uvm_fault(0xffffffff835c71d0, 0xffff8000011bd010, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x65e: movzwl 0xc(%r15,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *261228 89488 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff80000118c000,1,fffffd807d8767f0) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff80000118c000,1,fffffd807d8767f0) at arp_rtrequest+0x65e sys/netinet/if_ether.c:184 rtrequest(1,ffff80002e3c7298,1,ffff80002e3c7368,0) at rtrequest+0xd2c sys/net/route.c:1103 rt_ifa_add(ffff800001216600,240004,ffff800001216658,0) at rt_ifa_add+0x38d sys/net/route.c:1273 rt_ifa_addlocal(ffff800001216600) at rt_ifa_addlocal+0x1b1 sys/net/route.c:1381 in_ifinit(ffff80000118c000,ffff800001216600,ffff80002e3c7630,1) at in_ifinit+0x26c sys/netinet/in.c:669 in_ioctl_change_ifaddr(8040691a,ffff80002e3c7620,ffff80000118c000) at in_ioctl_change_ifaddr+0x92c sys/netinet/in.c:504 ifioctl(fffffd806d4e09f0,8040691a,ffff80002e3c7620,ffff80002a4e2a40) at ifioctl+0x1519 pru_control sys/sys/protosw.h:355 [inline] ifioctl(fffffd806d4e09f0,8040691a,ffff80002e3c7620,ffff80002a4e2a40) at ifioctl+0x1519 sys/net/if.c:2449 sys_ioctl(ffff80002a4e2a40,ffff80002e3c7800,ffff80002e3c7750) at sys_ioctl+0x678 syscall(ffff80002e3c7800) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x478f7398870, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff835c71d0, 0xffff8000011bd010, 0, 1) -> e ddb> trace arp_rtrequest(ffff80000118c000,1,fffffd807d8767f0) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff80000118c000,1,fffffd807d8767f0) at arp_rtrequest+0x65e sys/netinet/if_ether.c:184 rtrequest(1,ffff80002e3c7298,1,ffff80002e3c7368,0) at rtrequest+0xd2c sys/net/route.c:1103 rt_ifa_add(ffff800001216600,240004,ffff800001216658,0) at rt_ifa_add+0x38d sys/net/route.c:1273 rt_ifa_addlocal(ffff800001216600) at rt_ifa_addlocal+0x1b1 sys/net/route.c:1381 in_ifinit(ffff80000118c000,ffff800001216600,ffff80002e3c7630,1) at in_ifinit+0x26c sys/netinet/in.c:669 in_ioctl_change_ifaddr(8040691a,ffff80002e3c7620,ffff80000118c000) at in_ioctl_change_ifaddr+0x92c sys/netinet/in.c:504 ifioctl(fffffd806d4e09f0,8040691a,ffff80002e3c7620,ffff80002a4e2a40) at ifioctl+0x1519 pru_control sys/sys/protosw.h:355 [inline] ifioctl(fffffd806d4e09f0,8040691a,ffff80002e3c7620,ffff80002a4e2a40) at ifioctl+0x1519 sys/net/if.c:2449 sys_ioctl(ffff80002a4e2a40,ffff80002e3c7800,ffff80002e3c7750) at sys_ioctl+0x678 syscall(ffff80002e3c7800) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x478f7398870, count: -10 ddb> show registers rdi 0xffff8000315ee000 rsi 0x2fd rbp 0xffff80002e3c7180 rbx 0x14 rdx 0xffff8000315ee000 rcx 0x100040600080100 rax 0xfffffd80709adde0 r8 0x10 r9 0xfffffd807d8767f0 r10 0xbd4756482ac67b93 r11 0xa9518556dfc60d1c