login: uvm_fault(0xffffffff838a7378, 0xffff8000015ac02a, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *443354 37787 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff8000002a2058,1,fffffd806ce60348) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806ce60348) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c954ec0,0,ffff80003c954e30,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001531f00,ffff80003c954f68,ffff80003c954ec0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806cafba00,ffff8000015b68f8) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015b68f8,fffffd806cafba00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015b68f8,0,ffff80003c955118,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff8000300f07e0,5,ffff80003c955210,808,ffff80003c9552b0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff8000300f07e0,ffff80003c955360,ffff80003c9552b0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c955360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c955360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf8b9a639cc0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff838a7378, 0xffff8000015ac02a, 0, 1) -> e ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd806ce60348) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806ce60348) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c954ec0,0,ffff80003c954e30,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001531f00,ffff80003c954f68,ffff80003c954ec0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806cafba00,ffff8000015b68f8) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015b68f8,fffffd806cafba00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015b68f8,0,ffff80003c955118,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff8000300f07e0,5,ffff80003c955210,808,ffff80003c9552b0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff8000300f07e0,ffff80003c955360,ffff80003c9552b0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c955360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c955360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf8b9a639cc0, count: -10 ddb> show registers rdi 0xffff800038122000 rsi 0x964 rbp 0xffff80003c954d10 rbx 0xde rdx 0xffff800038122000 rcx 0xffff8000015abf40 rax 0xfffffd806cafbfe0 r8 0x1000 __ALIGN_SIZE r9 0 r10 0xb5a5cca3f6af3ee5 r11 0x7e59a1d9cc9fefe2 r12 0x1e r13 0xfffffd806cafbf00 r14 0xfffffd806ce60348 r15 0xffff8000002a2058 rip 0xffffffff810e90f4 arp_rtrequest+0x6a4 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c954c90 ss 0x10 arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=443354 pid=37787 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000300f0fa8,0xffffffff83982c60 process=0xffff8000ffff8018 user=0xffff80003c950000, vmspace=0xfffffd806c9b05d0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 37787 226535 62588 0 2 0 syz-executor *37787 443354 62588 0 7 0x4000000 syz-executor 18232 348904 9970 0 2 0 syz-executor 18232 513846 9970 0 3 0x4000080 bell syz-executor 92890 437549 12199 0 2 0 syz-executor 92890 118811 12199 0 3 0x4000080 fsleep syz-executor 55162 298108 85518 0 2 0xc80 syz-executor 55162 516600 85518 0 3 0x4000080 ttyin syz-executor 55162 517704 85518 0 3 0x4000080 fsleep syz-executor 55162 201447 85518 0 3 0x4000080 fsleep syz-executor 45281 402476 31784 0 2 0 syz-executor 45281 47871 31784 0 3 0x4000080 fsleep syz-executor 45281 421608 31784 0 3 0x4000080 fsleep syz-executor 44413 339837 4311 0 2 0x10 syz-executor 44413 325272 4311 0 3 0x4000090 sbwait syz-executor 44413 135919 4311 0 3 0x4000090 fsleep syz-executor 59925 277460 78332 0 3 0x80 nanoslp syz-executor 59925 151967 78332 0 3 0x4000080 ttyout syz-executor 59925 126776 78332 0 3 0x4000080 ttyout syz-executor 59925 301959 78332 0 3 0x4000080 fsleep syz-executor 66059 450927 1 0 3 0x100083 ttyin getty 4311 202004 19146 0 3 0x82 nanoslp syz-executor 