uvm_fault(0xfffffd8072943d00, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at socreate+0x84: cmpq $0,0(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND 126006 35380 32767 0x10 0 0 syz-executor.3 *355931 17417 32767 0x10 0x4000000 1K syz-executor.1 socreate(18,ffff800024892428,3,2c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000ffff6010,ffff8000248924b8,ffff800024892510) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800024892580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800024892580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x588779de590, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd8072943d00, 0x0, 0, 1) -> e ddb{1}> trace socreate(18,ffff800024892428,3,2c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000ffff6010,ffff8000248924b8,ffff800024892510) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800024892580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800024892580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x588779de590, count: -4 ddb{1}> show registers rdi 0xffff800022c4f000 rsi 0x2c rbp 0xffff800024892410 rbx 0x18 rdx 0xffff800022c4f000 rcx 0x2b rax 0 r8 0xffffffff81e690f0 uvm_map_inentry_pc r9 0x13 r10 0 r11 0xd4f43758dae251f1 r12 0xffff800024892428 r13 0xffffffff8288cf78 inet6sw+0x2d8 r14 0x3 r15 0x2c rip 0xffffffff81e82144 socreate+0x84 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff8000248923b0 ss 0x10 socreate+0x84: cmpq $0,0(%rax) ddb{1}> show proc PROC (syz-executor.1) pid=355931 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff67f0,0xffff8000ffff4d30 process=0xffff8000fffe8870 user=0xffff80002488d000, vmspace=0xfffffd8072943d00 estcpu=33, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 19065 478917 48835 32767 2 0x10 syz-executor.4 66212 127838 82560 32767 2 0x10 syz-executor.6 66212 494359 82560 32767 2 0x4000010 syz-executor.6 34454 355312 37103 32767 2 0x10 syz-executor.7 34454 11954 37103 32767 3 0x4000090 fsleep syz-executor.7 73523 124138 97741 32767 2 0x10 syz-executor.2 35185 108983 76159 32767 2 0x10 syz-executor.5 35185 76194 76159 32767 2 0x4000010 syz-executor.5 35380 126006 61466 32767 7 0x10 syz-executor.3 17417 373331 33646 32767 2 0x10 syz-executor.1 *17417 355931 33646 32767 7 0x4000010 syz-executor.1 4731 501500 24180 0 3 0x82 wait syz-executor.0 76159 148662 59972 32767 3 0x90 nanoslp syz-executor.5 59972 140597 24180 0 3 0x82 wait syz-executor.5 61466 282156 98468 32767 3 0x90 nanoslp syz-executor.3 98468 158389 24180 0 3 0x82 wait syz-executor.3 48835 322737 42049 32767 3 0x90 nanoslp syz-executor.4 42049 335195 24180 0 3 0x82 wait syz-executor.4 82560 57110 5418 32767 3 0x90 nanoslp syz-executor.6 5418 257972 24180 0 3 0x82 wait syz-executor.6 97741 433051 50842 32767 3 0x90 nanoslp syz-executor.2 50842 120806 24180 0 3 0x82 wait syz-executor.2 3404 89803 0 0 3 0x14200 bored sosplice 37103 140248 82307 32767 3 0x90 nanoslp syz-executor.7 82307 406070 24180 0 3 0x82 wait syz-executor.7 33646 393447 63665 32767 2 0x10 syz-executor.1 63665 402905 24180 0 3 0x82 wait syz-executor.1 24180 483572 89411 0 3 0x82 thrsleep syz-fuzzer 24180 351984 89411 0 3 0x4000082 thrsleep syz-fuzzer 24180 152146 89411 0 3 0x4000082 thrsleep syz-fuzzer 24180 256972 89411 0 3 0x4000082 kqread syz-fuzzer 24180 401062 89411 0 3 0x4000082 thrsleep syz-fuzzer 24180 98642 89411 0 3 0x4000082 thrsleep syz-fuzzer 24180 105559 89411 0 2 0x4000002 syz-fuzzer 24180 281731 89411 0 3 0x4000082 thrsleep syz-fuzzer 24180 108746 89411 0 3 0x4000082 thrsleep syz-fuzzer 89411 366957 93633 0 3 0x10008a sigsusp ksh 93633 309707 71094 0 3 0x9a kqread sshd 76774 261606 1 0 3 0x100083 ttyin getty 71094 101071 1 0 3 0x88 kqread sshd 27473 519000 82574 73 3 0x1100090 kqread syslogd 82574 260723 1 0 3 0x100082 netio syslogd 60227 173817 1 0 3 0x100080 kqread resolvd 78536 435207 85217 77 3 0x100092 kqread dhcpleased 53961 178555 85217 77 3 0x100092 kqread dhcpleased 85217 254846 1 0 3 0x80 kqread dhcpleased 54127 169307 0 0 3 0x14200 bored smr 63253 18150 0 0 2 0x14200 zerothread 46608 459279 0 0 3 0x14200 aiodoned aiodoned 57567 