uvm_fault(0xffffffff82d77468, 0xffff800000e80000, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at arp_rtrequest+0x4e3: movzwl 0xc(%r15,%rbx,1),%ecx
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*260663 40527 0 0x8000000 0x4000000 0 syz-executor.2
arp_rtrequest(ffff800000ddd000,1,fffffd80692de4d8) at arp_rtrequest+0x4e3 arprequest sys/netinet/if_ether.c:281 [inline]
arp_rtrequest(ffff800000ddd000,1,fffffd80692de4d8) at arp_rtrequest+0x4e3 sys/netinet/if_ether.c:184
rtrequest(1,ffff800030f4b4e8,1,ffff800030f4b5b8,0) at rtrequest+0x9dc sys/net/route.c:1103
rt_ifa_add(ffff8000006c0f00,240004,ffff8000006c0f58,0) at rt_ifa_add+0x2b3 sys/net/route.c:1273
rt_ifa_addlocal(ffff8000006c0f00) at rt_ifa_addlocal+0x141 sys/net/route.c:1381
in_ifinit(ffff800000ddd000,ffff8000006c0f00,ffff800030f4b880,1) at in_ifinit+0x1c1 sys/netinet/in.c:669
in_ioctl_change_ifaddr(8040691a,ffff800030f4b870,ffff800000ddd000) at in_ioctl_change_ifaddr+0x67a sys/netinet/in.c:504
ifioctl(fffffd8076c417f8,8040691a,ffff800030f4b870,ffff80002db08cf8) at ifioctl+0x104c pru_control sys/sys/protosw.h:378 [inline]
ifioctl(fffffd8076c417f8,8040691a,ffff800030f4b870,ffff80002db08cf8) at ifioctl+0x104c sys/net/if.c:2449
sys_ioctl(ffff80002db08cf8,ffff800030f4ba50,ffff800030f4b9a0) at sys_ioctl+0x4a5
syscall(ffff800030f4ba50) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7da67aba770, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xffffffff82d77468, 0xffff800000e80000, 0, 1) -> e
ddb> trace
arp_rtrequest(ffff800000ddd000,1,fffffd80692de4d8) at arp_rtrequest+0x4e3 arprequest sys/netinet/if_ether.c:281 [inline]
arp_rtrequest(ffff800000ddd000,1,fffffd80692de4d8) at arp_rtrequest+0x4e3 sys/netinet/if_ether.c:184
rtrequest(1,ffff800030f4b4e8,1,ffff800030f4b5b8,0) at rtrequest+0x9dc sys/net/route.c:1103
rt_ifa_add(ffff8000006c0f00,240004,ffff8000006c0f58,0) at rt_ifa_add+0x2b3 sys/net/route.c:1273
rt_ifa_addlocal(ffff8000006c0f00) at rt_ifa_addlocal+0x141 sys/net/route.c:1381
in_ifinit(ffff800000ddd000,ffff8000006c0f00,ffff800030f4b880,1) at in_ifinit+0x1c1 sys/netinet/in.c:669
in_ioctl_change_ifaddr(8040691a,ffff800030f4b870,ffff800000ddd000) at in_ioctl_change_ifaddr+0x67a sys/netinet/in.c:504
ifioctl(fffffd8076c417f8,8040691a,ffff800030f4b870,ffff80002db08cf8) at ifioctl+0x104c pru_control sys/sys/protosw.h:378 [inline]
ifioctl(fffffd8076c417f8,8040691a,ffff800030f4b870,ffff80002db08cf8) at ifioctl+0x104c sys/net/if.c:2449
sys_ioctl(ffff80002db08cf8,ffff800030f4ba50,ffff800030f4b9a0) at sys_ioctl+0x4a5
syscall(ffff800030f4ba50) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7da67aba770, count: -10
ddb> show registers
rdi 0xffff80002ed0a000
rsi 0x2d6
rbp 0xffff800030f4b3d0
rbx 0x14
