uvm_fault(0xfffffd806a82f8b0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at socreate+0x84: cmpq $0,0(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND *234957 2316 0 0 0x4000000 0K syz-executor.3 socreate(18,ffff800022c89528,3,2b) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff80002c93e2b0,ffff800022c895b8,ffff800022c89610) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800022c89680) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800022c89680) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x593e0237c80, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd806a82f8b0, 0x0, 0, 1) -> e ddb{0}> trace socreate(18,ffff800022c89528,3,2b) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff80002c93e2b0,ffff800022c895b8,ffff800022c89610) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800022c89680) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800022c89680) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x593e0237c80, count: -4 ddb{0}> show registers rdi 0xffff8000246ad000 rsi 0x1c7a __ALIGN_SIZE+0xc7a rbp 0xffff800022c89510 rbx 0x18 rdx 0xffff8000246ad000 rcx 0x1c79 __ALIGN_SIZE+0xc79 rax 0 r8 0xffffffff811cfb80 uvm_map_inentry_pc r9 0x13 r10 0 r11 0xbbdf8d57415f4505 r12 0xffff800022c89528 r13 0xffffffff826760b0 inet6sw+0x270 r14 0x3 r15 0x2b rip 0xffffffff81b8f4e4 socreate+0x84 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800022c894b0 ss 0x10 socreate+0x84: cmpq $0,0(%rax) ddb{0}> show proc PROC (syz-executor.3) pid=234957 stat=onproc flags process=0 proc=4000000 pri=59, usrpri=59, nice=20 forw=0xffffffffffffffff, list=0xffff80002c93e7f0,0xffff80002c93e020 process=0xffff80002c924868 user=0xffff800022c84000, vmspace=0xfffffd806a82f8b0 estcpu=9, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 90105 416298 94330 0 2 0 syz-executor.1 90105 365369 94330 0 2 0x4000000 syz-executor.1 90105 348684 94330 0 3 0x4000080 ttyout syz-executor.1 90105 279629 94330 0 3 0x4000080 ttyout syz-executor.1 84157 438939 8718 0 2 0 syz-executor.5 84157 191728 8718 0 2 0x4000000 syz-executor.5 2316 171773 44213 0 2 0 syz-executor.3 * 2316 234957 44213 0 7 0x4000000 syz-executor.3 50680 404173 62554 0 2 0 syz-executor.4 50680 464563 62554 0 2 0x4000000 syz-executor.4 79575 68715 68928 0 2 0 syz-executor.0 11398 116245 95159 0 2 0 syz-executor.6 11398 270137 95159 0 2 0x4000000 syz-executor.6 95159 399047 32690 0 3 0x82 nanoslp syz-executor.6 5114 219484 32690 0 3 0x82 wait syz-executor.2 28190 234237 0 0 3 0x14200 acct acct 44213 163878 32690 0 3 0x82 nanoslp syz-executor.3 94330 147251 32690 0 3 0x82 nanoslp syz-executor.1 68928 342669 32690 0 3 0x82 nanoslp syz-executor.0 8718 113314 32690 0 3 0x82 nanoslp syz-executor.5 62554 287434 32690 0 3 0x82 nanoslp syz-executor.4 49270 367265 0 0 3 0x14280 nfsidl nfsio 91913 512574 0 0 3 0x14280 nfsidl nfsio 23832 