uvm_fault(0xfffffd806bc09220, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc09220, 0x0, 0, 1) -> e ifa_update_broadaddr(ffff800000ac6800,ffff800000af3100,ffff80001f9a1b80) at ifa_update_broadaddr+0x1f sys/net/if.c:3073 end trace frame: 0xffff80001f9a1aa0, count: 0 ddb> trace ifa_update_broadaddr(ffff800000ac6800,ffff800000af3100,ffff80001f9a1b80) at ifa_update_broadaddr+0x1f sys/net/if.c:3073 in_ioctl(80206913,ffff80001f9a1b70,ffff800000ac6800,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd806b657960,80206913,ffff80001f9a1b70,ffff80001e792500) at ifioctl+0xe60 sys/net/if.c:2285 sys_ioctl(ffff80001e792500,ffff80001f9a1c88,ffff80001f9a1cd0) at sys_ioctl+0x4a1 syscall(ffff80001f9a1d50) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x85c7789c570, count: -6 ddb> show registers rdi 0xffffffff820f5a4b ifa_update_broadaddr+0x1b rsi 0x59 rbp 0xffff80001f9a1a00 rbx 0x10 rdx 0x5a rcx 0xffff80001f9a2000 rax 0xffff80001f9a2000 r8 0xffffffff8223e3e7 in_ioctl+0x387 r9 0x7 r10 0x3 r11 0x56b267ded2622dd0 r12 0xffff80001f9a1b80 r13 0 r14 0xffff80001f9a1b80 r15 0 rip 0xffffffff820f5a4f ifa_update_broadaddr+0x1f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001f9a19c0 ss 0x10 ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> show proc PROC (syz-executor.0) pid=380194 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff80001e792c50,0xffffffff82853eb0 process=0xffff80001e8023d0 user=0xffff80001f99c000, vmspace=0xfffffd806bc09220 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 51342 341533 76938 0 2 0 syz-executor.0 *51342 380194 76938 0 7 0x4000000 syz-executor.0 93946 419113 0 0 3 0x14200 acct acct 74864 232434 1 0 3 0x100083 ttyin getty 97981 345411 0 0 3 0x14200 bored sosplice 80487 235245 68629 0 3 0x82 piperd syz-executor.1 32831 257969 0 0 3 0x14280 nfsidl nfsio 38110 86555 0 0 3 0x14280 nfsidl nfsio 93934 88277 0 0 3 0x14280 nfsidl nfsio 57432 388950 0 0 3 0x14280 nfsidl nfsio 83387 391910 0 0 3 0x14280 nfsidl nfsio 74582 486402 0 0 3 0x14280 nfsidl nfsio 88568 441941 0 0 3 0x14280 nfsidl nfsio 25650 358528 0 0 3 0x14280 nfsidl nfsio 86860 450289 0 0 3 0x14280 nfsidl nfsio 2583 502467 0 0 3 0x14280 nfsidl nfsio 26144 341246 0 0 3 0x14280 nfsidl nfsio 60975 229710 0 0 3 0x14280 nfsidl nfsio 35929 366956 0 0 3 0x14280 nfsidl nfsio 62191 360988 0 0 3 0x14280 nfsidl nfsio 9042 119102 0 0 3 0x14280 nfsidl nfsio 26814 293600 0 0 3 0x14280 nfsidl nfsio 2657 293517 0 0 3 0x14280 nfsidl nfsio 45333 476793 0 0 3 0x14280 nfsidl nfsio 94030 195051 0 0 3 0x14280 nfsidl nfsio 63202 219473 0 0 3 0x14280 nfsidl nfsio 76938 473641 68629 0 2 0x482 syz-executor.0 68629 315128 34259 0 3 0x82 thrsleep syz-fuzzer 68629 465529 34259 0 2 0x4000482 syz-fuzzer 68629 245967 34259 0 3 0x4000082 thrsleep syz-fuzzer 68629 314965 34259 0 3 0x4000082 thrsleep syz-fuzzer 68629 157145 34259 0 3 0x4000082 thrsleep syz-fuzzer 68629 341027 34259 0 2 0x4000002 syz-fuzzer 68629 228427 34259 0 3 0x4000082 thrsleep syz-fuzzer 68629 94831 34259 0 3 0x4000082 thrsleep syz-fuzzer 34259 377224 86450 0 3 0x10008a pause ksh 86450 193196 97290 0 3 0x92 select sshd 97290 130953 1 0 3 0x80 select sshd 19925 138230 50418 73 3 0x100090 kqread syslogd 50418 436754 1 0 3 0x100082 netio syslogd 69012 394325 1 77 3 0x100090 poll dhclient 