uvm_fault(0xffffffff839367d8, 0xffff800029432004, 0, 1) -> d kernel: page fault trap, code=0 Stopped at ufs_lookup+0x5e1: movzwl 0x4(%r15,%rbx,1),%r14d TID PID UID PRFLAGS PFLAGS CPU COMMAND *255865 12894 0 0 0x4000000 1 syz-executor 437425 75088 0 0x14000 0x200 0 softnet0 ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd805dd2fbd8,ffff80002a488ed0,ffff80002a488f00) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a488ea0) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a488ea0) at namei+0x7aa sys/kern/vfs_lookup.c:250 domknodat(ffff80002eca2d00,ffffff9c,200000000000,2000,6381) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1590 syscall(ffff80002a4890a0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a4890a0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6186498be40, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xffffffff839367d8, 0xffff800029432004, 0, 1) -> d ddb{1}> trace ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd805dd2fbd8,ffff80002a488ed0,ffff80002a488f00) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a488ea0) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a488ea0) at namei+0x7aa sys/kern/vfs_lookup.c:250 domknodat(ffff80002eca2d00,ffffff9c,200000000000,2000,6381) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1590 syscall(ffff80002a4890a0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a4890a0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6186498be40, count: -7 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a488c40 rbx 0 rdx 0 rcx 0xffffffff rax 0xfffffd806b825030 r8 0xffffffffffffffff r9 0xfffffd807f7d28f0 r10 0x4233730bb2cc3f63 r11 0xd552ed5549e225fd r12 0 r13 0xfffffd800b648580 r14 0 r15 0xffff800029432000 rip 0xffffffff82579681 ufs_lookup+0x5e1 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80002a488b30 ss 0x10 ufs_lookup+0x5e1: movzwl 0x4(%r15,%rbx,1),%r14d ddb{1}> show proc PROC (syz-executor) tid=255865 pid=12894 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002eca2a70,0xffff80002eca2040 process=0xffff8000344b32a8 user=0xffff80002a484000, vmspace=0xfffffd806be841e0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 95931 161895 86225 0 2 0 syz-executor 95931 394401 86225 0 3 0x4000080 fsleep syz-executor 12894 391718 18145 0 2 0 syz-executor *12894 255865 18145 0 7 0x4000000 syz-executor 12894 157376 18145 0 3 0x4000080 fsleep syz-executor 4605 268862 69108 0 2 0 syz-executor 4605 346538 69108 0 3 0x4000080 fsleep syz-executor 4605 465229 69108 0 2 0x4000000 syz-executor 82663 54721 45074 0 3 0x80 nanoslp syz-executor 82663 399167 45074 0 3 0x4000080 kqsel syz-executor 82663 150438 45074 0 3 0x4000080 fsleep syz-executor 95665 503100 72406 0 3 0x80 nanoslp syz-executor 95665 101422 72406 0 3 0x4000080 sbwait syz-executor 95665 506275 72406 0 3 0x4000080 fsleep syz-executor 47383 63972 70410 0 3 0x80 nanoslp syz-executor 47383 255428 70410 0 3 0x4000080 pipewr syz-executor 47383 516275 70410 0 3 0x4000080 fsleep syz-executor 45074 365447 59027 0 3 0x82 nanoslp syz-executor 11065 297258 1 0 3 0x100083 ttyin getty 72406 251538 59027 0 3 0x82 nanoslp syz-executor 18145 519311 59027 0 3 0x82 nanoslp syz-executor 70410 96802 59027 0 3 0x82 nanoslp syz-executor 