uvm_fault(0xfffffd80647cd2f0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xfffffd80647cd2f0, 0x0, 0, 1) -> e ifa_update_broadaddr(ffff800000ac6000,ffff800000aa2a00,ffff800021ef4010) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 end trace frame: 0xffff800021ef3ec0, count: 0 ddb{0}> trace ifa_update_broadaddr(ffff800000ac6000,ffff800000aa2a00,ffff800021ef4010) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff800021ef4000,ffff800000ac6000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd807b90b808,80206913,ffff800021ef4000,ffff800020ea4b00) at ifioctl+0xe70 sys/net/if.c:2282 soo_ioctl(fffffd806673eef0,80206913,ffff800021ef4000,ffff800020ea4b00) at soo_ioctl+0x27c sys/kern/sys_socket.c:138 sys_ioctl(ffff800020ea4b00,ffff800021ef4118,ffff800021ef4160) at sys_ioctl+0x4a5 syscall(ffff800021ef41e0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021ef41e0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc6c27e960, count: -7 ddb{0}> show registers rdi 0xffffffff81c64d8b ifa_update_broadaddr+0x1b rsi 0xe4 rbp 0xffff800021ef3e20 rbx 0x10 rdx 0xe5 rcx 0xffff800020ee3000 rax 0xffff800020ee3000 r8 0xffffffff81eda057 in_ioctl+0x387 r9 0x7 r10 0x3 r11 0x1b805fa180ea987 r12 0xffff800021ef4010 r13 0xaa0014ac r14 0xffff800021ef4010 r15 0 rip 0xffffffff81c64d8f ifa_update_broadaddr+0x1f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021ef3de0 ss 0x10 ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb{0}> show proc PROC (syz-executor.0) pid=27557 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=78, nice=20 forw=0xffffffffffffffff, list=0xffff800020ea39f0,0xffffffff829095e8 process=0xffff800021f72fb0 user=0xffff800021eef000, vmspace=0xfffffd80647cd2f0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 15323 135554 51512 0 2 0 syz-executor.0 *15323 27557 51512 0 7 0x4000000 syz-executor.0 41249 400482 0 0 3 0x14200 acct acct 69664 453269 0 0 3 0x14280 nfsidl nfsio 4685 1910 0 0 3 0x14280 nfsidl nfsio 90179 474207 0 0 3 0x14280 nfsidl nfsio 77042 99685 0 0 3 0x14280 nfsidl nfsio 58360 343713 0 0 3 0x14280 nfsidl nfsio 47868 44227 0 0 3 0x14280 nfsidl nfsio 59641 212008 0 0 3 0x14280 nfsidl nfsio 55494 420032 0 0 3 0x14280 nfsidl nfsio 19538 377288 0 0 3 0x14280 nfsidl nfsio 7571 90555 0 0 3 0x14280 nfsidl nfsio 82809 171057 0 0 3 0x14280 nfsidl nfsio 15347 501979 0 0 3 0x14280 nfsidl nfsio 99813 227393 0 0 3 0x14280 nfsidl nfsio 75805 186451 0 0 3 0x14280 nfsidl nfsio 3381 416960 0 0 3 0x14280 nfsidl nfsio 15447 390858 0 0 3 0x14280 nfsidl nfsio 21359 58092 0 0 3 0x14280 nfsidl nfsio 59613 51961 0 0 3 0x14280 nfsidl nfsio 62120 294133 0 0 3 0x14280 nfsidl nfsio 44482 158732 0 0 3 0x14280 nfsidl nfsio 83993 54790 54302 0 3 0x82 piperd syz-executor.1 88728 473203 0 0 3 0x14200 bored sosplice 51512 22268 54302 0 3 0x82 nanosleep syz-executor.0 54302 4778 73941 0 2 0x2 syz-fuzzer 54302 119417 73941 0 3 0x4000082 nanosleep syz-fuzzer 54302 456107 73941 0 3 0x4000082 thrsleep syz-fuzzer 54302 270802 73941 0 3 0x4000082 thrsleep syz-fuzzer 