Warning: Permanently added '10.128.1.99' (ED25519) to the list of known hosts. 2025/04/07 12:43:18 ignoring optional flag "sandboxArg"="0" 2025/04/07 12:43:18 ignoring optional flag "type"="gce" 2025/04/07 12:43:18 parsed 1 programs 2025/04/07 12:43:20 executed programs: 0 vnd0: sloppy read from proc 64840 (syz-executor.2): blkno 0 bcount 4204528 2025/04/07 12:43:25 executed programs: 613 2025/04/07 12:43:30 executed programs: 1262 2025/04/07 12:43:35 executed programs: 1931 2025/04/07 12:43:40 executed programs: 2616 2025/04/07 12:43:45 executed programs: 3311 2025/04/07 12:43:50 executed programs: 4011 uvm_fault(0xffffffff839fda20, 0xffff800022372004, 0, 1) -> d kernel: page fault trap, code=0 Stopped at ufs_lookup+0x5e1: movzwl 0x4(%r15,%rbx,1),%r14d TID PID UID PRFLAGS PFLAGS CPU COMMAND 199900 65129 0 0 0 0 syz-executor.2 * 12648 65129 0 0 0x4000000 1K syz-executor.2 ufs_lookup() at ufs_lookup+0x5e1 VOP_LOOKUP(fffffd807b046528,ffff80002a543dd8,ffff80002a543e08) at VOP_LOOKUP+0x6e vfs_lookup(ffff80002a543da8) at vfs_lookup+0x8fa namei(ffff80002a543da8) at namei+0x7aa vn_open(ffff80002a543da8,201,0) at vn_open+0x1f4 doopenat(ffff80002a5142c0,ffffff9c,20000200,200,0,ffff80002a543f50) at doopenat+0x32e syscall(ffff80002a544000) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a2c2184bb0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xffffffff839fda20, 0xffff800022372004, 0, 1) -> d ddb{1}> trace ufs_lookup() at ufs_lookup+0x5e1 VOP_LOOKUP(fffffd807b046528,ffff80002a543dd8,ffff80002a543e08) at VOP_LOOKUP+0x6e vfs_lookup(ffff80002a543da8) at vfs_lookup+0x8fa namei(ffff80002a543da8) at namei+0x7aa vn_open(ffff80002a543da8,201,0) at vn_open+0x1f4 doopenat(ffff80002a5142c0,ffffff9c,20000200,200,0,ffff80002a543f50) at doopenat+0x32e syscall(ffff80002a544000) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a2c2184bb0, count: -8 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a543a20 rbx 0 rdx 0xfffffd806731e188 rcx 0xffffffff rax 0xfffffd806d2109f8 r8 0xffffffffffffffff r9 0xfffffd807f7d3820 r10 0x90d6eef7d2fd00f9 r11 0xcef9a0d248351442 r12 0 r13 0xfffffd8066bda140 r14 0 r15 0xffff800022372000 rip 0xffffffff8262de51 ufs_lookup+0x5e1 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80002a543910 ss 0x10 ufs_lookup+0x5e1: movzwl 0x4(%r15,%rbx,1),%r14d ddb{1}> show proc PROC (syz-executor.2) tid=12648 pid=65129 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=82, usrpri=82, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a515c60,0xffffffff839562d0 process=0xffff8000ffff8950 user=0xffff80002a53f000, vmspace=0xfffffd8067611020 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 66903 507391 16447 0 2 0 syz-executor.5 65129 199900 30489 0 7 0 syz-executor.2 *65129 12648 30489 0 7 0x4000000 syz-executor.2 54025 154071 8380 0 2 0 syz-executor.6 19482 212311 26111 0 2 0 syz-executor.0 3716 88922 1115 0 2 0 syz-executor.3 3716 496544 1115 0 3 0x4000080 fsleep syz-executor.3 46861 30773 82637 0 2 0 syz-executor.4 46861 67137 82637 0 3 0x4000080 fsleep syz-executor.4 8380 243496 58990 0 2 