login: uvm_fault(0xfffffd8055911780, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8055911780, 0x0, 0, 1) -> e ifa_update_broadaddr(ffff800000ac6000,ffff800000aeb100,ffff80001f7bd1e0) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 end trace frame: 0xffff80001f7bd100, count: 0 ddb> trace ifa_update_broadaddr(ffff800000ac6000,ffff800000aeb100,ffff80001f7bd1e0) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001f7bd1d0,ffff800000ac6000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd8066e9b660,80206913,ffff80001f7bd1d0,ffff80001d71c760) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d71c760,ffff80001f7bd2e8,ffff80001f7bd330) at sys_ioctl+0x4a1 syscall(ffff80001f7bd3b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe4a1f30d900, count: -6 ddb> show registers rdi 0xffffffff818f071b ifa_update_broadaddr+0x1b rsi 0x49 rbp 0xffff80001f7bd060 rbx 0x10 rdx 0x4a rcx 0xffff80001f9a4000 rax 0xffff80001f9a4000 r8 0xffffffff81e336a7 in_ioctl+0x387 r9 0x7 r10 0x3 r11 0x2b4f09a9e42a1d2a r12 0xffff80001f7bd1e0 r13 0 r14 0xffff80001f7bd1e0 r15 0 rip 0xffffffff818f071f ifa_update_broadaddr+0x1f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001f7bd020 ss 0x10 ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> show proc PROC (syz-executor.1) pid=30376 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=77, nice=20 forw=0xffffffffffffffff, list=0xffff80001d71dd50,0xffffffff8284b308 process=0xffff80001d6c4750 user=0xffff80001f7b8000, vmspace=0xfffffd8055911780 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 81800 337975 28794 0 2 0 syz-executor.1 *81800 30376 28794 0 7 0x4000000 syz-executor.1 68582 166116 63804 0 3 0x82 nanosleep syz-executor.0 58942 237397 0 0 3 0x14200 bored sosplice 28794 52295 63804 0 3 0x82 nanosleep syz-executor.1 63804 96757 50220 0 3 0x82 thrsleep syz-fuzzer 63804 199006 50220 0 3 0x4000082 thrsleep syz-fuzzer 63804 36373 50220 0 3 0x4000082 kqread syz-fuzzer 63804 352496 50220 0 3 0x4000082 thrsleep syz-fuzzer 63804 24388 50220 0 3 0x4000082 thrsleep syz-fuzzer 63804 274986 50220 0 3 0x4000082 thrsleep syz-fuzzer 63804 213249 50220 0 3 0x4000082 thrsleep syz-fuzzer 63804 464220 50220 0 3 0x4000082 thrsleep syz-fuzzer 50220 169359 62140 0 3 0x10008a pause ksh 62140 216787 28442 0 3 0x92 select sshd 60443 148211 1 0 3 0x100083 ttyin getty 28442 184654 1 0 3 0x80 select sshd 50291 148775 40327 73 3 0x100090 kqread syslogd 40327 315648 1 0 3 0x100082 netio syslogd 55094 68211 1 77 3 0x100090 poll dhclient 69914 111578 1 0 3 0x80 poll dhclient 2032 416465 0 0 3 0x14200 bored smr 36228 247617 0 0 2 0x14200 zerothread 63928 308961 0 0 3 0x14200 aiodoned aiodoned 53043 407836 0 0 3 0x14200 syncer update 67510 295675 0 0 3 0x14200 cleaner cleaner 51869 173875 0 0 3 0x14200 reaper reaper 97862 201160 0 0 3 0x14200 pgdaemon pagedaemon 32209 516252 0 0 3 0x14200 bored crynlk 49352 435386 0 0 3 0x14200 bored