54302 123460 73941 0 3 0x4000082 thrsleep syz-fuzzer 54302 73790 73941 0 3 0x4000082 thrsleep syz-fuzzer 54302 441364 73941 0 3 0x4000082 thrsleep syz-fuzzer 54302 108843 73941 0 3 0x4000082 thrsleep syz-fuzzer 54302 295725 73941 0 3 0x4000082 thrsleep syz-fuzzer 54302 399295 73941 0 3 0x4000082 kqread syz-fuzzer 73941 279882 17266 0 3 0x10008a pause ksh 17266 90911 45501 0 3 0x92 select sshd 72101 311548 1 0 3 0x100083 ttyin getty 45501 282780 1 0 3 0x80 select sshd 26443 479618 73381 74 3 0x100092 bpf pflogd 73381 360162 1 0 3 0x80 netio pflogd 96257 215453 10208 73 7 0x100010 syslogd 10208 213883 1 0 3 0x100082 netio syslogd 41509 54758 1 77 3 0x100090 poll dhclient 12589 516074 1 0 3 0x80 poll dhclient 95333 207064 0 0 3 0x14200 bored smr 19470 305418 0 0 2 0x14200 zerothread 1592 227002 0 0 3 0x14200 aiodoned aiodoned 37504 398646 0 0 3 0x14200 syncer update 86137 101358 0 0 3 0x14200 cleaner cleaner 15976 352863 0 0 3 0x14200 reaper reaper 10524 373479 0 0 3 0x14200 pgdaemon pagedaemon 60657 458056 0 0 3 0x14200 bored crynlk 72303 387246 0 0 3 0x14200 bored crypto 69238 53642 0 0 3 0x40014200 acpi0 acpi0 67453 444557 0 0 3 0x40014200 idle1 89458 413979 0 0 3 0x14200 bored softnet 69133 488494 0 0 3 0x14200 bored systqmp 13137 509724 0 0 3 0x14200 bored systq 18517 239613 0 0 3 0x40014200 bored softclock 64068 325055 0 0 3 0x40014200 idle0 1 426094 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 15323 (syz-executor.0) thread 0xffff800020ea4b00 (27557) exclusive rwlock netlock r = 0 (0xffffffff8276be18) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 in_ioctl+0x1f5 #2 ifioctl+0xe70 sys/net/if.c:2282 #3 soo_ioctl+0x27c sys/kern/sys_socket.c:138 #4 sys_ioctl+0x4a5 #5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828c6be8) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 soo_ioctl+0x26a sys/kern/sys_socket.c:138 #2 sys_ioctl+0x4a5 #3 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #4 Xsyscall+0x128 Process 96257 (syslogd) thread 0xffff800020e40120 (215453) exclusive rrwlock inode r = 0 (0xfffffd806ecb0c48) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 rw_enter+0x453 sys/kern/kern_rwlock.c:311 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:603 #4 vn_lock+0x81 sys/kern/vfs_vnops.c:575 #5 sys_fsync+0x113 sys/kern/vfs_syscalls.c:2874 #6 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9529 6435K 7259K 78643K 12864 0 pcb 13 8K 8K 78643K 107 0 rtable 119 7K 9K 78643K 559 0 ifaddr 98 20K 20K 78643K 240 0 sysctl 1 1K 1K 78643K 1 0 counters 43 33K 34K 78643K 73 0 ioctlops 0 0K 4K 78643K 1608 0 iov 0 0K 16K 78643K 87 0 mount 1 1K 1K 78643K 1 0 vnodes 1220 77K 77K 78643K 1824 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 12 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 74 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 671 0 sigio 0 0K 0K 78643K 10 0 proc 61 63K 95K 78643K 544 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 62 0 in_multi 100 4K 4K 78643K 271 0 ether_multi 1 0K 0K 78643K 