uvm_fault(0xfffffd8054d84660, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8054d84660, 0x0, 0, 1) -> e ifa_update_broadaddr(ffff800000b43000,ffff800000b45900,ffff80001ef7ef20) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 end trace frame: 0xffff80001ef7ee40, count: 0 ddb> trace ifa_update_broadaddr(ffff800000b43000,ffff800000b45900,ffff80001ef7ef20) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001ef7ef10,ffff800000b43000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd805c1a4b08,80206913,ffff80001ef7ef10,ffff80001d6c2eb8) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c2eb8,ffff80001ef7f028,ffff80001ef7f070) at sys_ioctl+0x4a1 syscall(ffff80001ef7f0f0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf613c19dd0, count: -6 ddb> show registers rdi 0xffffffff8110e67b ifa_update_broadaddr+0x1b rsi 0x4a rbp 0xffff80001ef7eda0 rbx 0x10 rdx 0x4b rcx 0xffff80001d77a000 rax 0xffff80001d77a000 r8 0xffffffff81d3dcb7 in_ioctl+0x387 r9 0x7 r10 0x3 r11 0xa54e9d65659d7708 r12 0xffff80001ef7ef20 r13 0 r14 0xffff80001ef7ef20 r15 0 rip 0xffffffff8110e67f ifa_update_broadaddr+0x1f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001ef7ed60 ss 0x10 ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> show proc PROC (syz-executor.1) pid=355557 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=78, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6c3ae8,0xffffffff82826758 process=0xffff80001d706e98 user=0xffff80001ef7a000, vmspace=0xfffffd8054d84660 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 56570 443663 88838 0 2 0 syz-executor.1 *56570 355557 88838 0 7 0x4000000 syz-executor.1 97865 231646 4133 0 2 0x2 syz-executor.0 88838 83280 4133 0 3 0x82 nanosleep syz-executor.1 19867 231745 0 0 3 0x14200 bored sosplice 4133 375495 76351 0 3 0x82 thrsleep syz-fuzzer 4133 275054 76351 0 3 0x4000082 nanosleep syz-fuzzer 4133 462640 76351 0 3 0x4000082 kqread syz-fuzzer 4133 493577 76351 0 3 0x4000082 thrsleep syz-fuzzer 4133 193248 76351 0 3 0x4000082 thrsleep syz-fuzzer 4133 312314 76351 0 3 0x4000082 thrsleep syz-fuzzer 4133 152778 76351 0 3 0x4000082 thrsleep syz-fuzzer 4133 115572 76351 0 3 0x4000082 thrsleep syz-fuzzer 76351 69029 28489 0 3 0x10008a pause ksh 28489 379995 6579 0 3 0x92 select sshd 73855 503443 1 0 3 0x100083 ttyopn getty 6579 377699 1 0 3 0x80 select sshd 93945 359817 48852 73 3 0x100090 kqread syslogd 48852 303520 1 0 3 0x100082 netio syslogd 98585 436247 1 77 3 0x100090 poll dhclient 99853 96139 1 0 3 0x80 poll dhclient 7248 156867 0 0 3 0x14200 bored smr 85568 410079 0 0 2 0x14200 zerothread 51386 72517 0 0 3 0x14200 aiodoned aiodoned 97633 103819 0 0 3 0x14200 syncer update 52961 280237 0 0 3 0x14200 cleaner cleaner 6263 116662 0 0 3 0x14200 reaper reaper 25735 321771 0 0 3 0x14200 pgdaemon pagedaemon 3195 463835 0 0 3 0x14200 bored crynlk 98962 142861 0 0 3 0x14200 bored crypto 42804 436750 0 0 3 0x40014200 acpi0 acpi0 27960 338117 0 0 3 0x14200 bored softnet 31352 351646 0 0 3 