uvm_fault(0xffffffff839d3278, 0xffff800029d6211c, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at ufsdirhash_lookup+0x6d0: movzwl 0x4(%rax,%r14,1),%r12d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*109923 26279 0 0 0x4000000 0 syz-executor
ufsdirhash_lookup(fffffd807c382200,ffff80002a749402,3,fffffd807c3822bc,ffff80003c52d320,ffff80003c52d32c) at ufsdirhash_lookup+0x6d0 sys/ufs/ufs/ufs_dirhash.c:407
ufs_lookup() at ufs_lookup+0xf66 sys/ufs/ufs/ufs_lookup.c:214
VOP_LOOKUP(fffffd80622550e8,ffff80003c52d678,ffff80003c52d6a8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
vfs_lookup(ffff80003c52d648) at vfs_lookup+0x94a sys/kern/vfs_lookup.c:580
namei(ffff80003c52d648) at namei+0x7c3 sys/kern/vfs_lookup.c:250
dorenameat(ffff80002a737c90,ffffff9c,200000000a40,ffffff9c,200000000680) at dorenameat+0x91 sys/kern/vfs_syscalls.c:3026
syscall(ffff80003c52d830) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c52d830) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x30b3e8ed2e0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xffffffff839d3278, 0xffff800029d6211c, 0, 1) -> d
ddb> trace
ufsdirhash_lookup(fffffd807c382200,ffff80002a749402,3,fffffd807c3822bc,ffff80003c52d320,ffff80003c52d32c) at ufsdirhash_lookup+0x6d0 sys/ufs/ufs/ufs_dirhash.c:407
ufs_lookup() at ufs_lookup+0xf66 sys/ufs/ufs/ufs_lookup.c:214
VOP_LOOKUP(fffffd80622550e8,ffff80003c52d678,ffff80003c52d6a8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
vfs_lookup(ffff80003c52d648) at vfs_lookup+0x94a sys/kern/vfs_lookup.c:580
namei(ffff80003c52d648) at namei+0x7c3 sys/kern/vfs_lookup.c:250
dorenameat(ffff80002a737c90,ffffff9c,200000000a40,ffffff9c,200000000680) at dorenameat+0x91 sys/kern/vfs_syscalls.c:3026
syscall(ffff80003c52d830) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c52d830) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x30b3e8ed2e0, count: -8
ddb> show registers
rdi 0xffff80002a8a4000
rsi 0xf4
rbp 0xffff80003c52d2d0
rbx 0xfffffd8065dabc10
rdx 0xffff80002a8a4000
rcx 0xf3
rax 0xffff800029d62000
r8 0xffffffffffffffff
r9 0xffff80003c52d32c
r10 0x2dc9cc153fbe1e32
r11 0x62ac7d7ae529e297
r12 0
r13 0xffff800029d62000
r14 0x118
r15 0x118
rip 0xffffffff822695c0 ufsdirhash_lookup+0x6d0
cs 0x8
rflags 0x10206 __ALIGN_SIZE+0xf206
rsp 0xffff80003c52d1f0
ss 0x10
ufsdirhash_lookup+0x6d0: movzwl 0x4(%rax,%r14,1),%r12d
ddb> show proc
PROC (syz-executor) tid=109923 pid=26279 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002f0b02b0,0xffff80002a736a78
process=0xffff8000ffffb618 user=0xffff80003c528000, vmspace=0xfffffd807c4b4cf8
estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
27383 128370 19323 0 2 0 syz-executor
27383 150576 19323 0 3 0x4000080 fsleep syz-executor
26279 51803 38207 0 2 0 syz-executor
*26279 109923 38207 0 7 0x4000000 syz-executor
58029 226739 50478 0 2 0 syz-executor
58029 424642 50478 0 3 0x4000080 fsleep syz-executor
