uvm_fault(0xffffffff83b11080, 0xffff800020742004, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at ffs_freefile+0x11e: movl 0x4(%rbx),%r13d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*202042 9543 0 0x2 0 1K syz-executor
139232 67481 0 0x2 0x1 0 syz-executor
ffs_freefile(fffffd80721ae850,cbff,6000) at ffs_freefile+0x11e ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_freefile(fffffd80721ae850,cbff,6000) at ffs_freefile+0x11e sys/ufs/ffs/ffs_alloc.c:1377
ffs_inode_free(fffffd80721ae850,cbff,6000) at ffs_inode_free+0x44 sys/ufs/ffs/ffs_alloc.c:1355
ufs_inactive(ffff80002a2e4ac0) at ufs_inactive+0x29c sys/ufs/ufs/ufs_inode.c:94
VOP_INACTIVE(fffffd805f661ca8,ffff80002a222a70) at VOP_INACTIVE+0x104 sys/kern/vfs_vops.c:498
vput(fffffd805f661ca8) at vput+0xe5 sys/kern/vfs_subr.c:789
VOP_REMOVE(fffffd806c628648,fffffd805f661ca8,ffff80002a2e4c28) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336
dounlinkat(ffff80002a222a70,ffffff9c,7b2b71d46be0,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1929
syscall(ffff80002a2e4da0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2e4da0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7b2b71d47090, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xffffffff83b11080, 0xffff800020742004, 0, 1) -> d
ddb{1}> trace
ffs_freefile(fffffd80721ae850,cbff,6000) at ffs_freefile+0x11e ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_freefile(fffffd80721ae850,cbff,6000) at ffs_freefile+0x11e sys/ufs/ffs/ffs_alloc.c:1377
ffs_inode_free(fffffd80721ae850,cbff,6000) at ffs_inode_free+0x44 sys/ufs/ffs/ffs_alloc.c:1355
ufs_inactive(ffff80002a2e4ac0) at ufs_inactive+0x29c sys/ufs/ufs/ufs_inode.c:94
VOP_INACTIVE(fffffd805f661ca8,ffff80002a222a70) at VOP_INACTIVE+0x104 sys/kern/vfs_vops.c:498
vput(fffffd805f661ca8) at vput+0xe5 sys/kern/vfs_subr.c:789
VOP_REMOVE(fffffd806c628648,fffffd805f661ca8,ffff80002a2e4c28) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336
dounlinkat(ffff80002a222a70,ffffff9c,7b2b71d46be0,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1929
syscall(ffff80002a2e4da0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2e4da0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7b2b71d47090, count: -9
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80002a2e4a00
rbx 0xffff800020742000
rdx 0
rcx 0xffff80002a222a70
rax 0xfffffd8072051358
r8 0xffffffffffffffff
r9 0xfffffd80097fd478
r10 0xd72792e303cf9822
r11 0xf6e85d57fe86cec
r12 0x2
r13 0
r14 0xffff800000c31800
r15 0xcbff __ALIGN_SIZE+0xbbff
rip 0xffffffff8123e27e ffs_freefile+0x11e
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a2e4970
ss 0x10
ffs_freefile+0x11e: movl 0x4(%rbx),%r13d
ddb{1}> show proc
PROC (syz-executor) tid=202042 pid=9543 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a2227d8,0xffff80002a222550
process=0xffff8000ffff4e78 user=0xffff80002a2df000, vmspace=0xfffffd800b063988
estcpu=36, cpticks=9, pctcpu=0.0, user=0, sys=8, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
83997 83866 28597 0 2 0 syz-executor
83997 65218 28597 0 3 0x4000080 fsleep syz-executor
33924 13054 92173 0 2 0 syz-executor
33924 304821 92173 0 3 0x4000080 fsleep syz-executor
78546 415118 13829 0 2 0 syz-executor
78546 247290 13829 0 2 0x4000000 syz-executor
23221 405565 59235 0 2 0 syz-executor
23221 59640 59235 0 3 0x4000080 fsleep syz-executor
17609 181495 19797 0 2 0 syz-executor
17609 330788 19797 0 3 0x4000080 fsleep syz-executor
18333 115898 47401 0 3 0x80 nanoslp syz-executor
18333 214937 47401 0 3 0x4000080 sbwait syz-executor
18333 369295 47401 0 3 0x4000080 fsleep syz-executor
90531 20866 1 0 3 0x82 nanoslp getty
98437 105908 0 0 3 0x14280 nfsidl nfsio
78512 511034 0 0 3 0x14280 nfsidl nfsio
93030 216749 0 0 3 0x14280 nfsidl nfsio
93605 330732 0 0 3 0x14280 nfsidl nfsio
83902 19912 0 0 3 0x14280 nfsidl nfsio
19525 281546 0 0 3 0x14280 nfsidl nfsio
58295 114647 0 0 3 0x14280 nfsidl nfsio
48124 5250 0 0 3 0x14280 nfsidl nfsio
91944 323375 0 0 3 0x14280 nfsidl nfsio
46501 280924 0 0 3 0x14280 nfsidl nfsio
43672 135195 0 0 3 0x14280 nfsidl nfsio
35679 293825 0 0 3 0x14280 nfsidl nfsio
12269 250231 0 0 3 0x14280 nfsidl nfsio
