uvm_fault(0xfffffd805f14bab0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd805f14bab0, 0x0, 0, 1) -> e ifa_update_broadaddr(ffff800000ac6800,ffff800000af4400,ffff80001d789340) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 end trace frame: 0xffff80001d789260, count: 0 ddb> trace ifa_update_broadaddr(ffff800000ac6800,ffff800000af4400,ffff80001d789340) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001d789330,ffff800000ac6800,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd80637c9b00,80206913,ffff80001d789330,ffff80001e811618) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001e811618,ffff80001d789448,ffff80001d789490) at sys_ioctl+0x4a1 syscall(ffff80001d789510) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1c980726270, count: -6 ddb> show registers rdi 0xffffffff810269ab ifa_update_broadaddr+0x1b rsi 0x34 rbp 0xffff80001d7891c0 rbx 0x10 rdx 0x35 rcx 0xffff80001d79c000 rax 0xffff80001d79c000 r8 0xffffffff81fca597 in_ioctl+0x387 r9 0x7 r10 0x3 r11 0xe2a2bd85a8d494dc r12 0xffff80001d789340 r13 0xffff80001d789330 r14 0xffff80001d789340 r15 0 rip 0xffffffff810269af ifa_update_broadaddr+0x1f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001d789180 ss 0x10 ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> show proc PROC (syz-executor.1) pid=452417 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=78, nice=20 forw=0xffffffffffffffff, list=0xffff80001e811888,0xffffffff82839180 process=0xffff80001e7a2030 user=0xffff80001d784000, vmspace=0xfffffd805f14bab0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 43442 129603 1017 0 2 0 syz-executor.1 *43442 452417 1017 0 7 0x4000000 syz-executor.1 77300 185289 23092 0 2 0x2 syz-executor.0 81053 418378 1 0 3 0x100083 ttyin getty 53340 389527 0 0 3 0x14200 bored sosplice 42129 23741 0 0 3 0x14280 nfsidl nfsio 2377 371850 0 0 3 0x14280 nfsidl nfsio 23149 321048 0 0 3 0x14280 nfsidl nfsio 58295 164755 0 0 3 0x14280 nfsidl nfsio 98548 52254 0 0 3 0x14280 nfsidl nfsio 48485 96372 0 0 3 0x14280 nfsidl nfsio 61914 243993 0 0 3 0x14280 nfsidl nfsio 83735 499516 0 0 3 0x14280 nfsidl nfsio 96673 219535 0 0 3 0x14280 nfsidl nfsio 79995 326041 0 0 3 0x14280 nfsidl nfsio 65237 481901 0 0 3 0x14280 nfsidl nfsio 15312 477494 0 0 3 0x14280 nfsidl nfsio 53857 122903 0 0 3 0x14280 nfsidl nfsio 94637 270464 0 0 3 0x14280 nfsidl nfsio 47603 458275 0 0 3 0x14280 nfsidl nfsio 91214 396783 0 0 3 0x14280 nfsidl nfsio 24154 262688 0 0 3 0x14280 nfsidl nfsio 8928 488757 0 0 3 0x14280 nfsidl nfsio 54626 336558 0 0 3 0x14280 nfsidl nfsio 69555 270817 0 0 3 0x14280 nfsidl nfsio 1017 314436 23092 0 3 0x82 nanosleep syz-executor.1 23092 319240 83381 0 3 0x82 thrsleep syz-fuzzer 23092 393670 83381 0 3 0x4000082 nanosleep syz-fuzzer 23092 431336 83381 0 3 0x4000082 thrsleep syz-fuzzer 23092 59625 83381 0 3 0x4000082 thrsleep syz-fuzzer 23092 195835 83381 0 3 0x4000082 thrsleep syz-fuzzer 23092 223633 83381 0 3 0x4000082 kqread syz-fuzzer 23092 152343 83381 0 3 0x4000082 thrsleep syz-fuzzer 23092 21289 83381 0 3 0x4000082 thrsleep syz-fuzzer 83381 116933 50905 0 3 0x10008a pause ksh 50905 149211 51592 0 3 0x92 select sshd 51592 301112 1 