uvm_fault(0xffffffff83896430, 0xffff80000148608a, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x657: movzwl 0xc(%rcx,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *365038 76745 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff800000039058,1,fffffd806a982898) at arp_rtrequest+0x657 arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd806a982898) at arp_rtrequest+0x657 sys/netinet/if_ether.c:182 rtrequest(1,ffff800038d58b60,0,ffff800038d58ad0,16) at rtrequest+0xf08 sys/net/route.c:1115 rtm_output(ffff800001482d00,ffff800038d58c08,ffff800038d58b60,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806827ea00,ffff8000014a1c60) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000014a1c60,fffffd806827ea00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000014a1c60,0,ffff800038d58db8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c9967f0,4,ffff800038d58eb0,808,ffff800038d58f50) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c9967f0,ffff800038d59000,ffff800038d58f50) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff800038d59000) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800038d59000) at syscall+0x962 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7570c9771b0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff83896430, 0xffff80000148608a, 0, 1) -> e ddb> trace arp_rtrequest(ffff800000039058,1,fffffd806a982898) at arp_rtrequest+0x657 arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd806a982898) at arp_rtrequest+0x657 sys/netinet/if_ether.c:182 rtrequest(1,ffff800038d58b60,0,ffff800038d58ad0,16) at rtrequest+0xf08 sys/net/route.c:1115 rtm_output(ffff800001482d00,ffff800038d58c08,ffff800038d58b60,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806827ea00,ffff8000014a1c60) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000014a1c60,fffffd806827ea00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000014a1c60,0,ffff800038d58db8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c9967f0,4,ffff800038d58eb0,808,ffff800038d58f50) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c9967f0,ffff800038d59000,ffff800038d58f50) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff800038d59000) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800038d59000) at syscall+0x962 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7570c9771b0, count: -10 ddb> show registers rdi 0x20 rsi 0x90 rbp 0xffff800038d589b0 rbx 0xde rdx 0 rcx 0xffff800001485fa0 rax 0xfffffd806e8d10e0 r8 0x1000 __ALIGN_SIZE r9 0 r10 0x542a37e5f6d3714a r11 0x286a0a6a2386615e r12 0x20 r13 0xfffffd806e8d1000 r14 0xfffffd806a982898 r15 0xffff800000039058 rip 0xffffffff81de2297 arp_rtrequest+0x657 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800038d58930 ss 0x10 arp_rtrequest+0x657: movzwl 0xc(%rcx,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=365038 pid=76745 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c997a18,0xffff80003c997260 process=0xffff8000ffffad18 user=0xffff800038d54000, vmspace=0xfffffd806b8e8468 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 76745 471852 94279 0 2 0 syz-executor *76745 365038 94279 0 7 0x4000000 syz-executor 76745 61739 94279 0 3 0x4000080 fsleep syz-executor 37934 415024 48320 0 2 0 syz-executor 37934 224736 48320 0 3 0x4000080 fsleep syz-executor 46285 205675 74263 0 2 0x10 syz-executor 46285 200160 74263 0 3 0x4000090 fsleep syz-executor 7083 368229 0 0 3 0x14200 bored sosplice 27786 421717 88689 0 3 0x80 nanoslp syz-executor 27786 25412 88689 0 3 0x4000080 fsleep syz-executor 27786 350965 88689 0 2 0x4000000 syz-executor 99369 365476 71973 -1 3 0x90 nanoslp syz-executor 99369 424286 71973 -1 3 0x4000090 ttyout syz-executor 99369 214660 71973 -1 3 0x4000090 fsleep syz-executor 88689 113525 40647 0 3 0x82 nanoslp syz-executor 46760 264070 40647 0 2 0xc82 syz-executor 71973 368843 40647 0 3 0x82 nanoslp syz-executor 74263 131310 40647 0 2 0xc82 syz-executor 