uvm_fault(0xffffffff8281f6c8, 0x10, 0, 1) -> e kernel: page fault trap, code=0 Stopped at nd6_dad_duplicated+0x28: movq 0x10(%r14),%r13 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff8281f6c8, 0x10, 0, 1) -> e nd6_dad_duplicated(0) at nd6_dad_duplicated+0x28 sys/netinet6/nd6_nbr.c:1265 end trace frame: 0xffff80001d675ce0, count: 0 ddb> trace nd6_dad_duplicated(0) at nd6_dad_duplicated+0x28 sys/netinet6/nd6_nbr.c:1265 nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 nd6_dad_ns_input sys/netinet6/nd6_nbr.c:1342 [inline] nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 sys/netinet6/nd6_nbr.c:301 icmp6_input(ffff80001d675fe8,ffff80001d675ff4,3a,18) at icmp6_input+0xa25 sys/netinet6/icmp6.c:687 ip_deliver(ffff80001d675fe8,ffff80001d675ff4,3a,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:604 ip6_input_if(ffff80001d675fe8,ffff80001d675ff4,29,0,ffff800000679000) at ip6_input_if+0xee1 ipv6_input(ffff800000679000,fffffd80532d4f00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff800000679000,fffffd80532d4f00,18) at if_input_local+0x11d sys/net/if.c:771 loinput(ffff800000679000,fffffd80532d4f00) at loinput+0x4d sys/net/if_loop.c:238 if_input_process(ffff800000679000,ffff80001d676128) at if_input_process+0xd2 sys/net/if.c:830 ifiq_process(ffff8000006793f0) at ifiq_process+0x80 sys/net/ifq.c:768 taskq_thread(ffff80000002b080) at taskq_thread+0x8d sys/kern/kern_task.c:449 end trace frame: 0x0, count: -11 ddb> show registers rdi 0 rsi 0 rbp 0xffff80001d675b70 rbx 0 rdx 0 rcx 0x7 rax 0xffff8000ffffe000 r8 0xc90f __ALIGN_SIZE+0xb90f r9 0xffffffff81a27ffe nd6_ns_input+0x39e r10 0x1 r11 0x8895d69caeaef91a r12 0 r13 0x2 r14 0 r15 0xffff800000b9ab00 rip 0xffffffff81a2a7e8 nd6_dad_duplicated+0x28 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001d675af0 ss 0x10 nd6_dad_duplicated+0x28: movq 0x10(%r14),%r13 ddb> show proc PROC (softnet) pid=128355 stat=onproc flags process=14000 proc=200 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffe278,0xffff8000ffffe500 process=0xffff8000ffffc000 user=0xffff80001d671000, vmspace=0xffffffff8281f6c8 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 14986 117780 10581 0 2 0 syz-executor.0 14986 523675 10581 0 2 0x4000000 syz-executor.0 68769 173864 38268 0 2 0x2 syz-executor.1 10581 38172 38268 0 3 0x82 nanosleep syz-executor.0 83654 446375 0 0 3 0x14200 acct acct 8319 499750 0 0 3 0x14280 nfsidl nfsio 60853 137490 0 0 3 0x14280 nfsidl nfsio 61777 407011 0 0 3 0x14280 nfsidl nfsio 25535 281458 0 0 3 0x14280 nfsidl nfsio 36903 138716 0 0 3 0x14280 nfsidl nfsio 6012 343943 0 0 3 0x14280 nfsidl nfsio 19694 53535 0 0 3 0x14280 nfsidl nfsio 85470 127654 0 0 3 0x14280 nfsidl nfsio 34177 434971 0 0 3 0x14280 nfsidl nfsio 9639 204339 0 0 3 0x14280 nfsidl nfsio 83637 497649 0 0 3 0x14280 nfsidl nfsio 79300 132833 0 0 3 0x14280 nfsidl nfsio 63591 169994 0 0 3 0x14280 nfsidl nfsio 15045 216938 0 0 3 0x14280 nfsidl nfsio 60723 499388 0 0 3 0x14280 nfsidl nfsio 1537 353755 0 0 3 