crypto 91045 56139 0 0 3 0x40014200 acpi0 acpi0 48483 405674 0 0 3 0x14200 bored softnet 1188 258653 0 0 3 0x14200 bored systqmp 13923 249769 0 0 3 0x14200 bored systq 73437 523959 0 0 3 0x40014200 bored softclock 26149 450355 0 0 3 0x40014200 idle0 1 252915 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9489 6345K 6927K 78643K 12721 0 pcb 13 8K 8K 78643K 187 0 rtable 119 5K 7K 78643K 686 0 ifaddr 84 18K 18K 78643K 286 0 counters 21 16K 16K 78643K 39 0 ioctlops 0 0K 4K 78643K 180 0 iov 0 0K 16K 78643K 105 0 mount 1 1K 1K 78643K 1 0 vnodes 1230 77K 77K 78643K 2164 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 147 0 dirhash 9 1K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 1850 0 sigio 0 0K 0K 78643K 13 0 proc 49 38K 63K 78643K 528 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 152 0 in_multi 99 4K 4K 78643K 286 0 ether_multi 1 0K 0K 78643K 49 0 mrt 0 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 286 0 pfkey data 0 0K 0K 78643K 8 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 120 22K 23K 78643K 4922 0 UVM aobj 8 2K 2K 78643K 8 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 182 0 NDP 10 0K 0K 78643K 39 0 temp 124 3862K 3930K 78643K 38434 0 kqueue 3 4K 16K 78643K 96 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 10 0 4 1 0 1 1 0 8 0 rtpcb 80 71 0 69 1 0 1 1 0 8 0 rtentry 112 92 0 46 2 0 2 2 0 8 0 unpcb 120 552 0 532 1 0 1 1 0 8 0 syncache 264 13 0 13 3 2 1 1 0 8 1 tcpcb 544 382 0 377 1 0 1 1 0 8 0 inpcb 296 1094 0 1085 7 5 2 2 0 8 1 nd6 48 19 0 12 1 0 1 1 0 8 0 pkpcb 40 18 0 18 2 2 0 1 0 8 0 pfstscr 40 5 0 5 1 1 0 1 0 8 0 pfrktable 1344 110 0 107 1 0 1 1 0 8 0 pftag 88 18 0 18 3 2 1 1 0 8 1 pfstitem 24 4 0 0 1 0 1 1 0 8 0 pfstkey 112 36 0 33 1 0 1 1 0 8 0 pfstate 328 18 0 16 1 0 1 1 0 8 0 pfrule 1360 46 0 29 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 259 0 60 14 1 13 13 0 8 0 art_table 32 260 0 60 2 0 2 2 0 8 0 art_node 16 90 0 49 1 0 1 1 0 8 0 sysvmsgpl 40 38 0 36 2 1 1 1 0 8 0 semapl 112 145 0 135 1 0 1 1 0 8 0 shmpl 112 5 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 10 3 1 2 3 0 8 0 dino2pl 256 4032 0 2633 88 0 88 88 0 8 0 ffsino 240 4032 0 2633 83 0 83 83 0 8 0 nchpl 144 6667 0 5076 60 0 60 60 0 8 0 uvmvnodes 72 4667 0 0 85 0 85 85 0 8 0 vnodes 208 4667 0 0 246 0 246 246 0 8 0 namei 1024 17001 0 17001 3 2 1 1 0 8 1 vcpupl 1984 5 0 0 1 0 1 1 0 8 0 vmpool 528 5 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 33 0 31 3 2 1 1 0 8 0 scsiplug 64 4 0 4 1 1 0 1 0 8 0 scxspl 192 19317 0 19317 1 0 1 1 0 8 1 plimitpl 152 125 0 118 1 0 1 1 0 8 0 sigapl 424 2034 0 2005 4 0 4 4 0 8 0 futexpl 56 15619 0 15619 3 2 1 1 0 8 1 knotepl 112 168 0 149 1 0 1 1 0 8 0 kqueuepl 144 153 0 151 1 0 1 1 0 8 0 pipepl 272 137 0 127 1 0 1 1 0 8 0 fdescpl 432 2019 0 2005 2 0 2 2 0 8 0 filepl 120 7768 0 7671 4 0 4 4 0 8 1 lockfpl 104 119 0 118 1 0 1 1 0 8 0 lockfspl 48 52 0 51 