uvm_fault(0xfffffd806c1c1dd8, 0xdb, 0, 1) -> e kernel: page fault trap, code=0 Stopped at rtrequest+0x7c7: movzbl 0xdb(%r13),%eax TID PID UID PRFLAGS PFLAGS CPU COMMAND *148197 16370 0 0 0x4000000 0 syz-executor rtrequest(1,ffff80002c7e0d58,38,ffff80002c7e0cd0,0) at rtrequest+0x7c7 sys/net/route.c:1008 rtm_output(ffff8000012dd600,ffff80002c7e0e00,ffff80002c7e0d58,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd806c389c00,fffffd806ce9dbe8) at route_output+0x9ac sys/net/rtsock.c:878 route_send(fffffd806ce9dbe8,fffffd806c389c00,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd806ce9dbe8,0,ffff80002c7e0fb8,0,0,0) at sosend+0xa40 sendit(ffff800032805470,4,ffff80002c7e10b0,0,ffff80002c7e1160) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff800032805470,ffff80002c7e1210,ffff80002c7e1160) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff80002c7e1210) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa4946dc5550, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xfffffd806c1c1dd8, 0xdb, 0, 1) -> e ddb> trace rtrequest(1,ffff80002c7e0d58,38,ffff80002c7e0cd0,0) at rtrequest+0x7c7 sys/net/route.c:1008 rtm_output(ffff8000012dd600,ffff80002c7e0e00,ffff80002c7e0d58,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd806c389c00,fffffd806ce9dbe8) at route_output+0x9ac sys/net/rtsock.c:878 route_send(fffffd806ce9dbe8,fffffd806c389c00,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd806ce9dbe8,0,ffff80002c7e0fb8,0,0,0) at sosend+0xa40 sendit(ffff800032805470,4,ffff80002c7e10b0,0,ffff80002c7e1160) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff800032805470,ffff80002c7e1210,ffff80002c7e1160) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff80002c7e1210) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa4946dc5550, count: -9 ddb> show registers rdi 0 rsi 0 rbp 0xffff80002c7e0ca0 rbx 0xffff8000012bed90 rdx 0xffff800001281800 rcx 0x508 rax 0 r8 0x70 r9 0 r10 0x9485b370ec7546d6 r11 0x36462ebc8c188cc3 r12 0xfffffd8066f3dc58 r13 0 r14 0x1 r15 0x33 rip 0xffffffff8230c157 rtrequest+0x7c7 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002c7e0bb0 ss 0x10 rtrequest+0x7c7: movzbl 0xdb(%r13),%eax ddb> show proc PROC (syz-executor) tid=148197 pid=16370 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=82, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000328056f8,0xffff800032804ce8 process=0xffff8000327f6258 user=0xffff80002c7dc000, vmspace=0xfffffd806c1c1dd8 estcpu=32, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 16370 164377 93678 0 2 0 syz-executor *16370 148197 93678 0 7 0x4000000 syz-executor 16370 201866 93678 0 3 0x4000080 fsleep syz-executor 40678 431564 96063 0 3 0x80 nanoslp syz-executor 40678 27045 96063 0 3 0x4000080 fsleep syz-executor 40678 359422 96063 0 3 0x4000080 fsleep syz-executor 40678 138061 96063 0 3 0x4000080 fsleep syz-executor 41407 288916 1 0 3 0x100083 ttyin getty 20718 280513 351 0 3 0x82 piperd syz-executor 65908 309548 0 0 3 0x14200 bored sosplice 93678 5601 351 0 3 0x82 nanoslp syz-executor 90105 351985 351 0 3 0x82 piperd syz-executor 96063 64610 351 0 3 0x82 nanoslp syz-executor 66270 394238 351 0 3 0x82 piperd syz-executor 10390 178500 351 0 3 0x82 piperd syz-executor 88306 415916 351 0 3 0x82 wait syz-executor 351 487392 26602 0 3 0x82 nanoslp syz-executor 26602 218620 54983 0 3 0x10008a sigsusp ksh 54983 92526 72575 0 3 0x98 kqread sshd-session 72575 128520 99219 0 3 0x92 kqread sshd-session 99219 153444 1 0 3 0x88 kqread sshd 16650 178722 10944 73 3 0x1100090 kqread syslogd 10944 315488 1 0 3 0x100082 sbwait syslogd 53539 349200 1 0 3 0x100080 kqread resolvd 19405 165516 55796 77 3 0x100092 kqread dhcpleased 37220 437017 55796 77 3 0x100092 kqread