0x14280 nfsidl nfsio 22849 432583 0 0 3 0x14280 nfsidl nfsio 85124 292782 0 0 3 0x14280 nfsidl nfsio 98453 364073 0 0 3 0x14280 nfsidl nfsio 90631 142186 0 0 3 0x14280 nfsidl nfsio 14385 445216 0 0 3 0x14200 bored sosplice 38268 277977 83112 0 3 0x82 thrsleep syz-fuzzer 38268 203642 83112 0 3 0x4000082 nanosleep syz-fuzzer 38268 231024 83112 0 3 0x4000082 kqread syz-fuzzer 38268 284460 83112 0 3 0x4000082 thrsleep syz-fuzzer 38268 275143 83112 0 3 0x4000082 thrsleep syz-fuzzer 38268 225336 83112 0 3 0x4000082 thrsleep syz-fuzzer 38268 431598 83112 0 3 0x4000082 thrsleep syz-fuzzer 83112 58847 71395 0 3 0x10008a pause ksh 71395 175305 65063 0 3 0x92 select sshd 4485 82323 1 0 3 0x100083 ttyin getty 65063 503816 1 0 3 0x80 select sshd 85565 301865 81217 73 3 0x100090 kqread syslogd 81217 289187 1 0 3 0x100082 netio syslogd 87514 178522 0 0 3 0x14200 bored smr 38943 297085 0 0 2 0x14200 zerothread 45393 156260 0 0 3 0x14200 aiodoned aiodoned 26566 248638 0 0 3 0x14200 syncer update 10575 257950 0 0 3 0x14200 cleaner cleaner 8241 154720 0 0 3 0x14200 reaper reaper 27689 304528 0 0 3 0x14200 pgdaemon pagedaemon 54600 155630 0 0 3 0x14200 bored crynlk 76163 436755 0 0 3 0x14200 bored crypto 97068 386245 0 0 3 0x40014200 acpi0 acpi0 *88204 128355 0 0 7 0x14200 softnet 76023 138586 0 0 2 0x14200 systqmp 62476 432539 0 0 3 0x14200 bored systq 45610 494388 0 0 3 0x40014200 bored softclock 95901 297402 0 0 3 0x40014200 idle0 1 318854 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9553 6322K 6956K 78643K 16495 0 pcb 13 8K 8K 78643K 777 0 rtable 178 33K 36K 78643K 3366 0 ifaddr 132 25K 26K 78643K 813 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 17K 78643K 102 0 ioctlops 0 0K 4K 78643K 844 0 iov 0 0K 32K 78643K 447 0 mount 1 1K 1K 78643K 1 0 vnodes 1235 78K 78K 78643K 3357 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 50 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 834 0 dirhash 9 1K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 5682 0 sigio 0 0K 0K 78643K 56 0 proc 46 30K 63K 78643K 1264 0 subproc 32 2K 3K 78643K 357 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 366 0 in_multi 29 2K 2K 78643K 644 0 ether_multi 1 0K 0K 78643K 106 0 mrt 0 0K 0K 78643K 16 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 85 387K 387K 78643K 85 0 exec 0 0K 2K 78643K 1052 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 166 139K 155K 78643K 15191 0 UVM aobj 132 8K 8K 78643K 199 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 534 0 NDP 21 0K 0K 78643K 155 0 temp 189 4013K 4080K 78643K 78366 0 kqueue 6 10K 22K 78643K 208 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 47 0 43 1 0 1 1 0 8 0 rtpcb 88 1134 0 1134 20 19 1 1 0 8 1 rtentry 112 363 0 335 2 0 2 2 0 8 0 unpcb 120 11599 0 11589 2 1 1 2 0 8 0 syncache 272 30 0 30 14 14 0 1 0 8 0 tcpqe 32 82 0 82 2 2 0 1 0 8 0 tcpcb 592 1347 0 1335 22 20 2 3 0 8 1 ipq 40 22 0 22 9 9 0 1 0 8 0 ipqe 40 311 0 311 9 9 0 1 0 8 0 inpcb 296 7994 0 7979 19 17 2 2 0 8 0 rttmr 