login: uvm_fault(0xfffffd806c253180, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at socreate+0x84: cmpq $0,0(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND 70876 60988 32767 0x10 0 0 syz-executor.7 * 56864 74025 32767 0x10 0x4000000 1K syz-executor.6 socreate(18,ffff80002950db28,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000224437a8,ffff80002950dbb8,ffff80002950dc10) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff80002950dc80) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002950dc80) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8ca28f19000, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806c253180, 0x0, 0, 1) -> e ddb{1}> trace socreate(18,ffff80002950db28,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000224437a8,ffff80002950dbb8,ffff80002950dc10) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff80002950dc80) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002950dc80) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8ca28f19000, count: -4 ddb{1}> show registers rdi 0xffff800029540000 rsi 0x4fb rbp 0xffff80002950db10 rbx 0x18 rdx 0xffff800029540000 rcx 0x4fa rax 0 r8 0xffffffff81e690f0 uvm_map_inentry_pc r9 0x14 r10 0 r11 0xc91bbb2dd6d8c561 r12 0xffff80002950db28 r13 0xffffffff8288cca0 inet6sw r14 0 r15 0x29 rip 0xffffffff81e82144 socreate+0x84 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff80002950dab0 ss 0x10 socreate+0x84: cmpq $0,0(%rax) ddb{1}> show proc PROC (syz-executor.6) pid=56864 stat=onproc flags process=10 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000224422a8,0xffffffff82a987b8 process=0xffff800029530870 user=0xffff800029508000, vmspace=0xfffffd806c253180 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 60988 70876 28634 32767 7 0x10 syz-executor.7 74025 379962 4804 32767 2 0x10 syz-executor.6 *74025 56864 4804 32767 7 0x4000010 syz-executor.6 15057 7002 90816 32767 2 0x10 syz-executor.1 15057 311826 90816 32767 3 0x4000090 fsleep syz-executor.1 15057 161964 90816 32767 3 0x4000090 fsleep syz-executor.1 15057 321758 90816 32767 3 0x4000090 fsleep syz-executor.1 55608 269185 70956 32767 2 0x10 syz-executor.5 55608 72357 70956 32767 2 0x4000010 syz-executor.5 28634 502494 64950 32767 3 0x90 nanoslp syz-executor.7 64950 831 52479 0 3 0x82 wait syz-executor.7 70956 256962 63251 32767 3 0x90 nanoslp syz-executor.5 4804 281527 85558 32767 3 0x90 nanoslp syz-executor.6 63251 99313 52479 0 3 0x82 wait syz-executor.5 85558 510386 52479 0 3 0x82 wait syz-executor.6 14657 464057 74700 32767 3 0x90 piperd syz-executor.2 72371 312397 19178 32767 3 0x90 piperd syz-executor.4 19178 337694 52479 0 3 0x82 wait syz-executor.4 26574 453290 67279 32767 3 0x90 nanoslp syz-executor.3 67279 170580 52479 0 3 0x82 wait syz-executor.3 74700 404773 52479 0 3 0x82 wait syz-executor.2 90816 498493 58826 32767 3 0x90 nanoslp syz-executor.1 14339 187113 48456 32767 2 0x10 syz-executor.0 58826 219754 52479 0 3 0x82 wait syz-executor.1 48456 3262 52479 0 3 0x82 wait syz-executor.0 52479 434 92563 0 3 0x82 thrsleep syz-fuzzer 52479 499263 92563 0 3 0x4000082 nanoslp syz-fuzzer 52479 27808 92563 0 3 0x4000082 thrsleep syz-fuzzer 52479 187463 92563 0 3 0x4000082 thrsleep syz-fuzzer 52479 503390 92563 0 3 0x4000082 kqread syz-fuzzer 52479 448915 92563 0 3 0x4000082 thrsleep syz-fuzzer 52479 122402 92563 0 3 0x4000082 thrsleep syz-fuzzer 52479 185000 92563 0 3 0x4000082 thrsleep syz-fuzzer 52479 139065 92563 0 3 0x4000082 thrsleep syz-fuzzer 92563 150777 8054 0 3 0x10008a sigsusp ksh 8054 215208 1410 0 3 0x9a kqread sshd 76278 25570 1 0 3 0x100083 ttyin getty 1410 455480 1 0 3 0x88 kqread sshd 