uvm_fault(0xffffffff838fce98, 0xffff8000293e2050, 0, 1) -> d kernel: page fault trap, code=0 Stopped at ffs2_balloc+0xa0d: movq 0(%rcx,%rax,8),%r14 TID PID UID PRFLAGS PFLAGS CPU COMMAND 284438 86244 0 0 0 1 syz-executor *515781 3410 0 0 0x4000000 0K syz-executor ffs2_balloc(fffffd806f6fc018,58000,4000,fffffd80097fb8f0,2,ffff80003c49d978) at ffs2_balloc+0xa0d sys/ufs/ffs/ffs_balloc.c:614 ffs_write(ffff80003c49da00) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345 VOP_WRITE(fffffd806a3d9c18,ffff80003c49dbb8,7,fffffd80097fb8f0) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245 vn_write(fffffd8078a1a930,ffff80003c49dbb8,0) at vn_write+0x1d3 sys/kern/vfs_vnops.c:408 dofilewritev(ffff800037c09248,6,ffff80003c49dbb8,0,ffff80003c49dc70) at dofilewritev+0x242 sys/kern/sys_generic.c:380 sys_write(ffff800037c09248,ffff80003c49dd20,ffff80003c49dc70) at sys_write+0xa2 sys/kern/sys_generic.c:300 syscall(ffff80003c49dd20) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c49dd20) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc69b975d8e0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff838fce98, 0xffff8000293e2050, 0, 1) -> d ddb{0}> trace ffs2_balloc(fffffd806f6fc018,58000,4000,fffffd80097fb8f0,2,ffff80003c49d978) at ffs2_balloc+0xa0d sys/ufs/ffs/ffs_balloc.c:614 ffs_write(ffff80003c49da00) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345 VOP_WRITE(fffffd806a3d9c18,ffff80003c49dbb8,7,fffffd80097fb8f0) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245 vn_write(fffffd8078a1a930,ffff80003c49dbb8,0) at vn_write+0x1d3 sys/kern/vfs_vnops.c:408 dofilewritev(ffff800037c09248,6,ffff80003c49dbb8,0,ffff80003c49dc70) at dofilewritev+0x242 sys/kern/sys_generic.c:380 sys_write(ffff800037c09248,ffff80003c49dd20,ffff80003c49dc70) at sys_write+0xa2 sys/kern/sys_generic.c:300 syscall(ffff80003c49dd20) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c49dd20) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc69b975d8e0, count: -8 ddb{0}> show registers rdi 0 rsi 0x2 rbp 0xffff80003c49d920 rbx 0 rdx 0xffff80000147fb40 rcx 0xffff8000293e2000 rax 0xa r8 0xffffffffffffffff r9 0xffff80003c49d978 r10 0x4464781672b58d2a r11 0xa9cd77d9d5cc9b04 r12 0x1 r13 0xffff800000b2d800 r14 0xffff80003c49d7b0 r15 0xfffffd80682ec348 rip 0xffffffff81e6aa2d ffs2_balloc+0xa0d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c49d7a0 ss 0x10 ffs2_balloc+0xa0d: movq 0(%rcx,%rax,8),%r14 ddb{0}> show proc PROC (syz-executor) tid=515781 pid=3410 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=17, usrpri=79, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800037c08020,0xffff800037c08fc0 process=0xffff80003c426b70 user=0xffff80003c498000, vmspace=0xfffffd807e2105d8 estcpu=29, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 28097 514633 1088 0 2 0 syz-executor 86244 284438 19924 0 7 0 syz-executor 86244 394785 19924 0 3 0x4000080 fsleep syz-executor 86244 446373 19924 0 2 0x4000000 syz-executor 39010 24907 56368 0 2 0 syz-executor 39010 459204 56368 0 3 0x4000080 fsleep syz-executor 3410 403041 77946 0 2 0 syz-executor * 3410 515781 77946 0 7 0x4000000 syz-executor 71097 327313 63023 0 2 0 syz-executor 71097 486600 63023 0 2 0x4000000 syz-executor 47655 105895 3991 0 2 0 syz-executor 47655 371615 3991 0 3 0x4000080 sbwait syz-executor 47655 449155 3991 0 3 0x4000080 fsleep syz-executor 13338 398770 93501 60929 2 0x10 syz-executor 13338 345838 93501 60929 3 0x4000090 pipewr syz-executor 13338 137193 93501 60929 3 0x4000090 fsleep syz-executor 92737 116682 20926 0 2 0xc80 syz-executor 92737 36644 20926 0 3 0x4000080 kqsel syz-executor 92737 454307 20926 0 3 0x4000080 fsleep syz-executor 92737 231125 20926 0 3 0x4000080 fsleep syz-executor 92737 156849 20926 0 3 0x4000080 fsleep syz-executor 77946 295071 74868 0 2 