uvm_fault(0xfffffd80674fe5d0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at socreate+0x84: cmpq $0,0(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND 483672 22311 0 0 0 1 syz-executor.2 *453067 22311 0 0 0x4000000 0K syz-executor.2 socreate(18,ffff80002121c7f8,3,3c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000fffee2b0,ffff80002121c888,ffff80002121c8e0) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff80002121c950) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002121c950) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2b47acd0150, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd80674fe5d0, 0x0, 0, 1) -> e ddb{0}> trace socreate(18,ffff80002121c7f8,3,3c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000fffee2b0,ffff80002121c888,ffff80002121c8e0) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff80002121c950) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002121c950) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2b47acd0150, count: -4 ddb{0}> show registers rdi 0xffff8000256a8000 rsi 0x26 rbp 0xffff80002121c7e0 rbx 0x18 rdx 0xffff8000256a8000 rcx 0x25 rax 0 r8 0xffffffff811cfb80 uvm_map_inentry_pc r9 0x16 r10 0 r11 0xe7010a604c8f2a63 r12 0xffff80002121c7f8 r13 0xffffffff82676048 inet6sw+0x208 r14 0x3 r15 0x3c rip 0xffffffff81b8f4e4 socreate+0x84 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff80002121c780 ss 0x10 socreate+0x84: cmpq $0,0(%rax) ddb{0}> show proc PROC (syz-executor.2) pid=453067 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff800024aa3ce8,0xffff8000fffee020 process=0xffff8000ffff2158 user=0xffff800021217000, vmspace=0xfffffd80674fe5d0 estcpu=33, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 40851 326757 50095 0 2 0 syz-executor.6 85530 336220 20340 0 2 0 syz-executor.0 85530 26071 20340 0 3 0x4000080 fsleep syz-executor.0 43191 338349 75269 0 2 0 syz-executor.3 43191 410919 75269 0 3 0x4000080 fsleep syz-executor.3 59124 225907 53221 0 2 0 syz-executor.1 59124 271009 53221 0 3 0x4000080 fsleep syz-executor.1 22311 483672 39055 0 7 0 syz-executor.2 *22311 453067 39055 0 7 0x4000000 syz-executor.2 22159 21781 38514 0 2 0 syz-executor.4 22159 199624 38514 0 3 0x4000080 fsleep syz-executor.4 3207 461045 72128 0 2 0 syz-executor.5 3207 327492 72128 0 3 0x4000080 fifor syz-executor.5 20340 1949 37220 0 2 0x2 syz-executor.0 39055 396892 37220 0 2 0x482 syz-executor.2 53221 275897 37220 0 2 0x482 syz-executor.1 75269 190258 37220 0 2 0x482 syz-executor.3 50095 225694 37220 0 3 0x82 nanoslp syz-executor.6 72128 522918 37220 0 2 0x2 syz-executor.5 44085 19288 1 0 3 0x100083 ttyin getty 1516 333410 37220 0 2 0x482 syz-executor.7 31958 270189 0 0 3 0x14200 acct acct 89881 5028 0 0 3 0x14200 bored sosplice 38514 19031 37220 0 2 0x482 syz-executor.4 37220 146700 97707 0 3 0x82 thrsleep syz-fuzzer 37220 390057 97707 0 3 0x4000082 thrsleep syz-fuzzer 37220 213246 97707 0 3 0x4000082 thrsleep syz-fuzzer 37220 479427 97707 0 3 0x4000082 thrsleep syz-fuzzer 37220 185259 97707 0 3 0x4000082 thrsleep syz-fuzzer 37220 42985 97707 0 3 0x4000082 kqread syz-fuzzer 37220 501310 97707 0 3 0x4000082 thrsleep syz-fuzzer 37220 365331 97707 0 3 0x4000082 thrsleep syz-fuzzer 37220 476464 97707 0 3 0x4000082 thrsleep syz-fuzzer 97707 7664 55159 0 3 0x10008a sigsusp ksh 55159 343383 35235 0 3 0x9a kqread sshd 35235 302443 1 0 3 0x88 kqread sshd 19152 127564 89176 74 3 0x1100092 bpf pflogd 89176 304944 1 0 3 0x80 netio pflogd 46744 448598 71558 73 3 0x1100090 kqread syslogd 71558 449928 1 0 3 0x100082 