47018 479139 48314 73 3 0x1100090 kqread syslogd 48314 497822 1 0 3 0x100082 netio syslogd 3278 93144 1 0 3 0x100080 kqread resolvd 4919 134808 99583 77 3 0x100092 kqread dhcpleased 30196 220531 99583 77 3 0x100092 kqread dhcpleased 99583 111314 1 0 3 0x80 kqread dhcpleased 92671 343646 0 0 3 0x14200 bored smr 15414 132692 0 0 2 0x14200 zerothread 79641 388607 0 0 3 0x14200 aiodoned aiodoned 93620 12994 0 0 3 0x14200 syncer update 20479 354873 0 0 3 0x14200 cleaner cleaner 29066 227050 0 0 3 0x14200 reaper reaper 64829 429581 0 0 3 0x14200 pgdaemon pagedaemon 54732 235567 0 0 3 0x14200 bored viomb 41687 21057 0 0 3 0x40014200 acpi0 acpi0 11382 93328 0 0 3 0x40014200 idle1 34119 515584 0 0 3 0x14200 bored softnet 6214 115912 0 0 3 0x14200 bored systqmp 91847 316987 0 0 3 0x14200 bored systq 90307 133679 0 0 3 0x40014200 bored softclock 89899 134191 0 0 3 0x40014200 idle0 1 506318 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 60988 (syz-executor.7) thread 0xffff8000224422a8 (70876) exclusive rwlock vmmaplk r = 0 (0xfffffd806c253e88) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5458 #3 uvmfault_lookup+0xb9 sys/uvm/uvm_fault.c:1752 #4 uvm_fault_check+0x603 uvmfault_amapcopy sys/uvm/uvm_fault.c:236 [inline] #4 uvm_fault_check+0x603 sys/uvm/uvm_fault.c:712 #5 uvm_fault+0x102 sys/uvm/uvm_fault.c:602 #6 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 #7 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 #8 recall_trap+0x8 Process 74025 (syz-executor.6) thread 0xffff8000224437a8 (56864) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82abcc60) #0 witness_lock+0x44d #1 kpageflttrap+0x23d sys/arch/amd64/amd64/trap.c:274 #2 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #3 alltraps_kern_meltdown+0x7b #4 socreate+0x84 sys/kern/uipc_socket.c:172 #5 sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 #6 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10170 6407K 6419K 78643K 11260 0 pcb 13 8K 8K 78643K 13 0 rtable 238 6K 7K 78643K 352 0 ifaddr 81 16K 16K 78643K 82 0 counters 56 35K 35K 78643K 56 0 ioctlops 0 0K 2K 78643K 591 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1270 79K 79K 78643K 1283 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 22 81K 121K 78643K 4862 0 proc 56 74K 123K 78643K 451 0 subproc 104 6K 6K 78643K 104 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 99 6K 6K 78643K 99 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 2K 78643K 613 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 269 77K 78K 78643K 58576 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 11 0K 2K 78643K 27 0 temp 84 4689K 4753K 78643K 13677 0 kqueue 12 18K 18K 78643K 22 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 35 0 32 1 0 1 1 0 8 0 rtentry 112 111 0 1 4 0 4 4 0 8 0 unpcb 136 4571 0 4558 8 2 6 6 0 8 5 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpcb 736 8 0 4 1 0 1 1 0 8 0 arp 120 18 0 0 1 0 1 1 0 8 0 inpcb 304 63 0 56 1 0 1 1 0 8 0 nd6 48 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 452 0 0 29 0 29 29 0 8 0 art_table 32 453 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 6221 0 4793 90 0 90 90 0 8 0 ffsino 272 6221 0 4793 96 0 96 96 0 8 0 nchpl 144 11335 0 9676 62 0 62 62 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 27202 0 27202 2 1 1 2 0 8 1 percpumem 16 40 0 0 1 0 1 1 0 8 0 scxspl 216 33931 0 33931 9 8 1 8 0 8 1 plimitpl 152 30 0 8 1 0 1 1 0 8 0 sigapl 424 5144 0 5096 7 0 7 7 0 8 0 futexpl 64 25462 0 25459 1 0 1 1 0 8 0 knotepl 120 108 0 0 4 0 4 4 0 8 0 kqueuepl 216 22 0 14 1 0 1 1 0 8 0 pipepl 336 3422 0 3393 15 4 11 13 0 8 8 fdescpl 496 5130 0 5097 7 1 6 6 0 8 0 