uvm_fault(0xffffffff825f4ea0, 0xffff800000aea074, 0, 1) -> e kernel: page fault trap, code=0 Stopped at rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xffffffff825f4ea0, 0xffff800000aea074, 0, 1) -> e rtable_satoplen(2,ffff800000ae9f78) at rtable_satoplen+0x150 sys/net/rtable.c:894 end trace frame: 0xffff800021bb9030, count: 0 ddb{1}> trace rtable_satoplen(2,ffff800000ae9f78) at rtable_satoplen+0x150 sys/net/rtable.c:894 rtable_lookup(0,fffffd806243a020,ffff800000ae9f78,ffff800000ae9f58,4) at rtable_lookup+0xeb sys/net/rtable.c:391 rtrequest_delete(ffff800021bb90d0,4,ffff800000a68000,ffff800021bb91a0,0) at rtrequest_delete+0xe3 sys/net/route.c:775 rt_ifa_del(ffff800000ae9f00,800100,ffff800000ae9f58,0) at rt_ifa_del+0x3c3 sys/net/route.c:1191 in_purgeaddr(ffff800000ae9f00) at in_purgeaddr+0xc6 in_remove_prefix sys/netinet/in.c:738 [inline] in_purgeaddr(ffff800000ae9f00) at in_purgeaddr+0xc6 in_ifscrub sys/netinet/in.c:562 [inline] in_purgeaddr(ffff800000ae9f00) at in_purgeaddr+0xc6 sys/netinet/in.c:678 in_ifinit(ffff800000a68000,ffff800000ae9f00,ffff800021bb9520,1) at in_ifinit+0x234 sys/netinet/in.c:664 in_ioctl_change_ifaddr(8040691a,ffff800021bb9510,ffff800000a68000,1) at in_ioctl_change_ifaddr+0x5de sys/netinet/in.c:452 in_ioctl(8040691a,ffff800021bb9510,ffff800000a68000,1) at in_ioctl+0x205 sys/netinet/in.c:234 ifioctl(fffffd80629601b8,8040691a,ffff800021bb9510,ffff800020ab0780) at ifioctl+0xb64 sys/net/if.c:2202 sys_ioctl(ffff800020ab0780,ffff800021bb9628,ffff800021bb9670) at sys_ioctl+0x5b9 syscall(ffff800021bb96f0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800021bb96f0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,432715010) at Xsyscall+0x128 end of kernel end trace frame: 0x6926a4440, count: -12 ddb{1}> show registers rdi 0 rsi 0xfd rbp 0xffff800021bb8f90 rbx 0xffffffffffffff07 rdx 0xffff800000ae9f7c rcx 0xffff800000aea075 rax 0xffff800000aea075 r8 0x4 r9 0x5 r10 0xa4cd31c9e875a1b6 r11 0x2b9159a9fddb09c7 r12 0 r13 0xffff800000aea075 r14 0xffffffff824cb908 inetdomain r15 0x4 rip 0xffffffff816afad0 rtable_satoplen+0x150 cs 0x8 rflags 0x10283 __ALIGN_SIZE+0xf283 rsp 0xffff800021bb8f40 ss 0x10 rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d ddb{1}> show proc PROC (syz-executor.0) pid=190506 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020ab09f8,0xffff800020ab0518 process=0xffff800020adc700 user=0xffff800021bb4000, vmspace=0xfffffd807f00b8a0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 69752 379075 51702 0 2 0 syz-executor.0 *69752 190506 51702 0 7 0x4000000 syz-executor.0 69752 493124 51702 0 3 0x4000080 fsleep syz-executor.0 85963 308182 15501 0 7 0 syz-executor.1 85963 104977 15501 0 3 0x4000080 fsleep syz-executor.1 85963 271098 15501 0 3 0x4000080 fsleep syz-executor.1 85963 203031 15501 0 2 0x4000000 syz-executor.1 50309 483278 0 0 3 0x14200 bored sosplice 15501 119094 19920 0 3 0x82 nanosleep syz-executor.1 38288 49851 0 0 3 0x14200 acct acct 51702 197737 19920 0 3 0x82 nanosleep syz-executor.0 19920 5360 12566 0 3 0x82 kqread syz-fuzzer 19920 255551 12566 0 3 0x4000082 thrsleep syz-fuzzer 19920 465842 12566 0 3 0x4000082 thrsleep syz-fuzzer 19920 426744 12566 