uvm_fault(0xffffffff839d8080, 0xffff800013a02004, 0, 1) -> d kernel: page fault trap, code=0 Stopped at ffs_freefile+0x11e: movl 0x4(%rbx),%r13d TID PID UID PRFLAGS PFLAGS CPU COMMAND *508836 71315 0 0x2 0 0 syz-executor ffs_freefile(fffffd806ea56d00,cc02,2000) at ffs_freefile+0x11e ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline] ffs_freefile(fffffd806ea56d00,cc02,2000) at ffs_freefile+0x11e sys/ufs/ffs/ffs_alloc.c:1377 ffs_inode_free(fffffd806ea56d00,cc02,2000) at ffs_inode_free+0x44 sys/ufs/ffs/ffs_alloc.c:1355 ufs_inactive(ffff80002a7d1c30) at ufs_inactive+0x299 sys/ufs/ufs/ufs_inode.c:94 VOP_INACTIVE(fffffd806cc11bd0,ffff80002a776d08) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498 vput(fffffd806cc11bd0) at vput+0xdc sys/kern/vfs_subr.c:789 VOP_REMOVE(fffffd806ae16cd0,fffffd806cc11bd0,ffff80002a7d1d98) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336 dounlinkat(ffff80002a776d08,ffffff9c,74c47b570bd0,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1929 syscall(ffff80002a7d1f00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a7d1f00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x74c47b571080, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff839d8080, 0xffff800013a02004, 0, 1) -> d ddb> trace ffs_freefile(fffffd806ea56d00,cc02,2000) at ffs_freefile+0x11e ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline] ffs_freefile(fffffd806ea56d00,cc02,2000) at ffs_freefile+0x11e sys/ufs/ffs/ffs_alloc.c:1377 ffs_inode_free(fffffd806ea56d00,cc02,2000) at ffs_inode_free+0x44 sys/ufs/ffs/ffs_alloc.c:1355 ufs_inactive(ffff80002a7d1c30) at ufs_inactive+0x299 sys/ufs/ufs/ufs_inode.c:94 VOP_INACTIVE(fffffd806cc11bd0,ffff80002a776d08) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498 vput(fffffd806cc11bd0) at vput+0xdc sys/kern/vfs_subr.c:789 VOP_REMOVE(fffffd806ae16cd0,fffffd806cc11bd0,ffff80002a7d1d98) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336 dounlinkat(ffff80002a776d08,ffffff9c,74c47b570bd0,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1929 syscall(ffff80002a7d1f00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a7d1f00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x74c47b571080, count: -9 ddb> show registers rdi 0 rsi 0 rbp 0xffff80002a7d1b70 rbx 0xffff800013a02000 rdx 0 rcx 0xfffffd806fd247d8 rax 0xfffffd80791384a0 r8 0xffffffffffffffff r9 0xfffffd8007ffd618 r10 0xa13227ba8994a67d r11 0x9c81947de430e399 r12 0x2 r13 0 r14 0xffff800000c47800 r15 0xcc02 __ALIGN_SIZE+0xbc02 rip 0xffffffff82ce75fe ffs_freefile+0x11e cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a7d1ae0 ss 0x10 ffs_freefile+0x11e: movl 0x4(%rbx),%r13d ddb> show proc PROC (syz-executor) tid=508836 pid=71315 tcnt=1 stat=onproc flags process=2 proc=0 runpri=32, usrpri=68, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7774d0,0xffffffff8399cbe0 