uvm_fault(0xffffffff839be478, 0xffff80000150e0aa, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *377105 24212 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff8000001a0058,1,fffffd806c81ebc0) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000001a0058,1,fffffd806c81ebc0) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c98d9a0,0,ffff80003c98d910,16) at rtrequest+0xf08 sys/net/route.c:1114 rtm_output(ffff800000b54c00,ffff80003c98da48,ffff80003c98d9a0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd8076b8a800,ffff800010fd0270) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff800010fd0270,fffffd8076b8a800,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fd0270,0,ffff80003c98dbf8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002fcf0d18,3,ffff80003c98dcf0,808,ffff80003c98dd90) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002fcf0d18,ffff80003c98de40,ffff80003c98dd90) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c98de40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c98de40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xfaa7f451d20, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff839be478, 0xffff80000150e0aa, 0, 1) -> e ddb> trace arp_rtrequest(ffff8000001a0058,1,fffffd806c81ebc0) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000001a0058,1,fffffd806c81ebc0) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c98d9a0,0,ffff80003c98d910,16) at rtrequest+0xf08 sys/net/route.c:1114 rtm_output(ffff800000b54c00,ffff80003c98da48,ffff80003c98d9a0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd8076b8a800,ffff800010fd0270) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff800010fd0270,fffffd8076b8a800,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fd0270,0,ffff80003c98dbf8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002fcf0d18,3,ffff80003c98dcf0,808,ffff80003c98dd90) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002fcf0d18,ffff80003c98de40,ffff80003c98dd90) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c98de40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c98de40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xfaa7f451d20, count: -10 ddb> show registers rdi 0xffff800030cf2000 rsi 0x387 rbp 0xffff80003c98d7f0 rbx 0xde rdx 0xffff800030cf2000 rcx 0xffff80000150dfc0 rax 0xfffffd8076b8a1e0 r8 0x20 r9 0xfffffd806c81ebc0 r10 0x3b2c0af74c823605 r11 0x790047d4551d99c6 r12 0x26 r13 0xfffffd8076b8a100 r14 0xfffffd806c81ebc0 r15 0xffff8000001a0058 rip 0xffffffff817e8dd4 arp_rtrequest+0x6a4 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c98d770 ss 0x10 arp_rtrequest+0x6a4: movzwl 0xc(%rcx,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=377105 pid=24212 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002fcf1ca8,0xffffffff83928328 process=0xffff80002fcecd98 user=0xffff80003c988000, vmspace=0xfffffd806cb1b460 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 24212 341214 48784 0 2 0 syz-executor *24212 377105 48784 0 7 0x4000000 syz-executor 51360 206653 75955 0 2 0 syz-executor 51360 298238 75955 0 3 0x4000080 fsleep syz-executor 2149 28073 6405 0 2 0xc80 syz-executor 2149 461628 6405 0 3 0x4000080 fsleep syz-executor 80065 486502 37130 0 2 0xc80 syz-executor 80065 424685 37130 0 3 0x4000080 lockf syz-executor 80065 510922 37130 0 3 0x4000080 fsleep syz-executor 64441 422679 66259 0 2 0 syz-executor 64441 438686 66259 0 2 0x4000000 syz-executor 64441 242183 66259 0 3 0x4000000 inode syz-executor 64441 510803 66259 0 3 0x4000000 inode syz-executor 64441 309081 66259 0 3 0x4000000 fltagain2 syz-executor 64441 339652 66259 0 3 0x4000000 pipecl syz-executor 87822 475404 44333 0 2 0xc80 syz-executor 87822 310251 44333 0 3 0x4000080 kqread syz-executor 87822 26765 44333 0 3 0x4000080 fsleep syz-executor 44333 496445 8401 0 2 0xc82 syz-executor 75955 25372 8401 0 2 0xc82 syz-executor 37130 51689 8401 0 2 0xc82 syz-executor 6405 283607 8401 0 2 0xc82 syz-executor 48784 329501 8401 0 2 0xc82 syz-executor 96755 400585 8401 0 