panic: mutex 0xfffffd806a6d8140 not held in mtx_leave Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 43898 60882 0 0 0 1 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830777cb) at panic+0x1e5 sys/kern/subr_prf.c:198 mtx_leave(fffffd806a6d8140) at mtx_leave+0x17c sys/kern/kern_lock.c:335 msleep(fffffd806a6d8058,fffffd806a6d8140,4,ffffffff832017c0,0) at msleep+0x125 sys/kern/kern_synch.c:249 vm_map_lock_ln(fffffd806a6d8028,cd31b0f4000,0) at vm_map_lock_ln+0xd4 sys/uvm/uvm_map.c:5250 uvm_map_protect(fffffd806a6d8028,cd31aef5000,cd31b0f4000,1,0,0,b210bd2fdb98ea56) at uvm_map_protect+0xe1 sys/uvm/uvm_map.c:3059 sys_mprotect(ffff800035b99c00,ffff8000371dafd0,ffff8000371daf20) at sys_mprotect+0x34c sys/uvm/uvm_mmap.c:585 syscall(ffff8000371dafd0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371dafd0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7ed864c68420, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: mutex 0xfffffd806a6d8140 not held in mtx_leave ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830777cb) at panic+0x1e5 sys/kern/subr_prf.c:198 mtx_leave(fffffd806a6d8140) at mtx_leave+0x17c sys/kern/kern_lock.c:335 msleep(fffffd806a6d8058,fffffd806a6d8140,4,ffffffff832017c0,0) at msleep+0x125 sys/kern/kern_synch.c:249 vm_map_lock_ln(fffffd806a6d8028,cd31b0f4000,0) at vm_map_lock_ln+0xd4 sys/uvm/uvm_map.c:5250 uvm_map_protect(fffffd806a6d8028,cd31aef5000,cd31b0f4000,1,0,0,b210bd2fdb98ea56) at uvm_map_protect+0xe1 sys/uvm/uvm_map.c:3059 sys_mprotect(ffff800035b99c00,ffff8000371dafd0,ffff8000371daf20) at sys_mprotect+0x34c sys/uvm/uvm_mmap.c:585 syscall(ffff8000371dafd0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371dafd0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7ed864c68420, count: -9 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000371dabd0 rbx 0xffffffff834a2dbf cpu_info_full_primary+0x2dbf rdx 0 rcx 0xffff800035b99c00 rax 0xffffffff834a1ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x79cea3aa8219eaea r11 0x3478cb39abe8e31b r12 0xffffffff834a2bc0 cpu_info_full_primary+0x2bc0 r13 0 r14 0 r15 0x1 rip 0xffffffff813e7875 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000371dabc0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=343419 pid=11765 tcnt=4 stat=sleep flags process=0 proc=20 runpri=32, usrpri=50, slppri=4, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800035b99468,0xffff800035b98038 process=0xffff8000371c28e8 user=0xffff8000371d6000, vmspace=0xfffffd806a6d8028 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *11765 343419 46409 0 3 0x20 syz-executor 11765 459053 46409 0 3 0x4000080 fsleep syz-executor 11765 317690 46409 0 3 0x4000080 fsleep syz-executor 11765 507250 46409 0 3 0x4000080 fsleep syz-executor 41067 9651 96785 0 2 0 syz-executor 41067 472053 96785 0 3 0x4000080 fsleep syz-executor 83152 369820 96533 0 2 0 syz-executor 83152 10744 96533 0 2 0x4000000 syz-executor 60882 43898 51532 0 7 0 syz-executor 60882 483 51532 0 3 0x4000080 kqread syz-executor 60882 517249 51532 0 3 0x4000080 fsleep syz-executor 65495 80140 