uvm_fault(0xffffffff838d4620, 0xffff80000158e0aa, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x65e: movzwl 0xc(%r15,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *177836 35845 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff800000039058,1,fffffd807d992e68) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd807d992e68) at arp_rtrequest+0x65e sys/netinet/if_ether.c:182 rtrequest(1,ffff80003c96aae8,0,ffff80003c96aa60,16) at rtrequest+0xd4c sys/net/route.c:1114 rtm_output(ffff80000158be00,ffff80003c96ab90,ffff80003c96aae8,0,16) at rtm_output+0x855 sys/net/rtsock.c:970 route_output(fffffd806eb4a800,ffff80000148d7c8) at route_output+0x9ac sys/net/rtsock.c:875 route_send(ffff80000148d7c8,fffffd806eb4a800,0,0) at route_send+0xd7 sys/net/rtsock.c:339 sosend(ffff80000148d7c8,0,ffff80003c96ad38,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c970028,7,ffff80003c96ae30,808,ffff80003c96aee0) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80003c970028,ffff80003c96af90,ffff80003c96aee0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c96af90) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c96af90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa9174b058b0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff838d4620, 0xffff80000158e0aa, 0, 1) -> e ddb> trace arp_rtrequest(ffff800000039058,1,fffffd807d992e68) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd807d992e68) at arp_rtrequest+0x65e sys/netinet/if_ether.c:182 rtrequest(1,ffff80003c96aae8,0,ffff80003c96aa60,16) at rtrequest+0xd4c sys/net/route.c:1114 rtm_output(ffff80000158be00,ffff80003c96ab90,ffff80003c96aae8,0,16) at rtm_output+0x855 sys/net/rtsock.c:970 route_output(fffffd806eb4a800,ffff80000148d7c8) at route_output+0x9ac sys/net/rtsock.c:875 route_send(ffff80000148d7c8,fffffd806eb4a800,0,0) at route_send+0xd7 sys/net/rtsock.c:339 sosend(ffff80000148d7c8,0,ffff80003c96ad38,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c970028,7,ffff80003c96ae30,808,ffff80003c96aee0) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80003c970028,ffff80003c96af90,ffff80003c96aee0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c96af90) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c96af90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa9174b058b0, count: -10 ddb> show registers rdi 0xffff800033932000 rsi 0x3d3 rbp 0xffff80003c96a930 rbx 0xde rdx 0xffff800033932000 rcx 0x100040600080100 rax 0xfffffd806e98e8e0 r8 0x20 r9 0xfffffd807d992e68 r10 0x56982f33417dbae6 r11 0x4a7dc0b5a611c87c r12 0x32 r13 0xfffffd806e98e800 r14 0xfffffd807d992e68 r15 0xffff80000158dfc0 rip 0xffffffff8237e14e arp_rtrequest+0x65e cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c96a8b0 ss 0x10 arp_rtrequest+0x65e: movzwl 0xc(%r15,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=177836 pid=35845 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c970a68,0xffff80002a9142d8 process=0xffff80002cd1d258 user=0xffff80003c966000, vmspace=0xfffffd806ba88010 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 27291 434658 85202 0 2 0 syz-executor 27291 3159 85202 0 2 0x4000000 syz-executor 78647 367070 81488 0 2 0 syz-executor 78647 377918 81488 