uvm_fault(0xfffffd8069c578b0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at rtrequest+0x8e1: movzbl 0(%r14),%r15d TID PID UID PRFLAGS PFLAGS CPU COMMAND *346206 13884 0 0 0x4000000 0 syz-executor.7 rtrequest(1,ffff80002e881c08,0,ffff80002e881b78,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d3b300,ffff80002e881cb0,ffff80002e881c08,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd805c3c1500,fffffd8068a98918) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd8068a98918,fffffd805c3c1500,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd8068a98918,0,ffff80002e881e80,0,0,0) at sosend+0x66d sendit(ffff80002170e7e8,3,ffff80002e881f80,0,ffff80002e882060) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002170e7e8,ffff80002e882010,ffff80002e882060) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff80002e8820e0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3a769b755b0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xfffffd8069c578b0, 0x0, 0, 1) -> e ddb> trace rtrequest(1,ffff80002e881c08,0,ffff80002e881b78,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d3b300,ffff80002e881cb0,ffff80002e881c08,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd805c3c1500,fffffd8068a98918) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd8068a98918,fffffd805c3c1500,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd8068a98918,0,ffff80002e881e80,0,0,0) at sosend+0x66d sendit(ffff80002170e7e8,3,ffff80002e881f80,0,ffff80002e882060) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002170e7e8,ffff80002e882010,ffff80002e882060) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff80002e8820e0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3a769b755b0, count: -9 ddb> show registers rdi 0xffff800027ff7000 rsi 0x2e7 rbp 0xffff80002e881b50 rbx 0x33 rdx 0xffff800027ff7000 rcx 0x2e6 rax 0xffffffff81448f22 rt_putgwroute+0x112 r8 0x20 r9 0 r10 0x9bbc1a9ff1951583 r11 0x22cb15d6797caf5b r12 0xfffffd807a4f9018 r13 0xffff80002e881c08 r14 0 r15 0xffff8000006c6a70 rip 0xffffffff81447e21 rtrequest+0x8e1 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002e881a60 ss 0x10 rtrequest+0x8e1: movzbl 0(%r14),%r15d ddb> show proc PROC (syz-executor.7) tid=346206 pid=13884 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=81, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002170daa0,0xffff80002170e550 process=0xffff8000216d57a0 user=0xffff80002e87d000, vmspace=0xfffffd8069c578b0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 88840 15178 22439 0 2 0 syz-executor.6 13884 289662 23288 0 2 0 syz-executor.7 *13884 346206 23288 0 7 0x4000000 syz-executor.7 91687 23953 94274 0 2 0 syz-executor.2 91687 446404 94274 0 2 0x4000000 syz-executor.2 13648 75830 10679 0 2 0 syz-executor.0 13648 44828 10679 0 3 0x4000080 fsleep syz-executor.0 20006 215276 50183 0 2 0 syz-executor.1 20006 373692 50183 0 3 0x4000080 fsleep syz-executor.1 88438 472995 10530 0 2 0 syz-executor.3 88438 85922 10530 0 3 0x4000080 fsleep syz-executor.3 92875 239150 97047 0 3 0x80 nanoslp syz-executor.5 92875 127593 97047 0 3 0x4000080 netio syz-executor.5 92875 115306 97047 0 3 0x4000080 fsleep syz-executor.5 97047 252765 57953 0 3 0x82 nanoslp syz-executor.5 99336 161768 1 0 3 0x80 nanoslp init 61073 415985 0 0 3 0x14200 acct acct 81436 281581 0 0 3 0x14200 bored sosplice 22439 324119 57953 0 3 0x82 nanoslp syz-executor.6 23288 431945 57953 0 3 0x82 nanoslp syz-executor.7 10530 355289 57953 0 3 0x82 nanoslp syz-executor.3 94274 452909 57953 0 3 0x82 nanoslp syz-executor.2 50183 325488 57953 0 3 0x82 nanoslp syz-executor.1 10679 250471 57953 0 3 0x82 nanoslp syz-executor.0 71875 231284 57953 0 3 0x82 nanoslp syz-executor.4 57953 464465 58194 0 3 0x2000082 thrsleep syz-fuzzer 57953 321584 58194 0 3 0x6000082 nanoslp syz-fuzzer 57953 262438 58194 0 3 0x6000082 wait syz-fuzzer 57953 401545 58194 0 3 0x6000082 wait syz-fuzzer 57953 79985 58194 0 3 