uvm_fault(0xfffffd807757db80, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at socreate+0x84: cmpq $0,0(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND *188220 77793 0 0 0x4000000 1K syz-executor.4 249761 13841 0 0x14000 0x200 0 reaper socreate(18,ffff8000260ce438,3,3c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000260de000,ffff8000260ce4c8,ffff8000260ce520) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff8000260ce590) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000260ce590) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x983ff34b2f0, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd807757db80, 0x0, 0, 1) -> e ddb{1}> trace socreate(18,ffff8000260ce438,3,3c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000260de000,ffff8000260ce4c8,ffff8000260ce520) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff8000260ce590) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000260ce590) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x983ff34b2f0, count: -4 ddb{1}> show registers rdi 0xffff8000260e4000 rsi 0x26 rbp 0xffff8000260ce420 rbx 0x18 rdx 0xffff8000260e4000 rcx 0x25 rax 0 r8 0xffffffff811cfb80 uvm_map_inentry_pc r9 0x16 r10 0 r11 0x55c93303aaa65c4 r12 0xffff8000260ce438 r13 0xffffffff82676048 inet6sw+0x208 r14 0x3 r15 0x3c rip 0xffffffff81b8f4e4 socreate+0x84 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff8000260ce3c0 ss 0x10 socreate+0x84: cmpq $0,0(%rax) ddb{1}> show proc PROC (syz-executor.4) pid=188220 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff80002118f260,0xffff8000260df510 process=0xffff8000211a31f0 user=0xffff8000260c9000, vmspace=0xfffffd807757db80 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 99445 212852 85465 0 2 0 syz-executor.0 99445 105703 85465 0 3 0x4000080 fsleep syz-executor.0 357 93007 49604 0 2 0 syz-executor.2 357 158549 49604 0 3 0x4000080 fifor syz-executor.2 77793 109406 56984 0 2 0 syz-executor.4 *77793 188220 56984 0 7 0x4000000 syz-executor.4 39471 312292 1742 0 3 0x80 nanoslp syz-executor.5 39471 275228 1742 0 3 0x4000080 dtread syz-executor.5 39471 125480 1742 0 3 0x4000080 netio syz-executor.5 39471 116566 1742 0 3 0x4000080 fsleep syz-executor.5 2032 137145 89858 0 3 0x82 nanoslp syz-executor.3 1742 8775 89858 0 3 0x82 nanoslp syz-executor.5 43529 502333 89858 0 3 0x82 nanoslp syz-executor.6 44226 366565 1 0 3 0x100083 ttyin getty 70484 373781 89858 0 3 0x82 nanoslp syz-executor.7 56984 214474 89858 0 3 0x82 nanoslp syz-executor.4 64683 411667 89858 0 3 0x82 nanoslp syz-executor.1 48665 22670 0 0 3 0x14200 acct acct 49604 399142 89858 0 3 0x82 nanoslp syz-executor.2 85465 100228 89858 0 3 0x82 nanoslp syz-executor.0 56322 277367 0 0 3 0x14200 bored sosplice 76005 135838 0 0 3 0x14280 nfsidl nfsio 71498 448331 0 0 3 0x14280 nfsidl nfsio 74131 141087 0 0 3 0x14280 nfsidl nfsio 58956 265496 0 0 3 0x14280 nfsidl nfsio 21396 493557 0 0 3 0x14280 nfsidl nfsio 89999 56440 0 0 3 0x14280 nfsidl nfsio 44277 17435 0 0 3 0x14280 nfsidl nfsio 40693 430311 0 0 3 0x14280 nfsidl nfsio 91664 201881 0 0 3 0x14280 nfsidl nfsio 91143 509111 0 0 3 0x14280 nfsidl nfsio 44542 501600 0 0 3 0x14280 nfsidl nfsio 28394 307283 0 0 3 0x14280 nfsidl nfsio 95840 10078 0 0 3 0x14280 nfsidl nfsio 94222 105642 0 0 3 0x14280 nfsidl nfsio 97895 303720 0 0 