uvm_fault(0xfffffd8057bac9a0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8057bac9a0, 0x0, 0, 1) -> e ifa_update_broadaddr(ffff800000ac6000,ffff8000006b5500,ffff80001d79b310) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 end trace frame: 0xffff80001d79b230, count: 0 ddb> trace ifa_update_broadaddr(ffff800000ac6000,ffff8000006b5500,ffff80001d79b310) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001d79b300,ffff800000ac6000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd805da687d8,80206913,ffff80001d79b300,ffff80001d6c3878) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c3878,ffff80001d79b418,ffff80001d79b460) at sys_ioctl+0x4a1 syscall(ffff80001d79b4e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c5c2e109a0, count: -6 ddb> show registers rdi 0xffffffff8158409b ifa_update_broadaddr+0x1b rsi 0x4b rbp 0xffff80001d79b190 rbx 0x10 rdx 0x4c rcx 0xffff80001f9a4000 rax 0xffff80001f9a4000 r8 0xffffffff81634737 in_ioctl+0x387 r9 0x7 r10 0x3 r11 0x24cb9eaa61617327 r12 0xffff80001d79b310 r13 0xaa0014ac r14 0xffff80001d79b310 r15 0 rip 0xffffffff8158409f ifa_update_broadaddr+0x1f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001d79b150 ss 0x10 ifa_update_broadaddr+0x1f: movzbl 0(%r15),%r12d ddb> show proc PROC (syz-executor.0) pid=162627 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6c2768,0xffffffff8284eb50 process=0xffff80001d6c5970 user=0xffff80001d796000, vmspace=0xfffffd8057bac9a0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 62248 34961 55638 0 2 0 syz-executor.0 *62248 162627 55638 0 7 0x4000000 syz-executor.0 92506 466294 0 0 3 0x14200 bored sosplice 55638 405103 84891 0 3 0x82 nanosleep syz-executor.0 29815 151600 84891 0 3 0x82 piperd syz-executor.1 84891 111482 2423 0 3 0x82 thrsleep syz-fuzzer 84891 86256 2423 0 3 0x4000082 nanosleep syz-fuzzer 84891 497952 2423 0 3 0x4000082 thrsleep syz-fuzzer 84891 126434 2423 0 3 0x4000082 thrsleep syz-fuzzer 84891 144175 2423 0 3 0x4000082 thrsleep syz-fuzzer 84891 297707 2423 0 3 0x4000082 thrsleep syz-fuzzer 84891 246928 2423 0 3 0x4000082 thrsleep syz-fuzzer 84891 93868 2423 0 2 0x4000002 syz-fuzzer 2423 5297 20118 0 3 0x10008a pause ksh 20118 346588 59439 0 3 0x92 select sshd 65677 491163 1 0 3 0x100083 ttyin getty 59439 153448 1 0 3 0x80 select sshd 34256 60469 31649 73 3 0x100090 kqread syslogd 31649 112517 1 0 3 0x100082 netio syslogd 12304 141569 1 77 3 0x100090 poll dhclient 90074 151087 1 0 3 0x80 poll dhclient 81946 143919 0 0 3 0x14200 bored smr 46188 416597 0 0 2 0x14200 zerothread 2183 406548 0 0 3 0x14200 aiodoned aiodoned 97194 388652 0 0 3 0x14200 syncer update 7420 51397 0 0 3 0x14200 cleaner cleaner 3725 447861 0 0 3 0x14200 reaper reaper 29893 313489 0 0 3 0x14200 pgdaemon pagedaemon 75863 181928 0 0 3 0x14200 bored crynlk 33125 355848 0 0 3 0x14200 bored crypto 95966 54623 0 0 3 0x40014200 acpi0 acpi0 61345 523 0 0 3 