61906 0 3 0x80 nanoslp syz-executor 65495 189484 61906 0 3 0x4000080 fifow syz-executor 65495 470573 61906 0 3 0x4000080 fsleep syz-executor 53892 209329 36055 0 4 0 syz-executor 53892 325273 36055 0 3 0x4000080 fsleep syz-executor 96785 430951 28648 0 3 0x82 nanoslp syz-executor 26004 63577 28648 0 3 0x82 piperd syz-executor 65048 65480 28648 0 3 0x82 piperd syz-executor 96533 34424 28648 0 3 0x82 nanoslp syz-executor 51532 443613 28648 0 3 0x82 nanoslp syz-executor 61906 421500 28648 0 3 0x82 nanoslp syz-executor 36055 128323 28648 0 3 0x82 nanoslp syz-executor 46409 7304 28648 0 3 0x82 nanoslp syz-executor 42260 242272 0 0 3 0x14200 acct acct 14557 133395 0 0 3 0x14200 bored sosplice 37691 524035 1 0 3 0x100083 ttyin getty 28648 166413 53972 0 2 0x2 syz-executor 53972 503263 48661 0 3 0x10008a sigsusp ksh 48661 446894 52333 0 3 0x98 kqread sshd-session 52333 75336 63026 0 3 0x92 kqread sshd-session 63026 281346 1 0 3 0x88 kqread sshd 68416 477083 27947 74 3 0x1100092 bpf pflogd 27947 263348 1 0 3 0x80 sbwait pflogd 50689 227835 50502 73 3 0x1100010 ffs_fsync syslogd 50502 375519 1 0 3 0x100082 sbwait syslogd 75198 277435 1 0 3 0x100080 kqread resolvd 32773 345270 25971 77 3 0x100092 kqread dhcpleased 87208 61682 25971 77 3 0x100092 kqread dhcpleased 25971 45020 1 0 3 0x80 kqread dhcpleased 64225 174279 0 0 3 0x14200 bored smr 79281 3533 0 0 2 0x14200 zerothread 88795 2870 0 0 3 0x14200 aiodoned aiodoned 36265 122537 0 0 3 0x14200 syncer update 46160 8637 0 0 3 0x14200 cleaner cleaner 63161 199948 0 0 3 0x14200 reaper reaper 796 257518 0 0 3 0x14200 pgdaemon pagedaemon 48554 312766 0 0 3 0x14200 bored viomb 64663 50280 0 0 3 0x40014200 acpi0 acpi0 53939 142141 0 0 3 0x40014200 idle1 53021 101613 0 0 3 0x14200 bored softnet3 88479 500046 0 0 3 0x14200 bored softnet2 25387 152118 0 0 3 0x14200 bored softnet1 64947 383655 0 0 3 0x14200 bored softnet0 94910 493068 0 0 3 0x14200 bored systqmp 33011 32743 0 0 3 0x14200 bored systq 63926 369612 0 0 3 0x14200 tmoslp softclockmp 66804 195459 0 0 3 0x40014200 tmoslp softclock 11344 78336 0 0 3 0x40014200 idle0 1 436513 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &map->flags_lock r = 0 (0xfffffd806a6d8180) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 vm_map_lock_ln+0x153 sys/uvm/uvm_map.c:5258 #4 uvm_map_protect+0xe1 sys/uvm/uvm_map.c:3059 #5 sys_mprotect+0x34c sys/uvm/uvm_mmap.c:585 #6 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #6 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 Process 11765 (syz-executor) thread 0xffff8000ffffca30 (507250) exclusive rrwlock inode r = 0 (0xfffffd807ad12f80) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 uvn_io+0x412 sys/uvm/uvm_vnode.c:1265 #6 uvn_put+0x125 sys/uvm/uvm_vnode.c:928 #7 uvm_pager_put+0x18e sys/uvm/uvm_pager.c:525 #8 uvn_flush+0x72a sys/uvm/uvm_vnode.c:727 #9 uvm_map_clean+0x87e sys/uvm/uvm_map.c:4578 #10 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #10 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #11 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff83592d78) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #1 