8502 339079 59027 0 2 0x2 syz-executor 69108 500615 59027 0 3 0x82 nanoslp syz-executor 87485 30199 0 0 3 0x14200 bored sosplice 52485 264451 8194 0 3 0x100082 sbwait arp 8194 358117 1 0 3 0x10008a sigsusp sh 86225 404463 59027 0 3 0x82 nanoslp syz-executor 59027 479831 60893 0 3 0x82 wait syz-executor 60893 69874 32320 0 3 0x10008a sigsusp ksh 32320 4534 57541 0 3 0x98 kqread sshd-session 57541 274935 58848 0 3 0x92 kqread sshd-session 58848 345277 1 0 3 0x88 kqread sshd 78426 474270 1780 74 3 0x1100092 bpf pflogd 1780 91625 1 0 3 0x80 sbwait pflogd 51002 192248 31582 73 3 0x1100090 kqread syslogd 31582 285627 1 0 3 0x100082 sbwait syslogd 3195 30219 1 0 3 0x100080 kqread resolvd 97546 323276 47002 77 3 0x100092 kqread dhcpleased 21851 430767 47002 77 3 0x100092 kqread dhcpleased 47002 20533 1 0 3 0x80 kqread dhcpleased 28774 173076 0 0 3 0x14200 bored smr 28078 104344 0 0 2 0x14200 zerothread 30219 321590 0 0 3 0x14200 aiodoned aiodoned 97690 6224 0 0 3 0x14200 syncer update 10616 228852 0 0 3 0x14200 cleaner cleaner 93019 187489 0 0 3 0x14200 reaper reaper 74954 18641 0 0 3 0x14200 pgdaemon pagedaemon 57845 198583 0 0 3 0x14200 bored viomb 95983 386858 0 0 3 0x40014200 acpi0 acpi0 59141 404978 0 0 3 0x40014200 idle1 14213 129746 0 0 3 0x14200 bored softnet3 83815 120649 0 0 3 0x14200 bored softnet2 91346 155214 0 0 3 0x14200 bored softnet1 75088 437425 0 0 7 0x14200 softnet0 54617 436383 0 0 3 0x14200 bored systqmp 83736 161172 0 0 3 0x14200 bored systq 77263 446800 0 0 3 0x14200 tmoslp softclockmp 79781 114837 0 0 3 0x40014200 tmoslp softclock 12129 97309 0 0 3 0x40014200 idle0 1 151410 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 12894 (syz-executor) thread 0xffff80002eca2d00 (255865) Process 8502 (syz-executor) thread 0xffff8000ffffacf0 (339079) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10209 11056K 12360K 166960K 14891 0 pcb 20 14K 16K 166960K 873 0 rtable 216 12K 13K 166960K 1101 0 pf 41 19K 23K 166960K 533 0 ifaddr 35 6K 8K 166960K 226 0 ifgroup 58 2K 3K 166960K 435 0 sysctl 4 1K 2K 166960K 12 0 counters 64 36K 37K 166960K 396 0 ioctlops 0 0K 4K 166960K 2123 0 iov 0 0K 20K 166960K 313 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1584 99K 100K 166960K 4428 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 70 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 320 0 dirhash 12 2K 2K 166960K 72 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 19 69K 110K 166960K 3867 0 sigio 2 0K 0K 166960K 326 0 proc 74 91K 127K 166960K 1299 0 subproc 81 5K 5K 166960K 208 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 978 0 in_multi 62 4K 6K 166960K 372 0 ether_multi 1 0K 0K 166960K 59 0 mrt 1 0K 0K 166960K 40 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 109 493K 493K 166960K 109 0 exec 0 0K 1K 166960K 1214 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 9 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 267 182K 186K 166960K 35508 0 UVM aobj 63 3K 3K 166960K 68 0 pinsyscall 45 90K 102K 166960K 5326 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 178 0 NDP 12 0K 1K 166960K 159 0 temp 80 8692K 8938K 166960K 130072 0 kqueue 14 22K 32K 166960K 663 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 