eͫ\5۱spoi G6OV`;&<bjםQ`xy,8 TC=c|"jjbVܳ.Q`Q \vG)?=M| e kernel: page fault trap, code=0 Stopped at ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8053875450, 0x0, 0, 1) -> e ifa_update_broadaddr(ffff800000ac6800,ffff800000b14c00,ffff80001e7c3c90) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 end trace frame: 0xffff80001e7c3bb0, count: 0 ddb> trace ifa_update_broadaddr(ffff800000ac6800,ffff800000b14c00,ffff80001e7c3c90) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001e7c3c80,ffff800000ac6800,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd806b650000,80206913,ffff80001e7c3c80,ffff80001d6c2768) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c2768,ffff80001e7c3d98,ffff80001e7c3de0) at sys_ioctl+0x4a1 syscall(ffff80001e7c3e60) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x510345ddaf0, count: -6 ddb> show registers rdi 0xffffffff8113259b ifa_update_broadaddr+0x1b rsi 0x37 rbp 0xffff80001e7c3b10 rbx 0x10 rdx 0x38 rcx 0xffff80001f99c000 rax 0xffff80001f99c000 r8 0xffffffff81ecd017 in_ioctl+0x387 r9 0x7 r10 0x3 r11 0xe19d96ab981af782 r12 0xffff80001e7c3c90 r13 0 r14 0xffff80001e7c3c90 r15 0 rip 0xffffffff8113259f ifa_update_broadaddr+0x1f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001e7c3ad0 ss 0x10 ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> show proc PROC (syz-executor.0) pid=104765 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=77, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6c3878,0xffffffff827ebe68 process=0xffff80001d706e98 user=0xffff80001e7be000, vmspace=0xfffffd8053875450 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 84814 481611 70779 0 2 0 syz-executor.0 *84814 104765 70779 0 7 0x4000000 syz-executor.0 21264 253641 75377 0 2 0x2 syz-executor.1 29878 380932 0 0 3 0x14200 bored sosplice 70779 421915 75377 0 3 0x82 nanosleep syz-executor.0 75377 353789 45068 0 3 0x82 thrsleep syz-fuzzer 75377 157004 45068 0 3 0x4000082 nanosleep syz-fuzzer 75377 502089 45068 0 3 0x4000082 thrsleep syz-fuzzer 75377 197934 45068 0 3 0x4000082 thrsleep syz-fuzzer 75377 193740 45068 0 3 0x4000082 thrsleep syz-fuzzer 75377 367548 45068 0 3 0x4000082 kqread syz-fuzzer 75377 404248 45068 0 3 0x4000082 thrsleep syz-fuzzer 75377 25511 45068 0 3 0x4000082 thrsleep syz-fuzzer 45068 353302 49956 0 3 0x10008a pause ksh 49956 218622 28120 0 3 0x92 select sshd 87470 521006 1 0 3 0x100083 ttyopn getty 28120 181285 1 0 3 0x80 select sshd 18401 344088 17101 73 3 0x100090 kqread syslogd 17101 240935 1 0 3 0x100082 netio syslogd 99877 376490 1 77 3 0x100090 poll dhclient 77540 268206 1 0 3 0x80 poll dhclient 11278 305036 0 0 3 0x14200 bored smr 77851 249111 0 0 2 0x14200 zerothread 18482 94634 0 0 3 0x14200 aiodoned aiodoned 14159 483919 0 0 3 0x14200 syncer update 67174 70156 0 0 3 0x14200 cleaner cleaner 34699 337173 0 0 3 0x14200 reaper reaper 58643 406901 0 0 3 0x14200 pgdaemon pagedaemon 57107 98256 0 0 3 0x14200 bored crynlk 36672 269219 0 0 3 0x14200 bored crypto 55516 188329 0 0 3 0x40014200 acpi0 acpi0 76905 290487 0 0 3 0x14200 bored softnet 50439 396427 0 0 3 0x14200 bored systqmp 24311 375895 0 0 3 0x14200 bored systq 60820 424148 0 0 3 0x40014200 bored softclock 55892 270243 0 0 3 0x40014200 idle0 1 246146 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9505 6416K 6737K 78643K 11117 0 pcb 13 8K 8K 78643K 61 0 rtable 107 6K 7K 78643K 503 0 ifaddr 70 13K 13K 78643K 153 0 counters 21 16K 16K 78643K 24 0 ioctlops 0 0K 4K 78643K 54 0 iov 0 0K 12K 78643K 40 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1435 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 6 0 VM map 2 0K 0K 78643K 2 0 sem 12 1K 1K 78643K 19 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 553 0 sigio 0 0K 0K 78643K 4 0 proc 49 38K 63K 78643K 408 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 114 0 in_multi 41 2K 2K 78643K 117 0 ether_multi 1 0K 0K 78643K 8 0 mrt 0 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 210 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 130 87K 88K 78643K 2072 0 UVM aobj 10 2K 2K 78643K 15 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 30 0 NDP 13 0K 0K 78643K 30 0 temp 102 3853K 3920K 78643K 17195 0 kqueue 3 4K 10K 78643K 17 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 4 1 0 1 1 0 8 0 rtpcb 80 39 0 37 1 0 1 1 0 8 0 rtentry 112 86 0 49 2 0 2 