2 0xc82 syz-executor 66259 40375 8401 0 2 0xc82 syz-executor 51941 157025 8401 0 2 0xc82 syz-executor 8401 473540 95123 0 3 0x82 kqread syz-executor 95123 211112 99684 0 3 0x10008a sigsusp ksh 99684 214542 74474 0 3 0x98 kqread sshd-session 74474 491468 87690 0 3 0x92 kqread sshd-session 27312 246345 1 0 3 0x100083 ttyin getty 87690 470993 1 0 3 0x88 kqread sshd 70446 313669 1352 73 3 0x1100090 kqread syslogd 1352 407632 1 0 3 0x100082 sbwait syslogd 11012 51820 1 0 3 0x100080 kqread resolvd 17157 167759 4660 77 3 0x100092 kqread dhcpleased 98089 407172 4660 77 3 0x100092 kqread dhcpleased 4660 61 1 0 3 0x80 kqread dhcpleased 62525 101333 0 0 3 0x14200 bored smr 67220 380386 0 0 2 0x14200 zerothread 64515 240251 0 0 3 0x14200 aiodoned aiodoned 70563 275194 0 0 3 0x14200 syncer update 69521 299542 0 0 3 0x14200 cleaner cleaner 15061 42904 0 0 3 0x14200 reaper reaper 43212 35894 0 0 3 0x14200 pgdaemon pagedaemon 17186 288216 0 0 3 0x14200 bored viomb 7461 243681 0 0 3 0x40014200 acpi0 acpi0 19671 415039 0 0 3 0x14200 bored softnet0 59685 435337 0 0 2 0x14200 systqmp 17072 379070 0 0 3 0x14200 bored systq 73973 436916 0 0 3 0x40014200 tmoslp softclock 177 424926 0 0 3 0x40014200 idle0 1 20635 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10191 11239K 11772K 166960K 12929 0 pcb 18 16K 17K 166960K 275 0 rtable 213 8K 8K 166960K 458 0 pf 30 12K 14K 166960K 203 0 ifaddr 36 6K 7K 166960K 68 0 ifgroup 50 2K 2K 166960K 101 0 sysctl 2 1K 9K 166960K 10 0 counters 33 17K 18K 166960K 120 0 ioctlops 0 0K 4K 166960K 335 0 iov 0 0K 12K 166960K 35 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1434 90K 91K 166960K 2023 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 15 0 VM map 2 1K 1K 166960K 2 0 sem 16 5K 5K 166960K 20 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1732 201K 291K 166960K 11958 0 file desc 18 65K 97K 166960K 622 0 sigio 0 0K 0K 166960K 113 0 proc 61 67K 108K 166960K 523 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 266 0 in_multi 77 5K 7K 166960K 118 0 ether_multi 1 0K 0K 166960K 6 0 mrt 1 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 431 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 249 152K 168K 166960K 7179 0 UVM aobj 23 4K 6K 166960K 29 0 pinsyscall 39 78K 96K 166960K 1695 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 34 0 NDP 11 0K 2K 166960K 44 0 temp 79 8672K 8780K 166960K 16975 0 kqueue 14 22K 28K 166960K 120 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 132 0 128 2 0 2 2 0 8 1 rtentry 136 132 0 48 4 0 4 4 0 8 0 unpcb 144 446 0 428 4 0 4 4 0 8 3 syncache 336 4 0 4 1 0 1 1 0 8 1 tcpcb 736 242 0 235 7 0 7 7 0 8 6 arp 96 20 0 5 1 0 1 1 0 8 0 ipq 40 4 0 0 1 0 1 1 0 8 0 ipqe 40 132 0 128 1 0 1 1 0 8 0 inpcb 328 837 0 824 9 0 9 9 0 8 7 nd6 112 30 0 8 1 0 1 1 0 8 0 pkpcb 40 3 0 3 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 mppekey 1024 3 0 3 1 0 1 1 0 8 1 ppxss 1072 81 0 81 1 0 1 1 0 8 1 pppxif 1384 4 0 4 1 0 1 1 0 8 1 pftag 88 1 0 0 1 0 1 1 0 8 0 pfrule 1344 67 0 67 1 0 1 1 0 8 1 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 530 0 161 29 0 29 29 0 8 5 art_table 40 534 0 161 5 0 5 5 0 8 0 art_node 32 131 0 55 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 15 0 1 1 0 1 1 0 8 0 shmpl 112 24 0 5 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2500 0 1000 95 0 95 95 0 8 0 ffsino 256 2500 0 1000 95 0 95 95 0 8 0 nchpl 144 3385 0 1690 64 0 64 64 0 8 0 rtmask 32 1 0 1 1 0 1 1 0 8 1 vnodes 216 2270 0 0 127 0 127 127 0 8 0 namei 1024 11059 0 11057 1 0 1 1 0 8 0 vcpupl 3904 1 0 0 1 0 1 1 0 8 0 vmpool 800 2 0 1 1 0 1 1 0 8 0 kstatmem 264 54 0 32 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 12973 0 12973 8 0 8 8 1 8 8 plimitpl 152 141 0 122 1 0 1 1 0 8 0 sigapl 424 910 0 867 6 0 6 6 0 8 1 knotepl 120 26895 0 26846 16 6 10 16 0 8 8 kqueuepl 184 192 0 177 1 0 1 1 0 8 0 pipepl 304 156 0 128 3 0 3 3 0 8 0 fdescpl 448 896 0 866 5 0 5 5 0 8 1 filepl 120 5335 0 5098 11 0 11 11 0 8 3 lockfpl 104 240 0 235 2 0 2 2 0 8 1 lockfspl 48 79 0 75 1 0 