93397 90902 1 0 3 0x80 poll dhclient 83633 42897 0 0 3 0x14200 bored smr 17682 405380 0 0 2 0x14200 zerothread 98988 472447 0 0 3 0x14200 aiodoned aiodoned 12057 138311 0 0 3 0x14200 syncer update 43976 357112 0 0 3 0x14200 cleaner cleaner 30162 417185 0 0 3 0x14200 reaper reaper 57023 480619 0 0 3 0x14200 pgdaemon pagedaemon 56539 36941 0 0 3 0x14200 bored crynlk 93248 330239 0 0 3 0x14200 bored crypto 34898 443420 0 0 3 0x40014200 acpi0 acpi0 3026 42504 0 0 3 0x14200 bored softnet 5255 208577 0 0 3 0x14200 bored systqmp 2380 128999 0 0 3 0x14200 bored systq 38977 187906 0 0 2 0x40014200 softclock 64689 461721 0 0 3 0x40014200 idle0 1 362575 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9514 6379K 6925K 78643K 12786 0 pcb 13 8K 8K 78643K 156 0 rtable 139 13K 16K 78643K 903 0 ifaddr 106 22K 23K 78643K 352 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 17K 78643K 47 0 ioctlops 0 0K 4K 78643K 213 0 iov 0 0K 12K 78643K 134 0 mount 1 1K 1K 78643K 1 0 vnodes 1223 77K 77K 78643K 1911 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 24 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 278 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 1251 0 sigio 0 0K 0K 78643K 49 0 proc 49 38K 63K 78643K 487 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 85 0 in_multi 98 4K 4K 78643K 249 0 ether_multi 1 0K 0K 78643K 25 0 mrt 0 0K 0K 78643K 18 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 303 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 170 155K 155K 78643K 3731 0 UVM aobj 55 4K 4K 78643K 65 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 145 0 NDP 13 0K 0K 78643K 59 0 temp 136 3862K 3926K 78643K 35317 0 kqueue 3 4K 12K 78643K 93 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 3 1 0 1 1 0 8 0 rtpcb 80 59 0 57 1 0 1 1 0 8 0 rtentry 112 102 0 64 2 0 2 2 0 8 0 unpcb 120 534 0 526 1 0 1 1 0 8 0 syncache 264 15 0 15 7 7 0 1 0 8 0 tcpqe 32 346 0 346 2 2 0 1 0 8 0 tcpcb 544 350 0 345 1 0 1 1 0 8 0 ipq 40 492 0 492 5 4 1 1 0 8 1 ipqe 40 1031 0 1031 5 4 1 1 0 8 1 inpcb 296 1877 0 1869 10 9 1 2 0 8 0 rttmr 72 11 0 10 7 6 1 1 0 8 0 nd6 48 36 0 27 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 1 0 1 0 8 0 ppxss 1136 6 0 6 4 4 0 1 0 8 0 pfstscr 40 6 0 5 1 0 1 1 0 8 0 pfrktable 1344 186 0 166 8 6 2 3 0 8 0 pftag 88 28 0 26 2 1 1 1 0 8 0 pfstitem 24 8 0 4 1 0 1 1 0 8 0 pfstkey 112 10 0 6 1 0 1 1 0 8 0 pfstate 328 5 0 3 1 0 1 1 0 8 0 pfrule 1360 60 0 39 3 1 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 386 0 185 16 3 13 14 0 8 0 art_table 32 387 0 185 2 0 2 2 0 8 0 art_node 16 101 0 68 1 0 1 1 0 8 0 sysvmsgpl 40 34 0 27 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 276 0 266 1 0 1 1 0 8 0 shmpl 112 62 0 10 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 3097 0 1698 88 0 88 88 0 8 0 ffsino 240 3097 0 1698 83 0 83 83 0 8 0 nchpl 144 5369 0 3779 60 0 60 60 0 8 0 uvmvnodes 72 3644 0 0 67 0 67 67 0 8 0 vnodes 208 3644 0 0 192 0 192 192 0 8 0 namei 1024 14835 0 14835 6 5 1 1 0 8 1 vcpupl 1984 18 0 1 3 0 3 3 0 8 0 vmpool 528 21 0 4 2 0 2 2 0 8 0 pfiaddrpl 120 66 0 47 1 0 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 15301 0 15301 3 2 1 1 0 8 1 plimitpl 152 124 0 117 1 0 1 1 0 8 0 sigapl 424 1457 0 1407 6 0 6 6 0 8 0 futexpl 56 25436 0 25436 5 