic+0x15e sys/kern/subr_prf.c:218 witness_checkorder(ffffffff828b3da8,1,0) at witness_checkorder+0x1046 sys/kern/subr_witness.c:821 rw_enter_read(ffffffff828b3d98) at rw_enter_read+0x66 sys/kern/kern_rwlock.c:111 uvmfault_lookup(ffff8000234d3028,0) at uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1495 uvm_fault_check(ffff8000234d3028,ffff8000234d2fd0,ffff8000234d2fb8,2) at uvm_fault_check+0x3d sys/uvm/uvm_fault.c:513 uvm_fault(ffffffff828b3d90,ffff8000232c3000,0,2) at uvm_fault+0xdb sys/uvm/uvm_fault.c:694 kpageflttrap(ffff8000234d31b0,ffff8000232c3fd0) at kpageflttrap+0x202 sys/arch/amd64/amd64/trap.c:265 kerntrap(ffff8000234d31b0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:321 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b memcpy() at memcpy+0x15 timeout_run(ffff80002123dd08) at timeout_run+0xd6 timeout_sync_leave sys/kern/kern_timeout.c:207 [inline] timeout_run(ffff80002123dd08) at timeout_run+0xd6 sys/kern/kern_timeout.c:676 softclock_process_tick_timeout(ffff80002123dd08,0) at softclock_process_tick_timeout+0x196 sys/kern/kern_timeout.c:721 softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:752 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x1f spllower(ffff8000234d3560) at spllower+0x9e sys/arch/amd64/amd64/intr.c:727 usertrap(ffff8000234d3560) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:406 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffdec90, count: -19 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000234d2c00 rbx 0xffff8000234d2c10 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff820a9426 kprintf+0x146 r9 0x1 r10 0x1ed856a1c6c34d91 r11 0xc94c9803a8fd6d30 r12 0x3000000008 r13 0xffff8000234d2cb0 r14 0x100 r15 0x1 rip 0xffffffff812907a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000234d2bf0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=312729 stat=onproc flags process=10 proc=0 pri=53, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff80002123cce8,0xffff80002123c028 process=0xffff800021234430 user=0xffff8000234ce000, vmspace=0xfffffd807eff9b80 estcpu=30, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 93357 194499 28565 0 7 0 syz-executor.1 *94092 312729 57447 -1 7 0x10 syz-executor.0 94092 166003 57447 -1 3 0x4000090 fsleep syz-executor.0 28565 39300 5028 0 3 0x82 nanosleep syz-executor.1 57447 33600 5028 0 2 0x482 syz-executor.0 5028 275433 79400 0 3 0x82 thrsleep syz-fuzzer 5028 127830 79400 0 2 0x4000482 syz-fuzzer 5028 126172 79400 0 3 0x4000082 kqread syz-fuzzer 5028 523828 79400 0 3 0x4000082 thrsleep syz-fuzzer 5028 422459 79400 0 2 0x4000482 syz-fuzzer 5028 213355 79400 0 3 0x4000082 thrsleep syz-fuzzer 5028 143011 79400 0 3 0x4000082 thrsleep syz-fuzzer 5028 415195 79400 0 3 0x4000082 thrsleep syz-fuzzer 79400 20034 68873 0 3 0x10008a pause ksh 68873 309163 86653 0 3 0x92 select sshd 74384 382625 1 0 3 0x100083 ttyin getty 86653 383209 1 0 3 0x80 select sshd 61627 22171 14406 74 3 0x100092 bpf pflogd 14406 348738 1 0 3 0x80 netio pflogd 47360 361302 8326 73 3 0x100090 kqread syslogd 8326 115074 1 0 3 0x100082 netio syslogd 71760 288757 1 77 3 0x100090 poll dhclient 64592 107404 1 0 3 0x80 poll dhclient 5373 163376 0 0 3 0x14200 bored smr 83404 334188 0 0 2 0x14200 zerothread 76007 387968 0 0 3 0x14200 aiodoned aiodoned 38929 464413 0 0 3 0x14200 syncer update 89540 152312 0 0 3 0x14200 cleaner cleaner 61622 181071 0 0 3 0x14200 reaper reaper 3704 480038 0 0 3 0x14200 pgdaemon pagedaemon 66142 431058 0 0 3 0x14200 bored crynlk 49894 66066 0 0 3 0x14200 bored crypto 61451 37109 0 0 3 0x14200 bored viomb 93156 308629 0 0 3 0x40014200 acpi0 acpi0 23457 240477 0 0 3 0x40014200 idle1 34555 239618 0 0 3 0x14200 bored softnet 56692 307340 0 0 3 0x14200 bored systqmp 25119 11511 0 0 3 0x14200 bored systq 30118 392586 0 0 3 0x40014200 bored softclock 83426 279788 0 0 3 0x40014200 idle0 1 138092 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex /syzkaller/managers/multicore/kernel/sys/dev/kcov.c:125 r = 0 (0xffffffff827034d8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 kcov_remote_leave+0x1f sys/dev/kcov.c:674 #4 timeout_run+0xd6 timeout_sync_leave