0x6000082 wait syz-fuzzer 57953 509420 58194 0 3 0x6000082 thrsleep syz-fuzzer 57953 191102 58194 0 3 0x6000082 wait syz-fuzzer 57953 289555 58194 0 3 0x6000082 wait syz-fuzzer 57953 23588 58194 0 3 0x6000082 wait syz-fuzzer 57953 166497 58194 0 3 0x6000082 thrsleep syz-fuzzer 57953 286644 58194 0 3 0x6000082 wait syz-fuzzer 57953 312195 58194 0 3 0x6000082 kqread syz-fuzzer 57953 229113 58194 0 3 0x6000082 thrsleep syz-fuzzer 57953 341769 58194 0 3 0x6000082 wait syz-fuzzer 58194 289972 78106 0 3 0x10008a sigsusp ksh 78106 122124 37442 0 3 0x9a kqread sshd 37442 476265 1 0 3 0x88 kqread sshd 22092 130976 76651 73 2 0x1100010 syslogd 76651 211028 1 0 3 0x100082 netio syslogd 17169 460705 1 0 3 0x100080 kqread resolvd 2847 519199 30366 77 3 0x100092 kqread dhcpleased 38293 39531 30366 77 3 0x100092 kqread dhcpleased 30366 104793 1 0 3 0x80 kqread dhcpleased 84365 408258 0 0 3 0x14200 bored smr 69409 362069 0 0 2 0x14200 zerothread 9797 478580 0 0 3 0x14200 aiodoned aiodoned 40082 404909 0 0 3 0x14200 syncer update 94987 207610 0 0 3 0x14200 cleaner cleaner 18271 516169 0 0 3 0x14200 reaper reaper 25518 89230 0 0 3 0x14200 pgdaemon pagedaemon 38042 320606 0 0 3 0x14200 bored viomb 29102 201786 0 0 3 0x40014200 acpi0 acpi0 39686 98051 0 0 3 0x14200 bored softnet3 5647 108483 0 0 3 0x14200 bored softnet2 94297 181431 0 0 3 0x14200 bored softnet1 30457 347359 0 0 3 0x14200 bored softnet0 95998 240217 0 0 3 0x14200 bored systqmp 51007 292079 0 0 3 0x14200 bored systq 54097 488084 0 0 3 0x40014200 tmoslp softclock 57105 104382 0 0 3 0x40014200 idle0 1 85488 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10172 6406K 6982K 78643K 12388 0 pcb 14 8K 8K 78643K 67 0 rtable 239 7K 7K 78643K 408 0 pf 29 8K 9K 78643K 52 0 ifaddr 43 11K 11K 78643K 59 0 ifgroup 50 2K 2K 78643K 87 0 sysctl 2 0K 0K 78643K 2 0 counters 28 17K 17K 78643K 37 0 ioctlops 0 0K 2K 78643K 41 0 iov 0 0K 16K 78643K 30 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1286 80K 81K 78643K 1676 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 4 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 23 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 69K 78643K 1213 0 sigio 0 0K 0K 78643K 10 0 proc 51 50K 67K 78643K 545 0 subproc 104 6K 6K 78643K 117 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 77 0 in_multi 99 7K 7K 78643K 134 0 ether_multi 1 0K 0K 78643K 8 0 mrt 2 0K 0K 78643K 11 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 425 0 pfkey data 0 0K 0K 78643K 1 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 301 96K 100K 78643K 12545 0 UVM aobj 7 2K 2K 78643K 7 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 16 0 NDP 11 0K 2K 78643K 38 0 temp 74 5916K 5980K 78643K 16633 0 kqueue 12 18K 23K 78643K 64 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 50 0 46 1 0 1 1 0 8 0 rtentry 112 124 0 13 4 0 4 4 0 8 0 unpcb 144 239 0 226 1 0 1 1 0 8 0 syncache 304 34 0 34 2 1 1 1 0 8 1 tcpqe 32 386 0 386 4 4 0 2 0 8 0 tcpcb 808 177 0 154 4 1 3 3 0 8 0 arp 88 20 0 2 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 2 0 2 1 1 0 1 0 8 0 inpcb 336 465 0 437 4 1 3 3 0 8 0 nd6 104 27 0 3 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 1 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1160 2 0 2 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 499 0 44 29 0 29 29 0 8 0 art_table 32 500 0 44 4 0 4 4 0 8 0 art_node 16 121 0 21 1 0 1 1 0 8 0 sysvmsgpl 40 60 0 22 1 0 1 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 12 0 2 1 0 1 1 0 8 0 shmpl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2904 0 1455 91 0 91 91 0 8 0 ffsino 240 2904 0 1455 86 0 86 86 0 8 0 nchpl 144 4400 0 2759 63 0 63 63 0 8 0 uvmvnodes 80 3293 0 0 68 0 68 68 0 8 0 vnodes 216 3293 0 0 183 0 183 183 0 8 0 namei 1024 12608 0 12608 2 1 1 2 0 8 1 vcpupl 2048 2 0 0 1 0 1 1 0 8 0 vmpool 664 6 0 4 1 0 1 1 0 8 0 kstatmem 264 40 0 18 2 0 2 2 0 8 0 scxspl 216 15779 0 