uvm_fault(0xffffffff8354a888, 0xffff80001e372004, 0, 1) -> d kernel: page fault trap, code=0 Stopped at ufs_lookup+0x5e1: movzwl 0x4(%r15,%rbx,1),%r14d TID PID UID PRFLAGS PFLAGS CPU COMMAND * 49604 76540 0 0x10 0x4000000 0K syz-executor ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd8078784108,ffff80002a1443c8,ffff80002a1443f8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a144398) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a144398) at namei+0x7aa sys/kern/vfs_lookup.c:250 sys_chdir(ffff800034192550,ffff80002a144570,ffff80002a1444c0) at sys_chdir+0x88 change_dir sys/kern/vfs_syscalls.c:839 [inline] sys_chdir(ffff800034192550,ffff80002a144570,ffff80002a1444c0) at sys_chdir+0x88 sys/kern/vfs_syscalls.c:785 syscall(ffff80002a144570) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a144570) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3e8ff3479b0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff8354a888, 0xffff80001e372004, 0, 1) -> d ddb{0}> trace ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd8078784108,ffff80002a1443c8,ffff80002a1443f8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a144398) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a144398) at namei+0x7aa sys/kern/vfs_lookup.c:250 sys_chdir(ffff800034192550,ffff80002a144570,ffff80002a1444c0) at sys_chdir+0x88 change_dir sys/kern/vfs_syscalls.c:839 [inline] sys_chdir(ffff800034192550,ffff80002a144570,ffff80002a1444c0) at sys_chdir+0x88 sys/kern/vfs_syscalls.c:785 syscall(ffff80002a144570) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a144570) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3e8ff3479b0, count: -7 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a1441e0 rbx 0 rdx 0xffff8000011e3400 rcx 0xffffffff rax 0xfffffd80676e6b18 r8 0xffffffffffffffff r9 0xfffffd807f7d3478 r10 0x457cb11761d00268 r11 0xeb5918e41ab8cab r12 0 r13 0xfffffd805cf69670 r14 0 r15 0xffff80001e372000 rip 0xffffffff829bc8c1 ufs_lookup+0x5e1 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80002a1440d0 ss 0x10 ufs_lookup+0x5e1: movzwl 0x4(%r15,%rbx,1),%r14d ddb{0}> show proc PROC (syz-executor) tid=49604 pid=76540 tcnt=2 stat=onproc flags process=10 proc=4000000 runpri=36, usrpri=86, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000341927d8,0xffff800034193c28 process=0xffff8000371cb1f8 user=0xffff80002a13f000, vmspace=0xfffffd806b8188a8 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 32496 256800 56965 0 2 0 syz-executor 32496 171773 56965 0 3 0x4000080 nanoslp syz-executor 32496 468215 56965 0 2 0x4000000 syz-executor 49720 253141 35887 0 2 0 syz-executor 49720 234065 35887 0 2 0x4000000 syz-executor 76540 463550 89129 0 2 0x10 syz-executor *76540 49604 89129 0 7 0x4000010 syz-executor 23863 123305 1 0 3 0x100083 ttyin getty 56965 170067 4700 0 3 0x82 nanoslp syz-executor 89129 260660 4700 0 3 0x82 nanoslp syz-executor 35887 502587 4700 0 3 0x82 nanoslp