0x2 syz-executor.6 1115 370790 58990 0 3 0x82 nanoslp syz-executor.3 14359 136288 58990 0 3 0x10000082 nanoslp syz-executor.7 82637 182790 58990 0 3 0x82 nanoslp syz-executor.4 16447 479987 58990 0 3 0x82 nanoslp syz-executor.5 30489 419899 58990 0 3 0x82 nanoslp syz-executor.2 58884 220714 58990 0 3 0x2 biowait syz-executor.1 26111 446238 58990 0 3 0x82 nanoslp syz-executor.0 58990 272917 37257 0 3 0x82 wait syz-execprog 58990 206501 37257 0 3 0x4000082 nanoslp syz-execprog 58990 496583 37257 0 3 0x4000082 thrsleep syz-execprog 58990 403957 37257 0 3 0x4000082 thrsleep syz-execprog 58990 203266 37257 0 3 0x4000082 thrsleep syz-execprog 58990 136064 37257 0 3 0x4000082 kqread syz-execprog 58990 3586 37257 0 3 0x4000082 wait syz-execprog 58990 146069 37257 0 3 0x4000082 wait syz-execprog 58990 354219 37257 0 3 0x4000082 wait syz-execprog 58990 1113 37257 0 3 0x4000082 wait syz-execprog 58990 131943 37257 0 3 0x4000082 thrsleep syz-execprog 58990 429201 37257 0 3 0x4000082 wait syz-execprog 58990 315052 37257 0 3 0x4000082 wait syz-execprog 58990 393666 37257 0 3 0x4000082 thrsleep syz-execprog 58990 47359 37257 0 3 0x4000082 wait syz-execprog 58990 468148 37257 0 3 0x4000082 thrsleep syz-execprog 37257 47434 53355 0 3 0x10008a sigsusp ksh 53355 242014 51179 0 3 0x98 kqread sshd-session 51179 454239 813 0 3 0x92 kqread sshd-session 17303 173814 1 0 3 0x100083 ttyin getty 813 256444 1 0 3 0x88 kqread sshd 20516 121972 93643 74 3 0x1100092 bpf pflogd 93643 343032 1 0 3 0x80 sbwait pflogd 17536 382617 44347 73 3 0x1100090 kqread syslogd 44347 476432 1 0 3 0x100082 sbwait syslogd 82391 500765 1 0 3 0x100080 kqread resolvd 69170 383000 25716 77 3 0x100092 kqread dhcpleased 19496 810 25716 77 3 0x100092 kqread dhcpleased 25716 386587 1 0 3 0x80 kqread dhcpleased 29427 434261 0 0 3 0x14200 bored smr 92798 281941 0 0 2 0x14200 zerothread 53925 166406 0 0 3 0x14200 aiodoned aiodoned 40493 493558 0 0 3 0x14200 syncer update 63270 263396 0 0 3 0x14200 cleaner cleaner 9631 349889 0 0 3 0x14200 reaper reaper 610 380840 0 0 3 0x14200 pgdaemon pagedaemon 22353 218372 0 0 3 0x14200 bored viomb 91603 339621 0 0 3 0x40014200 acpi0 acpi0 85177 77366 0 0 3 0x40014200 idle1 77349 323698 0 0 3 0x14200 bored softnet3 82463 89619 0 0 3 0x14200 bored softnet2 60544 437525 0 0 3 0x14200 bored softnet1 20148 236167 0 0 3 0x14200 bored softnet0 10013 275504 0 0 3 0x14200 bored systqmp 2839 296158 0 0 3 0x14200 bored systq 42428 202911 0 0 3 0x14200 tmoslp softclockmp 91699 402544 0 0 3 0x40014200 tmoslp softclock 48613 451775 0 0 3 0x40014200 idle0 1 412512 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 65129 (syz-executor.2) thread 0xffff80002a5142c0 (12648) exclusive rrwlock inode r = 0 (0xfffffd8066bda1e0) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 vn_lock+0xa4 #5 vfs_lookup+0x109 #6 namei+0x7aa #7 vn_open+0x1f4 #8 doopenat+0x32e #9 syscall+0xbc6 #10 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83903930) #0 witness_lock+0x5bb #1 doopenat+0x314 #2 syscall+0xbc6 #3 Xsyscall+0x128 Process 58884 (syz-executor.1) thread 0xffff80002a393738 (220714) exclusive rrwlock inode r = 0 (0xfffffd8066bdabb8) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 vn_lock+0xa4 #5 vget+0x2bd #6 ufs_ihashget+0x185 #7 ffs_vget+0x8c #8 ufs_lookup+0x19f8 #9 VOP_LOOKUP+0x6e #10 vfs_lookup+0x8fa #11 namei+0x7aa #12 dounlinkat+0xc1 #13 syscall+0xb08 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8066bda528) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 vn_lock+0xa4 #5 vget+0x2bd #6 cache_lookup+0x36e #7 ufs_lookup+0x21b #8 VOP_LOOKUP+0x6e #9 vfs_lookup+0x8fa #10 namei+0x7aa #11 dounlinkat+0xc1 #12 syscall+0xb08 #13 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10184 11020K 11020K 166960K 11264 0 pcb 17 12K 12K 166960K 17 0 rtable 234 6K 6K 166960K 380 0 pf 34 17K 18K 166960K 48 0 ifaddr 43 7K 7K 166960K 49 0 ifgroup 55 2K 2K 166960K 60 0 sysctl 1 1K 1K 166960K 1 0 counters 64 36K 36K 166960K 66 0 ioctlops 0 0K 4K 166960K 1484 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1264 80K 80K 166960K 1284 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 77K 166960K 4658 0 proc 69 91K 115K 166960K 556 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 110 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 435 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 268 163K 215K 166960K 38025 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 42 84K 112K 166960K 6066 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 12 0K 2K 166960K 31 0 temp 2 8672K 8737K 166960K 57938 0 kqueue 13 20K 20K 166960K 46 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 36 0 33 1 0 1 1 0 8 0 rtentry 168 122 0 12 6 1 5 5 0 8 0 unpcb 144 69 0 52 1 0 1 1 0 8 0 syncache 336 9 0 9 2 2 0 1 0 8 0 tcpcb 808 12 0 9 1 0 1 1 0 8 0 arp 120 20 0 2 1 0 1 1 0 8 0 inpcb 376 73 0 67 1 0 1 1 0 8 0 nd6 136 27 0 3 2 1 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 32 0 22 1 0 1 1 0 8 0 pfstkey 128 32 0 22 1 0 1 1 0 8 0 pfstate 376 32 0 22 3 0 3 3 0 8 1 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 501 0 48 32 3 29 29 0 8 0 art_table 32 502 0 48 5 1 4 4 0 8 0 art_node 16 121 0 21 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 10623 0 7274 210 0 210 210 0 8 0 ffsino 280 10623 0 7274 240 0 240 240 0 8 0 nchpl 144 19919 0 18128 67 0 67 67 0 8 0 uvmvnodes 80 6156 0 0 126 0 126 126 0 8 0 vnodes 216 6156 0 0 342 0 342 342 0 8 0 namei 1024 48399 0 48398 5 4 1 2 0 8 0 percpumem 16 47 0 1 1 0 1 1 0 8 0 kstatmem 264 26 0 2 2 0 2 2 0 8 0 scxspl 216 52691 0 52690 12 8 4 8 1 8 3 plimitpl 152 59 0 42 1 0 1 1 0 8 0 sigapl 424 5017 0 4968 8 2 6 7 0 8 0 futexpl 64 18292 0 18290 2 1 1 1 0 8 0 knotepl 120 130 0 0 4 0 4 4 0 8 0 kqueuepl 216 42 0 33 1 0 1 1 0 8 0 pipepl 328 179 0 151 5 2 3 3 0 8 0 fdescpl 504 4999 0 4969 6 1 5 5 0 8 1 filepl 152 15745 0 15602 7 1 6 6 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 35 0 18 1 0 1 1 0 8 0 pgrppl 48 35 0 18 1 0 1 1 0 8 0 ucredpl 104 153 0 139 1 0 1 1 0 8 0 zombiepl 144 4969 0 4968 2 1 1 1 0 8 0 processpl 1176 5017 0 4968 6 2 4 5 0 8 0 procpl 656 9575 0 9508 9 2 7 7 0 8 1 sockpl 688 