uvm_fault(0xffffffff8263e320, 0xffff800000aaa000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at memcpy+0x15: repe movsq (%rsi),%es:(%rdi) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xffffffff8263e320, 0xffff800000aaa000, 0, 1) -> e memcpy() at memcpy+0x15 end trace frame: 0xffff800020ea7230, count: 0 ddb{0}> trace memcpy() at memcpy+0x15 sysctl_iflist(0,ffff800020ea7288) at sysctl_iflist+0x255 sys/net/rtsock.c:1979 sysctl_rtable(ffff800020ea734c,3,c0f0d62b000,ffff800020ea7378,0,0) at sysctl_rtable+0x196 sys/net/rtsock.c:2076 sys_sysctl(ffff800020e6cc38,ffff800020ea73e0,ffff800020ea7430) at sys_sysctl+0x20e sys/kern/kern_sysctl.c:252 syscall(ffff800020ea74b0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800020ea74b0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd2f70, count: -6 ddb{0}> show registers rdi 0xffff800000a4bae8 rsi 0xffff800000aaa000 rbp 0xffff800020ea7130 rbx 0xe8 rdx 0xe8 rcx 0x5 rax 0xfffffffffffa1ae8 r8 0x110 r9 0x5 r10 0x2054dcd547f1d553 r11 0xffff800000a4ba28 r12 0xffff800000aa9f40 r13 0xe8 r14 0xffff800000a4ba28 r15 0x6 rip 0xffffffff81e98b25 memcpy+0x15 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff800020ea7078 ss 0x10 memcpy+0x15: repe movsq (%rsi),%es:(%rdi) ddb{0}> show proc PROC (dhclient) pid=336527 stat=onproc flags process=100010 proc=0 pri=24, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800020e6c758,0xffff800020ed1af0 process=0xffff800020e80f70 user=0xffff800020ea2000, vmspace=0xfffffd807efff450 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 10129 158153 31312 0 2 0 syz-executor.1 10129 60168 31312 0 3 0x4000000 smrbar syz-executor.1 26258 192717 0 0 3 0x14200 acct acct 87550 378018 1 0 3 0x100083 ttyin getty 66903 170214 0 0 3 0x14200 bored sosplice 31312 466855 45922 0 2 0x482 syz-executor.1 1924 87224 45922 0 2 0x2 syz-executor.0 45922 514747 32323 0 3 0x82 thrsleep syz-fuzzer 45922 31358 32323 0 3 0x4000082 nanosleep syz-fuzzer 45922 366461 32323 0 3 0x4000082 thrsleep syz-fuzzer 45922 285217 32323 0 3 0x4000082 kqread syz-fuzzer 45922 200321 32323 0 3 0x4000082 thrsleep syz-fuzzer 45922 79183 32323 0 3 0x4000082 thrsleep syz-fuzzer 45922 136976 32323 0 3 0x4000082 thrsleep syz-fuzzer 45922 380873 32323 0 3 0x4000082 nanosleep syz-fuzzer 45922 493107 32323 0 3 0x4000082 thrsleep syz-fuzzer 45922 290123 32323 0 3 0x4000082 thrsleep syz-fuzzer 32323 52945 18714 0 3 0x10008a pause ksh 18714 248688 31803 0 3 0x92 select sshd 31803 181155 1 0 3 0x80 select sshd 13779 489336 35444 74 3 0x100092 bpf pflogd 35444 275244 1 0 3 0x80 netio pflogd 53558 76650 89780 73 3 0x100090 kqread syslogd 89780 172484 1 0 3 0x100082 netio syslogd *86825 336527 1 77 7 0x100010 dhclient 71859 306336 1 0 7 0 dhclient 45317 414304 0 0 3 0x14200 bored smr 80715 102273 0 0 3 0x14200 pgzero zerothread 35573 185656 0 0 3 0x14200 aiodoned aiodoned 54065 324363 0 0 3 0x14200 syncer update 41368 83628 0 0 3 0x14200 cleaner cleaner 82202 507693 0 0 3 0x14200 reaper reaper 24572 190050 0 0 3 0x14200 pgdaemon pagedaemon 10085 276942 0 0 3 0x14200 bored crynlk 68684 30934 0 0 3 0x14200 bored crypto 31551 413269 0 0 3 0x40014200 acpi0 acpi0 93582 53294 0 0 3 0x40014200 idle1 33922 129997 0 0 3 0x14200 bored softnet 41430 524263 0 0 3 0x14200 bored systqmp 19274 112645 0 0 3 0x14200 bored systq 12135 364251 0 0 3 0x40014200 bored softclock 21498 217216 0 0 3 0x40014200 idle0 1 214292 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 1924 (syz-executor.0) thread 0xffff800020e6d868 (87224) exclusive rrwlock inode r = 0 (0xfffffd8068d87f88) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 rw_enter+0x453 