panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *468792 73467 32767 0x10 0x4000000 1 syz-executor 238108 73467 32767 0x10 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8307294c) at panic+0x1e5 sys/kern/subr_prf.c:198 witness_checkorder(fffffd804ab00630,1,0) at witness_checkorder+0x1113 sys/kern/subr_witness.c:843 rw_enter(fffffd804ab00620,2) at rw_enter+0x122 uvmfault_lookup(ffff800037030ad0,0) at uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1785 uvm_fault_check(ffff800037030ad0,ffff800037030b08,ffff800037030b30) at uvm_fault_check+0x47 sys/uvm/uvm_fault.c:672 uvm_fault(fffffd804ab00540,20000000,0,2) at uvm_fault+0x112 sys/uvm/uvm_fault.c:600 kpageflttrap(ffff800037030c70,2000010c) at kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279 kerntrap(ffff800037030c70) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x62 kern_sysctl(ffff800037030ff4,5,20000100,ffff800037031028,0,37,2d82d41bf1e24699) at kern_sysctl+0x320 sys/kern/kern_sysctl.c:500 sys_sysctl(ffff8000ffff4cc8,ffff800037031160,ffff8000370310b0) at sys_sysctl+0x422 syscall(ffff800037031160) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff800037031160) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 end trace frame: 0xffff8000370311e0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8307294c) at panic+0x1e5 sys/kern/subr_prf.c:198 witness_checkorder(fffffd804ab00630,1,0) at witness_checkorder+0x1113 sys/kern/subr_witness.c:843 rw_enter(fffffd804ab00620,2) at rw_enter+0x122 uvmfault_lookup(ffff800037030ad0,0) at uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1785 uvm_fault_check(ffff800037030ad0,ffff800037030b08,ffff800037030b30) at uvm_fault_check+0x47 sys/uvm/uvm_fault.c:672 uvm_fault(fffffd804ab00540,20000000,0,2) at uvm_fault+0x112 sys/uvm/uvm_fault.c:600 kpageflttrap(ffff800037030c70,2000010c) at kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279 kerntrap(ffff800037030c70) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x62 kern_sysctl(ffff800037030ff4,5,20000100,ffff800037031028,0,37,2d82d41bf1e24699) at kern_sysctl+0x320 sys/kern/kern_sysctl.c:500 sys_sysctl(ffff8000ffff4cc8,ffff800037031160,ffff8000370310b0) at sys_sysctl+0x422 syscall(ffff800037031160) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff800037031160) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc66e79974e0, count: -15 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff8000370306d0 rbx 0xffff800029b7cdbf rdx 0 rcx 0xffff8000ffff4cc8 rax 0xffff800029b7bff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x294715a91b0678ba r11 0x742db3d887d1bb4b r12 0xffff800029b7cbc0 r13 0 r14 0 r15 0x1 rip 0xffffffff81f42955 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000370306c0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=468792 pid=73467 tcnt=4 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff42a8,0xffff8000ffff47c8 process=0xffff8000353f7ae8 user=0xffff80003702c000, vmspace=0xfffffd804ab00540 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 73467 250939 180 32767 2 0x10 syz-executor *73467 468792 180 32767 7 0x4000010 syz-executor 73467 254234 180 32767 3 0x4000090 fsleep syz-executor 73467 238108 180 32767 7 0x4000010 syz-executor 82429 340669 16522 32767 2 0x10 syz-executor 82429 101404 16522 32767 3 0x4000090 fsleep syz-executor 82429 362629 16522 32767 3 0x4000090 fsleep syz-executor 21726 416421 22650 0 2 0 sshd 15635 174758 68459 32767 2 0x10 syz-executor 68459 228241 42271 0 3 0x82 wait syz-executor 21676 334876 74216 32767 3 0x90 nanoslp syz-executor 21676 318051 74216 32767 3 0x4000090 nanoslp syz-executor 21676 337069 74216 32767 3 0x4000090 fsleep syz-executor 51734 238628 43221 32767 3 0x10 biowait syz-executor 43221 60021 42271 0 3 0x82 wait syz-executor 75917 303292 30006 32767 2 0x10 syz-executor 30006 146421 42271 0 3 0x82 wait syz-executor 59576 306120 63551 32767 3 0x90 wait syz-executor 63551 356110 42271 0 3 0x82 wait syz-executor 180 303968 39158 32767 3 0x90 nanoslp syz-executor 39158 483851 42271 0 3 0x82 wait syz-executor 57719 231401 1529 32767 3 0x90 nanoslp syz-executor 1529 245097 42271 0 3 0x82 wait syz-executor 74216 435740 56485 32767 3 0x90 nanoslp syz-executor 56485 444077 42271 0 3 0x82 wait syz-executor 16522 19792 99459 32767 3 0x90 nanoslp syz-executor 99459 344702 42271 0 3 0x82 wait syz-executor 91180 314935 0 0 3 0x14200 bored sosplice 42271 65443 86555 0 3 0x82 kqread syz-executor 86555 306885 1 0 3 0x100082 nanoslp ksh 22650 62294 1 0 3 0x8a kqread sshd 40316 457378 57680 73 3 0x1100090 kqread syslogd 57680 115022 1 0 3 0x100082 sbwait syslogd 65775 133232 1 0 3 0x100080 kqread resolvd 43027 303950 93564 77 3 0x100092 kqread dhcpleased 95396 373698 93564 77 3 0x100092 kqread dhcpleased 93564 121406 1 0 3 0x80 kqread dhcpleased 48796 152379 0 0 3 0x14200 bored smr 52393 213203 0 0 2 0x14200 zerothread 24136 303877 0 0 3 0x14200 aiodoned aiodoned 36875 425607 0 0 3 0x14200 syncer update 33748 112335 0 0 3 0x14200 cleaner cleaner 14629 98824 0 0 3 0x14200 reaper reaper 13896 237207 0 0 3 0x14200 pgdaemon pagedaemon 26571 299867 0 0 3 0x14200 bored viomb 82512 165716 0 0 3 