uvm_fault(0xffffffff839afd08, 0xffff800001610000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at memcpy+0x19: repe movsq (%rsi),%es:(%rdi) TID PID UID PRFLAGS PFLAGS CPU COMMAND *399986 54963 0 0 0x4000000 0K syz-executor 66042 94966 0 0x10000002 0 1 syz-executor memcpy() at memcpy+0x19 rtm_msg1(14,ffff80003b7f5788) at rtm_msg1+0x306 sys/net/rtsock.c:1627 rtm_addr(14,ffff80000160ff00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 in6_update_ifa(ffff800000c31000,ffff80003b7f5ba0,ffff80000160ff00) at in6_update_ifa+0x19aa sys/netinet6/in6.c:741 in6_ioctl_change_ifaddr(8080691a,ffff80003b7f5ba0,ffff800000c31000) at in6_ioctl_change_ifaddr+0x64e sys/netinet6/in6.c:352 ifioctl(ffff800010fd3ac8,8080691a,ffff80003b7f5ba0,ffff8000fffefca0) at ifioctl+0x1714 pru_control sys/sys/protosw.h:353 [inline] ifioctl(ffff800010fd3ac8,8080691a,ffff80003b7f5ba0,ffff8000fffefca0) at ifioctl+0x1714 sys/net/if.c:2553 sys_ioctl(ffff8000fffefca0,ffff80003b7f5d80,ffff80003b7f5cd0) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003b7f5d80) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003b7f5d80) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4e64bb253b0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff839afd08, 0xffff800001610000, 0, 1) -> e ddb{0}> trace memcpy() at memcpy+0x19 rtm_msg1(14,ffff80003b7f5788) at rtm_msg1+0x306 sys/net/rtsock.c:1627 rtm_addr(14,ffff80000160ff00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 in6_update_ifa(ffff800000c31000,ffff80003b7f5ba0,ffff80000160ff00) at in6_update_ifa+0x19aa sys/netinet6/in6.c:741 in6_ioctl_change_ifaddr(8080691a,ffff80003b7f5ba0,ffff800000c31000) at in6_ioctl_change_ifaddr+0x64e sys/netinet6/in6.c:352 ifioctl(ffff800010fd3ac8,8080691a,ffff80003b7f5ba0,ffff8000fffefca0) at ifioctl+0x1714 pru_control sys/sys/protosw.h:353 [inline] ifioctl(ffff800010fd3ac8,8080691a,ffff80003b7f5ba0,ffff8000fffefca0) at ifioctl+0x1714 sys/net/if.c:2553 sys_ioctl(ffff8000fffefca0,ffff80003b7f5d80,ffff80003b7f5cd0) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003b7f5d80) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003b7f5d80) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4e64bb253b0, count: -9 ddb{0}> show registers rdi 0xfffffd80703c9938 rsi 0xffff800001610000 rbp 0xffff80003b7f5700 rbx 0xfffffd806f1ff800 rdx 0xea rcx 0xe rax 0x7d806edb9938 r8 0x2 r9 0x8080808080808080 r10 0x6c1393b34d2663f7 r11 0xfffffd80703c98c0 r12 0xea r13 0xea r14 0xc0 r15 0xfffffd806f1ff800 rip 0xffffffff81de0919 memcpy+0x19 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff80003b7f5648 ss 0x10 memcpy+0x19: repe movsq (%rsi),%es:(%rdi) ddb{0}> show proc PROC (syz-executor) tid=399986 pid=54963 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c4354e8,0xffff8000fffeefb8 process=0xffff80003c41a1d0 user=0xffff80003b7f0000, vmspace=0xfffffd806c70f5d8 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 90660 277051 55321 0 2 0 syz-executor 90660 63703 55321 0 3 0x4000080 netacc syz-executor 54963 8779 16242 0 2 0 syz-executor 54963 485120 16242 0 3 0x4000080 fsleep syz-executor *54963 399986 16242 0 7 0x4000000 syz-executor 11892 413238 54024 0 2 0 syz-executor 11892 234709 54024 0 3 0x4000080 fsleep syz-executor 75506 64987 43939 60929 3 0x90 nanoslp syz-executor 75506 390555 43939 60929 3 0x4000090 sbwait syz-executor 75506 521224 43939 60929 3 0x4000090 fsleep syz-executor 434 425264 65162 0 2 0xc80 syz-executor 434 294341 65162 0 3 0x4000080 semwait syz-executor 434 465263 65162 0 3 0x4000080 semwait syz-executor 434 31263 65162 0 3 0x4000080 fsleep syz-executor 54024 219067 67076 0 3 0x82 nanoslp syz-executor 45410 23878 67076 0 3 0x82 nanoslp syz-executor 72074 511565 67076 0 3 0x82 nanoslp syz-executor 94966 66042 67076 0 7 0x10000002 syz-executor 43939 45186 67076 0 3 0x82 nanoslp syz-executor 16242 518751 67076 0 3 0x82 nanoslp syz-executor 55321 328784 67076 0 2 0xc82 syz-executor 65162 341160 67076 0 2 0xc82 syz-executor 67076 511302 59166 0 3 0x82 kqread syz-executor 59166 331414 29151 0 3 0x10008a sigsusp ksh 29151 515688 98215 0 3 0x98 kqread sshd-session 98215 142158 51981 0 3 0x92 kqread sshd-session 83053 312385 1 0 3 0x100083 ttyopn getty 51981 402691 1 0 3 0x88 kqread sshd 88737 37497 80992 74 3 0x1100092 bpf pflogd 80992 429966 1 0 3 0x80 sbwait pflogd 22308 327613 67460 73 3 0x1100090 kqread syslogd 67460 524281 1 0 3 0x100082 sbwait syslogd 73806 340920 1 0 3 0x100080 kqread resolvd 36625 306880 83663 77 2 0x100092 dhcpleased 20786 72350 83663 77 3 0x100092 kqread dhcpleased 83663 314065 1 0 3 0x80 kqread dhcpleased 84233 280909 0 0 3 0x14200 bored smr 7141 16068 0 0 2 0x14200 zerothread 45209 458273 0 0 3 0x14200 aiodoned aiodoned 86183 124859 0 0 3 0x14200 syncer update 62073 263080 0 0 3 0x14200 cleaner cleaner 63045 290962 0 0 3 0x14200 reaper reaper 24731 116514 0 0 3 0x14200 pgdaemon pagedaemon 12748 153489 0 0 3 0x14200 bored viomb 81796 83039 0 0 3 0x40014200 acpi0 acpi0 35839 227983 0 0 3 0x40014200 idle1 67490 311450 0 0 3 0x14200 bored softnet1 21194 341668 0 0 3 0x14200 bored softnet0 93657 198999 0 0 3 0x14200 smrbar systqmp 53550 243838 0 0 3 0x14200 bored systq 13038 351915 0 0 3 0x14200 tmoslp softclockmp 39419 335359 0 0 3 0x40014200 tmoslp softclock 51293 96494 0 0 3 0x40014200 idle0 1 26948 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 54963 (syz-executor) thread 0xffff8000fffefca0 (399986) exclusive rwlock netlock r = 0 (0xffffffff83892cc0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 in6_ioctl_change_ifaddr+0x10b sys/netinet6/in6.c:291 #3 ifioctl+0x1714 pru_control sys/sys/protosw.h:353 [inline] #3 ifioctl+0x1714 sys/net/if.c:2553 #4 sys_ioctl+0x674 sys/kern/sys_generic.c:-1 #5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff83951508) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 ifioctl+0x47f if_unit sys/net/if.c:-1 [inline] #1 ifioctl+0x47f sys/net/if.c:2194 #2 sys_ioctl+0x674 sys/kern/sys_generic.c:-1 #3 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #3 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775 #4 Xsyscall+0x128 Process 93657 (systqmp) thread 0xffff8000ffffe298 (198999) shared rwlock systqmp r = 0 (0xffffffff838100f8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 taskq_thread+0x12a sys/kern/kern_task.c:442 #2 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11135 12261K 12461K 166960K 12519 0 pcb 19 14K 16K 166960K 44 0 rtable 199 6K 7K 166960K 361 0 pf 32 17K 18K 166960K 56 0 ifaddr 39 6K 7K 166960K 54 0 ifgroup 51 2K 2K 166960K 68 0 sysctl 3 1K 9K 166960K 9 0 counters 68 36K 37K 166960K 86 0 ioctlops 0 0K 4K 166960K 1517 0 iov 0 0K 4K 166960K 8 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1431 90K 90K 166960K 1549 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 6 0K 0K 166960K 9 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 93K 166960K 268 0 sigio 0 0K 0K 166960K 5 0 proc 72 115K 164K 166960K 541 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 14 0 in_multi 88 6K 7K 166960K 106 0 ether_multi 1 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 387 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 253 159K 175K 166960K 4373 0 UVM aobj 9 4K 4K 166960K 9 0 pinsyscall 42 84K 103K 166960K 1400 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 5 0 NDP 11 0K 2K 166960K 33 0 temp 37 8666K 8730K 166960K 5132 0 kqueue 13 20K 26K 166960K 52 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 106 0 103 3 0 3 3 0 8 2 rtentry 176 114 0 25 6 0 6 6 0 8 1 unpcb 144 114 0 96 2 0 2 2 0 8 1 syncache 336 4 0 4 1 0 1 1 0 8 1 tcpcb 736 131 0 125 10 1 9 10 0 8 8 arp 136 18 0 2 1 0 1 1 0 8 0 inpcb 328 292 0 277 10 1 9 10 0 8 7 nd6 152 24 0 3 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1192 7 0 7 1 0 1 1 0 8 1 pppxif 1504 1 0 1 1 0 1 1 0 8 1 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 27 0 0 1 0 1 1 0 8 0 pfstkey 128 27 0 0 1 0 1 1 0 8 0 pfstate 448 27 0 0 3 0 3 3 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 495 0 55 29 0 29 29 0 8 1 art_table 40 496 0 55 5 0 5 5 0 8 0 art_node 32 114 0 23 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0 semapl 112 6 0 2 1 0 1 1 0 8 0 shmpl 112 5 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1811 0 303 96 0 96 96 0 8 0 ffsino 296 1811 0 303 117 0 117 117 0 8 0 nchpl 144 2185 0 488 64 0 64 64 0 8 0 rtmask 32 2 0 2 1 0 1 1 0 8 1 vnodes 216 2040 0 0 114 0 114 114 0 8 0 namei 1024 7050 0 7050 2 0 2 2 0 8 2 percpumem 16 58 0 9 1 0 1 1 0 8 0 vcpupl 3968 1 0 0 1 0 1 1 0 8 0 vmpool 848 1 0 0 1 0 1 1 0 8 0 kstatmem 264 36 0 12 3 0 3 3 0 8 1 scxspl 216 7092 0 7092 3 2 1 2 1 8 1 plimitpl 152 82 0 64 1 0 1 1 0 8 0 sigapl 424 578 0 530 7 0 7 7 0 8 1 knotepl 120 571 0 0 18 0 18 18 0 8 0 kqueuepl 224 96 0 87 3 0 3 3 0 8 2 pipepl 344 125 0 98 3 0 3 3 0 8 0 fdescpl 528 562 0 531 3 0 3 3 0 8 0 filepl 160 2661 0 2367 15 0 15 15 0 8 2 lockfpl 104 37 0 35 1 0 1 1 0 8 0 lockfspl 48 18 0 16 1 0 1 1 0 8 0 sessionpl 144 23 0 14 1 0 1 1 0 8 0 pgrppl 48 31 0 14 1 0 1 1 0 8 0 ucredpl 104 235 0 221 1 0 1 1 0 8 0 zombiepl 144 533 0 530 1 0 1 1 0 8 0 processpl 1232 578 0 530 5 0 5 5 0 8 0 procpl 664 815 0 758 6 0 6 6 0 8 0 sosppl 176 2 0 2 1 0 1 1 0 8 1 sockpl 752 512 0 476 17 6 11 17 0 8 7 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 121 0 0 16 0 16 16 