syz-executor 36515 175654 4700 0 3 0x82 nanoslp syz-executor 8462 124843 4700 0 3 0x82 nanoslp syz-executor 93473 434891 0 0 3 0x14280 nfsidl nfsio 50374 144061 0 0 3 0x14280 nfsidl nfsio 86978 334038 0 0 3 0x14280 nfsidl nfsio 76558 24625 0 0 3 0x14280 nfsidl nfsio 29714 517928 0 0 3 0x14280 nfsidl nfsio 70402 313603 0 0 3 0x14280 nfsidl nfsio 14763 157451 0 0 3 0x14280 nfsidl nfsio 36213 253174 0 0 3 0x14280 nfsidl nfsio 21296 70938 0 0 3 0x14280 nfsidl nfsio 76949 435 0 0 3 0x14280 nfsidl nfsio 80246 241293 0 0 3 0x14280 nfsidl nfsio 1625 207644 0 0 3 0x14280 nfsidl nfsio 35404 67536 0 0 3 0x14280 nfsidl nfsio 86757 153015 0 0 3 0x14280 nfsidl nfsio 21914 272635 0 0 3 0x14280 nfsidl nfsio 85115 205533 0 0 3 0x14280 nfsidl nfsio 95538 433512 0 0 3 0x14280 nfsidl nfsio 75677 34556 0 0 3 0x14280 nfsidl nfsio 19693 378116 0 0 3 0x14280 nfsidl nfsio 70737 330424 0 0 3 0x14280 nfsidl nfsio 25928 120057 1 0 3 0x80 fsleep syz-executor 25928 164586 1 0 3 0x4000080 fsleep syz-executor 25928 150131 1 0 3 0x4000080 sbwait syz-executor 25928 392451 1 0 3 0x4000000 sbufrcv syz-executor 32762 513466 0 0 3 0x14200 bored sosplice 4700 463399 9344 0 3 0x82 wait syz-executor 9344 335641 94590 0 3 0x10008a sigsusp ksh 94590 353442 4996 0 3 0x98 kqread sshd-session 4996 515940 76570 0 3 0x92 kqread sshd-session 76570 31844 1 0 3 0x88 kqread sshd 42486 488709 93047 74 3 0x1100092 bpf pflogd 93047 298520 1 0 3 0x80 sbwait pflogd 11279 448145 33035 73 3 0x1100090 kqread syslogd 33035 326896 1 0 3 0x100082 sbwait syslogd 29562 240786 1 0 3 0x100080 kqread resolvd 89157 461714 72052 77 3 0x100092 kqread dhcpleased 87587 117049 72052 77 3 0x100092 kqread dhcpleased 72052 463194 1 0 3 0x80 kqread dhcpleased 19165 502364 0 0 3 0x14200 bored smr 32367 263452 0 0 2 0x14200 zerothread 74147 137062 0 0 3 0x14200 aiodoned aiodoned 18067 200810 0 0 3 0x14200 syncer update 2209 267627 0 0 3 0x14200 cleaner cleaner 37018 273224 0 0 3 0x14200 reaper reaper 92817 288691 0 0 3 0x14200 pgdaemon pagedaemon 1608 515623 0 0 3 0x14200 bored viomb 87284 7358 0 0 3 0x40014200 acpi0 acpi0 22047 310673 0 0 7 0x40014200 idle1 65478 58917 0 0 3 0x14200 bored softnet3 39737 158616 0 0 3 0x14200 bored softnet2 44222 432369 0 0 3 0x14200 bored softnet1 13694 221464 0 0 3 0x14200 bored softnet0 5576 235643 0 0 3 0x14200 bored systqmp 51812 385778 0 0 3 0x14200 bored systq 73475 522735 0 0 3 0x14200 tmoslp softclockmp 16805 180619 0 0 2 0x40014200 softclock 54522 108252 0 0 3 0x40014200 idle0 1 181798 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 32496 (syz-executor) thread 0xffff8000ffff6a40 (256800) Process 49720 (syz-executor) thread 0xffff800034192040 (234065) Process 76540 (syz-executor) thread 0xffff800034192550 (49604) Process 25928 (syz-executor) thread 0xffff8000ffff6f50 (150131) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10203 10125K 10571K 166960K 15907 0 pcb 17 18K 21K 166960K 933 0 rtable 220 10K 