uvm_fault(0xfffffd8069c3d8b0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at rtrequest+0x8e1: movzbl 0(%r14),%r15d TID PID UID PRFLAGS PFLAGS CPU COMMAND *384585 43417 0 0 0x4000000 0 syz-executor.1 rtrequest(1,ffff800024f93128,0,ffff800024f93098,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d20500,ffff800024f931d0,ffff800024f93128,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd806af7b900,fffffd805d9ef580) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd805d9ef580,fffffd806af7b900,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd805d9ef580,0,ffff800024f933a0,0,0,0) at sosend+0x66d sendit(ffff80002170b000,3,ffff800024f934a0,0,ffff800024f93580) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002170b000,ffff800024f93530,ffff800024f93580) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff800024f93600) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x35443240a60, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xfffffd8069c3d8b0, 0x0, 0, 1) -> e ddb> trace rtrequest(1,ffff800024f93128,0,ffff800024f93098,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d20500,ffff800024f931d0,ffff800024f93128,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd806af7b900,fffffd805d9ef580) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd805d9ef580,fffffd806af7b900,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd805d9ef580,0,ffff800024f933a0,0,0,0) at sosend+0x66d sendit(ffff80002170b000,3,ffff800024f934a0,0,ffff800024f93580) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002170b000,ffff800024f93530,ffff800024f93580) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff800024f93600) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x35443240a60, count: -9 ddb> show registers rdi 0xffff800023374000 rsi 0x2e6 rbp 0xffff800024f93070 rbx 0x33 rdx 0xffff800023374000 rcx 0x2e5 rax 0xffffffff81448f22 rt_putgwroute+0x112 r8 0x20 r9 0 r10 0x860b1745137164c0 r11 0xb201685294ac3f17 r12 0xfffffd8068540b08 r13 0xffff800024f93128 r14 0 r15 0xffff800000d26510 rip 0xffffffff81447e21 rtrequest+0x8e1 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800024f92f80 ss 0x10 rtrequest+0x8e1: movzbl 0(%r14),%r15d ddb> show proc PROC (syz-executor.1) tid=384585 pid=43417 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=75, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002170baa0,0xffffffff82c978b0 process=0xffff8000ffff6be0 user=0xffff800024f8e000, vmspace=0xfffffd8069c3d8b0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 43417 135824 87978 0 2 0 syz-executor.1 *43417 384585 87978 0 7 0x4000000 syz-executor.1 10946 199452 85442 0 2 0 syz-executor.4 10946 478104 85442 0 3 0x4000080 fsleep syz-executor.4 87992 37593 12296 0 2 0 syz-executor.2 87992 375899 12296 0 3 0x4000080 netio syz-executor.2 27615 110744 65112 0 2 0 syz-executor.6 27615 387214 65112 0 3 0x4000080 netio syz-executor.6 80271 310401 0 0 3 0x14200 bored sosplice 51483 236513 12629 0 2 0x2 syz-executor.7 65112 125756 12629 0 2 0x482 syz-executor.6 4055 121857 12629 0 2 0x482 syz-executor.5 8453 147158 12629 0 2 0x2 syz-executor.3 12296 109389 12629 0 3 0x82 nanoslp syz-executor.2 87978 343654 12629 0 2 0x482 syz-executor.1 85442 346382 12629 0 3 0x82 nanoslp syz-executor.4 52000 510445 12629 0 2 0x2 syz-executor.0 12629 70006 35869 0 3 0x2000082 wait syz-fuzzer 12629 80777 35869 0 2 0x6000482 syz-fuzzer 12629 421449 35869 0 3 0x6000082 thrsleep syz-fuzzer 12629 107993 35869 0 3 0x6000082 wait syz-fuzzer 12629 152315 35869 0 3 0x6000082 wait syz-fuzzer 