65318 114545 58101 0 3 0x80 nanoslp syz-executor
65318 523814 58101 0 3 0x4000080 kqread syz-executor
65318 28244 58101 0 3 0x4000080 fsleep syz-executor
86522 427578 84028 0 2 0xc80 syz-executor
86522 73326 84028 0 3 0x4000080 ttybg syz-executor
86522 241100 84028 0 3 0x4000080 fsleep syz-executor
86522 90942 84028 0 3 0x4000080 fsleep syz-executor
57513 136904 0 0 3 0x14200 acct acct
50478 414106 57352 0 2 0xc82 syz-executor
74749 471393 1 0 3 0x80 nanoslp init
19323 363257 57352 0 2 0xc82 syz-executor
58101 497462 57352 0 2 0xc82 syz-executor
84028 194606 57352 0 2 0xc82 syz-executor
96570 490561 57352 0 2 0xc82 syz-executor
38207 478206 57352 0 2 0xc82 syz-executor
57352 66158 22711 0 3 0x82 wait syz-executor
22711 169763 25063 0 3 0x10008a sigsusp ksh
25063 295919 23594 0 3 0x98 kqread sshd-session
23594 479928 3242 0 3 0x92 kqread sshd-session
3242 519132 1 0 3 0x88 kqread sshd
29519 103045 37863 73 3 0x1100090 kqread syslogd
37863 248696 1 0 3 0x100082 sbwait syslogd
25898 109582 1 0 3 0x100080 kqread resolvd
75180 149401 78109 77 3 0x100092 kqread dhcpleased
16799 332630 78109 77 3 0x100092 kqread dhcpleased
78109 31675 1 0 3 0x80 kqread dhcpleased
87235 430436 0 0 3 0x14200 bored smr
31081 244909 0 0 2 0x14200 zerothread
69483 413017 0 0 3 0x14200 aiodoned aiodoned
19415 226869 0 0 3 0x14200 syncer update
10629 364040 0 0 3 0x14200 cleaner cleaner
52612 138842 0 0 3 0x14200 reaper reaper
72741 476500 0 0 3 0x14200 pgdaemon pagedaemon
35575 210988 0 0 3 0x14200 bored viomb
42733 483030 0 0 3 0x40014200 acpi0 acpi0
490 522058 0 0 2 0x14200 softnet0
33817 309716 0 0 3 0x14200 bored systqmp
9361 360535 0 0 3 0x14200 bored systq
96062 264742 0 0 3 0x40014200 tmoslp softclock
26347 478955 0 0 3 0x40014200 idle0
1 89780 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11046 12261K 12613K 166960K 12974 0
pcb 17 12K 12K 166960K 116 0
rtable 197 7K 10K 166960K 517 0
pf 32 13K 20K 166960K 166 0
ifaddr 34 6K 7K 166960K 89 0
ifgroup 42 1K 2K 166960K 127 0
sysctl 3 1K 9K 166960K 7 0
counters 31 17K 18K 166960K 74 0
ioctlops 0 0K 4K 166960K 113 0
iov 0 0K 17K 166960K 29 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1299 82K 82K 166960K 1879 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 5 0
VM map 2 1K 1K 166960K 2 0
sem 19 3K 3K 166960K 31 0
dirhash 15 2K 2K 166960K 45 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 15 53K 93K 166960K 1010 0
sigio 0 0K 0K 166960K 16 0
proc 51 50K 100K 166960K 587 0
subproc 63 3K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 40 0
in_multi 73 5K 7K 166960K 163 0
ether_multi 1 0K 0K 166960K 18 0
mrt 0 0K 0K 166960K 42 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 103 466K 466K 166960K 103 0
exec 0 0K 1K 166960K 435 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 201 138K 165K 166960K 9903 0
UVM aobj 5 2K 2K 166960K 6 0
pinsyscall 35 70K 94K 166960K 2182 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 41 0
