uvm_fault(0xffffffff83554a60, 0xffff800001718010, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x660: movzwl 0xc(%r15,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND * 47143 77363 0 0 0x4000000 0K syz-executor arp_rtrequest(ffff8000015b4800,1,fffffd806a1bb6a0) at arp_rtrequest+0x660 arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff8000015b4800,1,fffffd806a1bb6a0) at arp_rtrequest+0x660 sys/netinet/if_ether.c:184 rtrequest(1,ffff8000371fd348,1,ffff8000371fd3f0,0) at rtrequest+0xbdc sys/net/route.c:1103 rt_ifa_add(ffff800001617900,240004,ffff800001617958,0) at rt_ifa_add+0x22e sys/net/route.c:1273 rt_ifa_addlocal(ffff800001617900) at rt_ifa_addlocal+0x1d2 sys/net/route.c:1381 in_ifinit(ffff8000015b4800,ffff800001617900,ffff8000371fd690,0) at in_ifinit+0x26c sys/netinet/in.c:669 in_ioctl_set_ifaddr(8020690c,ffff8000371fd680,ffff8000015b4800) at in_ioctl_set_ifaddr+0x345 sys/netinet/in.c:386 ifioctl(ffff8000015d7cb0,8020690c,ffff8000371fd680,ffff80002e579478) at ifioctl+0x1571 pru_control sys/sys/protosw.h:355 [inline] ifioctl(ffff8000015d7cb0,8020690c,ffff8000371fd680,ffff80002e579478) at ifioctl+0x1571 sys/net/if.c:2449 sys_ioctl(ffff80002e579478,ffff8000371fd860,ffff8000371fd7b0) at sys_ioctl+0x67c syscall(ffff8000371fd860) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371fd860) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x50a10f652c0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff83554a60, 0xffff800001718010, 0, 1) -> e ddb{0}> trace arp_rtrequest(ffff8000015b4800,1,fffffd806a1bb6a0) at arp_rtrequest+0x660 arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff8000015b4800,1,fffffd806a1bb6a0) at arp_rtrequest+0x660 sys/netinet/if_ether.c:184 rtrequest(1,ffff8000371fd348,1,ffff8000371fd3f0,0) at rtrequest+0xbdc sys/net/route.c:1103 rt_ifa_add(ffff800001617900,240004,ffff800001617958,0) at rt_ifa_add+0x22e sys/net/route.c:1273 rt_ifa_addlocal(ffff800001617900) at rt_ifa_addlocal+0x1d2 sys/net/route.c:1381 in_ifinit(ffff8000015b4800,ffff800001617900,ffff8000371fd690,0) at in_ifinit+0x26c sys/netinet/in.c:669 in_ioctl_set_ifaddr(8020690c,ffff8000371fd680,ffff8000015b4800) at in_ioctl_set_ifaddr+0x345 sys/netinet/in.c:386 ifioctl(ffff8000015d7cb0,8020690c,ffff8000371fd680,ffff80002e579478) at ifioctl+0x1571 pru_control sys/sys/protosw.h:355 [inline] ifioctl(ffff8000015d7cb0,8020690c,ffff8000371fd680,ffff80002e579478) at ifioctl+0x1571 sys/net/if.c:2449 sys_ioctl(ffff80002e579478,ffff8000371fd860,ffff8000371fd7b0) at sys_ioctl+0x67c syscall(ffff8000371fd860) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371fd860) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x50a10f652c0, count: -10 ddb{0}> show registers rdi 0x20 rsi 0x90 rbp 0xffff8000371fd210 rbx 0x14 rdx 0 rcx 0x100040600080100 rax 0xfffffd806ca67fe0 r8 0x10 r9 0xfffffd806a1bb6a0 r10 0xde670ac4e934eb25 r11 0x136768ebbb4abad4 r12 0xc8 r13 0xfffffd806ca67f00 r14 0xfffffd806a1bb6a0 r15 0xffff800001717ff0 rip 0xffffffff827f8990 arp_rtrequest+0x660 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000371fd190 ss 0x10 arp_rtrequest+0x660: movzwl 0xc(%r15,%rbx,1),%ecx