62588 248873 19146 0 3 0x82 nanoslp syz-executor 78332 331908 19146 0 3 0x82 nanoslp syz-executor 31784 117700 19146 0 2 0xc82 syz-executor 12199 252882 19146 0 3 0x82 nanoslp syz-executor 60578 167971 19146 0 2 0x2 syz-executor 85518 359620 19146 0 3 0x82 nanoslp syz-executor 9970 459177 19146 0 2 0xc82 syz-executor 19146 309645 40894 0 3 0x82 kqread syz-executor 40894 155436 57246 0 3 0x10008a sigsusp ksh 57246 342742 55555 0 3 0x98 kqread sshd-session 55555 391782 64516 0 3 0x92 kqread sshd-session 64516 234928 1 0 3 0x88 kqread sshd 72521 261553 79854 73 2 0x1100090 syslogd 79854 149447 1 0 3 0x100082 sbwait syslogd 8720 168191 1 0 3 0x100080 kqread resolvd 72492 101405 90928 77 3 0x100092 kqread dhcpleased 25266 426285 90928 77 3 0x100092 kqread dhcpleased 90928 85409 1 0 3 0x80 kqread dhcpleased 35330 30889 0 0 3 0x14200 bored smr 39537 386452 0 0 2 0x14200 zerothread 1802 222215 0 0 3 0x14200 aiodoned aiodoned 52872 380649 0 0 3 0x14200 syncer update 70664 199261 0 0 3 0x14200 cleaner cleaner 51223 56407 0 0 3 0x14200 reaper reaper 21300 390365 0 0 3 0x14200 pgdaemon pagedaemon 10935 456323 0 0 3 0x14200 bored viomb 10150 51913 0 0 3 0x40014200 acpi0 acpi0 27203 201966 0 0 2 0x14200 softnet0 32948 99099 0 0 3 0x14200 bored systqmp 23598 382099 0 0 3 0x14200 bored systq 2373 110754 0 0 3 0x40014200 tmoslp softclock 8863 134607 0 0 3 0x40014200 idle0 1 305532 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11045 12294K 12449K 166960K 12634 0 pcb 17 12K 12K 166960K 72 0 rtable 160 5K 6K 166960K 409 0 pf 28 12K 13K 166960K 43 0 ifaddr 30 5K 7K 166960K 49 0 ifgroup 43 2K 2K 166960K 68 0 sysctl 2 1K 9K 166960K 6 0 counters 31 17K 18K 166960K 37 0 ioctlops 0 0K 4K 166960K 98 0 iov 0 0K 16K 166960K 15 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1344 85K 85K 166960K 1633 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 6 0 VM map 2 1K 1K 166960K 2 0 sem 10 0K 0K 166960K 12 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 93K 166960K 375 0 sigio 0 0K 0K 166960K 4 0 proc 61 67K 91K 166960K 520 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 150 0 in_multi 65 4K 7K 166960K 102 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 446 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 244 152K 168K 166960K 5184 0 UVM aobj 5 4K 4K 166960K 5 0 pinsyscall 38 76K 94K 166960K 1457 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 22 0 NDP 9 0K 2K 166960K 31 0 temp 46 8664K 8744K 166960K 16184 0 kqueue 13 20K 31K 166960K 66 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 55 0 50 1 0 1 1 0 8 0 rtentry 136 120 0 55 4 0 4 4 0 8 0 unpcb 144 444 0 424 6 0 6 6 0 8 5 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 736 132 0 128 7 0 7 7 0 8 6 arp 96 20 0 8 1 0 1 1 0 8 0 inpcb 328 464 0 456 12 0 12 12 0 8 10 ip6q 72 2 0 1 1 0 1 1 0 8 0 ip6af 40 3 0 2 1 0 1 1 0 8 0 nd6 112 25 0 10 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfstscr 40 1 0 1 1 0 1 1 0 8 1 pfstkey 128 1 0 1 1 0 1 1 0 8 1 pfstate 384 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 488 0 183 29 0 29 29 0 8 7 art_table 40 490 0 183 5 0 5 5 0 8 0 art_node 32 120 0 62 1 0 1 1 0 8 0 sysvmsgpl 40 5 0 5 1 0 1 1 0 8 1 semapl 112 9 0 1 1 0 1 1 0 8 0 shmpl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2054 0 550 95 0 95 95 0 8 0 ffsino 256 2054 0 550 95 0 95 95 0 8 0 nchpl 144 2587 0 897 63 0 63 63 0 8 0 vnodes 216 2265 0 0 126 0 126 126 0 8 0 namei 1024 8546 0 8546 2 0 2 2 0 8 2 vcpupl 3904 1 0 0 1 0 1 1 0 8 0 vmpool 808 1 0 0 1 0 1 1 0 8 0 kstatmem 264 30 0 12 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 8516 0 8516 8 0 8 8 1 8 8 plimitpl 152 91 0 73 1 0 1 1 0 8 0 sigapl 424 665 0 623 6 0 6 6 0 8 1 knotepl 120 11647 0 11600 9 0 9 9 0 8 7 kqueuepl 184 85 0 75 1 0 1 1 0 8 0 pipepl 304 134 0 105 3 0 3 3 0 8 0 fdescpl 448 652 0 623 5 0 5 5 0 8 1 filepl 120 3513 0 3218 13 0 13 13 0 8 3 lockfpl 104 