3 0x14280 nfsidl nfsio 79657 235123 0 0 3 0x14280 nfsidl nfsio 75572 351203 0 0 3 0x14280 nfsidl nfsio 32521 286569 0 0 3 0x14280 nfsidl nfsio 4793 456525 0 0 3 0x14280 nfsidl nfsio 68652 83678 0 0 3 0x14280 nfsidl nfsio 89858 191916 35535 0 3 0x82 thrsleep syz-fuzzer 89858 433560 35535 0 3 0x4000082 thrsleep syz-fuzzer 89858 402643 35535 0 3 0x4000082 thrsleep syz-fuzzer 89858 380228 35535 0 3 0x4000082 thrsleep syz-fuzzer 89858 291906 35535 0 3 0x4000082 kqread syz-fuzzer 89858 462938 35535 0 3 0x4000082 thrsleep syz-fuzzer 89858 121910 35535 0 3 0x4000082 thrsleep syz-fuzzer 89858 456650 35535 0 3 0x4000082 thrsleep syz-fuzzer 89858 15262 35535 0 3 0x4000082 thrsleep syz-fuzzer 35535 64624 16951 0 3 0x10008a sigsusp ksh 16951 492456 5018 0 3 0x9a kqread sshd 5018 36399 1 0 3 0x88 kqread sshd 90015 509599 56057 74 3 0x1100092 bpf pflogd 56057 313385 1 0 3 0x80 netio pflogd 73109 169807 30112 73 3 0x1100090 kqread syslogd 30112 129300 1 0 3 0x100082 netio syslogd 40208 225109 1 0 3 0x100080 kqread resolvd 82729 135390 40872 77 3 0x100092 kqread dhcpleased 74729 210931 40872 77 3 0x100092 kqread dhcpleased 40872 417141 1 0 3 0x80 kqread dhcpleased 10520 41616 0 0 3 0x14200 bored smr 75240 344816 0 0 2 0x14200 zerothread 70451 27555 0 0 3 0x14200 aiodoned aiodoned 91441 389681 0 0 3 0x14200 syncer update 49443 215402 0 0 3 0x14200 cleaner cleaner 13841 249761 0 0 7 0x14200 reaper 79769 64591 0 0 3 0x14200 pgdaemon pagedaemon 52940 351544 0 0 3 0x14200 bored viomb 39526 424355 0 0 3 0x40014200 acpi0 acpi0 87358 2284 0 0 3 0x40014200 idle1 44995 18713 0 0 3 0x14200 bored softnet 55972 200375 0 0 3 0x14200 bored systqmp 28664 344812 0 0 3 0x14200 bored systq 75775 208977 0 0 3 0x40014200 bored softclock 44123 354346 0 0 3 0x40014200 idle0 1 401664 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive mutex pvpl r = 0 (0xffffffff82a68870) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 pool_put+0x8a sys/kern/subr_pool.c:799 #4 pmap_do_remove+0x607 sys/arch/amd64/amd64/pmap.c:1879 #5 uvm_unmap_kill_entry_withlock+0x1af sys/uvm/uvm_map.c:2139 #6 uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] #6 uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2771 #7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685 #8 reaper+0x18b sys/kern/kern_exit.c:457 #9 proc_trampoline+0x1c Process 77793 (syz-executor.4) thread 0xffff8000260de000 (188220) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b6e770) #0 witness_lock+0x44d #1 kpageflttrap+0x23d sys/arch/amd64/amd64/trap.c:274 #2 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #3 alltraps_kern_meltdown+0x7b #4 socreate+0x84 sys/kern/uipc_socket.c:172 #5 sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 #6 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10226 6608K 14895K 78643K 28416 0 pcb 13 16K 18K 78643K 1109 0 rtable 212 10K 10K 78643K 1987 0 ifaddr 100 21K 22K 78643K 729 0 sysctl 3 1K 1K 78643K 3 0 counters 56 35K 35K 78643K 196 0 ioctlops 0 0K 4K 78643K 5497 0 iov 0 0K 16K 78643K 1101 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1594 100K 100K 78643K 8105 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 50 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 674 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 14 49K 89K 78643K 9350 0 sigio 