uvm_fault(0xffffffff839b9bc0, 0xffff800026982004, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at ufsdirhash_build+0x9e8: movzwl 0x4(%rax,%r14,1),%r15d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*174923 38534 0 0 0x4000000 0 syz-executor
ufsdirhash_build(fffffd807e910800) at ufsdirhash_build+0x9e8 sys/ufs/ufs/ufs_dirhash.c:213
ufs_lookup() at ufs_lookup+0x388 sys/ufs/ufs/ufs_lookup.c:198
VOP_LOOKUP(fffffd806c2a3e80,ffff80003ca256e8,ffff80003ca25718) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
vfs_lookup(ffff80003ca256b8) at vfs_lookup+0x921 sys/kern/vfs_lookup.c:566
namei(ffff80003ca256b8) at namei+0x7ca sys/kern/vfs_lookup.c:250
domknodat(ffff80002a8134f0,ffffff9c,200000000280,2000,1e5f) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1592
syscall(ffff80003ca258a0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003ca258a0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe83e5d1c2e0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xffffffff839b9bc0, 0xffff800026982004, 0, 1) -> d
ddb> trace
ufsdirhash_build(fffffd807e910800) at ufsdirhash_build+0x9e8 sys/ufs/ufs/ufs_dirhash.c:213
ufs_lookup() at ufs_lookup+0x388 sys/ufs/ufs/ufs_lookup.c:198
VOP_LOOKUP(fffffd806c2a3e80,ffff80003ca256e8,ffff80003ca25718) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
vfs_lookup(ffff80003ca256b8) at vfs_lookup+0x921 sys/kern/vfs_lookup.c:566
namei(ffff80003ca256b8) at namei+0x7ca sys/kern/vfs_lookup.c:250
domknodat(ffff80002a8134f0,ffffff9c,200000000280,2000,1e5f) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1592
syscall(ffff80003ca258a0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003ca258a0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe83e5d1c2e0, count: -8
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80003ca25350
rbx 0x3fff __ALIGN_SIZE+0x2fff
rdx 0
rcx 0xfffffd806bb1ae60
rax 0xffff800026982000
r8 0xffffffffffffffff
r9 0xfffffd8007bfd820
r10 0xf54c8f46c140b576
r11 0x994e9d9bce42af7b
r12 0xffff800026982000
r13 0xffff8000014f5600
r14 0
r15 0
rip 0xffffffff81bfbc68 ufsdirhash_build+0x9e8
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80003ca252b0
ss 0x10
ufsdirhash_build+0x9e8: movzwl 0x4(%rax,%r14,1),%r15d
ddb> show proc
PROC (syz-executor) tid=174923 pid=38534 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=50, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c53a550,0xffffffff8395f738
process=0xffff8000ffff9b18 user=0xffff80003ca20000, vmspace=0xfffffd806d2515d8
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
38534 327227 12863 0 2 0 syz-executor
*38534 174923 12863 0 7 0x4000000 syz-executor
87251 316479 30168 0 2 0 syz-executor
87251 310031 30168 0 3 0x4000080 fsleep syz-executor
60569 235832 72330 0 2 0xc80 syz-executor
60569 227840 72330 0 3 0x4000080 fsleep syz-executor
60569 499419 72330 0 3 0x4000080 fsleep syz-executor
60569 51073 72330 0 2 0x4000000 syz-executor
37206 247059 85240 -1 3 0x90 nanoslp syz-executor
37206 118771 85240 -1 3 0x4000090 fsleep syz-executor
