uvm_fault(0xfffffd80650aacc8, 0x58, 0, 1) -> e kernel: page fault trap, code=0 Stopped at rtm_output+0x3d5: movl 0x58(%r14),%edi TID PID UID PRFLAGS PFLAGS CPU COMMAND *234507 90371 0 0 0x4000000 0 syz-executor.1 rtm_output(ffff800000b70d00,ffff800021703020,ffff800021702f80,8,0) at rtm_output+0x3d5 sys/net/rtsock.c:1035 route_output(fffffd807081e100,fffffd8061199720,0,0) at route_output+0x6ba sys/net/rtsock.c:864 route_usrreq(fffffd8061199720,9,fffffd807081e100,0,0,ffff80002163a000) at route_usrreq+0x391 sys/net/rtsock.c:283 sosend(fffffd8061199720,0,ffff800021703230,0,0,952b51be) at sosend+0x668 sys/kern/uipc_socket.c:573 sendit(ffff80002163a000,3,ffff800021703310,952b51be,ffff800021703400) at sendit+0x589 sys/kern/uipc_syscalls.c:653 sys_sendto(ffff80002163a000,ffff8000217033a8,ffff800021703400) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:520 syscall(ffff800021703470) at syscall+0x571 sys/arch/amd64/amd64/trap.c:587 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1e55982c10, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xfffffd80650aacc8, 0x58, 0, 1) -> e ddb> trace rtm_output(ffff800000b70d00,ffff800021703020,ffff800021702f80,8,0) at rtm_output+0x3d5 sys/net/rtsock.c:1035 route_output(fffffd807081e100,fffffd8061199720,0,0) at route_output+0x6ba sys/net/rtsock.c:864 route_usrreq(fffffd8061199720,9,fffffd807081e100,0,0,ffff80002163a000) at route_usrreq+0x391 sys/net/rtsock.c:283 sosend(fffffd8061199720,0,ffff800021703230,0,0,952b51be) at sosend+0x668 sys/kern/uipc_socket.c:573 sendit(ffff80002163a000,3,ffff800021703310,952b51be,ffff800021703400) at sendit+0x589 sys/kern/uipc_syscalls.c:653 sys_sendto(ffff80002163a000,ffff8000217033a8,ffff800021703400) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:520 syscall(ffff800021703470) at syscall+0x571 sys/arch/amd64/amd64/trap.c:587 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1e55982c10, count: -8 ddb> show registers rdi 0xffff800021706000 rsi 0x1ac rbp 0xffff800021702f70 rbx 0x3 rdx 0xffff800021706000 rcx 0x1ab rax 0xffffffff8233ff8b rtm_output+0x1fb r8 0x8 r9 0x1 r10 0x36d3188daa61469b r11 0x4c258d1a359611b8 r12 0x8 r13 0x8 r14 0 r15 0xffff800021702f80 rip 0xffffffff82340165 rtm_output+0x3d5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021702ee0 ss 0x10 rtm_output+0x3d5: movl 0x58(%r14),%edi ddb> show proc PROC (syz-executor.1) pid=234507 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80002163a2a0,0xffffffff828adc98 process=0xffff8000216593c0 user=0xffff8000216fe000, vmspace=0xfffffd80650aacc8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 90371 457496 2075 0 2 0 syz-executor.1 *90371 234507 2075 0 7 0x4000000 syz-executor.1 30920 423078 65438 0 2 0x2 syz-executor.0 87875 272189 0 0 3 0x14200 bored sosplice 2075 399576 65438 0 3 0x82 nanoslp syz-executor.1 65438 377629 95905 0 3 0x82 thrsleep syz-fuzzer 65438 309758 95905 0 3 0x4000082 nanoslp syz-fuzzer 65438 497219 95905 0 3 0x4000082 thrsleep syz-fuzzer 65438 499851 95905 0 3 0x4000082 kqread syz-fuzzer 65438 81796 95905 0 3 0x4000082 thrsleep syz-fuzzer 65438 162000 95905 0 3 0x4000082 thrsleep syz-fuzzer 65438 127599 95905 0 3 0x4000082 thrsleep syz-fuzzer 65438 165791 95905 0 3 0x4000082 thrsleep syz-fuzzer 95905 150209 60141 0 3 0x10008a sigsusp ksh 60141 82199 36735 0 3 0x9a select sshd 51700 246253 1 0 3 0x100083 ttyin getty 36735 82461 1 0 3 0x88 select sshd 89968 106745 88059 73 3 0x100090 kqread syslogd 88059 218931 1 0 3 0x100082 netio syslogd 65418 134530 1 0 3 0x100080 kqread resolvd 21015 424125 35124 77 3 0x100092 