r12 0x1b7 r13 0xfffffd80709add00 r14 0xfffffd807d8767f0 r15 0xffff8000011bcff0 rip 0xffffffff82a0841e arp_rtrequest+0x65e cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002e3c7100 ss 0x10 arp_rtrequest+0x65e: movzwl 0xc(%r15,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=261228 pid=89488 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=78, usrpri=78, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4e3970,0xffff80002a4e3c08 process=0xffff80002a526f38 user=0xffff80002e3c2000, vmspace=0xfffffd806ebe2c20 estcpu=28, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 51209 392030 70416 0 2 0 syz-executor 51209 261224 70416 0 2 0x4000000 syz-executor 89488 323816 74495 0 2 0 syz-executor *89488 261228 74495 0 7 0x4000000 syz-executor 23717 232443 48997 0 2 0 syz-executor 23717 268194 48997 0 3 0x4000080 fsleep syz-executor 23717 485658 48997 0 3 0x4000080 fsleep syz-executor 23717 473210 48997 0 3 0x4000080 fsleep syz-executor 20389 14462 32304 0 2 0 syz-executor 20389 462343 32304 0 2 0x4000000 syz-executor 17318 469234 68792 -1 2 0x10 syz-executor 17318 22855 68792 -1 3 0x4000090 fsleep syz-executor 17318 344616 68792 -1 2 0x4000010 syz-executor 5692 518048 42710 0 2 0 syz-executor 5692 266093 42710 0 3 0x4000080 fifor syz-executor 7505 142158 63720 0 2 0x4081010 syz-executor 7505 363511 63720 0 3 0x4003010 suspend syz-executor 63720 319875 86645 0 3 0x82 wait syz-executor 93052 306618 1 60929 3 0x3010 suspend syz-executor 93052 263485 1 60929 2 0x4081010 syz-executor 32304 246482 86645 0 3 0x82 nanoslp syz-executor 48997 290525 86645 0 3 0x82 nanoslp syz-executor 88019 76135 86645 0 2 0x3 syz-executor 74495 388993 86645 0 3 0x82 nanoslp syz-executor 68792 175406 86645 0 3 0x82 nanoslp syz-executor 70416 247615 86645 0 2 0x3 syz-executor 42710 361289 86645 0 3 0x82 nanoslp syz-executor 50958 141624 0 0 3 0x14280 nfsidl nfsio 19143 92420 0 0 3 0x14280 nfsidl nfsio 93080 169180 0 0 3 0x14280 nfsidl nfsio 90026 245341 0 0 3 0x14280 nfsidl nfsio 1831 345758 0 0 3 0x14280 nfsidl nfsio 11262 337941 0 0 3 0x14280 nfsidl nfsio 83638 504229 0 0 3 0x14280 nfsidl nfsio 49040 197004 0 0 3 0x14280 nfsidl nfsio 61551 420332 0 0 3 0x14280 nfsidl nfsio 18277 201333 0 0 3 0x14280 nfsidl nfsio 57004 276910 0 0 3 0x14280 nfsidl nfsio 92765 242812 0 0 3 0x14280 nfsidl nfsio 34667 22529 0 0 3 0x14280 nfsidl nfsio 84979 162986 0 0 3 0x14280 nfsidl nfsio 62832 491707 0 0 3 0x14280 nfsidl nfsio 59390 232014 0 0 3 0x14280 nfsidl nfsio 66873 169400 0 0 3 0x14280 nfsidl nfsio 34339 107154 0 0 3 0x14280 nfsidl nfsio 8782 287729 0 0 3 0x14280 nfsidl nfsio 42871 197198 0 0 3 0x14280 nfsidl nfsio 24105 319610 0 0 3 0x14200 bored sosplice 86645 253995 58675 0 3 0x82 kqread syz-executor 58675 297751 58560 