uvm_fault(0xffffffff83a3e150, 0xffff80000187c04a, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *487022 66506 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff8000002a2058,1,fffffd806c5d55e8) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806c5d55e8) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff8000314ccf40,0,ffff8000314cceb0,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff80000160b300,ffff8000314ccfe8,ffff8000314ccf40,0,16) at rtm_output+0x91a sys/net/rtsock.c:956 route_output(fffffd806d717400,ffff800001615c28) at route_output+0xa6a sys/net/rtsock.c:862 route_send(ffff800001615c28,fffffd806d717400,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800001615c28,0,ffff8000314cd198,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002a83d258,4,ffff8000314cd290,808,ffff8000314cd330) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002a83d258,ffff8000314cd3e0,ffff8000314cd330) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff8000314cd3e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314cd3e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8a4fb4c1b90, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff83a3e150, 0xffff80000187c04a, 0, 1) -> e ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd806c5d55e8) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806c5d55e8) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff8000314ccf40,0,ffff8000314cceb0,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff80000160b300,ffff8000314ccfe8,ffff8000314ccf40,0,16) at rtm_output+0x91a sys/net/rtsock.c:956 route_output(fffffd806d717400,ffff800001615c28) at route_output+0xa6a sys/net/rtsock.c:862 route_send(ffff800001615c28,fffffd806d717400,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800001615c28,0,ffff8000314cd198,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002a83d258,4,ffff8000314cd290,808,ffff8000314cd330) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002a83d258,ffff8000314cd3e0,ffff8000314cd330) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff8000314cd3e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314cd3e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8a4fb4c1b90, count: -10 ddb> show registers rdi 0x20 rsi 0x90 rbp 0xffff8000314ccd90 rbx 0xde rdx 0 rcx 0xffff80000187bf60 rax 0xfffffd80737da9e0 r8 0x1000 __ALIGN_SIZE r9 0 r10 0x72a1db3c57678549 r11 0xe9a8d220f6da115e r12 0x2b r13 0xfffffd80737da900 r14 0xfffffd806c5d55e8 r15 0xffff8000002a2058 rip 0xffffffff81854174 arp_rtrequest+0x6a4 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000314ccd10 ss 0x10 arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=487022 pid=66506 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a83d788,0xffffffff83a4dec8 process=0xffff8000ffffb198 user=0xffff8000314c8000, vmspace=0xfffffd806c98d2f8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 66506 496227 96656 0 2 0 syz-executor *66506 487022 96656 0 7 0x4000000 syz-executor 57676 113330 47822 0 2 0xc80 syz-executor 57676 390379 47822 0 3 0x4000000 mcl2k syz-executor 57676 249109 47822 0 3 0x4000080 fsleep syz-executor 57676 133408 47822 0 3 0x4000080 fsleep syz-executor 19077 69483 7656 0 2 0 syz-executor 19077 220061 7656 0 3 0x4000080 fsleep syz-executor 19077 