ddb{0}> show proc PROC (syz-executor) tid=47143 pid=77363 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=85, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffffc010,0xffff80002e5782d0 process=0xffff80003726b668 user=0xffff8000371f8000, vmspace=0xfffffd806e92ca58 estcpu=35, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 74789 206647 3819 0 2 0 syz-executor 67346 415402 37981 0 2 0x102004 sh 31344 293329 52048 0 2 0 syz-executor 31344 120667 52048 0 3 0x4000080 fsleep syz-executor 73746 24491 25268 0 2 0 syz-executor 73746 73412 25268 0 2 0x4000000 syz-executor 77363 361814 79336 0 2 0 syz-executor *77363 47143 79336 0 7 0x4000000 syz-executor 77363 199242 79336 0 3 0x4000080 fsleep syz-executor 84274 57289 92167 0 2 0 syz-executor 84274 73679 92167 0 3 0x4000080 fsleep syz-executor 84274 506231 92167 0 2 0x4000000 syz-executor 37981 383175 9454 0 3 0x10008a sigsusp sh 75098 340993 0 0 3 0x14200 acct acct 3819 83667 1022 0 3 0x82 nanoslp syz-executor 25268 383715 1022 0 3 0x82 nanoslp syz-executor 9454 503127 1022 0 3 0x82 wait syz-executor 4519 219020 1022 0 2 0x2 syz-executor 92167 512438 1022 0 2 0x482 syz-executor 52048 304814 1022 0 2 0x482 syz-executor 79336 255244 1022 0 2 0x482 syz-executor 92634 498391 1022 0 2 0x2 syz-executor 10214 423450 1 0 3 0x100083 ttyopn getty 28124 474811 0 0 3 0x14200 bored sosplice 1022 259322 79233 0 3 0x82 kqread syz-executor 79233 462181 61257 0 3 0x10008a sigsusp ksh 61257 421022 13253 0 3 0x98 kqread sshd-session 13253 376028 30191 0 3 0x92 kqread sshd-session 30191 79459 1 0 3 0x88 kqread sshd 28851 176002 4909 74 3 0x1100092 bpf pflogd 4909 9661 1 0 3 0x80 sbwait pflogd 64084 185085 81495 73 3 0x1100090 kqread syslogd 81495 516635 1 0 3 0x100082 sbwait syslogd 42356 73441 1 0 3 0x100080 kqread resolvd 12427 338581 86591 77 3 0x100092 kqread dhcpleased 49495 404814 86591 77 3 0x100092 kqread dhcpleased 86591 17059 1 0 3 0x80 kqread dhcpleased 47606 132612 0 0 3 0x14200 bored smr 88544 346204 0 0 2 0x14200 zerothread 38666 117750 0 0 3 0x14200 aiodoned aiodoned 40741 40706 0 0 3 0x14200 syncer update 1349 136426 0 0 3 0x14200 cleaner cleaner 15291 227087 0 0 3 0x14200 reaper reaper 21548 283698 0 0 3 0x14200 pgdaemon pagedaemon 14836 203175 0 0 3 0x14200 bored viomb 12101 446895 0 0 3 0x40014200 acpi0 acpi0 6350 502012 0 0 7 0x40014200 idle1 90974 354638 0 0 3 0x14200 bored softnet3 54663 359279 0 0 3 0x14200 bored softnet2 95547 197074 0 0 3 0x14200 bored softnet1 3493 412137 0 0 3 0x14200 bored softnet0 73672 153406 0 0 2 0x14200 systqmp 61321 54536 0 0 3 0x14200 bored systq 57178 277133 0 0 2 0x14200 softclockmp 54221 136943 0 0 3 0x40014200 tmoslp softclock 25588 307033 0 0 3 0x40014200 idle0 1 303591 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 77363 (syz-executor) thread 0xffff80002e579478 (47143) Process 4519 (syz-executor) thread 0xffff8000ffffd1c8 (219020) Process 92634 (syz-executor) thread 0xffff800035d98a48 (498391) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10232 14194K 18491K 166960K 13866 0 pcb 18 18K 19K 166960K 390 0 rtable 225 9K 9K 166960K 2242 0 pf 37 18K 21K 166960K 265 0 ifaddr 