174291 0 0 3 0x14280 nfsidl nfsio 45414 65683 0 0 3 0x14280 nfsidl nfsio 85664 459640 0 0 3 0x14280 nfsidl nfsio 87678 241490 0 0 3 0x14280 nfsidl nfsio 58385 62669 0 0 3 0x14280 nfsidl nfsio 45714 489397 0 0 3 0x14280 nfsidl nfsio 16608 285117 0 0 3 0x14280 nfsidl nfsio 86924 243453 0 0 3 0x14280 nfsidl nfsio 1049 259070 0 0 3 0x14280 nfsidl nfsio 13704 39130 0 0 3 0x14280 nfsidl nfsio 84968 229471 0 0 3 0x14280 nfsidl nfsio 66213 425436 0 0 3 0x14280 nfsidl nfsio 75313 164562 0 0 3 0x14280 nfsidl nfsio 64674 267918 0 0 3 0x14280 nfsidl nfsio 75706 192392 0 0 3 0x14280 nfsidl nfsio 49242 423715 0 0 3 0x14280 nfsidl nfsio 3477 153342 0 0 3 0x14280 nfsidl nfsio 8727 501119 0 0 3 0x14280 nfsidl nfsio 58197 274986 32690 0 3 0x82 piperd syz-executor.7 64986 201475 0 0 3 0x14200 bored sosplice 32690 397689 52025 0 3 0x82 thrsleep syz-fuzzer 32690 77774 52025 0 3 0x4000082 thrsleep syz-fuzzer 32690 141837 52025 0 3 0x4000082 thrsleep syz-fuzzer 32690 20980 52025 0 3 0x4000082 kqread syz-fuzzer 32690 509562 52025 0 3 0x4000082 thrsleep syz-fuzzer 32690 19177 52025 0 3 0x4000082 thrsleep syz-fuzzer 32690 83602 52025 0 3 0x4000082 thrsleep syz-fuzzer 32690 126902 52025 0 3 0x4000082 thrsleep syz-fuzzer 32690 155643 52025 0 3 0x4000082 thrsleep syz-fuzzer 52025 97556 48644 0 3 0x10008a sigsusp ksh 48644 229577 34380 0 3 0x9a kqread sshd 5459 370070 1 0 3 0x100083 ttyin getty 34380 111838 1 0 3 0x88 kqread sshd 53232 288722 9494 74 3 0x1100092 bpf pflogd 9494 273627 1 0 3 0x80 netio pflogd 37493 281597 45034 73 3 0x1100090 kqread syslogd 45034 407857 1 0 3 0x100082 netio syslogd 76416 360449 1 0 3 0x100080 kqread resolvd 89261 364513 17916 77 3 0x100092 kqread dhcpleased 2663 251497 17916 77 3 0x100092 kqread dhcpleased 17916 381227 1 0 3 0x80 kqread dhcpleased 80288 12938 0 0 3 0x14200 bored smr 74122 443155 0 0 2 0x14200 zerothread 13473 100274 0 0 3 0x14200 aiodoned aiodoned 60408 9138 0 0 3 0x14200 syncer update 50962 511201 0 0 3 0x14200 cleaner cleaner 22690 138766 0 0 3 0x14200 reaper reaper 96213 150740 0 0 3 0x14200 pgdaemon pagedaemon 42603 50068 0 0 3 0x14200 bored viomb 15780 10205 0 0 3 0x40014200 acpi0 acpi0 83878 167610 0 0 7 0x40014200 idle1 80777 421545 0 0 3 0x14200 bored softnet 11360 281146 0 0 3 0x14200 bored systqmp 88186 285914 0 0 3 0x14200 bored systq 11070 378242 0 0 3 0x40014200 bored softclock 66255 491077 0 0 3 0x40014200 idle0 1 411433 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 2316 (syz-executor.3) thread 0xffff80002c93e2b0 (234957) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b6e770) #0 witness_lock+0x44d #1 kpageflttrap+0x23d sys/arch/amd64/amd64/trap.c:274 #2 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #3 alltraps_kern_meltdown+0x7b #4 socreate+0x84 sys/kern/uipc_socket.c:172 #5 sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 #6 