uvm_fault(0xffffffff83998138, 0xffff8000016370ca, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *432296 21561 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff8000002a2058,1,fffffd8062e70928) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd8062e70928) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c9f1100,0,ffff80003c9f1070,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff8000015ea900,ffff80003c9f11a8,ffff80003c9f1100,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806db9cd00,ffff8000015cfa00) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015cfa00,fffffd806db9cd00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015cfa00,0,ffff80003c9f1358,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c93a7e8,3,ffff80003c9f1450,808,ffff80003c9f14f0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c93a7e8,ffff80003c9f15a0,ffff80003c9f14f0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c9f15a0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9f15a0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x66506ce73f0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff83998138, 0xffff8000016370ca, 0, 1) -> e ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd8062e70928) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd8062e70928) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c9f1100,0,ffff80003c9f1070,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff8000015ea900,ffff80003c9f11a8,ffff80003c9f1100,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806db9cd00,ffff8000015cfa00) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015cfa00,fffffd806db9cd00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015cfa00,0,ffff80003c9f1358,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c93a7e8,3,ffff80003c9f1450,808,ffff80003c9f14f0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c93a7e8,ffff80003c9f15a0,ffff80003c9f14f0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c9f15a0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9f15a0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x66506ce73f0, count: -10 ddb> show registers rdi 0xffff80003190a000 rsi 0xba8 rbp 0xffff80003c9f0f50 rbx 0xde rdx 0xffff80003190a000 rcx 0xffff800001636fe0 rax 0xfffffd80703354e0 r8 0x1000 __ALIGN_SIZE r9 0 r10 0x9e6e220e9c008df2 r11 0x6cb3fcf036a7f33e r12 0x31 r13 0xfffffd8070335400 r14 0xfffffd8062e70928 r15 0xffff8000002a2058 rip 0xffffffff81f6f254 arp_rtrequest+0x6a4 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c9f0ed0 ss 0x10 arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=432296 pid=21561 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=82, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c93a550,0xffff80003c93a2c8 process=0xffff8000ffffad18 user=0xffff80003c9ec000, vmspace=0xfffffd8066bdb8b8 estcpu=32, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 44951 341766 25783 0 2 0 syz-executor 44951 453157 25783 0 3 0x4000080 fsleep syz-executor 21561 261113 6034 0 2 0 syz-executor *21561 432296 6034 0 7 0x4000000 syz-executor 21561 203122 6034 0 3 0x4000080 fsleep syz-executor 10522 497442 80534 0 2 0 syz-executor 10522 122078 80534 0 3 0x4000080 fsleep syz-executor 71788 186414 67128 0 2 0 syz-executor 71788 255579 67128 0 3 0x4000080 fsleep syz-executor 71540 302955 81829 0 2 0 syz-executor 71540 148241 81829 0 3 0x4000080 fsleep syz-executor 71540 466137 81829 0 3 0x4000080 fsleep syz-executor 97718 209606 54003 0 2 0 syz-executor 97718 414514 54003 0 3 0x4000080 fsleep syz-executor 46923 255714 25631 0 2 0 syz-executor 46923 288609 25631 0 3 0x4000080 fsleep syz-executor 97860 316864 20056 0 2 0 syz-executor 97860 20104 20056 0 3 0x4000080 fsleep syz-executor 97860 422434 20056 0 3 0x4000080 fsleep syz-executor 16528 86679 0 0 3 0x14280 nfsidl nfsio 27979 363566 0 0 3 0x14280 nfsidl nfsio 50012 230041 0 0 3 0x14280 nfsidl nfsio 63088 357238 0 0 3 0x14280 nfsidl nfsio 19771 319287 0 0 3 0x14280 nfsidl nfsio 13501 55083 0 0 3 0x14280 nfsidl nfsio 49759 164366 0 0 3 0x14280 nfsidl nfsio 56854 60113 0 0 3 0x14280 nfsidl nfsio 93847 385941 0 0 3 0x14280 