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 23 0 13 1 0 1 1 0 8 0 ucredpl 96 1438 0 1428 1 0 1 1 0 8 0 zombiepl 144 2005 0 2004 1 0 1 1 0 8 0 processpl 928 2034 0 2004 4 0 4 4 0 8 0 procpl 624 4143 0 4105 5 1 4 4 0 8 1 sosppl 128 32 0 32 3 3 0 1 0 8 0 sockpl 400 1740 0 1709 6 2 4 4 0 8 0 mcl64k 65536 110 0 110 5 4 1 2 0 8 1 mcl16k 16384 4 0 4 1 1 0 1 0 8 0 mcl12k 12288 23 0 23 4 3 1 1 0 8 1 mcl9k 9216 50 0 50 4 3 1 1 0 8 1 mcl8k 8192 11 0 11 2 2 0 1 0 8 0 mcl4k 4096 65 0 65 6 5 1 1 0 8 1 mcl2k 2048 45231 0 45188 28 20 8 13 0 8 1 mtagpl 96 203 0 81 5 1 4 4 0 8 1 mbufpl 256 102315 0 101859 59 29 30 45 0 8 0 bufpl 280 6645 0 1293 383 0 383 383 0 8 0 anonpl 16 170895 0 163915 77 44 33 61 0 107 0 amapchunkpl 152 7325 0 7209 9 3 6 7 0 158 0 amappl16 192 8368 0 8048 50 33 17 40 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 21 0 18 1 0 1 1 0 8 0 amappl13 168 1229 0 1223 1 0 1 1 0 8 0 amappl12 160 1220 0 1212 1 0 1 1 0 8 0 amappl11 152 655 0 645 1 0 1 1 0 8 0 amappl10 144 14 0 11 1 0 1 1 0 8 0 amappl9 136 380 0 377 1 0 1 1 0 8 0 amappl8 128 341 0 305 2 0 2 2 0 8 0 amappl7 120 115 0 102 1 0 1 1 0 8 0 amappl6 112 627 0 623 1 0 1 1 0 8 0 amappl5 104 1945 0 1933 1 0 1 1 0 8 0 amappl4 96 437 0 409 1 0 1 1 0 8 0 amappl3 88 171 0 165 1 0 1 1 0 8 0 amappl2 80 16576 0 16505 2 0 2 2 0 8 0 amappl1 72 52142 0 51727 24 15 9 17 0 8 0 amappl 80 4392 0 4354 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 7 0 0 1 0 1 1 0 8 0 uaddrrnd 24 2024 0 2005 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2024 0 2005 1 0 1 1 0 8 0 vmmpekpl 168 13183 0 13153 2 0 2 2 0 8 0 vmmpepl 168 245507 0 244085 100 32 68 88 0 357 3 vmsppl 272 2023 0 2005 3 1 2 2 0 8 0 pdppl 4096 4054 0 4015 7 1 6 6 0 8 0 pvpl 32 554632 0 544661 204 76 128 157 0 265 43 pmappl 200 2023 0 2005 2 0 2 2 0 8 1 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 320 0 72 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ifa_update_broadaddr(ffff800000ac6000,ffff800000aeb100,ffff80001f7bd1e0) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001f7bd1d0,ffff800000ac6000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd8066e9b660,80206913,ffff80001f7bd1d0,ffff80001d71c760) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d71c760,ffff80001f7bd2e8,ffff80001f7bd330) at sys_ioctl+0x4a1 syscall(ffff80001f7bd3b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe4a1f30d900, count: -6 ddb> machine ddbcpu 1 No such command ddb> trace ifa_update_broadaddr(ffff800000ac6000,ffff800000aeb100,ffff80001f7bd1e0) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001f7bd1d0,ffff800000ac6000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd8066e9b660,80206913,ffff80001f7bd1d0,ffff80001d71c760) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d71c760,ffff80001f7bd2e8,ffff80001f7bd330) at sys_ioctl+0x4a1 syscall(ffff80001f7bd3b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe4a1f30d900, count: -6