0 3 0x4000080 fsleep syz-executor 35845 374434 77906 0 2 0 syz-executor *35845 177836 77906 0 7 0x4000000 syz-executor 92083 22709 9054 0 3 0x3000 suspend syz-executor 92083 452687 9054 0 2 0x4081000 syz-executor 92083 64897 9054 0 2 0x4081000 syz-executor 92083 95517 9054 0 2 0x4081000 syz-executor 89696 447005 54909 0 2 0 syz-executor 89696 520771 54909 0 3 0x4000080 kqsel syz-executor 89696 186505 54909 0 2 0x4000000 syz-executor 89696 30930 54909 0 3 0x4000080 fsleep syz-executor 89696 353538 54909 0 3 0x4000080 fsleep syz-executor 54909 152486 13451 0 2 0xc82 syz-executor 47966 97380 13451 0 2 0x2 syz-executor 55948 90898 54688 0 3 0x82 sbwait sshd-session 6736 316975 13451 0 2 0x2 syz-executor 9054 283382 13451 0 2 0xc82 syz-executor 60072 309198 0 0 3 0x14200 bored sosplice 85202 502254 13451 0 2 0xc82 syz-executor 81488 288611 13451 0 2 0xc82 syz-executor 77906 90320 13451 0 2 0xc82 syz-executor 19752 295529 13451 0 2 0x2 syz-executor 13451 432732 19230 0 3 0x82 kqread syz-executor 19230 122540 11535 0 3 0x10008a sigsusp ksh 11535 409091 33783 0 3 0x98 kqread sshd-session 33783 315689 54688 0 3 0x92 kqread sshd-session 56766 169109 1 0 3 0x100083 ttyin getty 54688 472058 1 0 3 0x88 kqread sshd 30342 349503 5312 73 3 0x1100090 kqread syslogd 5312 494015 1 0 3 0x100082 sbwait syslogd 95987 389745 1 0 3 0x100080 kqread resolvd 34501 414249 51279 77 3 0x100092 kqread dhcpleased 84945 251804 51279 77 3 0x100092 kqread dhcpleased 51279 356427 1 0 3 0x80 kqread dhcpleased 53882 423072 0 0 3 0x14200 bored smr 50494 330888 0 0 2 0x14200 zerothread 50552 430596 0 0 3 0x14200 aiodoned aiodoned 24689 30017 0 0 3 0x14200 syncer update 19974 327933 0 0 3 0x14200 cleaner cleaner 21204 83048 0 0 3 0x14200 reaper reaper 98950 296073 0 0 3 0x14200 pgdaemon pagedaemon 70844 441827 0 0 3 0x14200 bored viomb 43575 419178 0 0 3 0x40014200 acpi0 acpi0 89385 147349 0 0 3 0x14200 bored softnet7 84631 152532 0 0 3 0x14200 bored softnet6 39728 300653 0 0 3 0x14200 bored softnet5 39457 341491 0 0 3 0x14200 bored softnet4 24927 221086 0 0 3 0x14200 bored softnet3 14036 476293 0 0 3 0x14200 bored softnet2 94066 362582 0 0 3 0x14200 bored softnet1 57512 223426 0 0 2 0x14200 softnet0 9411 46714 0 0 3 0x14200 bored systqmp 55038 369436 0 0 3 0x14200 syncxs systq 72498 463296 0 0 2 0x40014200 softclock 3605 92114 0 0 3 0x40014200 idle0 1 123434 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10212 11245K 11723K 166960K 13223 0 pcb 18 14K 16K 166960K 276 0 rtable 185 7K 7K 166960K 518 0 pf 30 13K 16K 166960K 91 0 ifaddr 37 6K 7K 166960K 96 0 ifgroup 42 1K 2K 166960K 121 0 sysctl 3 1K 9K 166960K 11 0 counters 30 17K 18K 166960K 56 0 ioctlops 0 0K 4K 166960K 302 0 iov 0 0K 28K 166960K 41 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1527 96K 97K 166960K 2610 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 6K 166960K 11 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 29 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 15 53K 240K 166960K 917 0 sigio 0 0K 0K 166960K 71 0 proc 60 59K 100K 166960K 739 0 subproc 72 4K 4K 166960K 137 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 86 0 in_multi 77 5K 7K 166960K 204 0 