12629 483395 35869 0 3 0x6000082 thrsleep syz-fuzzer 12629 268202 35869 0 3 0x6000082 wait syz-fuzzer 12629 211067 35869 0 3 0x6000082 wait syz-fuzzer 12629 362224 35869 0 3 0x6000082 wait syz-fuzzer 12629 130881 35869 0 3 0x6000082 wait syz-fuzzer 12629 274426 35869 0 3 0x6000082 thrsleep syz-fuzzer 12629 439073 35869 0 3 0x6000082 wait syz-fuzzer 12629 417316 35869 0 3 0x6000082 kqread syz-fuzzer 12629 386054 35869 0 3 0x6000082 thrsleep syz-fuzzer 35869 360624 88738 0 3 0x10008a sigsusp ksh 88738 416743 40295 0 3 0x9a kqread sshd 92961 316522 1 0 3 0x100083 ttyin getty 40295 240002 1 0 3 0x88 kqread sshd 67638 400968 28669 73 3 0x1100090 kqread syslogd 28669 331274 1 0 3 0x100082 netio syslogd 82070 49592 1 0 3 0x100080 kqread resolvd 1734 338653 12462 77 3 0x100092 kqread dhcpleased 5219 289384 12462 77 3 0x100092 kqread dhcpleased 12462 506246 1 0 3 0x80 kqread dhcpleased 64580 295750 0 0 3 0x14200 bored smr 91162 85119 0 0 2 0x14200 zerothread 445 227433 0 0 3 0x14200 aiodoned aiodoned 10916 361011 0 0 3 0x14200 syncer update 61499 204661 0 0 3 0x14200 cleaner cleaner 46510 485841 0 0 3 0x14200 reaper reaper 71484 202854 0 0 3 0x14200 pgdaemon pagedaemon 64892 301345 0 0 3 0x14200 bored viomb 24284 233997 0 0 3 0x40014200 acpi0 acpi0 30730 353265 0 0 3 0x14200 bored softnet3 61926 71902 0 0 3 0x14200 bored softnet2 50569 298872 0 0 3 0x14200 bored softnet1 38944 516831 0 0 3 0x14200 bored softnet0 34513 501781 0 0 3 0x14200 bored systqmp 61537 465885 0 0 3 0x14200 bored systq 54681 182430 0 0 3 0x40014200 tmoslp softclock 23749 226826 0 0 3 0x40014200 idle0 1 251277 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10190 6661K 7113K 78643K 11579 0 pcb 13 8K 8K 78643K 30 0 rtable 236 6K 6K 78643K 355 0 pf 29 8K 8K 78643K 29 0 ifaddr 43 11K 11K 78643K 45 0 ifgroup 50 2K 2K 78643K 50 0 counters 28 17K 17K 78643K 28 0 ioctlops 0 0K 2K 78643K 30 0 iov 0 0K 16K 78643K 62 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1282 80K 80K 78643K 1451 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 21K 78643K 45 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 14 49K 69K 78643K 570 0 proc 56 58K 75K 78643K 471 0 subproc 104 6K 6K 78643K 104 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 99 7K 7K 78643K 99 0 ether_multi 1 0K 0K 78643K 1 0 mrt 0 0K 0K 78643K 11 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 413 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 248 76K 77K 78643K 6850 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 11 0K 2K 78643K 27 0 temp 33 5902K 5966K 78643K 5063 0 kqueue 12 18K 20K 78643K 27 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 38 0 34 1 0 1 1 0 8 0 rtentry 112 112 0 1 4 0 4 4 0 8 0 unpcb 144 175 0 158 1 0 1 1 0 8 0 syncache 304 11 0 11 2 1 1 1 0 8 1 tcpqe 32 124 0 124 1 1 0 1 0 8 0 tcpcb 808 68 0 64 2 0 2 2 0 8 1 arp 88 18 0 0 1 0 1 1 0 8 0 inpcb 336 184 0 177 2 0 2 2 0 8 1 nd6 104 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 452 0 0 29 0 29 29 0 8 0 art_table 32 453 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2159 0 723 91 0 91 91 0 8 0 ffsino 240 2159 0 723 85 0 85 85 0 8 0 nchpl 144 2965 0 1289 63 0 63 63 0 8 0 uvmvnodes 80 2351 0 0 48 0 48 48 0 8 0 vnodes 216 2351 0 0 131 0 131 131 0 8 0 namei 1024 8973 0 8972 3 0 3 3 0 8 2 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 9336 0 9336 2 1 1 2 1 8 1 plimitpl 152 78 0 63 1 0 1 1 0 8 0 sigapl 424 870 0 827 6 0 6 6 0 8 0 futexpl 64 2906 0 2905 1 0 1 1 0 8 0 knotepl 120 6781 0 6701 3 0 3 3 0 8 0 kqueuepl 184 32 0 24 1 