0xc82 syz-executor 26914 351576 0 0 3 0x14200 bored sosplice 93501 392911 74868 0 2 0xc82 syz-executor 20926 462416 74868 0 2 0xc82 syz-executor 3991 240145 74868 0 2 0xc82 syz-executor 1088 452691 74868 0 2 0xc82 syz-executor 56368 329882 74868 0 2 0xc82 syz-executor 63023 440256 74868 0 2 0xc82 syz-executor 19924 479486 74868 0 2 0x2 syz-executor 74868 72944 59714 0 3 0x82 kqread syz-executor 59714 477462 15020 0 3 0x10008a sigsusp ksh 15020 50926 30809 0 3 0x98 kqread sshd-session 30809 304138 52735 0 3 0x92 kqread sshd-session 97397 165933 1 0 3 0x100083 ttyin getty 52735 97824 1 0 3 0x88 kqread sshd 26697 156977 76477 74 3 0x1100092 bpf pflogd 76477 86956 1 0 3 0x80 sbwait pflogd 44106 148057 35752 73 3 0x1100090 kqread syslogd 35752 124072 1 0 3 0x100082 sbwait syslogd 62460 263987 1 0 3 0x100080 kqread resolvd 18637 315345 13221 77 3 0x100092 kqread dhcpleased 72033 109376 13221 77 3 0x100092 kqread dhcpleased 13221 443457 1 0 3 0x80 kqread dhcpleased 90272 281935 0 0 3 0x14200 bored smr 47234 419895 0 0 2 0x14200 zerothread 40292 245713 0 0 3 0x14200 aiodoned aiodoned 21747 482917 0 0 3 0x14200 syncer update 66787 208370 0 0 3 0x14200 cleaner cleaner 67198 522805 0 0 3 0x14200 reaper reaper 61580 332264 0 0 3 0x14200 pgdaemon pagedaemon 56925 207769 0 0 3 0x14200 bored viomb 64933 482015 0 0 3 0x40014200 acpi0 acpi0 70448 375591 0 0 3 0x40014200 idle1 20214 488719 0 0 3 0x14200 bored softnet1 70701 95702 0 0 3 0x14200 bored softnet0 49323 273394 0 0 3 0x14200 bored systqmp 99851 419090 0 0 3 0x14200 bored systq 56732 235548 0 0 3 0x14200 tmoslp softclockmp 71505 324039 0 0 3 0x40014200 tmoslp softclock 8680 29497 0 0 3 0x40014200 idle0 1 438849 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 3410 (syz-executor) thread 0xffff800037c09248 (515781) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10232 11230K 11355K 166960K 11624 0 pcb 17 12K 12K 166960K 54 0 rtable 185 6K 7K 166960K 317 0 pf 40 18K 19K 166960K 84 0 ifaddr 42 7K 7K 166960K 66 0 ifgroup 60 2K 2K 166960K 99 0 sysctl 1 1K 9K 166960K 6 0 counters 74 37K 37K 166960K 104 0 ioctlops 0 0K 4K 166960K 1529 0 iov 0 0K 16K 166960K 22 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1350 85K 85K 166960K 1589 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 9 0 VM map 2 1K 1K 166960K 2 0 sem 6 0K 0K 166960K 8 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 93K 166960K 415 0 sigio 0 0K 0K 166960K 6 0 proc 72 115K 164K 166960K 587 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 40 0 in_multi 86 6K 7K 166960K 125 0 ether_multi 1 0K 0K 166960K 3 0 mrt 0 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 431 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 246 168K 176K 166960K 5446 0 UVM aobj 13 2K 2K 166960K 13 0 pinsyscall 43 86K 105K 166960K 1519 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 12 0 NDP 13 0K 2K 166960K 43 0 temp 45 8643K 8717K 166960K 14024 0 kqueue 15 24K 31K 166960K 74 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 49 0 45 1 0 1 1 0 8 0 rtentry 176 114 0 35 5 0 5 5 0 8 0 unpcb 144 173 0 151 2 1 1 2 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 69 0 65 1 0 1 1 0 8 0 arp 136 13 0 3 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 3 0 3 1 1 0 1 0 8 0 inpcb 328 274 0 265 4 2 2 4 0 8 1 nd6 144 19 0 4 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1192 11 0 9 2 1 1 1 0 8 0 pppxif 1504 3 0 1 2 1 1 1 0 8 0 pfstscr 40 4 0 4 1 1 0 1 0 8 0 pffrag 232 3 0 1 1 0 1 1 0 482 0 pffrnode 88 3 0 1 1 0 1 1 0 8 0 pffrent 40 6 0 4 1 0 1 1 0 8 0 pfosfp 40 1430 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1430 0 714 21 0 21 21 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 34 0 0 1 0 1 1 0 8 0 pfstkey 128 39 0 5 2 0 2 2 0 8 0 pfstate 384 37 0 3 4 0 4 4 0 8 0 pfrule 1344 