uvm_fault(0xffffffff838fce98, 0xffff8000293e2050, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at ffs2_balloc+0xa0d: movq 0(%rcx,%rax,8),%r14
TID PID UID PRFLAGS PFLAGS CPU COMMAND
284438 86244 0 0 0 1 syz-executor
*515781 3410 0 0 0x4000000 0K syz-executor
ffs2_balloc(fffffd806f6fc018,58000,4000,fffffd80097fb8f0,2,ffff80003c49d978) at ffs2_balloc+0xa0d sys/ufs/ffs/ffs_balloc.c:614
ffs_write(ffff80003c49da00) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd806a3d9c18,ffff80003c49dbb8,7,fffffd80097fb8f0) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_write(fffffd8078a1a930,ffff80003c49dbb8,0) at vn_write+0x1d3 sys/kern/vfs_vnops.c:408
dofilewritev(ffff800037c09248,6,ffff80003c49dbb8,0,ffff80003c49dc70) at dofilewritev+0x242 sys/kern/sys_generic.c:380
sys_write(ffff800037c09248,ffff80003c49dd20,ffff80003c49dc70) at sys_write+0xa2 sys/kern/sys_generic.c:300
syscall(ffff80003c49dd20) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c49dd20) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc69b975d8e0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xffffffff838fce98, 0xffff8000293e2050, 0, 1) -> d
ddb{0}> trace
ffs2_balloc(fffffd806f6fc018,58000,4000,fffffd80097fb8f0,2,ffff80003c49d978) at ffs2_balloc+0xa0d sys/ufs/ffs/ffs_balloc.c:614
ffs_write(ffff80003c49da00) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd806a3d9c18,ffff80003c49dbb8,7,fffffd80097fb8f0) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_write(fffffd8078a1a930,ffff80003c49dbb8,0) at vn_write+0x1d3 sys/kern/vfs_vnops.c:408
dofilewritev(ffff800037c09248,6,ffff80003c49dbb8,0,ffff80003c49dc70) at dofilewritev+0x242 sys/kern/sys_generic.c:380
sys_write(ffff800037c09248,ffff80003c49dd20,ffff80003c49dc70) at sys_write+0xa2 sys/kern/sys_generic.c:300
syscall(ffff80003c49dd20) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c49dd20) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc69b975d8e0, count: -8
ddb{0}> show registers
rdi 0
rsi 0x2
rbp 0xffff80003c49d920
rbx 0
rdx 0xffff80000147fb40
rcx 0xffff8000293e2000
rax 0xa
r8 0xffffffffffffffff
r9 0xffff80003c49d978
r10 0x4464781672b58d2a
r11 0xa9cd77d9d5cc9b04
r12 0x1
r13 0xffff800000b2d800
r14 0xffff80003c49d7b0
r15 0xfffffd80682ec348
rip 0xffffffff81e6aa2d ffs2_balloc+0xa0d
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80003c49d7a0
ss 0x10
ffs2_balloc+0xa0d: movq 0(%rcx,%rax,8),%r14
ddb{0}> show proc
PROC (syz-executor) tid=515781 pid=3410 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=17, usrpri=79, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff800037c08020,0xffff800037c08fc0
process=0xffff80003c426b70 user=0xffff80003c498000, vmspace=0xfffffd807e2105d8
estcpu=29, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=1
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
28097 514633 1088 0 2 0 syz-executor
86244 284438 19924 0 7 0 syz-executor
86244 394785 19924 0 3 0x4000080 fsleep syz-executor