dhcpleased 55796 431694 1 0 3 0x80 kqread dhcpleased 86286 269761 0 0 3 0x14200 bored smr 43502 301899 0 0 2 0x14200 zerothread 75314 148081 0 0 3 0x14200 aiodoned aiodoned 19977 345487 0 0 3 0x14200 syncer update 9236 149992 0 0 3 0x14200 cleaner cleaner 68404 46288 0 0 3 0x14200 reaper reaper 23046 467052 0 0 3 0x14200 pgdaemon pagedaemon 23875 34836 0 0 3 0x14200 bored viomb 32369 468806 0 0 3 0x40014200 acpi0 acpi0 81467 182880 0 0 3 0x14200 bored softnet3 91864 86779 0 0 3 0x14200 bored softnet2 87609 155444 0 0 3 0x14200 bored softnet1 39668 398123 0 0 3 0x14200 bored softnet0 8978 140374 0 0 3 0x14200 bored systqmp 81994 492121 0 0 3 0x14200 bored systq 29044 197134 0 0 3 0x40014200 tmoslp softclock 53112 476957 0 0 3 0x40014200 idle0 1 244174 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10207 11064K 11585K 166960K 13382 0 pcb 18 15K 17K 166960K 457 0 rtable 157 7K 8K 166960K 833 0 pf 37 14K 17K 166960K 110 0 ifaddr 31 5K 7K 166960K 111 0 ifgroup 50 2K 2K 166960K 147 0 sysctl 3 0K 2K 166960K 7 0 counters 30 17K 17K 166960K 54 0 ioctlops 0 0K 4K 166960K 219 0 iov 0 0K 24K 166960K 151 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1469 92K 93K 166960K 2845 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 24 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 89 0 dirhash 18 3K 3K 166960K 51 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 12 41K 97K 166960K 1649 0 sigio 0 0K 0K 166960K 35 0 proc 60 59K 100K 166960K 920 0 subproc 91 5K 6K 166960K 240 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 394 0 in_multi 52 3K 7K 166960K 280 0 ether_multi 1 0K 0K 166960K 19 0 mrt 1 0K 0K 166960K 9 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 247 1102K 1102K 166960K 247 0 exec 0 0K 2K 166960K 794 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 186 63K 88K 166960K 16525 0 UVM aobj 131 4K 4K 166960K 134 0 pinsyscall 33 66K 98K 166960K 2936 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 137 0 NDP 11 0K 1K 166960K 74 0 temp 66 6817K 6893K 166960K 66737 0 kqueue 14 22K 30K 166960K 262 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 325 0 320 4 2 2 3 0 8 1 rtentry 112 261 0 196 4 0 4 4 0 8 0 unpcb 144 1264 0 1248 14 10 4 6 0 8 3 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 513 0 509 11 3 8 8 0 8 7 arp 88 44 0 30 1 0 1 1 0 8 0 ipq 40 2 0 2 1 0 1 1 0 8 1 ipqe 40 10 0 10 1 0 1 1 0 8 1 inpcb 336 2126 0 2118 23 14 9 10 0 8 8 nd6 104 58 0 47 1 0 1 1 0 8 0 pkpcb 40 7 0 7 2 1 1 1 0 8 1 kcovpl 48 18 0 11 1 0 1 1 0 8 0 ppxss 1072 6 0 6 2 1 1 1 0 8 1 pfstscr 40 9 0 8 1 0 1 1 0 8 0 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 4 0 0 1 0 1 1 0 8 0 pfstkey 128 16 0 13 1 0 1 1 0 8 0 pfstate 344 9 0 7 1 0 1 1 0 8 0 pfrule 1344 11 0 8 2 1 1 1 0 8 0 art_heap8 4096 5 0 0 5 0 5 5 0 8 0 art_heap4 256 1114 0 848 29 3 26 29 0 8 1 art_table 32 1119 0 848 4 0 4 4 0 8 0 art_node 16 253 0 197 1 0 1 1 0 8 0 sysvmsgpl 40 15 0 8 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 83 0 73 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 43 0 22 3 0 3 3 0 8 0 dino2pl 256 4154 0 2632 96 0 96 96 0 8 0 ffsino 240 4154 0 2632 90 0 90 90 0 8 0 nchpl 144 6288 0 4583 64 0 64 64 0 8 0 uvmvnodes 80 5219 0 0 107 0 107 107 0 8 0 vnodes 216 5219 0 0 290 0 290 290 0 8 0 namei 1024 22353 0 22353 5 3 2 2 0 8 2 kstatmem 264 70 0 48 2 0 2 2 0 8 0 scsiplug 72 2 0 2 1 0 1 1 0 8 1 scxspl 216 19384 0 19384 18 16 2 8 1 8 2 plimitpl 152 344 0 329 1 0 1 1 0 8 0 sigapl 424 1934 0 1893 9 1 8 8 0 8 2 futexpl 64 21016 0 21012 1 0 1 1 0 8 0 knotepl 120 76091 0 75833 32 22 10 16 0 8 2 kqueuepl 184 501 0 491 6 3 3 4 0 8 2 pipepl 288 247 0 220 3 0 3 3 0 8 0 fdescpl 432 1894 0 1870 5 1 4 5 0 8 0 filepl 120 