kqread dhcpleased 9945 321817 35124 77 3 0x100092 kqread dhcpleased 35124 363575 1 0 3 0x80 kqread dhcpleased 11517 319705 0 0 3 0x14200 bored smr 38089 378463 0 0 2 0x14200 zerothread 90204 429279 0 0 3 0x14200 aiodoned aiodoned 21935 88952 0 0 3 0x14200 syncer update 39491 263270 0 0 3 0x14200 cleaner cleaner 47664 6800 0 0 3 0x14200 reaper reaper 52291 136689 0 0 3 0x14200 pgdaemon pagedaemon 74270 135112 0 0 3 0x14200 bored crynlk 48808 289539 0 0 3 0x14200 bored crypto 67673 25300 0 0 3 0x14200 bored viomb 75888 273289 0 0 3 0x40014200 acpi0 acpi0 98840 117568 0 0 3 0x14200 bored softnet 23467 54725 0 0 3 0x14200 bored systqmp 96695 25723 0 0 3 0x14200 bored systq 91842 332840 0 0 2 0x40014200 softclock 29656 74476 0 0 3 0x40014200 idle0 1 249545 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10173 6386K 7287K 78643K 13549 0 pcb 13 8K 8K 78643K 98 0 rtable 127 5K 5K 78643K 291 0 ifaddr 78 14K 14K 78643K 131 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 33 0 ioctlops 0 0K 4K 78643K 83 0 iov 0 0K 12K 78643K 95 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1222 77K 77K 78643K 1845 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 8 0 VM map 2 0K 0K 78643K 2 0 sem 11 1K 1K 78643K 11 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 2524 0 sigio 0 0K 0K 78643K 25 0 proc 60 55K 71K 78643K 350 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 123 0 in_multi 37 2K 2K 78643K 95 0 ether_multi 1 0K 0K 78643K 24 0 mrt 1 0K 0K 78643K 12 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 2K 78643K 472 0 pfkey data 0 0K 1K 78643K 5 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 262 50K 69K 78643K 31316 0 UVM aobj 25 5K 6K 78643K 30 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 79 0 NDP 14 0K 0K 78643K 33 0 temp 138 4204K 4268K 78643K 10646 0 kqueue 10 14K 22K 78643K 160 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 80 0 76 1 0 1 1 0 8 0 rtentry 112 65 0 15 2 0 2 2 0 8 0 unpcb 120 500 0 484 1 0 1 1 0 8 0 syncache 296 14 0 14 4 4 0 1 0 8 0 tcpqe 32 111 0 111 2 1 1 1 0 8 1 tcpcb 736 307 0 295 8 6 2 3 0 8 0 arp 88 9 0 2 1 0 1 1 0 8 0 inpcb 304 844 0 835 6 4 2 2 0 8 1 nd6 48 16 0 6 1 0 1 1 0 8 0 pkpcb 40 11 0 11 4 3 1 1 0 8 1 kcovpl 48 3 0 1 1 0 1 1 0 8 0 ppxss 1152 10 0 10 3 3 0 1 0 8 0 pfosfp 40 5 0 2 1 0 1 1 0 8 0 pfosfpen 112 5 0 0 1 0 1 1 0 8 0 pfrktable 1344 3 0 1 1 0 1 1 0 8 0 pfrule 1360 7 0 5 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 297 0 58 17 1 16 16 0 8 1 art_table 32 298 0 58 2 0 2 2 0 8 0 art_node 16 64 0 19 1 0 1 1 0 8 0 sysvmsgpl 40 67 0 48 1 0 1 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 27 0 5 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 4266 0 2863 88 0 88 88 0 8 0 ffsino 240 4266 0 2863 84 1 83 83 0 8 0 nchpl 144 7461 0 5861 61 1 60 61 0 8 0 uvmvnodes 72 4821 0 0 88 0 88 88 0 8 0 vnodes 224 4821 0 0 284 0 284 284 0 8 0 namei 1024 18425 0 18425 5 4 1 1 0 8 1 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 528 5 0 3 1 0 1 1 0 8 0 pfiaddrpl 120 2 0 0 1 0 1 1 0 8 0 scxspl 216 21693 0 21693 13 12 1 8 0 8 1 plimitpl 152 73 0 65 1 0 1 1 0 8 0 sigapl 424 2749 0 2717 4 0 4 4 0 8 0 futexpl 56 28338 0 28338 4 3 1 1 0 8 1 knotepl 112 316 0 278 2 0 2 2 0 8 0 kqueuepl 184 2268 0 2257 4 3 1 2 0 8 0 pipepl 304 387 0 377 5 4 1 2 0 8 0 fdescpl 432 2733 0 2717 3 1 2 3 0 8 0 filepl 120 10247 0 10139 5 1 4 4 0 8 0 lockfpl 104 422 0 420 1 0 1 1 0 8 0 lockfspl 48 131 0 129 1 0 1 1 0 8 0 sessionpl 144 18 0 8 1 0 1 1 0 8 0 pgrppl 48 27 0 17 1 0 1 1 0 8 0 ucredpl 96 931 0 916 1 0 1 1 0 8 0 zombiepl 144 