rdx 0xffff80002ed0a000
rcx 0x100040600080100
rax 0xfffffd806d6ddde0
r8 0x10
r9 0xfffffd80692de4d8
r10 0xefecc2a212dc06d
r11 0x428766aa6e821679
r12 0x4cf
r13 0xfffffd806d6ddd00
r14 0xfffffd80692de4d8
r15 0xffff800000e7ffe0
rip 0xffffffff814dd073 arp_rtrequest+0x4e3
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800030f4b350
ss 0x10
arp_rtrequest+0x4e3: movzwl 0xc(%r15,%rbx,1),%ecx
ddb> show proc
PROC (syz-executor.2) tid=260663 pid=40527 tcnt=2 stat=onproc
flags process=8000000 proc=4000000<THREAD>
runpri=32, usrpri=56, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002db08a68,0xffff80002a6e1c60
process=0xffff800030f60ca8 user=0xffff800030f46000, vmspace=0xfffffd806f96c410
estcpu=6, cpticks=0, pctcpu=0.1, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
81231 514792 45473 0 2 0x8000000 syz-executor.7
81231 398215 45473 0 3 0xc000080 fsleep syz-executor.7
40527 477151 58883 0 2 0x8000000 syz-executor.2
*40527 260663 58883 0 7 0xc000000 syz-executor.2
12557 390000 34298 0 2 0x8000000 syz-executor.0
22641 264565 41339 0 2 0x8000000 syz-executor.4
32595 165099 67703 0 2 0x8000000 syz-executor.6
54909 325692 39944 0 2 0x8000000 syz-executor.1
69198 370452 81747 0 2 0x8000000 syz-executor.3
69198 29987 81747 0 3 0xc000080 fsleep syz-executor.3
41339 27520 38157 0 2 0x8000002 syz-executor.4
45473 128866 38157 0 2 0x8000482 syz-executor.7
39944 265570 38157 0 2 0x8000482 syz-executor.1
67703 313783 38157 0 2 0x8000482 syz-executor.6
34298 17341 38157 0 2 0x8000002 syz-executor.0
81747 452399 38157 0 2 0x8000482 syz-executor.3
88657 142424 38157 0 2 0x8000002 syz-executor.5
58883 501949 38157 0 2 0x8000482 syz-executor.2
5759 119152 1 0 3 0x18100083 ttyin getty
21066 202146 0 0 3 0x14200 acct acct
9272 288240 0 0 3 0x14200 bored sosplice
38157 152184 13394 0 3 0x1a000082 wait syz-fuzzer
38157 211970 13394 0 3 0x1e000082 nanoslp syz-fuzzer
38157 337785 13394 0 3 0x1e000082 wait syz-fuzzer
38157 274719 13394 0 3 0x1e000082 thrsleep syz-fuzzer
38157 512943 13394 0 3 0x1e000082 wait syz-fuzzer
38157 273881 13394 0 3 0x1e000082 kqread syz-fuzzer
38157 44582 13394 0 3 0x1e000082 thrsleep syz-fuzzer
38157 164772 13394 0 3 0x1e000082 thrsleep syz-fuzzer
38157 41948 13394 0 3 0x1e000082 thrsleep syz-fuzzer
38157 260708 13394 0 3 0x1e000082 thrsleep syz-fuzzer
38157 8796 13394 0 3 0x1e000082 wait syz-fuzzer
38157 434732 13394 0 3 0x1e000082 wait syz-fuzzer
38157 26391 13394 0 3 0x1e000082 wait syz-fuzzer
38157 286021 13394 0 3 0x1e000082 wait syz-fuzzer
38157 400086 13394 0 3 0x1e000082 wait syz-fuzzer
13394 69061 26631 0 3 0x810008a sigsusp ksh
26631 73 24231 0 3 0x1800009a kqread sshd
24231 454724 1 0 3 0x18000088 kqread sshd
1058 234366 54470 73 2 0x19100010 syslogd