0 3 0x10008a sigsusp ksh 58560 94710 83122 0 3 0x98 kqread sshd-session 83122 163912 1 0 3 0x92 kqread sshd-session 46040 259598 1 0 3 0x100083 ttyin getty 12912 338398 32468 73 3 0x1100090 kqread syslogd 32468 185215 1 0 3 0x100082 sbwait syslogd 5847 454641 1 0 3 0x100080 kqread resolvd 66146 276741 7558 77 3 0x100092 kqread dhcpleased 65181 426154 7558 77 3 0x100092 kqread dhcpleased 7558 491225 1 0 3 0x80 kqread dhcpleased 70013 97921 0 0 3 0x14200 bored smr 90745 147141 0 0 2 0x14200 zerothread 11754 401111 0 0 3 0x14200 aiodoned aiodoned 53835 197533 0 0 3 0x14200 syncer update 17140 203867 0 0 3 0x14200 cleaner cleaner 97689 523571 0 0 3 0x14200 reaper reaper 21647 249233 0 0 3 0x14200 pgdaemon pagedaemon 30199 342169 0 0 3 0x14200 bored viomb 40225 510498 0 0 3 0x40014200 acpi0 acpi0 84522 478143 0 0 3 0x14200 bored softnet3 97447 421258 0 0 3 0x14200 bored softnet2 20707 87423 0 0 3 0x14200 bored softnet1 76762 235936 0 0 3 0x14200 bored softnet0 34056 121352 0 0 2 0x14200 systqmp 42138 197958 0 0 3 0x14200 bored systq 29051 314714 0 0 3 0x40014200 tmoslp softclock 43861 282077 0 0 3 0x40014200 idle0 1 138755 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10188 10095K 14329K 166960K 12670 0 pcb 18 18K 21K 166960K 236 0 rtable 205 6K 7K 166960K 1694 0 pf 36 14K 21K 166960K 156 0 ifaddr 41 7K 8K 166960K 228 0 ifgroup 54 2K 2K 166960K 254 0 sysctl 3 1K 1K 166960K 3 0 counters 31 17K 17K 166960K 82 0 ioctlops 0 0K 4K 166960K 190 0 iov 0 0K 16K 166960K 89 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1504 94K 95K 166960K 2756 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 18 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 28 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 18 65K 97K 166960K 1582 0 sigio 1 0K 0K 166960K 19 0 proc 58 59K 124K 166960K 1679 0 subproc 117 7K 7K 166960K 653 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 273 0 in_multi 86 6K 7K 166960K 574 0 ether_multi 1 0K 0K 166960K 5 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 97 440K 440K 166960K 97 0 exec 0 0K 1K 166960K 1075 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 239 81K 91K 166960K 13734 0 UVM aobj 64 3K 3K 166960K 65 0 pinsyscall 37 74K 102K 166960K 3661 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 45 0 NDP 12 0K 2K 166960K 161 0 temp 51 6809K 6889K 166960K 54376 0 kqueue 12 18K 30K 166960K 164 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 179 0 175 1 0 1 1 0 8 0 rtentry 112 599 0 505 4 0 4 4 0 8 0 unpcb 144 777 0 756 5 3 2 4 0 8 1 syncache 336 5 0 5 2 1 1 1 0 8 1 tcpqe 32 2 0 2 2 1 1 1 0 8 1 tcpcb 808 441 0 437 9 7 2 8 0 8 1 arp 88 109 0 90 1 0 1 1 0 8 0 ipq 40 11 0 10 1 0 1 1 0 8 0 ipqe 40 14 0 13 1 0 1 1 0 8 0 inpcb 336 1485 0 1472 16 7 9 15 