syscall+0xad6 sys/arch/amd64/amd64/trap.c:577 #2 Xsyscall+0x128 Process 50689 (syslogd) thread 0xffff8000ffffd960 (227835) exclusive rrwlock inode r = 0 (0xfffffd806e4021b0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 sys_fsync+0x152 sys/kern/vfs_syscalls.c:2926 #6 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #6 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10223 11124K 11506K 166960K 11688 0 pcb 18 12K 12K 166960K 102 0 rtable 199 6K 7K 166960K 885 0 pf 36 18K 26K 166960K 120 0 ifaddr 40 7K 8K 166960K 123 0 ifgroup 56 2K 2K 166960K 141 0 sysctl 4 1K 1K 166960K 5 0 counters 64 36K 36K 166960K 110 0 ioctlops 0 0K 4K 166960K 1540 0 iov 0 0K 14K 166960K 100 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1459 92K 92K 166960K 1906 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 12 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 61 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 16 57K 93K 166960K 874 0 sigio 0 0K 0K 166960K 83 0 proc 75 103K 128K 166960K 1024 0 subproc 104 6K 6K 166960K 312 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 78 0 in_multi 88 6K 7K 166960K 297 0 ether_multi 1 0K 0K 166960K 8 0 mrt 1 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 259 1155K 1155K 166960K 259 0 exec 0 0K 1K 166960K 671 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 239 73K 87K 166960K 8782 0 UVM aobj 21 4K 4K 166960K 22 0 pinsyscall 41 82K 105K 166960K 2368 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 29 0 NDP 12 0K 2K 166960K 85 0 temp 49 6819K 6883K 166960K 29703 0 kqueue 14 22K 28K 166960K 112 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 170 0 167 3 2 1 3 0 8 0 rtentry 112 298 0 207 4 1 3 4 0 8 0 unpcb 144 574 0 555 7 3 4 4 0 8 3 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpcb 808 424 0 418 12 5 7 8 0 8 6 arp 120 50 0 34 1 0 1 1 0 8 0 inpcb 336 973 0 960 14 7 7 7 0 8 5 nd6 136 79 0 55 1 0 1 1 0 8 0 pkpcb 40 4 0 4 3 2 1 1 0 8 1 kcovpl 48 24 0 16 1 0 1 1 0 8 0 ppxss 1168 5 0 5 2 1 1 1 0 8 1 pfstscr 40 1 0 0 1 0 1 1 0 8 0 pffrag 232 5 0 1 1 0 1 1 0 482 0 pffrnode 88 5 0 1 1 0 1 1 0 8 0 pffrent 40 6 0 2 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1288 3 0 0 1 0 1 1 0 8 0 pfstitem 24 75 0 27 1 0 1 1 0 8 0 pfstkey 128 75 0 27 2 0 2 2 0 8 0 pfstate 376 74 0 27 5 0 5 5 0 8 0 pfrule 1344 25 0 18 2 0 2 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 1242 0 831 33 4 29 29 0 8 0 art_table 32 1245 0 831 4 0 4 4 0 8 0 art_node 16 297 0 215 1 0 1 1 0 8 0 sysvmsgpl 40 73 0 71 2 1 1 1 0 8 0 semapl 112 58 0 48 1 0 1 1 0 8 0 shmpl 112 19 0 1 1 0 1 1 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 2445 0 910 97 0 97 97 0 8 0 ffsino 272 2445 0 910 104 0 104 104 0 8 0 nchpl 144 3353 0 1646 64 0 64 64 0 8 0 uvmvnodes 80 2953 0 0 61 0 61 61 0 8 0 vnodes 216 2953 0 0 165 0 165 165 0 8 0 namei 1024 12952 0 12952 2 1 1 2 0 8 1 percpumem 16 69 0 23 1 0 1 1 0 8 0 kstatmem 264 70 0 46 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 19545 0 19544 10 8 2 8 1 8 1 plimitpl 152 268 0 251 1 