0 1 1 0 8 0 pipepl 288 142 0 114 3 0 3 3 0 8 1 fdescpl 432 853 0 828 4 0 4 4 0 8 0 filepl 120 2966 0 2728 8 0 8 8 0 8 0 lockfpl 104 140 0 138 1 0 1 1 0 8 0 lockfspl 48 71 0 69 1 0 1 1 0 8 0 sessionpl 144 23 0 7 1 0 1 1 0 8 0 pgrppl 48 23 0 7 1 0 1 1 0 8 0 ucredpl 104 420 0 410 1 0 1 1 0 8 0 zombiepl 144 828 0 827 1 0 1 1 0 8 0 processpl 1008 870 0 827 7 1 6 6 0 8 0 procpl 680 1345 0 1285 6 0 6 6 0 8 0 sosppl 168 20 0 20 1 0 1 1 0 8 1 sockpl 456 397 0 369 6 0 6 6 0 8 2 mcl64k 65536 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 17 0 17 1 0 1 1 0 8 1 mcl8k 8192 19 0 19 2 1 1 1 0 8 1 mcl4k 4096 25 0 25 1 0 1 1 0 8 1 mcl2k 2048 12914 0 12873 32 22 10 32 0 8 3 mtagpl 96 38 0 6 2 1 1 1 0 8 0 mbufpl 256 28154 0 27953 24 8 16 17 0 8 1 bufpl 288 4538 0 157 313 0 313 313 0 8 0 anonpl 24 237753 0 232272 55 0 55 55 0 188 20 amapchunkpl 152 22567 0 21958 28 0 28 28 0 158 2 amappl16 200 6472 0 6364 7 1 6 6 0 8 0 amappl15 192 12 0 12 2 1 1 1 0 8 1 amappl14 184 194 0 182 2 0 2 2 0 8 1 amappl13 176 38 0 37 1 0 1 1 0 8 0 amappl12 168 1484 0 1457 2 0 2 2 0 8 0 amappl11 160 73 0 63 1 0 1 1 0 8 0 amappl10 152 23 0 15 2 1 1 1 0 8 0 amappl9 144 201 0 201 1 0 1 1 0 8 1 amappl8 136 177 0 141 2 0 2 2 0 8 0 amappl7 128 197 0 179 2 0 2 2 0 8 0 amappl6 120 230 0 225 1 0 1 1 0 8 0 amappl5 112 157 0 147 1 0 1 1 0 8 0 amappl4 104 432 0 413 2 0 2 2 0 8 1 amappl3 96 4677 0 4602 3 0 3 3 0 8 1 amappl2 88 1309 0 1242 3 0 3 3 0 8 1 amappl1 80 11090 0 10589 22 1 21 22 0 8 8 amappl 88 6314 0 6148 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 853 0 828 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 853 0 828 1 0 1 1 0 8 0 vmmpekpl 168 11053 0 11005 3 0 3 3 0 8 0 vmmpepl 168 69885 0 68166 111 0 111 111 0 357 31 vmsppl 368 852 0 828 3 0 3 3 0 8 0 rwobjpl 24 26642 0 23131 22 0 22 22 0 8 0 pdppl 4096 1712 0 1656 84 20 64 66 0 8 8 pvpl 32 519436 0 508933 351 9 342 351 0 265 253 pmappl 216 852 0 828 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 688 0 53 19 0 19 19 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace rtrequest(1,ffff800024f93128,0,ffff800024f93098,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d20500,ffff800024f931d0,ffff800024f93128,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd806af7b900,fffffd805d9ef580) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd805d9ef580,fffffd806af7b900,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd805d9ef580,0,ffff800024f933a0,0,0,0) at sosend+0x66d sendit(ffff80002170b000,3,ffff800024f934a0,0,ffff800024f93580) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002170b000,ffff800024f93530,ffff800024f93580) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff800024f93600) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x35443240a60, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace rtrequest(1,ffff800024f93128,0,ffff800024f93098,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d20500,ffff800024f931d0,ffff800024f93128,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd806af7b900,fffffd805d9ef580) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd805d9ef580,fffffd806af7b900,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd805d9ef580,0,ffff800024f933a0,0,0,0) at sosend+0x66d sendit(ffff80002170b000,3,ffff800024f934a0,0,ffff800024f93580) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002170b000,ffff800024f93530,ffff800024f93580) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff800024f93600) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x35443240a60, count: -9