uvm_fault(0xfffffd80747145e0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at socreate+0x84: cmpq $0,0(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND 144286 75733 0 0 0 0 syz-executor.4 *257098 9542 0 0 0x4000000 1 syz-executor.6 socreate(18,ffff800027ad6420,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socketpair(ffff8000ffff22a8,ffff800027ad64b8,ffff800027ad6510) at sys_socketpair+0x6e sys/kern/uipc_syscalls.c:430 syscall(ffff800027ad6580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027ad6580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa34cdd141b0, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd80747145e0, 0x0, 0, 1) -> e ddb{1}> trace socreate(18,ffff800027ad6420,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socketpair(ffff8000ffff22a8,ffff800027ad64b8,ffff800027ad6510) at sys_socketpair+0x6e sys/kern/uipc_syscalls.c:430 syscall(ffff800027ad6580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027ad6580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa34cdd141b0, count: -4 ddb{1}> show registers rdi 0xffff80002af43000 rsi 0x592 rbp 0xffff800027ad6400 rbx 0x18 rdx 0xffff80002af43000 rcx 0x591 rax 0 r8 0xffffffff811cfb80 uvm_map_inentry_pc r9 0x11 r10 0 r11 0x25c500f583f5c7a6 r12 0xffff800027ad6420 r13 0xffffffff82675e40 inet6sw r14 0 r15 0x29 rip 0xffffffff81b8f4e4 socreate+0x84 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800027ad63a0 ss 0x10 socreate+0x84: cmpq $0,0(%rax) ddb{1}> show proc PROC (syz-executor.6) pid=257098 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2fc8,0xffffffff82b22b18 process=0xffff8000fffed908 user=0xffff800027ad1000, vmspace=0xfffffd80747145e0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 75733 144286 90941 0 7 0 syz-executor.4 75733 97459 90941 0 2 0x4000080 syz-executor.4 65276 289765 9295 0 2 0 syz-executor.3 9542 22556 58884 0 2 0 syz-executor.6 * 9542 257098 58884 0 7 0x4000000 syz-executor.6 62588 356383 2500 0 2 0 syz-executor.7 62588 62132 2500 0 2 0x4000000 syz-executor.7 84241 369300 17579 0 2 0 syz-executor.0 84241 64912 17579 0 3 0x4000080 fsleep syz-executor.0 19865 125503 62939 0 2 0 syz-executor.5 19865 77297 62939 0 3 0x4000080 ttyout syz-executor.5 19865 468976 62939 0 2 0x4000000 syz-executor.5 33243 68370 79832 0 2 0x482 syz-executor.1 49581 279791 0 0 3 0x14200 bored sosplice 2500 201274 79832 0 3 0x82 nanoslp syz-executor.7 58884 192664 79832 0 3 0x82 nanoslp syz-executor.6 62939 330523 79832 0 3 0x82 nanoslp syz-executor.5 90941 215047 79832 0 3 0x82 nanoslp syz-executor.4 9295 414596 79832 0 3 0x82 nanoslp syz-executor.3 33844 340977 79832 0 2 0x2 syz-executor.2 17579 241126 79832 0 2 0x482 syz-executor.0 79832 468011 69004 0 3 0x82 kqread syz-fuzzer 79832 102700 69004 0 2 0x4000482 syz-fuzzer 79832 41046 69004 0 3 0x4000082 thrsleep syz-fuzzer 79832 73115 69004 0 3 0x4000082 thrsleep syz-fuzzer 79832 18180 69004 0 3 0x4000082 thrsleep syz-fuzzer 79832 381488 69004 0 3 0x4000082 thrsleep syz-fuzzer 79832 56052 69004 0 3 0x4000082 thrsleep syz-fuzzer 79832 27548 69004 0 3 0x4000082 thrsleep syz-fuzzer 69004 467246 10539 0 3 0x10008a sigsusp ksh 10539 425181 28702 0 3 0x9a kqread sshd 86078 256568 1 0 3 0x100083 ttyopn getty 28702 440162 1 0 3 0x88 kqread sshd 52724 49583 32105 74 3 0x1100092 bpf pflogd 32105 419633 1 0 3 0x80 netio pflogd 30373 198045 16884 73 3 0x1100090 kqread syslogd 16884 143242 1 0 3 0x100082 netio syslogd 47600 27745 1 0 3 0x100080 kqread resolvd 27200 35449 63221 77 3 0x100092 kqread dhcpleased 33198 194527 63221 77 3 0x100092 kqread dhcpleased 63221 230885 1 0 3 0x80 