panic: kmmaplk rwlock 0xffffffff839a0308: enter read deadlock Starting stack trace... panic(ffffffff833c20a6) at panic+0x1ba sys/kern/subr_prf.c:229 rw_do_enter_read(ffffffff839a0308,0) at rw_do_enter_read+0x435 sys/kern/kern_rwlock.c:379 uvmfault_lookup(ffff80002a858b50,0) at uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880 uvm_fault_check(ffff80002a858b50,ffff80002a858b88,ffff80002a858bc0,0) at uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693 uvm_fault(ffffffff839a0220,ffff800029ef6000,0,2) at uvm_fault+0xe6 sys/uvm/uvm_fault.c:627 kpageflttrap(ffff80002a858cf0,ffff800029ef6000) at kpageflttrap+0x2d1 sys/arch/amd64/amd64/trap.c:-1 kerntrap(ffff80002a858cf0) at kerntrap+0x18a sys/arch/amd64/amd64/trap.c:528 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b kcov_remote_enter(0,ffff8000ffffa898) at kcov_remote_enter+0x122 sys/dev/kcov.c:670 timeout_run(ffffffff838e9aa0,ffff800035ce4b28) at timeout_run+0xdf sys/kern/kern_timeout.c:696 softclock_process_tick_timeout(ffff800035ce4b28,0) at softclock_process_tick_timeout+0x230 sys/kern/kern_timeout.c:756 softclock(0) at softclock+0x152 sys/kern/kern_timeout.c:788 softintr_dispatch(0) at softintr_dispatch+0xf9 sys/kern/kern_softintr.c:87 dosoftint(0) at dosoftint+0x48 sys/arch/amd64/amd64/intr.c:862 Xsoftclock() at Xsoftclock+0x27 pmap_tlb_shootrange(0,ffff800034cda000,ffff8000350da000,1) at pmap_tlb_shootrange+0xd6 invpcid sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:192 [inline] pmap_tlb_shootrange(0,ffff800034cda000,ffff8000350da000,1) at pmap_tlb_shootrange+0xd6 sys/arch/amd64/amd64/pmap.c:3364 pmap_do_remove(ffffffff83a31930,ffff800034cda000,ffff8000350da000,0) at pmap_do_remove+0x6d2 sys/arch/amd64/amd64/pmap.c:1931 uvm_unmap_kill_entry_withlock(ffffffff839a0220,fffffd8063ebc898,1) at uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1869 uvm_unmap_remove(ffffffff839a0220,ffff800034cda000,ffff8000350da000,ffff80002a859258,0,1,2b5d2a7330b5197b) at uvm_unmap_remove+0x6c2 sys/uvm/uvm_map.c:2008 uvm_unmap(ffffffff839a0220,ffff800034cda000,ffff8000350da000) at uvm_unmap+0xa7 vm_map_unlock_ln sys/uvm/uvm_map.c:-1 [inline] uvm_unmap(ffffffff839a0220,ffff800034cda000,ffff8000350da000) at uvm_unmap+0xa7 sys/uvm/uvm_map.c:1799 km_free(ffff800034cda000,400000,ffffffff83500038,ffffffff83500120) at km_free+0x87 sys/uvm/uvm_km.c:714 kd_free(ffff8000015d5dc0) at kd_free+0x84 sys/dev/kcov.c:564 kcovclose(2a1300,3,2000,ffff80002a7479f8) at kcovclose+0xe4 sys/dev/kcov.c:-1 spec_close(ffff80002a859430) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd80792182d8,3,fffffd8007ffd618,ffff80002a7479f8) at VOP_CLOSE+0x129 sys/kern/vfs_vops.c:156 vn_closefile(fffffd806cb3af00,ffff80002a7479f8) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806cb3af00,ffff80002a7479f8) at vn_closefile+0x11d sys/kern/vfs_vnops.c:621 fdrop(fffffd806cb3af00,ffff80002a7479f8) at fdrop+0x121 sys/kern/kern_descrip.c:1281 closef(fffffd806cb3af00,ffff80002a7479f8) at closef+0x190 sys/kern/kern_descrip.c:1265 fdfree(ffff80002a7479f8) at fdfree+0x115 sys/kern/kern_descrip.c:1196 