process=0xffff80002a790d90 user=0xffff80002a7cc000, vmspace=0xfffffd807ec628a0 estcpu=36, cpticks=3, pctcpu=0.0, user=0, sys=3, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *71315 508836 92515 0 7 0x2 syz-executor 92515 263491 9793 0 3 0x82 nanoslp syz-executor 9793 430814 18349 0 3 0x10008a sigsusp ksh 18349 50614 28553 0 3 0x98 kqread sshd-session 28553 190960 36639 0 3 0x92 kqread sshd-session 648 514308 1 0 3 0x100083 ttyin getty 36639 230926 1 0 3 0x88 kqread sshd 34297 156069 92182 73 3 0x1100090 kqread syslogd 92182 212638 1 0 3 0x100082 sbwait syslogd 8631 161700 1 0 3 0x100080 kqread resolvd 6455 124464 56187 77 3 0x100092 kqread dhcpleased 33890 262057 56187 77 3 0x100092 kqread dhcpleased 56187 503999 1 0 3 0x80 kqread dhcpleased 71292 305949 0 0 3 0x14200 bored smr 59025 6764 0 0 2 0x14200 zerothread 2000 293640 0 0 3 0x14200 aiodoned aiodoned 67454 223099 0 0 3 0x14200 syncer update 50029 96692 0 0 3 0x14200 cleaner cleaner 42360 277002 0 0 3 0x14200 reaper reaper 3769 33497 0 0 3 0x14200 pgdaemon pagedaemon 5589 7423 0 0 3 0x14200 bored viomb 95600 193598 0 0 3 0x40014200 acpi0 acpi0 77773 390774 0 0 3 0x14200 bored softnet0 36104 421405 0 0 3 0x14200 bored systqmp 96055 327260 0 0 3 0x14200 bored systq 22445 61645 0 0 3 0x40014200 tmoslp softclock 59571 427142 0 0 3 0x40014200 idle0 1 379875 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11026 12100K 12576K 166960K 13038 0 pcb 17 14K 18K 166960K 155 0 rtable 103 12K 17K 166960K 503 0 pf 20 11K 92K 166960K 123 0 ifaddr 14 2K 7K 166960K 66 0 ifgroup 26 1K 2K 166960K 100 0 sysctl 4 1K 9K 166960K 10 0 counters 27 17K 18K 166960K 53 0 ioctlops 0 0K 4K 166960K 145 0 iov 0 0K 12K 166960K 19 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1396 88K 88K 166960K 1985 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 8 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 135 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 3 5K 97K 166960K 711 0 sigio 0 0K 0K 166960K 8 0 proc 60 59K 100K 166960K 580 0 subproc 9 0K 4K 166960K 84 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 129 0 in_multi 19 1K 7K 166960K 131 0 ether_multi 1 0K 0K 166960K 4 0 mrt 0 0K 0K 166960K 19 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 97 440K 440K 166960K 97 0 exec 0 0K 1K 166960K 521 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 111 91K 176K 166960K 8003 0 UVM aobj 14 2K 2K 166960K 14 0 pinsyscall 24 48K 94K 166960K 2038 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 22 0 NDP 5 0K 2K 166960K 45 0 temp 20 9107K 13207K 166960K 27008 0 kqueue 13 20K 33K 166960K 108 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 137 0 134 3 0 3 3 0 8 2 rtentry 136 132 0 108 4 0 4 4 0 8 0 unpcb 144 522 0 507 2 0 2 2 0 8 1 syncache 336 5 0 5 1 0 1 1 0 8 1 tcpcb 736 157 0 153 4 0 4 4 0 8 3 arp 96 22 0 17 1 0 1 1 0 8 0 ipq 40 4 0 2 