uvm_fault(0xffffffff8391fb88, 0xffff8000014f90ca, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x65e: movzwl 0xc(%r15,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *455279 2262 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff800000039058,1,fffffd80682d5778) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd80682d5778) at arp_rtrequest+0x65e sys/netinet/if_ether.c:182 rtrequest(1,ffff80003892f018,0,ffff80003892ef90,16) at rtrequest+0xd4c sys/net/route.c:1114 rtm_output(ffff8000014a2d00,ffff80003892f0c0,ffff80003892f018,0,16) at rtm_output+0x855 sys/net/rtsock.c:970 route_output(fffffd806cd85600,ffff8000014f4258) at route_output+0x9ac sys/net/rtsock.c:875 route_send(ffff8000014f4258,fffffd806cd85600,0,0) at route_send+0xd7 sys/net/rtsock.c:339 sosend(ffff8000014f4258,0,ffff80003892f268,0,0,808) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff80002a7f02b0,3,ffff80003892f360,808,ffff80003892f410) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80002a7f02b0,ffff80003892f4c0,ffff80003892f410) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003892f4c0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003892f4c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:742 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xae219a1bcf0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff8391fb88, 0xffff8000014f90ca, 0, 1) -> e ddb> trace arp_rtrequest(ffff800000039058,1,fffffd80682d5778) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd80682d5778) at arp_rtrequest+0x65e sys/netinet/if_ether.c:182 rtrequest(1,ffff80003892f018,0,ffff80003892ef90,16) at rtrequest+0xd4c sys/net/route.c:1114 rtm_output(ffff8000014a2d00,ffff80003892f0c0,ffff80003892f018,0,16) at rtm_output+0x855 sys/net/rtsock.c:970 route_output(fffffd806cd85600,ffff8000014f4258) at route_output+0x9ac sys/net/rtsock.c:875 route_send(ffff8000014f4258,fffffd806cd85600,0,0) at route_send+0xd7 sys/net/rtsock.c:339 sosend(ffff8000014f4258,0,ffff80003892f268,0,0,808) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff80002a7f02b0,3,ffff80003892f360,808,ffff80003892f410) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80002a7f02b0,ffff80003892f4c0,ffff80003892f410) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003892f4c0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003892f4c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:742 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xae219a1bcf0, count: -10 ddb> show registers rdi 0xffff80003811e000 rsi 0x305 rbp 0xffff80003892ee60 rbx 0xde rdx 0xffff80003811e000 rcx 0x100040600080100 rax 0xfffffd806cd85ee0 r8 0x10 r9 0xfffffd80682d5778 r10 0x9c0544aef464fe6 r11 0x20b7f773ea43d051 r12 0x2e r13 0xfffffd806cd85e00 r14 0xfffffd80682d5778 r15 0xffff8000014f8fe0 rip 0xffffffff82e01dee arp_rtrequest+0x65e cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003892ede0 ss 0x10 arp_rtrequest+0x65e: movzwl 0xc(%r15,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=455279 pid=2262 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7f0020,0xffffffff838cb7e0 