48320 320902 40647 0 2 0xc82 syz-executor 94279 421173 40647 0 3 0x82 nanoslp syz-executor 7647 409941 40647 0 2 0x2 syz-executor 1227 115767 40647 0 2 0x2 syz-executor 40647 375314 25418 0 3 0x82 kqread syz-executor 25418 123644 35197 0 3 0x10008a sigsusp ksh 35197 298249 11194 0 3 0x98 kqread sshd-session 11194 492072 60940 0 3 0x92 kqread sshd-session 35942 93355 1 0 3 0x100083 ttyin getty 60940 172043 1 0 3 0x88 kqread sshd 49424 287111 42332 73 3 0x1100090 kqread syslogd 42332 69185 1 0 3 0x100082 sbwait syslogd 32784 316107 1 0 3 0x100080 kqread resolvd 90958 256871 5549 77 3 0x100092 kqread dhcpleased 55093 4816 5549 77 3 0x100092 kqread dhcpleased 5549 147694 1 0 3 0x80 kqread dhcpleased 45442 342099 0 0 3 0x14200 bored smr 31563 63177 0 0 2 0x14200 zerothread 60187 487371 0 0 3 0x14200 aiodoned aiodoned 11076 129561 0 0 3 0x14200 syncer update 48319 300401 0 0 3 0x14200 cleaner cleaner 80423 304870 0 0 3 0x14200 reaper reaper 28397 417846 0 0 3 0x14200 pgdaemon pagedaemon 8686 264613 0 0 3 0x14200 bored viomb 84020 36746 0 0 3 0x40014200 acpi0 acpi0 71146 329708 0 0 3 0x14200 bored softnet7 19993 46190 0 0 3 0x14200 bored softnet6 45694 493961 0 0 3 0x14200 bored softnet5 57970 305793 0 0 3 0x14200 bored softnet4 8671 447870 0 0 3 0x14200 bored softnet3 25725 515075 0 0 3 0x14200 bored softnet2 53 335090 0 0 3 0x14200 bored softnet1 70662 320576 0 0 3 0x14200 bored softnet0 82363 312585 0 0 3 0x14200 bored systqmp 43753 229654 0 0 3 0x14200 bored systq 27837 313669 0 0 2 0x40014200 softclock 55264 57825 0 0 3 0x40014200 idle0 1 380951 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10168 11036K 11427K 166960K 11317 0 pcb 18 13K 14K 166960K 84 0 rtable 174 6K 6K 166960K 296 0 pf 27 12K 13K 166960K 31 0 ifaddr 32 5K 7K 166960K 44 0 ifgroup 42 1K 2K 166960K 50 0 sysctl 2 1K 9K 166960K 6 0 counters 30 17K 17K 166960K 32 0 ioctlops 0 0K 2K 166960K 41 0 iov 0 0K 16K 166960K 4 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1338 84K 85K 166960K 1399 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 3 0K 0K 166960K 3 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 85K 166960K 202 0 sigio 0 0K 0K 166960K 2 0 proc 59 59K 108K 166960K 484 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 8 0 in_multi 75 5K 7K 166960K 99 0 ether_multi 1 0K 0K 166960K 2 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 49 228K 228K 166960K 49 0 exec 0 0K 1K 166960K 357 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 211 142K 152K 166960K 3409 0 UVM aobj 5 2K 2K 166960K 5 0 pinsyscall 37 74K 90K 166960K 1239 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 46 0 NDP 9 0K 2K 166960K 27 0 temp 36 8634K 8714K 166960K 9467 0 kqueue 14 22K 26K 166960K 29 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 43 0 39 1 0 1 1 0 8 0 rtentry 136 97 0 25 4 0 4 4 0 8 0 unpcb 144 65 0 48 1 0 1 1 0 8 0 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 130 0 92 10 6 4 7 0 8 0 arp 88 10 0 3 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 3 0 3 1 1 0 1 0 8 0 inpcb 328 350 0 305 15 11 4 12 0 8 0 nd6 104 17 0 4 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 4 0 2 1 0 1 1 0 8 0 pfstate 384 2 0 1 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 438 0 93 28 2 26 28 0 8 1 art_table 40 440 0 93 5 0 5 5 0 8 0 art_node 32 97 0 33 1 0 1 1 0 8 0 semapl 112 1 0 0 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1676 0 177 95 0 95 95 0 8 0 ffsino 256 1676 0 177 95 0 95 95 0 8 0 nchpl 144 1969 0 292 63 0 63 63 0 8 0 uvmvnodes 80 1781 0 0 37 0 37 37 0 8 0 vnodes 216 1781 0 0 99 0 99 99 0 8 0 namei 1024 6342 0 6341 2 1 1 2 0 8 0 kstatmem 264 22 0 4 2 0 2 2 0 8 0 scxspl 216 8048 0 8048 8 7 1 8 1 8 1 plimitpl 152 65 0 48 1 0 1 1 0 8 0 sigapl 424 488 0 439 7 1 6 7 0 8 0 knotepl 120 6110 0 6062 16 13 3 16 0 8 0 kqueuepl 184 41 0 30 1 0 1 1 0 8 0 pipepl 304 110 0 83 3 0 3 3 0 8 0 fdescpl 448 467 0 439 4 0 4 4 0 8 0 filepl 120 1979 0 1723 13 5 8 