uvm_fault(0xffffffff83a32498, 0xffff80000160002a, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *483467 6153 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff8000002a2058,1,fffffd807eb5fd58) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd807eb5fd58) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff8000314d92d0,0,ffff8000314d9240,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001657500,ffff8000314d9378,ffff8000314d92d0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd80739b6100,ffff8000015939e8) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015939e8,fffffd80739b6100,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015939e8,0,ffff8000314d9528,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002f0ba030,3,ffff8000314d9620,808,ffff8000314d96c0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002f0ba030,ffff8000314d9770,ffff8000314d96c0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff8000314d9770) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314d9770) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3010223cc50, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff83a32498, 0xffff80000160002a, 0, 1) -> e ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd807eb5fd58) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd807eb5fd58) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff8000314d92d0,0,ffff8000314d9240,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001657500,ffff8000314d9378,ffff8000314d92d0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd80739b6100,ffff8000015939e8) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015939e8,fffffd80739b6100,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015939e8,0,ffff8000314d9528,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002f0ba030,3,ffff8000314d9620,808,ffff8000314d96c0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002f0ba030,ffff8000314d9770,ffff8000314d96c0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff8000314d9770) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314d9770) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3010223cc50, count: -10 ddb> show registers rdi 0x20 rsi 0x90 rbp 0xffff8000314d9120 rbx 0xde rdx 0 rcx 0xffff8000015fff40 rax 0xfffffd8060ee04e0 r8 0x20 r9 0xfffffd807eb5fd58 r10 0x95a2d2007cbf8008 r11 0xe6c8264cbba52171 r12 0x38 r13 0xfffffd8060ee0400 r14 0xfffffd807eb5fd58 r15 0xffff8000002a2058 rip 0xffffffff82fc6244 arp_rtrequest+0x6a4 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000314d90a0 ss 0x10 arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=483467 pid=6153 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002f0bad28,0xffff80002f0bb500 process=0xffff80002f0bf198 user=0xffff8000314d4000, vmspace=0xfffffd806cd1e8b0 estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 35685 426141 48908 0 2 0 syz-executor 87380 454501 20840 0 2 0 syz-executor 87380 440911 20840 0 2 0x4000000 syz-executor 17959 86090 47411 0 2 0 syz-executor 17959 417419 47411 0 3 0x4000080 fsleep syz-executor 17959 287070 47411 0 3 0x4000080 fsleep syz-executor 17959 376042 47411 0 3 0x4000080 fsleep syz-executor 6153 170168 83649 0 2 0 syz-executor * 6153 483467 83649 0 7 0x4000000 syz-executor 73616 424558 34809 0 3 0x80 nanoslp syz-executor 73616 319905 34809 0 2 0x4000000 syz-executor 73616 97712 34809 0 3 0x4000080 fsleep syz-executor 55853 259326 7596 0 3 0x80 nanoslp syz-executor 55853 468233 7596 0 3 0x4000080 kqread syz-executor 55853 92170 7596 0 3 0x4000080 lockf syz-executor 55853 289891 7596 0 3 0x4000080 fsleep syz-executor 54549 65320 4327 0 2 0 syz-executor 54549 472323 4327 0 3 0x4000080 fsleep syz-executor 54549 123984 4327 0 3 0x4000080 fsleep syz-executor 19999 337079 58036 0 3 0x3000 suspend syz-executor 19999 88915 58036 0 2 0x4081000 syz-executor 19999 408167 58036 0 3 0x4081000 inode syz-executor 19999 250151 58036 0 3 0x4081000 inode syz-executor 85203 118263 0 0 3 0x14200 acct acct 7596 512207 4023 0 2 0xc82 syz-executor 72120 232283 1 0 3 0x80 nanoslp init 83649 85134 4023 0 3 0x82 nanoslp syz-executor 58036 467482 4023 0 3 0x82 wait syz-executor 20840 391851 4023 0 3 0x82 nanoslp syz-executor 48908 58615 4023 0 3 0x82 nanoslp