0 3 0x4000082 thrsleep syz-fuzzer 19920 251535 12566 0 3 0x4000082 thrsleep syz-fuzzer 19920 236991 12566 0 3 0x4000082 thrsleep syz-fuzzer 19920 458796 12566 0 3 0x4000082 thrsleep syz-fuzzer 19920 54927 12566 0 3 0x4000082 thrsleep syz-fuzzer 19920 201018 12566 0 3 0x4000082 thrsleep syz-fuzzer 19920 473585 12566 0 3 0x4000082 thrsleep syz-fuzzer 12566 98726 3448 0 3 0x10008a pause ksh 3448 211566 80508 0 3 0x92 select sshd 18965 325620 1 0 3 0x100083 ttyin getty 80508 21361 1 0 3 0x80 select sshd 28375 60100 86515 74 3 0x100092 bpf pflogd 86515 331107 1 0 3 0x80 netio pflogd 4609 518173 25105 73 3 0x100090 kqread syslogd 25105 390644 1 0 3 0x100082 netio syslogd 44367 209130 1 77 3 0x100090 poll dhclient 43336 347149 1 0 3 0x80 poll dhclient 23723 47127 0 0 2 0x14200 zerothread 69560 346138 0 0 3 0x14200 aiodoned aiodoned 50649 73762 0 0 3 0x14200 syncer update 4030 393729 0 0 3 0x14200 cleaner cleaner 502 503585 0 0 3 0x14200 reaper reaper 64686 50953 0 0 3 0x14200 pgdaemon pagedaemon 36074 366705 0 0 3 0x14200 bored crynlk 34049 325976 0 0 3 0x14200 bored crypto 35037 28679 0 0 3 0x40014200 acpi0 acpi0 52261 50961 0 0 3 0x40014200 idle1 44022 123823 0 0 3 0x14200 bored softnet 53074 253631 0 0 3 0x14200 bored systqmp 14715 140109 0 0 3 0x14200 bored systq 95405 481355 0 0 3 0x40014200 bored softclock 71501 257323 0 0 3 0x40014200 idle0 61227 470607 0 0 3 0x14200 bored smr 1 236703 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 69752 (syz-executor.0) thread 0xffff800020ab0780 (190506) exclusive rwlock netlock r = 0 (0xffffffff824d2b38) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 in_ioctl_change_ifaddr+0x3f #2 in_ioctl+0x205 sys/netinet/in.c:234 #3 ifioctl+0xb64 sys/net/if.c:2202 #4 sys_ioctl+0x5b9 #5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82672458) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9514 7046K 7487K 78643K 11146 0 0 pcb 13 8K 8K 78643K 92 0 0 rtable 84 3K 4K 78643K 350 0 0 ifaddr 49 11K 13K 78643K 99 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1483 0 0 iov 0 0K 16K 78643K 45 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1216 76K 77K 78643K 1410 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 8 0 0 VM map 5 2K 2K 78643K 5 0 0 sem 12 0K 0K 78643K 47 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 6 17K 21K 78643K 269 0 0 sigio 0 0K 0K 78643K 6 0 0 proc 60 63K 83K 78643K 484 0 0 subproc 32 2K 2K 78643K 51 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 2 0K 0K 78643K 38 0 0 in_multi 18 1K 2K 78643K 58 0 0 ether_multi 1 0K 0K 78643K 2 0 0 mrt 0 0K 0K 78643K 3 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 48 212K 212K 78643K 48 0 0 exec 0 0K 1K 78643K 242 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 114 55K 65K 78643K 1914 0 0 UVM aobj 22 2K 2K 78643K 22 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 60 0 0 NDP 10 0K 0K 78643K 27 0 0 temp 152 3561K 4190K 78643K 18887 0 0 kqueue 0 0K 0K 78643K 6 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 10 0 6 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 47 0 43 1 0 1 1 0 8 0 rtentry 112 66 0 34 2 0 2 2 0 8 0 unpcb 120 138 0 128 1 0 1 1 0 8 0 syncache 264 5 0 5 