syzbot

 sign-in | mailing list | source | docs
🐞 Open [171]
🐞 Fixed [301]
🐞 Invalid [1055]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

uvm_fault: ffs_fragextend (3)

Status: upstream: reported on 2026/04/03 09:43
Reported-by: syzbot+6f27cb4c13d33a9fdb4a@syzkaller.appspotmail.com
First crash: 53d, last: 2d03h
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd uvm_fault: ffs_fragextend -1 2 620d 621d 0/3 auto-obsoleted due to no activity on 2024/12/12 18:09
openbsd uvm_fault: ffs_fragextend (2) -1 1 255d 255d 0/3 auto-obsoleted due to no activity on 2025/12/12 11:51

Sample crash report:
uvm_fault(0xffffffff83aba540, 0xffff800013762004, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at      ffs_fragextend+0x1c8:   movl    0x4(%rbx),%r14d
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 116725   2964      0           0  0x4000000    1  syz-executor
*441898  39122      0         0x2        0x1    0K syz-executor
ffs_fragextend(fffffd806e470e58,3,60bdd,800,1000) at ffs_fragextend+0x1c8 ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline]
ffs_fragextend(fffffd806e470e58,3,60bdd,800,1000) at ffs_fragextend+0x1c8 sys/ufs/ffs/ffs_alloc.c:890
ffs_realloccg(fffffd806e470e58,6,4cc30,800,1000,fffffd80097fd340,41e5693eb2f53b29,fffffd80619cda70) at ffs_realloccg+0x53a sys/ufs/ffs/ffs_alloc.c:225
ffs2_balloc(fffffd806e470e58,187e7,50,fffffd80097fd340,1,ffff80002a2c8648) at ffs2_balloc+0x54d sys/ufs/ffs/ffs_balloc.c:516
ffs_write(ffff80002a2c86d0) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd805d1466c0,ffff80002a2c8780,3,fffffd80097fd340) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff80002a2227d8,fffffd805d1466c0,fffffd80097fd340,ffff80002a2c8850,ffff80002a2c8830) at ktrwriteraw+0x1be sys/kern/kern_ktrace.c:692
ktrsysret(ffff80002a2227d8,b,0,ffff80002a2c8920) at ktrsysret+0x192 ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline]
ktrsysret(ffff80002a2227d8,b,0,ffff80002a2c8920) at ktrsysret+0x192 sys/kern/kern_ktrace.c:209
syscall(ffff80002a2c89d0) at syscall+0xa51 mi_syscall_return sys/sys/syscall_mi.h:204 [inline]
syscall(ffff80002a2c89d0) at syscall+0xa51 sys/arch/amd64/amd64/trap.c:804
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x74b9aaa16f40, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}>

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/25 05:03 openbsd 3ca1fbf96c86 c69befb3 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore uvm_fault: ffs_fragextend
2026/05/14 11:33 openbsd 86898828a45d 340bcdf0 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore uvm_fault: ffs_fragextend
2026/04/03 09:42 openbsd de6be2070bf6 4b3d9a38 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore uvm_fault: ffs_fragextend
* Struck through repros no longer work on HEAD.