uvm_fault(0xffffffff82a7f578, 0xffff800017c1f004, 0, 1) -> d kernel: page fault trap, code=0 Stopped at ufs_lookup+0x4ce: movzwl 0x4(%r15,%r13,1),%ebx TID PID UID PRFLAGS PFLAGS CPU COMMAND *108673 89921 0 0x2 0 0 syz-executor.1 ufs_lookup() at ufs_lookup+0x4ce sys/ufs/ufs/ufs_lookup.c:281 VOP_LOOKUP(fffffd805c4414d8,ffff800027f7fcc8,ffff800027f7fcf8) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 vfs_lookup(ffff800027f7fc98) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561 namei(ffff800027f7fc98) at namei+0x36a sys/kern/vfs_lookup.c:245 dounlinkat(ffff80002168d270,ffffff9c,7f7fffffb7d0,8) at dounlinkat+0x99 sys/kern/vfs_syscalls.c:1850 syscall(ffff800027f7fe70) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7c0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff82a7f578, 0xffff800017c1f004, 0, 1) -> d ddb> trace ufs_lookup() at ufs_lookup+0x4ce sys/ufs/ufs/ufs_lookup.c:281 VOP_LOOKUP(fffffd805c4414d8,ffff800027f7fcc8,ffff800027f7fcf8) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 vfs_lookup(ffff800027f7fc98) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561 namei(ffff800027f7fc98) at namei+0x36a sys/kern/vfs_lookup.c:245 dounlinkat(ffff80002168d270,ffffff9c,7f7fffffb7d0,8) at dounlinkat+0x99 sys/kern/vfs_syscalls.c:1850 syscall(ffff800027f7fe70) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7c0, count: -7 ddb> show registers rdi 0 rsi 0 rbp 0xffff800027f7fad0 rbx 0 rdx 0 rcx 0xffffffff rax 0xfffffd807d8d15a8 r8 0xffffffffffffffff r9 0xfffffd807f7d77e0 r10 0x2c864083eed40e30 r11 0xb3ac4963cc3c6034 r12 0 r13 0 r14 0 r15 0xffff800017c1f000 rip 0xffffffff8243840e ufs_lookup+0x4ce cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff800027f7f9d0 ss 0x10 ufs_lookup+0x4ce: movzwl 0x4(%r15,%r13,1),%ebx ddb> show proc PROC (syz-executor.1) pid=108673 stat=onproc flags process=2 proc=0 pri=32, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff800029958008,0xffff80002168d7c0 process=0xffff80002531b3d0 user=0xffff800027f7a000, vmspace=0xfffffd807d887008 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 26125 492636 1947 0 2 0 syz-executor.3 26089 427637 90282 0 2 0 syz-executor.0 26089 439370 90282 0 3 0x4000080 fsleep syz-executor.0 91060 436995 33170 0 2 0 syz-executor.4 91060 87075 33170 0 3 0x4000080 fsleep syz-executor.4 17120 279019 89913 0 2 0 syz-executor.7 17120 348020 89913 0 2 0x4000000 syz-executor.7 96859 272805 14440 0 2 0 syz-executor.6 96859 467809 14440 0 3 0x4000080 fsleep syz-executor.6 *89921 108673 6246 0 7 0x2 syz-executor.1 63047 28269 6246 0 2 0x2 syz-executor.2 90282 315180 6246 0 2 0x482 syz-executor.0 14440 320705 6246 0 2 0x482 syz-executor.6 89913 498088 6246 0 2 0x482 syz-executor.7 83831 165968 6246 0 2 0x2 syz-executor.5 1947 315433 6246 0 2 0x482 syz-executor.3 33170 157307 6246 0 2 0x482 syz-executor.4 70469 462622 0 0 3 0x14280 nfsidl nfsio 54437 88604 0 0 3 0x14280 nfsidl nfsio 50046 