86244 446373 19924 0 2 0x4000000 syz-executor
39010 24907 56368 0 2 0 syz-executor
39010 459204 56368 0 3 0x4000080 fsleep syz-executor
3410 403041 77946 0 2 0 syz-executor
* 3410 515781 77946 0 7 0x4000000 syz-executor
71097 327313 63023 0 2 0 syz-executor
71097 486600 63023 0 2 0x4000000 syz-executor
47655 105895 3991 0 2 0 syz-executor
47655 371615 3991 0 3 0x4000080 sbwait syz-executor
47655 449155 3991 0 3 0x4000080 fsleep syz-executor
13338 398770 93501 60929 2 0x10 syz-executor
13338 345838 93501 60929 3 0x4000090 pipewr syz-executor
13338 137193 93501 60929 3 0x4000090 fsleep syz-executor
92737 116682 20926 0 2 0xc80 syz-executor
92737 36644 20926 0 3 0x4000080 kqsel syz-executor
92737 454307 20926 0 3 0x4000080 fsleep syz-executor
92737 231125 20926 0 3 0x4000080 fsleep syz-executor
92737 156849 20926 0 3 0x4000080 fsleep syz-executor
77946 295071 74868 0 2 0xc82 syz-executor
26914 351576 0 0 3 0x14200 bored sosplice
93501 392911 74868 0 2 0xc82 syz-executor
20926 462416 74868 0 2 0xc82 syz-executor
3991 240145 74868 0 2 0xc82 syz-executor
1088 452691 74868 0 2 0xc82 syz-executor
56368 329882 74868 0 2 0xc82 syz-executor
63023 440256 74868 0 2 0xc82 syz-executor
19924 479486 74868 0 2 0x2 syz-executor
74868 72944 59714 0 3 0x82 kqread syz-executor
59714 477462 15020 0 3 0x10008a sigsusp ksh
15020 50926 30809 0 3 0x98 kqread sshd-session
30809 304138 52735 0 3 0x92 kqread sshd-session
97397 165933 1 0 3 0x100083 ttyin getty
52735 97824 1 0 3 0x88 kqread sshd
26697 156977 76477 74 3 0x1100092 bpf pflogd
76477 86956 1 0 3 0x80 sbwait pflogd
44106 148057 35752 73 3 0x1100090 kqread syslogd
35752 124072 1 0 3 0x100082 sbwait syslogd
62460 263987 1 0 3 0x100080 kqread resolvd
18637 315345 13221 77 3 0x100092 kqread dhcpleased
72033 109376 13221 77 3 0x100092 kqread dhcpleased
13221 443457 1 0 3 0x80 kqread dhcpleased
90272 281935 0 0 3 0x14200 bored smr
47234 419895 0 0 2 0x14200 zerothread
40292 245713 0 0 3 0x14200 aiodoned aiodoned
21747 482917 0 0 3 0x14200 syncer update
66787 208370 0 0 3 0x14200 cleaner cleaner
67198 522805 0 0 3 0x14200 reaper reaper
61580 332264 0 0 3 0x14200 pgdaemon pagedaemon
56925 207769 0 0 3 0x14200 bored viomb
64933 482015 0 0 3 0x40014200 acpi0 acpi0
70448 375591 0 0 3 0x40014200 idle1
20214 488719 0 0 3 0x14200 bored softnet1
70701 95702 0 0 3 0x14200 bored softnet0
49323 273394 0 0 3 0x14200 bored systqmp
99851 419090 0 0 3 0x14200 bored systq
56732 235548 0 0 3 0x14200 tmoslp softclockmp
71505 324039 0 0 3 0x40014200 tmoslp softclock
8680 29497 0 0 3 0x40014200 idle0
1 438849 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 3410 (syz-executor) thread 0xffff800037c09248 (515781)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10232 11230K 11355K 166960K 11624 0
pcb 17 12K 12K 166960K 54 0
rtable 185 6K 7K 166960K 317 0
pf 40 18K 19K 166960K 84 0
ifaddr 42 7K 7K 166960K 66 0
