login: uvm_fault(0xfffffd80671d22f0, 0x668, 0, 2) -> e kernel: page fault trap, code=0 Stopped at pppacopen+0x1b5: movq %r13,0x668 TID PID UID PRFLAGS PFLAGS CPU COMMAND 229369 35849 0 0 0 1 syz-executor.1 *368591 35849 0 0 0x4000000 0K syz-executor.1 pppacopen(86338,1,2000,ffff8000246c2d20) at pppacopen+0x1b5 sys/net/if_pppx.c:1020 spec_open(ffff800027ba5aa8) at spec_open+0x3d7 sys/kern/spec_vnops.c:157 VOP_OPEN(fffffd8067d0c750,1,fffffd807f7d7600,ffff8000246c2d20) at VOP_OPEN+0x75 sys/kern/vfs_vops.c:138 vn_open(ffff800027ba5cf8,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183 doopenat(ffff8000246c2d20,ffffff9c,20000040,0,0,ffff800027ba5ee0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1128 syscall(ffff800027ba5f50) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027ba5f50) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3d99976e9e0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd80671d22f0, 0x668, 0, 2) -> e ddb{0}> trace pppacopen(86338,1,2000,ffff8000246c2d20) at pppacopen+0x1b5 sys/net/if_pppx.c:1020 spec_open(ffff800027ba5aa8) at spec_open+0x3d7 sys/kern/spec_vnops.c:157 VOP_OPEN(fffffd8067d0c750,1,fffffd807f7d7600,ffff8000246c2d20) at VOP_OPEN+0x75 sys/kern/vfs_vops.c:138 vn_open(ffff800027ba5cf8,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183 doopenat(ffff8000246c2d20,ffffff9c,20000040,0,0,ffff800027ba5ee0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1128 syscall(ffff800027ba5f50) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027ba5f50) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3d99976e9e0, count: -7 ddb{0}> show registers rdi 0xffff8000228c1000 rsi 0x96c rbp 0xffff800027ba5a20 rbx 0 rdx 0xffff8000228c1000 rcx 0x96b rax 0xffffffff81c79ee5 pppacopen+0x1b5 r8 0x770 r9 0xfffffd807f7d7600 r10 0x9f6e12422d176d98 r11 0x6b6cea9c61b7e22a r12 0xfffffd8067d0c750 r13 0 r14 0x86338 acpi_pdirpa+0x721a0 r15 0xffff800027ba5aa8 rip 0xffffffff81c79ee5 pppacopen+0x1b5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800027ba59d0 ss 0x10 pppacopen+0x1b5: movq %r13,0x668 ddb{0}> show proc PROC (syz-executor.1) pid=368591 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff8000246c2540,0xffffffff8293ceb0 process=0xffff8000ffff3a48 user=0xffff800027ba1000, vmspace=0xfffffd80671d22f0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 35849 229369 64336 0 7 0 syz-executor.1 *35849 368591 64336 0 7 0x4000000 syz-executor.1 22774 230449 15525 0 2 0 syz-executor.0 74365 493248 10300 0 2 0 syz-executor.2 74365 430685 10300 0 3 0x4000080 fsleep syz-executor.2 64336 165361 70034 0 3 0x82 nanoslp syz-executor.1 16408 242601 1 0 3 0x100083 ttyin getty 85206 103991 0 0 3 0x14200 acct acct 10300 270310 70034 0 3 0x82 nanoslp syz-executor.2 63661 120741 0 0 3 0x14280 nfsidl nfsio 24894 69055 0 0 3 0x14280 nfsidl nfsio 21817 232745 0 0 3 0x14280 nfsidl nfsio 99665 398384 0 0 3 0x14280 nfsidl nfsio 48070 213779 0 0 3 0x14280 nfsidl nfsio 12455 197449 0 0 3 0x14280 nfsidl nfsio 91495 306669 0 0 3 0x14280 nfsidl nfsio 41008 520723 0 0 3 0x14280 nfsidl nfsio 80907 483179 0 0 3 0x14280 nfsidl nfsio 7079 471911 0 0 3 0x14280 nfsidl nfsio 89317 117946 0 0 3 0x14280 nfsidl nfsio 89087 331770 0 