uvm_fault(0xfffffd8069c4c8b0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at rtrequest+0x8e1: movzbl 0(%r14),%r15d TID PID UID PRFLAGS PFLAGS CPU COMMAND *195783 5083 0 0 0x4000000 0 syz-executor.6 rtrequest(1,ffff80002e8584d8,0,ffff80002e858448,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d25f00,ffff80002e858580,ffff80002e8584d8,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd8068cb3800,fffffd8077017908) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd8077017908,fffffd8068cb3800,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd8077017908,0,ffff80002e858750,0,0,0) at sosend+0x66d sendit(ffff8000216e3aa0,3,ffff80002e858850,0,ffff80002e858930) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff8000216e3aa0,ffff80002e8588e0,ffff80002e858930) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff80002e8589b0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x878d11305e0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xfffffd8069c4c8b0, 0x0, 0, 1) -> e ddb> trace rtrequest(1,ffff80002e8584d8,0,ffff80002e858448,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d25f00,ffff80002e858580,ffff80002e8584d8,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd8068cb3800,fffffd8077017908) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd8077017908,fffffd8068cb3800,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd8077017908,0,ffff80002e858750,0,0,0) at sosend+0x66d sendit(ffff8000216e3aa0,3,ffff80002e858850,0,ffff80002e858930) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff8000216e3aa0,ffff80002e8588e0,ffff80002e858930) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff80002e8589b0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x878d11305e0, count: -9 ddb> show registers rdi 0xffff800027fb1000 rsi 0x2e6 rbp 0xffff80002e858420 rbx 0x33 rdx 0xffff800027fb1000 rcx 0x2e5 rax 0xffffffff81448f22 rt_putgwroute+0x112 r8 0x20 r9 0 r10 0x856b7d5e9a122089 r11 0x5416871f99f1ab10 r12 0xfffffd806a0e7a28 r13 0xffff80002e8584d8 r14 0 r15 0xffff8000006c6740 rip 0xffffffff81447e21 rtrequest+0x8e1 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002e858330 ss 0x10 rtrequest+0x8e1: movzbl 0(%r14),%r15d ddb> show proc PROC (syz-executor.6) tid=195783 pid=5083 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff8000216e4540,0xffff8000216e47f8 process=0xffff800021725b90 user=0xffff80002e853000, vmspace=0xfffffd8069c4c8b0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 5083 455405 41083 0 2 0 syz-executor.6 * 5083 195783 41083 0 7 0x4000000 syz-executor.6 45786 18731 37893 0 2 0 syz-executor.5 45786 325660 37893 0 3 0x4000080 fsleep syz-executor.5 92915 344887 4822 0 2 0 syz-executor.1 92915 35672 4822 0 3 0x4000080 fsleep syz-executor.1 64690 225238 77458 0 2 0x480 syz-executor.7 64690 427864 77458 0 3 0x4000080 netio syz-executor.7 64690 53167 77458 0 3 0x4000080 fsleep syz-executor.7 77458 336661 54191 0 2 0x482 syz-executor.7 37893 160534 54191 0 3 0x82 nanoslp syz-executor.5 66957 87316 54191 0 2 0x2 syz-executor.4 41083 393244 54191 0 3 0x82 nanoslp syz-executor.6 83823 305886 54191 0 2 0x482 syz-executor.2 4822 323712 54191 0 3 0x82 nanoslp syz-executor.1 39388 292047 54191 0 2 0x2 syz-executor.3 54279 78891 54191 0 2 0x2 syz-executor.0 54191 62720 33752 0 3 0x2000082 thrsleep syz-fuzzer 54191 478439 33752 0 2 0x6000482 syz-fuzzer 54191 518976 33752 0 3 0x6000082 wait syz-fuzzer 54191 143293 33752 0 3 0x6000082 wait syz-fuzzer 54191 184950 33752 0 3 0x6000082 thrsleep syz-fuzzer 54191 157048 33752 