1 0 1 1 0 8 0 ipqe 40 9 0 7 1 0 1 1 0 8 0 inpcb 328 643 0 636 7 0 7 7 0 8 6 ip6q 72 1 0 1 1 0 1 1 0 8 1 ip6af 40 2 0 2 1 0 1 1 0 8 1 nd6 112 28 0 25 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 kcovpl 48 9 0 8 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 0 1 1 0 8 1 ppxss 1072 13 0 13 1 0 1 1 0 8 1 pfstscr 40 6 0 2 1 0 1 1 0 8 0 pfrktable 1344 11 0 10 1 0 1 1 0 8 0 pfsrclim 320 1 0 0 1 0 1 1 0 8 0 pfanchor 1288 4 0 1 1 0 1 1 0 8 0 pftag 88 4 0 2 1 0 1 1 0 8 0 pfqueue 320 3 0 3 1 0 1 1 0 8 1 pfstitem 24 6 0 2 1 0 1 1 0 8 0 pfstkey 128 8 0 3 1 0 1 1 0 8 0 pfstate 384 4 0 1 1 0 1 1 0 8 0 pfrule 1360 14 0 13 1 0 1 1 0 8 0 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 603 0 460 29 4 25 29 0 8 10 art_table 40 606 0 460 5 0 5 5 0 8 1 art_node 32 132 0 111 1 0 1 1 0 8 0 sysvmsgpl 40 9 0 4 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 72 132 0 122 1 0 1 1 0 8 0 shmpl 112 11 0 0 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 2458 0 1009 92 0 92 92 0 8 0 ffsino 256 2496 0 1047 92 0 92 92 0 8 0 nchpl 144 3303 0 1611 64 0 64 64 0 8 0 rtmask 32 2 0 2 1 0 1 1 0 8 1 vnodes 216 3058 0 0 170 0 170 170 0 8 0 namei 1024 10931 0 10931 2 0 2 2 0 8 2 pfiaddrpl 120 3 0 3 1 0 1 1 0 8 1 kstatmem 264 55 0 44 2 0 2 2 0 8 0 scsiplug 72 5 0 5 1 0 1 1 0 8 1 scxspl 216 15156 0 15156 8 0 8 8 1 8 8 plimitpl 152 262 0 247 1 0 1 1 0 8 0 sigapl 424 1009 0 975 6 0 6 6 0 8 1 knotepl 120 23585 0 23540 22 11 11 17 0 8 8 kqueuepl 184 284 0 275 4 0 4 4 0 8 3 pipepl 304 446 0 419 4 0 4 4 0 8 1 fdescpl 448 994 0 979 5 0 5 5 0 8 3 filepl 120 5753 0 5641 13 0 13 13 0 8 6 lockfpl 104 376 0 374 2 0 2 2 0 8 1 lockfspl 48 138 0 136 1 0 1 1 0 8 0 sessionpl 144 80 0 72 1 0 1 1 0 8 0 pgrppl 48 187 0 172 1 0 1 1 0 8 0 ucredpl 104 642 0 631 1 0 1 1 0 8 0 zombiepl 144 981 0 975 1 0 1 1 0 8 0 processpl 1152 1009 0 975 4 0 4 4 0 8 0 procpl 664 1702 0 1668 6 0 6 6 0 8 2 sosppl 176 5 0 5 1 0 1 1 0 8 1 sockpl 552 1347 0 1322 10 0 10 10 0 8 8 mcl64k 65536 64 0 64 1 0 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl9k128 9344 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 10 0 10 1 0 1 1 0 8 1 mcl4k 4096 3173 0 3121 15 0 15 15 0 8 7 mcl2k 2048 645 0 644 3 0 3 3 0 8 2 mtagpl 96 14 0 14 1 0 1 1 0 8 1 mbufpl 256 11147 0 11067 92 70 22 92 0 8 8 bufpl 280 6793 0 577 445 0 445 445 0 8 0 anonpl 24 157066 0 154908 68 0 68 68 0 186 37 amapchunkpl 152 26655 0 26491 34 0 34 34 0 158 24 amappl16 200 2680 0 2671 30 20 10 27 0 8 8 amappl15 192 34 0 33 1 0 1 1 0 8 0 amappl14 184 428 0 427 1 0 1 1 0 8 0 amappl13 176 119 0 109 1 0 1 1 0 8 0 amappl12 168 1327 0 1313 2 0 2 2 0 8 0 amappl11 160 2 0 2 1 0 1 1 0 8 1 amappl10 152 62 0 52 1 0 1 1 0 8 0 amappl9 144 270 0 270 1 0 1 1 0 8 1 amappl8 136 113 0 112 1 0 1 1 0 8 0 amappl7 128 181 0 169 1 0 1 1 0 8 0 amappl6 120 160 0 158 1 0 1 1 0 8 0 amappl5 112 98 0 91 1 0 1 1 0 8 0 