54470 153862 1 0 3 0x18100082 sbwait syslogd
88286 53598 1 0 3 0x18100080 kqread resolvd
64420 119765 95790 77 3 0x18100092 kqread dhcpleased
27020 389254 95790 77 3 0x18100092 kqread dhcpleased
95790 160095 1 0 3 0x18000080 kqread dhcpleased
91051 177029 0 0 3 0x14200 bored smr
390 182891 0 0 2 0x14200 zerothread
83263 503427 0 0 3 0x14200 aiodoned aiodoned
18265 414192 0 0 3 0x14200 syncer update
70041 375577 0 0 3 0x14200 cleaner cleaner
97804 168851 0 0 3 0x14200 reaper reaper
53923 493648 0 0 3 0x14200 pgdaemon pagedaemon
23828 318229 0 0 3 0x14200 bored viomb
48700 262238 0 0 3 0x40014200 acpi0 acpi0
41232 515712 0 0 3 0x14200 bored softnet3
39171 74678 0 0 3 0x14200 bored softnet2
75606 304914 0 0 3 0x14200 bored softnet1
80588 287854 0 0 3 0x14200 bored softnet0
38240 477707 0 0 2 0x14200 systqmp
33351 246025 0 0 3 0x14200 bored systq
9497 475689 0 0 2 0x40014200 softclock
33273 201657 0 0 3 0x40014200 idle0
1 122031 0 0 3 0x8080082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10171 6413K 7002K 166960K 14370 0
pcb 18 12K 12K 166960K 212 0
rtable 245 7K 8K 166960K 3493 0
pf 29 8K 9K 166960K 269 0
ifaddr 45 12K 13K 166960K 470 0
ifgroup 50 2K 2K 166960K 514 0
sysctl 4 1K 1K 166960K 4 0
counters 30 17K 17K 166960K 142 0
ioctlops 0 0K 2K 166960K 238 0
iov 0 0K 16K 166960K 111 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1392 88K 88K 166960K 4018 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 29 0
VM map 2 1K 1K 166960K 2 0
sem 12 1K 1K 166960K 104 0
dirhash 12 2K 3K 166960K 93 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 17 61K 105K 166960K 4173 0
sigio 0 0K 0K 166960K 19 0
proc 58 59K 124K 166960K 3384 0
subproc 104 6K 8K 166960K 1470 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 229 0
in_multi 99 7K 7K 166960K 1293 0
ether_multi 1 0K 0K 166960K 18 0
mrt 1 0K 0K 166960K 8 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 85 387K 387K 166960K 85 0
exec 0 0K 1K 166960K 1858 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 270 91K 168K 166960K 32734 0
UVM aobj 60 2K 3K 166960K 72 0
pinsyscall 37 74K 100K 166960K 7994 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 65 0
NDP 11 0K 2K 166960K 337 0
temp 75 6812K 6879K 166960K 182254 0
kqueue 12 18K 26K 166960K 256 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 340 0 337 1 0 1 1 0 8 0
rtentry 112 1260 0 1146 4 0 4 4 0 8 0
unpcb 144 995 0 981 2 0 2 2 0 8 1
syncache 336 14 0 14 1 0 1 1 0 8 1
tcpqe 32 8 0 8 1 0 1 1 0 8 1
tcpcb 808 525 0 520 2 0 2 2 0 8 1
arp 88 234 0 216 1 0 1 1 0 8 0
ipq 40 4 0 3 1 0 1 1 0 8 0
ipqe 40 7 0 6 1 0 1 1 0 8 0
inpcb 352 1914 0 1903 2 0 2 2 0 8 1
nd6 104 326 0 301 1 0 1 1 0 8 0
pkpcb 40 21 0 21 1 0 1 1 0 8 1