15779 12 10 2 8 1 8 2 plimitpl 152 96 0 82 1 0 1 1 0 8 0 sigapl 424 1511 0 1464 6 0 6 6 0 8 0 futexpl 64 6562 0 6558 1 0 1 1 0 8 0 knotepl 120 12520 0 12440 4 0 4 4 0 8 0 kqueuepl 184 97 0 89 1 0 1 1 0 8 0 pipepl 288 159 0 131 4 1 3 3 0 8 0 fdescpl 432 1493 0 1465 4 0 4 4 0 8 0 filepl 120 4566 0 4325 8 0 8 8 0 8 0 lockfpl 104 280 0 277 1 0 1 1 0 8 0 lockfspl 48 129 0 126 1 0 1 1 0 8 0 sessionpl 144 25 0 10 1 0 1 1 0 8 0 pgrppl 48 29 0 14 1 0 1 1 0 8 0 ucredpl 104 557 0 544 1 0 1 1 0 8 0 zombiepl 144 1465 0 1464 1 0 1 1 0 8 0 processpl 1008 1511 0 1464 7 1 6 6 0 8 0 procpl 680 2755 0 2688 7 1 6 7 0 8 0 sosppl 168 19 0 17 2 1 1 1 0 8 0 sockpl 456 755 0 710 8 1 7 7 0 8 1 mcl64k 65536 16 0 15 2 1 1 1 0 8 0 mcl16k 16384 17 0 17 1 0 1 1 0 8 1 mcl12k 12288 3 0 2 2 1 1 1 0 8 0 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 25 0 24 3 2 1 1 0 8 0 mcl4k 4096 111 0 111 3 2 1 2 0 8 1 mcl2k 2048 59410 0 59358 53 41 12 30 0 8 4 mtagpl 96 135 0 14 4 1 3 3 0 8 0 mbufpl 256 105603 0 105199 82 55 27 68 0 8 0 bufpl 288 6233 0 140 436 0 436 436 0 8 0 anonpl 24 332905 0 321871 98 4 94 97 0 188 19 amapchunkpl 152 41594 0 40794 44 3 41 41 0 158 10 amappl16 200 8965 0 8644 39 9 30 31 0 8 12 amappl15 192 15 0 15 1 1 0 1 0 8 0 amappl14 184 154 0 144 2 1 1 2 0 8 0 amappl13 176 14 0 14 1 1 0 1 0 8 0 amappl12 168 2160 0 2133 2 0 2 2 0 8 0 amappl11 160 59 0 48 1 0 1 1 0 8 0 amappl10 152 30 0 21 1 0 1 1 0 8 0 amappl9 144 179 0 179 1 1 0 1 0 8 0 amappl8 136 192 0 143 2 0 2 2 0 8 0 amappl7 128 200 0 180 2 0 2 2 0 8 0 amappl6 120 268 0 261 1 0 1 1 0 8 0 amappl5 112 151 0 141 1 0 1 1 0 8 0 amappl4 104 433 0 410 2 1 1 2 0 8 0 amappl3 96 8317 0 8237 3 0 3 3 0 8 0 amappl2 88 1948 0 1881 3 1 2 3 0 8 0 amappl1 80 13280 0 12794 22 10 12 22 0 8 0 amappl 88 12027 0 11816 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 6 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1499 0 1469 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1499 0 1469 1 0 1 1 0 8 0 vmmpekpl 168 14632 0 14578 3 0 3 3 0 8 0 vmmpepl 168 108595 0 106520 121 20 101 110 0 357 8 vmsppl 368 1498 0 1469 3 0 3 3 0 8 0 rwobjpl 24 36338 0 31776 30 1 29 29 0 8 0 pdppl 4096 3004 0 2940 130 64 66 66 0 8 2 pvpl 32 726514 0 710366 360 49 311 360 0 265 164 pmappl 216 1498 0 1469 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 948 0 172 23 0 23 23 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace rtrequest(1,ffff80002e881c08,0,ffff80002e881b78,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d3b300,ffff80002e881cb0,ffff80002e881c08,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd805c3c1500,fffffd8068a98918) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd8068a98918,fffffd805c3c1500,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd8068a98918,0,ffff80002e881e80,0,0,0) at sosend+0x66d sendit(ffff80002170e7e8,3,ffff80002e881f80,0,ffff80002e882060) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002170e7e8,ffff80002e882010,ffff80002e882060) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff80002e8820e0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3a769b755b0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace rtrequest(1,ffff80002e881c08,0,ffff80002e881b78,0) at rtrequest+0x8e1 sys/net/route.c:941 rtm_output(ffff800000d3b300,ffff80002e881cb0,ffff80002e881c08,0,0) at rtm_output+0x5f7 sys/net/rtsock.c:958 route_output(fffffd805c3c1500,fffffd8068a98918) at route_output+0x6bc sys/net/rtsock.c:863 route_send(fffffd8068a98918,fffffd805c3c1500,0,0) at route_send+0x8f sys/net/rtsock.c:339 sosend(fffffd8068a98918,0,ffff80002e881e80,0,0,0) at sosend+0x66d sendit(ffff80002170e7e8,3,ffff80002e881f80,0,ffff80002e882060) at sendit+0x65d sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002170e7e8,ffff80002e882010,ffff80002e882060) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff80002e8820e0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3a769b755b0, count: -9