396571 0 0 3 0x14280 nfsidl nfsio 11028 73360 0 0 3 0x14280 nfsidl nfsio 16041 365473 0 0 3 0x14280 nfsidl nfsio 62688 438552 0 0 3 0x14280 nfsidl nfsio 1336 210688 0 0 3 0x14280 nfsidl nfsio 25507 346533 0 0 3 0x14280 nfsidl nfsio 71248 70058 0 0 3 0x14280 nfsidl nfsio 86843 415060 0 0 3 0x14280 nfsidl nfsio 68985 390566 0 0 3 0x14280 nfsidl nfsio 51909 291899 0 0 3 0x14280 nfsidl nfsio 63197 393940 0 0 3 0x14280 nfsidl nfsio 37166 243818 0 0 3 0x14280 nfsidl nfsio 78568 376434 0 0 3 0x14280 nfsidl nfsio 64 135399 0 0 3 0x14280 nfsidl nfsio 69207 331538 0 0 3 0x14280 nfsidl nfsio 65918 192303 0 0 3 0x14280 nfsidl nfsio 69792 269301 0 0 3 0x14280 nfsidl nfsio 88341 53266 0 0 3 0x14280 nfsidl nfsio 6796 220573 0 0 3 0x14200 bored sosplice 38480 320893 1 0 3 0x100083 ttyopn getty 6246 241027 62202 0 3 0x82 thrsleep syz-fuzzer 6246 322594 62202 0 2 0x4000482 syz-fuzzer 6246 83701 62202 0 3 0x4000082 thrsleep syz-fuzzer 6246 357978 62202 0 2 0x4000002 syz-fuzzer 6246 67320 62202 0 3 0x4000082 thrsleep syz-fuzzer 6246 38811 62202 0 3 0x4000082 thrsleep syz-fuzzer 6246 41124 62202 0 3 0x4000082 thrsleep syz-fuzzer 6246 137153 62202 0 3 0x4000082 thrsleep syz-fuzzer 6246 13285 62202 0 3 0x4000082 thrsleep syz-fuzzer 62202 154128 47539 0 3 0x10008a sigsusp ksh 47539 334784 26961 0 2 0x12 sshd 26961 434939 1 0 3 0x88 kqread sshd 59686 228703 16459 73 2 0x1100010 syslogd 16459 485658 1 0 3 0x100082 netio syslogd 14796 468871 1 0 3 0x100080 kqread resolvd 18572 55402 56624 77 3 0x100092 kqread dhcpleased 68864 157046 56624 77 3 0x100092 kqread dhcpleased 56624 119363 1 0 3 0x80 kqread dhcpleased 91683 360696 0 0 3 0x14200 bored smr 31151 381546 0 0 2 0x14200 zerothread 55068 404361 0 0 3 0x14200 aiodoned aiodoned 47349 301463 0 0 3 0x14200 syncer update 79845 145368 0 0 3 0x14200 cleaner cleaner 19929 409698 0 0 3 0x14200 reaper reaper 98486 377724 0 0 3 0x14200 pgdaemon pagedaemon 70966 385496 0 0 3 0x14200 bored viomb 67839 35847 0 0 3 0x40014200 acpi0 acpi0 19160 65241 0 0 3 0x14200 bored softnet 8930 385742 0 0 3 0x14200 bored softnet 75002 456262 0 0 3 0x14200 bored softnet 83334 415165 0 0 2 0x14200 softnet 91789 53861 0 0 3 0x14200 bored systqmp 56440 408470 0 0 3 0x14200 bored systq 76202 286185 0 0 2 0x40014200 softclock 58298 59649 0 0 3 0x40014200 idle0 1 379978 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10209 6427K 8844K 78643K 27792 0 pcb 13 14K 16K 78643K 1113 0 rtable 196 11K 13K 78643K 4109 0 ifaddr 93 23K 23K 78643K 1571 0 sysctl 2 0K 0K 78643K 6 0 counters 25 17K 17K 78643K 178 0 ioctlops 0 0K 4K 78643K 1640 0 iov 0 0K 24K 78643K 1258 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1527 95K 96K 78643K 7086 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 84 0 VM map 2 0K 0K 78643K 2 0 sem 29 2K 2K 78643K 369 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 73K 78643K 9462 0 sigio 0 0K 0K 78643K 558 0 proc 59 59K 83K 78643K 2251 