kcovpl 48 113 0 105 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 4960 0 4503 87 58 29 32 0 8 0
art_table 32 4961 0 4503 5 0 5 5 0 8 1
art_node 16 1256 0 1154 1 0 1 1 0 8 0
sysvmsgpl 40 38 0 17 1 0 1 1 0 8 0
semupl 112 1 0 1 1 0 1 1 0 8 1
semapl 112 102 0 92 1 0 1 1 0 8 0
shmpl 112 69 0 12 2 0 2 2 0 8 0
dirhash 1024 71 0 54 3 0 3 3 0 8 0
dino2pl 256 5754 0 4230 96 0 96 96 0 8 0
ffsino 240 5754 0 4230 91 0 91 91 0 8 0
nchpl 144 9897 0 9305 66 33 33 66 0 8 8
uvmvnodes 80 7936 0 0 162 0 162 162 0 8 0
vnodes 216 7936 0 0 441 0 441 441 0 8 0
namei 1024 39158 0 39158 2 0 2 2 0 8 2
vcpupl 3904 9 0 0 2 0 2 2 0 8 0
vmpool 664 19 0 10 1 0 1 1 0 8 0
kstatmem 264 246 0 224 2 0 2 2 0 8 0
scsiplug 72 5 0 5 1 0 1 1 0 8 1
scxspl 216 65696 0 65696 8 0 8 8 1 8 8
plimitpl 152 343 0 328 1 0 1 1 0 8 0
sigapl 424 4264 0 4218 7 0 7 7 0 8 0
futexpl 64 24814 0 24812 1 0 1 1 0 8 0
knotepl 120 6815 0 6733 10 0 10 10 0 8 7
kqueuepl 184 363 0 355 1 0 1 1 0 8 0
pipepl 288 670 0 642 3 0 3 3 0 8 0
fdescpl 432 4246 0 4218 5 0 5 5 0 8 1
filepl 120 15317 0 15077 9 0 9 9 0 8 1
lockfpl 104 419 0 416 1 0 1 1 0 8 0
lockfspl 48 179 0 176 1 0 1 1 0 8 0
sessionpl 144 127 0 111 1 0 1 1 0 8 0
pgrppl 48 136 0 120 1 0 1 1 0 8 0
ucredpl 104 1994 0 1981 1 0 1 1 0 8 0
zombiepl 144 4218 0 4218 1 0 1 1 0 8 1
processpl 1072 4264 0 4218 4 0 4 4 0 8 0
procpl 656 7209 0 7146 7 0 7 7 0 8 0
sosppl 168 42 0 42 1 0 1 1 0 8 1
sockpl 504 3275 0 3247 6 0 6 6 0 8 2
mcl64k 65536 14 0 14 1 0 1 1 0 8 1
mcl16k 16384 1 0 1 1 0 1 1 0 8 1
mcl12k 12288 2 0 2 1 0 1 1 0 8 1
mcl9k 9216 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 53 0 53 1 0 1 1 0 8 1
mcl4k 4096 12 0 12 1 0 1 1 0 8 1
mcl2k 2048 48114 0 48023 37 18 19 36 0 8 6
mtagpl 96 121 0 121 1 0 1 1 0 8 1
mbufpl 256 257196 0 256973 36 14 22 28 0 8 4
bufpl 280 14892 0 4447 747 0 747 747 0 8 0
anonpl 24 589383 0 579296 180 0 180 180 0 188 119
amapchunkpl 152 104751 0 104118 83 0 83 83 0 158 56
amappl16 200 10424 0 10061 26 6 20 20 0 8 0
amappl15 192 14 0 14 1 0 1 1 0 8 1
amappl14 184 579 0 567 2 0 2 2 0 8 1
amappl13 176 12 0 12 1 0 1 1 0 8 1
amappl12 168 6352 0 6325 2 0 2 2 0 8 0
amappl11 160 61 0 50 1 0 1 1 0 8 0
amappl10 152 142 0 133 1 0 1 1 0 8 0
amappl9 144 156 0 156 1 0 1 1 0 8 1
amappl8 136 477 0 444 2 0 2 2 0 8 0
amappl7 128 68 0 53 1 0 1 1 0 8 0
amappl6 120 1629 0 1614 2 0 2 2 0 8 1
amappl5 112 566 0 554 1 0 1 1 0 8 0
amappl4 104 1057 0 1026 2 0 2 2 0 8 1
amappl3 96 19683 0 19611 3 0 3 3 0 8 0
amappl2 88 4890 0 4816 3 0 3 3 0 8 1
amappl1 80 28174 0 27696 22 4 18 22 0 8 6
amappl 88 31382 0 31202 6 0 6 6 0 92 1
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 71 0 12 2 0 2 2 0 8 0
uaddrrnd 24 4265 0 4228 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4265 0 4228 1 0 1 1 0 8 0