ifgroup 60 2K 2K 166960K 99 0
sysctl 1 1K 9K 166960K 6 0
counters 74 37K 37K 166960K 104 0
ioctlops 0 0K 4K 166960K 1529 0
iov 0 0K 16K 166960K 22 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1350 85K 85K 166960K 1589 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 9 0
VM map 2 1K 1K 166960K 2 0
sem 6 0K 0K 166960K 8 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 93K 166960K 415 0
sigio 0 0K 0K 166960K 6 0
proc 72 115K 164K 166960K 587 0
subproc 72 4K 4K 166960K 81 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 40 0
in_multi 86 6K 7K 166960K 125 0
ether_multi 1 0K 0K 166960K 3 0
mrt 0 0K 0K 166960K 2 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 229 1023K 1023K 166960K 229 0
exec 0 0K 1K 166960K 431 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 246 168K 176K 166960K 5446 0
UVM aobj 13 2K 2K 166960K 13 0
pinsyscall 43 86K 105K 166960K 1519 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 12 0
NDP 13 0K 2K 166960K 43 0
temp 45 8643K 8717K 166960K 14024 0
kqueue 15 24K 31K 166960K 74 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 49 0 45 1 0 1 1 0 8 0
rtentry 176 114 0 35 5 0 5 5 0 8 0
unpcb 144 173 0 151 2 1 1 2 0 8 0
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 736 69 0 65 1 0 1 1 0 8 0
arp 136 13 0 3 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 3 0 3 1 1 0 1 0 8 0
inpcb 328 274 0 265 4 2 2 4 0 8 1
nd6 144 19 0 4 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 1 0 1 0 8 0
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1192 11 0 9 2 1 1 1 0 8 0
pppxif 1504 3 0 1 2 1 1 1 0 8 0
pfstscr 40 4 0 4 1 1 0 1 0 8 0
pffrag 232 3 0 1 1 0 1 1 0 482 0
pffrnode 88 3 0 1 1 0 1 1 0 8 0
pffrent 40 6 0 4 1 0 1 1 0 8 0
pfosfp 40 1430 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1430 0 714 21 0 21 21 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstitem 24 34 0 0 1 0 1 1 0 8 0
pfstkey 128 39 0 5 2 0 2 2 0 8 0
pfstate 384 37 0 3 4 0 4 4 0 8 0
pfrule 1344 22 0 17 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 506 0 134 28 3 25 28 0 8 0
art_table 40 507 0 134 5 0 5 5 0 8 0
art_node 32 114 0 46 1 0 1 1 0 8 0
sysvmsgpl 40 2 0 1 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 5 0 1 1 0 1 1 0 8 0
shmpl 112 10 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2064 0 552 95 0 95 95 0 8 0
ffsino 296 2064 0 552 117 0 117 117 0 8 0
nchpl 144 2617 0 922 64 0 64 64 0 8 0
rtmask 32 1 0 1 1 1 0 1 0 8 0
uvmvnodes 80 2288 0 0 47 0 47 47 0 8 0
vnodes 216 2288 0 0 128 0 128 128 0 8 0
namei 1024 8410 0 8410 3 2 1 2 0 8 1
percpumem 16 67 0 15 1 0 1 1 0 8 0
kstatmem 264 52 0 24 2 0 2 2 0 8 0
scsiplug 72 1 0 1 1 1 0 1 0 8 0
scxspl 216 17626 0 17626 9 8 1 8 1 8 1
plimitpl 152 195 0 177 1 0 1 1 0 8 0
sigapl 424 710 0 661 7 1 6 7 0 8 0
knotepl 120 699 0 0 22 0 22 22 0 8 0
kqueuepl 224 143 0 130 3 2 1 3 0 8 0
pipepl 344 188 0 159 9 6 3 9 0 8 0
fdescpl 528 693 0 661 3 0 3 3 0 8 0