kqread dhcpleased 65740 108453 0 0 3 0x14200 bored smr 41566 443711 0 0 2 0x14200 zerothread 92309 314539 0 0 3 0x14200 aiodoned aiodoned 44238 338630 0 0 3 0x14200 syncer update 40345 486228 0 0 3 0x14200 cleaner cleaner 83813 133574 0 0 3 0x14200 reaper reaper 766 294957 0 0 3 0x14200 pgdaemon pagedaemon 53407 27612 0 0 3 0x14200 bored viomb 80490 461448 0 0 3 0x40014200 acpi0 acpi0 91986 189918 0 0 3 0x40014200 idle1 90325 195737 0 0 3 0x14200 bored softnet 84842 58031 0 0 3 0x14200 bored systqmp 93142 165241 0 0 3 0x14200 bored systq 99296 377439 0 0 3 0x40014200 bored softclock 53575 229088 0 0 3 0x40014200 idle0 1 79849 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive sched_lock &sched_lock r = 0 (0xffffffff82b6d540) #0 witness_lock+0x44d #1 preempt+0x36 sys/kern/sched_bsd.c:307 #2 ast+0x108 mi_ast sys/sys/syscall_mi.h:184 [inline] #2 ast+0x108 sys/arch/amd64/amd64/trap.c:508 #3 intr_user_exit+0x3c Process 9542 (syz-executor.6) thread 0xffff8000ffff22a8 (257098) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b6e770) #0 witness_lock+0x44d #1 kpageflttrap+0x23d sys/arch/amd64/amd64/trap.c:274 #2 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #3 alltraps_kern_meltdown+0x7b #4 socreate+0x84 sys/kern/uipc_socket.c:172 #5 sys_socketpair+0x6e sys/kern/uipc_syscalls.c:430 #6 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10181 6482K 6926K 78643K 13763 0 pcb 13 8K 8K 78643K 190 0 rtable 210 7K 9K 78643K 707 0 ifaddr 86 17K 18K 78643K 176 0 counters 56 35K 35K 78643K 80 0 ioctlops 0 0K 4K 78643K 1626 0 iov 0 0K 32K 78643K 80 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1270 79K 80K 78643K 2155 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 11 1K 1K 78643K 18 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 81K 78643K 2560 0 proc 70 87K 111K 78643K 683 0 subproc 104 6K 6K 78643K 130 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 103 0 in_multi 83 5K 6K 78643K 256 0 ether_multi 1 0K 0K 78643K 42 0 mrt 1 0K 0K 78643K 45 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 2K 78643K 848 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 315 147K 147K 78643K 31808 0 UVM aobj 7 2K 2K 78643K 11 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 174 0 NDP 12 0K 2K 78643K 53 0 temp 134 4705K 4777K 78643K 20209 0 kqueue 12 18K 42K 78643K 177 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 220 0 217 1 0 1 1 0 8 0 rtentry 112 192 0 100 4 0 4 4 0 8 0 unpcb 136 535 0 520 2 1 1 2 0 8 0 syncache 296 12 0 12 2 2 0 1 0 8 0 tcpqe 32 133 0 133 3 3 0 1 0 8 0 tcpcb 736 500 0 492 6 3 3 3 0 8 2 arp 120 23 0 4 1 0 1 1 0 8 0 inpcb 304 1159 0 1152 5 3 2 2 0 8 1 rttmr 72 18 0 18 3 2 1 1 0 8 1 nd6 48 42 0 25 1 0 1 1 0 8 0 pkpcb 40 16 0 16 2 2 0 1 0 8 0 kcovpl 48 10 0 2 1 0 1 1 0 8 0 ppxss 1248 4 0 4 1 1 0 1 0 8 0 pfstscr 40 4 0 4 1 1 0 1 0 8 0 pffrag 232 1 0 1 1 1 0 1 0 482 0 pffrnode 88 1 0 1 1 1 0 1 0 8 0 pffrent 40 9 0 9 2 2 0 1 0 8 0 pfosfp 40 1438 0 1014 5 0 5 5 0 8 0 pfosfpen 112 1438 0 723 21 0 21 21 0 8 0 pfrktable 1344 21 0 19 2 1 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 32 0 30 1 0 1 1 0 8 0 pfstkey 112 54 0 52 1 0 1 1 0 8 0 pfstate 320 42 0 40 3 2 1 3 0 8 0 pfrule 1360 57 0 52 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1078 0 682 33 1 32 33 0 8 3 art_table 32 1079 0 682 5 0 5 5 0 8 0 art_node 16 191 0 107 1 0 1 1 0 8 0 semupl 112 7 0 7 1 1 0 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 8 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 4668 0 3232 92 0 92 92 0 8 0 ffsino 272 4668 0 3232 98 0 98 98 0 8 0 nchpl 144 7702 0 6070 63 0 63 63 