17 0 mrt 0 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 251 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 132 71K 72K 78643K 3181 0 UVM aobj 37 4K 4K 78643K 43 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 368 0 NDP 13 0K 0K 78643K 61 0 temp 109 3862K 3926K 78643K 11493 0 kqueue 3 4K 9K 78643K 30 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 3 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 57 0 55 1 0 1 1 0 8 0 rtentry 112 98 0 57 2 0 2 2 0 8 0 unpcb 120 324 0 314 1 0 1 1 0 8 0 syncache 264 9 0 9 3 3 0 1 0 8 0 tcpqe 32 323 0 323 2 2 0 1 0 8 0 tcpcb 544 511 0 506 1 0 1 1 0 8 0 inpcb 296 1359 0 1350 5 3 2 2 0 8 1 nd6 48 33 0 29 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 3 0 3 2 2 0 1 0 8 0 pfstscr 40 5 0 5 1 1 0 1 0 8 0 pffrag 232 5 0 5 3 3 0 1 0 482 0 pffrnode 88 5 0 5 3 3 0 1 0 8 0 pffrent 40 53 0 53 3 3 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 55 0 47 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfqueue 264 2 0 0 1 0 1 1 0 8 0 pfstitem 24 17 0 10 1 0 1 1 0 8 0 pfstkey 112 21 0 14 1 0 1 1 0 8 0 pfstate 328 18 0 11 2 1 1 2 0 8 0 pfrule 1360 44 0 28 3 1 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 370 0 196 13 0 13 13 0 8 0 art_table 32 371 0 196 2 0 2 2 0 8 0 art_node 16 97 0 59 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 6 2 1 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 70 0 60 1 0 1 1 0 8 0 shmpl 112 40 0 6 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2301 0 896 89 0 89 89 0 8 0 ffsino 272 2301 0 896 95 0 95 95 0 8 0 nchpl 144 3450 0 1855 60 0 60 60 0 8 0 uvmvnodes 72 2860 0 0 52 0 52 52 0 8 0 vnodes 208 2860 0 0 151 0 151 151 0 8 0 namei 1024 10046 0 10046 2 1 1 1 0 8 1 percpumem 16 47 0 15 1 0 1 1 0 8 0 vcpupl 1984 11 0 0 2 0 2 2 0 8 0 vmpool 560 15 0 4 1 0 1 1 0 8 0 pfiaddrpl 120 18 0 12 3 2 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 10691 0 10691 5 4 1 4 0 8 1 plimitpl 152 49 0 41 1 0 1 1 0 8 0 sigapl 424 905 0 852 6 0 6 6 0 8 0 futexpl 56 11274 0 11274 3 2 1 1 0 8 1 knotepl 112 108 0 89 1 0 1 1 0 8 0 kqueuepl 144 91 0 89 1 0 1 1 0 8 0 pipepl 304 143 0 133 2 1 1 2 0 8 0 fdescpl 496 868 0 852 3 0 3 3 0 8 0 filepl 152 5642 0 5540 6 1 5 5 0 8 1 lockfpl 104 241 0 240 1 0 1 1 0 8 0 lockfspl 48 75 0 74 1 0 1 1 0 8 0 sessionpl 112 19 0 8 1 0 1 1 0 8 0 pgrppl 48 28 0 17 1 0 1 1 0 8 0 ucredpl 96 558 0 549 1 0 1 1 0 8 0 zombiepl 144 852 0 852 2 1 1 1 0 8 1 processpl 992 905 0 852 7 0 7 7 0 8 0 procpl 624 2347 0 2284 7 1 6 6 0 8 0 srpgc 64 2 0 2 1 1 0 1 0 8 0 sosppl 128 13 0 13 4 4 0 1 0 8 0 sockpl 400 1754 0 1733 8 5 3 4 0 8 0 mcl64k 65536 15 0 0 2 0 2 2 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 8 0 0 1 0 1 1 0 8 0 mcl9k 9216 6 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 169 0 0 21 0 21 21 0 8 0 mtagpl 96 52 0 0 2 0 2 2 0 8 0 mbufpl 256 347 0 0 21 2 19 19 0 8 0 bufpl 280 4953 0 137 344 0 344 344 0 8 0 anonpl 16 95634 0 78593 94 23 71 86 0 124 0 amapchunkpl 152 6032 0 5884 23 15 8 20 0 158 0 amappl16 192 4147 0 3202 61 