uvm_fault(0xffffffff83aad520, 0xffff80001dc42004, 0, 1) -> d kernel: page fault trap, code=0 Stopped at ufs_lookup+0x623: movzwl 0x4(%r15,%r14,1),%ebx TID PID UID PRFLAGS PFLAGS CPU COMMAND 264710 52147 0 0 0 1 syz-executor *317976 52147 0 0 0x4000000 0K syz-executor ufs_lookup() at ufs_lookup+0x623 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd80603e2708,ffff80002a228e18,ffff80002a228e48) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a228de8) at vfs_lookup+0x963 sys/kern/vfs_lookup.c:580 namei(ffff80002a228de8) at namei+0x7c5 sys/kern/vfs_lookup.c:250 domknodat(ffff80002a222010,ffffff9c,200000000000,2000,285b9a) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1617 syscall(ffff80002a228fe0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a228fe0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa597c375cd0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff83aad520, 0xffff80001dc42004, 0, 1) -> d ddb{0}> trace ufs_lookup() at ufs_lookup+0x623 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd80603e2708,ffff80002a228e18,ffff80002a228e48) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a228de8) at vfs_lookup+0x963 sys/kern/vfs_lookup.c:580 namei(ffff80002a228de8) at namei+0x7c5 sys/kern/vfs_lookup.c:250 domknodat(ffff80002a222010,ffffff9c,200000000000,2000,285b9a) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1617 syscall(ffff80002a228fe0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a228fe0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa597c375cd0, count: -7 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a228b80 rbx 0 rdx 0xffff8000015d5b00 rcx 0xffff80002a222010 rax 0xffffffff83984ff0 cpu_info_full_primary+0x1ff0 r8 0xffffffffffffffff r9 0xfffffd80097fd138 r10 0xa97d9865b200433d r11 0xbf43d1c5f2833b89 r12 0xfffffd805fdab598 r13 0 r14 0 r15 0xffff80001dc42000 rip 0xffffffff814be483 ufs_lookup+0x623 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a228a90 ss 0x10 ufs_lookup+0x623: movzwl 0x4(%r15,%r14,1),%ebx ddb{0}> show proc PROC (syz-executor) tid=317976 pid=52147 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffffd4c8,0xffff80002a2234e0 process=0xffff80003c435368 user=0xffff80002a224000, vmspace=0xfffffd806c5ed7c0 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 22296 305973 99851 0 2 0 syz-executor 22296 187538 99851 0 3 0x4000080 fsleep syz-executor 33436 49454 26624 0 2 0 syz-executor 33436 4725 26624 0 3 0x4000080 ttyin syz-executor 52147 264710 51121 0 7 0 syz-executor *52147 317976 51121 0 7 0x4000000 syz-executor 54529 441273 45994 0 2 0 syz-executor 54529 72117 45994 0 2 0x4000000 syz-executor 54529 166859 45994 0 3 0x4000080 sbwait syz-executor 30942 468988 85619 0 2 0 syz-executor 30942 442926 85619 0 3 0x4000080 fsleep syz-executor 1824 136667 50511 0 2 0 syz-executor 1824 41432 50511 0 3 0x4000080 fsleep syz-executor 79952 176875 1 0 3 0x100083 ttyin getty 8104 364036 0 0 3 0x14280 nfsidl nfsio 4865 178508 0 0 3 0x14280 nfsidl nfsio 35478 177595 0 0 3 0x14280 nfsidl nfsio 54218 172206 0 0 3 0x14280 nfsidl nfsio 55296 211449 0 0 3 0x14280 nfsidl nfsio 56304 66512 0 0 3 0x14280 nfsidl nfsio 50287 359840 0 0 3 0x14280 nfsidl nfsio 51048 60287 0 0 3 0x14280 nfsidl nfsio 48010 27121 0 0 3 0x14280 nfsidl nfsio 50788 66462 0 0 3 0x14280 nfsidl nfsio 18156 81783 0 0 3 0x14280 nfsidl nfsio 2532 106819 0 0 3 0x14280 nfsidl nfsio 39852 276523 0 0 3 0x14280 nfsidl nfsio 7219 90364 0 0 3 0x14280 nfsidl nfsio 21684 390209 0 0 3 0x14280 nfsidl nfsio 18606 201814 0 0 3 0x14280 nfsidl nfsio 41777 20440 0 0 3 0x14280 nfsidl nfsio 89658 421098 0 0 3 0x14280 nfsidl nfsio 8707 487039 0 0 3 0x14280 nfsidl nfsio 65590 249646 0 0 3 0x14280 nfsidl nfsio 631 319175 91062 0 3 0x100082 sbwait arp 91062 347972 4379 0 3 0x10008a sigsusp sh 50511 500417 94140 0 2 0xc82 syz-executor 85619 513196 94140 0 3 0x82 nanoslp syz-executor 99851 9542 94140 0 3 0x82 nanoslp syz-executor 26624 