process=0xffff800035d17678 user=0xffff80003892a000, vmspace=0xfffffd807e0f7e18 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 2262 331106 72780 0 2 0 syz-executor * 2262 455279 72780 0 7 0x4000000 syz-executor 61979 18180 18403 0 2 0 syz-executor 61979 449026 18403 0 3 0x4000080 fsleep syz-executor 61979 306863 18403 0 3 0x4000080 fsleep syz-executor 48891 59188 79787 0 2 0 syz-executor 48891 122811 79787 0 3 0x4000080 fsleep syz-executor 83548 342028 10251 0 2 0 syz-executor 83548 396039 10251 0 3 0x4000080 fifor syz-executor 96125 514170 4271 0 2 0 syz-executor 96125 258419 4271 0 3 0x4000080 fsleep syz-executor 16603 361082 0 0 3 0x14200 acct acct 4271 18315 71119 0 2 0xc82 syz-executor 10403 74726 1 0 3 0x100083 ttyin getty 79787 297213 71119 0 2 0xc82 syz-executor 21803 189317 0 0 3 0x14200 bored sosplice 21515 512449 71119 0 2 0xc82 syz-executor 72780 337780 71119 0 3 0x82 nanoslp syz-executor 18403 420248 71119 0 3 0x82 nanoslp syz-executor 93175 446912 71119 0 2 0x2 syz-executor 78421 374225 71119 0 3 0x2 biowait syz-executor 10251 191329 71119 0 2 0xc82 syz-executor 71119 378641 23521 0 2 0x2 syz-executor 23521 235336 6344 0 3 0x10008a sigsusp ksh 6344 425693 13378 0 3 0x98 kqread sshd-session 13378 405506 50008 0 3 0x92 kqread sshd-session 50008 233024 1 0 3 0x88 kqread sshd 80795 192983 40590 73 3 0x1100090 kqread syslogd 40590 465047 1 0 3 0x100082 sbwait syslogd 96360 484901 1 0 3 0x100080 kqread resolvd 29043 164095 89699 77 3 0x100092 kqread dhcpleased 85938 269374 89699 77 3 0x100092 kqread dhcpleased 89699 428605 1 0 3 0x80 kqread dhcpleased 47009 390552 0 0 3 0x14200 bored smr 76781 319990 0 0 2 0x14200 zerothread 57006 325661 0 0 3 0x14200 aiodoned aiodoned 30110 105005 0 0 3 0x14200 syncer update 64632 496297 0 0 3 0x14200 cleaner cleaner 65305 164110 0 0 3 0x14200 reaper reaper 91838 429110 0 0 3 0x14200 pgdaemon pagedaemon 62086 357390 0 0 3 0x14200 bored viomb 39201 73328 0 0 3 0x40014200 acpi0 acpi0 54293 134052 0 0 3 0x14200 bored softnet3 69177 323973 0 0 3 0x14200 bored softnet2 25528 402627 0 0 3 0x14200 bored softnet1 21525 1674 0 0 3 0x14200 bored softnet0 17735 212542 0 0 3 0x14200 bored systqmp 7254 310611 0 0 3 0x14200 bored systq 11687 4903 0 0 2 0x40014200 softclock 49028 46667 0 0 3 0x40014200 idle0 1 462221 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10216 11253K 11494K 166960K 12376 0 pcb 19 14K 16K 166960K 346 0 rtable 185 8K 9K 166960K 792 0 pf 32 13K 14K 166960K 73 0 ifaddr 33 5K 8K 166960K 75 0 ifgroup 50 2K 2K 166960K 109 0 sysctl 1 1K 9K 166960K 9 0 counters 32 17K 18K 166960K 55 0 ioctlops 0 0K 4K 166960K 216 0 iov 0 0K 16K 166960K 33 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1362 86K 86K 166960K 1935 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 20 0 VM map 2 1K 1K 166960K 2 0 sem 20 3K 3K 166960K 64 0 dirhash 12 2K 2K 166960K 30 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 97K 166960K 727 0 sigio 0 0K 0K 166960K 13 0 proc 60 59K 124K 166960K 592 0 subproc 72 4K 4K 166960K 90 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 