42 8K 8K 166960K 314 0 ifgroup 55 2K 2K 166960K 378 0 sysctl 4 1K 1K 166960K 4 0 counters 64 36K 37K 166960K 242 0 ioctlops 0 0K 4K 166960K 1708 0 iov 0 0K 24K 166960K 176 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1422 89K 90K 166960K 3148 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 12 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 54 0 dirhash 12 2K 2K 166960K 33 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 19 69K 89K 166960K 2127 0 sigio 0 0K 0K 166960K 25 0 proc 72 91K 128K 166960K 2229 0 subproc 104 6K 6K 166960K 834 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 383 0 in_multi 96 7K 7K 166960K 755 0 ether_multi 1 0K 0K 166960K 6 0 mrt 0 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 277 1235K 1235K 166960K 277 0 exec 1 0K 1K 166960K 1380 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 223 72K 91K 166960K 18497 0 UVM aobj 56 4K 5K 166960K 60 0 pinsyscall 44 88K 102K 166960K 4758 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 64 0 NDP 12 0K 2K 166960K 234 0 temp 78 6826K 6904K 166960K 73487 0 kqueue 13 20K 28K 166960K 217 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 284 0 281 3 2 1 3 0 8 0 rtentry 112 756 0 656 4 1 3 4 0 8 0 unpcb 144 1211 0 1193 16 15 1 6 0 8 0 syncache 336 19 0 19 5 4 1 1 0 8 1 tcpqe 32 6 0 6 4 3 1 1 0 8 1 tcpcb 808 800 0 795 29 21 8 14 0 8 7 arp 120 134 0 115 1 0 1 1 0 8 0 inpcb 336 2658 0 2644 48 40 8 15 0 8 6 nd6 136 202 0 179 1 0 1 1 0 8 0 pkpcb 40 12 0 12 7 6 1 1 0 8 1 kcovpl 48 64 0 56 1 0 1 1 0 8 0 ppxss 1168 22 0 22 7 6 1 1 0 8 1 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pffrag 232 10 0 8 1 0 1 1 0 482 0 pffrnode 88 10 0 8 1 0 1 1 0 8 0 pffrent 40 61 0 59 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 179 0 141 1 0 1 1 0 8 0 pfstkey 128 180 0 140 2 0 2 2 0 8 0 pfstate 376 179 0 141 6 0 6 6 0 8 0 pfrule 1344 29 0 22 2 1 1 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 3090 0 2663 33 6 27 31 0 8 0 art_table 32 3093 0 2663 4 0 4 4 0 8 0 art_node 16 753 0 664 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 0 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 51 0 41 1 0 1 1 0 8 0 shmpl 112 57 0 4 2 0 2 2 0 8 0 dirhash 1024 31 0 14 3 0 3 3 0 8 0 dino2pl 256 3951 0 2337 102 0 102 102 0 8 0 ffsino 272 3951 0 2337 110 1 109 109 0 8 0 nchpl 144 5937 0 5261 66 40 26 64 0 8 0 uvmvnodes 80 5353 0 0 110 0 110 110 0 8 0 vnodes 216 5353 0 0 298 0 298 298 0 8 0 namei 1024 26310 0 26307 21 20 1 7 0 8 0 percpumem 16 135 0 89 1 0 1 1 0 8 0 kstatmem 264 202 0 178 3 1 2 3 0 8 0 scsiplug 72 3 0 3 2 2 0 1 0 8 0 scxspl 216 53132 0 53132 12 10 2 8 1 8 2 plimitpl 152 410 0 393 1 0 1 1 0 8 0 sigapl 424 2361 0 2308 11 4 7 9 0 8 1 futexpl 64 19275 0 19272 7 6 1 1 0 8 0 knotepl 120 666 0 0 18 0 18 18 0 8 0 kqueuepl 216 503 0 494 9 8 1 5 0 8 0 pipepl 320 588 0 561 13 10 3 8 0 8 0 fdescpl 496 2320 0 2287 6 1 5 5 0 8 0 filepl 152 14078 0 13830 45 29 16 18 0 8 4 lockfpl 104 581 0 578 1 0 1 1 0 8 0 lockfspl 48 210 0 207 1 0 1 1 0 8 0 sessionpl 144 94 0 85 1 0 1 1 0 8 0 pgrppl 48 174 0 157 1 0 1 1 0 8 0 ucredpl 104 2027 0 2014 1 0 1 1 0 8 0 zombiepl 144 2501 0 2501 1 