uvm_fault(0xfffffd806c1c1dd8, 0xdb, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at rtrequest+0x7c7: movzbl 0xdb(%r13),%eax
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*148197 16370 0 0 0x4000000 0 syz-executor
rtrequest(1,ffff80002c7e0d58,38,ffff80002c7e0cd0,0) at rtrequest+0x7c7 sys/net/route.c:1008
rtm_output(ffff8000012dd600,ffff80002c7e0e00,ffff80002c7e0d58,38,0) at rtm_output+0x855 sys/net/rtsock.c:973
route_output(fffffd806c389c00,fffffd806ce9dbe8) at route_output+0x9ac sys/net/rtsock.c:878
route_send(fffffd806ce9dbe8,fffffd806c389c00,0,0) at route_send+0xd7 sys/net/rtsock.c:342
sosend(fffffd806ce9dbe8,0,ffff80002c7e0fb8,0,0,0) at sosend+0xa40
sendit(ffff800032805470,4,ffff80002c7e10b0,0,ffff80002c7e1160) at sendit+0x721 sys/kern/uipc_syscalls.c:786
sys_sendto(ffff800032805470,ffff80002c7e1210,ffff80002c7e1160) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564
syscall(ffff80002c7e1210) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa4946dc5550, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd806c1c1dd8, 0xdb, 0, 1) -> e
ddb> trace
rtrequest(1,ffff80002c7e0d58,38,ffff80002c7e0cd0,0) at rtrequest+0x7c7 sys/net/route.c:1008
rtm_output(ffff8000012dd600,ffff80002c7e0e00,ffff80002c7e0d58,38,0) at rtm_output+0x855 sys/net/rtsock.c:973
route_output(fffffd806c389c00,fffffd806ce9dbe8) at route_output+0x9ac sys/net/rtsock.c:878
route_send(fffffd806ce9dbe8,fffffd806c389c00,0,0) at route_send+0xd7 sys/net/rtsock.c:342
sosend(fffffd806ce9dbe8,0,ffff80002c7e0fb8,0,0,0) at sosend+0xa40
sendit(ffff800032805470,4,ffff80002c7e10b0,0,ffff80002c7e1160) at sendit+0x721 sys/kern/uipc_syscalls.c:786
sys_sendto(ffff800032805470,ffff80002c7e1210,ffff80002c7e1160) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564
syscall(ffff80002c7e1210) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa4946dc5550, count: -9
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80002c7e0ca0
rbx 0xffff8000012bed90
rdx 0xffff800001281800
rcx 0x508
rax 0
r8 0x70
r9 0
r10 0x9485b370ec7546d6
r11 0x36462ebc8c188cc3
r12 0xfffffd8066f3dc58
r13 0
r14 0x1
r15 0x33
rip 0xffffffff8230c157 rtrequest+0x7c7
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002c7e0bb0
ss 0x10
rtrequest+0x7c7: movzbl 0xdb(%r13),%eax
ddb> show proc
PROC (syz-executor) tid=148197 pid=16370 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=82, usrpri=82, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000328056f8,0xffff800032804ce8
process=0xffff8000327f6258 user=0xffff80002c7dc000, vmspace=0xfffffd806c1c1dd8
estcpu=32, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
16370 164377 93678 0 2 0 syz-executor
*16370 148197 93678 0 7 0x4000000 syz-executor
16370 201866 93678 0 3 0x4000080 fsleep syz-executor
40678 431564 96063 0 3 0x80 nanoslp syz-executor
40678 27045 96063 0 3 0x4000080 fsleep syz-executor
