uvm_fault(0xffffffff839a0220, 0xffff800029742004, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at ffs_nodealloccg+0x13c: movl 0x4(%rbx),%r15d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*450477 64807 0 0x2 0 0 syz-executor
ffs_nodealloccg(fffffd806cdb0300,0,0,41ed) at ffs_nodealloccg+0x13c ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_nodealloccg(fffffd806cdb0300,0,0,41ed) at ffs_nodealloccg+0x13c sys/ufs/ffs/ffs_alloc.c:1106
ffs_inode_alloc(fffffd806cdb0300,41ed,fffffd8007ffd410,ffff80002a897708) at ffs_inode_alloc+0x20a ffs_hashalloc sys/ufs/ffs/ffs_alloc.c:814 [inline]
ffs_inode_alloc(fffffd806cdb0300,41ed,fffffd8007ffd410,ffff80002a897708) at ffs_inode_alloc+0x20a sys/ufs/ffs/ffs_alloc.c:390
ufs_mkdir(ffff80002a897770) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd806cf35b30,ffff80002a8978d0,ffff80002a897900,ffff80002a897800) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80002a747230,ffffff9c,798d5ae6ff80,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3143
syscall(ffff80002a897a70) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a897a70) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x798d5ae70020, count: 8
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xffffffff839a0220, 0xffff800029742004, 0, 1) -> d
ddb> trace
ffs_nodealloccg(fffffd806cdb0300,0,0,41ed) at ffs_nodealloccg+0x13c ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_nodealloccg(fffffd806cdb0300,0,0,41ed) at ffs_nodealloccg+0x13c sys/ufs/ffs/ffs_alloc.c:1106
ffs_inode_alloc(fffffd806cdb0300,41ed,fffffd8007ffd410,ffff80002a897708) at ffs_inode_alloc+0x20a ffs_hashalloc sys/ufs/ffs/ffs_alloc.c:814 [inline]
ffs_inode_alloc(fffffd806cdb0300,41ed,fffffd8007ffd410,ffff80002a897708) at ffs_inode_alloc+0x20a sys/ufs/ffs/ffs_alloc.c:390
ufs_mkdir(ffff80002a897770) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd806cf35b30,ffff80002a8978d0,ffff80002a897900,ffff80002a897800) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80002a747230,ffffff9c,798d5ae6ff80,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3143
syscall(ffff80002a897a70) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a897a70) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x798d5ae70020, count: -7
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80002a897520
rbx 0xffff800029742000
rdx 0
rcx 0xfffffd806be9be50
rax 0xffff80002a747230
r8 0xffffffffffffffff
r9 0xfffffd8007ffd410
r10 0xbffc13ed2eec74bc
r11 0x70b79b128d872cc1
r12 0xffff800000c47800
r13 0xfffffd807007fd38
r14 0
r15 0
rip 0xffffffff8303fb1c ffs_nodealloccg+0x13c
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a897470
ss 0x10
ffs_nodealloccg+0x13c: movl 0x4(%rbx),%r15d
ddb> show proc
PROC (syz-executor) tid=450477 pid=64807 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=50, usrpri=50, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a746008,0xffff80002a7462b0
process=0xffff80002a7aa890 user=0xffff80002a892000, vmspace=0xfffffd80716d62e8
estcpu=36, cpticks=6, pctcpu=0.0, user=0, sys=5, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
89424 367231 76530 0 2 0 syz-executor
89424 384352 76530 0 3 0x4000080 fsleep syz-executor
54915 351172 40152 0 2 0 syz-executor
54915 189304 40152 0 3 0x4000080 fsleep syz-executor
34871 108240 89002 0 2 0 syz-executor
34871 70999 89002 0 3 0x4000080 bell syz-executor