92 0 in_multi 65 4K 7K 166960K 153 0 ether_multi 1 0K 0K 166960K 8 0 mrt 2 0K 0K 166960K 9 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 217 970K 970K 166960K 217 0 exec 0 0K 2K 166960K 523 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 210 146K 158K 166960K 7843 0 UVM aobj 28 2K 2K 166960K 29 0 pinsyscall 37 74K 96K 166960K 1824 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 25 0 NDP 11 0K 2K 166960K 48 0 temp 61 8676K 8778K 166960K 22573 0 kqueue 13 20K 36K 166960K 149 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 90 0 86 1 0 1 1 0 8 0 rtentry 136 217 0 147 4 0 4 4 0 8 0 unpcb 144 706 0 685 4 3 1 4 0 8 0 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpcb 736 212 0 208 8 6 2 7 0 8 1 arp 88 24 0 11 1 0 1 1 0 8 0 inpcb 328 1038 0 1028 16 7 9 10 0 8 7 ip6q 72 3 0 3 2 1 1 1 0 8 1 ip6af 40 8 0 8 2 1 1 1 0 8 1 nd6 104 33 0 17 1 0 1 1 0 8 0 pkpcb 40 3 0 3 2 1 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 ppxss 1072 14 0 14 2 1 1 1 0 8 1 pppxif 1384 4 0 4 1 1 0 1 0 8 0 pfrule 1344 1 0 0 1 0 1 1 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 649 0 328 30 1 29 30 0 8 7 art_table 32 652 0 328 4 0 4 4 0 8 0 art_node 16 150 0 87 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 4 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 57 0 39 1 0 1 1 0 8 0 shmpl 112 26 0 1 1 0 1 1 0 8 0 dirhash 1024 30 0 13 3 0 3 3 0 8 0 dino2pl 256 2719 0 1220 95 0 95 95 0 8 0 ffsino 248 2719 0 1220 95 0 95 95 0 8 0 nchpl 144 3700 0 2014 63 0 63 63 0 8 0 uvmvnodes 80 3106 0 0 64 0 64 64 0 8 0 vnodes 216 3106 0 0 173 0 173 173 0 8 0 namei 1024 12794 0 12792 2 1 1 2 0 8 0 kstatmem 264 56 0 34 2 0 2 2 0 8 0 scsiplug 72 2 0 2 1 1 0 1 0 8 0 scxspl 216 15265 0 15264 8 7 1 8 1 8 0 plimitpl 152 358 0 341 1 0 1 1 0 8 0 sigapl 424 1009 0 963 7 1 6 7 0 8 0 knotepl 120 35582 0 35535 32 22 10 18 0 8 6 kqueuepl 184 357 0 348 6 3 3 4 0 8 2 pipepl 296 219 0 192 5 2 3 5 0 8 0 fdescpl 440 990 0 962 5 1 4 5 0 8 0 filepl 120 6679 0 6463 17 6 11 15 0 8 3 lockfpl 104 279 0 275 1 0 1 1 0 8 0 lockfspl 48 130 0 126 1 0 1 1 0 8 0 sessionpl 144 26 0 18 1 0 1 1 0 8 0 pgrppl 48 73 0 57 1 0 1 1 0 8 0 ucredpl 104 1041 0 1030 1 0 1 1 0 8 0 zombiepl 144 964 0 963 1 0 1 1 0 8 0 processpl 1160 1009 0 963 4 0 4 4 0 8 0 procpl 656 1888 0 1836 6 0 6 6 0 8 0 sosppl 168 5 0 5 2 1 1 1 0 8 1 sockpl 528 1857 0 1822 19 9 10 12 0 8 7 mcl64k 65536 19 0 19 2 1 1 1 0 8 1 mcl16k 16384 2 0 2 1 1 0 1 0 8 0 mcl12k 12288 2 0 2 2 1 1 1 0 8 1 mcl9k 9216 3 0 3 2 1 1 1 0 8 1 mcl8k 8192 18 0 18 2 1 1 1 0 8 1 mcl4k 4096 3203 0 3152 17 9 8 16 0 8 1 mcl2k 2048 1239 0 1237 6 1 5 5 0 8 4 mtagpl 96 33 0 15 1 0 1 1 0 8 0 mbufpl 256 10847 0 10694 24 1 23 23 0 8 7 bufpl 280 5307 0 120 371 0 371 371 0 8 0 anonpl 24 160960 0 157881 109 9 100 100 0 187 62 amapchunkpl 152 25370 0 24943 35 3 32 32 0 158 13 amappl16 200 2989 0 2958 42 29 13 38 0 8 8 amappl15 192 3 0 3 1 1 0 1 0 8 0 amappl14 184 108 0 98 1 0 1 1 0 8 0 amappl13 176 31 0 30 1 0 1 1 0 8 0 amappl12 168 1652 0 1624 3 1 2 3 0 8 0 amappl11 160 44 0 34 1 0 1 1 0 8 0 amappl10 152 5 0 5 1 1 0 1 