0x40014200 acpi0 acpi0 52011 350439 0 0 3 0x40014200 idle1 23622 474889 0 0 3 0x14200 bored softnet3 1545 132237 0 0 3 0x14200 bored softnet2 28314 229545 0 0 3 0x14200 bored softnet1 90119 20105 0 0 3 0x14200 bored softnet0 2937 282957 0 0 3 0x14200 bored systqmp 99176 215736 0 0 3 0x14200 bored systq 45433 510387 0 0 3 0x14200 tmoslp softclockmp 46365 447685 0 0 3 0x40014200 tmoslp softclock 46957 309387 0 0 3 0x40014200 idle0 1 185757 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 1: exclusive mutex &table->inpt_mtx r = 0 (0xffffffff8362e800) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 sysctl_file+0xa2d #4 kern_sysctl+0x320 sys/kern/kern_sysctl.c:500 #5 sys_sysctl+0x422 #6 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #6 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 Process 73467 (syz-executor) thread 0xffff8000ffff4cc8 (468792) exclusive rwlock netlock r = 0 (0xffffffff83407470) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 sysctl_file+0xa18 sys/kern/kern_sysctl.c:1675 #2 kern_sysctl+0x320 sys/kern/kern_sysctl.c:500 #3 sys_sysctl+0x422 #4 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #4 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #5 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff835eebc8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 sysctl_vslock+0x80 sys/kern/kern_sysctl.c:181 #2 kern_sysctl+0x1b3 sys/kern/kern_sysctl.c:498 #3 sys_sysctl+0x422 #4 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #4 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #5 Xsyscall+0x128 exclusive rwlock sysctllk r = 0 (0xffffffff834aafc0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 sysctl_vslock+0x45 sys/kern/kern_sysctl.c:176 #3 kern_sysctl+0x1b3 sys/kern/kern_sysctl.c:498 #4 sys_sysctl+0x422 #5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 exclusive mutex &table->inpt_mtx r = 0 (0xffffffff8362e800) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 sysctl_file+0xa2d #4 kern_sysctl+0x320 sys/kern/kern_sysctl.c:500 #5 sys_sysctl+0x422 #6 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #6 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 Process 73467 (syz-executor) thread 0xffff8000ffff47b8 (254234) exclusive rwlock vmmaplk r = 0 (0xfffffd804ab00630) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 vm_map_lock_ln+0x143 sys/uvm/uvm_map.c:5252 #3 uvm_map_protect+0xe1 sys/uvm/uvm_map.c:3059 #4 sys_mprotect+0x34c sys/uvm/uvm_mmap.c:585 #5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 Process 51734 (syz-executor) thread 0xffff800029fd8a28 (238628) exclusive rrwlock inode r = 0 (0xfffffd8075167b38) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vget+0x2bd sys/kern/vfs_subr.c:673 #6 ufs_ihashget+0x192 sys/ufs/ufs/ufs_ihash.c:98 #7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1201 #8 ufs_lookup+0x19f8 sys/ufs/ufs/ufs_lookup.c:478 #9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #10 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 #11 namei+0x7aa sys/kern/vfs_lookup.c:250 #12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1852 #13 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #13 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd80751676f8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1852 #8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 Process 75917 (syz-executor) thread 0xffff8000370114a0 (303292) exclusive rrwlock inode r = 0 (0xfffffd8075167a28) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:169 #5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1230 #6 ffs_inode_alloc+0x283 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 #8 VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 #9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3099 #10 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #10 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806a6d54d8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3084 #8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10216 11051K 11059K 166960K 12412 0 pcb 17 22K 26K 166960K 25 0 rtable 246 7K 7K 166960K 12182 0 pf 31 16K 16K 166960K 782 0 ifaddr 42 11K 11K 166960K 1530 0 ifgroup 50 2K 2K 166960K 1545 0 sysctl 4 1K 5K 166960K 8 0 counters 64 36K 36K 166960K 808 0 ioctlops 0 0K 2K 166960K 721 0 iov 0 0K 28K 166960K 868 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1456 92K 92K 166960K 9417 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 215 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 586 0 dirhash 24 4K 5K 166960K 255 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 23 85K 157K 166960K 14715 0 sigio 0 0K 0K 166960K 288 0 proc 49 66K 176K 166960K 11629 0 subproc 104 6K 12K 166960K 6396 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 2309 0 in_multi 99 7K 7K 166960K 4590 0 ether_multi 1 0K 0K 166960K 68 0 mrt 1 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 265 1182K 1182K 166960K 265 0 exec 0 0K 1K 166960K 7731 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 239 74K 132K 166960K 114949 0 UVM aobj 131 8K 8K 166960K 135 0 pinsyscall 40 80K 130K 166960K 26054 0 memdesc 1 4K 4K 166960K 1