189070 0 0 3 0x14200 syncer update 57198 387492 0 0 3 0x14200 cleaner cleaner 27601 507732 0 0 3 0x14200 reaper reaper 76479 4984 0 0 3 0x14200 pgdaemon pagedaemon 82779 87905 0 0 3 0x14200 bored viomb 26093 359259 0 0 3 0x40014200 acpi0 acpi0 80717 2504 0 0 3 0x40014200 idle1 51312 219489 0 0 3 0x14200 bored softnet 99486 458233 0 0 3 0x14200 bored systqmp 72816 465029 0 0 3 0x14200 bored systq 70077 165365 0 0 3 0x40014200 bored softclock 17394 429736 0 0 3 0x40014200 idle0 1 370859 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 35380 (syz-executor.3) thread 0xffff8000fffec7f0 (126006) exclusive rwlock amaplk r = 0 (0xfffffd807131be50) #0 witness_lock+0x44d #1 uvm_fault_check+0x3ca sys/uvm/uvm_fault.c:774 #2 uvm_fault+0x102 sys/uvm/uvm_fault.c:602 #3 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 #4 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 #5 recall_trap+0x8 shared rwlock vmmaplk r = 0 (0xfffffd8072943ba8) #0 witness_lock+0x44d #1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1758 #2 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:674 #3 uvm_fault+0x102 sys/uvm/uvm_fault.c:602 #4 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 #5 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 #6 recall_trap+0x8 Process 17417 (syz-executor.1) thread 0xffff8000ffff6010 (355931) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82abcc60) #0 witness_lock+0x44d #1 kpageflttrap+0x23d sys/arch/amd64/amd64/trap.c:274 #2 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #3 alltraps_kern_meltdown+0x7b #4 socreate+0x84 sys/kern/uipc_socket.c:172 #5 sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 #6 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10213 6412K 6419K 78643K 11338 0 pcb 13 12K 14K 78643K 17 0 rtable 262 7K 8K 78643K 1854 0 ifaddr 81 17K 17K 78643K 160 0 sysctl 2 0K 0K 78643K 2 0 counters 56 35K 35K 78643K 78 0 ioctlops 0 0K 2K 78643K 172 0 iov 0 0K 24K 78643K 8852 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1271 79K 79K 78643K 4199 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 159 0 VM map 2 1K 1K 78643K 2 0 sem 12 1K 1K 78643K 4050 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 25 93K 117K 78643K 15469 0 sigio 0 0K 0K 78643K 347 0 proc 56 74K 99K 78643K 1739 0 subproc 104 6K 6K 78643K 247 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 882 0 in_multi 99 6K 6K 78643K 400 0 ether_multi 1 0K 0K 78643K 58 0 mrt 4 0K 0K 78643K 7 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 295 1314K 1314K 78643K 295 0 exec 0 0K 2K 78643K 3277 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 430 92K 109K 78643K 202070 0 UVM aobj 131 4K 4K 78643K 155 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 434 0 NDP 13 0K 2K 78643K 60 0 temp 125 4703K 4831K 78643K 39694 0 kqueue 12 18K 26K 78643K 1192 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1842 0 1839 26 25 1 5 0 8 0 rtentry 112 269 0 147 4 0 4 4 0 8 0 unpcb 136 44113 0 44098 163 154 9 12 0 8 8 syncache 296 165 0 165 24 23 1 1 0 8 1 tcpqe 32 48 0 48 16 16 0 1 0 8 0 tcpcb 736 6007 0 6003 159 152 7 19 0 8 6 arp 120 41 0 23 1 0 1 1 0 8 0 ipq 40 23 0 23 8 8 0 1 0 8 0 ipqe 40 152 0 152 8 8 0 1 0 8 0 inpcb 304 12708 0 12701 148 144 4 12 0 8 3 rttmr 72 80 0 78 1 0 1 1 0 8 0 ip6q 72 25 0 23 5 4 1 1 0 8 0 ip6af 40 44 0 43 5 4 1 1 0 8 0 nd6 48 89 0 55 1 0 1 1 0 8 0 kcovpl 48 19 0 11 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1163 0 597 41 3 38 39 0 8 1 art_table 32 1164 0 597 5 0 5 5 0 8 0 art_node 16 268 0 156 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 4046 0 4036 1 0 1 1 0 8 0 shmpl 112 152 0 24 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 22067 0 20608 92 0 92 92 0 8 0 ffsino 272 22067 0 20608 98 0 98 98 0 8 0 nchpl 144 42891 0 41258 62 0 62 62 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 144451 0 144451 8 7 1 2 0 8 1 percpumem 16 51 0 11 1 0 1 1 0 8 0 scxspl 216 134296 0 134296 53 49 4 8 0 8 4 plimitpl 152 3473 0 3451 10 9 1 2 0 8 0 sigapl 424 15721 0 15670 7 1 6 7 0 8 0 futexpl 64 137684 0 137683 6 5 1 1 0 8 0 knotepl 120 973 0 0 18 2 16 18 0 8 