34871 153583 89002 0 2 0x4000000 syz-executor
20210 483537 21359 0 3 0x90 nanoslp syz-executor
20210 339153 21359 0 3 0x4000090 kqread syz-executor
20210 69895 21359 0 3 0x4000090 fsleep syz-executor
20210 462717 21359 0 3 0x4000090 fsleep syz-executor
9842 175113 17726 0 3 0x3010 suspend syz-executor
9842 302444 17726 0 3 0x4081010 inode syz-executor
9842 368889 17726 0 3 0x4081010 inode syz-executor
9842 440714 17726 0 2 0x4081010 syz-executor
9842 503015 17726 0 3 0x4081010 inode syz-executor
9842 489915 17726 0 3 0x4081010 inode syz-executor
9842 113663 17726 0 3 0x4081010 inode syz-executor
44380 46201 0 0 3 0x14200 acct acct
21359 385399 76381 0 2 0x3 syz-executor
39696 302812 0 0 3 0x14280 nfsidl nfsio
19104 201517 0 0 3 0x14280 nfsidl nfsio
92938 160947 0 0 3 0x14280 nfsidl nfsio
89092 148457 0 0 3 0x14280 nfsidl nfsio
946 458079 0 0 3 0x14280 nfsidl nfsio
59886 277935 0 0 3 0x14280 nfsidl nfsio
78846 269973 0 0 3 0x14280 nfsidl nfsio
69616 503893 0 0 3 0x14280 nfsidl nfsio
75234 219877 0 0 3 0x14280 nfsidl nfsio
89808 199259 0 0 3 0x14280 nfsidl nfsio
34819 163228 0 0 3 0x14280 nfsidl nfsio
87384 130051 0 0 3 0x14280 nfsidl nfsio
86258 514188 0 0 3 0x14280 nfsidl nfsio
34181 73645 0 0 3 0x14280 nfsidl nfsio
30376 368633 0 0 3 0x14280 nfsidl nfsio
4526 408493 0 0 3 0x14280 nfsidl nfsio
29394 426497 0 0 3 0x14280 nfsidl nfsio
7065 119700 0 0 3 0x14280 nfsidl nfsio
56521 248963 0 0 3 0x14280 nfsidl nfsio
13714 305081 0 0 3 0x14280 nfsidl nfsio
85872 110323 76381 0 2 0x3 syz-executor
89002 388736 76381 0 2 0x3 syz-executor
*64807 450477 76381 0 7 0x2 syz-executor
76530 421370 76381 0 2 0x3 syz-executor
82526 148830 76381 0 3 0x82 wait syz-executor
40152 368980 76381 0 2 0x3 syz-executor
17726 407064 76381 0 3 0x82 wait syz-executor
76381 245039 36771 0 3 0x82 kqread syz-executor
36771 73418 87209 0 3 0x10008a sigsusp ksh
87209 410945 14801 0 3 0x98 kqread sshd-session
14801 120967 89709 0 3 0x92 kqread sshd-session
45425 410067 1 0 3 0x100083 ttyin getty
89709 108330 1 0 3 0x88 kqread sshd
69770 431794 78699 73 3 0x1100090 kqread syslogd
78699 113821 1 0 3 0x100082 sbwait syslogd
28915 134225 1 0 3 0x100080 kqread resolvd
34768 509618 1413 77 3 0x100092 kqread dhcpleased
32800 248780 1413 77 3 0x100092 kqread dhcpleased
1413 1669 1 0 3 0x80 kqread dhcpleased
96857 82334 0 0 3 0x14200 bored smr
9023 203745 0 0 2 0x14200 zerothread
7243 130085 0 0 3 0x14200 aiodoned aiodoned
53882 72096 0 0 3 0x14200 syncer update
39966 471145 0 0 3 0x14200 cleaner cleaner
27196 281450 0 0 3 0x14200 reaper reaper
87487 221787 0 0 3 0x14200 pgdaemon pagedaemon
75322 29355 0 0 3 0x14200 bored viomb
16190 286383 0 0 3 0x40014200 acpi0 acpi0
72305 450818 0 0 3 0x14200 bored softnet0
60681 447232 0 0 3 0x14200 bored systqmp
15991 287392 0 0 3 0x14200 syncxs systq
64514 3487 0 0 3 0x40014200 tmoslp softclock
62711 518919 0 0 3 0x40014200 idle0
1 92963 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11068 12180K 12905K 166960K 12885 0
pcb 17 14K 15K 166960K 149 0
rtable 197 7K 10K 166960K 509 0
pf 32 13K 20K 166960K 125 0
ifaddr 35 6K 7K 166960K 70 0
ifgroup 46 2K 2K 166960K 106 0
sysctl 3 1K 9K 166960K 11 0
counters 32 17K 18K 166960K 92 0
ioctlops 0 0K 4K 166960K 255 0
iov 0 0K 16K 166960K 86 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1385 87K 87K 166960K 2127 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 28 0