NDP 9 0K 2K 166960K 58 0
temp 38 9104K 9232K 166960K 24932 0
kqueue 14 22K 27K 166960K 164 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 50 0 47 1 0 1 1 0 8 0
rtentry 136 157 0 73 4 0 4 4 0 8 0
unpcb 144 242 0 227 1 0 1 1 0 8 0
syncache 336 9 0 9 2 1 1 1 0 8 1
tcpcb 736 87 0 83 1 0 1 1 0 8 0
arp 96 24 0 9 1 0 1 1 0 8 0
ipq 40 2 0 0 1 0 1 1 0 8 0
ipqe 40 2 0 0 1 0 1 1 0 8 0
inpcb 328 351 0 342 2 1 1 2 0 8 0
ip6q 72 1 0 0 1 0 1 1 0 8 0
ip6af 40 1 0 0 1 0 1 1 0 8 0
nd6 112 31 0 15 1 0 1 1 0 8 0
pkpcb 40 1 0 1 1 0 1 1 0 8 1
kcovpl 48 10 0 3 1 0 1 1 0 8 0
ppxss 1072 32 0 32 2 1 1 1 0 8 1
pppxif 1416 6 0 6 1 0 1 1 0 8 1
pfstscr 40 11 0 6 2 1 1 1 0 8 0
pfrktable 1344 17 0 16 1 0 1 1 0 8 0
pfanchor 1288 9 0 6 1 0 1 1 0 8 0
pftag 88 7 0 3 1 0 1 1 0 8 0
pfstitem 24 12 0 4 1 0 1 1 0 8 0
pfstkey 128 19 0 7 1 0 1 1 0 8 0
pfstate 384 10 0 6 1 0 1 1 0 8 0
pfrule 1360 18 0 17 1 0 1 1 0 8 0
rttmr 136 5 0 5 2 1 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 745 0 397 33 2 31 31 0 8 3
art_table 40 746 0 397 5 0 5 5 0 8 0
art_node 32 157 0 83 1 0 1 1 0 8 0
sysvmsgpl 40 11 0 3 1 0 1 1 0 8 0
semupl 112 3 0 3 2 1 1 1 0 8 1
semapl 72 25 0 8 1 0 1 1 0 8 0
shmpl 112 3 0 1 1 0 1 1 0 8 0
dirhash 1024 39 0 20 3 0 3 3 0 8 0
dino2pl 256 3007 0 1546 92 0 92 92 0 8 0
ffsino 256 3008 0 1547 92 0 92 92 0 8 0
nchpl 144 4163 0 2467 64 0 64 64 0 8 0
rtmask 32 1 0 1 1 0 1 1 0 8 1
vnodes 216 3340 0 0 186 0 186 186 0 8 0
namei 1024 11854 0 11853 3 2 1 2 0 8 0
pfiaddrpl 120 4 0 4 1 0 1 1 0 8 1
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
kstatmem 264 75 0 56 2 0 2 2 0 8 0
scsiplug 72 6 0 6 2 1 1 1 0 8 1
scxspl 216 17246 0 17246 8 7 1 8 1 8 1
plimitpl 152 164 0 147 1 0 1 1 0 8 0
sigapl 424 1307 0 1265 7 1 6 6 0 8 0
knotepl 120 32546 0 32498 16 6 10 10 0 8 8
kqueuepl 184 173 0 163 1 0 1 1 0 8 0
pipepl 304 148 0 121 3 0 3 3 0 8 0
fdescpl 448 1293 0 1266 5 1 4 5 0 8 0
filepl 120 4337 0 4137 7 0 7 7 0 8 0
lockfpl 104 239 0 237 1 0 1 1 0 8 0
lockfspl 48 103 0 101 1 0 1 1 0 8 0
sessionpl 144 53 0 46 1 0 1 1 0 8 0
pgrppl 48 64 0 49 1 0 1 1 0 8 0
ucredpl 104 1033 0 1021 1 0 1 1 0 8 0
zombiepl 144 1268 0 1265 2 1 1 1 0 8 0
processpl 1152 1307 0 1265 4 0 4 4 0 8 0
procpl 664 2282 0 2232 5 0 5 5 0 8 0
sosppl 176 2 0 2 1 0 1 1 0 8 1
sockpl 552 647 0 620 3 0 3 3 0 8 1
mcl64k 65536 450 0 450 2 1 1 1 0 8 1
mcl16k 16384 216 0 216 2 1 1 1 0 8 1
mcl12k 12288 107 0 107 2 1 1 1 0 8 1
mcl9k128 9344 37 0 37 2 1 1 1 0 8 1
mcl8k 8192 131 0 131 2 1 1 1 0 8 1
mcl4k 4096 4259 0 4208 15 7 8 14 0 8 1
mcl2k2 2112 1 0 1 1 1 0 1 0 8 0
mcl2k 2048 449 0 445 2 1 1 2 0 8 0
mtagpl 96 21 0 9 1 0 1 1 0 8 0
mbufpl 256 15102 0 14957 21 7 14 19 0 8 1
bufpl 280 6738 0 522 445 0 445 445 0 8 0
anonpl 24 163989 0 161047 67 12 55 55 0 186 24
amapchunkpl 152 32038 0 31614 33 7 26 27 0 158 6
amappl16 200 2735 0 2706 23 10 13 21 0 8 8
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 435 0 434 1 0 1 1 0 8 0