487831 7656 0 3 0x4000080 fsleep syz-executor 46409 217505 34785 0 2 0 syz-executor 46409 227248 34785 0 3 0x4000080 fsleep syz-executor 46409 415002 34785 0 3 0x4000080 fsleep syz-executor 53473 426261 83800 0 2 0 syz-executor 53473 83140 83800 0 3 0x4000080 netcon syz-executor 53473 194379 83800 0 3 0x4000080 fsleep syz-executor 53473 348123 83800 0 3 0x4000080 fsleep syz-executor 77572 402609 70459 0 2 0 syz-executor 77572 67189 70459 0 3 0x4000080 fsleep syz-executor 77572 98458 70459 0 3 0x4000080 fsleep syz-executor 70459 40352 29846 0 3 0x82 nanoslp syz-executor 47822 21927 29846 0 3 0x82 nanoslp syz-executor 67201 141393 0 0 3 0x14280 nfsidl nfsio 30483 467672 0 0 3 0x14280 nfsidl nfsio 42241 316368 0 0 3 0x14280 nfsidl nfsio 84386 242813 0 0 3 0x14280 nfsidl nfsio 35176 431560 0 0 3 0x14280 nfsidl nfsio 54455 257699 0 0 3 0x14280 nfsidl nfsio 65511 269317 0 0 3 0x14280 nfsidl nfsio 37122 155938 0 0 3 0x14280 nfsidl nfsio 59763 243602 0 0 3 0x14280 nfsidl nfsio 27021 121855 0 0 3 0x14280 nfsidl nfsio 71206 223351 0 0 3 0x14280 nfsidl nfsio 25016 89626 0 0 3 0x14280 nfsidl nfsio 12773 223240 0 0 3 0x14280 nfsidl nfsio 54593 34034 0 0 3 0x14280 nfsidl nfsio 16609 384159 0 0 3 0x14280 nfsidl nfsio 78751 86328 0 0 3 0x14280 nfsidl nfsio 91382 283619 0 0 3 0x14280 nfsidl nfsio 14943 339247 0 0 3 0x14280 nfsidl nfsio 93594 504172 0 0 3 0x14280 nfsidl nfsio 41077 276538 0 0 3 0x14280 nfsidl nfsio 7656 434537 29846 0 3 0x82 nanoslp syz-executor 83800 379410 29846 0 3 0x82 nanoslp syz-executor 74318 317872 29846 0 3 0x82 piperd syz-executor 96656 523265 29846 0 3 0x82 nanoslp syz-executor 34785 425412 29846 0 2 0xc82 syz-executor 17719 83714 29846 0 2 0x2 syz-executor 29846 521427 2943 0 2 0x2 syz-executor 2943 120001 57906 0 3 0x10008a sigsusp ksh 57906 26352 44202 0 3 0x98 kqread sshd-session 44202 235192 55262 0 3 0x92 kqread sshd-session 73730 49775 1 0 3 0x100083 ttyin getty 55262 302326 1 0 3 0x88 kqread sshd 13534 212632 64388 73 3 0x1100090 kqread syslogd 64388 429876 1 0 3 0x100082 sbwait syslogd 20968 277910 1 0 3 0x100080 kqread resolvd 68334 124800 64151 77 3 0x100092 kqread dhcpleased 51772 449469 64151 77 3 0x100092 kqread dhcpleased 64151 342364 1 0 3 0x80 kqread dhcpleased 62041 131860 0 0 3 0x14200 bored smr 83757 162192 0 0 2 0x14200 zerothread 37998 285767 0 0 3 0x14200 aiodoned aiodoned 7790 360891 0 0 3 0x14200 syncer update 83476 65351 0 0 3 0x14200 cleaner cleaner 10103 200975 0 0 3 0x14200 reaper reaper 16710 281907 0 0 3 0x14200 pgdaemon pagedaemon 72286 354819 0 0 3 0x14200 bored viomb 44126 469641 0 0 3 0x40014200 acpi0 acpi0 61851 281202 0 0 3 0x14200 bored softnet0 77450 306667 0 0 3 0x14200 bored systqmp 18230 520447 0 0 3 0x14200 bored systq 74258 315664 0 0 3 0x40014200 tmoslp softclock 6176 455586 0 0 3 0x40014200 idle0 1 190861 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11078 12189K 13358K 166960K 13988 0 pcb 17 15K 17K 166960K 132 0 rtable 236 9K 9K 166960K 558 0 pf 33 13K 19K 166960K 94 0 ifaddr 38 6K 8K 166960K 86 0 ifgroup 54 2K 2K 166960K 125 0 sysctl 3 1K 9K 166960K 12 0 counters 34 17K 18K 166960K 65 0 ioctlops 0 0K 4K 166960K 279 0 iov 0 0K 16K 166960K 60 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1418 89K 89K 166960K 2127 