0 8 7 nd6 104 156 0 135 1 0 1 1 0 8 0 pkpcb 40 41 0 41 2 1 1 1 0 8 1 kcovpl 48 50 0 41 1 0 1 1 0 8 0 ppxss 1072 5 0 5 1 0 1 1 0 8 1 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 4 0 2 1 0 1 1 0 8 0 pfstate 344 2 0 1 1 0 1 1 0 8 0 pfrule 1344 3 0 3 1 1 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 2339 0 1962 39 11 28 30 0 8 1 art_table 32 2341 0 1962 4 0 4 4 0 8 0 art_node 16 598 0 516 1 0 1 1 0 8 0 sysvmsgpl 40 41 0 1 1 0 1 1 0 8 0 semapl 112 25 0 15 1 0 1 1 0 8 0 shmpl 112 62 0 1 2 0 2 2 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 3291 0 1716 99 0 99 99 0 8 0 ffsino 240 3291 0 1716 93 0 93 93 0 8 0 nchpl 144 4771 0 3035 65 0 65 65 0 8 0 uvmvnodes 80 4382 0 0 90 0 90 90 0 8 0 vnodes 216 4382 0 0 244 0 244 244 0 8 0 namei 1024 20265 0 20263 5 2 3 3 0 8 2 kstatmem 264 126 0 102 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 27852 0 27852 9 7 2 8 1 8 2 plimitpl 152 297 0 279 1 0 1 1 0 8 0 sigapl 424 1795 0 1729 8 0 8 8 0 8 0 futexpl 64 13043 0 13039 1 0 1 1 0 8 0 knotepl 120 68076 0 68031 22 13 9 15 0 8 7 kqueuepl 184 401 0 392 4 3 1 4 0 8 0 pipepl 288 331 0 303 5 2 3 5 0 8 0 fdescpl 432 1758 0 1729 5 1 4 5 0 8 0 filepl 120 10254 0 9981 13 2 11 13 0 8 2 lockfpl 104 421 0 418 1 0 1 1 0 8 0 lockfspl 48 139 0 136 1 0 1 1 0 8 0 sessionpl 144 64 0 57 1 0 1 1 0 8 0 pgrppl 48 125 0 109 1 0 1 1 0 8 0 ucredpl 104 1506 0 1492 1 0 1 1 0 8 0 zombiepl 144 1911 0 1909 1 0 1 1 0 8 0 processpl 1096 1795 0 1729 5 0 5 5 0 8 0 procpl 648 3202 0 3124 8 0 8 8 0 8 0 sosppl 168 5 0 5 2 1 1 1 0 8 1 sockpl 504 2499 0 2461 36 24 12 25 0 8 7 mcl64k 65536 12 0 12 2 1 1 1 0 8 1 mcl16k 16384 2 0 2 1 1 0 1 0 8 0 mcl12k 12288 1 0 1 1 1 0 1 0 8 0 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 25 0 25 2 1 1 1 0 8 1 mcl4k 4096 11 0 11 1 1 0 1 0 8 0 mcl2k2 2112 2 0 2 1 1 0 1 0 8 0 mcl2k 2048 8160 0 8062 24 10 14 24 0 8 1 mtagpl 96 61 0 26 1 0 1 1 0 8 0 mbufpl 256 21057 0 20701 23 0 23 23 0 8 0 bufpl 280 8003 0 1758 447 0 447 447 0 8 0 anonpl 24 302279 0 295274 91 48 43 91 0 187 0 amapchunkpl 152 50739 0 50146 49 18 31 42 0 158 5 amappl16 200 6292 0 6108 32 22 10 16 0 8 0 amappl15 192 13 0 13 1 1 0 1 0 8 0 amappl14 184 199 0 190 1 0 1 1 0 8 0 amappl13 176 23 0 23 1 1 0 1 0 8 0 amappl12 168 3016 0 2987 3 1 2 3 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 9 0 8 1 0 1 1 0 8 0 amappl9 144 131 0 131 1 1 0 1 0 8 0 amappl8 136 22 0 20 1 0 1 1 0 8 0 amappl7 128 177 0 168 1 0 1 1 0 8 0 amappl6 120 571 0 569 1 0 1 1 0 8 0 amappl5 112 294 0 284 1 0 1 1 0 8 0 amappl4 104 414 0 401 1 0 1 1 0 8 0 amappl3 96 8754 0 8638 5 1 4 4 0 8 0 amappl2 88 1186 0 1137 2 0 2 2 0 8 0 amappl1 80 14501 0 14044 14 1 13 14 0 8 0 amappl 88 13019 0 12830 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 64 0 1 2 0 2 