amappl4 104 293 0 277 1 0 1 1 0 8 0 amappl3 96 5019 0 4977 4 0 4 4 0 8 1 amappl2 88 558 0 502 2 0 2 2 0 8 0 amappl1 80 13305 0 12833 15 0 15 15 0 8 2 amappl 88 7119 0 7063 5 0 5 5 0 92 1 uvmvnodes 80 116 0 0 3 0 3 3 0 8 0 dma32768 32768 1 0 1 1 0 1 1 0 8 1 dma4096 4096 2 0 2 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 255 0 255 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 13 0 0 1 0 1 1 0 8 0 uaddrrnd 24 994 0 979 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 994 0 979 1 0 1 1 0 8 0 vmmpekpl 168 10370 0 10335 3 0 3 3 0 8 0 vmmpepl 168 72451 0 71337 102 0 102 102 0 357 29 vmsppl 368 993 0 979 4 0 4 4 0 8 2 rwobjpl 40 21656 0 20904 15 0 15 15 0 8 2 pdppl 4096 1994 0 1958 104 52 52 82 0 8 16 pvpl 32 434523 0 428992 136 0 136 136 0 265 50 pmappl 216 993 0 979 3 0 3 3 0 8 2 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 458 0 126 13 0 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ffs_freefile(fffffd806ea56d00,cc02,2000) at ffs_freefile+0x11e ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline] ffs_freefile(fffffd806ea56d00,cc02,2000) at ffs_freefile+0x11e sys/ufs/ffs/ffs_alloc.c:1377 ffs_inode_free(fffffd806ea56d00,cc02,2000) at ffs_inode_free+0x44 sys/ufs/ffs/ffs_alloc.c:1355 ufs_inactive(ffff80002a7d1c30) at ufs_inactive+0x299 sys/ufs/ufs/ufs_inode.c:94 VOP_INACTIVE(fffffd806cc11bd0,ffff80002a776d08) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498 vput(fffffd806cc11bd0) at vput+0xdc sys/kern/vfs_subr.c:789 VOP_REMOVE(fffffd806ae16cd0,fffffd806cc11bd0,ffff80002a7d1d98) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336 dounlinkat(ffff80002a776d08,ffffff9c,74c47b570bd0,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1929 syscall(ffff80002a7d1f00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a7d1f00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x74c47b571080, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace ffs_freefile(fffffd806ea56d00,cc02,2000) at ffs_freefile+0x11e ffs_cgread sys/ufs/ffs/ffs_alloc.c:856 [inline] ffs_freefile(fffffd806ea56d00,cc02,2000) at ffs_freefile+0x11e sys/ufs/ffs/ffs_alloc.c:1377 ffs_inode_free(fffffd806ea56d00,cc02,2000) at ffs_inode_free+0x44 sys/ufs/ffs/ffs_alloc.c:1355 ufs_inactive(ffff80002a7d1c30) at ufs_inactive+0x299 sys/ufs/ufs/ufs_inode.c:94 VOP_INACTIVE(fffffd806cc11bd0,ffff80002a776d08) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498 vput(fffffd806cc11bd0) at vput+0xdc sys/kern/vfs_subr.c:789 VOP_REMOVE(fffffd806ae16cd0,fffffd806cc11bd0,ffff80002a7d1d98) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336 dounlinkat(ffff80002a776d08,ffffff9c,74c47b570bd0,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1929 syscall(ffff80002a7d1f00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a7d1f00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x74c47b571080, count: -9