uvm_fault(0xffffffff83893318, 0xffff8000014e0000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at memcpy+0x19: repe movsq (%rsi),%es:(%rdi) TID PID UID PRFLAGS PFLAGS CPU COMMAND *307911 53507 -1 0x10 0x4000000 0 syz-executor memcpy() at memcpy+0x19 rtm_msg1(14,ffff80003c96f4a8) at rtm_msg1+0x306 sys/net/rtsock.c:1627 rtm_addr(14,ffff8000014dff00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 in6_update_ifa(ffff800000b12800,ffff80003c96f8c0,ffff8000014dff00) at in6_update_ifa+0x199a sys/netinet6/in6.c:741 in6_ioctl_change_ifaddr(8080691a,ffff80003c96f8c0,ffff800000b12800) at in6_ioctl_change_ifaddr+0x638 sys/netinet6/in6.c:352 ifioctl(ffff800001404cf0,8080691a,ffff80003c96f8c0,ffff80003c967788) at ifioctl+0x1515 pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff800001404cf0,8080691a,ffff80003c96f8c0,ffff80003c967788) at ifioctl+0x1515 sys/net/if.c:2454 sys_ioctl(ffff80003c967788,ffff80003c96fa90,ffff80003c96f9e0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c96fa90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c96fa90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4b4cd1cebc0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff83893318, 0xffff8000014e0000, 0, 1) -> e ddb> trace memcpy() at memcpy+0x19 rtm_msg1(14,ffff80003c96f4a8) at rtm_msg1+0x306 sys/net/rtsock.c:1627 rtm_addr(14,ffff8000014dff00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 in6_update_ifa(ffff800000b12800,ffff80003c96f8c0,ffff8000014dff00) at in6_update_ifa+0x199a sys/netinet6/in6.c:741 in6_ioctl_change_ifaddr(8080691a,ffff80003c96f8c0,ffff800000b12800) at in6_ioctl_change_ifaddr+0x638 sys/netinet6/in6.c:352 ifioctl(ffff800001404cf0,8080691a,ffff80003c96f8c0,ffff80003c967788) at ifioctl+0x1515 pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff800001404cf0,8080691a,ffff80003c96f8c0,ffff80003c967788) at ifioctl+0x1515 sys/net/if.c:2454 sys_ioctl(ffff80003c967788,ffff80003c96fa90,ffff80003c96f9e0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c96fa90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c96fa90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4b4cd1cebc0, count: -9 ddb> show registers rdi 0xfffffd806554b148 rsi 0xffff8000014e0000 rbp 0xffff80003c96f420 rbx 0 rdx 0xf9 rcx 0xe rax 0x7d806406b148 r8 0x2 r9 0x8080808080808080 r10 0x7ceda733f1ecb2d9 r11 0xfffffd806554b0c0 r12 0xf9 r13 0xf9 r14 0xc0 r15 0xfffffd806e8c6600 rip 0xffffffff815b1059 memcpy+0x19 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80003c96f378 ss 0x10 memcpy+0x19: repe movsq (%rsi),%es:(%rdi) ddb> show proc PROC (syz-executor) tid=307911 pid=53507 tcnt=2 stat=onproc flags process=10 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c967a20,0xffff80003c966040 process=0xffff80003a54ad28 user=0xffff80003c96a000, vmspace=0xfffffd8009427450 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 46245 50363 50617 0 3 0x80 fsleep syz-executor 46245 347579 50617 0 3 0x4000080 fifor syz-executor 53507 472043 27372 -1 3 0x90 fsleep syz-executor *53507 307911 27372 -1 7 0x4000010 syz-executor 2268 202439 