netio syslogd 80378 128030 1 0 3 0x100080 kqread resolvd 96995 196701 68779 77 3 0x100092 kqread dhcpleased 52329 350135 68779 77 3 0x100092 kqread dhcpleased 68779 231844 1 0 3 0x80 kqread dhcpleased 91212 177655 0 0 3 0x14200 bored smr 253 460505 0 0 2 0x14200 zerothread 81378 494258 0 0 3 0x14200 aiodoned aiodoned 54304 479135 0 0 3 0x14200 syncer update 8460 492206 0 0 3 0x14200 cleaner cleaner 33617 296576 0 0 3 0x14200 reaper reaper 58287 225932 0 0 3 0x14200 pgdaemon pagedaemon 73282 236922 0 0 3 0x14200 bored viomb 61207 327965 0 0 3 0x40014200 acpi0 acpi0 76943 192061 0 0 3 0x40014200 idle1 96747 453013 0 0 3 0x14200 bored softnet 30029 236982 0 0 3 0x14200 bored systqmp 44147 7494 0 0 3 0x14200 bored systq 91865 259704 0 0 3 0x40014200 bored softclock 93388 287720 0 0 3 0x40014200 idle0 1 432952 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 22311 (syz-executor.2) thread 0xffff8000fffee2b0 (453067) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b6e770) #0 witness_lock+0x44d #1 kpageflttrap+0x23d sys/arch/amd64/amd64/trap.c:274 #2 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #3 alltraps_kern_meltdown+0x7b #4 socreate+0x84 sys/kern/uipc_socket.c:172 #5 sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 #6 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10207 6556K 7394K 78643K 13371 0 pcb 13 14K 16K 78643K 2037 0 rtable 239 11K 13K 78643K 3485 0 ifaddr 97 23K 25K 78643K 820 0 sysctl 3 1K 1K 78643K 3 0 counters 56 35K 35K 78643K 294 0 ioctlops 0 0K 4K 78643K 3099 0 iov 0 0K 24K 78643K 668 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1335 83K 84K 78643K 4320 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 68 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 12 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 85K 78643K 9639 0 sigio 0 0K 0K 78643K 153 0 proc 71 87K 124K 78643K 1867 0 subproc 104 6K 6K 78643K 611 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 467 0 in_multi 96 6K 6K 78643K 765 0 ether_multi 1 0K 0K 78643K 90 0 mrt 1 0K 0K 78643K 31 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 193 864K 864K 78643K 193 0 exec 0 0K 2K 78643K 2912 0 pfkey data 0 0K 1K 78643K 39 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 447 457K 461K 78643K 124143 0 UVM aobj 131 8K 8K 78643K 139 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1582 0 NDP 13 0K 1K 78643K 233 0 temp 160 4755K 8786K 78643K 95287 0 kqueue 12 18K 28K 78643K 908 0 SYN cache 2 16K 24K 78643K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1776 0 1773 22 21 1 3 0 8 0 rtentry 112 641 0 541 4 0 4 4 0 8 0 unpcb 136 5356 0 5339 61 60 1 7 0 8 0 syncache 296 94 0 94 10 9 1 1 0 8 1 tcpqe 32 115 0 115 5 5 0 1 0 8 0 tcpcb 736 5166 0 5159 105 98 7 12 0 8 4 arp 120 103 0 84 1 0 1 1 0 8 0 inpcb 304 11772 0 11762 130 126 4 11 0 8 3 rttmr 72 8 0 8 3 3 0 1 0 8 0 ip6q 72 4 0 4 1 1 0 1 0 8 0 ip6af 40 12 0 12 1 1 0 1 0 8 0 nd6 48 154 0 132 1 0 1 1 0 8 0 pkpcb 40 99 0 99 7 7 0 1 0 8 0 kcovpl 48 47 0 39 1 0 1 1 0 8 0 ppxss 1248 26 0 26 8 8 0 1 0 8 0 pfstscr 40 24 0 24 4 4 0 1 0 8 0 pffrag 232 54 0 53 7 6 1 1 0 482 0 pffrnode 88 54 0 53 7 6 1 1 0 8 0 pffrent 40 287 0 286 7 6 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 149 0 141 8 7 1 2 0 8 0 pftag 88 3 0 1 1 0 1 1 0 8 0 pfqueue 264 3 0 3 1 1 0 1 0 8 0 pfstitem 24 22 0 20 1 0 1 1 0 8 0 pfstkey 112 54 0 52 1 0 1 1 0 8 0 pfstate 320 37 0 35 2 1 1 2 0 8 0 pfrule 1360 258 0 244 5 3 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2573 0 2138 42 14 28 29 0 8 0 art_table 32 2574 0 2138 