uvm_fault(0xfffffd8067eee308, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at socreate+0x84: cmpq $0,0(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND *209784 35725 0 0 0x4000000 0K syz-executor.3 socreate(18,ffff800022e8ebd8,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff80002af4c000,ffff800022e8ec68,ffff800022e8ecc0) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800022e8ed30) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800022e8ed30) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb8e9e57d5b0, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd8067eee308, 0x0, 0, 1) -> e ddb{0}> trace socreate(18,ffff800022e8ebd8,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff80002af4c000,ffff800022e8ec68,ffff800022e8ecc0) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800022e8ed30) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800022e8ed30) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb8e9e57d5b0, count: -4 ddb{0}> show registers rdi 0xffff8000270d7000 rsi 0x528 rbp 0xffff800022e8ebc0 rbx 0x18 rdx 0xffff8000270d7000 rcx 0x527 rax 0 r8 0xffffffff811cfb80 uvm_map_inentry_pc r9 0x16 r10 0 r11 0xd73375b6e15276e6 r12 0xffff800022e8ebd8 r13 0xffffffff82675e40 inet6sw r14 0 r15 0x29 rip 0xffffffff81b8f4e4 socreate+0x84 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800022e8eb60 ss 0x10 socreate+0x84: cmpq $0,0(%rax) ddb{0}> show proc PROC (syz-executor.3) pid=209784 stat=onproc flags process=0 proc=4000000 pri=81, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff800021142a88,0xffff80002af4dcf0 process=0xffff80002af45d30 user=0xffff800022e89000, vmspace=0xfffffd8067eee308 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 95813 168906 83687 0 2 0 syz-executor.0 71253 31662 24325 0 2 0 syz-executor.6 63393 103939 4322 0 2 0 syz-executor.5 70633 219152 91754 0 3 0x80 fsleep syz-executor.7 70633 286985 91754 0 2 0x4000000 syz-executor.7 35725 362341 53054 0 3 0x80 fsleep syz-executor.3 *35725 209784 53054 0 7 0x4000000 syz-executor.3 47095 149595 75824 0 3 0x80 fsleep syz-executor.1 47095 450043 75824 0 3 0x4000080 nanoslp syz-executor.1 53054 206966 34742 0 2 0x482 syz-executor.3 24325 112590 34742 0 2 0x482 syz-executor.6 53904 450107 34742 0 2 0x2 syz-executor.2 75824 397054 34742 0 3 0x82 nanoslp syz-executor.1 8865 230364 0 0 3 0x14280 nfsidl nfsio 90784 454986 0 0 3 0x14280 nfsidl nfsio 2450 209932 0 0 3 0x14280 nfsidl nfsio 79991 195586 0 0 3 0x14280 nfsidl nfsio 16798 292726 0 0 3 0x14280 nfsidl nfsio 55423 450019 0 0 3 0x14280 nfsidl nfsio 137 29793 0 0 3 0x14280 nfsidl nfsio 55723 413592 0 0 3 0x14280 nfsidl nfsio 51833 34870 0 0 3 0x14280 nfsidl nfsio 41255 426170 0 0 3 0x14280 nfsidl nfsio 35327 487773 0 0 3 0x14280 nfsidl nfsio 42027 125529 0 0 3 0x14280 nfsidl nfsio 92988 449957 0 0 3 0x14280 nfsidl nfsio 357 132368 0 0 3 0x14280 nfsidl nfsio 98277 438704 0 0 3 0x14280 nfsidl nfsio 86360 175599 0 0 3 0x14280 nfsidl nfsio 43418 174332 0 0 3 0x14280 nfsidl nfsio 80333 154361 0 0 3 0x14280 nfsidl nfsio 63244 417052 0 0 3 0x14280 nfsidl nfsio 13877 390463 0 0 3 0x14280 nfsidl nfsio 83687 132571 34742 0 3 0x82 nanoslp syz-executor.0 4322 228670 34742 0 2 0x482 syz-executor.5 4818 130315 0 0 3 0x14200 bored sosplice 91754 313161 34742 0 2 0x482 syz-executor.7 66896 474788 34742 0 2 0x2 syz-executor.4 34742 132762 64060 0 3 0x82 thrsleep syz-fuzzer 34742 103604 64060 0 3 0x4000082 nanoslp syz-fuzzer 34742 124389 64060 0 3 0x4000082 kqread syz-fuzzer 34742 399456 64060 0 3 0x4000082 nanoslp syz-fuzzer 34742 267557 64060 0 3 0x4000082 thrsleep syz-fuzzer 34742 161735 64060 0 3 0x4000082 thrsleep syz-fuzzer 34742 409517 64060 0 3 0x4000082 thrsleep syz-fuzzer 34742 282701 64060 0 3 0x4000082 thrsleep syz-fuzzer 34742 10730 64060 0 3 0x4000082 thrsleep syz-fuzzer 64060 337175 99736 0 3 0x10008a sigsusp ksh 99736 480377 85677 0 3 0x9a