uvm_fault(0xffffffff838b9458, 0xffff8000016ba08a, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *117422 90566 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff800000039058,1,fffffd806cdbd1b0) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff800000039058,1,fffffd806cdbd1b0) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80002ccff440,0,ffff80002ccff3b0,16) at rtrequest+0xf08 sys/net/route.c:1114 rtm_output(ffff800001484a00,ffff80002ccff4e8,ffff80002ccff440,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd8069e31f00,ffff8000014cb160) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000014cb160,fffffd8069e31f00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000014cb160,0,ffff80002ccff698,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c956028,3,ffff80002ccff790,808,ffff80002ccff830) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c956028,ffff80002ccff8e0,ffff80002ccff830) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80002ccff8e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002ccff8e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x57009c907b0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff838b9458, 0xffff8000016ba08a, 0, 1) -> e ddb> trace arp_rtrequest(ffff800000039058,1,fffffd806cdbd1b0) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff800000039058,1,fffffd806cdbd1b0) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80002ccff440,0,ffff80002ccff3b0,16) at rtrequest+0xf08 sys/net/route.c:1114 rtm_output(ffff800001484a00,ffff80002ccff4e8,ffff80002ccff440,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd8069e31f00,ffff8000014cb160) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000014cb160,fffffd8069e31f00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000014cb160,0,ffff80002ccff698,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c956028,3,ffff80002ccff790,808,ffff80002ccff830) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c956028,ffff80002ccff8e0,ffff80002ccff830) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80002ccff8e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002ccff8e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x57009c907b0, count: -10 ddb> show registers rdi 0xffff80002d502000 rsi 0x341 rbp 0xffff80002ccff290 rbx 0xde rdx 0xffff80002d502000 rcx 0xffff8000016b9fa0 rax 0xfffffd806ce492e0 r8 0x20 r9 0xfffffd806cdbd1b0 r10 0x23c382461797fa2f r11 0x11a9b1b6cb9831b9 r12 0x49 r13 0xfffffd806ce49200 r14 0xfffffd806cdbd1b0 r15 0xffff800000039058 rip 0xffffffff814dd214 arp_rtrequest+0x6a4 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002ccff210 ss 0x10 arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=117422 pid=90566 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c957780,0xffffffff8392b520 process=0xffff80002a8d84a0 user=0xffff80002ccfa000, vmspace=0xfffffd8069f8a018 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 90566 232139 99765 0 2 0 syz-executor *90566 117422 99765 0 7 0x4000000 syz-executor 54257 170552 81572 0 2 0 syz-executor 48353 110121 38486 0 2 0 syz-executor 46788 441019 34189 0 2 0 syz-executor 46788 457756 34189 0 3 0x4000080 fsleep syz-executor 33813 462254 15042 0 2 0 syz-executor 19086 126302 88469 0 2 0 syz-executor 19086 8272 88469 0 2 0x4000000 syz-executor 91859 416636 1 0 3 0x100083 ttyin getty 15042 134018 15138 0 3 0x82 nanoslp syz-executor 88469 443429 15138 0 3 0x82 nanoslp syz-executor 12190 406439 15138 0 2 0x2 syz-executor 38092 238758 15138 0 3 0x82 nanoslp syz-executor 99765 455009 15138 0 3 0x82 nanoslp syz-executor 81572 6740 15138 0 3 0x82 nanoslp syz-executor 38486 415919 15138 0 3 0x82 nanoslp syz-executor 34189 427408 15138 0 3 0x82 nanoslp syz-executor 15138 153583 54613 0 3 0x82 kqread syz-executor 54613 218444 22466 0 3 0x10008a sigsusp ksh 22466 113768 18547 0 3 0x98 kqread sshd-session 18547 180455 82193 0 3 0x92 kqread sshd-session 82193 68016 1 0 3 0x88 kqread sshd 86660 165388 19311 73 3 0x1100090 kqread syslogd 