vmmpekpl 168 33471 0 33415 3 0 3 3 0 8 0
vmmpepl 168 291811 0 289752 110 0 110 110 0 357 20
vmsppl 344 4264 0 4228 4 0 4 4 0 8 0
rwobjpl 24 75859 0 66584 56 0 56 56 0 8 0
pdppl 4096 8536 0 8465 365 290 75 89 0 8 4
pvpl 32 1795406 0 1779454 490 116 374 476 0 265 240
pmappl 216 4264 0 4228 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 737 0 380 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
arp_rtrequest(ffff800000ddd000,1,fffffd80692de4d8) at arp_rtrequest+0x4e3 arprequest sys/netinet/if_ether.c:281 [inline]
arp_rtrequest(ffff800000ddd000,1,fffffd80692de4d8) at arp_rtrequest+0x4e3 sys/netinet/if_ether.c:184
rtrequest(1,ffff800030f4b4e8,1,ffff800030f4b5b8,0) at rtrequest+0x9dc sys/net/route.c:1103
rt_ifa_add(ffff8000006c0f00,240004,ffff8000006c0f58,0) at rt_ifa_add+0x2b3 sys/net/route.c:1273
rt_ifa_addlocal(ffff8000006c0f00) at rt_ifa_addlocal+0x141 sys/net/route.c:1381
in_ifinit(ffff800000ddd000,ffff8000006c0f00,ffff800030f4b880,1) at in_ifinit+0x1c1 sys/netinet/in.c:669
in_ioctl_change_ifaddr(8040691a,ffff800030f4b870,ffff800000ddd000) at in_ioctl_change_ifaddr+0x67a sys/netinet/in.c:504
ifioctl(fffffd8076c417f8,8040691a,ffff800030f4b870,ffff80002db08cf8) at ifioctl+0x104c pru_control sys/sys/protosw.h:378 [inline]
ifioctl(fffffd8076c417f8,8040691a,ffff800030f4b870,ffff80002db08cf8) at ifioctl+0x104c sys/net/if.c:2449
sys_ioctl(ffff80002db08cf8,ffff800030f4ba50,ffff800030f4b9a0) at sys_ioctl+0x4a5
syscall(ffff800030f4ba50) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7da67aba770, count: -10
ddb> machine ddbcpu 1
No such command
ddb> trace
arp_rtrequest(ffff800000ddd000,1,fffffd80692de4d8) at arp_rtrequest+0x4e3 arprequest sys/netinet/if_ether.c:281 [inline]
arp_rtrequest(ffff800000ddd000,1,fffffd80692de4d8) at arp_rtrequest+0x4e3 sys/netinet/if_ether.c:184
rtrequest(1,ffff800030f4b4e8,1,ffff800030f4b5b8,0) at rtrequest+0x9dc sys/net/route.c:1103
rt_ifa_add(ffff8000006c0f00,240004,ffff8000006c0f58,0) at rt_ifa_add+0x2b3 sys/net/route.c:1273
rt_ifa_addlocal(ffff8000006c0f00) at rt_ifa_addlocal+0x141 sys/net/route.c:1381
in_ifinit(ffff800000ddd000,ffff8000006c0f00,ffff800030f4b880,1) at in_ifinit+0x1c1 sys/netinet/in.c:669
in_ioctl_change_ifaddr(8040691a,ffff800030f4b870,ffff800000ddd000) at in_ioctl_change_ifaddr+0x67a sys/netinet/in.c:504
ifioctl(fffffd8076c417f8,8040691a,ffff800030f4b870,ffff80002db08cf8) at ifioctl+0x104c pru_control sys/sys/protosw.h:378 [inline]
ifioctl(fffffd8076c417f8,8040691a,ffff800030f4b870,ffff80002db08cf8) at ifioctl+0x104c sys/net/if.c:2449
sys_ioctl(ffff80002db08cf8,ffff800030f4ba50,ffff800030f4b9a0) at sys_ioctl+0x4a5
syscall(ffff800030f4ba50) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7da67aba770, count: -10