uvm_fault(0xfffffd807a2a2d00, 0x1, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at in6ifa_ifpforlinklocal+0x48: movzbl 0x1(%r13),%r12d
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xfffffd807a2a2d00, 0x1, 0, 1) -> e
in6ifa_ifpforlinklocal(ffff800000ac3000,0) at in6ifa_ifpforlinklocal+0x48 sys/netinet6/in6.c:1169
end trace frame: 0xffff800023112db0, count: 0
ddb{0}> trace
in6ifa_ifpforlinklocal(ffff800000ac3000,0) at in6ifa_ifpforlinklocal+0x48 sys/netinet6/in6.c:1169
in6_ifattach(ffff800000ac3000) at in6_ifattach+0x160 sys/netinet6/in6_ifattach.c:393
in6_ioctl_change_ifaddr(8080691a,ffff800023112f70,ffff800000ac3000) at in6_ioctl_change_ifaddr+0x3de sys/netinet6/in6.c:349
ifioctl(fffffd806f67c4b0,8080691a,ffff800023112f70,ffff800020e13d60) at ifioctl+0xe70 sys/net/if.c:2288
soo_ioctl(fffffd806ca3e600,8080691a,ffff800023112f70,ffff800020e13d60) at soo_ioctl+0x27c sys/kern/sys_socket.c:138
sys_ioctl(ffff800020e13d60,ffff800023113088,ffff8000231130d0) at sys_ioctl+0x4a5
syscall(ffff800023113150) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023113150) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x156822ec480, count: -8
ddb{0}> show registers
rdi 0xffffffff8134c085 in6ifa_ifpforlinklocal+0x45
rsi 0xe6
rbp 0xffff800023112d60
rbx 0x6
rdx 0xe7
rcx 0xffff800020ef0000
rax 0xffff800020ef0000
r8 0xffffffff817241dd in6_ifattach+0x3d
r9 0x1
r10 0x4
r11 0x1a7d5870ff605693
r12 0x2
r13 0
r14 0xffff800000b0c000
r15 0
rip 0xffffffff8134c088 in6ifa_ifpforlinklocal+0x48
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800023112d20
ss 0x10
in6ifa_ifpforlinklocal+0x48: movzbl 0x1(%r13),%r12d
ddb{0}> show proc
PROC (syz-executor.0) pid=181350 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff800020e13af0,0xffffffff828f7770
process=0xffff800020ede040 user=0xffff80002310e000, vmspace=0xfffffd807a2a2d00
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
48725 129614 47891 0 2 0 syz-executor.0
*48725 181350 47891 0 7 0x4000000 syz-executor.0
59964 1940 0 0 3 0x14280 nfsidl nfsio
44558 74386 0 0 3 0x14280 nfsidl nfsio
76018 16635 0 0 3 0x14280 nfsidl nfsio
89713 302339 0 0 3 0x14280 nfsidl nfsio
35238 250775 0 0 3 0x14280 nfsidl nfsio
73545 151155 0 0 3 0x14280 nfsidl nfsio
36617 94394 0 0 3 0x14280 nfsidl nfsio
83518 513301 0 0 3 0x14280 nfsidl nfsio
69937 4902 0 0 3 0x14280 nfsidl nfsio
3054 426311 0 0 3 0x14280 nfsidl nfsio
4897 375208 0 0 3 0x14280 nfsidl nfsio
71700 281474 0 0 3 0x14280 nfsidl nfsio
4635 405065 0 0 3 0x14280 nfsidl nfsio
68357 18760 0 0 3 0x14280 nfsidl nfsio
30021 266711 0 0 3 0x14280 nfsidl nfsio
78648 227181 0 0 3 0x14280 nfsidl nfsio
53196 522097 0 0 3 0x14280 nfsidl nfsio
89633 119520 0 0 3 0x14280 nfsidl nfsio
69916 143170 0 0 3 0x14280 nfsidl nfsio
84245 501713 0 0 3 0x14280 nfsidl nfsio
51781 185882 0 0 3 0x14200 bored sosplice
