uvm_fault(0xfffffd8066a2ea20, 0x668, 0, 2) -> e kernel: page fault trap, code=0 Stopped at pppacopen+0x1b5: movq %r13,0x668 TID PID UID PRFLAGS PFLAGS CPU COMMAND *431173 75124 0 0 0x4000000 0K syz-executor.1 85964 3363 0 0x14000 0x200 1 reaper pppacopen(86353,1,2000,ffff8000246c17a8) at pppacopen+0x1b5 sys/net/if_pppx.c:1020 spec_open(ffff8000211e8458) at spec_open+0x3d7 sys/kern/spec_vnops.c:157 VOP_OPEN(fffffd8066cb8e10,1,fffffd807f7d7780,ffff8000246c17a8) at VOP_OPEN+0x75 sys/kern/vfs_vops.c:138 vn_open(ffff8000211e86a8,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183 doopenat(ffff8000246c17a8,ffffff9c,20000780,0,0,ffff8000211e8890) at doopenat+0x26a sys/kern/vfs_syscalls.c:1128 syscall(ffff8000211e8900) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000211e8900) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa6b567a0940, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd8066a2ea20, 0x668, 0, 2) -> e ddb{0}> trace pppacopen(86353,1,2000,ffff8000246c17a8) at pppacopen+0x1b5 sys/net/if_pppx.c:1020 spec_open(ffff8000211e8458) at spec_open+0x3d7 sys/kern/spec_vnops.c:157 VOP_OPEN(fffffd8066cb8e10,1,fffffd807f7d7780,ffff8000246c17a8) at VOP_OPEN+0x75 sys/kern/vfs_vops.c:138 vn_open(ffff8000211e86a8,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183 doopenat(ffff8000246c17a8,ffffff9c,20000780,0,0,ffff8000211e8890) at doopenat+0x26a sys/kern/vfs_syscalls.c:1128 syscall(ffff8000211e8900) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000211e8900) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa6b567a0940, count: -7 ddb{0}> show registers rdi 0xffff80002148e000 rsi 0xbaa rbp 0xffff8000211e83d0 rbx 0 rdx 0xffff80002148e000 rcx 0xba9 rax 0xffffffff81c79ee5 pppacopen+0x1b5 r8 0x770 r9 0xfffffd807f7d7780 r10 0x22d8df248bd915c8 r11 0x181016b1383761e6 r12 0xfffffd8066cb8e10 r13 0 r14 0x86353 acpi_pdirpa+0x721bb r15 0xffff8000211e8458 rip 0xffffffff81c79ee5 pppacopen+0x1b5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000211e8380 ss 0x10 pppacopen+0x1b5: movq %r13,0x668 ddb{0}> show proc PROC (syz-executor.1) pid=431173 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000246c0a88,0xffff8000246c0fd8 process=0xffff8000211f2150 user=0xffff8000211e3000, vmspace=0xfffffd8066a2ea20 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 64771 134642 80181 0 2 0 syz-executor.0 64771 439169 80181 0 2 0x4000000 syz-executor.0 75124 239590 76725 0 2 0 syz-executor.1 *75124 431173 76725 0 7 0x4000000 syz-executor.1 25098 440915 27199 0 3 0x82 nanoslp syz-executor.3 25937 307362 1 0 3 0x100083 ttyin getty 29981 306436 0 0 3 0x14200 bored sosplice 80181 354035 27199 0 3 0x82 nanoslp syz-executor.0 76725 31638 27199 0 3 0x82 nanoslp syz-executor.1 71755 178812 27199 0 2 0x2 syz-executor.2 27199 220152 68191 0 3 0x82 thrsleep syz-fuzzer 27199 275575 68191 0 3 0x4000082 nanoslp syz-fuzzer 27199 522519 68191 0 3 0x4000082 thrsleep syz-fuzzer 27199 17340 68191 0 3 0x4000082 thrsleep syz-fuzzer 27199 225311 68191 0 3 0x4000082 thrsleep syz-fuzzer 27199 41555 68191 0 3 0x4000082 thrsleep syz-fuzzer 27199 95678 68191 0 3 0x4000082 thrsleep syz-fuzzer 27199 186709 68191 0 2 0x4000082 syz-fuzzer 68191 333409 81012 0 3 0x10008a sigsusp ksh 81012 390382 13346 0 3 0x9a poll sshd 13346 334840 1 0 3 0x88 poll sshd 20069 506711 97497 74 3 0x100092 bpf pflogd 97497 133964 1 0 3 0x80 netio pflogd 51366 211545 64337 73 3 0x100090 kqread syslogd 64337 299865 1 0 3 0x100082 netio syslogd 35328 133900 1 0 3 0x100080 kqread resolvd 21411 345782 17784 77 3 0x100092 kqread dhcpleased 7065 250771 17784 77 3 0x100092 kqread dhcpleased 17784 179732 1 0 3 0x80 kqread dhcpleased 80608 425424 0 0 3 0x14200 bored smr 4310 417839 0 0 2 0x14200 zerothread 28465 433535 0 0 3 0x14200 aiodoned aiodoned 85995 52482 0 0 3 0x14200 syncer update 59653 39106 0 0 3 0x14200 cleaner cleaner 3363 85964 0 0 7 0x14200 reaper 64178 276256 0 0 3 0x14200 pgdaemon pagedaemon 95293 142219 0 0 3 0x14200 bored viomb 67842 206095 0 0 3 0x40014200 acpi0 