uvm_fault(0xffffffff839366c8, 0xffff8000016160ca, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *102907 66013 60928 0x10 0x4000000 0 syz-executor arp_rtrequest(ffff8000002a2058,1,fffffd806e92aa30) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806e92aa30) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c91b7a0,0,ffff80003c91b710,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001614500,ffff80003c91b848,ffff80003c91b7a0,0,16) at rtm_output+0x91a sys/net/rtsock.c:956 route_output(fffffd807cfb8b00,ffff800010fdd378) at route_output+0xa6a sys/net/rtsock.c:862 route_send(ffff800010fdd378,fffffd807cfb8b00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fdd378,0,ffff80003c91b9f8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff8000304c3a10,3,ffff80003c91baf0,808,ffff80003c91bb90) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff8000304c3a10,ffff80003c91bc40,ffff80003c91bb90) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c91bc40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c91bc40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xce0c3411de0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff839366c8, 0xffff8000016160ca, 0, 1) -> e ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd806e92aa30) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806e92aa30) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c91b7a0,0,ffff80003c91b710,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001614500,ffff80003c91b848,ffff80003c91b7a0,0,16) at rtm_output+0x91a sys/net/rtsock.c:956 route_output(fffffd807cfb8b00,ffff800010fdd378) at route_output+0xa6a sys/net/rtsock.c:862 route_send(ffff800010fdd378,fffffd807cfb8b00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fdd378,0,ffff80003c91b9f8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff8000304c3a10,3,ffff80003c91baf0,808,ffff80003c91bb90) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff8000304c3a10,ffff80003c91bc40,ffff80003c91bb90) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c91bc40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c91bc40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xce0c3411de0, count: -10 ddb> show registers rdi 0xffff8000380ec000 rsi 0x360 rbp 0xffff80003c91b5f0 rbx 0xde rdx 0xffff8000380ec000 rcx 0xffff800001615fe0 rax 0xfffffd806cc947e0 r8 0x20 r9 0xfffffd806e92aa30 r10 0xa31c39a00b7fb65 r11 0x5e47f71acbc6c137 r12 0x1f r13 0xfffffd806cc94700 r14 0xfffffd806e92aa30 r15 0xffff8000002a2058 rip 0xffffffff8165b7f4 arp_rtrequest+0x6a4 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c91b570 ss 0x10 arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=102907 pid=66013 tcnt=3 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000304c22b8,0xffff80002f0c02c0 process=0xffff8000304c5698 user=0xffff80003c916000, vmspace=0xfffffd807003d748 estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 95778 156308 0 0 2 0x14200 acct 56751 139 92943 0 2 0 syz-executor 35895 133661 80884 0 2 0 syz-executor 34798 242851 44369 0 2 0 syz-executor 34798 15905 44369 0 3 0x4000080 kqsel syz-executor 80453 277928 16857 0 2 0 syz-executor 80453 71925 16857 0 3 0x4000080 sbwait syz-executor 66013 410916 45599 60928 2 0x10 syz-executor *66013 102907 45599 60928 7 0x4000010 syz-executor 66013 285143 45599 60928 3 0x4000090 fsleep syz-executor 33011 493296 72907 0 2 0 syz-executor 33011 8376 72907 0 2 0x4000000 syz-executor 33011 90724 72907 0 2 0x4000000 syz-executor 33011 120011 72907 0 3 0x4000080 fsleep syz-executor 34204 50834 85813 0 3 0x82 wait syz-executor 45599 441481 85813 0 3 0x82 nanoslp syz-executor 16857 96262 85813 0 3 0x82 nanoslp syz-executor 72907 55991 85813 0 3 0x82 nanoslp syz-executor 44369 506494 85813 0 3 0x82 nanoslp syz-executor 92943 236006 85813 0 3 0x82 nanoslp syz-executor 80884 251702 85813 0 3 0x82 nanoslp