119723 94140 0 3 0x82 nanoslp syz-executor 45994 190770 94140 0 2 0xc82 syz-executor 4379 258486 94140 0 3 0x82 wait syz-executor 51121 84312 94140 0 2 0xc82 syz-executor 94140 333553 1 0 3 0x82 wait syz-executor 90796 316298 0 0 2 0x40014200 smr 14442 228521 0 0 2 0x14200 zerothread 20173 343211 0 0 3 0x14200 aiodoned aiodoned 25578 77638 0 0 3 0x14200 syncer update 3836 112319 0 0 3 0x14200 cleaner cleaner 99663 79264 0 0 3 0x14200 reaper reaper 84801 247812 0 0 3 0x14200 pgdaemon pagedaemon 63498 246740 0 0 3 0x14200 bored viomb 25643 404066 0 0 3 0x40014200 acpi0 acpi0 54844 259794 0 0 3 0x40014200 idle1 99957 360348 0 0 3 0x14200 bored softnet1 71354 488296 0 0 3 0x14200 bored softnet0 17103 328323 0 0 3 0x14200 smrbar systqmp 30886 76735 0 0 3 0x14200 bored systq 94167 411175 0 0 3 0x14200 tmoslp softclockmp 45616 298997 0 0 3 0x40014200 tmoslp softclock 66438 457088 0 0 3 0x40014200 idle0 1 380502 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 33436 (syz-executor) thread 0xffff8000fffeea78 (4725) exclusive rrwlock inode r = 0 (0xfffffd806cf78568) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576 #5 spec_open+0x2f2 sys/kern/spec_vnops.c:151 #6 VOP_OPEN+0x8b sys/kern/vfs_vops.c:138 #7 vn_open+0x7a5 sys/kern/vfs_vnops.c:183 #8 vndioctl+0xc43 sys/dev/vnd.c:458 #9 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264 #10 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:537 #11 sys_ioctl+0x674 sys/kern/sys_generic.c:-1 #12 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #12 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #13 Xsyscall+0x128 Process 52147 (syz-executor) thread 0xffff80002a222010 (317976) exclusive rrwlock inode r = 0 (0xfffffd806e5ca360) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576 #5 vfs_lookup+0x12b sys/kern/vfs_lookup.c:431 #6 namei+0x7c5 sys/kern/vfs_lookup.c:250 #7 domknodat+0xb4 sys/kern/vfs_syscalls.c:1617 #8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a9f740) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] #1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783 #2 Xsyscall+0x128 Process 17103 (systqmp) thread 0xffff8000ffffecf8 (328323) shared rwlock systqmp r = 0 (0xffffffff8394e988) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 taskq_thread+0x12a sys/kern/kern_task.c:442 #2 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11056 12085K 12344K 166960K 12685 0 pcb 17 12K 12K 166960K 120 0 rtable 244 11K 11K 166960K 458 0 pf 38 18K 25K 166960K 153 0 ifaddr 39 6K 7K 166960K 64 0 ifgroup 51 2K 3K 166960K 100 0 sysctl 4 1K 9K 166960K 13 0 counters 68 36K 37K 166960K 104 0 ioctlops 0 0K 4K 166960K 1710 0 iov 0 0K 16K 166960K 33 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1327 83K 84K 166960K 1873 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 13 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 32 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 65K 89K 166960K 692 0 sigio 0 0K 0K 166960K 11 0 proc 21 33K 180K 166960K 627 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 47 0 in_multi 78 5K 6K 166960K 100 0 ether_multi 1 0K 0K 166960K 2 0 mrt 2 0K 0K 166960K 25 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 472 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 131 86K 188K 166960K 8029 0 UVM aobj 22 2K 2K 166960K 23 0 pinsyscall 21 42K 107K 166960K 1891 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 27 0 NDP 11 0K 1K 166960K 38 0 temp 77 9124K 9224K 166960K 25496 0 kqueue 1 2K 32K 166960K 130 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 104 0 102 2 1 1 2 0 8 0 rtentry 176 137 0 36 5 0 5 5 0 8 0 unpcb 144 417 0 415 7 4 3 6 0 8 2 syncache 336 6 0 6 2 1 1 1 0 8 1 tcpcb 736 300 0 298 8 7 1 7 0 8 0 arp 136 26 0 8 1 0 1 1 0 8 0 inpcb 328 696 0 690 8 6 2 7 0 8 1 nd6 152 26 0 5 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 1 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1192 10 0 10 1 0 1 