syz-executor 4327 347983 4023 0 2 0xc82 syz-executor 47411 81803 4023 0 2 0xc82 syz-executor 34809 138849 4023 0 2 0xc82 syz-executor 4023 372112 68868 0 3 0x82 kqread syz-executor 68868 288727 52440 0 3 0x10008a sigsusp ksh 52440 121537 10620 0 3 0x98 kqread sshd-session 10620 294924 28473 0 3 0x92 kqread sshd-session 28473 133761 1 0 3 0x88 kqread sshd 63033 425251 94381 73 3 0x1100090 kqread syslogd 94381 380480 1 0 3 0x100082 sbwait syslogd 44215 504601 1 0 3 0x100080 kqread resolvd 85425 85173 87326 77 3 0x100092 kqread dhcpleased 71324 152099 87326 77 3 0x100092 kqread dhcpleased 87326 162022 1 0 3 0x80 kqread dhcpleased 21121 243976 0 0 3 0x14200 bored smr 64785 92811 0 0 2 0x14200 zerothread 84261 481784 0 0 3 0x14200 aiodoned aiodoned 56982 45153 0 0 3 0x14200 syncer update 10003 352861 0 0 3 0x14200 cleaner cleaner 55273 395211 0 0 3 0x14200 reaper reaper 5088 426474 0 0 3 0x14200 pgdaemon pagedaemon 172 48425 0 0 3 0x14200 bored viomb 75846 501117 0 0 3 0x40014200 acpi0 acpi0 35353 91780 0 0 3 0x14200 bored softnet0 99789 199723 0 0 2 0x14200 systqmp 79438 381486 0 0 3 0x14200 bored systq 80195 475776 0 0 3 0x40014200 tmoslp softclock 10862 11412 0 0 3 0x40014200 idle0 1 24146 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11069 12113K 13704K 166960K 14679 0 pcb 20 17K 22K 166960K 400 0 rtable 231 12K 12K 166960K 616 0 pf 34 13K 16K 166960K 148 0 ifaddr 34 5K 8K 166960K 111 0 ifgroup 50 2K 2K 166960K 194 0 sysctl 4 1K 9K 166960K 12 0 counters 33 17K 18K 166960K 117 0 ioctlops 0 0K 4K 166960K 405 0 iov 0 0K 24K 166960K 114 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1443 91K 91K 166960K 2514 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 20K 24K 166960K 14 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 204 0 dirhash 12 2K 2K 166960K 36 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 236K 166960K 1179 0 sigio 0 0K 0K 166960K 88 0 proc 54 58K 83K 166960K 597 0 subproc 72 4K 4K 166960K 82 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 125 0 in_multi 66 4K 7K 166960K 147 0 ether_multi 1 0K 0K 166960K 8 0 mrt 0 0K 0K 166960K 30 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 489 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 236 148K 172K 166960K 12007 0 UVM aobj 92 148K 148K 166960K 97 0 pinsyscall 38 76K 92K 166960K 2375 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 68 0 NDP 11 0K 2K 166960K 74 0 temp 56 9076K 9140K 166960K 42765 0 kqueue 16 26K 32K 166960K 211 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 113 0 109 1 0 1 1 0 8 0 rtentry 136 158 0 74 4 0 4 4 0 8 0 unpcb 144 857 0 840 8 2 6 6 0 8 5 syncache 336 14 0 14 2 1 1 1 0 8 1 tcpqe 32 7 0 7 1 0 1 1 0 8 1 tcpcb 736 338 0 324 4 0 4 4 0 8 2 arp 96 26 0 11 1 0 1 1 0 8 0 ipq 40 2 0 0 1 0 1 1 0 8 0 ipqe 40 3 0 0 1 0 1 1 0 8 0 inpcb 328 1267 0 1243 15 5 10 10 0 8 8 ip6q 72 3 0 0 1 0 1 1 0 8 0 ip6af 40 3 0 0 1 0 1 1 0 8 0 nd6 112 31 0 15 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 1 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 3 0 3 2 1 1 1 0 8 1 ppxss 1072 63 0 63 2 1 1 1 0 8 1 pppxif 1384 13 0 13 2 1 1 1 0 8 1 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 1 0 0 1 0 1 1 0 8 0 pfrktable 1344 3 0 1 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 4 0 2 1 0 1 1 0 8 0 pfstate 384 2 0 1 1 0 1 1 0 8 0 pfrule 1360 3 0 2 1 0 1 1 0 8 0 rttmr 136 4 0 4 2 1 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 574 0 244 29 1 28 29 0 8 5 art_table 40 576 0 244 5 0 5 5 0 8 0 art_node 32 158 0 82 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 3 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 202 0 192 1 0 1 1 0 8 0 shmpl 112 22 0 5 1 0 1 1 0 8 0 dirhash 1024 33 0 16 3 0 3 3 0 8 0 dino2pl 256 3442 0 1991 92 0 92 92 0 8 0 ffsino 256 3442 0 1991 92 0 92 92 0 8 0 nchpl 144 4956 0 3261 64 0 64 64 0 8 0 rtmask 32 13 0 13 2 1 1 1 0 8 1 vnodes 216 4289 0 0 239 0 239 239 0 8 0 namei 1024 17588 0 17587 3 1 2 2 0 8 1 vcpupl 3904 72 0 0 9 0 9 9 0 8 0 vmpool 808 72 0 0 8 0 8 8 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 112 0 90 2 0 2 2 0 8 0 scsiplug 72 3 0 3 1 0 1 1 0 8 1 scxspl 216 20401 0 20401 9 7 2 8 1 8 2 plimitpl 152 284 0 267 1 0 1 1 0 8 0 sigapl 424 1468 0 1424 6 0 6 6 0 