2 0 8 0 uaddrrnd 24 1758 0 1729 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1758 0 1729 1 0 1 1 0 8 0 vmmpekpl 168 15358 0 15300 3 0 3 3 0 8 0 vmmpepl 168 115007 0 113149 105 13 92 93 0 357 5 vmsppl 344 1757 0 1729 4 1 3 4 0 8 0 rwobjpl 24 38679 0 33274 33 0 33 33 0 8 0 pdppl 4096 3522 0 3458 186 120 66 82 0 8 2 pvpl 32 902191 0 888036 326 211 115 321 0 265 0 pmappl 216 1757 0 1729 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 551 0 190 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff80000118c000,1,fffffd807d8767f0) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff80000118c000,1,fffffd807d8767f0) at arp_rtrequest+0x65e sys/netinet/if_ether.c:184 rtrequest(1,ffff80002e3c7298,1,ffff80002e3c7368,0) at rtrequest+0xd2c sys/net/route.c:1103 rt_ifa_add(ffff800001216600,240004,ffff800001216658,0) at rt_ifa_add+0x38d sys/net/route.c:1273 rt_ifa_addlocal(ffff800001216600) at rt_ifa_addlocal+0x1b1 sys/net/route.c:1381 in_ifinit(ffff80000118c000,ffff800001216600,ffff80002e3c7630,1) at in_ifinit+0x26c sys/netinet/in.c:669 in_ioctl_change_ifaddr(8040691a,ffff80002e3c7620,ffff80000118c000) at in_ioctl_change_ifaddr+0x92c sys/netinet/in.c:504 ifioctl(fffffd806d4e09f0,8040691a,ffff80002e3c7620,ffff80002a4e2a40) at ifioctl+0x1519 pru_control sys/sys/protosw.h:355 [inline] ifioctl(fffffd806d4e09f0,8040691a,ffff80002e3c7620,ffff80002a4e2a40) at ifioctl+0x1519 sys/net/if.c:2449 sys_ioctl(ffff80002a4e2a40,ffff80002e3c7800,ffff80002e3c7750) at sys_ioctl+0x678 syscall(ffff80002e3c7800) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x478f7398870, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff80000118c000,1,fffffd807d8767f0) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:281 [inline] arp_rtrequest(ffff80000118c000,1,fffffd807d8767f0) at arp_rtrequest+0x65e sys/netinet/if_ether.c:184 rtrequest(1,ffff80002e3c7298,1,ffff80002e3c7368,0) at rtrequest+0xd2c sys/net/route.c:1103 rt_ifa_add(ffff800001216600,240004,ffff800001216658,0) at rt_ifa_add+0x38d sys/net/route.c:1273 rt_ifa_addlocal(ffff800001216600) at rt_ifa_addlocal+0x1b1 sys/net/route.c:1381 in_ifinit(ffff80000118c000,ffff800001216600,ffff80002e3c7630,1) at in_ifinit+0x26c sys/netinet/in.c:669 in_ioctl_change_ifaddr(8040691a,ffff80002e3c7620,ffff80000118c000) at in_ioctl_change_ifaddr+0x92c sys/netinet/in.c:504 ifioctl(fffffd806d4e09f0,8040691a,ffff80002e3c7620,ffff80002a4e2a40) at ifioctl+0x1519 pru_control sys/sys/protosw.h:355 [inline] ifioctl(fffffd806d4e09f0,8040691a,ffff80002e3c7620,ffff80002a4e2a40) at ifioctl+0x1519 sys/net/if.c:2449 sys_ioctl(ffff80002a4e2a40,ffff80002e3c7800,ffff80002e3c7750) at sys_ioctl+0x678 syscall(ffff80002e3c7800) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x478f7398870, count: -10