1 0 8 1 pppxif 1576 2 0 2 2 2 0 1 0 8 0 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 4 0 1 1 0 1 1 0 482 0 pffrnode 88 4 0 1 1 0 1 1 0 8 0 pffrent 40 6 0 3 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 5 0 1 1 0 1 1 0 8 0 pfstlim 224 1 0 1 1 1 0 1 0 8 0 pfanchor 1288 13 0 0 2 0 2 2 0 8 0 pftag 88 3 0 0 1 0 1 1 0 8 0 pfstitem 24 58 0 15 1 0 1 1 0 8 0 pfstkey 128 60 0 17 2 0 2 2 0 8 0 pfstate 448 59 0 16 6 0 6 6 0 8 0 pfrule 1360 36 0 26 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 525 0 102 29 2 27 27 0 8 0 art_table 40 526 0 102 5 0 5 5 0 8 0 art_node 32 136 0 42 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 1 1 1 0 1 0 8 0 semapl 64 29 0 19 1 0 1 1 0 8 0 shmpl 112 20 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2600 0 1136 93 0 93 93 0 8 0 ffsino 296 2600 0 1136 114 0 114 114 0 8 0 nchpl 144 3620 0 1918 64 0 64 64 0 8 0 rtmask 32 3 0 3 2 1 1 1 0 8 1 vnodes 216 2995 0 0 167 0 167 167 0 8 0 namei 1024 12051 0 12050 2 0 2 2 0 8 1 percpumem 16 67 0 18 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 51 0 26 3 1 2 3 0 8 0 scsiplug 72 2 0 2 1 0 1 1 0 8 1 scxspl 216 16080 0 16080 10 9 1 8 1 8 1 plimitpl 152 302 0 292 1 0 1 1 0 8 0 sigapl 424 1043 0 987 9 1 8 8 0 8 0 knotepl 120 533 0 0 17 0 17 17 0 8 0 kqueuepl 224 164 0 163 2 1 1 2 0 8 0 pipepl 344 171 0 144 3 0 3 3 0 8 0 fdescpl 528 1007 0 987 3 0 3 3 0 8 0 filepl 160 5580 0 5416 16 3 13 16 0 8 4 lockfpl 104 189 0 188 1 0 1 1 0 8 0 lockfspl 48 81 0 80 1 0 1 1 0 8 0 sessionpl 144 142 0 139 1 0 1 1 0 8 0 pgrppl 48 157 0 146 1 0 1 1 0 8 0 ucredpl 104 888 0 884 1 0 1 1 0 8 0 zombiepl 144 988 0 987 1 0 1 1 0 8 0 processpl 1232 1043 0 987 6 0 6 6 0 8 0 procpl 664 1962 0 1899 8 0 8 8 0 8 1 sockpl 752 1238 0 1228 18 12 6 17 0 8 5 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 119 0 0 15 0 15 15 0 8 0 mcl2k 2048 45 0 0 6 0 6 6 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 397 0 0 25 0 25 25 0 8 0 bufpl 280 6689 0 558 439 0 439 439 0 8 0 anonpl 32 8647 0 0 70 0 70 70 0 246 0 amapchunkpl 152 26634 0 26307 28 3 25 27 0 158 9 amappl16 200 2312 0 2290 19 7 12 15 0 8 8 amappl15 192 53 0 53 1 1 0 1 0 8 0 amappl14 184 435 0 434 1 0 1 1 0 8 0 amappl13 176 133 0 131 1 0 1 1 0 8 0 amappl12 168 1263 0 1244 2 0 2 2 0 8 0 amappl11 160 5 0 5 1 1 0 1 0 8 0 amappl10 152 64 0 63 1 0 1 1 0 8 0 amappl9 144 295 0 295 1 1 0 1 0 8 0 amappl8 136 101 0 101 1 0 1 1 0 8 1 amappl7 128 175 0 172 1 0 1 1 0 8 0 amappl6 120 170 0 169 1 0 1 1 0 8 0 amappl5 112 100 0 99 1 0 1 1 0 8 0 amappl4 104 322 0 318 1 0 1 1 0 8 0 amappl3 96 5287 0 5209 4 0 4 4 0 8 0 amappl2 88 587 0 575 2 0 2 2 0 8 0 amappl1 80 13544 0 13398 17 2 15 17 0 8 3 amappl 88 7112 0 7002 5 0 5 5 0 92 1 uvmvnodes 80 121 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 21 0 20 1 0 1 1 0 8 0 aobjpl 72 22 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1007 0 987 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1007 0 987 1 0 1 1 0 8 0 vmmpekpl 168 10111 0 10072 2 0 2 2 0 8 0 vmmpepl 168 71644 0 70773 103 4 99 99 0 357 47 vmsppl 488 1006 0 987 5 0 5 5 0 8 0 rwobjpl 80 21477 0 20986 29 1 28 28 0 8 2 pdppl 4096 2021 0 1974 105 56 49 85 0 8 2 pvpl 32 16938 0 0 137 0 137 137 0 265 0 pmappl 256 1006 0 987 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 307 0 70 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace ufs_lookup() at ufs_lookup+0x623 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd80603e2708,ffff80002a228e18,ffff80002a228e48) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a228de8) at vfs_lookup+0x963 sys/kern/vfs_lookup.c:580 namei(ffff80002a228de8) at namei+0x7c5 sys/kern/vfs_lookup.c:250 domknodat(ffff80002a222010,ffffff9c,200000000000,2000,285b9a) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1617 syscall(ffff80002a228fe0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a228fe0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa597c375cd0, count: -7 ddb{0}>