dirhash 12 2K 2K 166960K 21 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 16 57K 89K 166960K 743 0
sigio 0 0K 0K 166960K 5 0
proc 60 59K 83K 166960K 603 0
subproc 72 4K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 67 0
in_multi 78 5K 7K 166960K 137 0
ether_multi 1 0K 0K 166960K 3 0
mrt 1 0K 0K 166960K 25 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 241 1076K 1076K 166960K 241 0
exec 0 0K 1K 166960K 449 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 223 135K 164K 166960K 8085 0
UVM aobj 17 2K 2K 166960K 17 0
pinsyscall 37 74K 93K 166960K 1896 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 23 0
NDP 10 0K 2K 166960K 47 0
temp 58 9067K 9132K 166960K 25157 0
kqueue 14 22K 33K 166960K 150 0
SYN cache 2 16K 24K 166960K 3 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
vscsiccb 40 1 0 0 1 0 1 1 0 8 0
rtpcb 120 134 0 130 3 2 1 3 0 8 0
rtentry 136 146 0 64 4 0 4 4 0 8 0
unpcb 144 290 0 275 1 0 1 1 0 8 0
syncache 336 5 0 5 2 2 0 1 0 8 0
tcpcb 736 279 0 274 13 12 1 7 0 8 0
arp 96 23 0 7 1 0 1 1 0 8 0
ipq 40 5 0 0 1 0 1 1 0 8 0
ipqe 40 7 0 1 1 0 1 1 0 8 0
inpcb 328 700 0 692 12 10 2 7 0 8 1
ip6q 72 7 0 3 1 0 1 1 0 8 0
ip6af 40 11 0 8 1 0 1 1 0 8 0
nd6 112 32 0 11 1 0 1 1 0 8 0
pkpcb 40 4 0 4 3 2 1 1 0 8 1
kcovpl 48 10 0 2 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 0 1 1 0 8 1
ppxss 1072 50 0 50 3 2 1 1 0 8 1
pppxif 1416 3 0 3 2 2 0 1 0 8 0
pfstscr 40 2 0 2 1 1 0 1 0 8 0
pfrktable 1344 15 0 14 1 0 1 1 0 8 0
pfanchor 1288 6 2 5 3 2 1 1 0 8 0
pftag 88 1 0 1 1 1 0 1 0 8 0
pfstkey 128 6 0 6 1 1 0 1 0 8 0
pfstate 384 3 0 3 1 1 0 1 0 8 0
pfrule 1360 9 0 8 1 0 1 1 0 8 0
rttmr 136 3 0 3 1 1 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 619 0 274 31 9 22 31 0 8 0
art_table 40 621 0 274 5 0 5 5 0 8 0
art_node 32 145 0 73 1 0 1 1 0 8 0
sysvmsgpl 40 9 0 5 1 0 1 1 0 8 0
semapl 112 26 0 16 1 0 1 1 0 8 0
shmpl 112 14 0 0 1 0 1 1 0 8 0
dirhash 1024 23 0 6 3 0 3 3 0 8 0
dino2pl 256 2724 0 1267 92 0 92 92 0 8 0
ffsino 256 2724 0 1267 92 0 92 92 0 8 0
nchpl 144 3779 0 2079 64 0 64 64 0 8 0
rtmask 32 5 0 5 2 2 0 1 0 8 0
vnodes 216 3280 0 0 183 0 183 183 0 8 0
namei 1024 12680 0 12675 3 1 2 2 0 8 1
pfiaddrpl 120 4 0 4 2 2 0 1 0 8 0
kstatmem 264 55 0 34 2 0 2 2 0 8 0
scsiplug 72 2 0 2 1 1 0 1 0 8 0
scxspl 216 18128 0 18127 16 8 8 8 1 8 7
plimitpl 152 134 0 116 1 0 1 1 0 8 0
sigapl 424 1056 0 994 8 0 8 8 0 8 0
knotepl 120 34174 0 34126 35 26 9 17 0 8 6
kqueuepl 184 226 0 215 1 0 1 1 0 8 0
pipepl 304 164 0 137 3 0 3 3 0 8 0
fdescpl 448 1021 0 993 5 1 4 5 0 8 0
filepl 120 5969 0 5745 12 2 10 10 0 8 1
lockfpl 104 275 0 273 2 1 1 2 0 8 0
lockfspl 48 123 0 121 1 0 1 1 0 8 0
sessionpl 144 52 0 44 1 0 1 1 0 8 0
pgrppl 48 74 0 58 1 0 1 1 0 8 0
ucredpl 104 1223 0 1210 1 0 1 1 0 8 0
zombiepl 144 1027 0 1025 1 0 1 1 0 8 0
processpl 1152 1056 0 994 5 0 5 5 0 8 0
procpl 664 1923 0 1848 8 1 7 7 0 8 0
sockpl 552 1148 0 1121 12 9 3 7 0 8 0
mcl64k 65536 72 0 72 2 1 1 1 0 8 1
mcl16k 16384 13 0 13 3 2 1 1 0 8 1
mcl12k 12288 2 0 2 1 0 1 1 0 8 1
mcl8k 8192 17 0 17 3 2 1 1 0 8 1
mcl4k 4096 3344 0 3291 13 5 8 13 0 8 0
mcl2k 2048 833 0 830 1 0 1 1 0 8 0
mtagpl 96 74 0 5 2 0 2 2 0 8 0
mbufpl 256 11516 0 11276 85 69 16 74 0 8 0
bufpl 280 7359 0 1144 445 0 445 445 0 8 0
anonpl 24 159017 0 151749 60 13 47 47 0 187 2