0 subproc 104 6K 6K 78643K 780 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 323 0 in_multi 81 5K 7K 78643K 838 0 ether_multi 1 0K 0K 78643K 45 0 mrt 1 0K 0K 78643K 30 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 247 1102K 1102K 78643K 247 0 exec 0 0K 2K 78643K 4364 0 pfkey data 0 0K 0K 78643K 67 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 416 797K 1108K 78643K 51477 0 UVM aobj 131 4K 4K 78643K 141 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 233 0 NDP 12 0K 1K 78643K 292 0 temp 156 4782K 21152K 78643K 117139 0 kqueue 12 18K 26K 78643K 707 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1225 0 1222 14 13 1 3 0 8 0 rtentry 112 816 0 734 4 1 3 4 0 8 0 unpcb 136 22016 0 22003 102 98 4 11 0 8 3 syncache 296 33 0 33 11 11 0 1 0 8 0 tcpqe 32 77 24 77 6 6 0 1 0 8 0 tcpcb 736 2392 0 2384 95 86 9 16 0 8 7 arp 88 143 0 129 1 0 1 1 0 8 0 ipq 40 11 0 11 3 3 0 1 0 8 0 ipqe 40 15 0 15 3 3 0 1 0 8 0 inpcb 312 7198 0 7187 103 96 7 12 0 8 5 nd6 48 201 0 182 1 0 1 1 0 8 0 pkpcb 40 55 0 55 5 5 0 1 0 8 0 kcovpl 48 60 0 52 1 0 1 1 0 8 0 ppxss 1152 47 0 47 9 8 1 1 0 8 1 pfstscr 40 25 0 18 1 0 1 1 0 8 0 pfosfp 40 4 0 3 1 0 1 1 0 8 0 pfosfpen 112 4 0 3 1 0 1 1 0 8 0 pfrktable 1344 628 0 626 5 4 1 2 0 8 0 pftag 88 13 0 5 1 0 1 1 0 8 0 pfstitem 24 20 0 6 1 0 1 1 0 8 0 pfstkey 112 58 0 56 1 0 1 1 0 8 0 pfstate 336 32 0 25 1 0 1 1 0 8 0 pfrule 1360 541 0 520 7 5 2 3 0 8 0 rttmr 64 6 0 6 2 2 0 1 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 3425 0 3044 48 24 24 30 0 8 0 art_table 32 3427 0 3045 4 0 4 4 0 8 0 art_node 16 815 0 744 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 3 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 347 0 320 1 0 1 1 0 8 0 shmpl 112 138 0 10 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 13660 0 12184 93 0 93 93 0 8 0 ffsino 240 13660 0 12184 88 0 88 88 0 8 0 nchpl 144 26336 0 24705 63 0 63 63 0 8 0 uvmvnodes 80 6003 0 0 123 0 123 123 0 8 0 vnodes 224 6003 0 0 354 0 354 354 0 8 0 namei 1024 98472 0 98471 9 8 1 2 0 8 0 vcpupl 1984 48 0 0 6 0 6 6 0 8 0 vmpool 528 68 0 20 4 0 4 4 0 8 0 pfiaddrpl 120 184 0 184 2 2 0 1 0 8 0 kstatmem 264 330 0 306 2 0 2 2 0 8 0 scsiplug 72 15 0 15 4 4 0 1 0 8 0 scxspl 216 86209 0 86209 19 18 1 8 0 8 1 plimitpl 152 1098 0 1084 1 0 1 1 0 8 0 sigapl 424 9653 0 9590 8 0 8 8 0 8 0 futexpl 64 98810 0 98807 8 7 1 1 0 8 0 knotepl 120 111625 0 111544 57 53 4 17 0 8 0 kqueuepl 184 2632 0 2624 30 29 1 4 0 8 0 pipepl 304 2326 0 2298 63 60 3 8 0 8 0 fdescpl 432 9616 0 9590 4 0 4 4 0 8 0 filepl 120 79763 0 79527 106 96 10 17 0 8 2 lockfpl 104 2250 0 2248 5 4 1 2 0 8 0 lockfspl 48 680 0 678 1 0 1 1 0 8 0 sessionpl 144 76 0 60 1 0 1 1 0 8 0 pgrppl 48 108 0 92 1 0 1 1 0 8 0 ucredpl 96 7058 0 7046 1 0 1 1 0 8 0 zombiepl 144 9590 0 9590 2 1 1 1 0 8 1 processpl 1000 9653 0 9590 10 1 9 9 0 8 0 procpl 672 23230 0 23155 16 8 8 9 0 8 0 sosppl 168 49 0 49 9 9 0 1 0 8 0 sockpl 448 30501 0 