11K 166960K 5944 0 pf 38 18K 26K 166960K 522 0 ifaddr 40 8K 9K 166960K 806 0 ifgroup 51 2K 2K 166960K 772 0 sysctl 3 0K 0K 166960K 11 0 counters 62 36K 36K 166960K 462 0 ioctlops 0 0K 4K 166960K 1846 0 iov 1 4K 28K 166960K 372 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1450 91K 91K 166960K 5652 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 39 0 VM map 2 1K 1K 166960K 2 0 sem 18 48K 49K 166960K 120 0 dirhash 15 2K 3K 166960K 93 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 13 45K 97K 166960K 5114 0 sigio 0 0K 0K 166960K 107 0 proc 72 91K 140K 166960K 4624 0 subproc 104 6K 8K 166960K 2042 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 513 0 in_multi 88 6K 7K 166960K 2514 0 ether_multi 1 0K 0K 166960K 41 0 mrt 1 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 2869 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 225 72K 117K 166960K 40668 0 UVM aobj 68 5K 5K 166960K 88 0 pinsyscall 40 80K 106K 166960K 9803 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 168 0 NDP 11 0K 2K 166960K 633 0 temp 75 6824K 6952K 166960K 152909 0 kqueue 14 22K 32K 166960K 452 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 760 0 756 8 5 3 3 0 8 2 rtentry 112 2245 0 2153 6 3 3 4 0 8 0 unpcb 144 3615 0 3596 29 25 4 6 0 8 2 syncache 336 11 0 11 5 5 0 1 0 8 0 tcpqe 32 2 6 2 2 2 0 1 0 8 0 tcpcb 808 1454 0 1446 39 31 8 8 0 8 7 arp 120 317 0 300 1 0 1 1 0 8 0 inpcb 336 5309 0 5293 81 71 10 15 0 8 8 nd6 136 584 0 561 1 0 1 1 0 8 0 pkpcb 40 45 0 45 9 9 0 1 0 8 0 kcovpl 48 157 0 149 1 0 1 1 0 8 0 ppxss 1168 45 0 45 14 13 1 1 0 8 1 pfstscr 40 5 0 5 5 5 0 1 0 8 0 pffrag 232 89 0 87 3 2 1 1 0 482 0 pffrnode 88 87 0 85 3 2 1 1 0 8 0 pffrent 40 235 0 233 5 4 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 2 0 0 1 0 1 1 0 8 0 pftag 88 5 0 0 1 0 1 1 0 8 0 pfstitem 24 483 0 432 1 0 1 1 0 8 0 pfstkey 128 494 0 442 4 2 2 3 0 8 0 pfstate 376 488 0 438 12 6 6 8 0 8 0 pfrule 1344 48 0 38 2 1 1 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 9961 0 9553 52 23 29 32 0 8 0 art_table 32 9964 0 9553 7 3 4 5 0 8 0 art_node 16 2236 0 2156 1 0 1 1 0 8 0 sysvmsgpl 40 29 0 4 3 2 1 1 0 8 0 semapl 112 107 0 91 1 0 1 1 0 8 0 shmpl 112 85 0 20 2 0 2 2 0 8 0 dirhash 1024 72 0 52 4 1 3 4 0 8 0 dino2pl 256 7045 0 5264 112 0 112 112 0 8 0 ffsino 272 7045 0 5264 120 0 120 120 0 8 0 nchpl 144 11515 0 9617 71 0 71 71 0 8 0 uvmvnodes 80 6131 0 0 126 0 126 126 0 8 0 vnodes 216 6131 0 0 341 0 341 341 0 8 0 namei 1024 56754 0 56753 45 44 1 7 0 8 0 percpumem 16 245 0 200 1 0 1 1 0 8 0 kstatmem 264 422 0 400 2 0 2 2 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 9 0 9 6 6 0 1 0 8 0 scxspl 216 89582 0 89582 14 13 1 8 1 8 1 plimitpl 152 821 0 803 1 0 1 1 0 8 0 sigapl 424 5158 0 5089 11 2 9 9 0 8 0 futexpl 64 48456 0 48454 2 1 1 1 0 8 0 knotepl 120 1100 0 0 22 1 21 21 0 8 0 kqueuepl 216 1106 0 1096 16 15 1 8 0 8 0 pipepl 320 1041 0 1013 16 13 3 8 0 8 0 fdescpl 496 5117 0 5088 