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 7 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 30 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 171K 240K 166960K 842 0 sigio 0 0K 0K 166960K 11 0 proc 60 59K 108K 166960K 630 0 subproc 72 4K 4K 166960K 99 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 75 0 in_multi 81 5K 7K 166960K 166 0 ether_multi 1 0K 0K 166960K 7 0 mrt 2 0K 0K 166960K 27 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 2K 166960K 554 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 216 158K 180K 166960K 8686 0 UVM aobj 86 4K 4K 166960K 89 0 pinsyscall 37 74K 98K 166960K 1995 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 1 0K 0K 166960K 33 0 NDP 12 0K 2K 166960K 59 0 temp 59 9072K 9144K 166960K 36383 0 kqueue 15 24K 32K 166960K 150 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 77 0 73 1 0 1 1 0 8 0 rtentry 136 173 0 75 4 0 4 4 0 8 0 unpcb 144 419 0 402 2 0 2 2 0 8 1 syncache 336 9 0 9 1 0 1 1 0 8 1 tcpcb 736 577 0 570 13 4 9 13 0 8 8 arp 96 29 0 13 1 0 1 1 0 8 0 ipq 40 3 0 1 1 0 1 1 0 8 0 ipqe 40 6 0 4 1 0 1 1 0 8 0 inpcb 328 1017 0 1000 13 3 10 12 0 8 8 ip6q 72 34 0 33 1 0 1 1 0 8 0 ip6af 40 67 0 66 1 0 1 1 0 8 0 nd6 112 42 0 17 1 0 1 1 0 8 0 pkpcb 40 8 0 8 1 0 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 ppxss 1072 20 0 20 1 0 1 1 0 8 1 pppxif 1416 3 0 3 1 0 1 1 0 8 1 pfstscr 40 2 0 2 1 0 1 1 0 8 1 pfanchor 1288 2 0 2 1 0 1 1 0 8 1 pfstkey 128 2 0 2 1 0 1 1 0 8 1 pfstate 384 1 0 1 1 0 1 1 0 8 1 pfrule 1360 3 0 3 1 0 1 1 0 8 1 rttmr 136 3 0 3 1 0 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 820 0 323 32 0 32 32 0 8 0 art_table 40 822 0 323 6 0 6 6 0 8 0 art_node 32 171 0 81 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 5 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 27 0 17 1 0 1 1 0 8 0 shmpl 112 86 0 3 3 0 3 3 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 2738 0 1272 92 0 92 92 0 8 0 ffsino 256 2738 0 1272 92 0 92 92 0 8 0 nchpl 144 3817 0 2114 64 0 64 64 0 8 0 rtmask 32 1 0 1 1 0 1 1 0 8 1 vnodes 216 3355 0 0 187 0 187 187 0 8 0 namei 1024 13107 0 13106 2 0 2 2 0 8 1 kstatmem 264 69 0 44 2 0 2 2 0 8 0 scsiplug 72 4 0 4 1 0 1 1 0 8 1 scxspl 216 12757 0 12757 8 0 8 8 1 8 8 plimitpl 152 193 0 176 1 0 1 1 0 8 0 sigapl 424 1126 0 1065 8 0 8 8 0 8 0 knotepl 120 28041 0 27990 20 9 11 17 0 8 8 kqueuepl 184 248 0 236 3 0 3 3 0 8 2 pipepl 304 263 0 236 4 0 4 4 0 8 1 fdescpl 448 1092 0 1064 5 0 5 5 0 8 1 filepl 120 6613 0 6384 13 0 13 13 0 8 5 lockfpl 104 490 0 487 2 0 2 2 0 8 1 lockfspl 48 191 0 188 1 0 1 1 0 8 0 sessionpl 144 75 0 67 1 0 1 1 0 8 0 pgrppl 48 91 0 75 1 0 1 1 0 8 0 ucredpl 104 836 0 824 1 0 1 1 0 8 0 zombiepl 144 1065 0 1065 1 0 1 1 0 8 1 processpl 1152 1126 0 1065 5 0 5 5 0 8 0 procpl 664 2042 0 1968 7 0 7 7 0 8 0 sosppl 176 2 0 2 1 0 1 1 0 8 1 sockpl 552 1549 0 1511 12 1 11 12 0 8 7 mcl64k 65536 40 0 40 1 0 1 1 0 8 1 mcl16k 16384 5 0 5 1 0 1 1 0 8 1 mcl8k 8192 7 0 7 1 0 1 1 0 8 1 mcl4k 4096 3370 0 3312 14 0 14 14 0 8 6 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 670 164 668 1 0 1 1 0 8 0 mtagpl 96 66 0 31 1 0 1 1 0 8 0 mbufpl 256 12327 0 12091 74 53 21 74 0 8 5 bufpl 280 3945 0 104 275 0 275 275 0 8 0 anonpl 24 176863 0 173780 45 0 45 45 0 187 19 amapchunkpl 152 29076 0 28630 30 0 30 30 0 