13 48 60 0 8 0 amappl15 184 82 0 81 1 0 1 1 0 8 0 amappl14 176 28 0 23 1 0 1 1 0 8 0 amappl13 168 406 0 401 1 0 1 1 0 8 0 amappl12 160 181 0 179 1 0 1 1 0 8 0 amappl11 152 63 0 47 1 0 1 1 0 8 0 amappl10 144 26 0 21 1 0 1 1 0 8 0 amappl9 136 391 0 389 1 0 1 1 0 8 0 amappl8 128 384 0 352 2 0 2 2 0 8 0 amappl7 120 122 0 112 1 0 1 1 0 8 0 amappl6 112 25 0 19 2 1 1 1 0 8 0 amappl5 104 930 0 913 1 0 1 1 0 8 0 amappl4 96 881 0 847 1 0 1 1 0 8 0 amappl3 88 128 0 123 1 0 1 1 0 8 0 amappl2 80 6009 0 5937 2 0 2 2 0 8 0 amappl1 72 28631 0 28195 23 12 11 18 0 8 0 amappl 80 2610 0 2563 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 42 0 6 1 0 1 1 0 8 0 uaddrrnd 24 883 0 856 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 883 0 856 1 0 1 1 0 8 0 vmmpekpl 168 10166 0 10120 3 0 3 3 0 8 0 vmmpepl 168 113131 0 110990 145 48 97 124 0 357 0 vmsppl 368 882 0 856 3 0 3 3 0 8 0 pdppl 4096 1773 0 1723 7 0 7 7 0 8 0 pvpl 32 290811 0 270491 224 55 169 205 0 265 0 pmappl 232 882 0 856 3 1 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 281 0 12 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace ifa_update_broadaddr(ffff800000ac6000,ffff800000aa2a00,ffff800021ef4010) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff800021ef4000,ffff800000ac6000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd807b90b808,80206913,ffff800021ef4000,ffff800020ea4b00) at ifioctl+0xe70 sys/net/if.c:2282 soo_ioctl(fffffd806673eef0,80206913,ffff800021ef4000,ffff800020ea4b00) at soo_ioctl+0x27c sys/kern/sys_socket.c:138 sys_ioctl(ffff800020ea4b00,ffff800021ef4118,ffff800021ef4160) at sys_ioctl+0x4a5 syscall(ffff800021ef41e0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021ef41e0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc6c27e960, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828c69e0) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828c69e0) at __mp_lock+0x127 sys/kern/kern_lock.c:147 __mp_acquire_count(ffffffff828c69e0,1) at __mp_acquire_count+0x51 sys/kern/kern_lock.c:227 mi_switch() at mi_switch+0x392 sys/kern/sched_bsd.c:435 sleep_finish(ffff800020e53d90,1) at sleep_finish+0x113 sys/kern/kern_synch.c:418 sleep_finish_all(ffff800020e53d90,1) at sleep_finish_all+0x32 sleep_finish_timeout sys/kern/kern_synch.c:447 [inline] sleep_finish_all(ffff800020e53d90,1) at sleep_finish_all+0x32 sys/kern/kern_synch.c:393 tsleep(fffffd806ed32098,11,ffffffff8240cdad,0) at tsleep+0x1cc sys/kern/kern_synch.c:155 vwaitforio(fffffd806ed32018,0,ffffffff8240cdad,ffffffffffffffff) at vwaitforio+0xae sys/kern/vfs_subr.c:1876 ffs_fsync(ffff800020e53ef0) at ffs_fsync+0x3c5 sys/ufs/ffs/ffs_vnops.c:498 VOP_FSYNC(fffffd806ed32018,fffffd807f7bfde0,1,ffff800020e40120) at VOP_FSYNC+0xbf sys/kern/vfs_vops.c:353 sys_fsync(ffff800020e40120,ffff800020e53fe0,ffff800020e54030) at sys_fsync+0x127 sys/kern/vfs_syscalls.c:2874 syscall(ffff800020e540b0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800020e540b0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc40a0, count: -15