filepl 152 19499 0 19263 25 8 17 19 0 8 7 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 23 0 7 1 0 1 1 0 8 0 pgrppl 48 23 0 7 1 0 1 1 0 8 0 ucredpl 96 406 0 388 1 0 1 1 0 8 0 zombiepl 144 5097 0 5096 1 0 1 1 0 8 0 processpl 1064 5144 0 5096 5 1 4 4 0 8 0 procpl 672 10406 0 10345 8 1 7 7 0 8 1 sockpl 480 4806 0 4783 50 39 11 21 0 8 8 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 18 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 92 0 0 11 0 11 11 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 450 0 0 29 1 28 29 0 8 0 bufpl 288 8327 0 1992 453 0 453 453 0 8 0 anonpl 24 1242851 0 1235223 57 2 55 55 0 186 1 amapchunkpl 152 137688 0 137109 31 3 28 28 0 158 1 amappl16 200 9138 0 8972 11 1 10 10 0 8 0 amappl15 192 1265 0 1257 1 0 1 1 0 8 0 amappl14 184 625 0 621 1 0 1 1 0 8 0 amappl13 176 79 0 78 1 0 1 1 0 8 0 amappl12 168 580 0 576 1 0 1 1 0 8 0 amappl11 160 38 0 28 1 0 1 1 0 8 0 amappl10 152 659 0 653 1 0 1 1 0 8 0 amappl9 144 1654 0 1646 1 0 1 1 0 8 0 amappl8 136 1135 0 1090 2 0 2 2 0 8 0 amappl7 128 692 0 679 1 0 1 1 0 8 0 amappl6 120 1401 0 1378 2 1 1 2 0 8 0 amappl5 112 5973 0 5948 1 0 1 1 0 8 0 amappl4 104 897 0 871 2 0 2 2 0 8 0 amappl3 96 1176 0 1163 1 0 1 1 0 8 0 amappl2 88 806 0 764 3 1 2 3 0 8 0 amappl1 80 86662 0 86068 18 3 15 18 0 8 0 amappl 88 58158 0 57952 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 5130 0 5097 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5130 0 5097 1 0 1 1 0 8 0 vmmpekpl 168 44284 0 44233 3 0 3 3 0 8 0 vmmpepl 168 442054 0 439885 114 3 111 111 0 357 4 vmsppl 368 5129 0 5097 4 0 4 4 0 8 0 rwobjpl 56 102754 0 95795 101 1 100 100 0 8 0 pdppl 4096 10267 0 10194 127 46 81 95 0 8 8 pvpl 32 2172027 0 2159517 243 60 183 243 0 265 69 pmappl 248 5129 0 5097 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 876 0 54 24 0 24 24 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff828d5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82abca58) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x122 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x1f __mp_lock(ffffffff82abca58) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x129 sys/kern/kern_lock.c:147 syscall(ffff80002e39bf20) at syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff80002e39bf20) at syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc9490, count: 6 ddb{0}> trace x86_ipi_db(ffffffff828d5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82abca58) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x122 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x1f __mp_lock(ffffffff82abca58) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82abca58) at __mp_lock+0x129 sys/kern/kern_lock.c:147 syscall(ffff80002e39bf20) at syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff80002e39bf20) at syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc9490, count: -9 ddb{0}> machine ddbcpu 1 Stopped at socreate+0x84: cmpq $0,0(%rax) socreate(18,ffff80002950db28,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000224437a8,ffff80002950dbb8,ffff80002950dc10) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff80002950dc80) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002950dc80) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8ca28f19000, count: 11 ddb{1}> trace socreate(18,ffff80002950db28,0,29) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000224437a8,ffff80002950dbb8,ffff80002950dc10) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff80002950dc80) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002950dc80) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8ca28f19000, count: -4