uvm_fault(0xffffffff839f1c58, 0xffff80000149300a, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x66f: movzwl 0xc(%r15,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND 119146 7263 0 0 0 0 syz-executor *259736 7263 0 0 0x4000000 1 syz-executor arp_rtrequest(ffff800000039058,1,fffffd806bf27180) at arp_rtrequest+0x66f arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff800000039058,1,fffffd806bf27180) at arp_rtrequest+0x66f sys/netinet/if_ether.c:184 rtrequest(1,ffff80003c436d90,0,ffff80003c436d10,16) at rtrequest+0xc5c sys/net/route.c:1117 rtm_output(ffff800001491100,ffff80003c436e38,ffff80003c436d90,0,16) at rtm_output+0x876 sys/net/rtsock.c:973 route_output(fffffd806cf9c100,ffff800010fd42f0) at route_output+0x9a1 sys/net/rtsock.c:878 route_send(ffff800010fd42f0,fffffd806cf9c100,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff800010fd42f0,0,ffff80003c436fd8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002a296a60,5,ffff80003c4370d0,808,ffff80003c437180) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80002a296a60,ffff80003c437230,ffff80003c437180) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c437230) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c437230) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x28c1a62a7a0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xffffffff839f1c58, 0xffff80000149300a, 0, 1) -> e ddb{1}> trace arp_rtrequest(ffff800000039058,1,fffffd806bf27180) at arp_rtrequest+0x66f arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff800000039058,1,fffffd806bf27180) at arp_rtrequest+0x66f sys/netinet/if_ether.c:184 rtrequest(1,ffff80003c436d90,0,ffff80003c436d10,16) at rtrequest+0xc5c sys/net/route.c:1117 rtm_output(ffff800001491100,ffff80003c436e38,ffff80003c436d90,0,16) at rtm_output+0x876 sys/net/rtsock.c:973 route_output(fffffd806cf9c100,ffff800010fd42f0) at route_output+0x9a1 sys/net/rtsock.c:878 route_send(ffff800010fd42f0,fffffd806cf9c100,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff800010fd42f0,0,ffff80003c436fd8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002a296a60,5,ffff80003c4370d0,808,ffff80003c437180) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80002a296a60,ffff80003c437230,ffff80003c437180) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c437230) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c437230) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x28c1a62a7a0, count: -10 ddb{1}> show registers rdi 0xffff80002bbd4000 rsi 0x245b __ALIGN_SIZE+0x145b rbp 0xffff80003c436be0 rbx 0xde rdx 0xffff80002bbd4000 rcx 0x100040600080100 rax 0xfffffd806c007ce0 r8 0x1000 __ALIGN_SIZE r9 0 r10 0x33c6ab69cad1023d r11 0x950e084543e4bc6b r12 0x17 r13 0xfffffd806c007c00 r14 0xfffffd806bf27180 r15 0xffff800001492f20 rip 0xffffffff82c7e20f arp_rtrequest+0x66f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c436b60 ss 0x10 arp_rtrequest+0x66f: movzwl 0xc(%r15,%rbx,1),%ecx ddb{1}> show proc PROC (syz-executor) tid=259736 pid=7263 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=61, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003afff738,0xffff80003affed08 process=0xffff80003aff89d0 user=0xffff80003c432000, vmspace=0xfffffd806c06e978 estcpu=11, cpticks=1, pctcpu=0.1, user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 8203 484166 28643 0 2 0 syz-executor 8203 445552 28643 0 2 0x4000000 syz-executor 8203 106091 28643 0 2 0x4000000 syz-executor 20182 211792 20877 0 2 0 syz-executor 71034 268272 45259 0 2 0 syz-executor 71034 73400 45259 0 3 0x4000080 fsleep syz-executor 