0 3 0x6000082 wait syz-fuzzer 54191 499211 33752 0 3 0x6000082 wait syz-fuzzer 54191 2821 33752 0 3 0x6000082 wait syz-fuzzer 54191 55993 33752 0 3 0x6000082 wait syz-fuzzer 54191 177596 33752 0 3 0x6000082 thrsleep syz-fuzzer 54191 458474 33752 0 3 0x6000082 wait syz-fuzzer 54191 299578 33752 0 3 0x6000082 wait syz-fuzzer 54191 129722 33752 0 3 0x6000082 kqread syz-fuzzer 33752 175876 67744 0 3 0x10008a sigsusp ksh 67744 510390 73953 0 3 0x9a kqread sshd 77693 393889 1 0 3 0x100083 ttyin getty 73953 142820 1 0 3 0x88 kqread sshd 46715 365259 68137 73 3 0x1100090 kqread syslogd 68137 361922 1 0 3 0x100082 netio syslogd 54181 351933 1 0 3 0x100080 kqread resolvd 9708 368826 77655 77 3 0x100092 kqread dhcpleased 33420 320843 77655 77 3 0x100092 kqread dhcpleased 77655 312009 1 0 3 0x80 kqread dhcpleased 87028 409056 0 0 3 0x14200 bored smr 26387 489367 0 0 2 0x14200 zerothread 70899 47056 0 0 3 0x14200 aiodoned aiodoned 20835 134282 0 0 3 0x14200 syncer update 64536 301299 0 0 3 0x14200 cleaner cleaner 10078 25174 0 0 3 0x14200 reaper reaper 83806 217058 0 0 3 0x14200 pgdaemon pagedaemon 38833 247691 0 0 3 0x14200 bored viomb 7432 383975 0 0 3 0x40014200 acpi0 acpi0 24867 170425 0 0 3 0x14200 bored softnet3 92841 431294 0 0 3 0x14200 bored softnet2 31714 200725 0 0 3 0x14200 bored softnet1 68995 410491 0 0 3 0x14200 bored softnet0 95144 308830 0 0 3 0x14200 bored systqmp 58739 331349 0 0 3 0x14200 bored systq 20505 249860 0 0 3 0x40014200 tmoslp softclock 60666 428766 0 0 3 0x40014200 idle0 1 340966 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10180 6595K 6853K 78643K 11535 0 pcb 13 8K 8K 78643K 21 0 rtable 236 6K 6K 78643K 357 0 pf 29 8K 8K 78643K 29 0 ifaddr 43 11K 11K 78643K 45 0 ifgroup 50 2K 2K 78643K 50 0 counters 28 17K 17K 78643K 28 0 ioctlops 0 0K 2K 78643K 29 0 iov 0 0K 2K 78643K 2 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1282 80K 80K 78643K 1405 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 34 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 14 49K 65K 78643K 360 0 proc 56 58K 75K 78643K 488 0 subproc 104 6K 6K 78643K 104 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 18 0 in_multi 99 7K 7K 78643K 103 0 ether_multi 1 0K 0K 78643K 1 0 mrt 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 37 175K 175K 78643K 37 0 exec 0 0K 1K 78643K 369 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 267 78K 79K 78643K 4967 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 18 0 NDP 11 0K 2K 78643K 27 0 temp 46 5905K 5969K 78643K 4534 0 kqueue 12 18K 18K 78643K 22 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 58 0 54 1 0 1 1 0 8 0 rtentry 112 112 0 1 4 0 4 4 0 8 0 unpcb 144 109 0 96 1 0 1 1 0 8 0 syncache 304 5 0 5 1 0 1 1 0 8 1 tcpqe 32 637 0 637 4 1 3 3 0 8 3 tcpcb 808 30 0 23 1 0 1 1 0 8 0 arp 88 18 0 0 1 0 1 1 0 8 0 inpcb 336 117 0 106 1 0 1 1 0 8 0 nd6 104 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 452 0 0 29 0 29 29 0 8 0 art_table 32 453 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 semapl 112 32 0 22 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1812 0 373 91 0 91 91 0 8 0 ffsino 240 1812 0 373 85 0 85 85 0 8 0 nchpl 144 2318 0 639 63 0 63 63 0 8 0 uvmvnodes 80 1990 0 0 41 0 41 41 0 8 0 vnodes 216 1990 0 0 111 0 111 111 0 8 0 namei 1024 7456 0 7455 3 0 3 3 0 8 2 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 7666 0 7666 3 2 1 3 1 8 1 plimitpl 152 36 0 20 1 0 1 1 0 8 0 sigapl 424 656 0 614 6 0 6 6 0 8 0 futexpl 64 1576 0 1573 1 0 1 1 0 8 0 knotepl 120 