22 0 17 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 506 0 134 28 3 25 28 0 8 0 art_table 40 507 0 134 5 0 5 5 0 8 0 art_node 32 114 0 46 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 1 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 5 0 1 1 0 1 1 0 8 0 shmpl 112 10 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2064 0 552 95 0 95 95 0 8 0 ffsino 296 2064 0 552 117 0 117 117 0 8 0 nchpl 144 2617 0 922 64 0 64 64 0 8 0 rtmask 32 1 0 1 1 1 0 1 0 8 0 uvmvnodes 80 2288 0 0 47 0 47 47 0 8 0 vnodes 216 2288 0 0 128 0 128 128 0 8 0 namei 1024 8410 0 8410 3 2 1 2 0 8 1 percpumem 16 67 0 15 1 0 1 1 0 8 0 kstatmem 264 52 0 24 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 17626 0 17626 9 8 1 8 1 8 1 plimitpl 152 195 0 177 1 0 1 1 0 8 0 sigapl 424 710 0 661 7 1 6 7 0 8 0 knotepl 120 699 0 0 22 0 22 22 0 8 0 kqueuepl 224 143 0 130 3 2 1 3 0 8 0 pipepl 344 188 0 159 9 6 3 9 0 8 0 fdescpl 528 693 0 661 3 0 3 3 0 8 0 filepl 160 3290 0 3052 15 4 11 15 0 8 0 lockfpl 104 110 0 107 1 0 1 1 0 8 0 lockfspl 48 52 0 49 1 0 1 1 0 8 0 sessionpl 144 23 0 14 1 0 1 1 0 8 0 pgrppl 48 36 0 19 1 0 1 1 0 8 0 ucredpl 104 427 0 413 1 0 1 1 0 8 0 zombiepl 144 661 0 661 2 1 1 1 0 8 1 processpl 1232 710 0 661 5 0 5 5 0 8 0 procpl 664 1220 0 1158 7 1 6 7 0 8 0 sosppl 168 2 0 2 1 1 0 1 0 8 0 sockpl 752 511 0 476 8 3 5 7 0 8 0 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 111 0 0 14 0 14 14 0 8 0 mcl2k 2048 21 0 0 3 0 3 3 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 153 0 0 10 0 10 10 0 8 0 bufpl 280 7730 0 1587 439 0 439 439 0 8 0 anonpl 32 12097 0 0 98 0 98 98 0 246 0 amapchunkpl 152 17121 0 16627 31 9 22 27 0 158 0 amappl16 200 3931 0 3895 30 24 6 28 0 8 0 amappl15 192 12 0 12 1 1 0 1 0 8 0 amappl14 184 143 0 131 1 0 1 1 0 8 0 amappl13 176 15 0 15 2 2 0 1 0 8 0 amappl12 168 1381 0 1350 3 1 2 2 0 8 0 amappl11 160 53 0 38 1 0 1 1 0 8 0 amappl10 152 20 0 20 2 2 0 1 0 8 0 amappl9 144 274 0 274 1 1 0 1 0 8 0 amappl8 136 19 0 17 1 0 1 1 0 8 0 amappl7 128 111 0 98 1 0 1 1 0 8 0 amappl6 120 186 0 183 1 0 1 1 0 8 0 amappl5 112 133 0 124 1 0 1 1 0 8 0 amappl4 104 304 0 285 1 0 1 1 0 8 0 amappl3 96 2899 0 2802 4 1 3 3 0 8 0 amappl2 88 919 0 842 2 0 2 2 0 8 0 amappl1 80 9390 0 8782 15 2 13 15 0 8 0 amappl 88 4718 0 4549 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 12 0 0 1 0 1 1 0 8 0 uaddrrnd 24 693 0 661 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 693 0 661 1 0 1 1 0 8 0 vmmpekpl 168 7376 0 7337 3 0 3 3 0 8 0 vmmpepl 168 51412 0 49381 111 16 95 111 0 357 0 vmsppl 488 692 0 661 5 0 5 5 0 8 0 rwobjpl 80 19790 0 16554 69 0 69 69 0 8 0 pdppl 4096 1394 0 1322 100 28 72 86 0 8 0 pvpl 32 21112 0 0 171 0 171 171 0 265 0 pmappl 256 692 0 661 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 267 0 36 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace ffs2_balloc(fffffd806f6fc018,58000,4000,fffffd80097fb8f0,2,ffff80003c49d978) at ffs2_balloc+0xa0d sys/ufs/ffs/ffs_balloc.c:614 ffs_write(ffff80003c49da00) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345 VOP_WRITE(fffffd806a3d9c18,ffff80003c49dbb8,7,fffffd80097fb8f0) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245 vn_write(fffffd8078a1a930,ffff80003c49dbb8,0) at vn_write+0x1d3 sys/kern/vfs_vnops.c:408 dofilewritev(ffff800037c09248,6,ffff80003c49dbb8,0,ffff80003c49dc70) at dofilewritev+0x242 sys/kern/sys_generic.c:380 sys_write(ffff800037c09248,ffff80003c49dd20,ffff80003c49dc70) at sys_write+0xa2 sys/kern/sys_generic.c:300 syscall(ffff80003c49dd20) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c49dd20) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc69b975d8e0, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x71f81d9c6560, count: 12 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x71f81d9c6560, count: -3