49162 432627 5868 0 3 0x82 piperd syz-executor.1
47891 520079 5868 0 3 0x82 nanosleep syz-executor.0
5868 447768 9306 0 3 0x82 thrsleep syz-fuzzer
5868 26145 9306 0 3 0x4000082 nanosleep syz-fuzzer
5868 78298 9306 0 3 0x4000082 thrsleep syz-fuzzer
5868 117608 9306 0 3 0x4000082 thrsleep syz-fuzzer
5868 1854 9306 0 3 0x4000082 thrsleep syz-fuzzer
5868 502021 9306 0 3 0x4000082 thrsleep syz-fuzzer
5868 239945 9306 0 7 0x4000002 syz-fuzzer
5868 265894 9306 0 3 0x4000082 thrsleep syz-fuzzer
5868 69901 9306 0 3 0x4000082 thrsleep syz-fuzzer
5868 376840 9306 0 3 0x4000082 kqread syz-fuzzer
9306 194941 44781 0 3 0x10008a pause ksh
44781 123404 10344 0 3 0x92 select sshd
21223 37216 1 0 3 0x100083 ttyin getty
10344 473424 1 0 3 0x80 select sshd
41583 29572 17126 74 3 0x100092 bpf pflogd
17126 489720 1 0 3 0x80 netio pflogd
58744 59911 49929 73 3 0x100090 kqread syslogd
49929 143351 1 0 3 0x100082 netio syslogd
14126 36758 1 77 3 0x100090 poll dhclient
35424 484618 1 0 3 0x80 poll dhclient
26507 425165 0 0 3 0x14200 bored smr
12065 497903 0 0 2 0x14200 zerothread
79038 202770 0 0 3 0x14200 aiodoned aiodoned
63563 500973 0 0 3 0x14200 syncer update
4973 236706 0 0 3 0x14200 cleaner cleaner
6205 379830 0 0 3 0x14200 reaper reaper
65180 180590 0 0 3 0x14200 pgdaemon pagedaemon
54472 501359 0 0 3 0x14200 bored crynlk
50161 482008 0 0 3 0x14200 bored crypto
88636 57336 0 0 3 0x40014200 acpi0 acpi0
19472 60364 0 0 3 0x40014200 idle1
88346 295065 0 0 3 0x14200 bored softnet
62868 353527 0 0 3 0x14200 bored systqmp
13406 146970 0 0 3 0x14200 bored systq
96482 390581 0 0 3 0x40014200 bored softclock
59789 174367 0 0 3 0x40014200 idle0
1 101364 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 48725 (syz-executor.0) thread 0xffff800020e13d60 (181350)
exclusive rwlock netlock r = 0 (0xffffffff82723be8)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 in6_ioctl_change_ifaddr+0x155 sys/netinet6/in6.c:295
#2 ifioctl+0xe70 sys/net/if.c:2288
#3 soo_ioctl+0x27c sys/kern/sys_socket.c:138
#4 sys_ioctl+0x4a5
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#6 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828f3518)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 soo_ioctl+0x26a sys/kern/sys_socket.c:138
#2 sys_ioctl+0x4a5
#3 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#3 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#4 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9527 6427K 7014K 78643K 11653 0
pcb 13 8K 8K 78643K 156 0
rtable 104 7K 9K 78643K 456 0
ifaddr 103 21K 21K 78643K 207 0
sysctl 2 0K 0K 78643K 2 0
counters 43 33K 34K 78643K 69 0
ioctlops 0 0K 4K 78643K 1604 0
iov 0 0K 16K 78643K 109 0
mount 1 1K 1K 78643K 1 0
vnodes 1223 77K 77K 78643K 1584 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 11 0
VM map 2 1K 1K 78643K 2 0