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10205 6507K 6814K 78643K 14139 0 pcb 13 20K 24K 78643K 2151 0 rtable 216 15K 17K 78643K 3151 0 ifaddr 90 21K 23K 78643K 3351 0 sysctl 2 0K 2K 78643K 5 0 counters 56 35K 36K 78643K 312 0 ioctlops 0 0K 4K 78643K 10873 0 iov 0 0K 36K 78643K 1332 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1307 82K 82K 78643K 4722 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 106 0 VM map 2 1K 1K 78643K 2 0 sem 12 3K 5K 78643K 20 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 85K 78643K 13589 0 sigio 0 0K 0K 78643K 534 0 proc 72 87K 111K 78643K 1591 0 subproc 104 6K 6K 78643K 428 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 2 0K 0K 78643K 10850 0 in_multi 85 5K 7K 78643K 607 0 ether_multi 1 0K 0K 78643K 84 0 mrt 1 0K 0K 78643K 25 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 175 784K 784K 78643K 175 0 exec 0 0K 2K 78643K 2376 0 pfkey data 0 0K 0K 78643K 3 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 538 890K 958K 78643K 170396 0 UVM aobj 131 8K 8K 78643K 147 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 625 0 NDP 13 0K 1K 78643K 211 0 temp 172 4777K 8827K 78643K 101383 0 kqueue 12 18K 28K 78643K 622 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1032 0 1029 19 18 1 4 0 8 0 rtentry 112 535 0 442 4 0 4 4 0 8 0 unpcb 136 10005 0 9990 107 106 1 12 0 8 0 syncache 296 136 0 136 21 21 0 1 0 8 0 tcpqe 32 26 0 26 10 10 0 1 0 8 0 tcpcb 736 12898 0 12892 297 295 2 19 0 8 1 arp 120 75 0 58 1 0 1 1 0 8 0 inpcb 304 20575 0 20566 247 240 7 16 0 8 6 rttmr 72 6 0 6 2 2 0 1 0 8 0 nd6 48 109 0 86 1 0 1 1 0 8 0 pkpcb 40 60 0 60 7 7 0 1 0 8 0 kcovpl 48 32 0 24 1 0 1 1 0 8 0 ppxss 1248 58 0 58 11 11 0 1 0 8 0 pfstscr 40 88 0 87 2 1 1 1 0 8 0 pffrag 232 24 0 24 8 8 0 1 0 482 0 pffrnode 88 24 0 24 8 8 0 1 0 8 0 pffrent 40 213 0 213 8 8 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 604 0 604 9 9 0 2 0 8 0 pftag 88 43 0 34 4 3 1 1 0 8 0 pfqueue 264 3 0 3 1 1 0 1 0 8 0 pfstitem 24 103 0 100 1 0 1 1 0 8 0 pfstkey 112 349 0 346 1 0 1 1 0 8 0 pfstate 320 220 0 217 2 1 1 2 0 8 0 pfsrctr 152 5 0 5 1 1 0 1 0 8 0 pfrule 1360 1858 0 1857 10 9 1 6 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2055 0 1658 42 17 25 30 0 8 0 art_table 32 2056 0 1658 4 0 4 4 0 8 0 art_node 16 467 0 387 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 0 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 10 0 0 1 0 1 1 0 8 0 shmpl 112 144 0 16 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 18741 0 17270 93 0 93 93 0 8 0 ffsino 272 18741 0 17270 99 0 99 99 0 8 0 nchpl 144 35530 0 33914 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 122611 0 122611 6 5 1 2 0 8 1 percpumem 16 168 0 128 1 0 1 1 0 8 0 vcpupl 2048 121 0 0 16 0 16 16 0 8 0 vmpool 560 132 0 11 10 1 9 9 0 8 0 pfiaddrpl 120 2377 0 2377 5 5 0 2 0 8 0 scsiplug 72 10 0 10 