sys/kern/kern_rwlock.c:311 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462 #3 ufs_ihashins+0x45 sys/ufs/ufs/ufs_ihash.c:140 #4 ffs_vget+0x13e sys/ufs/ffs/ffs_vfsops.c:1358 #5 ffs_inode_alloc+0x1cf sys/ufs/ffs/ffs_alloc.c:392 #6 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162 #7 VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:450 #8 domkdirat+0x121 sys/kern/vfs_syscalls.c:3051 #9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #10 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8068e4dc50) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 rw_enter+0x453 sys/kern/kern_rwlock.c:311 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:603 #4 vn_lock+0x81 sys/kern/vfs_vnops.c:575 #5 vfs_lookup+0xe6 sys/kern/vfs_lookup.c:419 #6 namei+0x63c sys/kern/vfs_lookup.c:249 #7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3036 #8 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #9 Xsyscall+0x128 Process 86825 (dhclient) thread 0xffff800020e6cc38 (336527) exclusive rwlock netlock r = 0 (0xffffffff8253e778) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 sysctl_rtable+0x187 sys/net/rtsock.c:2075 #2 sys_sysctl+0x20e sys/kern/kern_sysctl.c:252 #3 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #4 Xsyscall+0x128 exclusive rwlock sysctllk r = 0 (0xffffffff824895c0) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 rw_enter+0x453 sys/kern/kern_rwlock.c:311 #2 sys_sysctl+0x1ac sys/kern/kern_sysctl.c:236 #3 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #4 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82640b58) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:93 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:570 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9557 6442K 7344K 78643K 14241 0 pcb 13 8K 8K 78643K 197 0 rtable 83 3K 4K 78643K 518 0 ifaddr 125 24K 24K 78643K 264 0 counters 45 34K 34K 78643K 95 0 ioctlops 0 0K 4K 78643K 1540 0 iov 0 0K 16K 78643K 149 0 mount 1 1K 1K 78643K 1 0 vnodes 1222 77K 77K 78643K 2152 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 10 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 60 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 802 0 sigio 0 0K 0K 78643K 13 0 proc 62 63K 95K 78643K 529 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 81 0 in_multi 132 5K 5K 78643K 253 0 ether_multi 1 0K 0K 78643K 31 0 mrt 0 0K 0K 78643K 22 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 278 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 147 157K 158K 78643K 3687 0 UVM aobj 29 2K 2K 78643K 32 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 148 0 NDP 18 0K 0K 78643K 53 0 temp 141 3044K 3118K 78643K 16341 0 kqueue 3 4K 12K 78643K 60 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 2 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 67 0 65 1 0 1 1 0 8 0 rtentry 112 94 0 63 2 0 2 2 0 8 0 unpcb 120 427 0 417 1 0 1 1 0 8 0 syncache 264 14 0 14 4 3 1 1 0 8 1 tcpqe 32 2246 0 2246 3 3 0 1 0 8 0 tcpcb 544 377 0 373 2 1 1 2 0 8 0 inpcb 280 1617 0 1610 2 1 1 2 0 8 0 rttmr 72 9 0 9 2 2 0 1 0 8 0 nd6 48 14 0 12 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 6 0 6 2 2 0 1 0 8 0 pffrag 232 10 0 10 3 3 0 1 0 482 0 pffrnode 88 10 0 10 3 3 0 1 0 8 0 pffrent 40 198 0 198 3 3 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 76 0 39 1 0 1 1 0 8 0 pfstkey 112 76 0 39 2 0 2 2 0 8 0 pfstate 328 76 0 39 5 0 5 5 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 453 0 290 13 0 13 13 0 8 1 art_table 32 455 0 290 2 0 2 2 0 8 0 art_node 16 92 0 66 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 10 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 