0x14200 bored softnet 38583 452889 0 0 3 0x14200 bored systqmp 73907 413352 0 0 3 0x14200 bored systq 94478 383761 0 0 3 0x40014200 bored softclock 86497 388593 0 0 3 0x40014200 idle0 1 82622 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9480 6341K 6599K 78643K 11115 0 pcb 13 8K 8K 78643K 83 0 rtable 82 3K 7K 78643K 563 0 ifaddr 62 14K 16K 78643K 221 0 sysctl 2 0K 0K 78643K 2 0 counters 20 16K 16K 78643K 31 0 ioctlops 0 0K 4K 78643K 77 0 iov 0 0K 16K 78643K 60 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1402 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 14 0 VM map 2 0K 0K 78643K 2 0 sem 12 1K 1K 78643K 12 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 477 0 sigio 0 0K 0K 78643K 4 0 proc 49 38K 63K 78643K 370 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 28 0 in_multi 55 2K 2K 78643K 157 0 ether_multi 1 0K 0K 78643K 11 0 mrt 0 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 205 0 pfkey data 0 0K 0K 78643K 2 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 141 72K 74K 78643K 1938 0 UVM aobj 34 2K 2K 78643K 36 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 49 0 NDP 8 0K 0K 78643K 33 0 temp 95 3857K 3921K 78643K 9362 0 kqueue 3 4K 19K 78643K 28 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 4 1 0 1 1 0 8 0 rtpcb 80 43 0 41 1 0 1 1 0 8 0 rtentry 112 79 0 49 2 0 2 2 0 8 0 unpcb 120 133 0 125 1 0 1 1 0 8 0 syncache 264 6 0 6 2 2 0 1 0 8 0 tcpqe 32 512 0 512 1 1 0 1 0 8 0 tcpcb 544 137 0 132 1 0 1 1 0 8 0 ipq 40 2 0 1 2 1 1 1 0 8 0 ipqe 40 4 0 3 2 1 1 1 0 8 0 inpcb 296 1771 0 1763 7 5 2 2 0 8 1 rttmr 72 4 0 3 1 0 1 1 0 8 0 nd6 48 19 0 17 1 0 1 1 0 8 0 pkpcb 40 8 0 8 3 2 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 97 0 96 1 0 1 1 0 8 0 pftag 88 16 0 16 3 3 0 1 0 8 0 pfstkey 112 1 0 1 1 1 0 1 0 8 0 pfstate 328 1 0 1 1 1 0 1 0 8 0 pfrule 1360 21 0 18 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 329 0 188 13 3 10 13 0 8 0 art_table 32 330 0 188 2 0 2 2 0 8 0 art_node 16 78 0 51 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 6 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 10 0 0 1 0 1 1 0 8 0 shmpl 112 33 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2023 0 624 88 0 88 88 0 8 0 ffsino 240 2023 0 624 83 0 83 83 0 8 0 nchpl 144 2851 0 1260 60 0 60 60 0 8 0 uvmvnodes 72 2192 0 0 40 0 40 40 0 8 0 vnodes 208 2192 0 0 116 0 116 116 0 8 0 namei 1024 7456 0 7456 4 3 1 1 0 8 1 vcpupl 1984 5 0 0 1 0 1 1 0 8 0 vmpool 528 11 0 6 1 0 1 1 0 8 0 pfiaddrpl 120 26 0 26 3 3 0 1 0 8 0 scxspl 192 8996 0 8996 2 1 1 1 0 8 1 plimitpl 152 37 0 30 1 0 1 1 0 8 0 sigapl 424 664 0 635 4 0 4 4 0 8 0 futexpl 56 9681 0 9681 4 3 1 1 0 8 1 knotepl 112 89 0 70 1 0 1 1 0 8 0 kqueuepl 144 54 0 51 1 0 1 1 0 8 0 pipepl 272 120 0 110 1 0 1 1 0 8 0 fdescpl 432 649 0 635 2 0 2 2 0 8 0 filepl 120 4465 0 4369 5 1 4 4 0 8 1 lockfpl 104 86 0 85 1 0 1 1 0 8 0 lockfspl 48 32 0 31 