syz-executor 76379 304824 85813 0 2 0x2 syz-executor 85813 180233 90070 0 3 0x82 kqread syz-executor 90070 414385 36978 0 3 0x10008a sigsusp ksh 36978 116034 85759 0 3 0x98 kqread sshd-session 85759 283328 94044 0 3 0x92 kqread sshd-session 11298 511021 1 0 3 0x100083 ttyin getty 94044 273410 1 0 3 0x88 kqread sshd 22949 13864 59618 73 3 0x1100090 kqread syslogd 59618 314267 1 0 3 0x100082 sbwait syslogd 17889 347752 1 0 3 0x100080 kqread resolvd 39711 63520 29161 77 3 0x100092 kqread dhcpleased 14397 342043 29161 77 3 0x100092 kqread dhcpleased 29161 460556 1 0 3 0x80 kqread dhcpleased 71420 30325 0 0 3 0x14200 bored smr 39927 139357 0 0 2 0x14200 zerothread 4050 243935 0 0 3 0x14200 aiodoned aiodoned 66921 290841 0 0 3 0x14200 syncer update 25507 68649 0 0 3 0x14200 cleaner cleaner 37472 386951 0 0 3 0x14200 reaper reaper 10835 169172 0 0 3 0x14200 pgdaemon pagedaemon 81372 439871 0 0 3 0x14200 bored viomb 98489 88065 0 0 3 0x40014200 acpi0 acpi0 52304 392596 0 0 3 0x14200 bored softnet0 80947 379069 0 0 2 0x14200 systqmp 46443 102369 0 0 3 0x14200 bored systq 38672 14465 0 0 3 0x40014200 tmoslp softclock 59296 156806 0 0 3 0x40014200 idle0 1 109592 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11041 12169K 12379K 166960K 12382 0 pcb 18 12K 12K 166960K 39 0 rtable 234 8K 8K 166960K 388 0 pf 32 13K 18K 166960K 50 0 ifaddr 40 6K 8K 166960K 55 0 ifgroup 54 2K 2K 166960K 71 0 sysctl 1 1K 9K 166960K 5 0 counters 34 17K 18K 166960K 42 0 ioctlops 0 0K 4K 166960K 79 0 iov 0 0K 12K 166960K 6 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1353 85K 86K 166960K 1578 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 6 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 74 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 85K 166960K 235 0 sigio 0 0K 0K 166960K 1 0 proc 60 59K 75K 166960K 504 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 42 0 in_multi 88 6K 7K 166960K 101 0 ether_multi 1 0K 0K 166960K 2 0 mrt 0 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 49 228K 228K 166960K 49 0 exec 0 0K 1K 166960K 374 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 219 150K 165K 166960K 3832 0 UVM aobj 8 2K 2K 166960K 9 0 pinsyscall 38 76K 91K 166960K 1319 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 9 0 NDP 12 0K 2K 166960K 34 0 temp 43 9072K 9136K 166960K 7722 0 kqueue 14 22K 26K 166960K 43 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 46 0 42 1 0 1 1 0 8 0 rtentry 136 115 0 14 4 0 4 4 0 8 0 unpcb 144 79 0 62 1 0 1 1 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 33 0 29 1 0 1 1 0 8 0 arp 96 19 0 2 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 3 0 3 1 1 0 1 0 8 0 inpcb 328 134 0 125 3 1 2 2 0 8 1 ip6q 72 3 0 1 1 0 1 1 0 8 0 ip6af 40 4 0 2 1 0 1 1 0 8 0 nd6 112 24 0 3 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 6 0 6 1 0 1 1 0 8 1 pppxif 1416 2 0 2 1 0 1 1 0 8 1 pfsrclim 320 1 0 1 1 1 0 1 0 8 0 pfstlim 224 1 0 1 1 1 0 1 0 8 0 pfrule 1360 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 459 0 50 29 0 29 29 0 8 1 art_table 40 461 0 50 5 0 5 5 0 8 0 art_node 32 115 0 23 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 1 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 72 0 62 1 0 1 1 0 8 0 shmpl 112 6 0 1 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1815 0 360 92 0 92 92 0 8 0 ffsino 256 1815 0 360 92 0 92 92 0 8 0 nchpl 144 2150 0 462 63 0 63 63 0 8 0 vnodes 216 2012 0 0 112 0 112 112 0 8 0 namei 1024 6610 0 6609 2 1 1 1 0 8 0 kstatmem 264 37 0 12 3 0 3 3 0 8 1 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 6654 0 6654 3 2 1 3 1 8 1 plimitpl 152 109 0 93 1 0 1 1 0 8 0 sigapl 424 527 0 484 6 0 6 6 0 8 1 knotepl 120 14410 0 14362 7 5 2 7 0 8 0 kqueuepl 184 56 0 42 1 0 1 1 0 8 0 pipepl 304 122 0 95 3 0 3 3 0 8 0 fdescpl 448 513 0 484 4 0 4 4 0 8 0 filepl 120 2266 0 2049 