72 4 0 4 2 2 0 1 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 48 89 0 85 2 1 1 1 0 8 0 pkpcb 40 22 0 22 8 8 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1136 11 0 11 8 8 0 1 0 8 0 pfstscr 40 18 0 17 1 0 1 1 0 8 0 pfosfp 40 4 0 0 1 0 1 1 0 8 0 pfosfpen 112 4 0 0 1 0 1 1 0 8 0 pfrke_plain 160 33 0 33 3 3 0 1 0 8 0 pfrktable 1344 675 0 633 12 8 4 4 0 8 0 pftag 88 63 0 50 3 2 1 1 0 8 0 pfstitem 24 10 0 8 1 0 1 1 0 8 0 pfstkey 112 26 0 24 1 0 1 1 0 8 0 pfstate 328 13 0 12 1 0 1 1 0 8 0 pfrule 1360 216 0 135 8 1 7 7 0 8 0 art_heap8 4096 6 0 5 6 5 1 4 0 8 0 art_heap4 256 1658 0 1478 30 16 14 14 0 8 2 art_table 32 1664 0 1483 2 0 2 2 0 8 0 art_node 16 354 0 328 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 9 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 830 0 820 1 0 1 1 0 8 0 shmpl 112 196 0 68 5 1 4 4 0 8 0 dirhash 1024 17 0 10 3 1 2 3 0 8 0 dino2pl 256 8084 0 6691 88 0 88 88 0 8 0 ffsino 240 8084 0 6691 83 0 83 83 0 8 0 nchpl 144 15427 0 13845 60 0 60 60 0 8 0 rtmask 32 20 0 20 3 3 0 1 0 8 0 uvmvnodes 72 5964 0 0 109 0 109 109 0 8 0 vnodes 208 5964 0 0 314 0 314 314 0 8 0 namei 1024 46747 0 46746 8 7 1 1 0 8 0 vcpupl 1984 18 0 0 3 0 3 3 0 8 0 vmpool 528 39 0 21 2 0 2 2 0 8 0 pfiaddrpl 120 286 0 212 6 3 3 3 0 8 0 scsiplug 72 6 0 6 5 5 0 1 0 8 0 scxspl 200 57297 0 57297 2 1 1 1 0 8 1 plimitpl 152 268 0 262 1 0 1 1 0 8 0 sigapl 424 5834 0 5786 6 0 6 6 0 8 0 futexpl 56 99984 0 99984 8 7 1 1 0 8 1 knotepl 112 554 0 534 1 0 1 1 0 8 0 kqueuepl 152 507 0 499 1 0 1 1 0 8 0 pipepl 272 637 0 626 13 11 2 2 0 8 1 fdescpl 432 5797 0 5785 2 0 2 2 0 8 0 filepl 120 42188 0 42099 10 6 4 5 0 8 1 lockfpl 104 9673 0 9673 6 5 1 1 0 8 1 lockfspl 48 1273 0 1273 6 5 1 1 0 8 1 sessionpl 120 36 0 28 1 0 1 1 0 8 0 pgrppl 48 64 0 56 1 0 1 1 0 8 0 ucredpl 96 2870 0 2864 1 0 1 1 0 8 0 zombiepl 144 5786 0 5786 2 1 1 1 0 8 1 processpl 944 5834 0 5786 8 1 7 7 0 8 0 procpl 632 14045 0 13990 15 9 6 6 0 8 0 sosppl 144 51 0 51 17 17 0 1 0 8 0 sockpl 400 20756 0 20731 38 34 4 5 0 8 1 mcl64k 65536 1008 0 1008 119 103 16 65 0 8 16 mcl16k 16384 24 0 24 16 16 0 1 0 8 0 mcl12k 12288 138 0 138 27 27 0 1 0 8 0 mcl9k 9216 82 0 82 34 34 0 1 0 8 0 mcl8k 8192 150 0 150 23 23 0 1 0 8 0 mcl4k 4096 373 0 373 19 18 1 1 0 8 1 mcl2k2 2112 31 0 31 23 23 0 1 0 8 0 mcl2k 2048 98884 0 98842 19 13 6 14 0 8 0 mtagpl 96 556 0 544 9 8 1 5 0 8 0 mbufpl 256 190882 0 190643 130 114 16 38 0 8 0 bufpl 280 16966 0 10995 428 1 427 427 0 8 0 anonpl 16 582439 0 564227 212 126 86 99 0 107 2 amapchunkpl 152 30197 0 30009 133 111 22 22 0 158 13 amappl16 192 22284 0 21193 190 133 57 67 0 8 2 amappl15 184 620 0 615 1 0 1 1 0 8 0 amappl14 176 499 0 494 1 0 1 1 0 8 0 amappl13 168 2074 0 2073 1 0 1 1 0 8 0 amappl12 160 369 0 364 2 1 1 1 0 8 0 amappl11 152 1076 0 1072 1 0 1 1 0 8 0 amappl10 144 631 0 628 1 0 1 1 0 8 0 amappl9 136 838 0 837 1 0 1 1 0 8 0 amappl8 128 918 0 849 3 0 3 3 0 8 0 amappl7 120 1005 0 999 1 0 1 1 0 8 0 amappl6 112 1194 0 1176 1 0 1 1 0 8 0 amappl5 104 5116 0 