0 3 0x14280 nfsidl nfsio 49147 371957 0 0 3 0x14280 nfsidl nfsio 29512 407191 0 0 3 0x14280 nfsidl nfsio 37785 330293 0 0 3 0x14280 nfsidl nfsio 82116 222651 0 0 3 0x14280 nfsidl nfsio 55165 24290 0 0 3 0x14280 nfsidl nfsio 72452 128698 0 0 3 0x14280 nfsidl nfsio 39089 479153 0 0 3 0x14280 nfsidl nfsio 16248 206877 0 0 3 0x14280 nfsidl nfsio 45203 373744 0 0 3 0x14200 bored sosplice 740 223653 70034 0 3 0x82 nanoslp syz-executor.3 15525 360747 70034 0 3 0x82 nanoslp syz-executor.0 70034 374798 73580 0 3 0x82 thrsleep syz-fuzzer 70034 251322 73580 0 3 0x4000082 thrsleep syz-fuzzer 70034 277682 73580 0 3 0x4000082 thrsleep syz-fuzzer 70034 252634 73580 0 3 0x4000082 thrsleep syz-fuzzer 70034 81825 73580 0 3 0x4000082 kqread syz-fuzzer 70034 244727 73580 0 3 0x4000082 thrsleep syz-fuzzer 70034 167116 73580 0 3 0x4000082 thrsleep syz-fuzzer 70034 230881 73580 0 3 0x4000082 thrsleep syz-fuzzer 70034 406641 73580 0 3 0x4000082 thrsleep syz-fuzzer 70034 183267 73580 0 3 0x4000082 thrsleep syz-fuzzer 73580 302085 2946 0 3 0x10008a sigsusp ksh 2946 217818 25278 0 3 0x9a poll sshd 25278 341643 1 0 3 0x88 poll sshd 40084 479738 69389 74 3 0x100092 bpf pflogd 69389 47866 1 0 3 0x80 netio pflogd 49033 341003 94717 73 3 0x100090 kqread syslogd 94717 431432 1 0 3 0x100082 netio syslogd 45475 294867 1 0 3 0x100080 kqread resolvd 80967 516659 84944 77 3 0x100092 kqread dhcpleased 70471 17961 84944 77 3 0x100092 kqread dhcpleased 84944 301016 1 0 3 0x80 kqread dhcpleased 55870 144534 0 0 3 0x14200 bored smr 89489 296765 0 0 2 0x14200 zerothread 31499 363933 0 0 3 0x14200 aiodoned aiodoned 86001 46241 0 0 3 0x14200 syncer update 63473 203013 0 0 3 0x14200 cleaner cleaner 47216 125609 0 0 3 0x14200 reaper reaper 309 46584 0 0 3 0x14200 pgdaemon pagedaemon 89625 291806 0 0 3 0x14200 bored viomb 48062 305587 0 0 3 0x40014200 acpi0 acpi0 73302 75436 0 0 3 0x40014200 idle1 16789 203537 0 0 3 0x14200 bored softnet 20145 379088 0 0 3 0x14200 bored systqmp 68110 294755 0 0 3 0x14200 bored systq 38811 145392 0 0 3 0x40014200 bored softclock 97703 93961 0 0 3 0x40014200 idle0 1 342106 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 35849 (syz-executor.1) thread 0xffff8000246c2d20 (368591) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828f9c10) #0 witness_lock+0x44d #1 syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] #1 syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10165 6475K 6916K 78643K 13333 0 pcb 13 8K 8K 78643K 158 0 rtable 105 4K 8K 78643K 611 0 ifaddr 54 12K 14K 78643K 200 0 sysctl 2 0K 0K 78643K 4 0 counters 46 34K 34K 78643K 74 0 ioctlops 0 0K 4K 78643K 1648 0 iov 0 0K 12K 78643K 28 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1225 77K 78K 78643K 1932 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 79 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 9 29K 49K 78643K 2153 0 sigio 0 0K 0K 78643K 16 0 proc 70 87K 111K 78643K 617 0 subproc 52 3K 3K 78643K 117 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 109 0 in_multi 39 2K 3K 78643K 184 0 ether_multi 1 0K 0K 78643K 34 0 mrt 0 0K 0K 78643K 25 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 2K 78643K 623 0 pfkey data 0 0K 0K 78643K 1 