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 26 0 0 4 0 4 4 0 8 0 mtagpl 96 72 0 0 2 0 2 2 0 8 0 mbufpl 256 343 0 0 22 0 22 22 0 8 0 bufpl 280 2603 0 127 177 0 177 177 0 8 0 anonpl 32 5468 0 0 45 0 45 45 0 246 0 amapchunkpl 152 12801 0 12279 25 0 25 25 0 158 3 amappl16 200 2064 0 2034 6 2 4 5 0 8 1 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 7 0 7 1 1 0 1 0 8 0 amappl13 176 431 0 430 1 0 1 1 0 8 0 amappl12 168 919 0 877 3 0 3 3 0 8 0 amappl11 160 9 0 8 1 0 1 1 0 8 0 amappl10 152 50 0 35 1 0 1 1 0 8 0 amappl9 144 252 0 252 1 1 0 1 0 8 0 amappl8 136 28 0 26 1 0 1 1 0 8 0 amappl7 128 83 0 81 1 0 1 1 0 8 0 amappl6 120 280 0 266 1 0 1 1 0 8 0 amappl5 112 77 0 67 1 0 1 1 0 8 0 amappl4 104 421 0 391 1 0 1 1 0 8 0 amappl3 96 2183 0 2069 4 1 3 3 0 8 0 amappl2 88 528 0 468 2 0 2 2 0 8 0 amappl1 80 9804 0 9214 14 0 14 14 0 8 0 amappl 88 3620 0 3443 5 0 5 5 0 92 0 uvmvnodes 80 104 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 8 0 0 1 0 1 1 0 8 0 uaddrrnd 24 562 0 531 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 562 0 531 1 0 1 1 0 8 0 vmmpekpl 168 6459 0 6423 2 0 2 2 0 8 0 vmmpepl 168 43524 0 41598 90 0 90 90 0 357 2 vmsppl 488 561 0 531 5 0 5 5 0 8 1 rwobjpl 80 15103 0 14051 23 0 23 23 0 8 0 pdppl 4096 1133 0 1063 97 25 72 85 0 8 2 pvpl 32 13701 0 0 111 0 111 111 0 265 0 pmappl 256 562 0 531 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 293 0 28 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace memcpy() at memcpy+0x19 rtm_msg1(14,ffff80003b7f5788) at rtm_msg1+0x306 sys/net/rtsock.c:1627 rtm_addr(14,ffff80000160ff00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 in6_update_ifa(ffff800000c31000,ffff80003b7f5ba0,ffff80000160ff00) at in6_update_ifa+0x19aa sys/netinet6/in6.c:741 in6_ioctl_change_ifaddr(8080691a,ffff80003b7f5ba0,ffff800000c31000) at in6_ioctl_change_ifaddr+0x64e sys/netinet6/in6.c:352 ifioctl(ffff800010fd3ac8,8080691a,ffff80003b7f5ba0,ffff8000fffefca0) at ifioctl+0x1714 pru_control sys/sys/protosw.h:353 [inline] ifioctl(ffff800010fd3ac8,8080691a,ffff80003b7f5ba0,ffff8000fffefca0) at ifioctl+0x1714 sys/net/if.c:2553 sys_ioctl(ffff8000fffefca0,ffff80003b7f5d80,ffff80003b7f5cd0) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003b7f5d80) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003b7f5d80) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4e64bb253b0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83951300) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff83951300) at __mp_lock+0x192 sys/kern/kern_lock.c:173 syscall(ffff80002a364840) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] syscall(ffff80002a364840) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x760eb36b7340, count: 9 ddb{1}> trace x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83951300) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff83951300) at __mp_lock+0x192 sys/kern/kern_lock.c:173 syscall(ffff80002a364840) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] syscall(ffff80002a364840) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x760eb36b7340, count: -6