acpi0 4191 293738 0 0 3 0x40014200 idle1 45817 522321 0 0 3 0x14200 bored softnet 73713 184594 0 0 3 0x14200 bored systqmp 77752 54557 0 0 3 0x14200 bored systq 35591 57932 0 0 3 0x40014200 bored softclock 56700 229986 0 0 3 0x40014200 idle0 1 108310 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 1: exclusive mutex pvpl r = 0 (0xffffffff82a01c10) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 pool_put+0x8a sys/kern/subr_pool.c:799 #4 pmap_do_remove+0x607 sys/arch/amd64/amd64/pmap.c:1879 #5 uvm_unmap_kill_entry_withlock+0x1af sys/uvm/uvm_map.c:2139 #6 uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] #6 uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2771 #7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685 #8 reaper+0x18b sys/kern/kern_exit.c:462 #9 proc_trampoline+0x1c Process 75124 (syz-executor.1) thread 0xffff8000246c17a8 (431173) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828f9c10) #0 witness_lock+0x44d #1 syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] #1 syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 #2 Xsyscall+0x128 Process 71755 (syz-executor.2) thread 0xffff80002123ca80 (178812) exclusive rrwlock inode r = 0 (0xfffffd8076d2ba38) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vget+0x1d3 sys/kern/vfs_subr.c:677 #6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119 #7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1318 #8 ufs_lookup+0x13ba sys/ufs/ufs/ufs_lookup.c:487 #9 VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 #10 vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:561 #11 namei+0x36a sys/kern/vfs_lookup.c:245 #12 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1849 #13 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #13 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806a657a28) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413 #6 namei+0x36a sys/kern/vfs_lookup.c:245 #7 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1849 #8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10160 6470K 6791K 78643K 12020 0 pcb 13 8K 8K 78643K 62 0 rtable 109 3K 4K 78643K 447 0 ifaddr 44 11K 13K 78643K 119 0 counters 44 34K 34K 78643K 68 0 ioctlops 0 0K 4K 78643K 1539 0 iov 0 0K 24K 78643K 7 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1233 78K 78K 78643K 1601 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 10 1K 1K 78643K 10 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 8 25K 49K 78643K 932 0 proc 68 87K 111K 78643K 569 0 subproc 52 3K 3K 78643K 130 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 28 0 in_multi 33 2K 3K 78643K 152 0 ether_multi 1 0K 0K 78643K 16 0 mrt 0 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 2K 78643K 625 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 212 43K 43K 78643K 11904 0 UVM aobj 4 2K 2K 78643K 4 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 40 0 NDP 6 0K 1K 78643K 38 0 temp 59 4193K 4278K 78643K 13346 0 kqueue 10 14K 20K 78643K 71 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 53 0 50 1 0 1 1 0 8 0 rtentry 112 133 0 89 2 0 2 2 0 8 0 unpcb 136 104 0 89 1 0 1 1 0 8 0 syncache 296 12 0 12 2 2 0 1 0 8 0 tcpqe 32 59 0 59 2 2 0 1 0 8 0 tcpcb 736 112 0 108 3 0 3 3 0 8 2 arp 120 22 0 16 1 0 1 1 0 8 0 inpcb 304 414 0 407 3 2 1 2 0 8 0 nd6 48 30 0 24 1 0 1 1 0 8 0 pkpcb 40 20 0 20 2 2 0 1 0 8 0 kcovpl 48 10 0 6 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 29 0 6 1 0 1 1 0 8 0 pfstkey 112 29 0 6 1 0 1 1 0 8 0 pfstate 320 29 0 6 2 0 2 2 0 8 0 pfrule 1360 29 0 20 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 544 0 352 18 3 15 18 0 8 3 art_table 32 545 0 352 3 0 3 3 0 8 1 art_node 16 132 0 92 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 4 1 1 0 1 0 8 0 semapl 112 8 0 0 1 0 1 1 0 8 0 shmpl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2434 0 1017 89 0 89 89 0 8 0 ffsino 272 2434 0 1017 95 0 95 95 0 8 0 nchpl 144 3579 0 1977 61 0 61 61 0 8 0 uvmvnodes 80 2772 0 0 57 0 57 57 0 8 0 vnodes 224 2772 0 0 164 