ether_multi 1 0K 0K 166960K 10 0 mrt 1 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 493 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 67 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 227 166K 168K 166960K 8791 0 UVM aobj 16 2K 2K 166960K 17 0 pinsyscall 38 76K 94K 166960K 2095 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 42 0 NDP 9 0K 2K 166960K 61 0 temp 54 8670K 8779K 166960K 43725 0 kqueue 15 21K 28K 166960K 134 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle vscsiccb 40 1 0 0 1 0 1 1 0 8 0 rtpcb 120 89 0 85 1 0 1 1 0 8 0 rtentry 136 199 0 123 4 0 4 4 0 8 0 unpcb 144 695 0 675 4 3 1 4 0 8 0 syncache 336 7 0 7 1 1 0 1 0 8 0 tcpqe 32 3 0 3 1 1 0 1 0 8 0 tcpcb 736 384 0 376 17 9 8 10 0 8 7 arp 88 27 0 16 1 0 1 1 0 8 0 ipq 40 2 0 0 1 0 1 1 0 8 0 ipqe 40 3 0 1 1 0 1 1 0 8 0 inpcb 328 908 0 894 15 8 7 10 0 8 5 ip6q 72 6 0 2 1 0 1 1 0 8 0 ip6af 40 11 0 4 1 0 1 1 0 8 0 nd6 104 36 0 23 1 0 1 1 0 8 0 pkpcb 40 5 0 5 1 1 0 1 0 8 0 kcovpl 48 15 0 7 1 0 1 1 0 8 0 ppxss 1072 11 0 11 2 1 1 1 0 8 1 pppxif 1384 3 0 3 2 1 1 1 0 8 1 pfstscr 40 68 0 66 1 0 1 1 0 8 0 pfosfp 40 2 0 1 1 0 1 1 0 8 0 pfosfpen 112 2 0 1 1 0 1 1 0 8 0 pftag 88 3 0 0 1 0 1 1 0 8 0 pfstitem 24 8 0 0 1 0 1 1 0 8 0 pfstkey 128 41 0 35 1 0 1 1 0 8 0 pfstate 384 37 0 33 1 0 1 1 0 8 0 pfrule 1344 4 0 4 1 1 0 1 0 8 0 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 905 0 550 31 3 28 31 0 8 2 art_table 40 908 0 550 5 0 5 5 0 8 0 art_node 32 198 0 137 1 0 1 1 0 8 0 sysvmsgpl 40 5 0 4 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 24 0 14 1 0 1 1 0 8 0 shmpl 112 14 0 1 1 0 1 1 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 2985 0 1480 95 0 95 95 0 8 0 ffsino 256 2985 0 1480 95 0 95 95 0 8 0 nchpl 144 4099 0 2406 64 0 64 64 0 8 0 rtmask 32 1 0 1 1 1 0 1 0 8 0 uvmvnodes 80 3882 0 0 80 0 80 80 0 8 0 vnodes 216 3882 0 0 216 0 216 216 0 8 0 namei 1024 15066 0 15064 3 2 1 2 0 8 0 kstatmem 264 62 0 44 2 0 2 2 0 8 0 scsiplug 72 3 0 3 2 1 1 1 0 8 1 scxspl 216 14354 0 14349 9 7 2 8 1 8 0 plimitpl 152 137 0 119 1 0 1 1 0 8 0 sigapl 424 1164 0 1115 10 1 9 9 0 8 2 knotepl 120 513573 0 513523 16 6 10 10 0 8 6 kqueuepl 184 243 0 227 1 0 1 1 0 8 0 pipepl 304 226 0 199 8 5 3 8 0 8 0 fdescpl 448 1122 0 1094 5 1 4 5 0 8 0 filepl 120 7607 0 7376 15 5 10 14 0 8 0 lockfpl 104 546 0 542 2 1 1 2 0 8 0 lockfspl 48 259 0 255 1 0 1 1 0 8 0 sessionpl 144 32 0 23 1 0 1 1 0 8 0 pgrppl 48 68 0 50 1 0 1 1 0 8 0 ucredpl 104 1321 0 1310 1 0 1 1 0 8 0 zombiepl 144 1188 0 1187 1 0 1 1 0 8 0 processpl 1168 1164 0 1115 7 1 6 6 0 8 2 procpl 656 2170 0 2111 8 0 8 8 0 8 1 sosppl 168 1 0 1 1 0 1 1 0 8 1 sockpl 552 1724 0 1686 14 6 8 10 0 8 5 mcl64k 65536 129 0 129 1 0 1 1 0 8 1 mcl9k 9216 2 0 2 1 1 0 1 0 8 0 mcl8k 8192 15 0 15 2 1 1 1 0 8 1 mcl4k 4096 3297 0 3246 14 6 8 14 0 8 1 mcl2k 2048 1288 0 1278 4 1 3 3 0 8 1 mtagpl 96 30 0 17 1 0 1 1 0 8 0 mbufpl 256 11805 0 11630 15 0 15 15 0 8 0 bufpl 280 4833 0 124 337 0 337 337 0 8 0 anonpl 24 192117 0 180697 110 27 83 109 0 187 0 amapchunkpl 152 29911 0 29274 50 12 38 38 0 158 7 amappl16 200 3771 0 3304 48 22 26 44 0 8 0 amappl15 192 30 0 30 1 1 0 1 0 8 0 amappl14 184 126 0 114 1 0 1 1 0 8 0 amappl13 176 4 0 4 1 