40678 359422 96063 0 3 0x4000080 fsleep syz-executor
40678 138061 96063 0 3 0x4000080 fsleep syz-executor
41407 288916 1 0 3 0x100083 ttyin getty
20718 280513 351 0 3 0x82 piperd syz-executor
65908 309548 0 0 3 0x14200 bored sosplice
93678 5601 351 0 3 0x82 nanoslp syz-executor
90105 351985 351 0 3 0x82 piperd syz-executor
96063 64610 351 0 3 0x82 nanoslp syz-executor
66270 394238 351 0 3 0x82 piperd syz-executor
10390 178500 351 0 3 0x82 piperd syz-executor
88306 415916 351 0 3 0x82 wait syz-executor
351 487392 26602 0 3 0x82 nanoslp syz-executor
26602 218620 54983 0 3 0x10008a sigsusp ksh
54983 92526 72575 0 3 0x98 kqread sshd-session
72575 128520 99219 0 3 0x92 kqread sshd-session
99219 153444 1 0 3 0x88 kqread sshd
16650 178722 10944 73 3 0x1100090 kqread syslogd
10944 315488 1 0 3 0x100082 sbwait syslogd
53539 349200 1 0 3 0x100080 kqread resolvd
19405 165516 55796 77 3 0x100092 kqread dhcpleased
37220 437017 55796 77 3 0x100092 kqread dhcpleased
55796 431694 1 0 3 0x80 kqread dhcpleased
86286 269761 0 0 3 0x14200 bored smr
43502 301899 0 0 2 0x14200 zerothread
75314 148081 0 0 3 0x14200 aiodoned aiodoned
19977 345487 0 0 3 0x14200 syncer update
9236 149992 0 0 3 0x14200 cleaner cleaner
68404 46288 0 0 3 0x14200 reaper reaper
23046 467052 0 0 3 0x14200 pgdaemon pagedaemon
23875 34836 0 0 3 0x14200 bored viomb
32369 468806 0 0 3 0x40014200 acpi0 acpi0
81467 182880 0 0 3 0x14200 bored softnet3
91864 86779 0 0 3 0x14200 bored softnet2
87609 155444 0 0 3 0x14200 bored softnet1
39668 398123 0 0 3 0x14200 bored softnet0
8978 140374 0 0 3 0x14200 bored systqmp
81994 492121 0 0 3 0x14200 bored systq
29044 197134 0 0 3 0x40014200 tmoslp softclock
53112 476957 0 0 3 0x40014200 idle0
1 244174 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10207 11064K 11585K 166960K 13382 0
pcb 18 15K 17K 166960K 457 0
rtable 157 7K 8K 166960K 833 0
pf 37 14K 17K 166960K 110 0
ifaddr 31 5K 7K 166960K 111 0
ifgroup 50 2K 2K 166960K 147 0
sysctl 3 0K 2K 166960K 7 0
counters 30 17K 17K 166960K 54 0
ioctlops 0 0K 4K 166960K 219 0
iov 0 0K 24K 166960K 151 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1469 92K 93K 166960K 2845 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 24 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 89 0
dirhash 18 3K 3K 166960K 51 0
ACPI 1690 195K 286K 166960K 12468 0
file desc 12 41K 97K 166960K 1649 0
sigio 0 0K 0K 166960K 35 0
proc 60 59K 100K 166960K 920 0
subproc 91 5K 6K 166960K 240 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 394 0
in_multi 52 3K 7K 166960K 280 0
ether_multi 1 0K 0K 166960K 19 0
mrt 1 0K 0K 166960K 9 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 247 1102K 1102K 166960K 247 0
exec 0 0K 2K 166960K 794 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 3 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 186 63K 88K 166960K 16525 0
