uvm_fault(0xffffffff836190a8, 0xffff800016fd2004, 0, 1) -> d kernel: page fault trap, code=0 Stopped at ufs_lookup+0x5e1: movzwl 0x4(%r15,%rbx,1),%r14d TID PID UID PRFLAGS PFLAGS CPU COMMAND *113885 99909 0 0 0 0K syz-executor 205379 96444 0 0x2 0 1 syz-executor ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd80718bccd0,ffff80002a0daab8,ffff80002a0daae8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a0daa88) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a0daa88) at namei+0x7aa sys/kern/vfs_lookup.c:250 sys_chdir(ffff80003138b470,ffff80002a0dac60,ffff80002a0dabb0) at sys_chdir+0x88 change_dir sys/kern/vfs_syscalls.c:839 [inline] sys_chdir(ffff80003138b470,ffff80002a0dac60,ffff80002a0dabb0) at sys_chdir+0x88 sys/kern/vfs_syscalls.c:785 syscall(ffff80002a0dac60) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a0dac60) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7df541cd5dc0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff836190a8, 0xffff800016fd2004, 0, 1) -> d ddb{0}> trace ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd80718bccd0,ffff80002a0daab8,ffff80002a0daae8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a0daa88) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a0daa88) at namei+0x7aa sys/kern/vfs_lookup.c:250 sys_chdir(ffff80003138b470,ffff80002a0dac60,ffff80002a0dabb0) at sys_chdir+0x88 change_dir sys/kern/vfs_syscalls.c:839 [inline] sys_chdir(ffff80003138b470,ffff80002a0dac60,ffff80002a0dabb0) at sys_chdir+0x88 sys/kern/vfs_syscalls.c:785 syscall(ffff80002a0dac60) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a0dac60) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7df541cd5dc0, count: -7 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a0da8d0 rbx 0 rdx 0 rcx 0xffffffff rax 0xfffffd8070400378 r8 0xffffffffffffffff r9 0xfffffd807f7d3410 r10 0x1c0041c51371d082 r11 0x2a8e57438ff443de r12 0 r13 0xfffffd8067085aa8 r14 0 r15 0xffff800016fd2000 rip 0xffffffff821da6c1 ufs_lookup+0x5e1 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80002a0da7c0 ss 0x10 ufs_lookup+0x5e1: movzwl 0x4(%r15,%rbx,1),%r14d ddb{0}> show proc PROC (syz-executor) tid=113885 pid=99909 tcnt=1 stat=onproc flags process=0 proc=0 runpri=50, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffffd1c8,0xffffffff834fd8e0 process=0xffff80002d5756c0 user=0xffff80002a0d5000, vmspace=0xfffffd80681e3898 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *99909 113885 15501 0 7 0 syz-executor 29965 378094 11746 0 2 0 syz-executor 29965 65292 11746 0 2 0x4000000 syz-executor 29965 69285 11746 0 3 0x4000080 fsleep syz-executor 3872 452997 7682 0 3 0x80 nanoslp syz-executor 3872 150873 7682 0 3 0x4000080 pipewr syz-executor 3872 146557 7682 0 3 0x4000080 fsleep syz-executor 38227 214791 53557 0 2 0 syz-executor 38227 61528 53557 0 3 0x4000080 kqsel syz-executor 38227 88823 53557 0 3 0x4000080 fsleep syz-executor 38227 476902 53557 0 3 0x4000080 fsleep syz-executor 53557 72271 96444 0 3 0x82 nanoslp syz-executor 71722 464660 96444 0 2 0x2 syz-executor 