amappl13 176 124 0 115 1 0 1 1 0 8 0
amappl12 168 1543 0 1518 2 0 2 2 0 8 0
amappl11 160 8 0 8 1 1 0 1 0 8 0
amappl10 152 59 0 49 1 0 1 1 0 8 0
amappl9 144 267 0 267 1 1 0 1 0 8 0
amappl8 136 99 0 98 1 0 1 1 0 8 0
amappl7 128 145 0 134 1 0 1 1 0 8 0
amappl6 120 167 0 166 1 0 1 1 0 8 0
amappl5 112 95 0 88 1 0 1 1 0 8 0
amappl4 104 284 0 269 1 0 1 1 0 8 0
amappl3 96 6864 0 6769 4 1 3 4 0 8 0
amappl2 88 564 0 515 2 0 2 2 0 8 0
amappl1 80 14422 0 13900 16 1 15 15 0 8 1
amappl 88 9119 0 8975 5 1 4 5 0 92 0
uvmvnodes 80 122 0 0 3 0 3 3 0 8 0
dma8192 8192 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma2048 2048 2 0 2 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 256 0 256 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 8 0 8 1 1 0 1 0 8 0
dma16 16 20 0 19 1 0 1 1 0 8 0
aobjpl 72 5 0 1 1 0 1 1 0 8 0
uaddrrnd 24 1293 0 1266 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1293 0 1266 1 0 1 1 0 8 0
vmmpekpl 168 10515 0 10468 4 1 3 3 0 8 0
vmmpepl 168 86499 0 84843 99 4 95 95 0 357 9
vmsppl 368 1292 0 1266 4 1 3 4 0 8 0
rwobjpl 40 23555 0 22656 14 0 14 14 0 8 2
pdppl 4096 2592 0 2532 106 36 70 80 0 8 10
pvpl 32 602920 0 593669 178 19 159 159 0 265 57
pmappl 216 1292 0 1266 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 392 0 65 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
ufsdirhash_lookup(fffffd807c382200,ffff80002a749402,3,fffffd807c3822bc,ffff80003c52d320,ffff80003c52d32c) at ufsdirhash_lookup+0x6d0 sys/ufs/ufs/ufs_dirhash.c:407
ufs_lookup() at ufs_lookup+0xf66 sys/ufs/ufs/ufs_lookup.c:214
VOP_LOOKUP(fffffd80622550e8,ffff80003c52d678,ffff80003c52d6a8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
vfs_lookup(ffff80003c52d648) at vfs_lookup+0x94a sys/kern/vfs_lookup.c:580
namei(ffff80003c52d648) at namei+0x7c3 sys/kern/vfs_lookup.c:250
dorenameat(ffff80002a737c90,ffffff9c,200000000a40,ffffff9c,200000000680) at dorenameat+0x91 sys/kern/vfs_syscalls.c:3026
syscall(ffff80003c52d830) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c52d830) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x30b3e8ed2e0, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
ufsdirhash_lookup(fffffd807c382200,ffff80002a749402,3,fffffd807c3822bc,ffff80003c52d320,ffff80003c52d32c) at ufsdirhash_lookup+0x6d0 sys/ufs/ufs/ufs_dirhash.c:407
ufs_lookup() at ufs_lookup+0xf66 sys/ufs/ufs/ufs_lookup.c:214
VOP_LOOKUP(fffffd80622550e8,ffff80003c52d678,ffff80003c52d6a8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
vfs_lookup(ffff80003c52d648) at vfs_lookup+0x94a sys/kern/vfs_lookup.c:580
namei(ffff80003c52d648) at namei+0x7c3 sys/kern/vfs_lookup.c:250
dorenameat(ffff80002a737c90,ffffff9c,200000000a40,ffffff9c,200000000680) at dorenameat+0x91 sys/kern/vfs_syscalls.c:3026
syscall(ffff80003c52d830) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c52d830) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x30b3e8ed2e0, count: -8