0 8 0 amappl9 144 252 0 251 1 0 1 1 0 8 0 amappl8 136 22 0 21 1 0 1 1 0 8 0 amappl7 128 101 0 91 1 0 1 1 0 8 0 amappl6 120 201 0 198 1 0 1 1 0 8 0 amappl5 112 123 0 117 1 0 1 1 0 8 0 amappl4 104 307 0 290 1 0 1 1 0 8 0 amappl3 96 4930 0 4830 4 0 4 4 0 8 0 amappl2 88 659 0 598 2 0 2 2 0 8 0 amappl1 80 10653 0 10107 13 1 12 13 0 8 0 amappl 88 7028 0 6882 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 28 0 1 1 0 1 1 0 8 0 uaddrrnd 24 990 0 962 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 990 0 962 1 0 1 1 0 8 0 vmmpekpl 168 9273 0 9233 3 0 3 3 0 8 0 vmmpepl 168 67049 0 65232 115 0 115 115 0 357 15 vmsppl 360 989 0 962 4 1 3 4 0 8 0 rwobjpl 32 22303 0 18334 36 0 36 36 0 8 1 pdppl 4096 1987 0 1924 111 44 67 83 0 8 4 pvpl 32 434074 0 425864 216 21 195 195 0 265 88 pmappl 216 989 0 962 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 308 0 69 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff800000039058,1,fffffd80682d5778) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd80682d5778) at arp_rtrequest+0x65e sys/netinet/if_ether.c:182 rtrequest(1,ffff80003892f018,0,ffff80003892ef90,16) at rtrequest+0xd4c sys/net/route.c:1114 rtm_output(ffff8000014a2d00,ffff80003892f0c0,ffff80003892f018,0,16) at rtm_output+0x855 sys/net/rtsock.c:970 route_output(fffffd806cd85600,ffff8000014f4258) at route_output+0x9ac sys/net/rtsock.c:875 route_send(ffff8000014f4258,fffffd806cd85600,0,0) at route_send+0xd7 sys/net/rtsock.c:339 sosend(ffff8000014f4258,0,ffff80003892f268,0,0,808) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff80002a7f02b0,3,ffff80003892f360,808,ffff80003892f410) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80002a7f02b0,ffff80003892f4c0,ffff80003892f410) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003892f4c0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003892f4c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:742 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xae219a1bcf0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff800000039058,1,fffffd80682d5778) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd80682d5778) at arp_rtrequest+0x65e sys/netinet/if_ether.c:182 rtrequest(1,ffff80003892f018,0,ffff80003892ef90,16) at rtrequest+0xd4c sys/net/route.c:1114 rtm_output(ffff8000014a2d00,ffff80003892f0c0,ffff80003892f018,0,16) at rtm_output+0x855 sys/net/rtsock.c:970 route_output(fffffd806cd85600,ffff8000014f4258) at route_output+0x9ac sys/net/rtsock.c:875 route_send(ffff8000014f4258,fffffd806cd85600,0,0) at route_send+0xd7 sys/net/rtsock.c:339 sosend(ffff8000014f4258,0,ffff80003892f268,0,0,808) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff80002a7f02b0,3,ffff80003892f360,808,ffff80003892f410) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80002a7f02b0,ffff80003892f4c0,ffff80003892f410) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003892f4c0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003892f4c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:742 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xae219a1bcf0, count: -10