nfsidl nfsio 64444 82895 0 0 3 0x14280 nfsidl nfsio 90331 479395 0 0 3 0x14280 nfsidl nfsio 95648 108031 0 0 3 0x14280 nfsidl nfsio 35610 351812 0 0 3 0x14280 nfsidl nfsio 53282 490625 0 0 3 0x14280 nfsidl nfsio 85605 347268 0 0 3 0x14280 nfsidl nfsio 61625 90771 0 0 3 0x14280 nfsidl nfsio 52877 476016 0 0 3 0x14280 nfsidl nfsio 62994 274629 0 0 3 0x14280 nfsidl nfsio 61477 319249 0 0 3 0x14280 nfsidl nfsio 1167 347243 0 0 3 0x14280 nfsidl nfsio 67128 25010 50402 0 3 0x82 nanoslp syz-executor 80534 419660 50402 0 3 0x82 nanoslp syz-executor 25783 521998 50402 0 3 0x82 nanoslp syz-executor 6034 22836 50402 0 3 0x82 nanoslp syz-executor 25631 160365 50402 0 3 0x82 nanoslp syz-executor 81829 294739 50402 0 3 0x82 nanoslp syz-executor 54003 461807 50402 0 3 0x82 nanoslp syz-executor 20056 40007 50402 0 3 0x82 nanoslp syz-executor 50402 383662 91133 0 3 0x82 kqread syz-executor 91133 96814 81218 0 3 0x10008a sigsusp ksh 81218 157378 58654 0 3 0x98 kqread sshd-session 58654 251036 68930 0 3 0x92 kqread sshd-session 45439 441089 1 0 3 0x100083 ttyin getty 68930 270446 1 0 3 0x88 kqread sshd 35909 359742 51269 73 3 0x1100090 kqread syslogd 51269 139685 1 0 3 0x100082 sbwait syslogd 1980 146286 1 0 3 0x100080 kqread resolvd 24346 33116 58814 77 3 0x100092 kqread dhcpleased 96202 332028 58814 77 3 0x100092 kqread dhcpleased 58814 422285 1 0 3 0x80 kqread dhcpleased 23105 103601 0 0 3 0x14200 bored smr 80315 384258 0 0 2 0x14200 zerothread 90393 288131 0 0 3 0x14200 aiodoned aiodoned 93983 483126 0 0 3 0x14200 syncer update 92792 146327 0 0 3 0x14200 cleaner cleaner 83799 158842 0 0 3 0x14200 reaper reaper 73591 39587 0 0 3 0x14200 pgdaemon pagedaemon 29108 2903 0 0 3 0x14200 bored viomb 55203 47902 0 0 3 0x40014200 acpi0 acpi0 32254 4765 0 0 3 0x14200 bored softnet0 28119 518853 0 0 3 0x14200 bored systqmp 7352 401304 0 0 3 0x14200 bored systq 58314 302775 0 0 3 0x40014200 tmoslp softclock 25408 310970 0 0 3 0x40014200 idle0 1 443323 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11043 12237K 12483K 166960K 12802 0 pcb 17 13K 14K 166960K 118 0 rtable 274 9K 9K 166960K 414 0 pf 30 12K 14K 166960K 52 0 ifaddr 43 7K 8K 166960K 59 0 ifgroup 50 2K 2K 166960K 74 0 sysctl 4 1K 9K 166960K 11 0 counters 33 17K 18K 166960K 45 0 ioctlops 0 0K 4K 166960K 126 0 iov 0 0K 12K 166960K 17 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1433 90K 91K 166960K 1718 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 8 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 59 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 97K 166960K 400 0 sigio 0 0K 0K 166960K 4 0 proc 60 59K 100K 166960K 487 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 44 0 in_multi 103 7K 8K 166960K 121 0 ether_multi 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 390 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 231 159K 173K 166960K 5360 0 UVM aobj 76 5K 5K 166960K 78 0 pinsyscall 39 78K 94K 166960K 1458 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 12 0 NDP 11 0K 1K 166960K 36 0 temp 50 8665K 8729K 166960K 11142 0 kqueue 13 20K 28K 166960K 78 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 54 0 50 1 0 1 1 0 8 0 rtentry 136 124 0 3 5 0 5 5 0 8 0 unpcb 144 322 0 303 4 0 4 4 0 8 3 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 59 0 55 1 0 1 1 0 8 0 arp 96 18 0 0 1 0 1 1 0 8 0 inpcb 328 273 0 263 5 1 4 4 0 8 2 ip6q 72 2 0 0 1 0 1 1 0 8 0 ip6af 40 2 0 0 1 0 1 1 0 8 0 nd6 112 32 0 0 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 0 1 1 0 8 1 ppxss 1072 10 0 10 1 0 1 1 0 8 1 pppxif 1384 2 0 2 1 0 1 1 0 8 1 pfrule 1360 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 601 0 12 37 0 37 37 0 8 0 art_table 40 604 0 12 6 0 6 6 0 8 0 art_node 32 124 0 14 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 4 1 0 1 1 0 8 0 semapl 112 57 0 47 1 0 1 1 0 8 0 shmpl 112 74 0 2 3 0 3 3 0 8 0 dirhash 1024 26 0 9 3 0 3 3 0 8 0 dino2pl 256 2072 0 574 95 0 95 95 0 8 0 ffsino 256 2072 0 574 95 0 95 95 0 8 0 nchpl 144 2657 0 968 63 0 63 63 0 8 0 vnodes 216 2409 0 0 134 0 134 134 0 8 0 namei 1024 8771 0 8771 1 0 1 1 0 8 1 vcpupl 3904 1 