0 8 0 uvmvnodes 80 5379 0 0 110 0 110 110 0 8 0 vnodes 224 5379 0 0 317 0 317 317 0 8 0 namei 1024 20666 0 20666 3 2 1 2 0 8 1 percpumem 16 52 0 12 1 0 1 1 0 8 0 vcpupl 2048 4 0 0 1 0 1 1 0 8 0 vmpool 560 8 0 4 1 0 1 1 0 8 0 pfiaddrpl 120 5 0 1 2 1 1 1 0 8 0 scsiplug 72 4 0 4 1 1 0 1 0 8 0 scxspl 216 24260 0 24260 11 10 1 8 0 8 1 plimitpl 152 127 0 111 1 0 1 1 0 8 0 sigapl 424 2861 0 2816 6 0 6 6 0 8 0 futexpl 64 14243 0 14242 1 0 1 1 0 8 0 knotepl 120 127 0 0 4 0 4 4 0 8 0 kqueuepl 216 280 0 272 2 0 2 2 0 8 1 pipepl 336 179 0 151 3 0 3 3 0 8 0 fdescpl 496 2846 0 2817 5 1 4 5 0 8 0 filepl 152 8528 0 8284 12 1 11 11 0 8 1 lockfpl 104 269 0 267 1 0 1 1 0 8 0 lockfspl 48 120 0 118 1 0 1 1 0 8 0 sessionpl 144 26 0 9 1 0 1 1 0 8 0 pgrppl 48 39 0 22 1 0 1 1 0 8 0 ucredpl 96 1036 0 1024 1 0 1 1 0 8 0 zombiepl 144 2817 0 2816 1 0 1 1 0 8 0 processpl 1064 2861 0 2816 4 0 4 4 0 8 0 procpl 672 5571 0 5513 6 0 6 6 0 8 0 sosppl 168 39 0 39 1 1 0 1 0 8 0 sockpl 480 1930 0 1905 13 7 6 8 0 8 2 mcl64k 65536 16 0 0 2 0 2 2 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 12 0 0 2 0 2 2 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 196 0 0 20 1 19 20 0 8 0 mtagpl 96 301 0 0 8 0 8 8 0 8 0 mbufpl 256 625 0 0 37 0 37 37 0 8 0 bufpl 288 7808 0 1472 453 0 453 453 0 8 0 anonpl 24 692260 0 682434 91 26 65 85 0 186 1 amapchunkpl 152 76816 0 76194 52 24 28 47 0 158 1 amappl16 200 6131 0 5910 36 23 13 24 0 8 1 amappl15 192 743 0 737 1 0 1 1 0 8 0 amappl14 184 694 0 684 1 0 1 1 0 8 0 amappl13 176 396 0 394 1 0 1 1 0 8 0 amappl12 168 544 0 537 1 0 1 1 0 8 0 amappl11 160 367 0 351 1 0 1 1 0 8 0 amappl10 152 55 0 48 1 0 1 1 0 8 0 amappl9 144 1007 0 1001 1 0 1 1 0 8 0 amappl8 136 667 0 602 3 0 3 3 0 8 0 amappl7 128 141 0 129 1 0 1 1 0 8 0 amappl6 120 813 0 790 2 1 1 2 0 8 0 amappl5 112 1307 0 1288 1 0 1 1 0 8 0 amappl4 104 2124 0 2086 2 0 2 2 0 8 0 amappl3 96 741 0 728 1 0 1 1 0 8 0 amappl2 88 1403 0 1354 3 1 2 3 0 8 0 amappl1 80 50548 0 49974 20 6 14 19 0 8 1 amappl 88 31240 0 31006 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 10 0 4 1 0 1 1 0 8 0 uaddrrnd 24 2854 0 2821 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2854 0 2821 1 0 1 1 0 8 0 vmmpekpl 168 19336 0 19293 3 0 3 3 0 8 0 vmmpepl 168 247370 0 245200 138 34 104 120 0 357 4 vmsppl 368 2853 0 2821 5 1 4 4 0 8 0 rwobjpl 56 61441 0 54862 94 0 94 94 0 8 0 pdppl 4096 5715 0 5646 143 70 73 77 0 8 4 pvpl 32 1435866 0 1421673 263 106 157 261 0 265 34 pmappl 248 2853 0 2821 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 910 0 81 24 0 24 24 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff82999ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7ffffd6090, count: 12 ddb{0}> trace x86_ipi_db(ffffffff82999ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7ffffd6090, count: -3 ddb{0}> machine ddbcpu 1 Stopped at socreate+0x84: cmpq $0,0(%rax) socreate(18,ffff800027ad6420,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socketpair(ffff8000ffff22a8,ffff800027ad64b8,ffff800027ad6510) at sys_socketpair+0x6e sys/kern/uipc_syscalls.c:430 syscall(ffff800027ad6580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027ad6580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa34cdd141b0, count: 11 ddb{1}> trace socreate(18,ffff800027ad6420,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socketpair(ffff8000ffff22a8,ffff800027ad64b8,ffff800027ad6510) at sys_socketpair+0x6e sys/kern/uipc_syscalls.c:430 syscall(ffff800027ad6580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027ad6580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa34cdd141b0, count: -4