37206 365986 85240 -1 2 0x4000010 syz-executor
68373 28740 1 0 3 0x100083 ttyin getty
51647 196964 0 0 3 0x14280 nfsidl nfsio
14817 238540 0 0 3 0x14280 nfsidl nfsio
86999 356449 0 0 3 0x14280 nfsidl nfsio
9122 407583 0 0 3 0x14280 nfsidl nfsio
90311 165712 0 0 3 0x14280 nfsidl nfsio
97824 113730 0 0 3 0x14280 nfsidl nfsio
17203 429380 0 0 3 0x14280 nfsidl nfsio
47226 216848 0 0 3 0x14280 nfsidl nfsio
72896 127977 0 0 3 0x14280 nfsidl nfsio
87481 452644 0 0 3 0x14280 nfsidl nfsio
82737 171552 0 0 3 0x14280 nfsidl nfsio
87175 258838 0 0 3 0x14280 nfsidl nfsio
98917 464089 0 0 3 0x14280 nfsidl nfsio
31389 321744 0 0 3 0x14280 nfsidl nfsio
52881 221446 0 0 3 0x14280 nfsidl nfsio
51751 326280 0 0 3 0x14280 nfsidl nfsio
46731 156426 0 0 3 0x14280 nfsidl nfsio
78684 441595 0 0 3 0x14280 nfsidl nfsio
34873 493895 0 0 3 0x14280 nfsidl nfsio
17536 360466 0 0 3 0x14280 nfsidl nfsio
85240 64125 40159 0 3 0x82 nanoslp syz-executor
93963 475294 40159 0 3 0x82 nanoslp syz-executor
72330 70911 40159 0 3 0x82 nanoslp syz-executor
30168 456748 40159 0 2 0xc82 syz-executor
12863 463057 40159 0 2 0xc82 syz-executor
40159 102875 99021 0 3 0x82 wait syz-executor
99021 190372 81816 0 3 0x10008a sigsusp ksh
81816 381894 83762 0 3 0x98 kqread sshd-session
83762 179738 3114 0 3 0x92 kqread sshd-session
3114 441467 1 0 3 0x88 kqread sshd
19024 202575 51930 73 3 0x1100090 kqread syslogd
51930 431972 1 0 3 0x100082 sbwait syslogd
5647 283061 1 0 3 0x100080 kqread resolvd
71375 142827 89351 77 3 0x100092 kqread dhcpleased
28831 440458 89351 77 3 0x100092 kqread dhcpleased
89351 383620 1 0 3 0x80 kqread dhcpleased
29751 443132 0 0 3 0x14200 bored smr
65617 475742 0 0 2 0x14200 zerothread
14893 510591 0 0 3 0x14200 aiodoned aiodoned
54765 23891 0 0 3 0x14200 syncer update
5027 109561 0 0 3 0x14200 cleaner cleaner
84386 321354 0 0 3 0x14200 reaper reaper
43670 349819 0 0 3 0x14200 pgdaemon pagedaemon
22391 123642 0 0 3 0x14200 bored viomb
90830 497855 0 0 3 0x40014200 acpi0 acpi0
78023 424603 0 0 3 0x14200 bored softnet0
78657 158226 0 0 3 0x14200 bored systqmp
97649 207169 0 0 3 0x14200 bored systq
50078 390155 0 0 3 0x40014200 tmoslp softclock
43411 252336 0 0 3 0x40014200 idle0
1 201175 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10205 11054K 12679K 166960K 13971 0
pcb 18 16K 19K 166960K 597 0
rtable 195 9K 9K 166960K 530 0
pf 36 14K 17K 166960K 183 0
ifaddr 37 6K 7K 166960K 128 0
ifgroup 52 2K 2K 166960K 211 0
sysctl 4 1K 9K 166960K 12 0
counters 35 18K 18K 166960K 134 0
ioctlops 0 0K 4K 166960K 393 0
iov 0 0K 16K 166960K 52 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1496 94K 95K 166960K 2650 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 2K 6K 166960K 15 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 112 0
dirhash 63 11K 14K 166960K 999 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 15 53K 81K 166960K 1375 0
sigio 0 0K 0K 166960K 20 0
proc 61 59K 75K 166960K 629 0
subproc 72 4K 4K 166960K 83 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 213 0