amapchunkpl 152 26101 0 25613 35 7 28 28 0 158 6
amappl16 200 2946 0 2676 25 9 16 16 0 8 1
amappl15 192 5 0 5 2 1 1 1 0 8 1
amappl14 184 436 0 435 1 0 1 1 0 8 0
amappl13 176 117 0 107 1 0 1 1 0 8 0
amappl12 168 1273 0 1246 2 0 2 2 0 8 0
amappl11 160 24 0 23 1 0 1 1 0 8 0
amappl10 152 60 0 50 1 0 1 1 0 8 0
amappl9 144 255 0 255 1 1 0 1 0 8 0
amappl8 136 111 0 110 1 0 1 1 0 8 0
amappl7 128 143 0 132 1 0 1 1 0 8 0
amappl6 120 171 0 170 1 0 1 1 0 8 0
amappl5 112 98 0 90 1 0 1 1 0 8 0
amappl4 104 268 0 252 1 0 1 1 0 8 0
amappl3 96 5273 0 5166 4 0 4 4 0 8 0
amappl2 88 537 0 481 2 0 2 2 0 8 0
amappl1 80 12067 0 11527 15 2 13 15 0 8 0
amappl 88 7254 0 7092 5 0 5 5 0 92 0
uvmvnodes 80 113 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 256 0 255 2 1 1 1 0 8 0
dma64 64 7 0 7 2 2 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 16 0 0 1 0 1 1 0 8 0
uaddrrnd 24 1021 0 993 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1021 0 993 1 0 1 1 0 8 0
vmmpekpl 168 9168 0 9122 3 0 3 3 0 8 0
vmmpepl 168 70257 0 68263 100 7 93 93 0 357 1
vmsppl 368 1020 0 993 4 1 3 4 0 8 0
rwobjpl 40 20913 0 19689 13 0 13 13 0 8 0
pdppl 4096 2048 0 1986 98 32 66 78 0 8 4
pvpl 32 436157 0 421649 141 16 125 125 0 265 1
pmappl 216 1020 0 993 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 457 0 139 12 2 10 12 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
ffs_nodealloccg(fffffd806cdb0300,0,0,41ed) at ffs_nodealloccg+0x13c ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_nodealloccg(fffffd806cdb0300,0,0,41ed) at ffs_nodealloccg+0x13c sys/ufs/ffs/ffs_alloc.c:1106
ffs_inode_alloc(fffffd806cdb0300,41ed,fffffd8007ffd410,ffff80002a897708) at ffs_inode_alloc+0x20a ffs_hashalloc sys/ufs/ffs/ffs_alloc.c:814 [inline]
ffs_inode_alloc(fffffd806cdb0300,41ed,fffffd8007ffd410,ffff80002a897708) at ffs_inode_alloc+0x20a sys/ufs/ffs/ffs_alloc.c:390
ufs_mkdir(ffff80002a897770) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd806cf35b30,ffff80002a8978d0,ffff80002a897900,ffff80002a897800) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80002a747230,ffffff9c,798d5ae6ff80,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3143
syscall(ffff80002a897a70) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a897a70) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x798d5ae70020, count: -7
ddb> machine ddbcpu 1
No such command
ddb> trace
ffs_nodealloccg(fffffd806cdb0300,0,0,41ed) at ffs_nodealloccg+0x13c ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_nodealloccg(fffffd806cdb0300,0,0,41ed) at ffs_nodealloccg+0x13c sys/ufs/ffs/ffs_alloc.c:1106
ffs_inode_alloc(fffffd806cdb0300,41ed,fffffd8007ffd410,ffff80002a897708) at ffs_inode_alloc+0x20a ffs_hashalloc sys/ufs/ffs/ffs_alloc.c:814 [inline]
ffs_inode_alloc(fffffd806cdb0300,41ed,fffffd8007ffd410,ffff80002a897708) at ffs_inode_alloc+0x20a sys/ufs/ffs/ffs_alloc.c:390
ufs_mkdir(ffff80002a897770) at ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
VOP_MKDIR(fffffd806cf35b30,ffff80002a8978d0,ffff80002a897900,ffff80002a897800) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
domkdirat(ffff80002a747230,ffffff9c,798d5ae6ff80,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3143
syscall(ffff80002a897a70) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a897a70) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x798d5ae70020, count: -7