11 1 10 11 0 8 2 lockfpl 104 57 0 55 1 0 1 1 0 8 0 lockfspl 48 26 0 24 1 0 1 1 0 8 0 sessionpl 144 29 0 21 1 0 1 1 0 8 0 pgrppl 48 37 0 21 1 0 1 1 0 8 0 ucredpl 104 389 0 377 1 0 1 1 0 8 0 zombiepl 144 485 0 484 1 0 1 1 0 8 0 processpl 1152 527 0 484 4 0 4 4 0 8 0 procpl 664 680 0 630 5 0 5 5 0 8 0 sosppl 176 1 0 1 1 0 1 1 0 8 1 sockpl 552 262 0 232 3 0 3 3 0 8 0 mcl64k 65536 11 0 10 2 1 1 1 0 8 0 mcl16k 16384 2 0 2 1 1 0 1 0 8 0 mcl8k 8192 5 0 5 2 1 1 1 0 8 1 mcl4k 4096 2619 0 2568 15 7 8 14 0 8 0 mcl2k 2048 320 0 314 7 5 2 6 0 8 0 mtagpl 96 5 0 4 2 1 1 1 0 8 0 mbufpl 256 5693 0 5533 20 6 14 20 0 8 2 bufpl 280 3422 0 103 238 0 238 238 0 8 0 anonpl 24 108722 0 105584 48 3 45 45 0 187 22 amapchunkpl 152 11272 0 10810 28 1 27 27 0 158 6 amappl16 200 2204 0 2180 18 8 10 15 0 8 8 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 408 0 407 1 0 1 1 0 8 0 amappl13 176 110 0 100 1 0 1 1 0 8 0 amappl12 168 762 0 733 2 0 2 2 0 8 0 amappl11 160 2 0 2 1 1 0 1 0 8 0 amappl10 152 56 0 46 1 0 1 1 0 8 0 amappl9 144 256 0 256 1 1 0 1 0 8 0 amappl8 136 105 0 103 1 0 1 1 0 8 0 amappl7 128 143 0 132 1 0 1 1 0 8 0 amappl6 120 166 0 165 1 0 1 1 0 8 0 amappl5 112 93 0 85 1 0 1 1 0 8 0 amappl4 104 254 0 238 1 0 1 1 0 8 0 amappl3 96 2006 0 1901 3 0 3 3 0 8 0 amappl2 88 500 0 445 2 0 2 2 0 8 0 amappl1 80 9299 0 8763 13 1 12 13 0 8 0 amappl 88 3140 0 2983 4 0 4 4 0 92 0 uvmvnodes 80 104 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 8 0 1 1 0 1 1 0 8 0 uaddrrnd 24 513 0 484 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 513 0 484 1 0 1 1 0 8 0 vmmpekpl 168 5731 0 5699 2 0 2 2 0 8 0 vmmpepl 168 40516 0 38767 90 0 90 90 0 357 10 vmsppl 368 512 0 484 4 0 4 4 0 8 1 rwobjpl 40 14520 0 13584 14 1 13 13 0 8 2 pdppl 4096 1032 0 968 94 28 66 76 0 8 2 pvpl 32 250384 0 241851 107 1 106 106 0 265 27 pmappl 216 512 0 484 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 375 0 53 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd806e92aa30) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806e92aa30) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c91b7a0,0,ffff80003c91b710,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001614500,ffff80003c91b848,ffff80003c91b7a0,0,16) at rtm_output+0x91a sys/net/rtsock.c:956 route_output(fffffd807cfb8b00,ffff800010fdd378) at route_output+0xa6a sys/net/rtsock.c:862 route_send(ffff800010fdd378,fffffd807cfb8b00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fdd378,0,ffff80003c91b9f8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff8000304c3a10,3,ffff80003c91baf0,808,ffff80003c91bb90) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff8000304c3a10,ffff80003c91bc40,ffff80003c91bb90) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c91bc40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c91bc40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xce0c3411de0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd806e92aa30) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806e92aa30) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c91b7a0,0,ffff80003c91b710,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001614500,ffff80003c91b848,ffff80003c91b7a0,0,16) at rtm_output+0x91a sys/net/rtsock.c:956 route_output(fffffd807cfb8b00,ffff800010fdd378) at route_output+0xa6a sys/net/rtsock.c:862 route_send(ffff800010fdd378,fffffd807cfb8b00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fdd378,0,ffff80003c91b9f8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff8000304c3a10,3,ffff80003c91baf0,808,ffff80003c91bb90) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff8000304c3a10,ffff80003c91bc40,ffff80003c91bb90) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c91bc40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c91bc40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xce0c3411de0, count: -10