0 0K 0K 78643K 125 0 proc 70 87K 111K 78643K 1604 0 subproc 104 6K 6K 78643K 468 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 223 0 in_multi 79 5K 6K 78643K 828 0 ether_multi 1 0K 0K 78643K 73 0 mrt 1 0K 0K 78643K 30 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 175 784K 784K 78643K 175 0 exec 0 0K 2K 78643K 2377 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 471 570K 571K 78643K 120903 0 UVM aobj 43 2K 2K 78643K 48 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1578 0 NDP 14 0K 2K 78643K 197 0 temp 174 4775K 8839K 78643K 117927 0 kqueue 12 18K 26K 78643K 362 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 348 0 345 4 2 2 3 0 8 1 rtentry 112 638 0 553 4 1 3 4 0 8 0 unpcb 136 18566 0 18543 116 110 6 10 0 8 5 syncache 296 15 0 15 4 4 0 1 0 8 0 tcpqe 32 88 0 88 4 4 0 1 0 8 0 tcpcb 736 4689 0 4680 105 96 9 15 0 8 6 arp 120 81 0 67 1 0 1 1 0 8 0 inpcb 304 12217 0 12209 118 112 6 11 0 8 5 rttmr 72 5 0 5 2 2 0 1 0 8 0 nd6 48 157 0 140 1 0 1 1 0 8 0 pkpcb 40 3 0 3 1 1 0 1 0 8 0 kcovpl 48 36 0 28 1 0 1 1 0 8 0 ppxss 1248 25 0 25 8 7 1 1 0 8 1 pfstscr 40 9 0 9 2 2 0 1 0 8 0 pffrag 232 26 0 24 6 5 1 1 0 482 0 pffrnode 88 26 0 24 6 5 1 1 0 8 0 pffrent 40 503 0 501 6 5 1 1 0 8 0 pfosfp 40 1431 0 1431 5 5 0 5 0 8 0 pfosfpen 112 1431 0 1431 21 21 0 21 0 8 0 pfrktable 1344 34 0 27 3 2 1 1 0 8 0 pftag 88 12 0 8 1 0 1 1 0 8 0 pfqueue 264 2 0 2 1 1 0 1 0 8 0 pfstitem 24 32 0 30 1 0 1 1 0 8 0 pfstkey 112 176 0 174 1 0 1 1 0 8 0 pfstate 320 102 0 100 3 2 1 3 0 8 0 pfrule 1360 978 0 963 19 17 2 15 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2983 0 2594 42 15 27 29 0 8 0 art_table 32 2984 0 2594 5 1 4 4 0 8 0 art_node 16 632 0 557 1 0 1 1 0 8 0 sysvmsgpl 40 36 0 19 1 0 1 1 0 8 0 semapl 112 672 0 662 1 0 1 1 0 8 0 shmpl 112 45 0 5 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 13697 0 12221 93 0 93 93 0 8 0 ffsino 272 13697 0 12221 99 0 99 99 0 8 0 nchpl 144 25930 0 24299 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 87604 0 87604 6 5 1 2 0 8 1 percpumem 16 110 0 70 1 0 1 1 0 8 0 vcpupl 2048 33 0 0 5 0 5 5 0 8 0 vmpool 560 43 0 10 3 0 3 3 0 8 0 pfiaddrpl 120 20 0 13 3 2 1 1 0 8 0 scsiplug 72 8 0 8 2 2 0 1 0 8 0 scxspl 216 71545 0 71545 27 24 3 8 0 8 3 plimitpl 152 854 0 839 1 0 1 1 0 8 0 sigapl 424 9620 0 9553 9 1 8 8 0 8 0 futexpl 64 82659 0 82657 3 2 1 1 0 8 0 knotepl 120 240 0 0 5 0 5 5 0 8 0 kqueuepl 216 1507 0 1499 41 36 5 5 0 8 4 pipepl 336 1836 0 1808 49 46 3 8 0 8 0 fdescpl 496 9584 0 9557 6 2 4 5 0 8 0 filepl 152 75560 0 75311 128 110 18 20 0 8 5 lockfpl 104 4765 0 4763 14 13 1 2 0 8 0 lockfspl 48 1682 0 1680 1 0 1 1 0 8 0 sessionpl 144 55 0 38 1 0 1 1 0 8 0 pgrppl 48 65 0 48 1 0 1 1 0 8 0 ucredpl 96 6913 0 6898 1 0 1 1 0 8 0 zombiepl 144 9557 0 9553 3 2 1 1 0 8 0 processpl 1064 9620 0 9553 5 0 5 5 0 8 0 procpl 672 27892 0 27809 20 11 9 10 0 8 0 srpgc 96 33 0 33 10 10 0 1 0 8 0 sosppl 168 41 0 41 9 9 0 1 0 8 0 sockpl 480 31135 0 31101 671 659 12 36 0 8 7 mcl64k 65536 27 0 0 3 0 3 3 0 8 0 mcl16k 16384 25 0 0 4 1 3 3 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 21 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 33 0 0 4 1 3 3 0 8 0 mcl2k2 2112 7 0 0 1 0 1 1 0 8 0 mcl2k 2048 413 0 0 20 2 18 20 0 8 0 mtagpl 96 850 0 0 15 0 15 15 0 8 0 mbufpl 256 1192 0 0 54 1 53 53 0 8 0 bufpl 