178 0 152 4 1 3 3 0 8 0 mcl8k 8192 1 0 0 1 0 1 1 0 8 0 mcl4k 4096 164 0 0 18 0 18 18 0 8 0 mcl2k 2048 17 0 0 3 0 3 3 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 185 0 0 11 0 11 11 0 8 0 bufpl 280 13604 0 7378 445 0 445 445 0 8 0 anonpl 24 463466 0 458578 56 25 31 55 0 184 0 amapchunkpl 152 126836 0 126233 40 14 26 28 0 158 1 amappl16 200 9118 0 9022 9 3 6 6 0 8 0 amappl15 192 26 0 26 2 2 0 1 0 8 0 amappl14 184 238 0 223 3 1 2 2 0 8 0 amappl13 176 15 0 14 2 1 1 1 0 8 0 amappl12 168 5709 0 5681 4 2 2 2 0 8 0 amappl11 160 59 0 45 1 0 1 1 0 8 0 amappl10 152 86 0 77 2 1 1 1 0 8 0 amappl9 144 965 0 965 2 2 0 1 0 8 0 amappl8 136 209 0 171 3 1 2 2 0 8 0 amappl7 128 228 0 209 3 1 2 2 0 8 0 amappl6 120 348 0 343 3 2 1 2 0 8 0 amappl5 112 227 0 216 1 0 1 1 0 8 0 amappl4 104 590 0 567 2 1 1 2 0 8 0 amappl3 96 24950 0 24871 6 3 3 3 0 8 1 amappl2 88 5637 0 5559 5 2 3 4 0 8 0 amappl1 80 34437 0 33818 33 19 14 24 0 8 0 amappl 88 36864 0 36697 8 3 5 5 0 92 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 4999 0 4969 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4999 0 4969 1 0 1 1 0 8 0 vmmpekpl 168 31572 0 31534 2 0 2 2 0 8 0 vmmpepl 168 257737 0 255749 131 40 91 128 0 357 3 vmsppl 456 4998 0 4969 6 2 4 5 0 8 0 rwobjpl 64 72517 0 65318 129 12 117 117 0 8 0 pdppl 4096 10005 0 9938 143 72 71 77 0 8 4 pvpl 32 48293 0 0 390 0 390 390 0 265 0 pmappl 248 4998 0 4969 3 1 2 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 439 0 84 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83886ff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83903728) at __mp_lock+0x192 intr_handler(ffff80002a5383a0,ffff800000079f00) at intr_handler+0xe1 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f end of kernel end trace frame: 0x74ac2e2d3360, count: 9 ddb{0}> trace x86_ipi_db(ffffffff83886ff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83903728) at __mp_lock+0x192 intr_handler(ffff80002a5383a0,ffff800000079f00) at intr_handler+0xe1 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f end of kernel end trace frame: 0x74ac2e2d3360, count: -6 ddb{0}> machine ddbcpu 1 Stopped at ufs_lookup+0x5e1: movzwl 0x4(%r15,%rbx,1),%r14d ufs_lookup() at ufs_lookup+0x5e1 VOP_LOOKUP(fffffd807b046528,ffff80002a543dd8,ffff80002a543e08) at VOP_LOOKUP+0x6e vfs_lookup(ffff80002a543da8) at vfs_lookup+0x8fa namei(ffff80002a543da8) at namei+0x7aa vn_open(ffff80002a543da8,201,0) at vn_open+0x1f4 doopenat(ffff80002a5142c0,ffffff9c,20000200,200,0,ffff80002a543f50) at doopenat+0x32e syscall(ffff80002a544000) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a2c2184bb0, count: 7 ddb{1}> trace ufs_lookup() at ufs_lookup+0x5e1 VOP_LOOKUP(fffffd807b046528,ffff80002a543dd8,ffff80002a543e08) at VOP_LOOKUP+0x6e vfs_lookup(ffff80002a543da8) at vfs_lookup+0x8fa namei(ffff80002a543da8) at namei+0x7aa vn_open(ffff80002a543da8,201,0) at vn_open+0x1f4 doopenat(ffff80002a5142c0,ffffff9c,20000200,200,0,ffff80002a543f50) at doopenat+0x32e syscall(ffff80002a544000) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a2c2184bb0, count: -8