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 280 108K 109K 78643K 26466 0 UVM aobj 16 3K 3K 78643K 18 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 145 0 NDP 7 0K 1K 78643K 39 0 temp 94 4210K 4833K 78643K 33266 0 kqueue 10 14K 18K 78643K 72 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 84 0 81 1 0 1 1 0 8 0 rtentry 112 136 0 95 2 0 2 2 0 8 0 unpcb 136 404 0 389 1 0 1 1 0 8 0 syncache 296 17 0 17 5 5 0 1 0 8 0 tcpqe 32 308 0 308 5 5 0 1 0 8 0 tcpcb 736 326 0 316 6 3 3 3 0 8 1 arp 120 22 0 13 1 0 1 1 0 8 0 inpcb 304 929 0 918 2 0 2 2 0 8 0 rttmr 72 9 0 9 4 4 0 1 0 8 0 nd6 48 28 0 21 1 0 1 1 0 8 0 pkpcb 40 2 0 2 2 2 0 1 0 8 0 kcovpl 48 9 0 5 1 0 1 1 0 8 0 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 13 0 13 2 2 0 1 0 482 0 pffrnode 88 13 0 13 2 2 0 1 0 8 0 pffrent 40 486 0 486 2 2 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 72 0 71 1 0 1 1 0 8 0 pftag 88 13 0 10 1 0 1 1 0 8 0 pfqueue 264 5 0 1 1 0 1 1 0 8 0 pfstitem 24 31 0 29 1 0 1 1 0 8 0 pfstkey 112 31 0 29 1 0 1 1 0 8 0 pfstate 320 30 0 28 3 1 2 3 0 8 1 pfrule 1360 108 0 89 3 1 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 550 0 345 20 4 16 18 0 8 2 art_table 32 551 0 345 3 0 3 3 0 8 0 art_node 16 134 0 100 1 0 1 1 0 8 0 sysvmsgpl 40 23 0 19 2 1 1 1 0 8 0 semapl 112 71 0 61 1 0 1 1 0 8 0 shmpl 112 15 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 3871 0 2460 89 0 89 89 0 8 0 ffsino 272 3871 0 2460 95 0 95 95 0 8 0 nchpl 144 6394 0 4790 61 0 61 61 0 8 0 uvmvnodes 80 4485 0 0 92 0 92 92 0 8 0 vnodes 224 4485 0 0 264 0 264 264 0 8 0 namei 1024 16945 0 16945 2 1 1 1 0 8 1 percpumem 16 49 0 14 1 0 1 1 0 8 0 vcpupl 2048 4 0 0 1 0 1 1 0 8 0 vmpool 560 5 0 1 1 0 1 1 0 8 0 pfiaddrpl 120 16 0 16 4 4 0 1 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 20235 0 20235 10 9 1 8 0 8 1 plimitpl 152 92 0 80 1 0 1 1 0 8 0 sigapl 424 2400 0 2342 7 0 7 7 0 8 0 futexpl 64 10799 0 10798 2 1 1 1 0 8 0 knotepl 112 80 0 0 3 0 3 3 0 8 0 kqueuepl 216 145 0 139 1 0 1 1 0 8 0 pipepl 336 152 0 136 2 0 2 2 0 8 0 fdescpl 496 2364 0 2342 4 1 3 4 0 8 0 filepl 152 6948 0 6795 10 3 7 8 0 8 1 lockfpl 104 247 0 245 1 0 1 1 0 8 0 lockfspl 48 81 0 79 1 0 1 1 0 8 0 sessionpl 144 27 0 14 1 0 1 1 0 8 0 pgrppl 48 32 0 19 1 0 1 1 0 8 0 ucredpl 96 909 0 897 1 0 1 1 0 8 0 zombiepl 144 2342 0 2341 1 0 1 1 0 8 0 processpl 1064 2400 0 2341 4 0 4 4 0 8 0 procpl 672 4675 0 4605 7 0 7 7 0 8 0 srpgc 96 8 0 8 3 2 1 1 0 8 1 sosppl 168 23 0 23 5 5 0 1 0 8 0 sockpl 480 1424 0 1395 9 4 5 6 0 8 0 mcl64k 65536 13 0 0 2 0 2 2 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 7 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 8 0 0 1 0 1 1 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 224 0 0 27 0 27 27 0 8 0 mtagpl 96 167 0 0 4 0 4 4 0 8 0 mbufpl 256 735 0 0 44 1 43 43 0 8 0 bufpl 288 7040 0 695 454 0 454 454 0 8 0 anonpl 24 582352 0 568230 124 26 98 110 0 186 0 amapchunkpl 152 63936 0 63209 41 11 30 36 0 158 0 amappl16 200 5049 0 4600 35 10 25 30 0 8 0 amappl15 192 134 0 132 1 0 1 1 0 8 0 amappl14 184 152 0 150 2 1 1 1 0 8 0 amappl13 176 71 0 70 1 0 1 1 0 8 0 amappl12 168 570 0 566 1 0 1 1 0 8 0 amappl11 160 920 0 903 1 0 1 1 0 8 0 amappl10 152 276 0 266 1 0 