login: uvm_fault(0xfffffd80735978b8, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at socreate+0x84: cmpq $0,0(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND 113127 30111 32767 0x10 0 0 syz-executor.7 *519831 40148 32767 0x10 0x4000000 1K syz-executor.3 socreate(18,ffff800026ca0958,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff80002118fce8,ffff800026ca09e8,ffff800026ca0a40) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800026ca0ab0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800026ca0ab0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc5fc7483120, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd80735978b8, 0x0, 0, 1) -> e ddb{1}> trace socreate(18,ffff800026ca0958,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff80002118fce8,ffff800026ca09e8,ffff800026ca0a40) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800026ca0ab0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800026ca0ab0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc5fc7483120, count: -4 ddb{1}> show registers rdi 0xffff80002609b000 rsi 0x4dd rbp 0xffff800026ca0940 rbx 0x18 rdx 0xffff80002609b000 rcx 0x4dc rax 0 r8 0xffffffff81e690f0 uvm_map_inentry_pc r9 0x16 r10 0 r11 0x18d0546f410e8889 r12 0xffff800026ca0958 r13 0xffffffff8288cca0 inet6sw r14 0 r15 0x29 rip 0xffffffff81e82144 socreate+0x84 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff800026ca08e0 ss 0x10 socreate+0x84: cmpq $0,0(%rax) ddb{1}> show proc PROC (syz-executor.3) pid=519831 stat=onproc flags process=10 proc=4000000 pri=76, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80002118fa48,0xffff80002118efd8 process=0xffff8000fffed910 user=0xffff800026c9b000, vmspace=0xfffffd80735978b8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 2628 425372 3981 32767 2 0x10 syz-executor.2 85745 165314 90730 32767 2 0x10 syz-executor.1 30111 113127 91537 32767 7 0x10 syz-executor.7 40148 27209 70369 32767 2 0x10 syz-executor.3 *40148 519831 70369 32767 7 0x4000010 syz-executor.3 23406 119756 71180 32767 2 0x10 syz-executor.5 91537 206290 43983 32767 3 0x90 nanoslp syz-executor.7 9227 30054 36696 32767 2 0x10 syz-executor.4 43983 407705 98764 0 3 0x82 wait syz-executor.7 83491 200034 52336 32767 3 0x10 biowait syz-executor.6 71180 482758 90512 32767 2 0x10 syz-executor.5 52336 506236 98764 0 3 0x82 wait syz-executor.6 90512 153490 98764 0 3 0x82 wait syz-executor.5 36696 67555 98764 0 3 0x82 wait syz-executor.4 70369 113543 12133 32767 3 0x90 nanoslp syz-executor.3 3981 77017 71325 32767 3 0x90 nanoslp syz-executor.2 9011 427899 49507 32767 3 0x90 nanoslp syz-executor.0 12133 254508 98764 0 3 0x82 wait syz-executor.3 90730 146475 366 32767 3 0x90 nanoslp syz-executor.1 71325 179019 98764 0 3 0x82 wait syz-executor.2 366 505940 98764 0 3 0x82 wait syz-executor.1 49507 460340 98764 0 3 0x82 wait syz-executor.0 98764 166101 43178 0 3 0x82 nanoslp syz-fuzzer 98764 462136 43178 0 3 0x4000082 nanoslp syz-fuzzer 98764 41493 43178 0 3 0x4000082 thrsleep syz-fuzzer 98764 443659 43178 0 3 0x4000082 thrsleep syz-fuzzer 98764 474706 43178 0 3 0x4000082 thrsleep syz-fuzzer 98764 344330 43178 0 3 0x4000082 kqread syz-fuzzer 98764 133608 43178 0 3 0x4000082 thrsleep syz-fuzzer 98764 208653 43178 0 3 0x4000082 thrsleep syz-fuzzer 98764 383636 43178 0 3 0x4000082 thrsleep syz-fuzzer 43178 314056 37146 0 3 0x10008a sigsusp ksh 37146 366571 21065 0 3 0x9a kqread sshd 4014 491145 1 0 3 0x100083 ttyin getty 21065 215565 1 0 3 0x88 kqread sshd 31001 343449 89099 73 3 0x1100090 kqread syslogd 89099 99208 1 0 3 0x100082 netio syslogd 78599 54221 1 0 3 0x100080 kqread resolvd 45529 164430 53587 77 3 0x100092 kqread dhcpleased 57297 471934 53587 77 3 0x100092 kqread dhcpleased 53587 285348 1 0 3 0x80 kqread dhcpleased 25223 369883 0 0 3 0x14200 bored smr 69157 332580 0 0 2 0x14200 zerothread 82 240220 0 0 3 0x14200 aiodoned aiodoned 7040 64985 0 0 3 0x14200 syncer update 3583 260657 0 0 3 0x14200 cleaner cleaner 57275 100986 0 0 3 0x14200 reaper reaper 83913 150415 0 0 3 0x14200 pgdaemon