uvm_fault(0xffffffff82523e80, 0xffff800000beb076, 0, 1) -> e kernel: page fault trap, code=0 Stopped at rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff82523e80, 0xffff800000beb076, 0, 1) -> e rtable_satoplen(2,ffff800000beaf78) at rtable_satoplen+0x150 sys/net/rtable.c:894 end trace frame: 0xffff800015977ad0, count: 0 ddb> trace rtable_satoplen(2,ffff800000beaf78) at rtable_satoplen+0x150 sys/net/rtable.c:894 rtable_lookup(0,fffffd802afecf20,ffff800000beaf78,ffff800000beaf58,4) at rtable_lookup+0xe0 sys/net/rtable.c:391 rtrequest_delete(ffff800015977b70,4,ffff800000a76000,ffff800015977c40,0) at rtrequest_delete+0xe3 sys/net/route.c:775 rt_ifa_del(ffff800000beaf00,800100,ffff800000beaf58,0) at rt_ifa_del+0x3c3 sys/net/route.c:1191 in_ioctl_change_ifaddr(8040691a,ffff800015977ed0,ffff800000a76000,1) at in_ioctl_change_ifaddr+0x355 in_remove_prefix sys/netinet/in.c:738 [inline] in_ioctl_change_ifaddr(8040691a,ffff800015977ed0,ffff800000a76000,1) at in_ioctl_change_ifaddr+0x355 in_ifscrub sys/netinet/in.c:562 [inline] in_ioctl_change_ifaddr(8040691a,ffff800015977ed0,ffff800000a76000,1) at in_ioctl_change_ifaddr+0x355 sys/netinet/in.c:432 in_ioctl(8040691a,ffff800015977ed0,ffff800000a76000,1) at in_ioctl+0x205 sys/netinet/in.c:234 ifioctl(fffffd803df38658,8040691a,ffff800015977ed0,ffff8000ffff2018) at ifioctl+0xb34 sys/net/if.c:2202 sys_ioctl(ffff8000ffff2018,ffff800015977fe8,ffff800015978030) at sys_ioctl+0x5b9 syscall(ffff8000159780b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,ff6952e010) at Xsyscall+0x128 end of kernel end trace frame: 0x1016d3b8a70, count: -10 ddb> show registers rdi 0 rsi 0xff rbp 0xffff800015977a30 rbx 0xffffffffffffff05 rdx 0xffff800000beaf7c rcx 0xffff800000beb077 rax 0xffff800000beb077 r8 0x4 r9 0x7 r10 0x963419148f569a06 r11 0xc7197de4dc0491cf r12 0 r13 0xffff800000beb077 r14 0xffffffff824fa490 inetdomain r15 0x4 rip 0xffffffff81893f00 rtable_satoplen+0x150 cs 0x8 rflags 0x10287 __ALIGN_SIZE+0xf287 rsp 0xffff8000159779e0 ss 0x10 rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d ddb> show proc PROC (syz-executor.0) pid=229196 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3650,0xffffffff8259fcf8 process=0xffff8000148a2d98 user=0xffff800015973000, vmspace=0xfffffd803f014660 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 96772 329749 10079 0 2 0 syz-executor.0 *96772 229196 10079 0 7 0x4000000 syz-executor.0 4921 434185 10603 0 2 0x2 syz-executor.1 10079 348022 10603 0 3 0x82 nanosleep syz-executor.0 37358 5332 0 0 3 0x14200 acct acct 29922 228678 0 0 3 0x14200 bored sosplice 10603 338480 54445 0 3 0x82 thrsleep syz-fuzzer 10603 222920 54445 0 3 0x4000082 nanosleep syz-fuzzer 10603 367371 54445 0 3 0x4000082 thrsleep syz-fuzzer 