47416 242073 12900 0 2 0x2 arp 56516 189138 35327 0 2 0x4000000 syz-executor 56516 479638 35327 0 3 0x4000080 ttyin syz-executor 56516 498813 35327 0 2 0x4000000 syz-executor 96674 254209 98991 0 2 0x2 ndp 98991 283472 96296 0 3 0x10008a sigsusp sh 12900 416808 99686 0 3 0x10008a sigsusp sh 7263 119146 7702 0 7 0 syz-executor 7263 41653 7702 0 3 0x4000080 sbwait syz-executor * 7263 259736 7702 0 7 0x4000000 syz-executor 23824 405203 95551 0 3 0x100082 sbwait ndp 95551 402361 75321 0 3 0x10008a sigsusp sh 35327 184333 28975 0 3 0x82 nanoslp syz-executor 7702 368641 28975 0 3 0x82 nanoslp syz-executor 45259 108681 28975 0 3 0x82 nanoslp syz-executor 96296 462178 28975 0 3 0x82 wait syz-executor 28643 503691 28975 0 3 0x82 nanoslp syz-executor 99686 371903 28975 0 3 0x82 wait syz-executor 20877 55456 28975 0 3 0x82 nanoslp syz-executor 75321 133154 28975 0 3 0x82 wait syz-executor 28975 30549 98965 0 3 0x82 kqread syz-executor 98965 131056 15644 0 3 0x10008a sigsusp ksh 15644 4862 1655 0 3 0x98 kqread sshd-session 1655 487276 14105 0 3 0x92 kqread sshd-session 2449 130499 1 0 3 0x100083 ttyin getty 14105 456569 1 0 3 0x88 kqread sshd 71696 257042 98347 74 3 0x1100092 bpf pflogd 98347 45819 1 0 3 0x80 sbwait pflogd 44588 323298 36588 73 3 0x1100090 kqread syslogd 36588 430474 1 0 3 0x100082 sbwait syslogd 31730 256568 1 0 3 0x100080 kqread resolvd 9621 423456 89227 77 3 0x100092 kqread dhcpleased 95039 222695 89227 77 3 0x100092 kqread dhcpleased 89227 258991 1 0 3 0x80 kqread dhcpleased 96351 320906 0 0 3 0x14200 bored smr 42630 14278 0 0 2 0x14200 zerothread 37209 120893 0 0 3 0x14200 aiodoned aiodoned 46803 512204 0 0 3 0x14200 syncer update 98538 130972 0 0 3 0x14200 cleaner cleaner 71073 411598 0 0 3 0x14200 reaper reaper 56188 382523 0 0 3 0x14200 pgdaemon pagedaemon 90829 377446 0 0 3 0x14200 bored viomb 61699 262842 0 0 3 0x40014200 acpi0 acpi0 13673 298363 0 0 3 0x40014200 idle1 37034 472685 0 0 3 0x14200 bored softnet3 77351 332856 0 0 3 0x14200 bored softnet2 23711 196135 0 0 3 0x14200 bored softnet1 62171 282567 0 0 3 0x14200 bored softnet0 81720 102196 0 0 3 0x14200 bored systqmp 69969 5345 0 0 3 0x14200 bored systq 46327 476701 0 0 3 0x14200 tmoslp softclockmp 63192 232658 0 0 3 0x40014200 tmoslp softclock 70831 326226 0 0 3 0x40014200 idle0 1 64826 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 7263 (syz-executor) thread 0xffff80002a296a60 (259736) exclusive rwlock netlock r = 0 (0xffffffff83824660) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 rtm_output+0x78c sys/net/rtsock.c:969 #3 route_output+0x9a1 sys/net/rtsock.c:878 #4 route_send+0xd7 sys/net/rtsock.c:342 #5 sosend+0x804 sys/kern/uipc_socket.c:-1 #6 sendit+0x721 sys/kern/uipc_syscalls.c:779 #7 sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 #8 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 #9 Xsyscall+0x128 exclusive rwlock sbufsnd r = 0 (0xffff800010fd44c8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 sblock+0xb7 sys/kern/uipc_socket2.c:536 #3 sosend+0x2e2 sys/kern/uipc_socket.c:630 #4 sendit+0x721 sys/kern/uipc_syscalls.c:779 #5 sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 #6 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #6 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 #7 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10193 11094K 11094K 166960K 11271 0 pcb 18 12K 12K 166960K 18 0 rtable 220 7K 7K 166960K 328 0 pf 34 17K 18K 166960K 45 0 ifaddr 41 7K 7K 166960K 43 0 ifgroup 55 2K 2K 166960K 55 0 sysctl 1 1K 9K 166960K 5 0 counters 68 36K 36K 166960K 68 0 