60832 212499 0 0 3 0x14280 nfsidl nfsio
63548 227795 0 0 3 0x14280 nfsidl nfsio
12937 466649 0 0 3 0x14280 nfsidl nfsio
60503 290336 0 0 3 0x14280 nfsidl nfsio
87656 27735 0 0 3 0x14280 nfsidl nfsio
30142 518887 0 0 3 0x14280 nfsidl nfsio
86237 36702 0 0 3 0x14280 nfsidl nfsio
92173 264354 67481 0 3 0x82 nanoslp syz-executor
47401 299763 67481 0 3 0x82 nanoslp syz-executor
97035 392774 67481 0 3 0x82 nanoslp syz-executor
59235 331381 67481 0 3 0x82 nanoslp syz-executor
19797 354793 67481 0 3 0x82 nanoslp syz-executor
* 9543 202042 67481 0 7 0x2 syz-executor
28597 401251 67481 0 3 0x82 nanoslp syz-executor
13829 62819 67481 0 3 0x82 nanoslp syz-executor
67481 139232 1 0 7 0x3 syz-executor
69128 325306 0 0 3 0x14200 bored smr
69327 433283 0 0 2 0x14200 zerothread
53137 323893 0 0 3 0x14200 aiodoned aiodoned
86687 208681 0 0 3 0x14200 syncer update
40293 521971 0 0 3 0x14200 cleaner cleaner
27991 520992 0 0 3 0x14200 reaper reaper
3748 154681 0 0 3 0x14200 pgdaemon pagedaemon
7198 239495 0 0 3 0x14200 bored viomb
42207 90350 0 0 3 0x40014200 acpi0 acpi0
78156 66622 0 0 3 0x40014200 idle1
63587 293615 0 0 3 0x14200 bored softnet1
97758 86365 0 0 3 0x14200 bored softnet0
99181 52789 0 0 3 0x14200 bored systqmp
2237 490357 0 0 3 0x14200 bored systq
6398 312379 0 0 3 0x14200 tmoslp softclockmp
17661 183889 0 0 3 0x40014200 tmoslp softclock
35442 359177 0 0 3 0x40014200 idle0
1 106053 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 9543 (syz-executor) thread 0xffff80002a222a70 (202042)
exclusive rrwlock inode r = 0 (0xfffffd80721ae8f0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576
#5 vget+0x2a2 sys/kern/vfs_subr.c:686
#6 ufs_ihashget+0x185 sys/ufs/ufs/ufs_ihash.c:98
#7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1203
#8 ufs_lookup+0x1a36 sys/ufs/ufs/ufs_lookup.c:478
#9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x963 sys/kern/vfs_lookup.c:580
#11 namei+0x7c5 sys/kern/vfs_lookup.c:250
#12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1893
#13 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#13 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd80675e6570)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576
#5 vget+0x2a2 sys/kern/vfs_subr.c:686
#6 cache_lookup+0x351 sys/kern/vfs_cache.c:222
#7 ufs_lookup+0x1e3 sys/ufs/ufs/ufs_lookup.c:160
#8 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#9 vfs_lookup+0x963 sys/kern/vfs_lookup.c:580
#10 namei+0x7c5 sys/kern/vfs_lookup.c:250
#11 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1893
#12 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#12 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#13 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a6adc0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
#1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783
#2 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11084 12032K 12346K 166960K 12668 0
pcb 19 13K 13K 166960K 65 0
rtable 215 6K 7K 166960K 364 0
pf 38 18K 24K 166960K 82 0
ifaddr 43 7K 7K 166960K 54 0
ifgroup 60 2K 2K 166960K 77 0
sysctl 4 1K 9K 166960K 9 0
counters 72 37K 37K 166960K 84 0
ioctlops 0 0K 4K 166960K 1524 0
iov 0 0K 12K 166960K 11 0
mount 1 1K 1K 166960K 1 0
log 2 4K 4K 166960K 6 0
vnodes 1358 85K 86K 166960K 1691 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 13K 166960K 13 0
VM map 2 1K 1K 166960K 2 0
sem 9 0K 0K 166960K 18 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 16 61K 89K 166960K 380 0
sigio 0 0K 0K 166960K 4 0
proc 21 33K 164K 166960K 605 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 33 0
in_multi 96 7K 7K 166960K 103 0
ether_multi 1 0K 0K 166960K 3 0
mrt 0 0K 0K 166960K 10 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 241 1076K 1076K 166960K 241 0
exec 0 0K 1K 166960K 442 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 132 82K 185K 166960K 5305 0
UVM aobj 16 2K 2K 166960K 16 0
pinsyscall 19 38K 104K 166960K 1544 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 4 0
NDP 13 0K 2K 166960K 36 0
temp 43 9115K 9206K 166960K 10532 0
kqueue 1 2K 22K 166960K 58 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}>