0 kqueuepl 216 4934 0 4926 79 78 1 8 0 8 0 pipepl 336 3097 0 3069 64 61 3 9 0 8 0 fdescpl 496 15706 0 15670 7 2 5 6 0 8 0 filepl 152 132310 0 132075 242 224 18 28 0 8 8 lockfpl 104 2526 0 2524 3 2 1 2 0 8 0 lockfspl 48 627 0 625 1 0 1 1 0 8 0 sessionpl 144 34 0 18 1 0 1 1 0 8 0 pgrppl 48 166 0 150 1 0 1 1 0 8 0 ucredpl 96 17578 0 17560 1 0 1 1 0 8 0 zombiepl 144 15671 0 15670 1 0 1 1 0 8 0 processpl 1064 15721 0 15670 5 1 4 4 0 8 0 procpl 672 46558 0 46495 22 14 8 8 0 8 2 srpgc 96 1 0 1 1 1 0 1 0 8 0 sosppl 168 189 0 189 20 20 0 1 0 8 0 sockpl 480 59040 0 59015 1203 1192 11 50 0 8 7 mcl64k 65536 66 0 0 3 0 3 3 0 8 0 mcl16k 16384 41 0 0 4 1 3 3 0 8 0 mcl12k 12288 20 0 0 2 0 2 2 0 8 0 mcl9k 9216 25 0 0 2 0 2 2 0 8 0 mcl8k 8192 41 0 0 3 0 3 3 0 8 0 mcl4k 4096 28 0 0 3 0 3 3 0 8 0 mcl2k2 2112 100 0 0 2 0 2 2 0 8 0 mcl2k 2048 317 0 0 18 1 17 18 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 3738 0 0 218 0 218 218 0 8 0 bufpl 288 28727 0 22392 453 0 453 453 0 8 0 anonpl 24 4636623 0 4623612 294 184 110 142 0 186 0 amapchunkpl 152 499008 0 498274 218 184 34 47 0 158 3 amappl16 200 48691 0 48256 206 178 28 38 0 8 0 amappl15 192 4735 0 4730 1 0 1 1 0 8 0 amappl14 184 3317 0 3308 1 0 1 1 0 8 0 amappl13 176 4088 0 4082 1 0 1 1 0 8 0 amappl12 168 2216 0 2204 1 0 1 1 0 8 0 amappl11 160 45 0 35 1 0 1 1 0 8 0 amappl10 152 1894 0 1887 1 0 1 1 0 8 0 amappl9 144 2002 0 1996 1 0 1 1 0 8 0 amappl8 136 1472 0 1302 6 0 6 6 0 8 0 amappl7 128 186 0 173 1 0 1 1 0 8 0 amappl6 120 1774 0 1750 2 1 1 2 0 8 0 amappl5 112 12682 0 12667 1 0 1 1 0 8 0 amappl4 104 3956 0 3918 2 0 2 2 0 8 0 amappl3 96 7723 0 7703 1 0 1 1 0 8 0 amappl2 88 6708 0 6650 3 1 2 3 0 8 0 amappl1 80 285935 0 285316 29 15 14 18 0 8 0 amappl 88 200713 0 200451 11 4 7 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 154 0 24 3 0 3 3 0 8 0 uaddrrnd 24 15706 0 15670 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 15706 0 15670 1 0 1 1 0 8 0 vmmpekpl 168 124735 0 124678 4 0 4 4 0 8 0 vmmpepl 168 1447211 0 1444379 270 138 132 144 0 357 0 vmsppl 368 15705 0 15670 4 0 4 4 0 8 0 rwobjpl 56 363317 0 355794 117 7 110 112 0 8 0 pdppl 4096 31419 0 31340 355 276 79 91 0 8 0 pvpl 32 7625903 0 7607241 536 349 187 267 0 265 0 pmappl 248 15705 0 15670 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1530 0 503 30 0 30 30 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff828d5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82abca58) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x122 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x1f __mp_lock(ffffffff82abca58) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x122 sys/kern/kern_lock.c:147 syscall(ffff80002e3d5bf0) at syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff80002e3d5bf0) at syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffbfc80, count: 6 ddb{0}> trace x86_ipi_db(ffffffff828d5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82abca58) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x122 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x1f __mp_lock(ffffffff82abca58) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x122 sys/kern/kern_lock.c:147 syscall(ffff80002e3d5bf0) at syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff80002e3d5bf0) at syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffbfc80, count: -9 ddb{0}> machine ddbcpu 1 Stopped at socreate+0x84: cmpq $0,0(%rax) socreate(18,ffff800024892428,3,2c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000ffff6010,ffff8000248924b8,ffff800024892510) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800024892580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800024892580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x588779de590, count: 11 ddb{1}> trace socreate(18,ffff800024892428,3,2c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000ffff6010,ffff8000248924b8,ffff800024892510) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800024892580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800024892580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x588779de590, count: -4