15501 177262 96444 0 3 0x82 nanoslp syz-executor 7682 467917 96444 0 3 0x82 nanoslp syz-executor 11746 295362 96444 0 3 0x82 nanoslp syz-executor 35478 15863 96444 0 3 0x82 wait syz-executor 6349 146564 96444 0 2 0x2 syz-executor 67093 251020 0 0 3 0x14200 acct acct 79668 219252 1 0 3 0x100083 ttyopn getty 32031 208751 0 0 3 0x14280 nfsidl nfsio 92601 192436 0 0 3 0x14280 nfsidl nfsio 69925 331735 0 0 3 0x14280 nfsidl nfsio 67495 158237 0 0 3 0x14280 nfsidl nfsio 11608 206478 0 0 3 0x14280 nfsidl nfsio 15703 311012 0 0 3 0x14280 nfsidl nfsio 8523 225205 0 0 3 0x14280 nfsidl nfsio 19945 271438 0 0 3 0x14280 nfsidl nfsio 19079 314756 0 0 3 0x14280 nfsidl nfsio 63972 423574 0 0 3 0x14280 nfsidl nfsio 91542 239083 0 0 3 0x14280 nfsidl nfsio 49209 276521 0 0 3 0x14280 nfsidl nfsio 66034 102818 0 0 3 0x14280 nfsidl nfsio 37925 402802 0 0 3 0x14280 nfsidl nfsio 33908 512945 0 0 3 0x14280 nfsidl nfsio 18638 310298 0 0 3 0x14280 nfsidl nfsio 23815 66768 0 0 3 0x14280 nfsidl nfsio 74908 172609 0 0 3 0x14280 nfsidl nfsio 14615 461717 0 0 3 0x14280 nfsidl nfsio 42936 468835 0 0 3 0x14280 nfsidl nfsio 67616 381543 0 0 3 0x14200 bored sosplice 96444 205379 25713 0 7 0x2 syz-executor 25713 516858 34244 0 3 0x10008a sigsusp ksh 34244 173354 2228 0 3 0x98 kqread sshd-session 2228 55663 76391 0 3 0x92 kqread sshd-session 76391 395762 1 0 3 0x88 kqread sshd 56041 486602 80174 74 3 0x1100092 bpf pflogd 80174 428472 1 0 3 0x80 sbwait pflogd 36955 96402 72722 73 3 0x1100090 kqread syslogd 72722 240320 1 0 3 0x100082 sbwait syslogd 30978 323242 1 0 3 0x100080 kqread resolvd 58618 27707 18693 77 3 0x100092 kqread dhcpleased 35951 126756 18693 77 3 0x100092 kqread dhcpleased 18693 435292 1 0 3 0x80 kqread dhcpleased 61615 449430 0 0 3 0x14200 bored smr 52772 291722 0 0 2 0x14200 zerothread 32158 172172 0 0 3 0x14200 aiodoned aiodoned 37975 117706 0 0 3 0x14200 syncer update 68509 137257 0 0 3 0x14200 cleaner cleaner 62971 363745 0 0 3 0x14200 reaper reaper 97177 190896 0 0 3 0x14200 pgdaemon pagedaemon 19698 372361 0 0 3 0x14200 bored viomb 41048 234661 0 0 3 0x40014200 acpi0 acpi0 50436 154471 0 0 3 0x40014200 idle1 54077 259540 0 0 3 0x14200 bored softnet3 54239 146638 0 0 3 0x14200 bored softnet2 66823 372170 0 0 3 0x14200 bored softnet1 71994 251742 0 0 3 0x14200 bored softnet0 37330 10726 0 0 3 0x14200 bored systqmp 48453 260104 0 0 3 0x14200 bored systq 99385 250986 0 0 3 0x14200 tmoslp softclockmp 36112 342439 0 0 3 0x40014200 tmoslp softclock 60567 392522 0 0 3 0x40014200 idle0 1 259992 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 99909 (syz-executor) thread 0xffff80003138b470 (113885) Process 71722 (syz-executor) thread 0xffff8000ffff62a8 (464660) Process 6349 (syz-executor) thread 0xffff8000ffffc520 (146564) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10248 10190K 10444K 166960K 12982 0 pcb 17 14K 16K 166960K 310 0 rtable 226 8K 8K 166960K 2202 0 pf 42 18K 22K 166960K 213 0 ifaddr 46 8K 8K 166960K 284 0 ifgroup 68 2K 2K 166960K 314 0 sysctl 2 0K 0K 166960K 2 0 