login: uvm_fault(0xffffffff8392a6b0, 0xffff80000157c000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at memcpy+0x19: repe movsq (%rsi),%es:(%rdi) TID PID UID PRFLAGS PFLAGS CPU COMMAND *397761 63672 0 0 0x4000000 0K syz-executor memcpy() at memcpy+0x19 rtm_msg1(14,ffff8000354156c8) at rtm_msg1+0x306 sys/net/rtsock.c:1644 rtm_addr(14,ffff80000157bf00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 in6_update_ifa(ffff800000b2d000,ffff800035415ae0,ffff80000157bf00) at in6_update_ifa+0x199a sys/netinet6/in6.c:741 in6_ioctl_change_ifaddr(8080691a,ffff800035415ae0,ffff800000b2d000) at in6_ioctl_change_ifaddr+0x64e sys/netinet6/in6.c:352 ifioctl(ffff8000014ef7f0,8080691a,ffff800035415ae0,ffff8000ffff2fa0) at ifioctl+0x156d pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff8000014ef7f0,8080691a,ffff800035415ae0,ffff8000ffff2fa0) at ifioctl+0x156d sys/net/if.c:2454 sys_ioctl(ffff8000ffff2fa0,ffff800035415cc0,ffff800035415c10) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff800035415cc0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff800035415cc0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe47ea763fa0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff8392a6b0, 0xffff80000157c000, 0, 1) -> e ddb{0}> trace memcpy() at memcpy+0x19 rtm_msg1(14,ffff8000354156c8) at rtm_msg1+0x306 sys/net/rtsock.c:1644 rtm_addr(14,ffff80000157bf00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 in6_update_ifa(ffff800000b2d000,ffff800035415ae0,ffff80000157bf00) at in6_update_ifa+0x199a sys/netinet6/in6.c:741 in6_ioctl_change_ifaddr(8080691a,ffff800035415ae0,ffff800000b2d000) at in6_ioctl_change_ifaddr+0x64e sys/netinet6/in6.c:352 ifioctl(ffff8000014ef7f0,8080691a,ffff800035415ae0,ffff8000ffff2fa0) at ifioctl+0x156d pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff8000014ef7f0,8080691a,ffff800035415ae0,ffff8000ffff2fa0) at ifioctl+0x156d sys/net/if.c:2454 sys_ioctl(ffff8000ffff2fa0,ffff800035415cc0,ffff800035415c10) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff800035415cc0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff800035415cc0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe47ea763fa0, count: -9 ddb{0}> show registers rdi 0xfffffd80682e5148 rsi 0xffff80000157c000 rbp 0xffff800035415640 rbx 0xfffffd806d460100 rdx 0xf9 rcx 0xe rax 0x7d8066d69148 r8 0x2 r9 0x8080808080808080 r10 0x1bd3f1fd19f14611 r11 0xfffffd80682e50c0 r12 0xf9 r13 0xf9 r14 0xc0 r15 0xfffffd806d460100 rip 0xffffffff827bfca9 memcpy+0x19 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff800035415588 ss 0x10 memcpy+0x19: repe movsq (%rsi),%es:(%rdi) ddb{0}> show proc PROC (syz-executor) tid=397761 pid=63672 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff2010,0xffff8000ffff3248 process=0xffff8000374249e0 user=0xffff800035410000, vmspace=0xfffffd806ff753e8 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 21698 377721 34860 0 2 0 syz-executor 21698 434873 34860 0 3 0x4000080 fsleep syz-executor 63672 178603 73934 0 2 0 syz-executor *63672 397761 73934 0 7 0x4000000 syz-executor 63672 421694 73934 0 3 0x4000080 