pagedaemon 49389 269504 0 0 3 0x14200 bored viomb 69547 434550 0 0 3 0x40014200 acpi0 acpi0 94304 389730 0 0 3 0x40014200 idle1 87319 344374 0 0 3 0x14200 bored softnet 2494 68305 0 0 3 0x14200 bored systqmp 52032 327178 0 0 3 0x14200 bored systq 17940 203843 0 0 3 0x40014200 bored softclock 30649 336314 0 0 3 0x40014200 idle0 1 521279 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 30111 (syz-executor.7) thread 0xffff80002118fa48 (113127) shared rwlock vmmaplk r = 0 (0xfffffd8073597030) #0 witness_lock+0x44d #1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1758 #2 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:674 #3 uvm_fault+0x102 sys/uvm/uvm_fault.c:602 #4 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 #5 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 #6 recall_trap+0x8 Process 40148 (syz-executor.3) thread 0xffff80002118fce8 (519831) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82abcc60) #0 witness_lock+0x44d #1 kpageflttrap+0x23d sys/arch/amd64/amd64/trap.c:274 #2 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #3 alltraps_kern_meltdown+0x7b #4 socreate+0x84 sys/kern/uipc_socket.c:172 #5 sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 #6 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 Process 83491 (syz-executor.6) thread 0xffff8000ffff47e0 (200034) exclusive rrwlock inode r = 0 (0xfffffd8072968708) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347 #6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394 #7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162 #8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404 #9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101 #10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd807b9b22c0) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413 #6 namei+0x36a sys/kern/vfs_lookup.c:245 #7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3086 #8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10171 6407K 6419K 78643K 11261 0 pcb 13 8K 8K 78643K 13 0 rtable 238 6K 7K 78643K 348 0 ifaddr 81 16K 16K 78643K 82 0 counters 56 35K 35K 78643K 56 0 ioctlops 0 0K 4K 78643K 1452 0 iov 0 0K 0K 78643K 169 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1270 79K 79K 78643K 1416 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 262 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1884 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 23 85K 113K 78643K 16553 0 proc 56 74K 99K 78643K 451 0 subproc 104 6K 6K 78643K 104 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 99 6K 6K 78643K 99 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 2K 78643K 603 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 268 78K 80K 78643K 198069 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 11 0K 2K 78643K 27 0 temp 96 4692K 4756K 78643K 37859 0 kqueue 12 18K 24K 78643K 836 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 33 0 30 1 0 1 1 0 8 0 rtentry 112 111 0 1 4 0 4 4 0 8 0 unpcb 136 7823 0 7810 26 20 6 6 0 8 5 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpcb 736 43 0 39 1 0 1 1 0 8 0 arp 120 18 0 0 1 0 1 1 0 8 0 inpcb 304 291 0 284 6 0 6 6 0 8 5 nd6 48 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 452 0 0 29 0 29 29 0 8 0 art_table 32 453 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 semapl 112 1882 0 1872 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 18192 0 16764 90 0 90 90 0 8 0 ffsino 272 18192 0 16764 96 0 96 96 0 8 0 nchpl 144 39260 0 37600 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 98154 0 98153 2 1 1 2 0 8 0 percpumem 16 40 0 0 1 0 1 1 0 8 0 scxspl 216 104900 0 104899 9 8 1 8 0 8 0 plimitpl 152 30 0 8 1 0 1 1 0 8 0 sigapl 424 16830 0 16781 7 1 6 7 0 8 0 futexpl 64 85848 0 85848 1 0 1 1 0 8 1 knotepl 120 108 0 0 4 0 4 4 0 8 0 kqueuepl 216 2519 0 2511 7 2 5 5 0 8 4 pipepl 336 2498 0 2470 22 19 3 8 0 8 0 fdescpl 496 16816 0 16782 7 2 5 6 0 8 0 filepl 152 54885 0 54652 46 29 17 17 0 8 8 lockfpl 104 366 0 364 1 0 1 1 0 8 0 lockfspl 48 168 0 166 1 0 1 1 0 8 0 sessionpl 