uvm_fault(0xffffffff83960288, 0xffff80000150a0ca, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x66f: movzwl 0xc(%r15,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *250013 37166 0 0 0x4000000 0 syz-executor 40218 41313 0 0 0 1 syz-executor arp_rtrequest(ffff800000039058,1,fffffd8066237388) at arp_rtrequest+0x66f arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff800000039058,1,fffffd8066237388) at arp_rtrequest+0x66f sys/netinet/if_ether.c:184 rtrequest(1,ffff80003c46f920,0,ffff80003c46f8a0,0) at rtrequest+0xc5c sys/net/route.c:1117 rtm_output(ffff8000014bf400,ffff80003c46f9c8,ffff80003c46f920,0,0) at rtm_output+0x876 sys/net/rtsock.c:973 route_output(fffffd8065e36700,ffff80000169b6c0) at route_output+0x9a1 sys/net/rtsock.c:878 route_send(ffff80000169b6c0,fffffd8065e36700,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff80000169b6c0,0,ffff80003c46fb68,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff800038bfe548,3,ffff80003c46fc60,808,ffff80003c46fd10) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800038bfe548,ffff80003c46fdc0,ffff80003c46fd10) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c46fdc0) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c46fdc0) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x11d8ee9c500, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff83960288, 0xffff80000150a0ca, 0, 1) -> e ddb{0}> trace arp_rtrequest(ffff800000039058,1,fffffd8066237388) at arp_rtrequest+0x66f arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff800000039058,1,fffffd8066237388) at arp_rtrequest+0x66f sys/netinet/if_ether.c:184 rtrequest(1,ffff80003c46f920,0,ffff80003c46f8a0,0) at rtrequest+0xc5c sys/net/route.c:1117 rtm_output(ffff8000014bf400,ffff80003c46f9c8,ffff80003c46f920,0,0) at rtm_output+0x876 sys/net/rtsock.c:973 route_output(fffffd8065e36700,ffff80000169b6c0) at route_output+0x9a1 sys/net/rtsock.c:878 route_send(ffff80000169b6c0,fffffd8065e36700,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff80000169b6c0,0,ffff80003c46fb68,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff800038bfe548,3,ffff80003c46fc60,808,ffff80003c46fd10) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800038bfe548,ffff80003c46fdc0,ffff80003c46fd10) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c46fdc0) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c46fdc0) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x11d8ee9c500, count: -10 ddb{0}> show registers rdi 0xffff8000347ec000 rsi 0x877 rbp 0xffff80003c46f770 rbx 0xde rdx 0xffff8000347ec000 rcx 0x100040600080100 rax 0xfffffd806074f9e0 r8 0x10 r9 0xfffffd8066237388 r10 0x83528f88cabd6060 r11 0xfc02c2f9ace32d49 r12 0x42 r13 0xfffffd806074f900 r14 0xfffffd8066237388 r15 0xffff800001509fe0 rip 0xffffffff812c2c0f arp_rtrequest+0x66f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c46f6f0 ss 0x10 arp_rtrequest+0x66f: movzwl 0xc(%r15,%rbx,1),%ecx ddb{0}> show proc PROC (syz-executor) tid=250013 pid=37166 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800038bfe7d8,0xffffffff83922ad8 