0 0 1 0 1 1 0 8 0 vmpool 808 1 0 0 1 0 1 1 0 8 0 kstatmem 264 40 0 18 2 0 2 2 0 8 0 scsiplug 72 3 0 3 1 0 1 1 0 8 1 scxspl 216 10339 0 10339 10 2 8 8 1 8 8 plimitpl 152 78 0 62 1 0 1 1 0 8 0 sigapl 424 704 0 641 8 0 8 8 0 8 0 knotepl 120 12732 0 12685 9 0 9 9 0 8 7 kqueuepl 184 172 0 163 4 0 4 4 0 8 3 pipepl 304 137 0 109 3 0 3 3 0 8 0 fdescpl 448 670 0 640 5 1 4 5 0 8 0 filepl 120 3699 0 3483 10 0 10 10 0 8 2 lockfpl 104 82 0 78 1 0 1 1 0 8 0 lockfspl 48 39 0 35 1 0 1 1 0 8 0 sessionpl 144 21 0 13 1 0 1 1 0 8 0 pgrppl 48 30 0 14 1 0 1 1 0 8 0 ucredpl 104 370 0 359 1 0 1 1 0 8 0 zombiepl 144 835 0 835 2 1 1 1 0 8 1 processpl 1152 704 0 641 5 0 5 5 0 8 0 procpl 664 1192 0 1118 7 0 7 7 0 8 0 sockpl 552 660 0 627 8 0 8 8 0 8 4 mcl64k 65536 17 0 17 1 0 1 1 0 8 1 mcl8k 8192 10 0 10 2 1 1 1 0 8 1 mcl4k 4096 2831 0 2779 16 7 9 16 0 8 1 mcl2k 2048 558 0 549 2 0 2 2 0 8 0 mtagpl 96 85 0 8 3 1 2 2 0 8 0 mbufpl 256 6765 0 6510 17 0 17 17 0 8 0 bufpl 280 3724 0 118 258 0 258 258 0 8 0 anonpl 24 131023 0 127840 48 4 44 44 0 187 7 amapchunkpl 152 17121 0 16643 29 0 29 29 0 158 10 amappl16 200 2493 0 2462 19 7 12 15 0 8 8 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 7 0 7 1 1 0 1 0 8 0 amappl13 176 403 0 402 1 0 1 1 0 8 0 amappl12 168 1003 0 964 2 0 2 2 0 8 0 amappl11 160 9 0 9 1 1 0 1 0 8 0 amappl10 152 43 0 33 1 0 1 1 0 8 0 amappl9 144 274 0 274 1 1 0 1 0 8 0 amappl8 136 23 0 22 1 0 1 1 0 8 0 amappl7 128 83 0 81 1 0 1 1 0 8 0 amappl6 120 287 0 275 1 0 1 1 0 8 0 amappl5 112 72 0 64 1 0 1 1 0 8 0 amappl4 104 387 0 363 1 0 1 1 0 8 0 amappl3 96 2883 0 2793 3 0 3 3 0 8 0 amappl2 88 813 0 743 2 0 2 2 0 8 0 amappl1 80 9780 0 9234 13 0 13 13 0 8 1 amappl 88 4644 0 4483 5 0 5 5 0 92 0 uvmvnodes 80 102 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 77 0 2 2 0 2 2 0 8 0 uaddrrnd 24 670 0 640 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 670 0 640 1 0 1 1 0 8 0 vmmpekpl 168 7175 0 7141 2 0 2 2 0 8 0 vmmpepl 168 49966 0 48142 93 2 91 91 0 357 11 vmsppl 368 669 0 640 4 0 4 4 0 8 1 rwobjpl 40 16481 0 15469 13 0 13 13 0 8 0 pdppl 4096 1349 0 1281 100 32 68 83 0 8 0 pvpl 32 314339 0 305568 120 2 118 118 0 265 33 pmappl 216 670 0 640 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 389 0 44 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd8062e70928) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd8062e70928) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c9f1100,0,ffff80003c9f1070,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff8000015ea900,ffff80003c9f11a8,ffff80003c9f1100,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806db9cd00,ffff8000015cfa00) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015cfa00,fffffd806db9cd00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015cfa00,0,ffff80003c9f1358,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c93a7e8,3,ffff80003c9f1450,808,ffff80003c9f14f0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c93a7e8,ffff80003c9f15a0,ffff80003c9f14f0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c9f15a0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9f15a0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x66506ce73f0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd8062e70928) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd8062e70928) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c9f1100,0,ffff80003c9f1070,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff8000015ea900,ffff80003c9f11a8,ffff80003c9f1100,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806db9cd00,ffff8000015cfa00) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015cfa00,fffffd806db9cd00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015cfa00,0,ffff80003c9f1358,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c93a7e8,3,ffff80003c9f1450,808,ffff80003c9f14f0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c93a7e8,ffff80003c9f15a0,ffff80003c9f14f0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c9f15a0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9f15a0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x66506ce73f0, count: -10