2 0 8 0 unpcb 120 104 0 96 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 292 0 292 1 1 0 1 0 8 0 tcpcb 544 75 0 70 1 0 1 1 0 8 0 inpcb 296 601 0 593 3 1 2 2 0 8 1 rttmr 72 1 0 1 1 1 0 1 0 8 0 nd6 48 21 0 17 1 0 1 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 1 0 1 1 1 0 1 0 8 0 pfrktable 1344 81 0 76 2 1 1 1 0 8 0 pftag 88 14 0 14 1 1 0 1 0 8 0 pfrule 1360 14 0 12 2 1 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 585 0 399 18 3 15 16 0 8 1 art_table 32 586 0 399 2 0 2 2 0 8 0 art_node 16 85 0 51 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 13 2 1 1 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 10 0 0 1 0 1 1 0 8 0 shmpl 112 12 0 6 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2080 0 684 88 0 88 88 0 8 0 ffsino 240 2080 0 684 83 0 83 83 0 8 0 nchpl 144 3170 0 1581 60 0 60 60 0 8 0 uvmvnodes 72 2266 0 0 42 0 42 42 0 8 0 vnodes 208 2266 0 0 120 0 120 120 0 8 0 namei 1024 8213 0 8213 2 1 1 1 0 8 1 vcpupl 1984 7 0 0 1 0 1 1 0 8 0 vmpool 528 8 0 1 1 0 1 1 0 8 0 pfiaddrpl 120 24 0 20 2 1 1 1 0 8 0 scxspl 192 8755 0 8755 1 0 1 1 0 8 1 plimitpl 152 41 0 34 1 0 1 1 0 8 0 sigapl 424 737 0 708 4 0 4 4 0 8 0 futexpl 56 8867 0 8867 2 1 1 1 0 8 1 knotepl 112 91 0 72 1 0 1 1 0 8 0 kqueuepl 144 52 0 49 1 0 1 1 0 8 0 pipepl 272 118 0 108 1 0 1 1 0 8 0 fdescpl 432 722 0 708 2 0 2 2 0 8 0 filepl 120 3815 0 3719 4 0 4 4 0 8 1 lockfpl 104 145 0 144 1 0 1 1 0 8 0 lockfspl 48 49 0 48 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 18 0 8 1 0 1 1 0 8 0 ucredpl 96 636 0 629 1 0 1 1 0 8 0 zombiepl 144 708 0 708 1 0 1 1 0 8 1 processpl 928 737 0 708 4 0 4 4 0 8 0 procpl 624 1328 0 1291 4 0 4 4 0 8 0 sosppl 128 8 0 8 3 2 1 1 0 8 1 sockpl 400 746 0 728 4 1 3 3 0 8 1 mcl64k 65536 21 0 21 4 3 1 1 0 8 1 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 5 0 5 3 2 1 1 0 8 1 mcl9k 9216 2 0 2 1 1 0 1 0 8 0 mcl8k 8192 276 0 276 1 0 1 1 0 8 1 mcl4k 4096 299 0 299 3 2 1 1 0 8 1 mcl2k 2048 75193 0 75137 21 13 8 19 0 8 0 mtagpl 96 16 0 10 2 1 1 1 0 8 0 mbufpl 256 124094 0 123944 15 4 11 11 0 8 0 bufpl 280 5567 0 215 383 0 383 383 0 8 0 anonpl 16 80834 0 65213 98 25 73 83 0 107 6 amapchunkpl 152 3044 0 2909 18 12 6 16 0 158 0 amappl16 192 3474 0 2577 56 10 46 55 0 8 1 amappl15 184 9 0 7 1 0 1 1 0 8 0 amappl14 176 242 0 236 1 0 1 1 0 8 0 amappl13 168 35 0 31 1 0 1 1 0 8 0 amappl12 160 8 0 6 1 0 1 1 0 8 0 amappl11 152 268 0 257 1 0 1 1 0 8 0 amappl10 144 15 0 9 1 0 1 1 0 8 0 amappl9 136 653 0 651 1 0 1 1 0 8 0 amappl8 128 499 0 459 2 0 2 2 0 8 0 amappl7 120 113 0 101 1 0 1 1 0 8 0 amappl6 112 244 0 236 1 0 1 1 0 8 0 amappl5 104 452 0 442 1 0 1 1 0 8 0 amappl4 96 657 0 624 1 0 1 1 0 8 0 amappl3 88 109 0 103 1 0 1 1 0 8 0 amappl2 80 5162 0 5090 2 0 2 2 0 8 0 amappl1 72 21690 0 21285 24 15 9 17 0 8 0 amappl 80 1567 0 1523 2 0 2 2 0 84 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 14 0 5 1 0 1 1 0 8 0 uaddrrnd 24 730 0 709 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 730 0 709 1 0 1 1 0 8 0 vmmpekpl 168 8081 0 8052 2 0 2 2 0 8 0 vmmpepl 168 91537 0 89522 146 32 114 122 0 357 25 vmsppl 272 729 0 709 3 1 2 2 0 8 0 pdppl 4096 1466 0 1425 7 1 6 6 0 8 0 pvpl 32 265267 0 246879 267 23 244 254 0 265 90 pmappl 200 729 0 709 2 0 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 264 0 33 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ifa_update_broadaddr(ffff800000ac6800,ffff800000b14c00,ffff80001e7c3c90) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001e7c3c80,ffff800000ac6800,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd806b650000,80206913,ffff80001e7c3c80,ffff80001d6c2768) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c2768,ffff80001e7c3d98,ffff80001e7c3de0) at sys_ioctl+0x4a1 syscall(ffff80001e7c3e60) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x510345ddaf0, count: -6 ddb> machine ddbcpu 1 No such command ddb> trace ifa_update_broadaddr(ffff800000ac6800,ffff800000b14c00,ffff80001e7c3c90) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001e7c3c80,ffff800000ac6800,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd806b650000,80206913,ffff80001e7c3c80,ffff80001d6c2768) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c2768,ffff80001e7c3d98,ffff80001e7c3de0) at sys_ioctl+0x4a1 syscall(ffff80001e7c3e60) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x510345ddaf0, count: -6