2717 0 2717 3 2 1 1 0 8 1 processpl 1008 2749 0 2717 6 1 5 5 0 8 0 procpl 672 5402 0 5362 4 0 4 4 0 8 0 sosppl 168 18 0 18 4 4 0 1 0 8 0 sockpl 448 1438 0 1411 5 1 4 4 0 8 0 mcl64k 65536 64 0 64 4 3 1 1 0 8 1 mcl16k 16384 55 0 55 5 5 0 1 0 8 0 mcl12k 12288 180 0 180 4 4 0 1 0 8 0 mcl9k 9216 33 0 33 4 4 0 1 0 8 0 mcl8k 8192 115 0 115 7 6 1 1 0 8 1 mcl4k 4096 128 0 128 6 5 1 1 0 8 1 mcl2k2 2112 15 0 15 2 2 0 1 0 8 0 mcl2k 2048 291638 0 291582 117 101 16 66 0 8 7 mtagpl 96 222 0 75 5 1 4 4 0 8 0 mbufpl 256 565182 0 564633 93 53 40 60 0 8 2 bufpl 280 6816 0 410 458 0 458 458 0 8 0 anonpl 24 709431 0 679146 242 35 207 218 0 188 8 amapchunkpl 152 76758 0 75909 67 26 41 48 0 158 8 amappl16 200 6384 0 5110 102 26 76 80 0 8 8 amappl15 192 1228 0 1225 1 0 1 1 0 8 0 amappl14 184 2 0 0 1 0 1 1 0 8 0 amappl13 176 98 0 96 1 0 1 1 0 8 0 amappl12 168 589 0 587 1 0 1 1 0 8 0 amappl11 160 44 0 34 1 0 1 1 0 8 0 amappl10 152 726 0 721 1 0 1 1 0 8 0 amappl9 144 238 0 235 1 0 1 1 0 8 0 amappl8 136 381 0 333 2 0 2 2 0 8 0 amappl7 128 69 0 57 1 0 1 1 0 8 0 amappl6 120 119 0 107 1 0 1 1 0 8 0 amappl5 112 3345 0 3329 1 0 1 1 0 8 0 amappl4 104 603 0 576 1 0 1 1 0 8 0 amappl3 96 833 0 832 1 0 1 1 0 8 0 amappl2 88 570 0 514 2 0 2 2 0 8 0 amappl1 80 47384 0 46967 16 6 10 12 0 8 0 amappl 88 30622 0 30440 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 29 0 5 1 0 1 1 0 8 0 uaddrrnd 24 2738 0 2720 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2738 0 2720 1 0 1 1 0 8 0 vmmpekpl 168 17790 0 17768 2 0 2 2 0 8 0 vmmpepl 168 306727 0 304161 213 91 122 170 0 357 7 vmsppl 272 2737 0 2720 5 3 2 2 0 8 0 rwobjpl 24 54173 0 52142 16 2 14 14 0 8 0 pdppl 4096 5483 0 5442 74 31 43 45 0 8 2 pvpl 32 1687759 0 1654097 356 51 305 323 0 265 12 pmappl 192 2737 0 2720 1 0 1 1 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 526 0 222 11 1 10 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace rtm_output(ffff800000b70d00,ffff800021703020,ffff800021702f80,8,0) at rtm_output+0x3d5 sys/net/rtsock.c:1035 route_output(fffffd807081e100,fffffd8061199720,0,0) at route_output+0x6ba sys/net/rtsock.c:864 route_usrreq(fffffd8061199720,9,fffffd807081e100,0,0,ffff80002163a000) at route_usrreq+0x391 sys/net/rtsock.c:283 sosend(fffffd8061199720,0,ffff800021703230,0,0,952b51be) at sosend+0x668 sys/kern/uipc_socket.c:573 sendit(ffff80002163a000,3,ffff800021703310,952b51be,ffff800021703400) at sendit+0x589 sys/kern/uipc_syscalls.c:653 sys_sendto(ffff80002163a000,ffff8000217033a8,ffff800021703400) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:520 syscall(ffff800021703470) at syscall+0x571 sys/arch/amd64/amd64/trap.c:587 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1e55982c10, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace rtm_output(ffff800000b70d00,ffff800021703020,ffff800021702f80,8,0) at rtm_output+0x3d5 sys/net/rtsock.c:1035 route_output(fffffd807081e100,fffffd8061199720,0,0) at route_output+0x6ba sys/net/rtsock.c:864 route_usrreq(fffffd8061199720,9,fffffd807081e100,0,0,ffff80002163a000) at route_usrreq+0x391 sys/net/rtsock.c:283 sosend(fffffd8061199720,0,ffff800021703230,0,0,952b51be) at sosend+0x668 sys/kern/uipc_socket.c:573 sendit(ffff80002163a000,3,ffff800021703310,952b51be,ffff800021703400) at sendit+0x589 sys/kern/uipc_syscalls.c:653 sys_sendto(ffff80002163a000,ffff8000217033a8,ffff800021703400) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:520 syscall(ffff800021703470) at syscall+0x571 sys/arch/amd64/amd64/trap.c:587 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1e55982c10, count: -8