counters 70 37K 37K 166960K 200 0 ioctlops 0 0K 4K 166960K 1782 0 iov 0 0K 16K 166960K 195 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1500 94K 95K 166960K 3208 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 21 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 100 0 dirhash 12 2K 2K 166960K 39 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 16 57K 93K 166960K 1947 0 sigio 0 0K 0K 166960K 20 0 proc 72 91K 128K 166960K 2113 0 subproc 104 6K 6K 166960K 796 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 294 0 in_multi 99 7K 7K 166960K 722 0 ether_multi 1 0K 0K 166960K 5 0 mrt 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 1K 166960K 1362 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 227 72K 91K 166960K 16928 0 UVM aobj 13 2K 2K 166960K 14 0 pinsyscall 41 82K 104K 166960K 4424 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 63 0 NDP 15 0K 1K 166960K 203 0 temp 69 6822K 6947K 166960K 81510 0 kqueue 14 22K 30K 166960K 197 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 216 0 213 1 0 1 1 0 8 0 rtentry 112 734 0 634 3 0 3 3 0 8 0 unpcb 144 1203 0 1186 19 13 6 6 0 8 5 syncache 336 9 0 9 4 4 0 1 0 8 0 tcpqe 32 7 0 7 4 4 0 1 0 8 0 tcpcb 808 453 0 446 17 15 2 8 0 8 1 arp 120 134 0 115 1 0 1 1 0 8 0 inpcb 336 1627 0 1610 27 20 7 13 0 8 5 nd6 136 186 0 161 1 0 1 1 0 8 0 pkpcb 40 75 0 75 4 3 1 1 0 8 1 kcovpl 48 61 0 53 1 0 1 1 0 8 0 ppxss 1168 9 0 9 7 6 1 1 0 8 1 pffrag 232 11 0 7 2 1 1 1 0 482 0 pffrnode 88 11 0 7 2 1 1 1 0 8 0 pffrent 40 82 0 78 2 1 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1288 2 0 1 2 1 1 1 0 8 0 pftag 88 1 0 1 1 0 1 1 0 8 1 pfstitem 24 173 0 126 1 0 1 1 0 8 0 pfstkey 128 175 0 128 3 1 2 2 0 8 0 pfstate 376 173 0 127 7 2 5 5 0 8 0 pfrule 1344 35 0 26 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 2913 0 2460 34 5 29 30 0 8 0 art_table 32 2915 0 2460 4 0 4 4 0 8 0 art_node 16 732 0 642 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 7 1 0 1 1 0 8 0 semapl 112 97 0 87 1 0 1 1 0 8 0 shmpl 112 11 0 1 1 0 1 1 0 8 0 dirhash 1024 35 0 18 3 0 3 3 0 8 0 dino2pl 256 3684 0 2072 102 0 102 102 0 8 0 ffsino 272 3684 0 2072 109 1 108 108 0 8 0 nchpl 144 5571 0 4915 65 40 25 63 0 8 0 uvmvnodes 80 5155 0 0 106 0 106 106 0 8 0 vnodes 216 5155 0 0 287 0 287 287 0 8 0 namei 1024 23751 0 23749 12 11 1 3 0 8 0 percpumem 16 114 0 65 1 0 1 1 0 8 0 kstatmem 264 160 0 130 5 2 3 3 0 8 0 scsiplug 72 3 0 3 3 2 1 1 0 8 1 scxspl 216 43351 0 43351 11 10 1 8 1 8 1 plimitpl 152 339 0 322 1 0 1 1 0 8 0 sigapl 424 2172 0 2102 11 2 9 9 0 8 0 futexpl 64 16500 0 16496 6 5 1 1 0 8 0 knotepl 120 677 0 0 17 0 17 17 0 8 0 kqueuepl 216 383 0 372 1 0 1 1 0 8 0 pipepl 320 407 0 379 5 2 3 5 0 8 0 fdescpl 496 2130 0 2100 8 3 5 5 0 8 0 filepl 152 11999 0 11740 45 27 18 18 0 8 5 lockfpl 104 610 0 604 2 0 2 2 0 8 1 lockfspl 48 279 0 274 1 0 1 1 0 8 0 sessionpl 144 81 0 72 1 0 1 1 0 8 0 pgrppl 48 152 0 135 1 0 1 1 0 8 0 ucredpl 104 1816 0 1802 1 0 1 1 0 8 0 zombiepl 144 2532 0 2530 2 1 1 1 0 8 0 processpl 1160 2172 0 2102 6 0 6 6 0 8 0 