5416 0 5336 3 0 3 3 0 8 0 kqueuepl 184 22 0 14 1 0 1 1 0 8 0 pipepl 288 139 0 111 3 0 3 3 0 8 1 fdescpl 432 640 0 615 4 0 4 4 0 8 1 filepl 120 2211 0 1972 8 0 8 8 0 8 0 lockfpl 104 64 0 62 1 0 1 1 0 8 0 lockfspl 48 33 0 31 1 0 1 1 0 8 0 sessionpl 144 23 0 7 1 0 1 1 0 8 0 pgrppl 48 23 0 7 1 0 1 1 0 8 0 ucredpl 104 182 0 172 1 0 1 1 0 8 0 zombiepl 144 615 0 614 1 0 1 1 0 8 0 processpl 1008 656 0 614 7 1 6 6 0 8 0 procpl 680 907 0 848 6 0 6 6 0 8 0 sockpl 456 284 0 256 5 0 5 5 0 8 1 mcl64k 65536 5 0 4 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 10 0 9 2 1 1 1 0 8 0 mcl4k 4096 23 0 23 1 0 1 1 0 8 1 mcl2k 2048 28557 0 28513 72 58 14 44 0 8 8 mtagpl 96 38 0 4 2 1 1 1 0 8 0 mbufpl 256 48501 0 48300 35 17 18 23 0 8 4 bufpl 288 4279 0 142 296 0 296 296 0 8 0 anonpl 24 192483 0 185280 55 0 55 55 0 188 10 amapchunkpl 152 16264 0 15614 28 0 28 28 0 158 2 amappl16 200 5056 0 4889 11 1 10 10 0 8 1 amappl15 192 15 0 15 2 1 1 1 0 8 1 amappl14 184 148 0 136 2 0 2 2 0 8 1 amappl13 176 8 0 8 1 1 0 1 0 8 0 amappl12 168 1262 0 1234 2 0 2 2 0 8 0 amappl11 160 62 0 52 1 0 1 1 0 8 0 amappl10 152 32 0 24 2 1 1 1 0 8 0 amappl9 144 159 0 157 1 0 1 1 0 8 0 amappl8 136 162 0 119 2 0 2 2 0 8 0 amappl7 128 181 0 164 2 0 2 2 0 8 0 amappl6 120 235 0 228 1 0 1 1 0 8 0 amappl5 112 130 0 121 1 0 1 1 0 8 0 amappl4 104 407 0 386 2 0 2 2 0 8 1 amappl3 96 3559 0 3485 3 0 3 3 0 8 1 amappl2 88 1062 0 993 3 0 3 3 0 8 1 amappl1 80 10209 0 9703 22 3 19 22 0 8 8 amappl 88 4479 0 4301 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 640 0 615 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 640 0 615 1 0 1 1 0 8 0 vmmpekpl 168 10151 0 10102 3 0 3 3 0 8 0 vmmpepl 168 57711 0 55913 112 0 112 112 0 357 31 vmsppl 368 639 0 615 3 0 3 3 0 8 0 rwobjpl 24 22528 0 19425 20 0 20 20 0 8 1 pdppl 4096 1286 0 1230 94 30 64 64 0 8 8 pvpl 32 434208 0 421990 360 18 342 360 0 265 241 pmappl 216 639 0 615 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 731 0 108 19 0 19 19 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace rtrequest(1,ffff80002e8584d8,0,ffff80002e858448,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d25f00,ffff80002e858580,ffff80002e8584d8,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd8068cb3800,fffffd8077017908) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd8077017908,fffffd8068cb3800,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd8077017908,0,ffff80002e858750,0,0,0) at sosend+0x66d sendit(ffff8000216e3aa0,3,ffff80002e858850,0,ffff80002e858930) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff8000216e3aa0,ffff80002e8588e0,ffff80002e858930) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff80002e8589b0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x878d11305e0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace rtrequest(1,ffff80002e8584d8,0,ffff80002e858448,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d25f00,ffff80002e858580,ffff80002e8584d8,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd8068cb3800,fffffd8077017908) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd8077017908,fffffd8068cb3800,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd8077017908,0,ffff80002e858750,0,0,0) at sosend+0x66d sendit(ffff8000216e3aa0,3,ffff80002e858850,0,ffff80002e858930) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff8000216e3aa0,ffff80002e8588e0,ffff80002e858930) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff80002e8589b0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x878d11305e0, count: -9