UVM aobj 131 4K 4K 166960K 134 0
pinsyscall 33 66K 98K 166960K 2936 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 137 0
NDP 11 0K 1K 166960K 74 0
temp 66 6817K 6893K 166960K 66737 0
kqueue 14 22K 30K 166960K 262 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 325 0 320 4 2 2 3 0 8 1
rtentry 112 261 0 196 4 0 4 4 0 8 0
unpcb 144 1264 0 1248 14 10 4 6 0 8 3
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 808 513 0 509 11 3 8 8 0 8 7
arp 88 44 0 30 1 0 1 1 0 8 0
ipq 40 2 0 2 1 0 1 1 0 8 1
ipqe 40 10 0 10 1 0 1 1 0 8 1
inpcb 336 2126 0 2118 23 14 9 10 0 8 8
nd6 104 58 0 47 1 0 1 1 0 8 0
pkpcb 40 7 0 7 2 1 1 1 0 8 1
kcovpl 48 18 0 11 1 0 1 1 0 8 0
ppxss 1072 6 0 6 2 1 1 1 0 8 1
pfstscr 40 9 0 8 1 0 1 1 0 8 0
pfrktable 1344 1 0 0 1 0 1 1 0 8 0
pftag 88 2 0 0 1 0 1 1 0 8 0
pfstitem 24 4 0 0 1 0 1 1 0 8 0
pfstkey 128 16 0 13 1 0 1 1 0 8 0
pfstate 344 9 0 7 1 0 1 1 0 8 0
pfrule 1344 11 0 8 2 1 1 1 0 8 0
art_heap8 4096 5 0 0 5 0 5 5 0 8 0
art_heap4 256 1114 0 848 29 3 26 29 0 8 1
art_table 32 1119 0 848 4 0 4 4 0 8 0
art_node 16 253 0 197 1 0 1 1 0 8 0
sysvmsgpl 40 15 0 8 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 83 0 73 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 43 0 22 3 0 3 3 0 8 0
dino2pl 256 4154 0 2632 96 0 96 96 0 8 0
ffsino 240 4154 0 2632 90 0 90 90 0 8 0
nchpl 144 6288 0 4583 64 0 64 64 0 8 0
uvmvnodes 80 5219 0 0 107 0 107 107 0 8 0
vnodes 216 5219 0 0 290 0 290 290 0 8 0
namei 1024 22353 0 22353 5 3 2 2 0 8 2
kstatmem 264 70 0 48 2 0 2 2 0 8 0
scsiplug 72 2 0 2 1 0 1 1 0 8 1
scxspl 216 19384 0 19384 18 16 2 8 1 8 2
plimitpl 152 344 0 329 1 0 1 1 0 8 0
sigapl 424 1934 0 1893 9 1 8 8 0 8 2
futexpl 64 21016 0 21012 1 0 1 1 0 8 0
knotepl 120 76091 0 75833 32 22 10 16 0 8 2
kqueuepl 184 501 0 491 6 3 3 4 0 8 2
pipepl 288 247 0 220 3 0 3 3 0 8 0
fdescpl 432 1894 0 1870 5 1 4 5 0 8 0
filepl 120 12344 0 12121 25 10 15 15 0 8 6
lockfpl 104 499 0 497 2 1 1 2 0 8 0
lockfspl 48 157 0 155 1 0 1 1 0 8 0
sessionpl 144 32 0 24 1 0 1 1 0 8 0
pgrppl 48 191 0 176 1 0 1 1 0 8 0
ucredpl 104 2333 0 2322 1 0 1 1 0 8 0
zombiepl 144 2583 0 2582 2 1 1 1 0 8 0
processpl 1096 1934 0 1893 5 0 5 5 0 8 1
procpl 648 4252 0 4206 9 2 7 7 0 8 1
sosppl 168 5 0 5 3 2 1 1 0 8 1
sockpl 504 3779 0 3750 74 62 12 26 0 8 8
mcl64k 65536 77 0 77 3 2 1 1 0 8 1
mcl16k 16384 3 0 3 2 1 1 1 0 8 1
mcl12k 12288 1 0 1 1 1 0 1 0 8 0
mcl9k 9216 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 27 0 27 3 2 1 1 0 8 1
mcl4k 4096 4536 0 4485 16 8 8 14 0 8 1
mcl2k 2048 1763 0 1749 10 5 5 6 0 8 3
mtagpl 96 101 0 27 2 0 2 2 0 8 0
mbufpl 256 21527 0 21318 107 82 25 74 0 8 7
bufpl 280 7331 0 1084 447 0 447 447 0 8 0
anonpl 24 306393 0 303208 85 38 47 47 0 187 18
amapchunkpl 152 55603 0 55232 54 19 35 35 0 158 16
amappl16 200 7838 0 7813 56 44 12 15 0 8 8
amappl15 192 7 0 7 1 1 0 1 0 8 0
amappl14 184 131 0 121 1 0 1 1 0 8 0