421 0 417 4 3 1 3 0 8 0 rtentry 168 335 0 251 5 0 5 5 0 8 0 unpcb 144 3790 0 3771 30 24 6 8 0 8 5 syncache 336 14 0 14 5 5 0 1 0 8 0 tcpqe 32 3 0 3 2 2 0 1 0 8 0 tcpcb 808 1490 0 1485 32 30 2 8 0 8 1 arp 120 61 0 36 1 0 1 1 0 8 0 inpcb 376 4675 0 4662 34 28 6 12 0 8 4 nd6 136 68 0 51 1 0 1 1 0 8 0 pkpcb 40 35 0 35 7 6 1 1 0 8 1 kcovpl 48 23 0 14 1 0 1 1 0 8 0 mppekey 1024 4 0 4 3 2 1 1 0 8 1 ppxss 1168 106 0 106 4 3 1 1 0 8 1 pppxif 1480 29 0 29 7 6 1 1 0 8 1 pfstscr 40 9 0 8 1 0 1 1 0 8 0 pffrag 232 53 0 44 1 0 1 1 0 482 0 pffrnode 88 18 0 10 1 0 1 1 0 8 0 pffrent 40 101 0 92 1 0 1 1 0 8 0 pfosfp 40 1432 0 1008 5 0 5 5 0 8 0 pfosfpen 112 1432 0 715 21 0 21 21 0 8 0 pfrktable 1344 6 0 3 1 0 1 1 0 8 0 pfanchor 1288 73 0 67 1 0 1 1 0 8 0 pftag 88 4 0 1 1 0 1 1 0 8 0 pfstitem 24 212 0 107 1 0 1 1 0 8 0 pfstkey 128 224 0 117 4 0 4 4 0 8 0 pfstate 376 216 0 112 11 0 11 11 0 8 0 pfrule 1344 138 0 58 8 1 7 7 0 8 0 rttmr 136 4 0 4 3 3 0 1 0 8 0 art_heap8 4096 4 0 2 4 1 3 4 0 8 1 art_heap4 256 1326 0 1042 36 11 25 26 0 8 0 art_table 32 1330 0 1044 5 1 4 4 0 8 0 art_node 16 322 0 258 1 0 1 1 0 8 0 sysvmsgpl 40 15 0 7 1 0 1 1 0 8 0 semupl 112 6 0 6 6 6 0 1 0 8 0 semapl 112 312 0 302 1 0 1 1 0 8 0 shmpl 112 65 0 5 2 0 2 2 0 8 0 dirhash 1024 59 0 42 3 0 3 3 0 8 0 dino2pl 256 8714 0 7190 96 0 96 96 0 8 0 ffsino 280 8714 0 7190 110 0 110 110 0 8 0 nchpl 144 14176 0 13626 64 39 25 64 0 8 0 rtmask 32 14 0 14 6 5 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 57047 0 57046 6 5 1 2 0 8 0 percpumem 16 212 0 166 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 1 1 1 0 1 0 8 0 kstatmem 264 244 0 220 5 2 3 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 20 0 20 6 5 1 1 0 8 1 scxspl 216 44195 0 44195 17 14 3 8 1 8 3 plimitpl 152 892 0 873 1 0 1 1 0 8 0 sigapl 424 4184 0 4132 10 2 8 9 0 8 0 futexpl 64 59169 0 59163 1 0 1 1 0 8 0 knotepl 120 785 0 0 23 0 23 23 0 8 0 kqueuepl 216 1417 0 1404 12 9 3 5 0 8 2 pipepl 328 819 0 788 21 15 6 8 0 8 3 fdescpl 504 4137 0 4104 5 0 5 5 0 8 0 filepl 152 34306 0 34054 31 16 15 17 0 8 1 lockfpl 104 1460 0 1456 3 2 1 2 0 8 0 lockfspl 48 424 0 420 1 0 1 1 0 8 0 sessionpl 144 48 0 39 1 0 1 1 0 8 0 pgrppl 48 180 0 162 1 0 1 1 0 8 0 ucredpl 104 6090 0 6075 1 0 1 1 0 8 0 zombiepl 144 4583 0 4582 1 0 1 1 0 8 0 processpl 1176 4184 0 4132 6 0 6 6 0 8 0 procpl 656 9892 0 9829 9 2 7 8 0 8 0 srpgc 96 28 0 28 6 5 1 1 0 8 1 sosppl 168 26 0 26 6 5 1 1 0 8 1 sockpl 688 8974 0 8938 72 57 15 21 0 8 11 mcl64k 65536 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 117 0 0 15 0 15 15 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 52 0 0 5 0 5 5 0 8 0 mtagpl 96 71 0 0 2 0 2 2 0 8 0 mbufpl 256 385 0 0 22 0 22 22 0 8 0 bufpl 280 14505 0 8351 440 0 440 440 0 8 0 anonpl 24 493118 0 484787 122 48 74 84 0 184 3 amapchunkpl 152 120089 0 119414 56 25 31 34 0 158 3 amappl16 200 8720 0 8485 54 28 26 26 0 8 2 amappl15 192 23 0 23 2 2 0 1 0 8 0 amappl14 184 160 0 147 1 0 1 1 0 8 0 amappl13 176 3 0 3 1 1 0 1 0 8 0 amappl12 168 4980 0 4947 3 1 2 2 0 8 0 amappl11 160 62 0 48 1 0 1 1 0 8 0 amappl10 152 9 0 9 1 1 0 1 0 8 0 amappl9 144 264 0 264 1 1 0 1 0 8 0 amappl8 136 28 0 25 1 0 1 1 0 8 0 amappl7 128 159 0 144 1 0 1 1 0 8 0 amappl6 120 