10603 79897 54445 0 3 0x4000082 thrsleep syz-fuzzer 10603 415824 54445 0 3 0x4000082 thrsleep syz-fuzzer 10603 157976 54445 0 3 0x4000082 kqread syz-fuzzer 10603 134699 54445 0 3 0x4000082 thrsleep syz-fuzzer 10603 25207 54445 0 3 0x4000082 thrsleep syz-fuzzer 54445 221682 89808 0 3 0x10008a pause ksh 89808 249791 29755 0 3 0x92 select sshd 88313 141415 1 0 3 0x100083 ttyin getty 29755 447893 1 0 3 0x80 select sshd 57329 353008 2027 73 2 0x100090 syslogd 2027 215946 1 0 3 0x100082 netio syslogd 96523 230251 1 77 3 0x100090 poll dhclient 50644 372518 1 0 3 0x80 poll dhclient 44723 378695 0 0 2 0x14200 zerothread 99937 279142 0 0 3 0x14200 aiodoned aiodoned 6938 131431 0 0 3 0x14200 syncer update 35670 415711 0 0 3 0x14200 cleaner cleaner 16912 165691 0 0 3 0x14200 reaper reaper 49518 298732 0 0 3 0x14200 pgdaemon pagedaemon 8696 49588 0 0 3 0x14200 bored crynlk 51481 26482 0 0 3 0x14200 bored crypto 4919 498056 0 0 3 0x40014200 acpi0 acpi0 52318 345016 0 0 3 0x14200 bored softnet 99816 493459 0 0 3 0x14200 bored systqmp 67256 407182 0 0 3 0x14200 bored systq 14166 86449 0 0 3 0x40014200 bored softclock 17126 520526 0 0 3 0x40014200 idle0 58489 217338 0 0 3 0x14200 bored smr 1 446551 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9598 7027K 7663K 78643K 26738 0 0 pcb 13 10K 12K 78643K 1616 0 0 rtable 118 8K 8K 78643K 4753 0 0 ifaddr 99 26K 29K 78643K 1230 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 558 0 0 iov 0 0K 32K 78643K 2027 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1212 76K 77K 78643K 7662 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 149 0 0 VM map 84 21K 21K 78643K 129 0 0 sem 12 0K 1K 78643K 3172 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 7694 0 0 sigio 0 0K 0K 78643K 148 0 0 proc 50 38K 63K 78643K 2490 0 0 subproc 32 2K 2K 78643K 665 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 657 0 0 in_multi 36 2K 2K 78643K 786 0 0 ether_multi 1 0K 0K 78643K 74 0 0 mrt 0 0K 0K 78643K 54 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 114 503K 503K 78643K 114 0 0 exec 0 0K 1K 78643K 1580 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 211 608K 610K 78643K 20156 0 0 UVM aobj 130 4K 4K 78643K 146 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 1602 0 0 NDP 23 0K 1K 78643K 401 0 0 temp 247 3545K 4194K 78643K 240359 0 0 kqueue 0 0K 0K 78643K 76 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 198 0 193 1 0 1 1 0 8 0 rtpcb 80 991 0 989 1 0 1 1 0 8 0 rtentry 112 835 0 792 2 0 2 2 0 8 0 unpcb 120 32779 0 32769 40 38 2 3 0 8 1 syncache 264 41 0 41 18 18 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 134 0 134 10 10 0 1 0 8 0 tcpcb 544 4929 0 4924 43 42 1 13 0 8 0 ipq 40 85 0 85 27 27 0 1 0 8 0 ipqe 40 1419 0 1419 27 