0 3 0x80 select sshd 14946 120071 64697 73 3 0x100090 kqread syslogd 64697 316897 1 0 3 0x100082 netio syslogd 54336 286397 1 77 3 0x100090 poll dhclient 12754 52381 1 0 3 0x80 poll dhclient 67388 278393 0 0 3 0x14200 bored smr 72162 75857 0 0 2 0x14200 zerothread 3290 216848 0 0 3 0x14200 aiodoned aiodoned 367 522150 0 0 3 0x14200 syncer update 9545 343392 0 0 3 0x14200 cleaner cleaner 83443 433967 0 0 3 0x14200 reaper reaper 29751 196222 0 0 3 0x14200 pgdaemon pagedaemon 76355 293393 0 0 3 0x14200 bored crynlk 12378 12914 0 0 3 0x14200 bored crypto 40521 208005 0 0 3 0x40014200 acpi0 acpi0 51012 176400 0 0 3 0x14200 bored softnet 2911 268669 0 0 3 0x14200 bored systqmp 76906 301444 0 0 3 0x14200 bored systq 24767 327587 0 0 3 0x40014200 bored softclock 73562 84242 0 0 3 0x40014200 idle0 1 232944 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9527 6548K 7324K 78643K 13296 0 pcb 13 8K 8K 78643K 93 0 rtable 136 10K 10K 78643K 681 0 ifaddr 86 16K 17K 78643K 233 0 counters 21 16K 16K 78643K 23 0 ioctlops 0 0K 4K 78643K 120 0 iov 0 0K 24K 78643K 122 0 mount 1 1K 1K 78643K 1 0 vnodes 1224 77K 77K 78643K 1934 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 8 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 136 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 805 0 sigio 0 0K 0K 78643K 19 0 proc 50 38K 55K 78643K 457 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 174 0 in_multi 76 3K 4K 78643K 186 0 ether_multi 1 0K 0K 78643K 17 0 mrt 0 0K 0K 78643K 10 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 257 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 152 73K 89K 78643K 2672 0 UVM aobj 34 6K 6K 78643K 36 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 96 0 NDP 13 0K 0K 78643K 30 0 temp 112 3855K 3919K 78643K 10007 0 kqueue 3 4K 8K 78643K 20 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 11 0 4 1 0 1 1 0 8 0 rtpcb 80 37 0 35 1 0 1 1 0 8 0 rtentry 112 87 0 43 2 0 2 2 0 8 0 unpcb 120 294 0 285 1 0 1 1 0 8 0 syncache 264 11 0 11 3 3 0 1 0 8 0 tcpqe 32 269 0 269 1 1 0 1 0 8 0 tcpcb 544 628 0 623 2 1 1 2 0 8 0 inpcb 296 1266 0 1258 4 2 2 2 0 8 1 rttmr 72 4 0 4 2 2 0 1 0 8 0 nd6 48 18 0 13 1 0 1 1 0 8 0 ppxss 1128 1 0 1 1 1 0 1 0 8 0 pfrktable 1344 165 0 153 4 2 2 2 0 8 1 pftag 88 24 0 24 2 2 0 1 0 8 0 pfrule 1360 40 0 26 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 280 0 102 13 1 12 12 0 8 0 art_table 32 281 0 102 2 0 2 2 0 8 0 art_node 16 85 0 46 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 9 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 130 0 120 1 0 1 1 0 8 0 shmpl 112 33 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2426 0 1027 88 0 88 88 0 8 0 ffsino 240 2426 0 1027 83 0 83 83 0 8 0 nchpl 144 3796 0 2208 60 0 60 60 0 8 0 uvmvnodes 72 3070 0 0 56 0 56 56 0 8 0 vnodes 208 3070 0 0 162 0 162 162 0 8 0 namei 1024 10500 0 10500 4 3 1 1 0 8 1 vcpupl 1984 6 0 0 1 0 1 1 0 8 0 vmpool 528 12 0 6 1 0 1 1 0 8 0 pfiaddrpl 120 52 0 42 1 0 1 1 0 8 0 scxspl 192 10850 0 10850 1 0 1 1 0 8 1 plimitpl 152 69 0 62 1 0 1 1 0 8 0 sigapl 424 1010 0 961 6 0 6 6 0 8 0 futexpl 56 15273 0 15273 4 3 1 1 0 8 1 knotepl 112 95 0 76 1 0 1 1 