144 23 0 7 1 0 1 1 0 8 0 pgrppl 48 23 0 7 1 0 1 1 0 8 0 ucredpl 96 1702 0 1684 1 0 1 1 0 8 0 zombiepl 144 16782 0 16781 1 0 1 1 0 8 0 processpl 1064 16830 0 16781 5 1 4 4 0 8 0 procpl 672 36474 0 36416 14 7 7 7 0 8 1 sockpl 480 8665 0 8642 110 99 11 28 0 8 8 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 16 0 0 2 0 2 2 0 8 0 mcl8k 8192 25 0 0 4 1 3 3 0 8 0 mcl4k 4096 25 0 0 3 0 3 3 0 8 0 mcl2k2 2112 9 0 0 1 0 1 1 0 8 0 mcl2k 2048 103 0 0 10 0 10 10 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 498 0 0 23 1 22 23 0 8 0 bufpl 288 20110 0 13775 453 0 453 453 0 8 0 anonpl 24 4176554 0 4168844 69 13 56 57 0 186 1 amapchunkpl 152 468327 0 467768 49 21 28 29 0 158 4 amappl16 200 30811 0 30669 15 6 9 9 0 8 1 amappl15 192 4239 0 4229 1 0 1 1 0 8 0 amappl14 184 32 0 27 1 0 1 1 0 8 0 amappl13 176 81 0 79 1 0 1 1 0 8 0 amappl12 168 15 0 14 1 0 1 1 0 8 0 amappl11 160 4153 0 4137 1 0 1 1 0 8 0 amappl10 152 1997 0 1988 1 0 1 1 0 8 0 amappl9 144 2519 0 2516 1 0 1 1 0 8 0 amappl8 136 4818 0 4758 3 0 3 3 0 8 0 amappl7 128 4305 0 4292 1 0 1 1 0 8 0 amappl6 120 2259 0 2237 2 1 1 2 0 8 0 amappl5 112 16723 0 16701 1 0 1 1 0 8 0 amappl4 104 6985 0 6955 2 1 1 2 0 8 0 amappl3 96 510 0 498 1 0 1 1 0 8 0 amappl2 88 760 0 715 3 1 2 3 0 8 0 amappl1 80 277657 0 277067 19 5 14 18 0 8 0 amappl 88 197638 0 197443 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 16816 0 16782 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 16816 0 16782 1 0 1 1 0 8 0 vmmpekpl 168 88474 0 88424 3 0 3 3 0 8 0 vmmpepl 168 1442642 0 1440456 140 28 112 113 0 357 7 vmsppl 368 16815 0 16782 4 0 4 4 0 8 0 rwobjpl 56 315982 0 308913 111 9 102 102 0 8 0 pdppl 4096 33639 0 33564 167 86 81 89 0 8 6 pvpl 32 6874031 0 6861494 268 150 118 254 0 265 2 pmappl 248 16815 0 16782 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 917 0 110 24 0 24 24 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff828d5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x28 kd_curproc sys/dev/kcov.c:577 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x28 sys/dev/kcov.c:148 __mp_lock(ffffffff82abca58) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x133 sys/kern/kern_lock.c:147 intr_handler(ffff800026093fa0,ffff80000004ad00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148 __mp_lock(ffffffff82abca58) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x133 sys/kern/kern_lock.c:147 syscall(ffff800026094180) at syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff800026094180) at syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffccd20, count: 4 ddb{0}> trace x86_ipi_db(ffffffff828d5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x28 kd_curproc sys/dev/kcov.c:577 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x28 sys/dev/kcov.c:148 __mp_lock(ffffffff82abca58) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x133 sys/kern/kern_lock.c:147 intr_handler(ffff800026093fa0,ffff80000004ad00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148 __mp_lock(ffffffff82abca58) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x133 sys/kern/kern_lock.c:147 syscall(ffff800026094180) at syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff800026094180) at syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffccd20, count: -11 ddb{0}> machine ddbcpu 1 Stopped at socreate+0x84: cmpq $0,0(%rax) socreate(18,ffff800026ca0958,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff80002118fce8,ffff800026ca09e8,ffff800026ca0a40) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800026ca0ab0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800026ca0ab0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc5fc7483120, count: 11 ddb{1}> trace socreate(18,ffff800026ca0958,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff80002118fce8,ffff800026ca09e8,ffff800026ca0a40) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff800026ca0ab0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800026ca0ab0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc5fc7483120, count: -4