1 1 0 8 0 amappl9 144 480 0 477 1 0 1 1 0 8 0 amappl8 136 713 0 672 2 0 2 2 0 8 0 amappl7 128 338 0 327 1 0 1 1 0 8 0 amappl6 120 185 0 170 1 0 1 1 0 8 0 amappl5 112 2243 0 2221 1 0 1 1 0 8 0 amappl4 104 1750 0 1725 1 0 1 1 0 8 0 amappl3 96 763 0 745 1 0 1 1 0 8 0 amappl2 88 469 0 428 2 1 1 2 0 8 0 amappl1 80 41857 0 41357 13 1 12 13 0 8 0 amappl 88 26009 0 25801 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 17 0 2 1 0 1 1 0 8 0 uaddrrnd 24 2369 0 2343 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2369 0 2343 1 0 1 1 0 8 0 vmmpekpl 168 16761 0 16715 3 0 3 3 0 8 0 vmmpepl 168 211401 0 209422 141 37 104 104 0 357 12 vmsppl 368 2368 0 2343 3 0 3 3 0 8 0 rwobjpl 56 51375 0 45571 85 3 82 82 0 8 0 pdppl 4096 4746 0 4690 83 25 58 62 0 8 2 pvpl 32 1126912 0 1109070 204 42 162 176 0 265 3 pmappl 248 2368 0 2343 2 0 2 2 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 842 0 37 23 0 23 23 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pppacopen(86338,1,2000,ffff8000246c2d20) at pppacopen+0x1b5 sys/net/if_pppx.c:1020 spec_open(ffff800027ba5aa8) at spec_open+0x3d7 sys/kern/spec_vnops.c:157 VOP_OPEN(fffffd8067d0c750,1,fffffd807f7d7600,ffff8000246c2d20) at VOP_OPEN+0x75 sys/kern/vfs_vops.c:138 vn_open(ffff800027ba5cf8,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183 doopenat(ffff8000246c2d20,ffffff9c,20000040,0,0,ffff800027ba5ee0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1128 syscall(ffff800027ba5f50) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800027ba5f50) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3d99976e9e0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_cmp8(3d6c4b40000,3d6c4b3540a) at __sanitizer_cov_trace_cmp8+0x18 kd_curproc sys/dev/kcov.c:575 [inline] __sanitizer_cov_trace_cmp8(3d6c4b40000,3d6c4b3540a) at __sanitizer_cov_trace_cmp8+0x18 sys/dev/kcov.c:207 uvm_map_inentry(ffff8000246c37a0,ffff8000246c3818,3d6c4b3540a,ffffffff82474760,ffffffff81b7cf40,16) at uvm_map_inentry+0x89 uvm_map_inentry_recheck sys/uvm/uvm_map.c:1866 [inline] uvm_map_inentry(ffff8000246c37a0,ffff8000246c3818,3d6c4b3540a,ffffffff82474760,ffffffff81b7cf40,16) at uvm_map_inentry+0x89 sys/uvm/uvm_map.c:1916 syscall(ffff800027b9a650) at syscall+0x3d1 mi_syscall sys/sys/syscall_mi.h:87 [inline] syscall(ffff800027b9a650) at syscall+0x3d1 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffdf6d0, count: 8 ddb{1}> trace x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_cmp8(3d6c4b40000,3d6c4b3540a) at __sanitizer_cov_trace_cmp8+0x18 kd_curproc sys/dev/kcov.c:575 [inline] __sanitizer_cov_trace_cmp8(3d6c4b40000,3d6c4b3540a) at __sanitizer_cov_trace_cmp8+0x18 sys/dev/kcov.c:207 uvm_map_inentry(ffff8000246c37a0,ffff8000246c3818,3d6c4b3540a,ffffffff82474760,ffffffff81b7cf40,16) at uvm_map_inentry+0x89 uvm_map_inentry_recheck sys/uvm/uvm_map.c:1866 [inline] uvm_map_inentry(ffff8000246c37a0,ffff8000246c3818,3d6c4b3540a,ffffffff82474760,ffffffff81b7cf40,16) at uvm_map_inentry+0x89 sys/uvm/uvm_map.c:1916 syscall(ffff800027b9a650) at syscall+0x3d1 mi_syscall sys/sys/syscall_mi.h:87 [inline] syscall(ffff800027b9a650) at syscall+0x3d1 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffdf6d0, count: -7