100 0 98 1 0 1 1 0 8 0 lockfspl 48 40 0 38 1 0 1 1 0 8 0 sessionpl 144 22 0 14 1 0 1 1 0 8 0 pgrppl 48 37 0 21 1 0 1 1 0 8 0 ucredpl 104 518 0 506 1 0 1 1 0 8 0 zombiepl 144 623 0 623 1 0 1 1 0 8 1 processpl 1152 665 0 623 4 0 4 4 0 8 0 procpl 664 1043 0 988 6 0 6 6 0 8 1 sockpl 552 1000 0 967 13 1 12 12 0 8 9 mcl64k 65536 26 0 11 2 0 2 2 0 8 0 mcl8k 8192 5 0 5 1 0 1 1 0 8 1 mcl4k 4096 2758 0 2700 13 0 13 13 0 8 5 mcl2k 2048 727 0 724 5 0 5 5 0 8 4 mtagpl 96 75 0 5 2 0 2 2 0 8 0 mbufpl 256 7740 0 7531 24 3 21 24 0 8 5 bufpl 280 2991 0 119 206 0 206 206 0 8 0 anonpl 24 115315 0 109883 44 0 44 44 0 187 10 amapchunkpl 152 15672 0 15034 28 0 28 28 0 158 3 amappl16 200 1824 0 1777 11 0 11 11 0 8 8 amappl15 192 4 0 4 1 0 1 1 0 8 1 amappl14 184 3 0 3 1 0 1 1 0 8 1 amappl13 176 408 0 407 1 0 1 1 0 8 0 amappl12 168 991 0 953 2 0 2 2 0 8 0 amappl11 160 3 0 3 1 0 1 1 0 8 1 amappl10 152 70 0 59 1 0 1 1 0 8 0 amappl9 144 248 0 248 1 0 1 1 0 8 1 amappl8 136 29 0 28 1 0 1 1 0 8 0 amappl7 128 176 0 175 1 0 1 1 0 8 0 amappl6 120 263 0 252 1 0 1 1 0 8 0 amappl5 112 65 0 58 1 0 1 1 0 8 0 amappl4 104 383 0 357 1 0 1 1 0 8 0 amappl3 96 2592 0 2496 3 0 3 3 0 8 0 amappl2 88 765 0 695 2 0 2 2 0 8 0 amappl1 80 9780 0 9250 13 0 13 13 0 8 1 amappl 88 4445 0 4272 5 0 5 5 0 92 0 uvmvnodes 80 103 0 0 3 0 3 3 0 8 0 dma4096 4096 2 0 2 1 0 1 1 0 8 1 dma2048 2048 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 8 0 8 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 7 0 7 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 4 0 0 1 0 1 1 0 8 0 uaddrrnd 24 652 0 623 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 652 0 623 1 0 1 1 0 8 0 vmmpekpl 168 6788 0 6755 2 0 2 2 0 8 0 vmmpepl 168 47839 0 46034 88 0 88 88 0 357 7 vmsppl 368 651 0 623 4 0 4 4 0 8 1 rwobjpl 40 15399 0 14426 12 0 12 12 0 8 1 pdppl 4096 1312 0 1247 96 29 67 80 0 8 2 pvpl 32 294632 0 282998 103 0 103 103 0 265 8 pmappl 216 652 0 623 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 389 0 32 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd806ce60348) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806ce60348) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c954ec0,0,ffff80003c954e30,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001531f00,ffff80003c954f68,ffff80003c954ec0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806cafba00,ffff8000015b68f8) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015b68f8,fffffd806cafba00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015b68f8,0,ffff80003c955118,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff8000300f07e0,5,ffff80003c955210,808,ffff80003c9552b0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff8000300f07e0,ffff80003c955360,ffff80003c9552b0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c955360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c955360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf8b9a639cc0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd806ce60348) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806ce60348) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c954ec0,0,ffff80003c954e30,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff800001531f00,ffff80003c954f68,ffff80003c954ec0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806cafba00,ffff8000015b68f8) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000015b68f8,fffffd806cafba00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000015b68f8,0,ffff80003c955118,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff8000300f07e0,5,ffff80003c955210,808,ffff80003c9552b0) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff8000300f07e0,ffff80003c955360,ffff80003c9552b0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c955360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c955360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf8b9a639cc0, count: -10