0x14200 bored systqmp 79938 445597 0 0 3 0x14200 bored systq 99045 262978 0 0 3 0x40014200 bored softclock 73838 354968 0 0 3 0x40014200 idle0 1 339713 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9490 6353K 7161K 78643K 15431 0 pcb 13 8K 8K 78643K 330 0 rtable 96 6K 8K 78643K 1178 0 ifaddr 83 18K 19K 78643K 522 0 sysctl 3 1K 1K 78643K 3 0 counters 21 16K 16K 78643K 69 0 ioctlops 0 0K 4K 78643K 333 0 iov 0 0K 32K 78643K 240 0 mount 1 1K 1K 78643K 1 0 vnodes 1223 77K 77K 78643K 2781 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 30 0 VM map 2 0K 0K 78643K 2 0 sem 11 1K 1K 78643K 29 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 4155 0 sigio 0 0K 0K 78643K 50 0 proc 49 38K 62K 78643K 826 0 subproc 32 2K 2K 78643K 102 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 398 0 in_multi 117 5K 5K 78643K 381 0 ether_multi 1 0K 0K 78643K 81 0 mrt 0 0K 0K 78643K 46 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 450 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 155 299K 299K 78643K 10008 0 UVM aobj 23 2K 2K 78643K 31 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 340 0 NDP 10 0K 0K 78643K 76 0 temp 129 3868K 3978K 78643K 34648 0 kqueue 3 4K 12K 78643K 181 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 14 0 10 1 0 1 1 0 8 0 rtpcb 80 182 0 180 1 0 1 1 0 8 0 rtentry 112 117 0 89 2 1 1 2 0 8 0 unpcb 120 928 0 919 1 0 1 1 0 8 0 syncache 264 75 0 75 6 6 0 1 0 8 0 tcpqe 32 33 0 33 2 2 0 1 0 8 0 tcpcb 544 1011 0 1006 3 2 1 3 0 8 0 ipq 40 15 0 15 2 1 1 1 0 8 1 ipqe 40 40 0 40 2 1 1 1 0 8 1 inpcb 296 2500 0 2492 7 6 1 3 0 8 0 rttmr 72 23 0 23 2 2 0 1 0 8 0 nd6 48 24 0 20 1 0 1 1 0 8 0 pkpcb 40 31 0 31 2 2 0 1 0 8 0 ppxss 1128 8 0 8 2 2 0 1 0 8 0 pfstscr 40 31 0 29 1 0 1 1 0 8 0 pfosfp 40 2 0 0 1 0 1 1 0 8 0 pfosfpen 112 22 0 0 1 0 1 1 0 8 0 pfrktable 1344 176 0 170 1 0 1 1 0 8 0 pftag 88 54 0 52 4 3 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 112 60 0 58 2 1 1 1 0 8 0 pfstate 328 32 0 31 2 1 1 1 0 8 0 pfrule 1360 132 0 83 5 0 5 5 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 441 0 292 17 7 10 14 0 8 0 art_table 32 442 0 292 3 1 2 2 0 8 0 art_node 16 116 0 93 1 0 1 1 0 8 0 semupl 112 8 0 8 2 2 0 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 28 0 8 2 1 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 7021 0 5610 89 0 89 89 0 8 0 ffsino 240 7021 0 5610 84 0 84 84 0 8 0 nchpl 144 12440 0 10857 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 31353 0 31353 2 1 1 1 0 8 1 vcpupl 1984 19 0 0 3 0 3 3 0 8 0 vmpool 528 19 0 0 2 0 2 2 0 8 0 pfiaddrpl 120 89 0 67 3 2 1 1 0 8 0 scsiplug 64 5 0 5 1 1 0 1 0 8 0 scxspl 192 43635 0 43635 2 1 1 1 0 8 1 plimitpl 152 216 0 209 1 0 1 1 0 8 0 sigapl 424 4330 0 4301 4 0 4 4 0 8 0 futexpl 56 35082 0 35082 2 1 1 1 0 8 1 knotepl 112 352 0 333 1 0 1 1 0 8 0 kqueuepl 144 413 0 411 1 0 1 1 0 8 0 pipepl 272 255 0 245 1 0 1 1 0 8 0 fdescpl 432 4315 0 4301 2 0 2 2 0 8 0 filepl 120 15121 0 15025 4 0 4 4 0 8 1 lockfpl 104 652 0 651 1 0 1 1 0 8 