56 0 46 1 0 1 1 0 8 0 shmpl 112 30 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2601 0 1195 89 0 89 89 0 8 0 ffsino 272 2601 0 1195 96 1 95 95 0 8 0 nchpl 144 3874 0 2271 60 0 60 60 0 8 0 uvmvnodes 72 3419 0 0 63 0 63 63 0 8 0 vnodes 208 3419 0 0 180 0 180 180 0 8 0 namei 1024 11449 0 11448 2 1 1 1 0 8 0 percpumem 16 58 0 25 1 0 1 1 0 8 0 vcpupl 1984 16 0 0 2 0 2 2 0 8 0 vmpool 560 18 0 2 2 0 2 2 0 8 0 scxspl 192 12046 0 12046 12 11 1 7 0 8 1 plimitpl 152 88 0 80 1 0 1 1 0 8 0 sigapl 424 1021 0 988 4 0 4 4 0 8 0 futexpl 56 14132 0 14132 1 0 1 1 0 8 1 knotepl 112 120 0 101 1 0 1 1 0 8 0 kqueuepl 144 164 0 162 1 0 1 1 0 8 0 pipelkpl 48 202 0 192 1 0 1 1 0 8 0 pipepl 120 404 0 385 1 0 1 1 0 8 0 fdescpl 496 1003 0 987 3 0 3 3 0 8 0 filepl 152 6876 0 6776 8 3 5 6 0 8 0 lockfpl 104 251 0 250 1 0 1 1 0 8 0 lockfspl 48 90 0 89 1 0 1 1 0 8 0 sessionpl 112 19 0 8 1 0 1 1 0 8 0 pgrppl 48 21 0 10 1 0 1 1 0 8 0 ucredpl 96 706 0 697 1 0 1 1 0 8 0 zombiepl 144 988 0 988 2 1 1 1 0 8 1 processpl 984 1021 0 988 6 1 5 5 0 8 0 procpl 624 2842 0 2799 4 0 4 4 0 8 0 sosppl 128 20 0 20 3 3 0 1 0 8 0 sockpl 400 2123 0 2103 8 4 4 6 0 8 1 mcl64k 65536 13 0 0 2 0 2 2 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 7 0 0 1 0 1 1 0 8 0 mcl9k 9216 4 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 8 0 0 1 0 1 1 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 233 0 0 29 0 29 29 0 8 0 mtagpl 80 409 0 0 9 0 9 9 0 8 0 mbufpl 256 1147 0 0 71 1 70 71 0 8 0 bufpl 280 5695 0 145 397 0 397 397 0 8 0 anonpl 16 113547 0 99252 104 23 81 81 0 124 18 amapchunkpl 152 6703 0 6565 33 22 11 20 0 158 4 amappl16 192 5009 0 4229 69 20 49 51 0 8 9 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 406 0 401 1 0 1 1 0 8 0 amappl13 168 402 0 400 1 0 1 1 0 8 0 amappl12 160 8 0 4 1 0 1 1 0 8 0 amappl11 152 53 0 38 1 0 1 1 0 8 0 amappl10 144 15 0 11 1 0 1 1 0 8 0 amappl9 136 416 0 412 1 0 1 1 0 8 0 amappl8 128 770 0 731 2 0 2 2 0 8 0 amappl7 120 120 0 108 1 0 1 1 0 8 0 amappl6 112 25 0 21 1 0 1 1 0 8 0 amappl5 104 1262 0 1245 1 0 1 1 0 8 0 amappl4 96 882 0 850 1 0 1 1 0 8 0 amappl3 88 498 0 492 1 0 1 1 0 8 0 amappl2 80 7103 0 7032 2 0 2 2 0 8 0 amappl1 72 31806 0 31369 24 14 10 18 0 8 0 amappl 80 3119 0 3064 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 31 0 3 1 0 1 1 0 8 0 uaddrrnd 24 1021 0 989 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1021 0 989 1 0 1 1 0 8 0 vmmpekpl 168 12146 0 12109 2 0 2 2 0 8 0 vmmpepl 168 130006 0 128051 137 37 100 107 0 357 7 vmsppl 368 1020 0 989 4 1 3 4 0 8 0 pdppl 4096 2050 0 1994 8 0 8 8 0 8 0 pvpl 32 330922 0 313458 217 38 179 179 0 265 31 pmappl 232 1020 0 989 3 1 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 340 0 12 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace memcpy() at memcpy+0x15 sysctl_iflist(0,ffff800020ea7288) at sysctl_iflist+0x255 sys/net/rtsock.c:1979 sysctl_rtable(ffff800020ea734c,3,c0f0d62b000,ffff800020ea7378,0,0) at sysctl_rtable+0x196 sys/net/rtsock.c:2076 sys_sysctl(ffff800020e6cc38,ffff800020ea73e0,ffff800020ea7430) at sys_sysctl+0x20e sys/kern/kern_sysctl.c:252 syscall(ffff800020ea74b0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800020ea74b0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd2f70, count: -6 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82640950) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82640950) at __mp_lock+0x127 sys/kern/kern_lock.c:147 syscall(ffff800020ead410) at syscall+0x400 mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff800020ead410) at syscall+0x400 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd2d80, count: -6