0 164 164 0 8 0 namei 1024 10367 0 10367 1 0 1 1 0 8 1 percpumem 16 46 0 12 1 0 1 1 0 8 0 scxspl 216 10383 0 10383 9 8 1 8 0 8 1 plimitpl 152 49 0 38 1 0 1 1 0 8 0 sigapl 424 1154 0 1118 5 0 5 5 0 8 0 futexpl 64 4542 0 4542 1 0 1 1 0 8 1 knotepl 112 69 0 0 2 0 2 2 0 8 0 kqueuepl 216 116 0 110 1 0 1 1 0 8 0 pipepl 336 116 0 100 2 0 2 2 0 8 0 fdescpl 496 1139 0 1118 4 1 3 4 0 8 0 filepl 152 3722 0 3571 7 0 7 7 0 8 0 lockfpl 104 48 0 46 1 0 1 1 0 8 0 lockfspl 48 23 0 21 1 0 1 1 0 8 0 sessionpl 144 27 0 14 1 0 1 1 0 8 0 pgrppl 48 27 0 14 1 0 1 1 0 8 0 ucredpl 96 528 0 516 1 0 1 1 0 8 0 zombiepl 144 1118 0 1117 1 0 1 1 0 8 0 processpl 1064 1154 0 1117 3 0 3 3 0 8 0 procpl 672 2060 0 2014 6 1 5 6 0 8 0 srpgc 96 14 0 14 1 1 0 1 0 8 0 sosppl 168 25 0 25 1 1 0 1 0 8 0 sockpl 480 591 0 566 6 2 4 5 0 8 0 mcl8k 8192 8 0 0 1 0 1 1 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 126 0 0 15 0 15 15 0 8 0 mtagpl 96 67 0 0 2 0 2 2 0 8 0 mbufpl 256 349 0 0 22 0 22 22 0 8 0 bufpl 288 6802 0 458 454 0 454 454 0 8 0 anonpl 24 266135 0 259167 72 14 58 65 0 186 6 amapchunkpl 152 28626 0 28162 25 3 22 22 0 158 1 amappl16 200 2745 0 2607 18 5 13 18 0 8 3 amappl15 192 159 0 157 1 0 1 1 0 8 0 amappl14 184 19 0 17 1 0 1 1 0 8 0 amappl13 176 77 0 76 1 0 1 1 0 8 0 amappl12 168 22 0 18 1 0 1 1 0 8 0 amappl11 160 69 0 52 1 0 1 1 0 8 0 amappl10 152 516 0 504 1 0 1 1 0 8 0 amappl9 144 525 0 523 1 0 1 1 0 8 0 amappl8 136 633 0 593 2 0 2 2 0 8 0 amappl7 128 254 0 241 1 0 1 1 0 8 0 amappl6 120 238 0 222 1 0 1 1 0 8 0 amappl5 112 1379 0 1358 1 0 1 1 0 8 0 amappl4 104 765 0 740 1 0 1 1 0 8 0 amappl3 96 193 0 177 1 0 1 1 0 8 0 amappl2 88 406 0 365 3 2 1 2 0 8 0 amappl1 80 22270 0 21793 13 2 11 13 0 8 0 amappl 88 11482 0 11327 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1139 0 1118 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1139 0 1118 1 0 1 1 0 8 0 vmmpekpl 168 10761 0 10724 2 0 2 2 0 8 0 vmmpepl 168 102934 0 101386 88 4 84 84 0 357 8 vmsppl 368 1138 0 1117 3 0 3 3 0 8 0 rwobjpl 56 27891 0 24179 53 0 53 53 0 8 0 pdppl 4096 2286 0 2234 72 18 54 62 0 8 2 pvpl 32 603127 0 592628 140 17 123 140 0 265 26 pmappl 248 1138 0 1117 2 0 2 2 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 785 0 24 22 0 22 22 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pppacopen(86353,1,2000,ffff8000246c17a8) at pppacopen+0x1b5 sys/net/if_pppx.c:1020 spec_open(ffff8000211e8458) at spec_open+0x3d7 sys/kern/spec_vnops.c:157 VOP_OPEN(fffffd8066cb8e10,1,fffffd807f7d7780,ffff8000246c17a8) at VOP_OPEN+0x75 sys/kern/vfs_vops.c:138 vn_open(ffff8000211e86a8,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183 doopenat(ffff8000246c17a8,ffffff9c,20000780,0,0,ffff8000211e8890) at doopenat+0x26a sys/kern/vfs_syscalls.c:1128 syscall(ffff8000211e8900) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000211e8900) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa6b567a0940, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828f9a08) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828f9a08) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_unmap_detach(ffff800021185880,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1615 uvm_map_teardown(fffffd8066a2e180) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789 uvmspace_free(fffffd8066a2e180) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685 reaper(ffff800021148a80) at reaper+0x18b sys/kern/kern_exit.c:462 end trace frame: 0x0, count: 7 ddb{1}> trace x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828f9a08) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828f9a08) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_unmap_detach(ffff800021185880,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1615 uvm_map_teardown(fffffd8066a2e180) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789 uvmspace_free(fffffd8066a2e180) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685 reaper(ffff800021148a80) at reaper+0x18b sys/kern/kern_exit.c:462 end trace frame: 0x0, count: -8