288 17207 0 10871 453 0 453 453 0 8 0 anonpl 24 2656136 0 2636562 187 39 148 148 0 186 22 amapchunkpl 152 291928 0 291028 58 16 42 48 0 158 0 amappl16 200 21908 0 21314 56 11 45 45 0 8 4 amappl15 192 2303 0 2295 1 0 1 1 0 8 0 amappl14 184 3149 0 3142 1 0 1 1 0 8 0 amappl13 176 679 0 678 1 0 1 1 0 8 0 amappl12 168 1862 0 1851 1 0 1 1 0 8 0 amappl11 160 1368 0 1349 1 0 1 1 0 8 0 amappl10 152 840 0 834 1 0 1 1 0 8 0 amappl9 144 1166 0 1160 1 0 1 1 0 8 0 amappl8 136 1359 0 1244 5 0 5 5 0 8 0 amappl7 128 246 0 234 1 0 1 1 0 8 0 amappl6 120 973 0 950 2 1 1 2 0 8 0 amappl5 112 7317 0 7301 1 0 1 1 0 8 0 amappl4 104 5368 0 5326 2 0 2 2 0 8 0 amappl3 96 2908 0 2893 1 0 1 1 0 8 0 amappl2 88 1733 0 1678 3 1 2 3 0 8 0 amappl1 80 179583 0 179000 20 6 14 19 0 8 0 amappl 88 119778 0 119482 9 1 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 47 0 5 1 0 1 1 0 8 0 uaddrrnd 24 9627 0 9566 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9627 0 9566 1 0 1 1 0 8 0 vmmpekpl 168 78660 0 78587 4 0 4 4 0 8 0 vmmpepl 168 877691 0 875046 295 157 138 156 0 357 5 vmsppl 368 9626 0 9565 8 2 6 6 0 8 0 rwobjpl 56 215617 0 207950 116 3 113 113 0 8 1 pdppl 4096 19261 0 19163 456 354 102 102 0 8 4 pvpl 32 4480716 0 4456645 379 142 237 252 0 265 33 pmappl 248 9626 0 9565 5 1 4 4 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1430 0 542 26 0 26 26 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff82999ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82b6e568) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82b6e568) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_unmap_detach(ffff800021135120,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1615 uvm_map_teardown(fffffd80087162e0) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789 uvmspace_free(fffffd80087162e0) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685 reaper(ffff8000210f97a0) at reaper+0x18b sys/kern/kern_exit.c:457 end trace frame: 0x0, count: 7 ddb{0}> trace x86_ipi_db(ffffffff82999ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82b6e568) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82b6e568) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_unmap_detach(ffff800021135120,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1615 uvm_map_teardown(fffffd80087162e0) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789 uvmspace_free(fffffd80087162e0) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685 reaper(ffff8000210f97a0) at reaper+0x18b sys/kern/kern_exit.c:457 end trace frame: 0x0, count: -8 ddb{0}> machine ddbcpu 1 Stopped at socreate+0x84: cmpq $0,0(%rax) socreate(18,ffff8000260ce438,3,3c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000260de000,ffff8000260ce4c8,ffff8000260ce520) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff8000260ce590) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000260ce590) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x983ff34b2f0, count: 11 ddb{1}> trace socreate(18,ffff8000260ce438,3,3c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000260de000,ffff8000260ce4c8,ffff8000260ce520) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff8000260ce590) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000260ce590) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x983ff34b2f0, count: -4