sem 12 1K 1K 78643K 63 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1824 197K 290K 78643K 13058 0
file desc 5 13K 25K 78643K 738 0
sigio 0 0K 0K 78643K 11 0
proc 61 63K 95K 78643K 482 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 102 0
in_multi 96 4K 4K 78643K 192 0
ether_multi 1 0K 0K 78643K 30 0
mrt 0 0K 0K 78643K 4 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 43 201K 201K 78643K 43 0
exec 0 0K 1K 78643K 259 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 137 104K 108K 78643K 3400 0
UVM aobj 28 2K 2K 78643K 30 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 124 0
NDP 13 0K 0K 78643K 33 0
temp 129 3858K 3922K 78643K 14280 0
kqueue 3 4K 9K 78643K 41 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 7 0 1 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 53 0 51 1 0 1 1 0 8 0
rtentry 112 68 0 34 2 0 2 2 0 8 0
unpcb 120 337 0 327 1 0 1 1 0 8 0
syncache 264 8 0 8 3 3 0 1 0 8 0
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 153 0 153 2 2 0 1 0 8 0
tcpcb 544 800 0 796 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 2 0 2 1 1 0 1 0 8 0
inpcb 280 1287 0 1278 5 4 1 2 0 8 0
rttmr 72 2 0 2 2 1 1 1 0 8 1
ip6q 72 1 0 1 1 1 0 1 0 8 0
ip6af 40 3 0 3 1 1 0 1 0 8 0
nd6 48 10 0 6 1 0 1 1 0 8 0
pkpcb 40 4 0 4 2 2 0 1 0 8 0
ppxss 1128 2 0 2 2 2 0 1 0 8 0
pfstscr 40 2 0 2 1 1 0 1 0 8 0
pffrag 232 7 0 7 4 4 0 1 0 482 0
pffrnode 88 7 0 7 4 4 0 1 0 8 0
pffrent 40 145 0 145 4 4 0 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 50 0 42 1 0 1 1 0 8 0
pfstitem 24 18 0 16 1 0 1 1 0 8 0
pfstkey 112 18 0 16 1 0 1 1 0 8 0
pfstate 328 17 0 15 2 1 1 2 0 8 0
pfrule 1360 41 0 26 3 1 2 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 350 0 177 14 3 11 13 0 8 0
art_table 32 352 0 177 2 0 2 2 0 8 0
art_node 16 67 0 38 1 0 1 1 0 8 0
sysvmsgpl 40 12 0 10 2 1 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 57 0 47 1 0 1 1 0 8 0
shmpl 112 28 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2402 0 1000 88 0 88 88 0 8 0
ffsino 272 2402 0 1000 94 0 94 94 0 8 0
nchpl 144 3596 0 1988 60 0 60 60 0 8 0
uvmvnodes 72 2695 0 0 49 0 49 49 0 8 0
vnodes 208 2695 0 0 142 0 142 142 0 8 0
namei 1024 9962 0 9962 3 2 1 1 0 8 1
percpumem 16 45 0 13 1 0 1 1 0 8 0
vcpupl 1984 12 0 0 2 0 2 2 0 8 0
vmpool 560 19 0 7 1 0 1 1 0 8 0
pfiaddrpl 120 17 0 11 1 0 1 1 0 8 0
scxspl 192 11088 0 11088 11 10 1 7 0 8 1
plimitpl 152 85 0 77 1 0 1 1 0 8 0
sigapl 424 974 0 922 6 0 6 6 0 8 0
futexpl 56 13891 0 13891 3 2 1 1 0 8 1
knotepl 112 103 0 84 1 0 1 1 0 8 0
kqueuepl 144 457 0 451 1 0 1 1 0 8 0
pipelkpl 48 218 0 208 1 0 1 1 0 8 0
pipepl 120 436 0 417 3 2 1 2 0 8 0
fdescpl 496 938 0 922 3 0 3 3 0 8 0
filepl 152 6095 0 5993 6 1 5 5 0 8 1
lockfpl 104 125 0 124 1 0 1 1 0 8 0
lockfspl 48 44 0 43 1 0 1 1 0 8 0
sessionpl 112 18 0 7 1 0 1 1 0 8 0