1 0 1 0 8 0 amappl12 168 1884 0 1856 3 1 2 3 0 8 0 amappl11 160 88 0 78 1 0 1 1 0 8 0 amappl10 152 4 0 4 1 1 0 1 0 8 0 amappl9 144 244 0 244 1 1 0 1 0 8 0 amappl8 136 50 0 48 1 0 1 1 0 8 0 amappl7 128 120 0 109 1 0 1 1 0 8 0 amappl6 120 245 0 241 1 0 1 1 0 8 0 amappl5 112 143 0 136 1 0 1 1 0 8 0 amappl4 104 304 0 289 1 0 1 1 0 8 0 amappl3 96 5665 0 5566 4 0 4 4 0 8 0 amappl2 88 742 0 680 2 0 2 2 0 8 0 amappl1 80 12348 0 11723 14 0 14 14 0 8 0 amappl 88 7902 0 7745 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 8 0 8 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 16 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1122 0 1094 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1122 0 1094 1 0 1 1 0 8 0 vmmpekpl 168 10097 0 10052 3 0 3 3 0 8 0 vmmpepl 168 79312 0 76949 132 18 114 132 0 357 3 vmsppl 368 1121 0 1094 4 1 3 4 0 8 0 rwobjpl 40 26339 0 21064 54 0 54 54 0 8 0 pdppl 4096 2250 0 2188 114 46 68 80 0 8 6 pvpl 32 502585 0 485001 222 60 162 216 0 265 6 pmappl 216 1121 0 1094 3 1 2 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 417 0 74 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff800000039058,1,fffffd807d992e68) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd807d992e68) at arp_rtrequest+0x65e sys/netinet/if_ether.c:182 rtrequest(1,ffff80003c96aae8,0,ffff80003c96aa60,16) at rtrequest+0xd4c sys/net/route.c:1114 rtm_output(ffff80000158be00,ffff80003c96ab90,ffff80003c96aae8,0,16) at rtm_output+0x855 sys/net/rtsock.c:970 route_output(fffffd806eb4a800,ffff80000148d7c8) at route_output+0x9ac sys/net/rtsock.c:875 route_send(ffff80000148d7c8,fffffd806eb4a800,0,0) at route_send+0xd7 sys/net/rtsock.c:339 sosend(ffff80000148d7c8,0,ffff80003c96ad38,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c970028,7,ffff80003c96ae30,808,ffff80003c96aee0) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80003c970028,ffff80003c96af90,ffff80003c96aee0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c96af90) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c96af90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa9174b058b0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff800000039058,1,fffffd807d992e68) at arp_rtrequest+0x65e arprequest sys/netinet/if_ether.c:279 [inline] arp_rtrequest(ffff800000039058,1,fffffd807d992e68) at arp_rtrequest+0x65e sys/netinet/if_ether.c:182 rtrequest(1,ffff80003c96aae8,0,ffff80003c96aa60,16) at rtrequest+0xd4c sys/net/route.c:1114 rtm_output(ffff80000158be00,ffff80003c96ab90,ffff80003c96aae8,0,16) at rtm_output+0x855 sys/net/rtsock.c:970 route_output(fffffd806eb4a800,ffff80000148d7c8) at route_output+0x9ac sys/net/rtsock.c:875 route_send(ffff80000148d7c8,fffffd806eb4a800,0,0) at route_send+0xd7 sys/net/rtsock.c:339 sosend(ffff80000148d7c8,0,ffff80003c96ad38,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80003c970028,7,ffff80003c96ae30,808,ffff80003c96aee0) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80003c970028,ffff80003c96af90,ffff80003c96aee0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c96af90) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c96af90) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa9174b058b0, count: -10