fsleep syz-executor 97944 441194 67060 0 2 0 syz-executor 97944 176012 67060 0 3 0x4000080 fsleep syz-executor 97944 421168 67060 0 2 0x4000000 syz-executor 42639 231259 16688 0 3 0x3000 suspend syz-executor 42639 279044 16688 0 3 0x4081000 inode syz-executor 42639 316377 16688 0 2 0x4081000 syz-executor 42639 309135 16688 0 3 0x4081000 inode syz-executor 63 283304 20947 0 2 0 syz-executor 63 316890 20947 0 3 0x4000080 fsleep syz-executor 63 356345 20947 0 3 0x4000080 fsleep syz-executor 63 85462 20947 0 3 0x4000080 fsleep syz-executor 63 155380 20947 0 3 0x4000080 fsleep syz-executor 63 10588 20947 0 3 0x4000080 fsleep syz-executor 20947 249938 29054 0 3 0x82 nanoslp syz-executor 19365 89510 52675 0 3 0x3000 suspend syz-executor 19365 272461 52675 0 2 0x4081000 syz-executor 93245 310441 1 0 3 0x100083 ttyin getty 52675 342411 29054 0 3 0x82 nanoslp syz-executor 52469 346537 29054 0 3 0x82 wait syz-executor 86247 262178 0 0 3 0x14200 bored sosplice 73934 325579 29054 0 3 0x82 nanoslp syz-executor 67060 142747 29054 0 3 0x82 nanoslp syz-executor 16688 212349 29054 0 3 0x82 nanoslp syz-executor 34860 519687 29054 0 3 0x82 nanoslp syz-executor 13140 256375 29054 0 3 0x82 wait syz-executor 29054 365653 52924 0 3 0x82 kqread syz-executor 52924 460985 42323 0 3 0x10008a sigsusp ksh 42323 192503 78897 0 3 0x98 kqread sshd-session 78897 363160 11092 0 3 0x92 kqread sshd-session 11092 148088 1 0 3 0x88 kqread sshd 77107 36328 86728 74 3 0x1100092 bpf pflogd 86728 220428 1 0 3 0x80 sbwait pflogd 65258 270437 65783 73 3 0x1100090 kqread syslogd 65783 513974 1 0 3 0x100082 sbwait syslogd 5135 476876 1 0 3 0x100080 kqread resolvd 4554 279463 11615 77 2 0x100092 dhcpleased 470 370366 11615 77 3 0x100092 kqread dhcpleased 11615 234522 1 0 3 0x80 kqread dhcpleased 57038 78992 0 0 3 0x14200 bored smr 51804 149284 0 0 2 0x14200 zerothread 3478 384974 0 0 3 0x14200 aiodoned aiodoned 47761 110844 0 0 3 0x14200 syncer update 22960 512912 0 0 3 0x14200 cleaner cleaner 5565 8467 0 0 3 0x14200 reaper reaper 97100 502290 0 0 3 0x14200 pgdaemon pagedaemon 54281 363884 0 0 3 0x14200 bored viomb 55991 273623 0 0 3 0x40014200 acpi0 acpi0 48779 212017 0 0 7 0x40014200 idle1 62398 169017 0 0 3 0x14200 bored softnet7 8062 455141 0 0 3 0x14200 bored softnet6 64060 109352 0 0 3 0x14200 bored softnet5 29408 394226 0 0 3 0x14200 bored softnet4 98782 414333 0 0 3 0x14200 bored softnet3 39456 6270 0 0 3 0x14200 bored softnet2 34630 36514 0 0 3 0x14200 bored softnet1 49434 89821 0 0 3 0x14200 bored softnet0 79922 455277 0 0 3 0x14200 bored systqmp 29169 209244 0 0 3 0x14200 bored systq 39392 405700 0 0 3 0x14200 tmoslp softclockmp 75164 292146 0 0 2 0x40014200 softclock 44526 66965 0 0 3 0x40014200 idle0 1 165064 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 63672 (syz-executor) thread 0xffff8000ffff2fa0 (397761) Process 97944 (syz-executor) thread 0xffff80002a2e5cc8 (421168) Process 42639 (syz-executor) thread 0xffff80003c4acd28 (279044) Process 42639 (syz-executor) thread 0xffff80002a2e5798 (316377) Process 19365 (syz-executor) thread 0xffff80002a2e4aa0 (272461) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10247 11167K 11717K 166960K 13510 0 pcb 18 15K 17K 166960K 470 0 rtable 216 11K 11K 166960K 632 0 pf 32 17K 18K 166960K 212 0 ifaddr 39 7K 8K 166960K 152 0 ifgroup 51 2K 2K 166960K 282 0 sysctl 4 1K 9K 166960K 19 0 counters 66 36K 37K 166960K 304 0 ioctlops 0 0K 4K 166960K 1852 0 iov 0 0K 32K 166960K 103 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1414 89K 89K 166960K 2798 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 28 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 101 0 dirhash 12 2K 3K 166960K 42 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 93K 166960K 1677 0 sigio 0 0K 0K 166960K 45 0 proc 72 115K 180K 166960K 881 0 subproc 72 4K 4K 166960K 108 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 231 0 in_multi 89 6K 7K 166960K 198 0 ether_multi 1 0K 0K 166960K 8 0 mrt 0 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 253 1129K 1129K 166960K 253 0 exec 0 0K 1K 166960K 702 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 275 168K 178K 166960K 17007 0 UVM aobj 42 4K 4K 166960K 50 0 pinsyscall 43 86K 106K 166960K 2915 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 156 0 NDP 13 0K 2K 166960K 109 0 temp 82 8652K 8730K 166960K 93111 0 kqueue 13 20K 32K 166960K 336 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 240 0 237 3 2 1 2 0 8 0 rtentry 176 206 0 124 5 0 5 5 0 8 0 unpcb 144 1568 0 1550 19 13 6 6 0 8 5 syncache 336 12 0 12 5 4 1 1 0 8 1 tcpqe 32 7 0 7 3 3 0 1 0 8 0 tcpcb 736 746 0 735 15 13 2 7 0 8 0 arp 128 25 0 11 1 0 1 1 0 8 0 inpcb 328 2429 0 2412 35 32 3 13 0 8 0 nd6 144 29 0 14 1 0 1 1 0 8 0 pkpcb 40 16 0 16 5 5 0 1 0 8 0 kcovpl 48 12 0 4 1 0 1 1 0 8 0 ppxss 1192 88 0 88 4 3 1 1 0 8 1 pppxif 1504 11 0 11 5 5 0 1 0 8 0 pffrag 232 10 0 8 1 0 1 1 0 482 0 pffrnode 88 9 0 8 1 0 1 1 0 8 0 pffrent 40 21 0 19 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfstitem 24 132 0 68 1 0 1 1 0 8 0 pfstkey 128 132 0 68 3 0 3 3 0 8 0 pfstate 384 132 0 68 8 0 8 8 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 771 0 390 36 8 28 30 0 8 2 art_table 40 774 0 390 5 0 5 5 0 8 0 art_node 32 206 0 136 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 12 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 97 0 87 1 0 1 1 0 8 0 shmpl 112 47 0 8 2 0 2 2 0 8 0 dirhash 1024 37 0 20 3 0 3 3 0 8 0 dino2pl 256 4673 0 3159 95 0 95 95 0 8 0 ffsino 296 4673 0 3159 117 0 117 117 0 8 0 nchpl 144 6977 0 5271 64 0 64 64 0 8 0 rtmask 32 23 0 23 5 5 0 1 0 8 0 uvmvnodes 80 5471 0 0 112 0 112 112 0 8 0 vnodes 216 5471 0 0 304 0 304 304 0 8 0 namei 1024 26983 0 26982 3 2 1 2 0 8 0 percpumem 16 167 0 119 1 0 1 1 0 8 0 kstatmem 264 172 0 148 4 2 2 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 9 0 9 6 5 1 1 0 8 1 scxspl 216 56767 0 56767 10 9 1 8 1 8 1 plimitpl 152 590 0 570 1 0 1 1 0 8 0 sigapl 424 2007 0 1952 9 1 8 9 0 8 0 knotepl 120 812 0 0 24 0 24 24 0 8 0 kqueuepl 224 608 0 599 6 5 1 3 0 8 0 pipepl 344 279 0 250 3 0 3 3 0 8 0 fdescpl 528 1962 0 1930 3 0 3 3 0 8 0 filepl 160 14723 0 14485 33 17 16 18 0 8 4 lockfpl 104 1018 0 1013 3 1 