158 9 amappl16 200 3319 0 3290 20 10 10 15 0 8 8 amappl15 192 4 0 4 1 0 1 1 0 8 1 amappl14 184 449 0 448 1 0 1 1 0 8 0 amappl13 176 122 0 112 1 0 1 1 0 8 0 amappl12 168 1350 0 1323 2 0 2 2 0 8 0 amappl11 160 5 0 5 1 0 1 1 0 8 1 amappl10 152 58 0 48 1 0 1 1 0 8 0 amappl9 144 256 0 256 1 0 1 1 0 8 1 amappl8 136 113 0 112 1 0 1 1 0 8 0 amappl7 128 168 0 156 1 0 1 1 0 8 0 amappl6 120 181 0 180 1 0 1 1 0 8 0 amappl5 112 93 0 85 1 0 1 1 0 8 0 amappl4 104 286 0 270 1 0 1 1 0 8 0 amappl3 96 5671 0 5569 4 0 4 4 0 8 0 amappl2 88 562 0 505 2 0 2 2 0 8 0 amappl1 80 12463 0 11911 15 0 15 15 0 8 2 amappl 88 7830 0 7678 5 0 5 5 0 92 0 uvmvnodes 80 124 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 255 0 255 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 88 0 3 2 0 2 2 0 8 0 uaddrrnd 24 1092 0 1064 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1092 0 1064 1 0 1 1 0 8 0 vmmpekpl 168 10099 0 10053 3 0 3 3 0 8 0 vmmpepl 168 74916 0 73178 92 0 92 92 0 357 11 vmsppl 368 1091 0 1064 4 0 4 4 0 8 1 rwobjpl 40 22002 0 20946 14 0 14 14 0 8 2 pdppl 4096 2190 0 2128 104 36 68 82 0 8 6 pvpl 32 485435 0 477472 116 0 116 116 0 265 31 pmappl 216 1091 0 1064 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 446 0 93 12 0 12 12 0 8 1 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd806c5d55e8) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806c5d55e8) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff8000314ccf40,0,ffff8000314cceb0,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff80000160b300,ffff8000314ccfe8,ffff8000314ccf40,0,16) at rtm_output+0x91a sys/net/rtsock.c:956 route_output(fffffd806d717400,ffff800001615c28) at route_output+0xa6a sys/net/rtsock.c:862 route_send(ffff800001615c28,fffffd806d717400,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800001615c28,0,ffff8000314cd198,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002a83d258,4,ffff8000314cd290,808,ffff8000314cd330) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002a83d258,ffff8000314cd3e0,ffff8000314cd330) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff8000314cd3e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314cd3e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8a4fb4c1b90, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff8000002a2058,1,fffffd806c5d55e8) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000002a2058,1,fffffd806c5d55e8) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff8000314ccf40,0,ffff8000314cceb0,16) at rtrequest+0xdc1 sys/net/route.c:1114 rtm_output(ffff80000160b300,ffff8000314ccfe8,ffff8000314ccf40,0,16) at rtm_output+0x91a sys/net/rtsock.c:956 route_output(fffffd806d717400,ffff800001615c28) at route_output+0xa6a sys/net/rtsock.c:862 route_send(ffff800001615c28,fffffd806d717400,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800001615c28,0,ffff8000314cd198,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002a83d258,4,ffff8000314cd290,808,ffff8000314cd330) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002a83d258,ffff8000314cd3e0,ffff8000314cd330) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff8000314cd3e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314cd3e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8a4fb4c1b90, count: -10