pgrppl 48 24 0 13 1 0 1 1 0 8 0
ucredpl 96 549 0 540 1 0 1 1 0 8 0
zombiepl 144 922 0 922 2 1 1 1 0 8 1
processpl 984 974 0 922 9 2 7 7 0 8 0
procpl 624 2526 0 2464 6 0 6 6 0 8 1
sosppl 128 17 0 17 4 4 0 1 0 8 0
sockpl 400 1683 0 1662 4 1 3 4 0 8 0
mcl64k 65536 15 0 0 2 0 2 2 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 9 0 0 1 0 1 1 0 8 0
mcl9k 9216 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 11 0 0 2 0 2 2 0 8 0
mcl2k2 2112 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 213 0 0 26 1 25 26 0 8 0
mtagpl 80 68 0 0 2 0 2 2 0 8 0
mbufpl 256 701 0 0 36 0 36 36 0 8 0
bufpl 280 4926 0 132 343 0 343 343 0 8 0
anonpl 16 97509 0 81309 104 37 67 80 0 124 0
amapchunkpl 152 5860 0 5719 26 18 8 20 0 158 0
amappl16 192 4473 0 3595 66 20 46 55 0 8 0
amappl15 184 2 0 0 1 0 1 1 0 8 0
amappl14 176 21 0 18 1 0 1 1 0 8 0
amappl13 168 42 0 37 1 0 1 1 0 8 0
amappl12 160 20 0 17 1 0 1 1 0 8 0
amappl11 152 759 0 742 1 0 1 1 0 8 0
amappl10 144 22 0 18 1 0 1 1 0 8 0
amappl9 136 388 0 387 1 0 1 1 0 8 0
amappl8 128 377 0 343 2 0 2 2 0 8 0
amappl7 120 117 0 106 1 0 1 1 0 8 0
amappl6 112 697 0 691 2 1 1 1 0 8 0
amappl5 104 820 0 802 1 0 1 1 0 8 0
amappl4 96 498 0 469 1 0 1 1 0 8 0
amappl3 88 137 0 131 1 0 1 1 0 8 0
amappl2 80 6399 0 6325 2 0 2 2 0 8 0
amappl1 72 28949 0 28506 23 13 10 18 0 8 0
amappl 80 2761 0 2713 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 29 0 2 1 0 1 1 0 8 0
uaddrrnd 24 957 0 929 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 957 0 929 1 0 1 1 0 8 0
vmmpekpl 168 11077 0 11038 2 0 2 2 0 8 0
vmmpepl 168 118250 0 116192 131 40 91 110 0 357 0
vmsppl 368 956 0 929 3 0 3 3 0 8 0
pdppl 4096 1921 0 1870 10 3 7 7 0 8 0
pvpl 32 299702 0 280757 262 104 158 190 0 265 5
pmappl 232 956 0 929 3 1 2 2 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 301 0 13 9 0 9 9 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
in6ifa_ifpforlinklocal(ffff800000ac3000,0) at in6ifa_ifpforlinklocal+0x48 sys/netinet6/in6.c:1169
in6_ifattach(ffff800000ac3000) at in6_ifattach+0x160 sys/netinet6/in6_ifattach.c:393
in6_ioctl_change_ifaddr(8080691a,ffff800023112f70,ffff800000ac3000) at in6_ioctl_change_ifaddr+0x3de sys/netinet6/in6.c:349
ifioctl(fffffd806f67c4b0,8080691a,ffff800023112f70,ffff800020e13d60) at ifioctl+0xe70 sys/net/if.c:2288
soo_ioctl(fffffd806ca3e600,8080691a,ffff800023112f70,ffff800020e13d60) at soo_ioctl+0x27c sys/kern/sys_socket.c:138
sys_ioctl(ffff800020e13d60,ffff800023113088,ffff8000231130d0) at sys_ioctl+0x4a5
syscall(ffff800023113150) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023113150) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x156822ec480, count: -8
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020d80ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
end of kernel
end trace frame: 0xc0027a1580, count: -3