10 5 5 6 0 8 0 filepl 152 31878 0 31631 92 73 19 24 0 8 7 lockfpl 104 1399 0 1397 4 3 1 2 0 8 0 lockfspl 48 573 0 571 1 0 1 1 0 8 0 sessionpl 144 169 0 160 1 0 1 1 0 8 0 pgrppl 48 364 0 346 1 0 1 1 0 8 0 ucredpl 104 4985 0 4969 1 0 1 1 0 8 0 zombiepl 144 5563 0 5558 1 0 1 1 0 8 0 processpl 1160 5158 0 5089 7 1 6 6 0 8 0 procpl 648 9810 0 9734 9 1 8 8 0 8 0 srpgc 96 27 0 27 7 6 1 1 0 8 1 sosppl 168 29 0 29 13 13 0 1 0 8 0 sockpl 664 9839 0 9800 132 120 12 23 0 8 8 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 352 0 0 33 0 33 33 0 8 0 mtagpl 96 249 0 0 5 3 2 4 0 8 0 mbufpl 256 1369 0 0 74 0 74 74 0 8 0 bufpl 280 14919 0 8768 442 0 442 442 0 8 0 anonpl 24 710255 0 706733 200 154 46 80 0 185 4 amapchunkpl 152 131402 0 130942 131 106 25 40 0 158 1 amappl16 200 12617 0 12593 102 90 12 15 0 8 6 amappl15 192 17 0 17 3 3 0 1 0 8 0 amappl14 184 453 0 441 1 0 1 1 0 8 0 amappl13 176 13 0 13 2 2 0 1 0 8 0 amappl12 168 7957 0 7928 4 2 2 3 0 8 0 amappl11 160 61 0 47 1 0 1 1 0 8 0 amappl10 152 13 0 13 1 1 0 1 0 8 0 amappl9 144 170 0 170 2 2 0 1 0 8 0 amappl8 136 41 0 38 1 0 1 1 0 8 0 amappl7 128 419 0 406 1 0 1 1 0 8 0 amappl6 120 1624 0 1623 1 0 1 1 0 8 0 amappl5 112 693 0 679 1 0 1 1 0 8 0 amappl4 104 766 0 746 1 0 1 1 0 8 0 amappl3 96 25824 0 25718 4 0 4 4 0 8 0 amappl2 88 2690 0 2620 2 0 2 2 0 8 0 amappl1 80 32661 0 32098 17 3 14 14 0 8 0 amappl 88 38912 0 38749 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma4096 4096 3 0 3 3 3 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 9 0 9 4 4 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 87 0 20 3 1 2 2 0 8 0 uaddrrnd 24 5117 0 5088 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5117 0 5088 1 0 1 1 0 8 0 vmmpekpl 168 41664 0 41586 4 0 4 4 0 8 0 vmmpepl 168 314016 0 312231 176 81 95 99 0 357 7 vmsppl 440 5116 0 5088 7 3 4 5 0 8 0 rwobjpl 56 89510 0 82380 110 5 105 106 0 8 0 pdppl 4096 10241 0 10176 316 243 73 87 0 8 8 pvpl 32 43234 0 0 349 1 348 348 0 265 0 pmappl 248 5116 0 5088 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 911 0 439 14 0 14 14 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd8078784108,ffff80002a1443c8,ffff80002a1443f8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a144398) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a144398) at namei+0x7aa sys/kern/vfs_lookup.c:250 sys_chdir(ffff800034192550,ffff80002a144570,ffff80002a1444c0) at sys_chdir+0x88 change_dir sys/kern/vfs_syscalls.c:839 [inline] sys_chdir(ffff800034192550,ffff80002a144570,ffff80002a1444c0) at sys_chdir+0x88 sys/kern/vfs_syscalls.c:785 syscall(ffff80002a144570) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a144570) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3e8ff3479b0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1219 sched_idle(ffff800029b7bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1219 sched_idle(ffff800029b7bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: -5