4 1 1 0 8 1 knotepl 112 191 0 172 1 0 1 1 0 8 0 kqueuepl 144 169 0 167 1 0 1 1 0 8 0 pipepl 272 234 0 224 3 2 1 2 0 8 0 fdescpl 432 1421 0 1407 2 0 2 2 0 8 0 filepl 120 8888 0 8792 5 1 4 4 0 8 1 lockfpl 104 277 0 276 1 0 1 1 0 8 0 lockfspl 48 101 0 100 1 0 1 1 0 8 0 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 43 0 33 1 0 1 1 0 8 0 ucredpl 96 1014 0 1007 1 0 1 1 0 8 0 zombiepl 144 1407 0 1407 3 2 1 1 0 8 1 processpl 928 1457 0 1407 7 0 7 7 0 8 0 procpl 624 2921 0 2863 5 0 5 5 0 8 0 sosppl 128 16 0 16 6 6 0 1 0 8 0 sockpl 400 2475 0 2457 6 3 3 3 0 8 1 mcl64k 65536 62 0 62 15 15 0 1 0 8 0 mcl16k 16384 22 0 22 15 15 0 1 0 8 0 mcl12k 12288 50 0 50 12 11 1 1 0 8 1 mcl9k 9216 14 0 14 8 7 1 1 0 8 1 mcl8k 8192 176 0 176 6 5 1 1 0 8 1 mcl4k 4096 234 0 234 6 5 1 1 0 8 1 mcl2k2 2112 9 0 9 3 3 0 1 0 8 0 mcl2k 2048 96995 0 96932 31 22 9 21 0 8 0 mtagpl 96 115 0 36 3 1 2 2 0 8 0 mbufpl 256 167770 0 167434 54 32 22 35 0 8 0 bufpl 280 6234 0 882 383 0 383 383 0 8 0 anonpl 16 158570 0 140385 142 57 85 90 0 107 8 amapchunkpl 152 6358 0 6222 38 32 6 20 0 158 0 amappl16 192 7426 0 6348 105 48 57 66 0 8 3 amappl15 184 9 0 7 1 0 1 1 0 8 0 amappl14 176 33 0 28 1 0 1 1 0 8 0 amappl13 168 34 0 31 1 0 1 1 0 8 0 amappl12 160 11 0 8 1 0 1 1 0 8 0 amappl11 152 48 0 38 1 0 1 1 0 8 0 amappl10 144 17 0 9 1 0 1 1 0 8 0 amappl9 136 1486 0 1482 1 0 1 1 0 8 0 amappl8 128 1505 0 1444 2 0 2 2 0 8 0 amappl7 120 122 0 109 1 0 1 1 0 8 0 amappl6 112 22 0 18 1 0 1 1 0 8 0 amappl5 104 1377 0 1364 1 0 1 1 0 8 0 amappl4 96 466 0 438 1 0 1 1 0 8 0 amappl3 88 174 0 169 1 0 1 1 0 8 0 amappl2 80 10756 0 10688 2 0 2 2 0 8 0 amappl1 72 40756 0 40340 22 13 9 17 0 8 0 amappl 80 3164 0 3111 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 64 0 10 1 0 1 1 0 8 0 uaddrrnd 24 1442 0 1411 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1442 0 1411 1 0 1 1 0 8 0 vmmpekpl 168 10538 0 10497 2 0 2 2 0 8 0 vmmpepl 168 178580 0 176347 189 85 104 128 0 357 6 vmsppl 272 1441 0 1411 4 1 3 3 0 8 1 pdppl 4096 2890 0 2839 8 1 7 7 0 8 0 pvpl 32 417973 0 397427 309 110 199 205 0 265 26 pmappl 200 1441 0 1411 3 1 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 356 0 112 10 2 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ifa_update_broadaddr(ffff800000ac6800,ffff800000af3100,ffff80001f9a1b80) at ifa_update_broadaddr+0x1f sys/net/if.c:3073 in_ioctl(80206913,ffff80001f9a1b70,ffff800000ac6800,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd806b657960,80206913,ffff80001f9a1b70,ffff80001e792500) at ifioctl+0xe60 sys/net/if.c:2285 sys_ioctl(ffff80001e792500,ffff80001f9a1c88,ffff80001f9a1cd0) at sys_ioctl+0x4a1 syscall(ffff80001f9a1d50) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x85c7789c570, count: -6 ddb> machine ddbcpu 1 No such command ddb> trace ifa_update_broadaddr(ffff800000ac6800,ffff800000af3100,ffff80001f9a1b80) at ifa_update_broadaddr+0x1f sys/net/if.c:3073 in_ioctl(80206913,ffff80001f9a1b70,ffff800000ac6800,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd806b657960,80206913,ffff80001f9a1b70,ffff80001e792500) at ifioctl+0xe60 sys/net/if.c:2285 sys_ioctl(ffff80001e792500,ffff80001f9a1c88,ffff80001f9a1cd0) at sys_ioctl+0x4a1 syscall(ffff80001f9a1d50) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x85c7789c570, count: -6