5106 1 0 1 1 0 8 0 amappl4 96 3249 0 3219 1 0 1 1 0 8 0 amappl3 88 749 0 743 1 0 1 1 0 8 0 amappl2 80 40286 0 40222 2 0 2 2 0 8 0 amappl1 72 166599 0 166196 22 12 10 18 0 8 0 amappl 80 14568 0 14509 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 198 0 67 3 0 3 3 0 8 0 uaddrrnd 24 5836 0 5806 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5836 0 5806 1 0 1 1 0 8 0 vmmpekpl 168 36359 0 36321 2 0 2 2 0 8 0 vmmpepl 168 736647 0 734421 479 370 109 146 0 357 3 vmsppl 272 5835 0 5806 4 1 3 3 0 8 1 pdppl 4096 11678 0 11630 10 3 7 7 0 8 0 pvpl 32 1600235 0 1579793 648 354 294 329 0 265 110 pmappl 200 5835 0 5806 3 1 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 633 0 382 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace nd6_dad_duplicated(0) at nd6_dad_duplicated+0x28 sys/netinet6/nd6_nbr.c:1265 nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 nd6_dad_ns_input sys/netinet6/nd6_nbr.c:1342 [inline] nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 sys/netinet6/nd6_nbr.c:301 icmp6_input(ffff80001d675fe8,ffff80001d675ff4,3a,18) at icmp6_input+0xa25 sys/netinet6/icmp6.c:687 ip_deliver(ffff80001d675fe8,ffff80001d675ff4,3a,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:604 ip6_input_if(ffff80001d675fe8,ffff80001d675ff4,29,0,ffff800000679000) at ip6_input_if+0xee1 ipv6_input(ffff800000679000,fffffd80532d4f00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff800000679000,fffffd80532d4f00,18) at if_input_local+0x11d sys/net/if.c:771 loinput(ffff800000679000,fffffd80532d4f00) at loinput+0x4d sys/net/if_loop.c:238 if_input_process(ffff800000679000,ffff80001d676128) at if_input_process+0xd2 sys/net/if.c:830 ifiq_process(ffff8000006793f0) at ifiq_process+0x80 sys/net/ifq.c:768 taskq_thread(ffff80000002b080) at taskq_thread+0x8d sys/kern/kern_task.c:449 end trace frame: 0x0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace nd6_dad_duplicated(0) at nd6_dad_duplicated+0x28 sys/netinet6/nd6_nbr.c:1265 nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 nd6_dad_ns_input sys/netinet6/nd6_nbr.c:1342 [inline] nd6_ns_input(fffffd80532d4100,28,18) at nd6_ns_input+0xdd0 sys/netinet6/nd6_nbr.c:301 icmp6_input(ffff80001d675fe8,ffff80001d675ff4,3a,18) at icmp6_input+0xa25 sys/netinet6/icmp6.c:687 ip_deliver(ffff80001d675fe8,ffff80001d675ff4,3a,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:604 ip6_input_if(ffff80001d675fe8,ffff80001d675ff4,29,0,ffff800000679000) at ip6_input_if+0xee1 ipv6_input(ffff800000679000,fffffd80532d4f00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff800000679000,fffffd80532d4f00,18) at if_input_local+0x11d sys/net/if.c:771 loinput(ffff800000679000,fffffd80532d4f00) at loinput+0x4d sys/net/if_loop.c:238 if_input_process(ffff800000679000,ffff80001d676128) at if_input_process+0xd2 sys/net/if.c:830 ifiq_process(ffff8000006793f0) at ifiq_process+0x80 sys/net/ifq.c:768 taskq_thread(ffff80000002b080) at taskq_thread+0x8d sys/kern/kern_task.c:449 end trace frame: 0x0, count: -11