kqread sshd 30444 46241 1 0 3 0x100083 ttyin getty 85677 205019 1 0 3 0x88 kqread sshd 66914 227758 57417 74 3 0x1100092 bpf pflogd 57417 174898 1 0 3 0x80 netio pflogd 56814 47840 98377 73 3 0x1100090 kqread syslogd 98377 466788 1 0 3 0x100082 netio syslogd 52990 161779 1 0 3 0x100080 kqread resolvd 11497 381716 53347 77 3 0x100092 kqread dhcpleased 19006 111431 53347 77 3 0x100092 kqread dhcpleased 53347 233607 1 0 3 0x80 kqread dhcpleased 38201 180073 0 0 3 0x14200 bored smr 80767 359411 0 0 2 0x14200 zerothread 76585 126209 0 0 3 0x14200 aiodoned aiodoned 34052 74484 0 0 3 0x14200 syncer update 20305 163271 0 0 3 0x14200 cleaner cleaner 68415 298477 0 0 3 0x14200 reaper reaper 43052 245790 0 0 3 0x14200 pgdaemon pagedaemon 95022 133786 0 0 3 0x14200 bored viomb 80770 433238 0 0 3 0x40014200 acpi0 acpi0 91101 470114 0 0 7 0x40014200 idle1 84833 458977 0 0 3 0x14200 bored softnet 10948 100811 0 0 3 0x14200 bored systqmp 32070 450483 0 0 3 0x14200 bored systq 36728 463265 0 0 3 0x40014200 bored softclock 42972 187434 0 0 3 0x40014200 idle0 1 21768 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 35725 (syz-executor.3) thread 0xffff80002af4c000 (209784) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b6e770) #0 witness_lock+0x44d #1 kpageflttrap+0x23d sys/arch/amd64/amd64/trap.c:274 #2 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #3 alltraps_kern_meltdown+0x7b #4 socreate+0x84 sys/kern/uipc_socket.c:172 #5 sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 #6 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 Process 66896 (syz-executor.4) thread 0xffff8000ffff37a8 (474788) exclusive rrwlock inode r = 0 (0xfffffd806edac4d8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347 #6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394 #7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162 #8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404 #9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101 #10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd80680ece70) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413 #6 namei+0x36a sys/kern/vfs_lookup.c:245 #7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3086 #8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10231 6680K 7325K 78643K 25798 0 pcb 13 16K 18K 78643K 757 0 rtable 209 10K 11K 78643K 1058 0 ifaddr 99 21K 22K 78643K 419 0 sysctl 3 1K 1K 78643K 3 0 counters 56 35K 35K 78643K 160 0 ioctlops 0 0K 4K 78643K 2157 0 iov 0 0K 28K 78643K 364 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1538 96K 96K 78643K 4736 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 37 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 367 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 85K 78643K 3893 0 sigio 0 0K 0K 78643K 25 0 proc 70 87K 124K 78643K 1063 0 subproc 104 6K 8K 78643K 334 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1035 0 in_multi 77 5K 6K 78643K 766 0 ether_multi 1 0K 0K 78643K 179 0 mrt 0 0K 0K 78643K 19 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 253 1129K 1129K 78643K 253 0 exec 0 0K 2K 78643K 1518 0 pfkey data 0 0K 0K 78643K 4 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 378 251K 255K 78643K 50546 0 UVM aobj 131 8K 8K 78643K 136 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 229 0 NDP 14 0K 2K 78643K 123 0 temp 150 4727K 4791K 78643K 32392 0 kqueue 12 18K 24K 78643K 256 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 158 0 155 3 2 1 3 0 8 0 rtentry 112 346 0 263 4 1 3 4 0 8 0 unpcb 136 2069 0 2054 22 21 1 6 0 8 0 syncache 296 16 0 16 4 4 0 1 0 8 0 tcpqe 32 35 0 35 2 2 0 1 0 8 0 tcpcb 736 1790 0 1781 50 46 4 12 0 8 3 arp 120 58 0 43 1 0 1 1 0 8 0 inpcb 304 4201 0 4194 57 53 4 11 0 8 3 rttmr 72 8 0 8 3 3 0 1 0 8 0 nd6 48 82 0 64 1 0 1 1 0 8 0 pkpcb 40 27 0 27 5 5 0 1 0 8 0 kcovpl 48 23 0 15 1 0 1 1 0 8 0 ppxss 1248 20 0 20 5 5 0 1 