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 384 0 377 1 0 1 1 0 8 0 zombiepl 144 635 0 635 2 1 1 1 0 8 1 processpl 928 664 0 635 4 0 4 4 0 8 0 procpl 624 1204 0 1167 4 0 4 4 0 8 0 sosppl 128 8 0 8 4 3 1 1 0 8 1 sockpl 400 1955 0 1937 5 2 3 4 0 8 1 mcl64k 65536 550 0 550 66 66 0 65 0 8 0 mcl12k 12288 15 0 15 7 6 1 1 0 8 1 mcl9k 9216 8 0 8 5 5 0 1 0 8 0 mcl8k 8192 15 0 15 6 5 1 1 0 8 1 mcl4k 4096 37 0 37 7 6 1 1 0 8 1 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 94115 0 94063 25 18 7 18 0 8 0 mtagpl 96 41 0 14 2 1 1 1 0 8 0 mbufpl 256 152269 0 152085 47 33 14 42 0 8 0 bufpl 280 4589 0 145 318 0 318 318 0 8 0 anonpl 16 86538 0 69408 90 7 83 84 0 107 4 amapchunkpl 152 3103 0 2951 26 15 11 20 0 158 4 amappl16 192 3305 0 2234 69 14 55 66 0 8 1 amappl15 184 139 0 137 1 0 1 1 0 8 0 amappl14 176 26 0 22 1 0 1 1 0 8 0 amappl13 168 332 0 327 1 0 1 1 0 8 0 amappl12 160 2 0 1 2 1 1 1 0 8 0 amappl11 152 51 0 40 1 0 1 1 0 8 0 amappl10 144 162 0 153 1 0 1 1 0 8 0 amappl9 136 373 0 372 1 0 1 1 0 8 0 amappl8 128 337 0 291 2 0 2 2 0 8 0 amappl7 120 107 0 94 1 0 1 1 0 8 0 amappl6 112 20 0 17 1 0 1 1 0 8 0 amappl5 104 589 0 577 1 0 1 1 0 8 0 amappl4 96 726 0 696 1 0 1 1 0 8 0 amappl3 88 125 0 120 1 0 1 1 0 8 0 amappl2 80 4504 0 4436 2 0 2 2 0 8 0 amappl1 72 23733 0 23325 22 13 9 17 0 8 0 amappl 80 1441 0 1392 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 35 0 2 1 0 1 1 0 8 0 uaddrrnd 24 660 0 641 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 660 0 641 1 0 1 1 0 8 0 vmmpekpl 168 7785 0 7758 2 0 2 2 0 8 0 vmmpepl 168 86396 0 84194 140 40 100 123 0 357 0 vmsppl 272 659 0 641 3 1 2 2 0 8 0 pdppl 4096 1326 0 1287 7 1 6 6 0 8 0 pvpl 32 238453 0 218605 209 17 192 196 0 265 10 pmappl 200 659 0 641 3 1 2 2 0 8 1 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 367 0 140 10 1 9 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ifa_update_broadaddr(ffff800000ac6000,ffff8000006b5500,ffff80001d79b310) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001d79b300,ffff800000ac6000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd805da687d8,80206913,ffff80001d79b300,ffff80001d6c3878) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c3878,ffff80001d79b418,ffff80001d79b460) at sys_ioctl+0x4a1 syscall(ffff80001d79b4e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c5c2e109a0, count: -6 ddb> machine ddbcpu 1 No such command ddb> trace ifa_update_broadaddr(ffff800000ac6000,ffff8000006b5500,ffff80001d79b310) at ifa_update_broadaddr+0x1f sys/net/if.c:3070 in_ioctl(80206913,ffff80001d79b300,ffff800000ac6000,1) at in_ioctl+0x5eb sys/netinet/in.c:320 ifioctl(fffffd805da687d8,80206913,ffff80001d79b300,ffff80001d6c3878) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c3878,ffff80001d79b418,ffff80001d79b460) at sys_ioctl+0x4a1 syscall(ffff80001d79b4e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c5c2e109a0, count: -6