19311 193095 1 0 3 0x100082 sbwait syslogd 6029 471000 1 0 3 0x100080 kqread resolvd 25037 268168 62312 77 3 0x100092 kqread dhcpleased 80592 479956 62312 77 3 0x100092 kqread dhcpleased 62312 224416 1 0 3 0x80 kqread dhcpleased 76359 480566 0 0 3 0x14200 bored smr 2130 386915 0 0 2 0x14200 zerothread 41567 7799 0 0 3 0x14200 aiodoned aiodoned 59265 514965 0 0 3 0x14200 syncer update 2142 287223 0 0 3 0x14200 cleaner cleaner 83410 390480 0 0 3 0x14200 reaper reaper 30707 126323 0 0 3 0x14200 pgdaemon pagedaemon 36969 264267 0 0 3 0x14200 bored viomb 40328 353077 0 0 3 0x40014200 acpi0 acpi0 87730 360150 0 0 3 0x14200 bored softnet0 72875 477001 0 0 2 0x14200 systqmp 39438 118631 0 0 3 0x14200 bored systq 99271 171450 0 0 3 0x40014200 tmoslp softclock 98422 281129 0 0 3 0x40014200 idle0 1 385731 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10213 11122K 12893K 166960K 13806 0 pcb 17 17K 22K 166960K 563 0 rtable 235 11K 11K 166960K 658 0 pf 29 12K 19K 166960K 181 0 ifaddr 37 7K 8K 166960K 123 0 ifgroup 46 2K 2K 166960K 216 0 sysctl 4 1K 9K 166960K 19 0 counters 31 17K 18K 166960K 121 0 ioctlops 0 0K 4K 166960K 415 0 iov 0 0K 24K 166960K 170 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1462 92K 93K 166960K 2658 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 16 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 82 0 dirhash 12 2K 2K 166960K 48 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 236K 166960K 1377 0 sigio 0 0K 0K 166960K 16 0 proc 60 59K 91K 166960K 634 0 subproc 72 4K 4K 166960K 90 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 293 0 in_multi 77 5K 7K 166960K 177 0 ether_multi 1 0K 0K 166960K 13 0 mrt 0 0K 0K 166960K 20 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 259 1155K 1155K 166960K 259 0 exec 0 0K 1K 166960K 599 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 212 158K 175K 166960K 13844 0 UVM aobj 131 4K 4K 166960K 131 0 pinsyscall 38 76K 88K 166960K 2518 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 112 0 NDP 10 0K 1K 166960K 85 0 temp 65 8652K 8777K 166960K 51953 0 kqueue 13 20K 32K 166960K 266 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 213 0 209 3 0 3 3 0 8 2 rtentry 136 188 0 99 4 0 4 4 0 8 0 unpcb 144 1222 0 1207 9 5 4 6 0 8 3 syncache 336 8 0 8 2 1 1 1 0 8 1 tcpqe 32 4 0 4 2 1 1 1 0 8 1 tcpcb 736 456 0 449 10 6 4 7 0 8 3 arp 96 26 0 10 1 0 1 1 0 8 0 ipq 40 6 0 0 1 0 1 1 0 8 0 ipqe 40 39 0 33 1 0 1 1 0 8 0 inpcb 328 1553 0 1543 17 7 10 12 0 8 8 ip6q 72 6 0 4 1 0 1 1 0 8 0 ip6af 40 11 0 10 2 1 1 1 0 8 0 nd6 112 38 0 17 1 0 1 1 0 8 0 pkpcb 40 12 0 12 2 1 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 ppxss 1072 67 0 67 2 1 1 1 0 8 1 pppxif 1384 8 0 8 2 1 1 1 0 8 1 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 1 0 0 1 0 1 1 0 8 0 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfanchor 1288 3 0 0 1 0 1 1 0 8 0 pfrule 1344 2 0 2 1 1 0 1 0 8 0 rttmr 136 6 0 6 2 1 1 1 0 8 1 art_heap8 4096 4 0 1 4 0 4 4 0 8 1 art_heap4 256 787 0 446 31 1 30 30 0 8 3 art_table 40 791 0 447 5 0 5 5 0 8 0 art_node 32 186 0 108 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 11 1 0 1 1 0 8 0 semupl 112 2 0 2 2 1 1 1 0 8 1 semapl 112 73 0 63 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 41 0 24 3 0 3 3 0 8 0 dino2pl 256 3978 0 2482 95 0 95 95 0 8 0 ffsino 256 3978 0 2482 95 0 95 95 0 8 0 nchpl 144 5821 0 4129 64 0 64 64 0 8 0 rtmask 32 16 0 16 2 1 1 1 0 8 1 vnodes 216 4812 0 0 268 0 268 268 0 8 0 namei 1024 22176 0 22176 3 2 1 2 0 8 1 kstatmem 264 130 0 110 3 1 2 3 0 8 0 scsiplug 72 3 0 3 1 0 1 1 0 8 1 scxspl 216 19695 0 19695 8 7 1 8 1 8 1 plimitpl 152 543 0 526 1 0 1 1 0 8 0 sigapl 424 1677 0 1635 8 0 8 8 0 8 1 knotepl 120 75902 0 75854 33 22 11 31 0 8 8 kqueuepl 184 428 0 419 3 2 1 3 0 8 0 pipepl 304 303 0 276 5 2 3 5 0 8 0 fdescpl 448 1641 0 1612 4 0 4 4 0 8 0 filepl 120 11705 0 11495 13 2 11 11 0 8 3 lockfpl 104 428 0 426 1 0 1 1 0 8 0 lockfspl 48 200 0 198 1 0 1 1 0 8 0 sessionpl 144 28 0 20 1 0 1 1 