amappl13 176 9 0 9 2 1 1 1 0 8 1
amappl12 168 2666 0 2642 2 0 2 2 0 8 0
amappl11 160 50 0 40 1 0 1 1 0 8 0
amappl10 152 30 0 30 3 2 1 1 0 8 1
amappl9 144 132 0 132 1 1 0 1 0 8 0
amappl8 136 43 0 41 1 0 1 1 0 8 0
amappl7 128 123 0 113 1 0 1 1 0 8 0
amappl6 120 266 0 263 1 0 1 1 0 8 0
amappl5 112 169 0 160 1 0 1 1 0 8 0
amappl4 104 323 0 309 1 0 1 1 0 8 0
amappl3 96 9977 0 9908 3 0 3 3 0 8 0
amappl2 88 2204 0 2130 2 0 2 2 0 8 0
amappl1 80 12487 0 11994 15 3 12 13 0 8 0
amappl 88 15978 0 15846 6 1 5 5 0 92 0
dma8192 8192 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 2 1 1 1 0 8 1
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 8 0 8 2 1 1 1 0 8 1
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 1894 0 1870 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1894 0 1870 1 0 1 1 0 8 0
vmmpekpl 168 14829 0 14788 3 0 3 3 0 8 0
vmmpepl 168 120991 0 119508 109 20 89 89 0 357 12
vmsppl 352 1893 0 1870 4 1 3 4 0 8 0
rwobjpl 24 39781 0 33642 39 1 38 38 0 8 0
pdppl 4096 3794 0 3740 122 58 64 82 0 8 10
pvpl 32 805147 0 796711 184 69 115 115 0 265 32
pmappl 216 1893 0 1870 3 0 3 3 0 8 0
extentpl 40 55 0 38 1 0 1 1 0 8 0
phpool 112 608 0 247 12 1 11 12 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
rtrequest(1,ffff80002c7e0d58,38,ffff80002c7e0cd0,0) at rtrequest+0x7c7 sys/net/route.c:1008
rtm_output(ffff8000012dd600,ffff80002c7e0e00,ffff80002c7e0d58,38,0) at rtm_output+0x855 sys/net/rtsock.c:973
route_output(fffffd806c389c00,fffffd806ce9dbe8) at route_output+0x9ac sys/net/rtsock.c:878
route_send(fffffd806ce9dbe8,fffffd806c389c00,0,0) at route_send+0xd7 sys/net/rtsock.c:342
sosend(fffffd806ce9dbe8,0,ffff80002c7e0fb8,0,0,0) at sosend+0xa40
sendit(ffff800032805470,4,ffff80002c7e10b0,0,ffff80002c7e1160) at sendit+0x721 sys/kern/uipc_syscalls.c:786
sys_sendto(ffff800032805470,ffff80002c7e1210,ffff80002c7e1160) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564
syscall(ffff80002c7e1210) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa4946dc5550, count: -9
ddb> machine ddbcpu 1
No such command
ddb> trace
rtrequest(1,ffff80002c7e0d58,38,ffff80002c7e0cd0,0) at rtrequest+0x7c7 sys/net/route.c:1008
rtm_output(ffff8000012dd600,ffff80002c7e0e00,ffff80002c7e0d58,38,0) at rtm_output+0x855 sys/net/rtsock.c:973
route_output(fffffd806c389c00,fffffd806ce9dbe8) at route_output+0x9ac sys/net/rtsock.c:878
route_send(fffffd806ce9dbe8,fffffd806c389c00,0,0) at route_send+0xd7 sys/net/rtsock.c:342
sosend(fffffd806ce9dbe8,0,ffff80002c7e0fb8,0,0,0) at sosend+0xa40
sendit(ffff800032805470,4,ffff80002c7e10b0,0,ffff80002c7e1160) at sendit+0x721 sys/kern/uipc_syscalls.c:786
sys_sendto(ffff800032805470,ffff80002c7e1210,ffff80002c7e1160) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564
syscall(ffff80002c7e1210) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa4946dc5550, count: -9