0 8 0 kqueuepl 144 78 0 76 1 0 1 1 0 8 0 pipepl 272 182 0 172 2 1 1 2 0 8 0 fdescpl 432 975 0 961 2 0 2 2 0 8 0 filepl 120 5938 0 5842 5 1 4 5 0 8 1 lockfpl 104 107 0 106 1 0 1 1 0 8 0 lockfspl 48 45 0 44 1 0 1 1 0 8 0 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 25 0 15 1 0 1 1 0 8 0 ucredpl 96 622 0 615 1 0 1 1 0 8 0 zombiepl 144 961 0 961 1 0 1 1 0 8 1 processpl 928 1010 0 961 7 0 7 7 0 8 0 procpl 624 1879 0 1822 6 1 5 5 0 8 0 sosppl 128 3 0 3 2 2 0 1 0 8 0 sockpl 400 1603 0 1584 5 2 3 4 0 8 0 mcl64k 65536 291 0 291 35 34 1 33 0 8 1 mcl16k 16384 3 0 3 3 3 0 1 0 8 0 mcl12k 12288 19 0 19 3 2 1 1 0 8 1 mcl9k 9216 9 0 9 1 0 1 1 0 8 1 mcl8k 8192 31 0 31 3 2 1 1 0 8 1 mcl4k 4096 64 0 64 5 4 1 1 0 8 1 mcl2k2 2112 5 0 5 3 3 0 1 0 8 0 mcl2k 2048 79187 0 79134 24 15 9 18 0 8 1 mtagpl 96 92 0 72 3 1 2 2 0 8 1 mbufpl 256 129835 0 129725 37 18 19 26 0 8 3 bufpl 280 4769 0 137 331 0 331 331 0 8 0 anonpl 16 115325 0 99190 121 31 90 92 0 107 13 amapchunkpl 152 4476 0 4326 25 5 20 20 0 158 13 amappl16 192 5309 0 4272 85 26 59 64 0 8 7 amappl15 184 172 0 170 1 0 1 1 0 8 0 amappl14 176 27 0 22 1 0 1 1 0 8 0 amappl13 168 412 0 407 1 0 1 1 0 8 0 amappl12 160 8 0 7 2 1 1 1 0 8 0 amappl11 152 54 0 44 1 0 1 1 0 8 0 amappl10 144 413 0 405 1 0 1 1 0 8 0 amappl9 136 380 0 378 1 0 1 1 0 8 0 amappl8 128 367 0 316 2 0 2 2 0 8 0 amappl7 120 503 0 489 1 0 1 1 0 8 0 amappl6 112 20 0 16 1 0 1 1 0 8 0 amappl5 104 899 0 887 1 0 1 1 0 8 0 amappl4 96 806 0 778 1 0 1 1 0 8 0 amappl3 88 129 0 124 1 0 1 1 0 8 0 amappl2 80 6923 0 6856 2 0 2 2 0 8 0 amappl1 72 25481 0 25082 24 15 9 17 0 8 0 amappl 80 2121 0 2072 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 35 0 2 1 0 1 1 0 8 0 uaddrrnd 24 987 0 967 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 987 0 967 1 0 1 1 0 8 0 vmmpekpl 168 9187 0 9150 2 0 2 2 0 8 0 vmmpepl 168 121189 0 119042 175 39 136 136 0 357 42 vmsppl 272 986 0 967 3 1 2 2 0 8 0 pdppl 4096 1980 0 1940 9 3 6 6 0 8 0 pvpl 32 304611 0 285380 245 37 208 210 0 265 28 pmappl 200 986 0 967 2 0 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 330 0 91 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ifa_update_broadaddr(ffff800000ac6800,ffff800000af4400,ffff80001d789340) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001d789330,ffff800000ac6800,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd80637c9b00,80206913,ffff80001d789330,ffff80001e811618) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001e811618,ffff80001d789448,ffff80001d789490) at sys_ioctl+0x4a1 syscall(ffff80001d789510) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1c980726270, count: -6 ddb> machine ddbcpu 1 No such command ddb> trace ifa_update_broadaddr(ffff800000ac6800,ffff800000af4400,ffff80001d789340) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001d789330,ffff800000ac6800,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd80637c9b00,80206913,ffff80001d789330,ffff80001e811618) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001e811618,ffff80001d789448,ffff80001d789490) at sys_ioctl+0x4a1 syscall(ffff80001d789510) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1c980726270, count: -6