8 0 knotepl 120 50976 0 50706 48 37 11 23 0 8 2 kqueuepl 184 662 0 647 7 3 4 4 0 8 3 pipepl 304 265 0 238 5 2 3 5 0 8 0 fdescpl 448 1453 0 1423 5 1 4 5 0 8 0 filepl 120 9680 0 9451 17 3 14 14 0 8 6 lockfpl 104 327 0 319 1 0 1 1 0 8 0 lockfspl 48 135 0 128 1 0 1 1 0 8 0 sessionpl 144 33 0 26 1 0 1 1 0 8 0 pgrppl 48 55 0 40 1 0 1 1 0 8 0 ucredpl 104 1385 0 1374 1 0 1 1 0 8 0 zombiepl 144 1425 0 1424 1 0 1 1 0 8 0 processpl 1152 1468 0 1424 4 0 4 4 0 8 0 procpl 664 2920 0 2861 7 1 6 6 0 8 0 sosppl 176 10 0 10 2 1 1 1 0 8 1 sockpl 552 2276 0 2231 26 14 12 19 0 8 8 mcl64k 65536 86 0 84 2 1 1 1 0 8 0 mcl16k 16384 8 0 8 2 1 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 15 0 15 2 1 1 1 0 8 1 mcl4k 4096 3956 0 3904 15 6 9 13 0 8 1 mcl2k2 2112 15 0 15 2 1 1 1 0 8 1 mcl2k 2048 1150 0 1145 5 2 3 3 0 8 2 mtagpl 96 61 0 11 2 0 2 2 0 8 0 mbufpl 256 17977 0 17743 36 10 26 35 0 8 6 bufpl 280 6730 0 516 444 0 444 444 0 8 0 anonpl 24 207267 0 200138 64 9 55 55 0 187 12 amapchunkpl 152 39558 0 39017 34 7 27 27 0 158 6 amappl16 200 3541 0 3284 24 4 20 21 0 8 6 amappl15 192 119 0 119 1 1 0 1 0 8 0 amappl14 184 420 0 419 1 0 1 1 0 8 0 amappl13 176 146 0 136 1 0 1 1 0 8 0 amappl12 168 1716 0 1689 2 0 2 2 0 8 0 amappl11 160 5 0 5 1 1 0 1 0 8 0 amappl10 152 105 0 95 1 0 1 1 0 8 0 amappl9 144 257 0 256 1 0 1 1 0 8 0 amappl8 136 104 0 103 1 0 1 1 0 8 0 amappl7 128 179 0 168 1 0 1 1 0 8 0 amappl6 120 170 0 168 1 0 1 1 0 8 0 amappl5 112 117 0 110 1 0 1 1 0 8 0 amappl4 104 318 0 302 1 0 1 1 0 8 0 amappl3 96 8067 0 7954 5 1 4 4 0 8 1 amappl2 88 671 0 617 2 0 2 2 0 8 0 amappl1 80 18107 0 17584 17 2 15 15 0 8 3 amappl 88 11033 0 10858 5 0 5 5 0 92 0 uvmvnodes 80 125 0 0 3 0 3 3 0 8 0 dma65536 65536 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 8 0 8 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 96 0 5 2 0 2 2 0 8 0 uaddrrnd 24 1453 0 1423 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1453 0 1423 1 0 1 1 0 8 0 vmmpekpl 168 14041 0 14002 3 0 3 3 0 8 0 vmmpepl 168 102951 0 100911 105 11 94 94 0 357 4 vmsppl 368 1452 0 1423 4 1 3 4 0 8 0 rwobjpl 40 29674 0 28401 14 0 14 14 0 8 0 pdppl 4096 3056 0 2918 184 46 138 140 0 8 0 pvpl 32 628572 0 614916 138 18 120 120 0 265 7 pmappl 216 1524 0 1423 6 0 6 6 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 497 0 75 13 0 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd807eb5fd58) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd807eb5fd58) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff8000314d92d0,0,ffff8000314d9240,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001657500,ffff8000314d9378,ffff8000314d92d0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd80739b6100,ffff8000015939e8) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015939e8,fffffd80739b6100,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015939e8,0,ffff8000314d9528,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002f0ba030,3,ffff8000314d9620,808,ffff8000314d96c0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002f0ba030,ffff8000314d9770,ffff8000314d96c0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff8000314d9770) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314d9770) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3010223cc50, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd807eb5fd58) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd807eb5fd58) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff8000314d92d0,0,ffff8000314d9240,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001657500,ffff8000314d9378,ffff8000314d92d0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd80739b6100,ffff8000015939e8) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015939e8,fffffd80739b6100,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015939e8,0,ffff8000314d9528,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002f0ba030,3,ffff8000314d9620,808,ffff8000314d96c0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002f0ba030,ffff8000314d9770,ffff8000314d96c0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff8000314d9770) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314d9770) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3010223cc50, count: -10