ioctlops 0 0K 4K 166960K 1482 0 iov 1 4K 4K 166960K 1 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1337 84K 84K 166960K 1357 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 21 77K 89K 166960K 132 0 proc 69 91K 128K 166960K 521 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 89 6K 6K 166960K 89 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 31 148K 148K 166960K 31 0 exec 0 0K 1K 166960K 358 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 238 171K 178K 166960K 2794 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 47 94K 104K 166960K 1199 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 12 0K 1K 166960K 26 0 temp 34 8682K 8746K 166960K 3860 0 kqueue 14 22K 22K 166960K 23 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 31 0 26 1 0 1 1 0 8 0 rtentry 176 102 0 1 5 0 5 5 0 8 0 unpcb 144 40 0 17 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 736 7 0 3 1 0 1 1 0 8 0 arp 128 17 0 0 1 0 1 1 0 8 0 inpcb 328 65 0 56 1 0 1 1 0 8 0 nd6 144 19 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 16 0 0 1 0 1 1 0 8 0 pfstkey 128 16 0 0 1 0 1 1 0 8 0 pfstate 384 16 0 0 2 0 2 2 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 410 0 0 26 0 26 26 0 8 0 art_table 32 412 0 0 4 0 4 4 0 8 0 art_node 16 101 0 9 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1551 0 42 95 0 95 95 0 8 0 ffsino 288 1551 0 42 108 0 108 108 0 8 0 nchpl 144 1741 0 52 63 0 63 63 0 8 0 uvmvnodes 80 1639 0 0 34 0 34 34 0 8 0 vnodes 216 1639 0 0 92 0 92 92 0 8 0 namei 1024 5282 0 5282 2 0 2 2 0 8 2 percpumem 16 49 0 0 1 0 1 1 0 8 0 kstatmem 264 26 0 0 2 0 2 2 0 8 0 scxspl 216 5700 0 5700 3 2 1 2 1 8 1 plimitpl 152 27 0 10 1 0 1 1 0 8 0 sigapl 424 430 0 377 8 1 7 7 0 8 0 knotepl 120 50 0 0 2 0 2 2 0 8 0 kqueuepl 224 19 0 9 1 0 1 1 0 8 0 pipepl 336 102 0 75 3 0 3 3 0 8 0 fdescpl 520 412 0 377 3 0 3 3 0 8 0 filepl 160 1423 0 1198 11 1 10 10 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 30 0 13 1 0 1 1 0 8 0 ucredpl 104 71 0 58 1 0 1 1 0 8 0 zombiepl 144 377 0 377 1 0 1 1 0 8 1 processpl 1240 430 0 377 5 0 5 5 0 8 0 procpl 656 438 0 378 6 1 5 5 0 8 0 sockpl 728 136 0 99 4 0 4 4 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 108 0 0 14 0 14 14 0 8 0 mcl2k 2048 31 0 0 4 0 4 4 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 193 0 0 13 0 13 13 0 8 0 bufpl 280 2278 0 122 154 0 154 154 0 8 0 anonpl 32 4032 0 0 33 0 33 33 0 246 0 amapchunkpl 152 7974 0 7527 18 0 18 18 0 158 0 amappl16 200 2090 0 2080 5 1 4 5 0 8 3 amappl15 192 10 0 10 1 1 0 1 0 8 0 amappl14 184 111 0 97 1 0 1 1 0 8 0 amappl13 176 9 0 9 1 1 0 1 0 8 0 amappl12 168 1045 0 1009 4 1 3 3 0 8 1 amappl11 160 56 0 42 1 0 1 1 0 8 0 amappl10 152 7 0 7 1 1 0 1 0 8 0 amappl9 144 252 0 252 1 1 0 1 0 8 0 amappl8 136 22 0 20 1 0 1 1 0 8 0 amappl7 128 99 0 84 1 0 1 1 0 8 0 amappl6 120 173 0 167 1 0 1 1 0 8 0 amappl5 112 121 0 112 1 0 1 1 0 8 0 amappl4 104 306 0 286 1 0 1 1 0 8 0 amappl3 96 1212 0 1110 4 1 3 3 0 8 0 amappl2 88 622 0 552 2 0 2 2 0 8 0 amappl1 80 7983 0 7308 15 0 15 15 0 8 0 amappl 88 2149 0 1993 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 412 0 377 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 412 0 377 1 0 1 1 0 8 0 vmmpekpl 168 5068 0 5032 2 0 2 2 0 8 0 vmmpepl 168 33010 0 30986 91 0 91 91 0 357 1 vmsppl 480 411 0 377 5 0 5 5 0 8 0 rwobjpl 72 13941 0 11301 50 0 50 50 0 8 1 pdppl 4096 831 0 754 95 12 83 83 0 8 6 pvpl 32 9594 0 0 79 1 78 79 0 265 0 pmappl 256 411 0 377 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 374 0 14 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0