4 0 4 4 0 8 0 art_node 16 639 0 551 1 0 1 1 0 8 0 sysvmsgpl 40 26 0 10 1 0 1 1 0 8 0 semapl 112 10 0 0 1 0 1 1 0 8 0 shmpl 112 136 0 8 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 13631 0 12178 92 0 92 92 0 8 0 ffsino 272 13631 0 12178 98 0 98 98 0 8 0 nchpl 144 29734 0 28109 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 97132 0 97132 3 2 1 2 0 8 1 percpumem 16 159 0 119 1 0 1 1 0 8 0 vcpupl 2048 60 0 0 8 0 8 8 0 8 0 vmpool 560 70 0 10 6 1 5 5 0 8 0 pfiaddrpl 120 54 0 47 7 6 1 1 0 8 0 scxspl 216 78515 0 78515 26 25 1 8 0 8 1 plimitpl 152 812 0 797 1 0 1 1 0 8 0 sigapl 424 9883 0 9836 8 2 6 8 0 8 0 futexpl 64 89628 0 89624 2 1 1 1 0 8 0 knotepl 120 407 0 0 6 0 6 6 0 8 0 kqueuepl 216 2463 0 2455 39 38 1 5 0 8 0 pipepl 336 1717 0 1689 55 45 10 13 0 8 7 fdescpl 496 9846 0 9816 5 1 4 5 0 8 0 filepl 152 66580 0 66340 136 119 17 22 0 8 7 lockfpl 104 1764 0 1762 4 3 1 3 0 8 0 lockfspl 48 505 0 503 1 0 1 1 0 8 0 sessionpl 144 64 0 47 1 0 1 1 0 8 0 pgrppl 48 71 0 54 1 0 1 1 0 8 0 ucredpl 96 6072 0 6060 1 0 1 1 0 8 0 zombiepl 144 9837 0 9836 1 0 1 1 0 8 0 processpl 1064 9883 0 9836 5 1 4 5 0 8 0 procpl 672 29303 0 29242 32 26 6 8 0 8 0 srpgc 96 42 0 42 13 13 0 1 0 8 0 sosppl 168 54 0 54 14 14 0 1 0 8 0 sockpl 480 19018 0 18988 335 327 8 26 0 8 4 mcl64k 65536 19 0 0 3 0 3 3 0 8 0 mcl16k 16384 38 0 0 5 3 2 3 0 8 0 mcl12k 12288 33 0 0 2 0 2 2 0 8 0 mcl9k 9216 31 0 0 3 1 2 2 0 8 0 mcl8k 8192 33 0 0 3 0 3 3 0 8 0 mcl4k 4096 41 0 0 4 1 3 3 0 8 0 mcl2k2 2112 7 0 0 1 0 1 1 0 8 0 mcl2k 2048 231 0 0 20 2 18 20 0 8 0 mtagpl 96 15 0 0 1 0 1 1 0 8 0 mbufpl 256 1118 0 0 37 0 37 37 0 8 0 bufpl 288 19781 0 13445 453 0 453 453 0 8 0 anonpl 24 2763736 0 2746863 220 76 144 146 0 186 18 amapchunkpl 152 299614 0 298743 102 64 38 50 0 158 0 amappl16 200 24478 0 23912 103 63 40 43 0 8 8 amappl15 192 2123 0 2116 1 0 1 1 0 8 0 amappl14 184 1280 0 1275 1 0 1 1 0 8 0 amappl13 176 1146 0 1144 1 0 1 1 0 8 0 amappl12 168 376 0 368 1 0 1 1 0 8 0 amappl11 160 509 0 495 1 0 1 1 0 8 0 amappl10 152 1225 0 1217 1 0 1 1 0 8 0 amappl9 144 2485 0 2481 1 0 1 1 0 8 0 amappl8 136 2994 0 2882 4 0 4 4 0 8 0 amappl7 128 1812 0 1797 1 0 1 1 0 8 0 amappl6 120 2371 0 2342 3 2 1 2 0 8 0 amappl5 112 10048 0 10024 1 0 1 1 0 8 0 amappl4 104 2912 0 2885 2 1 1 2 0 8 0 amappl3 96 1008 0 995 1 0 1 1 0 8 0 amappl2 88 2314 0 2264 3 1 2 3 0 8 0 amappl1 80 181788 0 181198 20 6 14 19 0 8 0 amappl 88 122864 0 122570 9 1 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 138 0 8 3 0 3 3 0 8 0 uaddrrnd 24 9916 0 9826 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9916 0 9826 1 0 1 1 0 8 0 vmmpekpl 168 81333 0 81276 5 1 4 4 0 8 0 vmmpepl 168 907313 0 904572 287 156 131 141 0 357 1 vmsppl 368 9915 0 9826 10 1 9 9 0 8 0 rwobjpl 56 223738 0 216039 118 5 113 113 0 8 3 pdppl 4096 19839 0 19712 700 571 129 129 0 8 2 pvpl 32 4720404 0 4698903 470 239 231 260 0 265 30 pmappl 248 9915 0 9826 7 1 6 6 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1650 0 742 27 0 27 27 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace socreate(18,ffff80002121c7f8,3,3c) at socreate+0x84 sys/kern/uipc_socket.c:172 sys_socket(ffff8000fffee2b0,ffff80002121c888,ffff80002121c8e0) at sys_socket+0xd8 sys/kern/uipc_syscalls.c:96 syscall(ffff80002121c950) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002121c950) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2b47acd0150, count: -4 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7fffffb2d0, count: 12 ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7fffffb2d0, count: -3