procpl 648 3996 0 3919 9 1 8 8 0 8 0 srpgc 96 6 0 6 2 1 1 1 0 8 1 sosppl 168 11 0 10 6 5 1 1 0 8 0 sockpl 664 3136 0 3100 53 41 12 15 0 8 8 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 245 0 0 31 1 30 31 0 8 0 mtagpl 96 11 0 0 1 0 1 1 0 8 0 mbufpl 256 406 0 0 18 0 18 18 0 8 0 bufpl 280 10114 0 3703 516 8 508 516 0 8 0 anonpl 24 352074 0 347948 114 48 66 81 0 185 25 amapchunkpl 152 54500 0 53995 55 20 35 36 0 158 10 amappl16 200 6864 0 6844 37 25 12 15 0 8 8 amappl15 192 14 0 14 2 2 0 1 0 8 0 amappl14 184 235 0 223 1 0 1 1 0 8 0 amappl13 176 12 0 12 1 1 0 1 0 8 0 amappl12 168 3621 0 3593 3 1 2 2 0 8 0 amappl11 160 72 0 58 1 0 1 1 0 8 0 amappl10 152 8 0 8 1 1 0 1 0 8 0 amappl9 144 151 0 151 1 1 0 1 0 8 0 amappl8 136 29 0 26 1 0 1 1 0 8 0 amappl7 128 222 0 209 1 0 1 1 0 8 0 amappl6 120 692 0 690 1 0 1 1 0 8 0 amappl5 112 353 0 342 1 0 1 1 0 8 0 amappl4 104 504 0 484 1 0 1 1 0 8 0 amappl3 96 10554 0 10453 4 0 4 4 0 8 0 amappl2 88 1473 0 1402 2 0 2 2 0 8 0 amappl1 80 17369 0 16809 16 1 15 16 0 8 0 amappl 88 16034 0 15869 5 0 5 5 0 92 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 7 0 7 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 21 0 20 1 0 1 1 0 8 0 aobjpl 72 13 0 1 1 0 1 1 0 8 0 uaddrrnd 24 2130 0 2100 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2130 0 2100 1 0 1 1 0 8 0 vmmpekpl 168 18309 0 18244 5 1 4 4 0 8 0 vmmpepl 168 137507 0 135746 125 30 95 96 0 357 10 vmsppl 440 2129 0 2100 7 3 4 5 0 8 0 rwobjpl 56 45895 0 39804 89 2 87 87 0 8 0 pdppl 4096 4267 0 4200 174 103 71 85 0 8 4 pvpl 32 32586 0 0 262 0 262 262 0 265 0 pmappl 248 2129 0 2100 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 549 0 170 12 1 11 12 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd80718bccd0,ffff80002a0daab8,ffff80002a0daae8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a0daa88) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a0daa88) at namei+0x7aa sys/kern/vfs_lookup.c:250 sys_chdir(ffff80003138b470,ffff80002a0dac60,ffff80002a0dabb0) at sys_chdir+0x88 change_dir sys/kern/vfs_syscalls.c:839 [inline] sys_chdir(ffff80003138b470,ffff80002a0dac60,ffff80002a0dabb0) at sys_chdir+0x88 sys/kern/vfs_syscalls.c:785 syscall(ffff80002a0dac60) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a0dac60) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7df541cd5dc0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8362f2d8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8362f2d8) at __mp_lock+0x192 sys/kern/kern_lock.c:144 syscall(ffff80002a070250) at syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a070250) at syscall+0xad6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7beb95171a90, count: 9 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8362f2d8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8362f2d8) at __mp_lock+0x192 sys/kern/kern_lock.c:144 syscall(ffff80002a070250) at syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a070250) at syscall+0xad6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7beb95171a90, count: -6