13 0 8 0 lockfpl 104 44 0 41 1 0 1 1 0 8 0 lockfspl 48 18 0 15 1 0 1 1 0 8 0 sessionpl 144 22 0 14 1 0 1 1 0 8 0 pgrppl 48 32 0 16 1 0 1 1 0 8 0 ucredpl 104 184 0 171 1 0 1 1 0 8 0 zombiepl 144 440 0 439 1 0 1 1 0 8 0 processpl 1152 488 0 439 4 0 4 4 0 8 0 procpl 664 597 0 540 6 0 6 6 0 8 0 sosppl 168 2 0 0 1 0 1 1 0 8 0 sockpl 552 465 0 399 14 9 5 12 0 8 0 mcl64k 65536 5 0 5 2 1 1 1 0 8 1 mcl8k 8192 8 0 8 2 1 1 1 0 8 1 mcl4k 4096 2528 0 2477 14 7 7 14 0 8 0 mcl2k 2048 268 0 266 1 0 1 1 0 8 0 mtagpl 96 4 0 4 1 1 0 1 0 8 0 mbufpl 256 4775 0 4646 17 7 10 17 0 8 0 bufpl 280 4175 0 118 290 0 290 290 0 8 0 anonpl 24 105008 0 102001 43 18 25 43 0 187 0 amapchunkpl 152 9937 0 9511 24 3 21 24 0 158 0 amappl16 200 1995 0 1972 14 12 2 14 0 8 0 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 104 0 94 1 0 1 1 0 8 0 amappl13 176 9 0 8 1 0 1 1 0 8 0 amappl12 168 1082 0 1054 2 0 2 2 0 8 0 amappl11 160 119 0 109 1 0 1 1 0 8 0 amappl10 152 3 0 3 1 1 0 1 0 8 0 amappl9 144 273 0 273 1 1 0 1 0 8 0 amappl8 136 25 0 23 1 0 1 1 0 8 0 amappl7 128 124 0 114 1 0 1 1 0 8 0 amappl6 120 180 0 176 1 0 1 1 0 8 0 amappl5 112 110 0 104 1 0 1 1 0 8 0 amappl4 104 268 0 253 1 0 1 1 0 8 0 amappl3 96 1552 0 1473 3 0 3 3 0 8 0 amappl2 88 696 0 626 2 0 2 2 0 8 0 amappl1 80 8383 0 7841 14 1 13 14 0 8 0 amappl 88 2759 0 2611 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 4 0 0 1 0 1 1 0 8 0 uaddrrnd 24 467 0 439 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 467 0 439 1 0 1 1 0 8 0 vmmpekpl 168 5359 0 5332 2 0 2 2 0 8 0 vmmpepl 168 36438 0 34679 88 6 82 88 0 357 1 vmsppl 368 466 0 439 4 1 3 4 0 8 0 rwobjpl 40 14699 0 12104 28 0 28 28 0 8 0 pdppl 4096 940 0 878 96 30 66 76 0 8 4 pvpl 32 234105 0 226077 96 19 77 96 0 265 2 pmappl 216 466 0 439 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 379 0 59 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff800000039058,1,fffffd806a982898) at arp_rtrequest+0x657 arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd806a982898) at arp_rtrequest+0x657 sys/netinet/if_ether.c:182 rtrequest(1,ffff800038d58b60,0,ffff800038d58ad0,16) at rtrequest+0xf08 sys/net/route.c:1115 rtm_output(ffff800001482d00,ffff800038d58c08,ffff800038d58b60,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806827ea00,ffff8000014a1c60) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000014a1c60,fffffd806827ea00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000014a1c60,0,ffff800038d58db8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c9967f0,4,ffff800038d58eb0,808,ffff800038d58f50) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c9967f0,ffff800038d59000,ffff800038d58f50) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff800038d59000) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800038d59000) at syscall+0x962 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7570c9771b0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff800000039058,1,fffffd806a982898) at arp_rtrequest+0x657 arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd806a982898) at arp_rtrequest+0x657 sys/netinet/if_ether.c:182 rtrequest(1,ffff800038d58b60,0,ffff800038d58ad0,16) at rtrequest+0xf08 sys/net/route.c:1115 rtm_output(ffff800001482d00,ffff800038d58c08,ffff800038d58b60,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd806827ea00,ffff8000014a1c60) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff8000014a1c60,fffffd806827ea00,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff8000014a1c60,0,ffff800038d58db8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c9967f0,4,ffff800038d58eb0,808,ffff800038d58f50) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80003c9967f0,ffff800038d59000,ffff800038d58f50) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff800038d59000) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800038d59000) at syscall+0x962 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7570c9771b0, count: -10