0 0 3 0x14200 acct acct 76270 281685 4281 0 3 0x400080 fsleep syz-executor 76270 72447 4281 0 3 0x4400080 kqread syz-executor 76270 102777 4281 0 3 0x4400080 fsleep syz-executor 50617 492912 42635 0 2 0xc82 syz-executor 58255 80328 95997 0 3 0x80 fsleep syz-executor 58255 116999 95997 0 3 0x4000080 kqsel syz-executor 46691 168281 78865 0 3 0x80 fsleep syz-executor 46691 97660 78865 0 3 0x4000080 fifow syz-executor 78865 140652 42635 0 2 0xc82 syz-executor 46540 2809 8063 0 3 0x82 sbwait sshd-session 27372 361345 42635 0 2 0xc82 syz-executor 52939 207839 0 0 3 0x14200 bored sosplice 53207 136447 8063 0 3 0x82 sbwait sshd-session 4281 80201 42635 0 2 0xc82 syz-executor 95997 232592 42635 0 2 0xc82 syz-executor 82311 63491 42635 0 2 0x2 syz-executor 93990 500951 42635 0 3 0x82 nanoslp syz-executor 86080 133730 42635 0 2 0x2 syz-executor 42635 318971 21806 0 2 0x2 syz-executor 21806 424706 90471 0 3 0x10008a sigsusp ksh 90471 443416 40416 0 3 0x98 kqread sshd-session 40416 501858 8063 0 3 0x92 kqread sshd-session 19939 3678 1 0 3 0x100083 ttyopn getty 8063 182052 1 0 3 0x88 kqread sshd 61184 453630 66769 73 3 0x1100090 kqread syslogd 66769 419851 1 0 3 0x100082 sbwait syslogd 20072 50399 1 0 3 0x100080 kqread resolvd 16802 522548 0 0 3 0x14200 bored smr 8413 395839 0 0 2 0x14200 zerothread 88425 100742 0 0 3 0x14200 aiodoned aiodoned 72858 315694 0 0 3 0x14200 syncer update 85908 516240 0 0 3 0x14200 cleaner cleaner 96492 40845 0 0 3 0x14200 reaper reaper 85878 68419 0 0 3 0x14200 pgdaemon pagedaemon 91424 313853 0 0 3 0x14200 bored viomb 67197 408850 0 0 3 0x40014200 acpi0 acpi0 19002 42413 0 0 3 0x14200 bored softnet7 14972 186058 0 0 3 0x14200 bored softnet6 844 190345 0 0 3 0x14200 bored softnet5 56122 168578 0 0 3 0x14200 bored softnet4 11126 144684 0 0 3 0x14200 bored softnet3 97751 344043 0 0 3 0x14200 bored softnet2 59255 377043 0 0 3 0x14200 bored softnet1 45586 214279 0 0 3 0x14200 bored softnet0 50946 156863 0 0 3 0x14200 bored systqmp 58362 421240 0 0 3 0x14200 bored systq 80891 445601 0 0 2 0x40014200 softclock 73249 467619 0 0 3 0x40014200 idle0 1 484725 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10190 11145K 11373K 166960K 12260 0 pcb 18 18K 20K 166960K 345 0 rtable 167 10K 11K 166960K 523 0 pf 35 14K 18K 166960K 147 0 ifaddr 34 5K 8K 166960K 110 0 ifgroup 50 2K 2K 166960K 166 0 sysctl 4 1K 9K 166960K 17 0 counters 32 17K 18K 166960K 88 0 ioctlops 0 0K 4K 166960K 399 0 iov 0 0K 32K 166960K 124 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1404 88K 89K 166960K 2340 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 18 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 104 0 dirhash 12 2K 2K 166960K 54 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 110K 166960K 1547 0 sigio 0 0K 0K 166960K 30 0 proc 54 43K 83K 166960K 735 0 subproc 72 4K 4K 166960K 118 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 173 0 in_multi 65 4K 7K 166960K 207 0 ether_multi 1 0K 0K 166960K 24 0 mrt 1 0K 0K 166960K 10 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 610 