in_multi 76 5K 7K 166960K 176 0
ether_multi 1 0K 0K 166960K 16 0
mrt 1 0K 0K 166960K 23 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 223 996K 996K 166960K 223 0
exec 0 0K 1K 166960K 657 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 5 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 215 150K 173K 166960K 14786 0
UVM aobj 69 7K 7K 166960K 73 0
pinsyscall 36 72K 89K 166960K 2566 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 117 0
NDP 12 0K 1K 166960K 89 0
temp 75 8672K 8800K 166960K 61420 0
kqueue 13 20K 32K 166960K 321 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 181 0 177 3 0 3 3 0 8 2
rtentry 136 157 0 80 4 0 4 4 0 8 0
unpcb 144 1114 0 1099 9 5 4 6 0 8 3
syncache 336 22 0 22 2 1 1 1 0 8 1
tcpqe 32 15 0 15 1 0 1 1 0 8 1
tcpcb 736 707 0 701 8 0 8 8 0 8 7
arp 96 22 0 7 1 0 1 1 0 8 0
ipq 40 9 0 9 1 0 1 1 0 8 1
ipqe 40 11 0 11 1 0 1 1 0 8 1
inpcb 328 1831 0 1821 13 4 9 13 0 8 7
ip6q 72 3 0 2 1 0 1 1 0 8 0
ip6af 40 4 0 3 1 0 1 1 0 8 0
nd6 112 33 0 17 1 0 1 1 0 8 0
pkpcb 40 11 0 11 1 0 1 1 0 8 1
kcovpl 48 9 0 1 1 0 1 1 0 8 0
mppekey 1024 2 0 2 1 0 1 1 0 8 1
ppxss 1072 84 0 82 2 1 1 1 0 8 0
pppxif 1384 12 0 12 1 0 1 1 0 8 1
pfstscr 40 1 0 1 1 0 1 1 0 8 1
pfstitem 24 6 0 2 1 0 1 1 0 8 0
pfstkey 128 8 0 2 1 0 1 1 0 8 0
pfstate 384 5 0 3 1 0 1 1 0 8 0
pfrule 1344 6 0 6 1 0 1 1 0 8 1
rttmr 136 6 0 6 1 0 1 1 0 8 1
art_heap8 4096 3 0 0 3 0 3 3 0 8 0
art_heap4 256 786 0 445 31 1 30 31 0 8 5
art_table 40 789 0 445 5 0 5 5 0 8 0
art_node 32 157 0 87 1 0 1 1 0 8 0
sysvmsgpl 40 9 0 7 1 0 1 1 0 8 0
semupl 112 2 0 2 2 1 1 1 0 8 1
semapl 112 108 0 98 1 0 1 1 0 8 0
shmpl 112 68 0 4 2 0 2 2 0 8 0
dirhash 1024 347 0 313 5 0 5 5 0 8 0
dino2pl 256 3898 0 2404 95 0 95 95 0 8 0
ffsino 256 3898 0 2404 95 0 95 95 0 8 0
nchpl 144 5834 0 4143 64 0 64 64 0 8 0
rtmask 32 15 0 14 2 1 1 1 0 8 0
vnodes 216 4790 0 0 267 0 267 267 0 8 0
namei 1024 19952 0 19951 2 1 1 1 0 8 0
vcpupl 3904 2 0 0 1 0 1 1 0 8 0
vmpool 800 2 0 0 1 0 1 1 0 8 0
kstatmem 264 138 0 114 3 0 3 3 0 8 1
acpiwqpl 32 2 0 2 1 0 1 1 1 8 1
scsiplug 72 8 0 8 1 0 1 1 0 8 1
scxspl 216 20177 0 20177 10 2 8 8 1 8 8
plimitpl 152 494 0 478 1 0 1 1 0 8 0
sigapl 424 1702 0 1642 9 1 8 8 0 8 0
knotepl 120 84742 0 84695 32 21 11 17 0 8 8
kqueuepl 184 574 0 565 3 0 3 3 0 8 2
pipepl 304 253 0 226 3 0 3 3 0 8 0
fdescpl 448 1666 0 1639 4 0 4 4 0 8 0
filepl 120 11380 0 11176 21 6 15 17 0 8 7
lockfpl 104 694 0 692 2 0 2 2 0 8 1
lockfspl 48 197 0 195 1 0 1 1 0 8 0
sessionpl 144 42 0 34 1 0 1 1 0 8 0
pgrppl 48 59 0 43 1 0 1 1 0 8 0
ucredpl 104 1834 0 1822 1 0 1 1 0 8 0
zombiepl 144 2552 0 2547 1 0 1 1 0 8 0
processpl 1152 1702 0 1642 5 0 5 5 0 8 0
procpl 664 3959 0 3891 9 0 9 9 0 8 2
sosppl 176 10 0 10 1 0 1 1 0 8 1
sockpl 552 3247 0 3218 21 11 10 12 0 8 7
mcl64k 65536 158 0 158 2 1 1 1 0 8 1
mcl16k 16384 8 0 8 1 0 1 1 0 8 1
mcl12k 12288 3 0 3 1 0 1 1 0 8 1
mcl9k 9216 3 0 3 1 0 1 1 0 8 1
mcl8k 8192 55 0 55 2 1 1 1 0 8 1
mcl4k 4096 4400 0 4345 14 6 8 14 0 8 0
mcl2k 2048 1858 0 1857 6 3 3 3 0 8 2