0 1 1 0 8 0 sigapl 424 1144 0 1094 9 2 7 7 0 8 1 futexpl 64 7919 0 7912 1 0 1 1 0 8 0 knotepl 120 597 0 0 17 0 17 17 0 8 0 kqueuepl 216 294 0 283 5 0 5 5 0 8 4 pipepl 320 202 0 173 3 0 3 3 0 8 0 fdescpl 496 1124 0 1094 6 1 5 5 0 8 0 filepl 152 6295 0 6042 20 7 13 14 0 8 3 lockfpl 104 135 0 132 1 0 1 1 0 8 0 lockfspl 48 58 0 55 1 0 1 1 0 8 0 sessionpl 144 40 0 31 1 0 1 1 0 8 0 pgrppl 48 79 0 62 1 0 1 1 0 8 0 ucredpl 104 830 0 817 1 0 1 1 0 8 0 zombiepl 144 1094 0 1094 1 0 1 1 0 8 1 processpl 1160 1144 0 1094 5 1 4 5 0 8 0 procpl 648 2042 0 1982 7 1 6 6 0 8 0 srpgc 96 6 0 6 2 1 1 1 0 8 1 sosppl 168 2 0 2 1 1 0 1 0 8 0 sockpl 664 1735 0 1700 18 9 9 10 0 8 5 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 160 0 0 20 0 20 20 0 8 0 mcl2k 2048 34 0 0 4 0 4 4 0 8 0 mtagpl 96 5 0 0 1 0 1 1 0 8 0 mbufpl 256 379 0 0 23 0 23 23 0 8 0 bufpl 280 6896 0 722 442 0 442 442 0 8 0 anonpl 24 215526 0 212026 69 9 60 67 0 185 23 amapchunkpl 152 28918 0 28415 33 1 32 32 0 158 11 amappl16 200 4943 0 4921 32 20 12 24 0 8 8 amappl15 192 61 0 61 1 1 0 1 0 8 0 amappl14 184 175 0 163 1 0 1 1 0 8 0 amappl13 176 27 0 27 1 1 0 1 0 8 0 amappl12 168 2020 0 1990 4 2 2 3 0 8 0 amappl11 160 51 0 37 1 0 1 1 0 8 0 amappl10 152 8 0 7 2 1 1 1 0 8 0 amappl9 144 136 0 136 1 1 0 1 0 8 0 amappl8 136 27 0 24 1 0 1 1 0 8 0 amappl7 128 141 0 129 1 0 1 1 0 8 0 amappl6 120 333 0 332 1 0 1 1 0 8 0 amappl5 112 204 0 192 1 0 1 1 0 8 0 amappl4 104 357 0 340 1 0 1 1 0 8 0 amappl3 96 5654 0 5540 5 1 4 4 0 8 0 amappl2 88 906 0 838 2 0 2 2 0 8 0 amappl1 80 10964 0 10398 15 1 14 14 0 8 0 amappl 88 8248 0 8074 5 0 5 5 0 92 0 dma16384 16384 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 21 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1124 0 1094 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1124 0 1094 1 0 1 1 0 8 0 vmmpekpl 168 10135 0 10083 3 0 3 3 0 8 0 vmmpepl 168 75915 0 74098 105 8 97 103 0 357 13 vmsppl 448 1123 0 1094 6 2 4 5 0 8 0 rwobjpl 56 27291 0 23386 57 1 56 56 0 8 0 pdppl 4096 2255 0 2188 123 52 71 85 0 8 4 pvpl 32 27279 0 0 220 0 220 220 0 265 0 pmappl 248 1123 0 1094 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 454 0 75 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830777cb) at panic+0x1e5 sys/kern/subr_prf.c:198 mtx_leave(fffffd806a6d8140) at mtx_leave+0x17c sys/kern/kern_lock.c:335 msleep(fffffd806a6d8058,fffffd806a6d8140,4,ffffffff832017c0,0) at msleep+0x125 sys/kern/kern_synch.c:249 vm_map_lock_ln(fffffd806a6d8028,cd31b0f4000,0) at vm_map_lock_ln+0xd4 sys/uvm/uvm_map.c:5250 uvm_map_protect(fffffd806a6d8028,cd31aef5000,cd31b0f4000,1,0,0,b210bd2fdb98ea56) at uvm_map_protect+0xe1 sys/uvm/uvm_map.c:3059 sys_mprotect(ffff800035b99c00,ffff8000371dafd0,ffff8000371daf20) at sys_mprotect+0x34c sys/uvm/uvm_mmap.c:585 syscall(ffff8000371dafd0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371dafd0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7ed864c68420, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x7b968ba8fba0, count: 12 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x7b968ba8fba0, count: -3