2 2 0 8 1 lockfspl 48 338 0 333 1 0 1 1 0 8 0 sessionpl 144 36 0 27 1 0 1 1 0 8 0 pgrppl 48 72 0 55 1 0 1 1 0 8 0 ucredpl 104 2525 0 2512 1 0 1 1 0 8 0 zombiepl 144 2507 0 2503 1 0 1 1 0 8 0 processpl 1248 2007 0 1952 6 0 6 6 0 8 0 procpl 664 4609 0 4540 9 2 7 9 0 8 0 sosppl 168 14 0 14 7 6 1 1 0 8 1 sockpl 752 4303 0 4265 76 63 13 20 0 8 8 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 110 0 0 14 0 14 14 0 8 0 mcl2k 2048 33 0 0 5 0 5 5 0 8 0 mtagpl 96 16 0 0 1 0 1 1 0 8 0 mbufpl 256 1204 0 0 75 0 75 75 0 8 0 bufpl 280 23710 0 17567 440 0 440 440 0 8 0 anonpl 32 11970 0 0 97 0 97 97 0 246 0 amapchunkpl 152 56294 0 55665 48 23 25 29 0 158 0 amappl16 200 9660 0 9398 63 49 14 27 0 8 0 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 141 0 129 1 0 1 1 0 8 0 amappl13 176 9 0 8 1 0 1 1 0 8 0 amappl12 168 2675 0 2643 3 1 2 2 0 8 0 amappl11 160 56 0 42 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 1 0 1 0 8 0 amappl9 144 244 0 243 1 0 1 1 0 8 0 amappl8 136 32 0 28 1 0 1 1 0 8 0 amappl7 128 138 0 125 1 0 1 1 0 8 0 amappl6 120 244 0 240 1 0 1 1 0 8 0 amappl5 112 144 0 135 1 0 1 1 0 8 0 amappl4 104 345 0 323 1 0 1 1 0 8 0 amappl3 96 11687 0 11550 5 1 4 4 0 8 0 amappl2 88 765 0 700 2 0 2 2 0 8 0 amappl1 80 16411 0 15798 16 1 15 15 0 8 0 amappl 88 15953 0 15753 5 0 5 5 0 92 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 0 1 1 0 8 1 dma4096 4096 3 0 3 3 3 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 49 0 8 1 0 1 1 0 8 0 uaddrrnd 24 1962 0 1930 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1962 0 1930 1 0 1 1 0 8 0 vmmpekpl 168 16891 0 16838 3 0 3 3 0 8 0 vmmpepl 168 133274 0 130908 125 18 107 113 0 357 1 vmsppl 488 1961 0 1930 6 1 5 5 0 8 0 rwobjpl 80 43846 0 37101 140 2 138 138 0 8 0 pdppl 4096 3932 0 3860 110 36 74 86 0 8 2 pvpl 32 20385 0 0 164 0 164 164 0 265 0 pmappl 256 1961 0 1930 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 377 0 68 9 0 9 9 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace memcpy() at memcpy+0x19 rtm_msg1(14,ffff8000354156c8) at rtm_msg1+0x306 sys/net/rtsock.c:1644 rtm_addr(14,ffff80000157bf00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 in6_update_ifa(ffff800000b2d000,ffff800035415ae0,ffff80000157bf00) at in6_update_ifa+0x199a sys/netinet6/in6.c:741 in6_ioctl_change_ifaddr(8080691a,ffff800035415ae0,ffff800000b2d000) at in6_ioctl_change_ifaddr+0x64e sys/netinet6/in6.c:352 ifioctl(ffff8000014ef7f0,8080691a,ffff800035415ae0,ffff8000ffff2fa0) at ifioctl+0x156d pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff8000014ef7f0,8080691a,ffff800035415ae0,ffff8000ffff2fa0) at ifioctl+0x156d sys/net/if.c:2454 sys_ioctl(ffff8000ffff2fa0,ffff800035415cc0,ffff800035415c10) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff800035415cc0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff800035415cc0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe47ea763fa0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffff8000299edff0) at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffff8000299edff0) at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: -5