0 1 1 0 8 1 processpl 1160 2361 0 2308 7 3 4 6 0 8 0 procpl 648 4376 0 4317 11 5 6 8 0 8 0 srpgc 96 2 0 2 1 1 0 1 0 8 0 sosppl 168 15 0 15 6 6 0 1 0 8 0 sockpl 664 4183 0 4148 64 54 10 18 0 8 6 mcl64k 65536 8 0 0 1 0 1 1 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 251 0 0 31 2 29 31 0 8 0 mtagpl 96 29 0 0 1 0 1 1 0 8 0 mbufpl 256 549 0 0 31 0 31 31 0 8 0 bufpl 280 10692 0 4546 442 0 442 442 0 8 0 anonpl 24 357601 0 354115 116 63 53 76 0 185 17 amapchunkpl 152 58599 0 58145 63 27 36 36 0 158 15 amappl16 200 6515 0 6494 58 47 11 15 0 8 8 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 259 0 247 1 0 1 1 0 8 0 amappl13 176 9 0 9 1 1 0 1 0 8 0 amappl12 168 3891 0 3858 3 1 2 2 0 8 0 amappl11 160 54 0 39 1 0 1 1 0 8 0 amappl10 152 32 0 32 1 1 0 1 0 8 0 amappl9 144 150 0 150 1 1 0 1 0 8 0 amappl8 136 25 0 22 1 0 1 1 0 8 0 amappl7 128 235 0 222 1 0 1 1 0 8 0 amappl6 120 733 0 729 1 0 1 1 0 8 0 amappl5 112 386 0 375 1 0 1 1 0 8 0 amappl4 104 548 0 526 1 0 1 1 0 8 0 amappl3 96 11602 0 11501 4 0 4 4 0 8 0 amappl2 88 1652 0 1583 2 0 2 2 0 8 0 amappl1 80 20757 0 20189 17 3 14 16 0 8 1 amappl 88 17481 0 17320 5 0 5 5 0 92 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 59 0 4 1 0 1 1 0 8 0 uaddrrnd 24 2320 0 2287 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2320 0 2287 1 0 1 1 0 8 0 vmmpekpl 168 22279 0 22234 4 1 3 3 0 8 0 vmmpepl 168 151317 0 149525 119 26 93 96 0 357 6 vmsppl 440 2319 0 2287 6 2 4 5 0 8 0 rwobjpl 56 50174 0 43842 93 0 93 93 0 8 1 pdppl 4096 4647 0 4574 181 108 73 85 0 8 0 pvpl 32 31519 0 0 255 1 254 254 0 265 0 pmappl 248 2319 0 2287 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 612 0 211 12 0 12 12 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace arp_rtrequest(ffff8000015b4800,1,fffffd806a1bb6a0) at arp_rtrequest+0x660 arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff8000015b4800,1,fffffd806a1bb6a0) at arp_rtrequest+0x660 sys/netinet/if_ether.c:184 rtrequest(1,ffff8000371fd348,1,ffff8000371fd3f0,0) at rtrequest+0xbdc sys/net/route.c:1103 rt_ifa_add(ffff800001617900,240004,ffff800001617958,0) at rt_ifa_add+0x22e sys/net/route.c:1273 rt_ifa_addlocal(ffff800001617900) at rt_ifa_addlocal+0x1d2 sys/net/route.c:1381 in_ifinit(ffff8000015b4800,ffff800001617900,ffff8000371fd690,0) at in_ifinit+0x26c sys/netinet/in.c:669 in_ioctl_set_ifaddr(8020690c,ffff8000371fd680,ffff8000015b4800) at in_ioctl_set_ifaddr+0x345 sys/netinet/in.c:386 ifioctl(ffff8000015d7cb0,8020690c,ffff8000371fd680,ffff80002e579478) at ifioctl+0x1571 pru_control sys/sys/protosw.h:355 [inline] ifioctl(ffff8000015d7cb0,8020690c,ffff8000371fd680,ffff80002e579478) at ifioctl+0x1571 sys/net/if.c:2449 sys_ioctl(ffff80002e579478,ffff8000371fd860,ffff8000371fd7b0) at sys_ioctl+0x67c syscall(ffff8000371fd860) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371fd860) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x50a10f652c0, count: -10 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1219 sched_idle(ffff800029b7bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1219 sched_idle(ffff800029b7bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: -5