process=0xffff80002a397560 user=0xffff80003c46a000, vmspace=0xfffffd800b026d20 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 37166 79044 51259 0 2 0 syz-executor *37166 250013 51259 0 7 0x4000000 syz-executor 36993 222356 83043 0 2 0 syz-executor 36993 110224 83043 0 2 0x4000000 syz-executor 49740 422198 17827 0 2 0 syz-executor 49740 495539 17827 0 3 0x4000080 fsleep syz-executor 20224 50528 9710 0 2 0 syz-executor 20224 435417 9710 0 3 0x4000080 fsleep syz-executor 41313 40218 42915 0 7 0 syz-executor 41313 58200 42915 0 3 0x4000080 lockf syz-executor 41313 15704 42915 0 3 0x4000080 lockf syz-executor 41313 471437 42915 0 2 0x4000000 syz-executor 41313 5122 42915 0 2 0x4000000 syz-executor 41313 506229 42915 0 2 0x4000000 syz-executor 75685 382503 89103 0 2 0 syz-executor 75685 384561 89103 0 3 0x4000080 fsleep syz-executor 85390 197599 3475 0 2 0 syz-executor 85390 511536 3475 0 3 0x4000080 kqread syz-executor 85390 252564 3475 0 3 0x4000080 fsleep syz-executor 33658 465544 1 0 3 0x100083 ttyin getty 89103 521408 92269 0 3 0x82 nanoslp syz-executor 18549 98742 92269 0 3 0x82 piperd syz-executor 51259 66464 92269 0 3 0x82 nanoslp syz-executor 58647 32791 0 0 3 0x14200 bored sosplice 9710 408930 92269 0 3 0x82 nanoslp syz-executor 83043 314494 92269 0 3 0x82 nanoslp syz-executor 17827 254926 92269 0 3 0x82 nanoslp syz-executor 42915 257461 92269 0 3 0x82 nanoslp syz-executor 3475 190608 92269 0 3 0x82 nanoslp syz-executor 92269 165870 66640 0 2 0x2 syz-executor 66640 220227 69141 0 3 0x10008a sigsusp ksh 69141 362615 42975 0 3 0x98 kqread sshd-session 42975 300398 38793 0 3 0x92 kqread sshd-session 38793 114823 1 0 3 0x88 kqread sshd 24922 102467 62630 74 3 0x1100092 bpf pflogd 62630 448955 1 0 3 0x80 sbwait pflogd 45946 245266 61146 73 3 0x1100090 kqread syslogd 61146 255072 1 0 3 0x100082 sbwait syslogd 72748 281437 1 0 3 0x100080 kqread resolvd 99721 507136 63110 77 3 0x100092 kqread dhcpleased 19994 341790 63110 77 3 0x100092 kqread dhcpleased 63110 114819 1 0 3 0x80 kqread dhcpleased 53144 32279 0 0 3 0x14200 bored smr 92003 386359 0 0 2 0x14200 zerothread 71579 226582 0 0 3 0x14200 aiodoned aiodoned 17888 100260 0 0 3 0x14200 syncer update 24500 266404 0 0 3 0x14200 cleaner cleaner 13566 310113 0 0 3 0x14200 reaper reaper 3715 191112 0 0 3 0x14200 pgdaemon pagedaemon 31288 432523 0 0 3 0x14200 bored viomb 69352 72494 0 0 3 0x40014200 acpi0 acpi0 12137 440486 0 0 3 0x40014200 idle1 15632 291312 0 0 3 0x14200 bored softnet3 43658 226146 0 0 3 0x14200 bored softnet2 78854 254691 0 0 3 0x14200 bored softnet1 89809 145784 0 0 3 0x14200 bored softnet0 17921 388864 0 0 2 0x14200 systqmp 1359 334936 0 0 3 0x14200 bored systq 13022 468970 0 0 3 0x14200 tmoslp softclockmp 78559 120916 0 0 3 0x40014200 tmoslp softclock 79068 447954 0 0 3 0x40014200 idle0 1 415306 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 37166 (syz-executor) thread 0xffff800038bfe548 (250013) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10265 11043K 11563K 166960K 12902 0 pcb 19 12K 20K 166960K 190 0 rtable 208 