3 3 0 1 0 8 0 scxspl 216 105234 0 105234 26 25 1 8 0 8 1 plimitpl 152 928 0 913 1 0 1 1 0 8 0 sigapl 424 13875 0 13809 8 0 8 8 0 8 0 futexpl 64 141623 0 141623 3 2 1 1 0 8 1 knotepl 120 149 0 0 4 0 4 4 0 8 0 kqueuepl 216 2220 0 2212 53 52 1 7 0 8 0 pipepl 336 1635 0 1607 35 32 3 8 0 8 0 fdescpl 496 13832 0 13802 6 2 4 5 0 8 0 filepl 152 92519 0 92229 212 199 13 24 0 8 1 lockfpl 104 3215 0 3213 11 10 1 2 0 8 0 lockfspl 48 681 0 679 1 0 1 1 0 8 0 sessionpl 144 48 0 31 1 0 1 1 0 8 0 pgrppl 48 165 0 148 1 0 1 1 0 8 0 ucredpl 96 9805 0 9791 1 0 1 1 0 8 0 zombiepl 144 13810 0 13809 5 4 1 1 0 8 0 processpl 1064 13875 0 13809 5 0 5 5 0 8 0 procpl 672 36354 0 36273 23 15 8 9 0 8 0 srpgc 96 28 0 28 8 8 0 1 0 8 0 sosppl 168 76 0 76 15 15 0 1 0 8 0 sockpl 480 31677 0 31650 672 662 10 43 0 8 6 mcl64k 65536 20 0 0 3 0 3 3 0 8 0 mcl16k 16384 16 0 0 2 0 2 2 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 204 0 0 20 0 20 20 0 8 0 mtagpl 96 341 0 0 9 5 4 9 0 8 0 mbufpl 256 9179 0 0 542 10 532 532 0 8 0 bufpl 288 23685 0 17349 453 0 453 453 0 8 0 anonpl 24 3745200 0 3726283 240 111 129 193 0 186 0 amapchunkpl 152 466032 0 465145 2301 2263 38 2229 0 158 0 amappl16 200 31198 0 30542 88 53 35 40 0 8 0 amappl15 192 3463 0 3456 1 0 1 1 0 8 0 amappl14 184 2380 0 2378 1 0 1 1 0 8 0 amappl13 176 716 0 711 1 0 1 1 0 8 0 amappl12 168 97 0 94 1 0 1 1 0 8 0 amappl11 160 1496 0 1478 1 0 1 1 0 8 0 amappl10 152 2450 0 2445 1 0 1 1 0 8 0 amappl9 144 480 0 477 1 0 1 1 0 8 0 amappl8 136 5159 0 5033 7 2 5 5 0 8 0 amappl7 128 4066 0 4046 1 0 1 1 0 8 0 amappl6 120 301 0 278 2 1 1 2 0 8 0 amappl5 112 13994 0 13974 1 0 1 1 0 8 0 amappl4 104 5057 0 5020 2 0 2 2 0 8 0 amappl3 96 2640 0 2628 1 0 1 1 0 8 0 amappl2 88 1815 0 1761 3 1 2 3 0 8 0 amappl1 80 247641 0 247056 21 7 14 19 0 8 0 amappl 88 168956 0 168637 9 1 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 146 0 16 3 0 3 3 0 8 0 uaddrrnd 24 13964 0 13813 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 13964 0 13813 1 0 1 1 0 8 0 vmmpekpl 168 93681 0 93612 6 2 4 4 0 8 0 vmmpepl 168 1231801 0 1228722 296 149 147 158 0 357 6 vmsppl 368 13963 0 13813 16 2 14 14 0 8 0 rwobjpl 56 293423 0 285597 118 6 112 112 0 8 0 pdppl 4096 27935 0 27747 673 485 188 190 0 8 0 pvpl 32 6329119 0 6305690 481 273 208 329 0 265 0 pmappl 248 13963 0 13813 11 1 10 10 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 2320 0 857 44 1 43 43 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace socreate(18,ffff800022c89528,3,2b) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff80002c93e2b0,ffff800022c895b8,ffff800022c89610) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800022c89680) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800022c89680) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x593e0237c80, count: -4 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5