exit1(ffff80002a7479f8,43,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80002a7479f8,ffff80002a859790,ffff80002a8596e0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a859790) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a859790) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7598cce411c0, count: 224 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 3 3 EXIT 0 9 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *270109 39399 0 0x2 0 0 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x7b78864eabe0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kmmaplk rwlock 0xffffffff839a0308: enter read deadlock ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7b78864eabe0, count: -1 ddb> show registers rdi 0 rsi 0 rbp 0xffff80002a7a5ce0 rbx 0 rdx 0 rcx 0 rax 0x31 r8 0xffff80002a7a5c10 r9 0xffff80002a7a58e8 r10 0x43609ed2a7ea99db r11 0xbdc1d05736f45c86 r12 0 r13 0 r14 0xffff80002a776010 r15 0 rip 0xffffffff810163ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a7a5c60 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb> show proc PROC (syz-executor) tid=270109 pid=39399 tcnt=1 stat=onproc flags process=2 proc=0 runpri=83, usrpri=83, slppri=24, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a777a00,0xffff80002a7762b8 process=0xffff80002a7acd90 user=0xffff80002a7a0000, vmspace=0xfffffd807ecda5c0 estcpu=33, cpticks=110, pctcpu=0.23, user=11, sys=97, intr=2 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 59045 317926 32047 0 2 0 syz-executor 78232 156032 35774 0 3 0x80 nanoslp syz-executor 78232 225157 35774 0 3 0x4000080 ttyout syz-executor 55996 455840 84778 0 2 0x1 syz-executor 55996 149064 84778 0 3 0x4000080 fsleep syz-executor 23193 323423 86750 0 2 0 syz-executor 23193 62338 86750 0 3 0x4000080 fsleep syz-executor 89829 502896 99572 0 2 0x1 syz-executor 89829 409826 99572 0 3 0x4000080 lockf syz-executor 89829 382006 99572 0 3 0x4000080 fsleep syz-executor 58335 273972 36515 0 2 0 syz-executor 58335 468144 36515 0 3 0x4000080 kqsel syz-executor 58335 356362 36515 0 2 0x4000000 syz-executor 58335 241442 36515 0 2 0x4000001 syz-executor 99572 490814 39399 0 3 0x82 nanoslp syz-executor 98111 197637 0 0 3 0x14200 acct acct 53210 109977 1 0 3 0x100083 ttyin getty 84778 209661 39399 0 3 0x82 nanoslp syz-executor 35774 344699 39399 0 3 0x82 nanoslp syz-executor 36515 151119 39399 0 3 0x82 nanoslp syz-executor 86750 388359 39399 0 3 0x82 nanoslp syz-executor 32047 59633 39399 0 3 0x82 nanoslp syz-executor *39399 270109 61797 0 7 0x2 syz-executor 61797 8581 98817 0 3 0x10008a sigsusp ksh 98817 34086 16482 0 3 0x98 kqread sshd-session 16482 147765 39662 0 3 0x92 kqread sshd-session 39662 78841 1 0 3 0x88 kqread sshd 30333 368220 61986 73 3 0x1100090 kqread syslogd 61986 286038 1 0 3 0x100082 sbwait syslogd 70018 121048 1 0 3 0x100080 kqread resolvd 47229 402495 12399 77 3 0x100092 kqread dhcpleased 61234 519023 12399 77 3 0x100092 kqread dhcpleased 12399 23318 1 0 3 0x80 kqread dhcpleased 68924 458809 0 0 3 0x14200 bored smr 22771 520142 0 0 2 0x14200 zerothread 51614 259097 0 0 3 0x14200 aiodoned aiodoned 64221 231887 0 0 3 0x14200 syncer update 55781 