18K 19K 166960K 573 0 pf 38 18K 21K 166960K 130 0 ifaddr 38 6K 7K 166960K 90 0 ifgroup 55 2K 3K 166960K 133 0 sysctl 4 1K 9K 166960K 12 0 counters 68 36K 37K 166960K 150 0 ioctlops 0 0K 4K 166960K 1681 0 iov 0 0K 32K 166960K 41 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1369 86K 87K 166960K 2211 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 16 0 VM map 2 1K 1K 166960K 2 0 sem 22 5K 6K 166960K 75 0 dirhash 15 2K 3K 166960K 33 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 85K 166960K 1137 0 sigio 0 0K 0K 166960K 93 0 proc 72 91K 128K 166960K 724 0 subproc 72 4K 4K 166960K 100 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 109 0 in_multi 77 5K 7K 166960K 170 0 ether_multi 1 0K 0K 166960K 9 0 mrt 0 0K 0K 166960K 7 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 415 1844K 1844K 166960K 415 0 exec 0 0K 1K 166960K 494 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 239 168K 191K 166960K 12078 0 UVM aobj 127 7K 7K 166960K 129 0 pinsyscall 42 84K 102K 166960K 2317 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 87 0 NDP 12 0K 2K 166960K 59 0 temp 80 8695K 8762K 166960K 53223 0 kqueue 13 20K 36K 166960K 212 0 SYN cache 2 10K 18K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 156 0 152 3 2 1 3 0 8 0 rtentry 176 171 0 87 6 0 6 6 0 8 0 unpcb 144 726 0 707 8 7 1 6 0 8 0 syncache 336 6 0 6 4 3 1 1 0 8 1 tcpcb 736 320 0 316 7 3 4 4 0 8 3 arp 128 30 0 15 1 0 1 1 0 8 0 inpcb 328 1017 0 1006 14 9 5 7 0 8 4 nd6 144 37 0 16 1 0 1 1 0 8 0 pkpcb 40 6 0 6 5 4 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 ppxss 1192 30 0 30 3 2 1 1 0 8 1 pppxif 1504 2 0 2 1 0 1 1 0 8 1 pfstscr 40 1 0 0 1 0 1 1 0 8 0 pffrag 232 4 0 1 1 0 1 1 0 482 0 pffrnode 88 4 0 1 1 0 1 1 0 8 0 pffrent 40 6 0 3 2 1 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 4 0 1 1 0 1 1 0 8 0 pfanchor 1288 4 0 0 1 0 1 1 0 8 0 pftag 88 3 0 0 1 0 1 1 0 8 0 pfstitem 24 75 0 26 1 0 1 1 0 8 0 pfstkey 128 75 0 26 2 0 2 2 0 8 0 pfstate 384 74 0 26 5 0 5 5 0 8 0 pfrule 1344 29 0 19 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 707 0 343 35 8 27 29 0 8 0 art_table 32 710 0 343 4 0 4 4 0 8 0 art_node 16 170 0 96 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 7 1 0 1 1 0 8 0 semapl 112 35 0 15 1 0 1 1 0 8 0 shmpl 112 126 0 2 4 0 4 4 0 8 0 dirhash 1024 31 0 12 3 0 3 3 0 8 0 dino2pl 256 3354 0 1832 96 0 96 96 0 8 0 ffsino 288 3354 0 1832 110 0 110 110 0 8 0 nchpl 144 4926 0 3223 65 1 64 64 0 8 0 rtmask 32 11 0 11 2 2 0 1 0 8 0 uvmvnodes 80 3973 0 0 82 0 82 82 0 8 0 vnodes 216 3973 0 0 221 0 221 221 0 8 0 namei 1024 16767 0 16767 4 3 1 2 0 8 1 percpumem 16 90 0 41 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 78 0 50 3 0 3 3 0 8 0 scsiplug 72 4 0 4 3 3 0 1 0 8 0 scxspl 216 24532 0 24532 11 10 1 8 1 8 1 plimitpl 152 517 0 499 1 0 1 1 0 8 0 sigapl 424 1438 0 1388 8 2 6 7 0 8 0 knotepl 120 380 0 0 12 0 12 12 0 8 0 kqueuepl 224 346 0 336 2 1 1 2 0 8 0 pipepl 336 195 0 168 3 0 3 3 0 8 0 fdescpl 520 1417 0 1386 3 0 3 3 0 8 0 filepl 160 8629 0 8403 19 7 12 15 0 8 1 lockfpl 104 334 0 327 1 0 1 1 0 