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 218 145K 184K 166960K 15161 0 UVM aobj 103 3K 3K 166960K 105 0 pinsyscall 35 70K 94K 166960K 2727 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 78 0 NDP 11 0K 2K 166960K 76 0 temp 78 8644K 8770K 166960K 88400 0 kqueue 8 14K 33K 166960K 271 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 255 0 254 3 2 1 3 0 8 0 rtentry 136 184 0 124 4 0 4 4 0 8 0 unpcb 144 1083 0 1062 7 6 1 6 0 8 0 syncache 336 11 0 11 2 2 0 1 0 8 0 tcpqe 32 4 0 4 1 1 0 1 0 8 0 tcpcb 736 471 0 460 10 5 5 5 0 8 3 arp 88 21 0 13 1 0 1 1 0 8 0 ipq 40 4 0 3 1 0 1 1 0 8 0 ipqe 40 11 0 9 1 0 1 1 0 8 0 inpcb 328 1517 0 1505 14 9 5 10 0 8 3 ip6q 72 5 0 3 1 0 1 1 0 8 0 ip6af 40 11 0 8 1 0 1 1 0 8 0 nd6 104 40 0 28 1 0 1 1 0 8 0 pkpcb 40 16 0 16 3 2 1 1 0 8 1 kcovpl 48 13 0 5 1 0 1 1 0 8 0 ppxss 1072 41 0 41 3 2 1 1 0 8 1 pfstscr 40 3 0 3 2 2 0 1 0 8 0 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pfanchor 1288 2 0 0 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 6 0 4 1 0 1 1 0 8 0 pfstate 384 3 0 2 1 0 1 1 0 8 0 pfrule 1344 11 0 8 1 0 1 1 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 833 0 556 31 10 21 30 0 8 2 art_table 40 836 0 556 5 0 5 5 0 8 0 art_node 32 180 0 129 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 8 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 102 0 92 1 0 1 1 0 8 0 shmpl 112 102 0 2 3 0 3 3 0 8 0 dirhash 1024 45 0 28 3 0 3 3 0 8 0 dino2pl 256 4145 0 2642 95 0 95 95 0 8 0 ffsino 256 4145 0 2642 95 0 95 95 0 8 0 nchpl 144 6276 0 4579 64 0 64 64 0 8 0 rtmask 32 8 0 8 2 2 0 1 0 8 0 uvmvnodes 80 3846 0 0 79 0 79 79 0 8 0 vnodes 216 3846 0 0 214 0 214 214 0 8 0 namei 1024 24021 0 24021 4 3 1 2 0 8 1 kstatmem 264 100 0 78 2 0 2 2 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 6 0 6 2 1 1 1 0 8 1 scxspl 216 27235 0 27235 22 14 8 8 1 8 8 plimitpl 152 391 0 375 1 0 1 1 0 8 0 sigapl 424 1844 0 1795 9 2 7 9 0 8 0 knotepl 120 350976 0 350942 39 27 12 16 0 8 7 kqueuepl 184 526 0 518 4 3 1 3 0 8 0 pipepl 304 261 0 234 5 2 3 5 0 8 0 fdescpl 448 1798 0 1771 5 1 4 5 0 8 0 filepl 120 12083 0 11873 13 4 9 13 0 8 0 lockfpl 104 827 0 825 3 1 2 2 0 8 1 lockfspl 48 255 0 253 1 0 1 1 0 8 0 sessionpl 144 33 0 24 1 0 1 1 0 8 0 pgrppl 48 72 0 55 1 0 1 1 0 8 0 ucredpl 104 2716 0 2706 1 0 1 1 0 8 0 zombiepl 144 1810 0 1809 3 2 1 1 0 8 0 processpl 1152 1844 0 1795 6 2 4 6 0 8 0 procpl 664 3860 0 3805 8 0 8 8 0 8 0 sosppl 168 5 0 5 1 1 0 1 0 8 0 sockpl 552 2927 0 2893 13 8 5 12 0 8 1 mcl64k 65536 61 0 61 4 3 1 1 0 8 1 mcl16k 16384 8 0 8 2 1 1 1 0 8 1 mcl12k 12288 1 0 1 1 1 0 1 0 8 0 mcl9k 9216 2 0 2 1 1 0 1 0 8 0 mcl8k 8192 18 0 18 2 2 0 1 0 8 0 mcl4k 4096 4396 0 4341 18 10 8 15 0 8 0 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 2320 0 2304 4 1 3 3 0 8 0 mtagpl 96 13 0 13 2 2 0 1 0 8 0 mbufpl 256 18390 0 18245 16 0 16 16 0 8 1 bufpl 280 13149 0 6921 446 0 446 446 0 8 0 anonpl 24 297592 0 289439 97 22 75 75 0 187 11 amapchunkpl 152 51095 0 50371 54 23 31 36 0 158 2 amappl16 200 6425 0 6174 53 27 26 26 0 8 8 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 