2 2 0 1 0 8 0 tcpqe 32 165 0 165 2 2 0 1 0 8 0 tcpcb 544 102 0 98 1 0 1 1 0 8 0 inpcb 280 1205 0 1189 6 2 4 4 0 8 2 rttmr 72 1 0 1 1 0 1 1 0 8 1 nd6 48 7 0 6 1 0 1 1 0 8 0 ppxss 1128 8 0 8 3 2 1 1 0 8 1 pffrag 232 7 0 7 3 2 1 1 0 482 1 pffrnode 88 7 0 7 3 2 1 1 0 8 1 pffrent 40 229 0 229 3 2 1 1 0 8 1 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 31 0 9 1 0 1 1 0 8 0 pfstkey 112 31 0 9 1 0 1 1 0 8 0 pfstate 328 31 0 9 3 0 3 3 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 296 0 142 15 0 15 15 0 8 2 art_table 32 297 0 142 2 0 2 2 0 8 0 art_node 16 65 0 35 1 0 1 1 0 8 0 sysvmsgpl 40 41 0 30 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 43 0 33 1 0 1 1 0 8 0 shmpl 112 20 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1783 0 379 46 0 46 46 0 8 0 ffsino 272 1783 0 379 94 0 94 94 0 8 0 nchpl 144 2358 0 747 61 0 61 61 0 8 0 uvmvnodes 72 1964 0 0 36 0 36 36 0 8 0 vnodes 208 1964 0 0 104 0 104 104 0 8 0 namei 1024 6485 0 6485 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 3 0 0 1 0 1 1 0 8 0 vmpool 552 3 0 0 1 0 1 1 0 8 0 scxspl 192 7363 0 7363 10 7 3 7 0 8 3 plimitpl 152 31 0 23 1 0 1 1 0 8 0 sigapl 432 466 0 450 2 0 2 2 0 8 0 futexpl 56 6148 0 6145 1 0 1 1 0 8 0 knotepl 112 108 0 89 1 0 1 1 0 8 0 kqueuepl 104 62 0 60 1 0 1 1 0 8 0 pipepl 112 282 0 261 1 0 1 1 0 8 0 fdescpl 488 467 0 450 3 0 3 3 0 8 0 filepl 152 3691 0 3568 7 1 6 6 0 8 1 lockfpl 104 89 0 88 1 0 1 1 0 8 0 lockfspl 48 30 0 29 1 0 1 1 0 8 0 sessionpl 112 19 0 8 1 0 1 1 0 8 0 pgrppl 48 19 0 8 1 0 1 1 0 8 0 ucredpl 96 218 0 209 1 0 1 1 0 8 0 zombiepl 144 450 0 450 2 1 1 1 0 8 1 processpl 896 484 0 450 4 0 4 4 0 8 0 procpl 632 1082 0 1034 6 1 5 5 0 8 1 srpgc 64 4 0 4 1 0 1 1 0 8 1 sosppl 128 2 0 2 1 0 1 1 0 8 1 sockpl 384 1393 0 1363 8 2 6 6 0 8 2 mcl64k 65536 512 0 0 64 0 64 64 0 8 1 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 5 0 0 1 0 1 1 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 157 0 0 19 0 19 19 0 8 0 mtagpl 80 16 0 0 1 0 1 1 0 8 0 mbufpl 256 602 0 0 39 1 38 38 0 8 0 bufpl 256 7000 0 1320 355 0 355 355 0 8 0 anonpl 16 74552 0 56752 93 5 88 92 0 124 12 amapchunkpl 152 3077 0 2942 15 2 13 13 0 158 7 amappl16 192 2981 0 1918 72 10 62 65 0 8 8 amappl14 176 118 0 115 1 0 1 1 0 8 0 amappl12 160 8 0 7 2 1 1 1 0 8 0 amappl11 152 176 0 156 1 0 1 1 0 8 0 amappl10 144 12 0 8 1 0 1 1 0 8 0 amappl9 136 630 0 624 1 0 1 1 0 8 0 amappl8 128 184 0 156 2 0 2 2 0 8 0 amappl7 120 44 0 39 1 0 1 1 0 8 0 amappl6 112 196 0 182 1 0 1 1 0 8 0 amappl5 104 141 0 126 1 0 1 1 0 8 0 amappl4 96 713 0 682 1 0 1 1 0 8 0 amappl3 88 123 0 117 1 0 1 1 0 8 0 amappl2 80 2756 0 2676 3 1 2 3 0 8 0 amappl1 72 20463 0 19993 26 16 10 20 0 8 0 amappl 80 1361 0 1315 3 1 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 21 0 0 1 0 1 1 0 8 0 uaddrrnd 24 470 0 450 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 470 0 450 1 0 1 1 0 8 0 vmmpekpl 168 7840 0 7806 2 0 2 2 0 8 0 vmmpepl 168 66546 0 64216 158 21 137 137 0 357 35 vmsppl 368 466 0 450 2 0 2 2 0 8 0 pdppl 4096 947 0 903 6 0 6 6 0 8 0 pvpl 32 221805 0 200922 214 4 210 214 0 265 31 pmappl 232 469 0 450 3 1 2 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 608 0 5 18 0 18 18 0 8 0