8 0 lockfspl 48 156 0 151 1 0 1 1 0 8 0 sessionpl 144 28 0 19 1 0 1 1 0 8 0 pgrppl 48 48 0 31 1 0 1 1 0 8 0 ucredpl 104 1230 0 1217 1 0 1 1 0 8 0 zombiepl 144 1388 0 1388 1 0 1 1 0 8 1 processpl 1240 1438 0 1388 5 0 5 5 0 8 0 procpl 656 3073 0 3011 7 1 6 6 0 8 0 srpgc 96 10 0 10 2 1 1 1 0 8 1 sosppl 168 3 0 3 2 2 0 1 0 8 0 sockpl 728 1964 0 1930 21 14 7 15 0 8 3 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 111 0 0 14 0 14 14 0 8 0 mcl2k 2048 23 0 0 3 0 3 3 0 8 0 mtagpl 96 78 0 0 2 0 2 2 0 8 0 mbufpl 256 272 0 0 16 0 16 16 0 8 0 bufpl 280 9012 0 2870 439 0 439 439 0 8 0 anonpl 32 10345 0 0 84 0 84 84 0 246 0 amapchunkpl 152 40121 0 39557 55 20 35 35 0 158 10 amappl16 200 4752 0 4687 41 25 16 19 0 8 6 amappl15 192 3 0 3 1 1 0 1 0 8 0 amappl14 184 126 0 114 1 0 1 1 0 8 0 amappl13 176 5 0 5 2 2 0 1 0 8 0 amappl12 168 2117 0 2086 4 1 3 3 0 8 0 amappl11 160 53 0 39 1 0 1 1 0 8 0 amappl10 152 36 0 36 1 1 0 1 0 8 0 amappl9 144 250 0 250 1 1 0 1 0 8 0 amappl8 136 26 0 23 1 0 1 1 0 8 0 amappl7 128 116 0 104 1 0 1 1 0 8 0 amappl6 120 213 0 209 1 0 1 1 0 8 0 amappl5 112 153 0 142 1 0 1 1 0 8 0 amappl4 104 332 0 314 1 0 1 1 0 8 0 amappl3 96 7916 0 7810 4 0 4 4 0 8 0 amappl2 88 719 0 654 2 0 2 2 0 8 0 amappl1 80 13050 0 12447 16 1 15 15 0 8 1 amappl 88 11160 0 10994 5 0 5 5 0 92 0 dma16384 16384 2 0 2 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 8 0 8 3 3 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 21 0 20 1 0 1 1 0 8 0 aobjpl 72 128 0 2 3 0 3 3 0 8 0 uaddrrnd 24 1417 0 1386 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1417 0 1386 1 0 1 1 0 8 0 vmmpekpl 168 12556 0 12506 3 0 3 3 0 8 0 vmmpepl 168 94793 0 92758 120 17 103 104 0 357 6 vmsppl 480 1416 0 1386 7 2 5 5 0 8 0 rwobjpl 72 30393 0 25330 96 0 96 96 0 8 0 pdppl 4096 2841 0 2772 115 42 73 83 0 8 4 pvpl 32 18203 0 0 147 0 147 147 0 265 0 pmappl 256 1416 0 1386 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 426 0 66 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace arp_rtrequest(ffff800000039058,1,fffffd8066237388) at arp_rtrequest+0x66f arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff800000039058,1,fffffd8066237388) at arp_rtrequest+0x66f sys/netinet/if_ether.c:184 rtrequest(1,ffff80003c46f920,0,ffff80003c46f8a0,0) at rtrequest+0xc5c sys/net/route.c:1117 rtm_output(ffff8000014bf400,ffff80003c46f9c8,ffff80003c46f920,0,0) at rtm_output+0x876 sys/net/rtsock.c:973 route_output(fffffd8065e36700,ffff80000169b6c0) at route_output+0x9a1 sys/net/rtsock.c:878 route_send(ffff80000169b6c0,fffffd8065e36700,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff80000169b6c0,0,ffff80003c46fb68,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff800038bfe548,3,ffff80003c46fc60,808,ffff80003c46fd10) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800038bfe548,ffff80003c46fdc0,ffff80003c46fd10) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c46fdc0) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c46fdc0) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x11d8ee9c500, count: -10 ddb{0}> machine ddbcpu 1