135 0 126 1 0 1 1 0 8 0 amappl13 176 8 0 8 2 2 0 1 0 8 0 amappl12 168 2522 0 2494 3 1 2 3 0 8 0 amappl11 160 43 0 38 1 0 1 1 0 8 0 amappl10 152 5 0 5 1 1 0 1 0 8 0 amappl9 144 244 0 244 1 1 0 1 0 8 0 amappl8 136 25 0 23 1 0 1 1 0 8 0 amappl7 128 117 0 106 1 0 1 1 0 8 0 amappl6 120 227 0 222 1 0 1 1 0 8 0 amappl5 112 131 0 127 1 0 1 1 0 8 0 amappl4 104 298 0 284 1 0 1 1 0 8 0 amappl3 96 10114 0 10017 4 0 4 4 0 8 0 amappl2 88 753 0 700 2 0 2 2 0 8 0 amappl1 80 15552 0 14942 15 1 14 15 0 8 0 amappl 88 14129 0 13969 5 0 5 5 0 92 0 dma8192 8192 2 0 2 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 7 0 7 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 104 0 2 2 0 2 2 0 8 0 uaddrrnd 24 1798 0 1771 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1798 0 1771 1 0 1 1 0 8 0 vmmpekpl 168 15140 0 15099 3 0 3 3 0 8 0 vmmpepl 168 117820 0 115831 127 26 101 102 0 357 9 vmsppl 368 1797 0 1771 4 1 3 4 0 8 0 rwobjpl 40 35858 0 30790 54 0 54 54 0 8 0 pdppl 4096 3602 0 3542 110 46 64 80 0 8 4 pvpl 32 795640 0 781618 225 63 162 162 0 265 32 pmappl 216 1797 0 1771 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 412 0 88 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace memcpy() at memcpy+0x19 rtm_msg1(14,ffff80003c96f4a8) at rtm_msg1+0x306 sys/net/rtsock.c:1627 rtm_addr(14,ffff8000014dff00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 in6_update_ifa(ffff800000b12800,ffff80003c96f8c0,ffff8000014dff00) at in6_update_ifa+0x199a sys/netinet6/in6.c:741 in6_ioctl_change_ifaddr(8080691a,ffff80003c96f8c0,ffff800000b12800) at in6_ioctl_change_ifaddr+0x638 sys/netinet6/in6.c:352 ifioctl(ffff800001404cf0,8080691a,ffff80003c96f8c0,ffff80003c967788) at ifioctl+0x1515 pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff800001404cf0,8080691a,ffff80003c96f8c0,ffff80003c967788) at ifioctl+0x1515 sys/net/if.c:2454 sys_ioctl(ffff80003c967788,ffff80003c96fa90,ffff80003c96f9e0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c96fa90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c96fa90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4b4cd1cebc0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace memcpy() at memcpy+0x19 rtm_msg1(14,ffff80003c96f4a8) at rtm_msg1+0x306 sys/net/rtsock.c:1627 rtm_addr(14,ffff8000014dff00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 in6_update_ifa(ffff800000b12800,ffff80003c96f8c0,ffff8000014dff00) at in6_update_ifa+0x199a sys/netinet6/in6.c:741 in6_ioctl_change_ifaddr(8080691a,ffff80003c96f8c0,ffff800000b12800) at in6_ioctl_change_ifaddr+0x638 sys/netinet6/in6.c:352 ifioctl(ffff800001404cf0,8080691a,ffff80003c96f8c0,ffff80003c967788) at ifioctl+0x1515 pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff800001404cf0,8080691a,ffff80003c96f8c0,ffff80003c967788) at ifioctl+0x1515 sys/net/if.c:2454 sys_ioctl(ffff80003c967788,ffff80003c96fa90,ffff80003c96f9e0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c96fa90) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c96fa90) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4b4cd1cebc0, count: -9