0 8 0 pfstscr 40 10 0 10 2 2 0 1 0 8 0 pffrag 232 12 0 12 3 3 0 1 0 482 0 pffrnode 88 12 0 12 3 3 0 1 0 8 0 pffrent 40 66 0 66 3 3 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 28 0 20 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 53 0 51 1 0 1 1 0 8 0 pfstkey 112 67 0 65 1 0 1 1 0 8 0 pfstate 320 59 0 57 3 2 1 3 0 8 0 pfrule 1360 211 0 171 4 0 4 4 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1328 0 959 38 12 26 29 0 8 0 art_table 32 1329 0 959 4 0 4 4 0 8 0 art_node 16 345 0 274 1 0 1 1 0 8 0 sysvmsgpl 40 38 0 36 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 362 0 352 1 0 1 1 0 8 0 shmpl 112 133 0 5 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 6134 0 4690 91 0 91 91 0 8 0 ffsino 272 6134 0 4690 97 0 97 97 0 8 0 nchpl 144 11079 0 9431 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 47344 0 47343 2 1 1 2 0 8 0 percpumem 16 92 0 52 1 0 1 1 0 8 0 vcpupl 2048 13 0 0 2 0 2 2 0 8 0 vmpool 560 29 0 16 2 0 2 2 0 8 1 pfiaddrpl 120 19 0 6 1 0 1 1 0 8 0 scsiplug 72 3 0 3 2 2 0 1 0 8 0 scxspl 216 32055 0 32055 13 12 1 8 0 8 1 plimitpl 152 500 0 485 1 0 1 1 0 8 0 sigapl 424 4187 0 4123 8 0 8 8 0 8 0 futexpl 64 33889 0 33886 2 1 1 1 0 8 0 knotepl 120 143 0 0 4 0 4 4 0 8 0 kqueuepl 216 607 0 599 11 10 1 5 0 8 0 pipepl 336 1208 0 1180 31 28 3 13 0 8 0 fdescpl 496 4150 0 4121 5 1 4 5 0 8 0 filepl 152 27481 0 27242 72 61 11 21 0 8 1 lockfpl 104 1205 0 1203 3 2 1 2 0 8 0 lockfspl 48 356 0 354 1 0 1 1 0 8 0 sessionpl 144 39 0 22 1 0 1 1 0 8 0 pgrppl 48 49 0 32 1 0 1 1 0 8 0 ucredpl 96 2725 0 2713 1 0 1 1 0 8 0 zombiepl 144 4123 0 4123 1 0 1 1 0 8 1 processpl 1064 4187 0 4123 5 0 5 5 0 8 0 procpl 672 11676 0 11601 17 9 8 9 0 8 0 srpgc 96 20 0 20 5 5 0 1 0 8 0 sosppl 168 11 0 11 3 3 0 1 0 8 0 sockpl 480 6462 0 6437 124 116 8 28 0 8 4 mcl64k 65536 9 0 0 2 0 2 2 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 9 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 7 0 0 1 0 1 1 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 167 0 0 19 0 19 19 0 8 0 mtagpl 96 481 0 0 11 0 11 11 0 8 0 mbufpl 256 4731 0 0 287 0 287 287 0 8 0 bufpl 288 9181 0 2845 453 0 453 453 0 8 0 anonpl 24 1155190 0 1136745 185 55 130 149 0 186 0 amapchunkpl 152 121831 0 121013 64 28 36 50 0 158 0 amappl16 200 11808 0 11176 97 63 34 46 0 8 0 amappl15 192 455 0 448 1 0 1 1 0 8 0 amappl14 184 472 0 465 1 0 1 1 0 8 0 amappl13 176 770 0 766 1 0 1 1 0 8 0 amappl12 168 669 0 664 1 0 1 1 0 8 0 amappl11 160 749 0 734 1 0 1 1 0 8 0 amappl10 152 153 0 147 1 0 1 1 0 8 0 amappl9 144 942 0 937 1 0 1 1 0 8 0 amappl8 136 1297 0 1210 4 0 4 4 0 8 0 amappl7 128 519 0 504 1 0 1 1 0 8 0 amappl6 120 719 0 693 2 1 1 2 0 8 0 amappl5 112 3042 0 3024 1 0 1 1 0 8 0 amappl4 104 1943 0 1915 2 1 1 2 0 8 0 amappl3 96 1501 0 1484 1 0 1 1 0 8 0 amappl2 88 1992 0 1941 3 0 3 3 0 8 0 amappl1 80 77949 0 77385 19 5 14 19 0 8 0 amappl 88 49770 0 49513 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 135 0 5 3 0 3 3 0 8 0 uaddrrnd 24 4179 0 4137 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4179 0 4137 1 0 1 1 0 8 0 vmmpekpl 168 35606 0 35527 4 0 4 4 0 8 0 vmmpepl 168 386603 0 384022 204 80 124 148 0 357 0 vmsppl 368 4178 0 4137 6 1 5 5 0 8 0 rwobjpl 56 99737 0 92044 119 9 110 113 0 8 0 pdppl 4096 8365 0 8287 348 264 84 84 0 8 6 pvpl 32 2004477 0 1981613 324 115 209 263 0 265 0 pmappl 248 4178 0 4137 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1442 0 354 32 0 32 32 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace socreate(18,ffff800022e8ebd8,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff80002af4c000,ffff800022e8ec68,ffff800022e8ecc0) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800022e8ed30) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800022e8ed30) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb8e9e57d5b0, count: -4 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5