30474 573 562 11 38 0 8 7 mcl64k 65536 268 0 268 16 15 1 1 0 8 1 mcl16k 16384 88 0 88 21 20 1 1 0 8 1 mcl12k 12288 300 0 300 19 18 1 1 0 8 1 mcl9k 9216 96 0 96 22 21 1 1 0 8 1 mcl8k 8192 533 0 533 20 19 1 1 0 8 1 mcl4k 4096 1070 0 1069 16 15 1 1 0 8 0 mcl2k2 2112 56 0 56 20 19 1 1 0 8 1 mcl2k 2048 86695 0 86648 40 31 9 16 0 8 1 mtagpl 96 1798 0 1443 19 8 11 13 0 8 0 mbufpl 256 209155 0 208579 142 99 43 57 0 8 0 bufpl 288 19882 0 13475 458 0 458 458 0 8 0 anonpl 24 1768467 0 1752397 221 89 132 136 0 188 11 amapchunkpl 152 267907 0 267297 1400 1373 27 655 0 158 0 amappl16 200 24997 0 24333 97 50 47 49 0 8 8 amappl15 192 787 0 784 1 0 1 1 0 8 0 amappl14 184 1380 0 1375 1 0 1 1 0 8 0 amappl13 176 1047 0 1046 1 0 1 1 0 8 0 amappl12 168 473 0 469 4 3 1 1 0 8 0 amappl11 160 1104 0 1085 1 0 1 1 0 8 0 amappl10 152 2253 0 2250 1 0 1 1 0 8 0 amappl9 144 2109 0 2103 1 0 1 1 0 8 0 amappl8 136 2337 0 2227 5 1 4 4 0 8 0 amappl7 128 1096 0 1085 1 0 1 1 0 8 0 amappl6 120 2119 0 2096 2 1 1 2 0 8 0 amappl5 112 9372 0 9355 1 0 1 1 0 8 0 amappl4 104 3887 0 3852 2 0 2 2 0 8 0 amappl3 96 26955 0 26909 2 0 2 2 0 8 0 amappl2 88 11357 0 11295 3 1 2 3 0 8 0 amappl1 80 223599 0 222999 24 9 15 19 0 8 0 amappl 88 49918 0 49720 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 140 0 10 3 0 3 3 0 8 0 uaddrrnd 24 9684 0 9610 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9684 0 9610 1 0 1 1 0 8 0 vmmpekpl 168 69731 0 69667 4 0 4 4 0 8 0 vmmpepl 168 942194 0 939564 266 129 137 153 0 357 3 vmsppl 272 9683 0 9610 8 2 6 6 0 8 0 rwobjpl 24 222060 0 214228 50 1 49 49 0 8 0 pdppl 4096 19374 0 19268 708 596 112 112 0 8 6 pvpl 32 3680184 0 3660287 454 248 206 241 0 265 17 pmappl 216 9683 0 9610 6 1 5 5 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 2454 0 1581 26 0 26 26 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ufs_lookup() at ufs_lookup+0x4ce sys/ufs/ufs/ufs_lookup.c:281 VOP_LOOKUP(fffffd805c4414d8,ffff800027f7fcc8,ffff800027f7fcf8) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 vfs_lookup(ffff800027f7fc98) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561 namei(ffff800027f7fc98) at namei+0x36a sys/kern/vfs_lookup.c:245 dounlinkat(ffff80002168d270,ffffff9c,7f7fffffb7d0,8) at dounlinkat+0x99 sys/kern/vfs_syscalls.c:1850 syscall(ffff800027f7fe70) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7c0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace ufs_lookup() at ufs_lookup+0x4ce sys/ufs/ufs/ufs_lookup.c:281 VOP_LOOKUP(fffffd805c4414d8,ffff800027f7fcc8,ffff800027f7fcf8) at VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 vfs_lookup(ffff800027f7fc98) at vfs_lookup+0x6cc sys/kern/vfs_lookup.c:561 namei(ffff800027f7fc98) at namei+0x36a sys/kern/vfs_lookup.c:245 dounlinkat(ffff80002168d270,ffffff9c,7f7fffffb7d0,8) at dounlinkat+0x99 sys/kern/vfs_syscalls.c:1850 syscall(ffff800027f7fe70) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7c0, count: -7