0 8 0 pgrppl 48 122 0 106 1 0 1 1 0 8 0 ucredpl 104 1928 0 1917 1 0 1 1 0 8 0 zombiepl 144 1636 0 1635 1 0 1 1 0 8 0 processpl 1152 1677 0 1635 5 0 5 5 0 8 0 procpl 664 3528 0 3483 7 0 7 7 0 8 2 sosppl 176 9 0 9 2 1 1 1 0 8 1 sockpl 552 3091 0 3062 21 10 11 12 0 8 8 mcl64k 65536 186 0 185 2 1 1 1 0 8 0 mcl16k 16384 9 0 9 2 1 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 30 0 30 2 1 1 1 0 8 1 mcl4k 4096 4112 0 4060 16 8 8 15 0 8 0 mcl2k2 2112 3 0 3 2 1 1 1 0 8 1 mcl2k 2048 2023 0 2017 5 3 2 5 0 8 0 mtagpl 96 10 0 10 1 0 1 1 0 8 1 mbufpl 256 20411 0 20266 76 61 15 76 0 8 0 bufpl 280 7951 0 1729 445 0 445 445 0 8 0 anonpl 24 253547 0 250056 69 21 48 48 0 187 18 amapchunkpl 152 53335 0 52908 41 7 34 34 0 158 9 amappl16 200 4297 0 4262 36 25 11 15 0 8 8 amappl15 192 22 0 22 1 1 0 1 0 8 0 amappl14 184 23 0 23 1 1 0 1 0 8 0 amappl13 176 429 0 428 1 0 1 1 0 8 0 amappl12 168 2026 0 1989 2 0 2 2 0 8 0 amappl11 160 5 0 5 1 1 0 1 0 8 0 amappl10 152 70 0 60 1 0 1 1 0 8 0 amappl9 144 283 0 282 1 0 1 1 0 8 0 amappl8 136 23 0 21 1 0 1 1 0 8 0 amappl7 128 110 0 108 1 0 1 1 0 8 0 amappl6 120 304 0 292 1 0 1 1 0 8 0 amappl5 112 73 0 65 1 0 1 1 0 8 0 amappl4 104 492 0 468 1 0 1 1 0 8 0 amappl3 96 8072 0 7996 3 0 3 3 0 8 0 amappl2 88 1786 0 1716 2 0 2 2 0 8 0 amappl1 80 15173 0 14649 15 2 13 13 0 8 1 amappl 88 12877 0 12734 5 0 5 5 0 92 0 uvmvnodes 80 4812 0 0 99 0 99 99 0 8 0 dma16384 16384 3 0 3 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 255 0 255 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 1641 0 1612 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1641 0 1612 1 0 1 1 0 8 0 vmmpekpl 168 13612 0 13572 4 1 3 3 0 8 0 vmmpepl 168 108000 0 106258 97 7 90 91 0 357 6 vmsppl 368 1640 0 1612 4 1 3 4 0 8 0 rwobjpl 40 33597 0 27844 59 0 59 59 0 8 0 pdppl 4096 3288 0 3224 100 34 66 74 0 8 2 pvpl 32 723994 0 715206 152 29 123 123 0 265 31 pmappl 216 1640 0 1612 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 459 0 123 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff800000039058,1,fffffd806cdbd1b0) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff800000039058,1,fffffd806cdbd1b0) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80002ccff440,0,ffff80002ccff3b0,16) at rtrequest+0xf08 sys/net/route.c:1114 rtm_output(ffff800001484a00,ffff80002ccff4e8,ffff80002ccff440,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd8069e31f00,ffff8000014cb160) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000014cb160,fffffd8069e31f00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000014cb160,0,ffff80002ccff698,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c956028,3,ffff80002ccff790,808,ffff80002ccff830) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c956028,ffff80002ccff8e0,ffff80002ccff830) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80002ccff8e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002ccff8e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x57009c907b0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff800000039058,1,fffffd806cdbd1b0) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff800000039058,1,fffffd806cdbd1b0) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80002ccff440,0,ffff80002ccff3b0,16) at rtrequest+0xf08 sys/net/route.c:1114 rtm_output(ffff800001484a00,ffff80002ccff4e8,ffff80002ccff440,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd8069e31f00,ffff8000014cb160) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000014cb160,fffffd8069e31f00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000014cb160,0,ffff80002ccff698,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c956028,3,ffff80002ccff790,808,ffff80002ccff830) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c956028,ffff80002ccff8e0,ffff80002ccff830) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80002ccff8e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002ccff8e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x57009c907b0, count: -10