209079 0 0 3 0x14200 cleaner cleaner 95610 146198 0 0 3 0x14200 reaper reaper 19000 400779 0 0 3 0x14200 pgdaemon pagedaemon 39051 513959 0 0 3 0x14200 bored viomb 37454 183460 0 0 3 0x40014200 acpi0 acpi0 60682 48211 0 0 3 0x14200 bored softnet0 74043 368206 0 0 3 0x14200 bored systqmp 29086 48355 0 0 3 0x14200 bored systq 2586 327605 0 0 3 0x40014200 tmoslp softclock 54443 124016 0 0 3 0x40014200 idle0 1 175110 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11070 12122K 12729K 166960K 14112 0 pcb 18 16K 20K 166960K 626 0 rtable 239 9K 11K 166960K 750 0 pf 34 14K 22K 166960K 288 0 ifaddr 36 6K 8K 166960K 114 0 ifgroup 43 1K 2K 166960K 194 0 sysctl 4 1K 9K 166960K 14 0 counters 32 17K 18K 166960K 98 0 ioctlops 0 0K 4K 166960K 347 0 iov 0 0K 16K 166960K 173 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1416 89K 89K 166960K 2841 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 20K 20K 166960K 23 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 133 0 dirhash 12 2K 2K 166960K 39 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 236K 166960K 1512 0 sigio 0 0K 0K 166960K 22 0 proc 60 59K 83K 166960K 740 0 subproc 66 4K 4K 166960K 110 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 163 0 in_multi 77 5K 7K 166960K 205 0 ether_multi 1 0K 0K 166960K 15 0 mrt 1 0K 0K 166960K 34 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 265 1182K 1182K 166960K 265 0 exec 0 0K 1K 166960K 599 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 210 144K 165K 166960K 15037 0 UVM aobj 37 2K 2K 166960K 37 0 pinsyscall 37 74K 93K 166960K 2715 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 1 0K 0K 166960K 47 0 NDP 12 0K 2K 166960K 78 0 temp 76 9078K 9204K 166960K 73269 0 kqueue 14 22K 28K 166960K 275 0 SYN cache 2 16K 24K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 256 0 253 3 2 1 3 0 8 0 rtentry 136 221 0 124 5 0 5 5 0 8 0 unpcb 144 1170 0 1155 12 6 6 6 0 8 5 syncache 336 12 0 12 3 2 1 1 0 8 1 tcpqe 32 2 0 2 2 1 1 1 0 8 1 tcpcb 736 449 0 442 9 5 4 6 0 8 2 arp 96 31 0 13 1 0 1 1 0 8 0 inpcb 328 1814 0 1800 21 11 10 12 0 8 8 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 112 40 0 22 1 0 1 1 0 8 0 pkpcb 40 16 0 16 2 1 1 1 0 8 1 kcovpl 48 12 0 5 1 0 1 1 0 8 0 mppekey 1024 5 0 5 3 2 1 1 0 8 1 ppxss 1072 43 0 43 3 2 1 1 0 8 1 pppxif 1416 10 0 10 3 2 1 1 0 8 1 pfstscr 40 18 0 16 1 0 1 1 0 8 0 pffrag 232 17 0 5 1 0 1 1 0 482 0 pffrnode 88 15 0 3 1 0 1 1 0 8 0 pffrent 40 96 0 82 1 0 1 1 0 8 0 pfosfp 40 2 0 0 1 0 1 1 0 8 0 pfosfpen 112 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 7 0 7 1 1 0 1 0 8 0 pfsrclim 320 1 0 1 1 1 0 1 0 8 0 pfanchor 1288 8 0 3 1 0 1 1 0 8 0 pftag 88 4 0 0 1 0 1 1 0 8 0 pfstitem 24 3 0 0 1 0 1 1 0 8 0 pfstkey 128 22 0 19 1 0 1 1 0 8 0 pfstate 384 12 0 10 1 0 1 1 0 8 0 pfrule 1360 47 0 46 3 2 1 1 0 8 0 rttmr 136 3 0 3 2 1 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 809 0 396 34 4 30 31 0 8 4 art_table 40 812 0 396 5 0 5 5 0 8 0 art_node 32 220 0 133 2 1 1 2 0 8 0 sysvmsgpl 40 18 0 6 1 0 1 1 0 8 0 semapl 112 131 0 121 1 0 1 1 0 8 0 shmpl 112 34 0 0 1 0 1 1 0 8 0 dirhash 1024 35 0 18 3 0 3 