12344 0 12121 25 10 15 15 0 8 6 lockfpl 104 499 0 497 2 1 1 2 0 8 0 lockfspl 48 157 0 155 1 0 1 1 0 8 0 sessionpl 144 32 0 24 1 0 1 1 0 8 0 pgrppl 48 191 0 176 1 0 1 1 0 8 0 ucredpl 104 2333 0 2322 1 0 1 1 0 8 0 zombiepl 144 2583 0 2582 2 1 1 1 0 8 0 processpl 1096 1934 0 1893 5 0 5 5 0 8 1 procpl 648 4252 0 4206 9 2 7 7 0 8 1 sosppl 168 5 0 5 3 2 1 1 0 8 1 sockpl 504 3779 0 3750 74 62 12 26 0 8 8 mcl64k 65536 77 0 77 3 2 1 1 0 8 1 mcl16k 16384 3 0 3 2 1 1 1 0 8 1 mcl12k 12288 1 0 1 1 1 0 1 0 8 0 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 27 0 27 3 2 1 1 0 8 1 mcl4k 4096 4536 0 4485 16 8 8 14 0 8 1 mcl2k 2048 1763 0 1749 10 5 5 6 0 8 3 mtagpl 96 101 0 27 2 0 2 2 0 8 0 mbufpl 256 21527 0 21318 107 82 25 74 0 8 7 bufpl 280 7331 0 1084 447 0 447 447 0 8 0 anonpl 24 306393 0 303208 85 38 47 47 0 187 18 amapchunkpl 152 55603 0 55232 54 19 35 35 0 158 16 amappl16 200 7838 0 7813 56 44 12 15 0 8 8 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 131 0 121 1 0 1 1 0 8 0 amappl13 176 9 0 9 2 1 1 1 0 8 1 amappl12 168 2666 0 2642 2 0 2 2 0 8 0 amappl11 160 50 0 40 1 0 1 1 0 8 0 amappl10 152 30 0 30 3 2 1 1 0 8 1 amappl9 144 132 0 132 1 1 0 1 0 8 0 amappl8 136 43 0 41 1 0 1 1 0 8 0 amappl7 128 123 0 113 1 0 1 1 0 8 0 amappl6 120 266 0 263 1 0 1 1 0 8 0 amappl5 112 169 0 160 1 0 1 1 0 8 0 amappl4 104 323 0 309 1 0 1 1 0 8 0 amappl3 96 9977 0 9908 3 0 3 3 0 8 0 amappl2 88 2204 0 2130 2 0 2 2 0 8 0 amappl1 80 12487 0 11994 15 3 12 13 0 8 0 amappl 88 15978 0 15846 6 1 5 5 0 92 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 8 0 8 2 1 1 1 0 8 1 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 1894 0 1870 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1894 0 1870 1 0 1 1 0 8 0 vmmpekpl 168 14829 0 14788 3 0 3 3 0 8 0 vmmpepl 168 120991 0 119508 109 20 89 89 0 357 12 vmsppl 352 1893 0 1870 4 1 3 4 0 8 0 rwobjpl 24 39781 0 33642 39 1 38 38 0 8 0 pdppl 4096 3794 0 3740 122 58 64 82 0 8 10 pvpl 32 805147 0 796711 184 69 115 115 0 265 32 pmappl 216 1893 0 1870 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 608 0 247 12 1 11 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace rtrequest(1,ffff80002c7e0d58,38,ffff80002c7e0cd0,0) at rtrequest+0x7c7 sys/net/route.c:1008 rtm_output(ffff8000012dd600,ffff80002c7e0e00,ffff80002c7e0d58,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd806c389c00,fffffd806ce9dbe8) at route_output+0x9ac sys/net/rtsock.c:878 route_send(fffffd806ce9dbe8,fffffd806c389c00,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd806ce9dbe8,0,ffff80002c7e0fb8,0,0,0) at sosend+0xa40 sendit(ffff800032805470,4,ffff80002c7e10b0,0,ffff80002c7e1160) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff800032805470,ffff80002c7e1210,ffff80002c7e1160) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff80002c7e1210) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa4946dc5550, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace rtrequest(1,ffff80002c7e0d58,38,ffff80002c7e0cd0,0) at rtrequest+0x7c7 sys/net/route.c:1008 rtm_output(ffff8000012dd600,ffff80002c7e0e00,ffff80002c7e0d58,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd806c389c00,fffffd806ce9dbe8) at route_output+0x9ac sys/net/rtsock.c:878 route_send(fffffd806ce9dbe8,fffffd806c389c00,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(fffffd806ce9dbe8,0,ffff80002c7e0fb8,0,0,0) at sosend+0xa40 sendit(ffff800032805470,4,ffff80002c7e10b0,0,ffff80002c7e1160) at sendit+0x721 sys/kern/uipc_syscalls.c:786 sys_sendto(ffff800032805470,ffff80002c7e1210,ffff80002c7e1160) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:564 syscall(ffff80002c7e1210) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa4946dc5550, count: -9