filepl 160 3290 0 3052 15 4 11 15 0 8 0
lockfpl 104 110 0 107 1 0 1 1 0 8 0
lockfspl 48 52 0 49 1 0 1 1 0 8 0
sessionpl 144 23 0 14 1 0 1 1 0 8 0
pgrppl 48 36 0 19 1 0 1 1 0 8 0
ucredpl 104 427 0 413 1 0 1 1 0 8 0
zombiepl 144 661 0 661 2 1 1 1 0 8 1
processpl 1232 710 0 661 5 0 5 5 0 8 0
procpl 664 1220 0 1158 7 1 6 7 0 8 0
sosppl 168 2 0 2 1 1 0 1 0 8 0
sockpl 752 511 0 476 8 3 5 7 0 8 0
mcl64k 65536 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 111 0 0 14 0 14 14 0 8 0
mcl2k 2048 21 0 0 3 0 3 3 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 153 0 0 10 0 10 10 0 8 0
bufpl 280 7730 0 1587 439 0 439 439 0 8 0
anonpl 32 12097 0 0 98 0 98 98 0 246 0
amapchunkpl 152 17121 0 16627 31 9 22 27 0 158 0
amappl16 200 3931 0 3895 30 24 6 28 0 8 0
amappl15 192 12 0 12 1 1 0 1 0 8 0
amappl14 184 143 0 131 1 0 1 1 0 8 0
amappl13 176 15 0 15 2 2 0 1 0 8 0
amappl12 168 1381 0 1350 3 1 2 2 0 8 0
amappl11 160 53 0 38 1 0 1 1 0 8 0
amappl10 152 20 0 20 2 2 0 1 0 8 0
amappl9 144 274 0 274 1 1 0 1 0 8 0
amappl8 136 19 0 17 1 0 1 1 0 8 0
amappl7 128 111 0 98 1 0 1 1 0 8 0
amappl6 120 186 0 183 1 0 1 1 0 8 0
amappl5 112 133 0 124 1 0 1 1 0 8 0
amappl4 104 304 0 285 1 0 1 1 0 8 0
amappl3 96 2899 0 2802 4 1 3 3 0 8 0
amappl2 88 919 0 842 2 0 2 2 0 8 0
amappl1 80 9390 0 8782 15 2 13 15 0 8 0
amappl 88 4718 0 4549 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 12 0 0 1 0 1 1 0 8 0
uaddrrnd 24 693 0 661 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 693 0 661 1 0 1 1 0 8 0
vmmpekpl 168 7376 0 7337 3 0 3 3 0 8 0
vmmpepl 168 51412 0 49381 111 16 95 111 0 357 0
vmsppl 488 692 0 661 5 0 5 5 0 8 0
rwobjpl 80 19790 0 16554 69 0 69 69 0 8 0
pdppl 4096 1394 0 1322 100 28 72 86 0 8 0
pvpl 32 21112 0 0 171 0 171 171 0 265 0
pmappl 256 692 0 661 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 267 0 36 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
ffs2_balloc(fffffd806f6fc018,58000,4000,fffffd80097fb8f0,2,ffff80003c49d978) at ffs2_balloc+0xa0d sys/ufs/ffs/ffs_balloc.c:614
ffs_write(ffff80003c49da00) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd806a3d9c18,ffff80003c49dbb8,7,fffffd80097fb8f0) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
vn_write(fffffd8078a1a930,ffff80003c49dbb8,0) at vn_write+0x1d3 sys/kern/vfs_vnops.c:408
dofilewritev(ffff800037c09248,6,ffff80003c49dbb8,0,ffff80003c49dc70) at dofilewritev+0x242 sys/kern/sys_generic.c:380
sys_write(ffff800037c09248,ffff80003c49dd20,ffff80003c49dc70) at sys_write+0xa2 sys/kern/sys_generic.c:300
syscall(ffff80003c49dd20) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c49dd20) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc69b975d8e0, count: -8
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
end of kernel
end trace frame: 0x71f81d9c6560, count: 12
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
end of kernel
end trace frame: 0x71f81d9c6560, count: -3