1 1 0 8 0 sessionpl 144 22 0 14 1 0 1 1 0 8 0 pgrppl 48 45 0 29 1 0 1 1 0 8 0 ucredpl 104 853 0 841 1 0 1 1 0 8 0 zombiepl 144 869 0 867 1 0 1 1 0 8 0 processpl 1152 910 0 867 4 0 4 4 0 8 0 procpl 664 1645 0 1590 6 0 6 6 0 8 1 sosppl 176 7 0 7 1 0 1 1 0 8 1 sockpl 552 1441 0 1406 10 0 10 10 0 8 7 mcl64k 65536 142 0 140 1 0 1 1 0 8 0 mcl16k 16384 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 11 0 11 1 0 1 1 0 8 1 mcl4k 4096 3196 0 3145 15 0 15 15 0 8 8 mcl2k2 2112 2 0 2 1 0 1 1 0 8 1 mcl2k 2048 871 0 863 2 0 2 2 0 8 1 mtagpl 96 143 0 8 4 0 4 4 0 8 0 mbufpl 256 10087 0 9787 30 3 27 30 0 8 7 bufpl 280 3573 0 119 247 0 247 247 0 8 0 anonpl 24 129928 0 125325 44 0 44 44 0 187 16 amapchunkpl 152 28833 0 28305 34 0 34 34 0 158 13 amappl16 200 1944 0 1829 15 4 11 15 0 8 4 amappl15 192 6 0 5 1 0 1 1 0 8 0 amappl14 184 3 0 3 1 0 1 1 0 8 1 amappl13 176 401 0 400 1 0 1 1 0 8 0 amappl12 168 1233 0 1194 2 0 2 2 0 8 0 amappl11 160 1 0 1 1 0 1 1 0 8 1 amappl10 152 45 0 34 1 0 1 1 0 8 0 amappl9 144 291 0 291 1 0 1 1 0 8 1 amappl8 136 19 0 18 1 0 1 1 0 8 0 amappl7 128 82 0 81 1 0 1 1 0 8 0 amappl6 120 269 0 257 1 0 1 1 0 8 0 amappl5 112 79 0 70 1 0 1 1 0 8 0 amappl4 104 375 0 352 1 0 1 1 0 8 0 amappl3 96 3955 0 3857 3 0 3 3 0 8 0 amappl2 88 1028 0 952 2 0 2 2 0 8 0 amappl1 80 11086 0 10556 13 0 13 13 0 8 1 amappl 88 6397 0 6219 5 0 5 5 0 92 0 uvmvnodes 80 109 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 28 0 6 1 0 1 1 0 8 0 uaddrrnd 24 896 0 866 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 896 0 866 1 0 1 1 0 8 0 vmmpekpl 168 8402 0 8375 2 0 2 2 0 8 0 vmmpepl 168 62088 0 60144 91 0 91 91 0 357 6 vmsppl 368 895 0 866 4 0 4 4 0 8 1 rwobjpl 40 18004 0 16929 13 0 13 13 0 8 2 pdppl 4096 1803 0 1735 100 32 68 83 0 8 0 pvpl 32 376763 0 365536 114 0 114 114 0 265 20 pmappl 216 897 0 867 3 0 3 3 0 8 0 extentpl 40 46 0 28 1 0 1 1 0 8 0 phpool 112 398 0 35 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff8000001a0058,1,fffffd806c81ebc0) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000001a0058,1,fffffd806c81ebc0) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c98d9a0,0,ffff80003c98d910,16) at rtrequest+0xf08 sys/net/route.c:1114 rtm_output(ffff800000b54c00,ffff80003c98da48,ffff80003c98d9a0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd8076b8a800,ffff800010fd0270) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff800010fd0270,fffffd8076b8a800,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fd0270,0,ffff80003c98dbf8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002fcf0d18,3,ffff80003c98dcf0,808,ffff80003c98dd90) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002fcf0d18,ffff80003c98de40,ffff80003c98dd90) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c98de40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c98de40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xfaa7f451d20, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff8000001a0058,1,fffffd806c81ebc0) at arp_rtrequest+0x6a4 arprequest sys/netinet/if_ether.c:325 [inline] arp_rtrequest(ffff8000001a0058,1,fffffd806c81ebc0) at arp_rtrequest+0x6a4 sys/netinet/if_ether.c:226 rtrequest(1,ffff80003c98d9a0,0,ffff80003c98d910,16) at rtrequest+0xf08 sys/net/route.c:1114 rtm_output(ffff800000b54c00,ffff80003c98da48,ffff80003c98d9a0,0,16) at rtm_output+0x91a sys/net/rtsock.c:953 route_output(fffffd8076b8a800,ffff800010fd0270) at route_output+0xa2b sys/net/rtsock.c:858 route_send(ffff800010fd0270,fffffd8076b8a800,0,0) at route_send+0xd7 sys/net/rtsock.c:322 sosend(ffff800010fd0270,0,ffff80003c98dbf8,0,0,808) at sosend+0x804 sys/kern/uipc_socket.c:-1 sendit(ffff80002fcf0d18,3,ffff80003c98dcf0,808,ffff80003c98dd90) at sendit+0x5a5 sys/kern/uipc_syscalls.c:785 sys_sendto(ffff80002fcf0d18,ffff80003c98de40,ffff80003c98dd90) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:563 syscall(ffff80003c98de40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c98de40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xfaa7f451d20, count: -10