0 lockfspl 48 226 0 225 1 0 1 1 0 8 0 sessionpl 112 21 0 11 1 0 1 1 0 8 0 pgrppl 48 62 0 52 1 0 1 1 0 8 0 ucredpl 96 2330 0 2323 1 0 1 1 0 8 0 zombiepl 144 4301 0 4301 1 0 1 1 0 8 1 processpl 928 4330 0 4301 4 0 4 4 0 8 0 procpl 624 8937 0 8900 4 0 4 4 0 8 0 sosppl 128 45 0 45 5 4 1 1 0 8 1 sockpl 400 3643 0 3624 8 5 3 5 0 8 0 mcl64k 65536 187 0 186 2 1 1 1 0 8 0 mcl16k 16384 14 0 14 3 2 1 1 0 8 1 mcl12k 12288 49 0 48 1 0 1 1 0 8 0 mcl9k 9216 12 0 12 1 0 1 1 0 8 1 mcl8k 8192 95 0 95 5 4 1 1 0 8 1 mcl4k 4096 221 0 221 8 8 0 1 0 8 0 mcl2k2 2112 26 0 26 3 2 1 1 0 8 1 mcl2k 2048 24264 0 24223 27 19 8 12 0 8 2 mtagpl 96 341 0 87 10 3 7 7 0 8 0 mbufpl 256 98788 0 98198 53 13 40 40 0 8 1 bufpl 280 14621 0 9269 383 0 383 383 0 8 0 anonpl 16 339942 0 332523 70 38 32 61 0 107 0 amapchunkpl 152 14906 0 14816 9 4 5 6 0 158 0 amappl16 192 19361 0 18969 51 31 20 43 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 1806 0 1799 1 0 1 1 0 8 0 amappl13 168 492 0 488 1 0 1 1 0 8 0 amappl12 160 1699 0 1695 1 0 1 1 0 8 0 amappl11 152 461 0 452 1 0 1 1 0 8 0 amappl10 144 14 0 12 1 0 1 1 0 8 0 amappl9 136 979 0 977 1 0 1 1 0 8 0 amappl8 128 412 0 383 2 1 1 2 0 8 0 amappl7 120 131 0 117 1 0 1 1 0 8 0 amappl6 112 428 0 422 1 0 1 1 0 8 0 amappl5 104 4938 0 4927 1 0 1 1 0 8 0 amappl4 96 1017 0 990 1 0 1 1 0 8 0 amappl3 88 1891 0 1882 1 0 1 1 0 8 0 amappl2 80 33884 0 33801 2 0 2 2 0 8 0 amappl1 72 102813 0 102393 23 13 10 17 0 8 0 amappl 80 9261 0 9210 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 30 0 8 1 0 1 1 0 8 0 uaddrrnd 24 4334 0 4301 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4334 0 4301 1 0 1 1 0 8 0 vmmpekpl 168 25507 0 25473 2 0 2 2 0 8 0 vmmpepl 168 514930 0 513390 124 51 73 92 0 357 4 vmsppl 272 4333 0 4301 4 1 3 3 0 8 0 pdppl 4096 8674 0 8621 9 2 7 8 0 8 0 pvpl 32 1097945 0 1090886 189 125 64 124 0 265 2 pmappl 200 4333 0 4301 2 0 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 330 0 67 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ifa_update_broadaddr(ffff800000b43000,ffff800000b45900,ffff80001ef7ef20) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001ef7ef10,ffff800000b43000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd805c1a4b08,80206913,ffff80001ef7ef10,ffff80001d6c2eb8) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c2eb8,ffff80001ef7f028,ffff80001ef7f070) at sys_ioctl+0x4a1 syscall(ffff80001ef7f0f0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf613c19dd0, count: -6 ddb> machine ddbcpu 1 No such command ddb> trace ifa_update_broadaddr(ffff800000b43000,ffff800000b45900,ffff80001ef7ef20) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001ef7ef10,ffff800000b43000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd805c1a4b08,80206913,ffff80001ef7ef10,ffff80001d6c2eb8) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c2eb8,ffff80001ef7f028,ffff80001ef7f070) at sys_ioctl+0x4a1 syscall(ffff80001ef7f0f0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf613c19dd0, count: -6