sys/kern/kern_timeout.c:207 [inline] #4 timeout_run+0xd6 sys/kern/kern_timeout.c:676 #5 softclock_process_tick_timeout+0x196 sys/kern/kern_timeout.c:721 #6 softclock+0x11a sys/kern/kern_timeout.c:752 #7 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #8 Xsoftclock+0x1f #9 spllower+0x9e sys/arch/amd64/amd64/intr.c:727 #10 usertrap+0x21a sys/arch/amd64/amd64/trap.c:406 #11 recall_trap+0x8 shared mutex timeout r = 0 (0xffffffff82770cc0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 timeout_run+0xb7 sys/kern/kern_timeout.c:670 #2 softclock_process_tick_timeout+0x196 sys/kern/kern_timeout.c:721 #3 softclock+0x11a sys/kern/kern_timeout.c:752 #4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #5 Xsoftclock+0x1f #6 spllower+0x9e sys/arch/amd64/amd64/intr.c:727 #7 usertrap+0x21a sys/arch/amd64/amd64/trap.c:406 #8 recall_trap+0x8 Process 94092 (syz-executor.0) thread 0xffff80002123ca58 (312729) exclusive kernel_lock &kernel_lock r = 2 (0xffffffff828e96a8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 upageflttrap+0x77 sys/arch/amd64/amd64/trap.c:180 #2 usertrap+0x21a sys/arch/amd64/amd64/trap.c:406 #3 recall_trap+0x8 exclusive mutex /syzkaller/managers/multicore/kernel/sys/dev/kcov.c:125 r = 0 (0xffffffff827034d8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 kcov_remote_leave+0x1f sys/dev/kcov.c:674 #4 timeout_run+0xd6 timeout_sync_leave sys/kern/kern_timeout.c:207 [inline] #4 timeout_run+0xd6 sys/kern/kern_timeout.c:676 #5 softclock_process_tick_timeout+0x196 sys/kern/kern_timeout.c:721 #6 softclock+0x11a sys/kern/kern_timeout.c:752 #7 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #8 Xsoftclock+0x1f #9 spllower+0x9e sys/arch/amd64/amd64/intr.c:727 #10 usertrap+0x21a sys/arch/amd64/amd64/trap.c:406 #11 recall_trap+0x8 shared mutex timeout r = 0 (0xffffffff82770cc0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 timeout_run+0xb7 sys/kern/kern_timeout.c:670 #2 softclock_process_tick_timeout+0x196 sys/kern/kern_timeout.c:721 #3 softclock+0x11a sys/kern/kern_timeout.c:752 #4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #5 Xsoftclock+0x1f #6 spllower+0x9e sys/arch/amd64/amd64/intr.c:727 #7 usertrap+0x21a sys/arch/amd64/amd64/trap.c:406 #8 recall_trap+0x8 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9500 6673K 7062K 78643K 10764 0 pcb 13 8K 8K 78643K 13 0 rtable 105 3K 3K 78643K 199 0 ifaddr 44 10K 10K 78643K 45 0 counters 43 33K 33K 78643K 43 0 ioctlops 0 0K 4K 78643K 1534 0 mount 1 1K 1K 78643K 1 0 vnodes 1221 77K 77K 78643K 1276 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 10 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1825 197K 290K 78643K 13109 0 file desc 6 17K 25K 78643K 253 0 proc 60 63K 95K 78643K 448 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 33 2K 2K 78643K 33 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 2K 78643K 360 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 253 35K 35K 78643K 1440 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1 0 NDP 6 0K 0K 78643K 10 0 temp 74 3957K 4021K 78643K 2540 0 kqueue 3 4K 8K 78643K 5 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 120 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 29 0 15 1 0 1 1 0 8 0 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpqe 32 780 0 780 1 1 0 1 0 8 0 tcpcb 736 10 0 6 1 0 1 1 0 8 0 inpcb 296 41 0 34 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 kcovpl 48 2 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 11 0 2 1 0 1 1 0 8 0 pfstkey 112 11 0 2 1 0 1 1 0 8 0 pfstate 328 11 0 2 1 0 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 189 0 0 12 0 12 12 0 8 0 art_table 32 190 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1646 0 243 88 0 88 88 0 8 0 ffsino 272 1646 0 243 95 1 94 94 0 8 0 nchpl 144 2091 0 487 60 0 60 60 0 8 0 uvmvnodes 72 1743 0 0 32 0 32 32 0 8 0 vnodes 208 1743 0 0 92 0 92 92 0 8 0 namei 1024 5356 0 5356 2 1 1 1 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 6350 0 6350 9 3 6 8 0 8 6 plimitpl 152 15 0 7 1 0 1 1 0 8 0 sigapl 424 469 0 436 4 0 4 4 0 8 0 futexpl 56 1264 0 1263 1 0 1 1 0 8 0 knotepl 112 64 0 44 1 0 1 1 0 8 0 