316 0 311 1 0 1 1 0 8 0 amappl5 112 184 0 173 1 0 1 1 0 8 0 amappl4 104 409 0 387 1 0 1 1 0 8 0 amappl3 96 25798 0 25680 5 1 4 4 0 8 0 amappl2 88 912 0 846 2 0 2 2 0 8 0 amappl1 80 26767 0 26139 15 0 15 15 0 8 0 amappl 88 33762 0 33578 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 8 0 8 2 2 0 1 0 8 0 dma128 128 260 0 260 5 5 0 1 0 8 0 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 67 0 5 2 0 2 2 0 8 0 uaddrrnd 24 4137 0 4104 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4137 0 4104 1 0 1 1 0 8 0 vmmpekpl 168 31194 0 31128 4 0 4 4 0 8 0 vmmpepl 168 258314 0 256023 140 26 114 115 0 357 3 vmsppl 456 4136 0 4104 5 0 5 5 0 8 0 rwobjpl 64 66378 0 59177 121 0 121 121 0 8 0 pdppl 4096 8282 0 8208 142 66 76 82 0 8 2 pvpl 32 20813 0 0 168 0 168 168 0 265 0 pmappl 248 4136 0 4104 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 393 0 134 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff837b0ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 witness_checkorder(ffff80000002c028,9,0) at witness_checkorder+0x165 sys/kern/subr_witness.c:772 mtx_enter(ffff80000002c018) at mtx_enter+0x47 sys/kern/kern_lock.c:238 msleep(ffff80000002c000,ffff80000002c018,20,ffffffff83442be8,0) at msleep+0x2cf sys/kern/kern_synch.c:237 taskq_next_work(ffff80000002c000,ffff80002a2d3150) at taskq_next_work+0x8e sys/kern/kern_task.c:399 taskq_thread(ffff80000002c000) at taskq_thread+0x1d5 sys/kern/kern_task.c:439 end trace frame: 0x0, count: 7 ddb{0}> trace x86_ipi_db(ffffffff837b0ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 witness_checkorder(ffff80000002c028,9,0) at witness_checkorder+0x165 sys/kern/subr_witness.c:772 mtx_enter(ffff80000002c018) at mtx_enter+0x47 sys/kern/kern_lock.c:238 msleep(ffff80000002c000,ffff80000002c018,20,ffffffff83442be8,0) at msleep+0x2cf sys/kern/kern_synch.c:237 taskq_next_work(ffff80000002c000,ffff80002a2d3150) at taskq_next_work+0x8e sys/kern/kern_task.c:399 taskq_thread(ffff80000002c000) at taskq_thread+0x1d5 sys/kern/kern_task.c:439 end trace frame: 0x0, count: -8 ddb{0}> machine ddbcpu 1 Stopped at ufs_lookup+0x5e1: movzwl 0x4(%r15,%rbx,1),%r14d ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd805dd2fbd8,ffff80002a488ed0,ffff80002a488f00) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a488ea0) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a488ea0) at namei+0x7aa sys/kern/vfs_lookup.c:250 domknodat(ffff80002eca2d00,ffffff9c,200000000000,2000,6381) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1590 syscall(ffff80002a4890a0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a4890a0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6186498be40, count: 8 ddb{1}> trace ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd805dd2fbd8,ffff80002a488ed0,ffff80002a488f00) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002a488ea0) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002a488ea0) at namei+0x7aa sys/kern/vfs_lookup.c:250 domknodat(ffff80002eca2d00,ffffff9c,200000000000,2000,6381) at domknodat+0xb4 sys/kern/vfs_syscalls.c:1590 syscall(ffff80002a4890a0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a4890a0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6186498be40, count: -7