mtagpl 96 38 0 24 1 0 1 1 0 8 0
mbufpl 256 18711 0 18615 30 9 21 27 0 8 8
bufpl 280 8465 0 2244 445 0 445 445 0 8 0
anonpl 24 265642 0 261732 62 11 51 51 0 187 14
amapchunkpl 152 56766 0 56301 41 5 36 36 0 158 13
amappl16 200 4745 0 4709 33 19 14 15 0 8 8
amappl15 192 5 0 5 2 1 1 1 0 8 1
amappl14 184 6 0 6 2 1 1 1 0 8 1
amappl13 176 416 0 415 1 0 1 1 0 8 0
amappl12 168 2124 0 2087 2 0 2 2 0 8 0
amappl11 160 9 0 9 1 1 0 1 0 8 0
amappl10 152 43 0 32 1 0 1 1 0 8 0
amappl9 144 255 0 255 1 1 0 1 0 8 0
amappl8 136 22 0 20 1 0 1 1 0 8 0
amappl7 128 99 0 98 1 0 1 1 0 8 0
amappl6 120 296 0 285 1 0 1 1 0 8 0
amappl5 112 92 0 84 1 0 1 1 0 8 0
amappl4 104 476 0 450 1 0 1 1 0 8 0
amappl3 96 9970 0 9880 4 0 4 4 0 8 1
amappl2 88 686 0 631 2 0 2 2 0 8 0
amappl1 80 18629 0 18103 13 0 13 13 0 8 0
amappl 88 13726 0 13579 5 0 5 5 0 92 0
uvmvnodes 80 134 0 0 3 0 3 3 0 8 0
dma65536 65536 2 0 2 1 0 1 1 0 8 1
dma8192 8192 2 0 2 1 0 1 1 0 8 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 257 0 257 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 72 0 4 2 0 2 2 0 8 0
uaddrrnd 24 1666 0 1639 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1666 0 1639 1 0 1 1 0 8 0
vmmpekpl 168 16888 0 16845 3 0 3 3 0 8 0
vmmpepl 168 116738 0 115058 96 1 95 95 0 357 10
vmsppl 368 1665 0 1639 4 1 3 4 0 8 0
rwobjpl 40 34397 0 33366 14 0 14 14 0 8 1
pdppl 4096 3343 0 3280 120 51 69 75 0 8 6
pvpl 32 756396 0 747372 140 15 125 125 0 265 32
pmappl 216 1667 0 1639 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 430 0 77 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
ufsdirhash_build(fffffd807e910800) at ufsdirhash_build+0x9e8 sys/ufs/ufs/ufs_dirhash.c:213
ufs_lookup() at ufs_lookup+0x388 sys/ufs/ufs/ufs_lookup.c:198
VOP_LOOKUP(fffffd806c2a3e80,ffff80003ca256e8,ffff80003ca25718) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
vfs_lookup(ffff80003ca256b8) at vfs_lookup+0x921 sys/kern/vfs_lookup.c:566
namei(ffff80003ca256b8) at namei+0x7ca sys/kern/vfs_lookup.c:250
domknodat(ffff80002a8134f0,ffffff9c,200000000280,2000,1e5f) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1592
syscall(ffff80003ca258a0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003ca258a0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe83e5d1c2e0, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
ufsdirhash_build(fffffd807e910800) at ufsdirhash_build+0x9e8 sys/ufs/ufs/ufs_dirhash.c:213
ufs_lookup() at ufs_lookup+0x388 sys/ufs/ufs/ufs_lookup.c:198
VOP_LOOKUP(fffffd806c2a3e80,ffff80003ca256e8,ffff80003ca25718) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
vfs_lookup(ffff80003ca256b8) at vfs_lookup+0x921 sys/kern/vfs_lookup.c:566
namei(ffff80003ca256b8) at namei+0x7ca sys/kern/vfs_lookup.c:250
domknodat(ffff80002a8134f0,ffffff9c,200000000280,2000,1e5f) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1592
syscall(ffff80003ca258a0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003ca258a0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe83e5d1c2e0, count: -8