kqueuepl 152 186 0 183 1 0 1 1 0 8 0 pipepl 304 84 0 73 2 0 2 2 0 8 1 fdescpl 496 453 0 436 3 0 3 3 0 8 0 filepl 152 1668 0 1561 6 1 5 5 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 144 18 0 7 1 0 1 1 0 8 0 pgrppl 48 18 0 7 1 0 1 1 0 8 0 ucredpl 96 54 0 44 1 0 1 1 0 8 0 zombiepl 144 436 0 436 2 1 1 1 0 8 1 processpl 1056 469 0 436 3 0 3 3 0 8 0 procpl 656 723 0 682 4 0 4 4 0 8 0 sockpl 400 89 0 66 4 1 3 3 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 218 0 0 27 0 27 27 0 8 0 mtagpl 96 14 0 0 1 0 1 1 0 8 0 mbufpl 256 239 0 0 15 0 15 15 0 8 0 bufpl 280 3717 0 181 253 0 253 253 0 8 0 anonpl 16 68963 0 36011 135 1 134 134 0 124 1 amapchunkpl 152 2843 0 1733 47 1 46 46 0 158 2 amappl16 192 1683 0 728 49 0 49 49 0 8 1 amappl15 184 103 0 101 1 0 1 1 0 8 0 amappl14 176 25 0 19 1 0 1 1 0 8 0 amappl13 168 26 0 24 1 0 1 1 0 8 0 amappl12 160 10 0 5 1 0 1 1 0 8 0 amappl11 152 181 0 163 1 0 1 1 0 8 0 amappl10 144 13 0 10 1 0 1 1 0 8 0 amappl9 136 367 0 365 1 0 1 1 0 8 0 amappl8 128 196 0 134 3 0 3 3 0 8 0 amappl7 120 247 0 237 1 0 1 1 0 8 0 amappl6 112 68 0 56 1 0 1 1 0 8 0 amappl5 104 604 0 585 1 0 1 1 0 8 0 amappl4 96 396 0 369 1 0 1 1 0 8 0 amappl3 88 124 0 115 1 0 1 1 0 8 0 amappl2 80 2506 0 2439 3 0 3 3 0 8 0 amappl1 72 22036 0 21556 26 15 11 19 0 8 1 amappl 80 1113 0 931 4 0 4 4 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 453 0 436 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 453 0 436 1 0 1 1 0 8 0 vmmpekpl 168 7021 0 6992 3 1 2 2 0 8 0 vmmpepl 168 64962 0 62566 156 7 149 149 0 357 44 vmsppl 368 452 0 436 2 0 2 2 0 8 0 pdppl 4096 913 0 872 65 20 45 45 0 8 4 pvpl 32 205168 0 168630 297 0 297 297 0 265 2 pmappl 232 452 0 436 2 0 2 2 0 8 1 extentpl 40 57 0 39 1 0 1 1 0 8 0 phpool 112 322 0 26 9 0 9 9 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823d0545) at panic+0x15e sys/kern/subr_prf.c:218 witness_checkorder(ffffffff828b3da8,1,0) at witness_checkorder+0x1046 sys/kern/subr_witness.c:821 rw_enter_read(ffffffff828b3d98) at rw_enter_read+0x66 sys/kern/kern_rwlock.c:111 uvmfault_lookup(ffff8000234d3028,0) at uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1495 uvm_fault_check(ffff8000234d3028,ffff8000234d2fd0,ffff8000234d2fb8,2) at uvm_fault_check+0x3d sys/uvm/uvm_fault.c:513 uvm_fault(ffffffff828b3d90,ffff8000232c3000,0,2) at uvm_fault+0xdb sys/uvm/uvm_fault.c:694 kpageflttrap(ffff8000234d31b0,ffff8000232c3fd0) at kpageflttrap+0x202 sys/arch/amd64/amd64/trap.c:265 kerntrap(ffff8000234d31b0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:321 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b memcpy() at memcpy+0x15 timeout_run(ffff80002123dd08) at timeout_run+0xd6 timeout_sync_leave sys/kern/kern_timeout.c:207 [inline] timeout_run(ffff80002123dd08) at timeout_run+0xd6 sys/kern/kern_timeout.c:676 softclock_process_tick_timeout(ffff80002123dd08,0) at softclock_process_tick_timeout+0x196 sys/kern/kern_timeout.c:721 softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:752 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x1f spllower(ffff8000234d3560) at spllower+0x9e sys/arch/amd64/amd64/intr.c:727 usertrap(ffff8000234d3560) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:406 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffdec90, count: -19 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828e94a0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828e94a0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 upageflttrap(ffff8000222b5e80,86b380dd04c) at upageflttrap+0x77 sys/arch/amd64/amd64/trap.c:180 usertrap(ffff8000222b5e80) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:406 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffc25d0, count: 8 ddb{1}> trace x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828e94a0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828e94a0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 upageflttrap(ffff8000222b5e80,86b380dd04c) at upageflttrap+0x77 sys/arch/amd64/amd64/trap.c:180 usertrap(ffff8000222b5e80) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:406 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffc25d0, count: -7