3 0 8 0 dino2pl 256 4198 0 2741 92 0 92 92 0 8 0 ffsino 256 4198 0 2741 92 0 92 92 0 8 0 nchpl 144 6240 0 4537 64 0 64 64 0 8 0 rtmask 32 8 0 8 2 1 1 1 0 8 1 vnodes 216 5122 0 0 285 0 285 285 0 8 0 namei 1024 23035 0 23035 4 3 1 2 0 8 1 pfiaddrpl 120 2 0 2 1 1 0 1 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 kstatmem 264 109 0 88 2 0 2 2 0 8 0 scsiplug 72 10 0 10 2 1 1 1 0 8 1 scxspl 216 25206 0 25206 10 8 2 8 1 8 2 plimitpl 152 455 0 438 1 0 1 1 0 8 0 sigapl 424 1798 0 1756 8 2 6 8 0 8 0 knotepl 120 377489 0 377407 38 28 10 16 0 8 6 kqueuepl 184 594 0 582 5 4 1 4 0 8 0 pipepl 304 257 0 230 5 2 3 5 0 8 0 fdescpl 448 1763 0 1735 5 1 4 5 0 8 0 filepl 120 12834 0 12624 23 9 14 14 0 8 4 lockfpl 104 762 0 758 2 1 1 2 0 8 0 lockfspl 48 290 0 287 1 0 1 1 0 8 0 sessionpl 144 168 0 160 1 0 1 1 0 8 0 pgrppl 48 291 0 275 1 0 1 1 0 8 0 ucredpl 104 2619 0 2607 1 0 1 1 0 8 0 zombiepl 144 2099 0 2097 2 1 1 1 0 8 0 processpl 1152 1798 0 1756 5 0 5 5 0 8 0 procpl 664 3854 0 3804 8 2 6 7 0 8 0 sosppl 176 5 0 5 2 1 1 1 0 8 1 sockpl 552 3469 0 3437 37 25 12 17 0 8 8 mcl64k 65536 288 0 287 1 0 1 1 0 8 0 mcl16k 16384 11 0 11 2 1 1 1 0 8 1 mcl12k 12288 4 0 4 2 1 1 1 0 8 1 mcl9k128 9344 3 0 3 2 2 0 1 0 8 0 mcl8k 8192 27 0 27 3 2 1 1 0 8 1 mcl4k 4096 4482 0 4424 16 7 9 14 0 8 1 mcl2k2 2112 5 0 5 3 2 1 1 0 8 1 mcl2k 2048 1522 0 1517 7 5 2 5 0 8 1 mtagpl 96 43 0 22 1 0 1 1 0 8 0 mbufpl 256 23189 0 23001 294 277 17 284 0 8 2 bufpl 280 8304 0 2089 445 0 445 445 0 8 0 anonpl 24 282679 0 275079 115 17 98 98 0 187 32 amapchunkpl 152 52420 0 51918 56 12 44 44 0 158 17 amappl16 200 4853 0 4646 52 28 24 33 0 8 8 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 453 0 450 1 0 1 1 0 8 0 amappl13 176 134 0 124 1 0 1 1 0 8 0 amappl12 168 2022 0 1995 2 0 2 2 0 8 0 amappl11 160 10 0 9 1 0 1 1 0 8 0 amappl10 152 127 0 116 1 0 1 1 0 8 0 amappl9 144 268 0 268 1 1 0 1 0 8 0 amappl8 136 119 0 117 1 0 1 1 0 8 0 amappl7 128 158 0 147 1 0 1 1 0 8 0 amappl6 120 200 0 198 1 0 1 1 0 8 0 amappl5 112 101 0 92 1 0 1 1 0 8 0 amappl4 104 302 0 285 1 0 1 1 0 8 0 amappl3 96 10223 0 10130 5 1 4 4 0 8 0 amappl2 88 614 0 557 2 0 2 2 0 8 0 amappl1 80 17095 0 16551 19 4 15 15 0 8 2 amappl 88 13981 0 13832 5 0 5 5 0 92 0 uvmvnodes 80 149 0 0 4 0 4 4 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 258 0 258 3 2 1 1 0 8 1 dma64 64 8 0 8 2 2 0 1 0 8 0 dma32 32 8 0 8 2 1 1 1 0 8 1 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 36 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1763 0 1735 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1763 0 1735 1 0 1 1 0 8 0 vmmpekpl 168 15484 0 15435 3 0 3 3 0 8 0 vmmpepl 168 119216 0 117308 130 19 111 111 0 357 15 vmsppl 368 1762 0 1735 4 1 3 4 0 8 0 rwobjpl 40 32471 0 31277 17 0 17 17 0 8 0 pdppl 4096 3532 0 3470 124 56 68 78 0 8 6 pvpl 32 812694 0 799520 241 55 186 186 0 265 54 pmappl 216 1762 0 1735 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 706 0 371 18 7 11 18 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7b78864eabe0, count: -1 ddb> machine ddbcpu 1 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7b78864eabe0, count: -1