27 0 1 0 8 0 inpcb 280 11121 0 11111 45 43 2 9 0 8 1 rttmr 72 17 0 17 3 3 0 1 0 8 0 ip6q 72 3 0 3 2 2 0 1 0 8 0 ip6af 40 8 0 8 2 2 0 1 0 8 0 nd6 48 98 0 94 7 6 1 1 0 8 0 pkpcb 40 34 0 34 13 13 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 127 0 127 38 37 1 1 0 8 1 art_heap8 4096 17 0 16 11 10 1 3 0 8 0 art_heap4 256 3283 0 3040 53 37 16 18 0 8 0 art_table 32 3300 0 3056 8 5 3 3 0 8 1 art_node 16 833 0 794 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 6 1 0 1 1 0 8 0 semapl 112 3166 0 3156 1 0 1 1 0 8 0 shmpl 112 144 0 16 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 13425 0 12037 46 0 46 46 0 8 0 ffsino 240 13425 0 12037 83 0 83 83 0 8 0 nchpl 144 24749 0 24263 60 41 19 60 0 8 0 uvmvnodes 72 7800 0 0 142 0 142 142 0 8 0 vnodes 208 7800 0 0 411 0 411 411 0 8 0 namei 1024 84880 0 84879 6 5 1 1 0 8 0 vcpupl 1984 82 0 0 11 0 11 11 0 8 0 vmpool 520 127 0 45 6 0 6 6 0 8 0 scsiplug 64 5 0 5 4 4 0 1 0 8 0 scxspl 192 93033 0 93033 48 47 1 7 0 8 1 plimitpl 152 687 0 680 1 0 1 1 0 8 0 sigapl 432 7754 0 7741 2 0 2 2 0 8 0 futexpl 56 266143 0 266143 7 6 1 1 0 8 1 knotepl 112 5584 0 5565 6 5 1 3 0 8 0 kqueuepl 104 9758 0 9752 7 6 1 4 0 8 0 pipepl 112 4844 0 4825 13 12 1 2 0 8 0 fdescpl 424 7755 0 7741 2 0 2 2 0 8 0 filepl 120 97813 0 97712 50 45 5 11 0 8 1 lockfpl 104 2920 0 2919 1 0 1 1 0 8 0 lockfspl 48 984 0 983 1 0 1 1 0 8 0 sessionpl 112 54 0 44 1 0 1 1 0 8 0 pgrppl 48 148 0 138 1 0 1 1 0 8 0 ucredpl 96 10148 0 10141 1 0 1 1 0 8 0 zombiepl 144 7748 0 7748 1 0 1 1 0 8 1 processpl 864 7778 0 7748 4 0 4 4 0 8 0 procpl 632 17218 0 17180 6 2 4 5 0 8 0 sosppl 128 100 0 100 32 32 0 1 0 8 0 sockpl 384 45109 0 45087 125 119 6 14 0 8 2 mcl64k 65536 3346 0 3346 235 234 1 64 0 8 1 mcl16k 16384 88 0 88 37 36 1 1 0 8 1 mcl12k 12288 246 0 246 23 22 1 1 0 8 1 mcl9k 9216 129 0 129 29 28 1 1 0 8 1 mcl8k 8192 412 0 412 10 9 1 1 0 8 1 mcl4k 4096 1066 0 1066 6 5 1 1 0 8 1 mcl2k2 2112 104 0 104 33 33 0 1 0 8 0 mcl2k 2048 84146 0 84095 42 34 8 17 0 8 0 mtagpl 80 342 0 324 7 6 1 1 0 8 0 mbufpl 256 222598 0 222440 334 324 10 42 0 8 0 bufpl 256 38996 0 31195 488 0 488 488 0 8 0 anonpl 16 1109653 0 1089977 309 206 103 112 0 62 14 amapchunkpl 152 41991 0 41865 133 126 7 19 0 158 0 amappl16 192 53667 0 52431 379 308 71 80 0 8 8 amappl15 184 1746 0 1742 8 7 1 1 0 8 0 amappl14 176 1186 0 1182 1 0 1 1 0 8 0 amappl13 168 891 0 891 7 7 0 1 0 8 0 amappl12 160 666 0 664 1 0 1 1 0 8 0 amappl11 152 1848 0 1837 1 0 1 1 0 8 0 amappl10 144 1238 0 1238 7 6 1 1 0 8 1 amappl9 136 1990 0 1984 1 0 1 1 0 8 0 amappl8 128 1543 0 1493 2 0 2 2 0 8 0 amappl7 120 1414 0 1408 1 0 1 1 0 8 0 amappl6 112 1715 0 1699 1 0 1 1 0 8 0 amappl5 104 1145 0 1135 1 0 1 1 0 8 0 amappl4 96 7680 0 7655 1 0 1 1 0 8 0 amappl3 88 2258 0 2252 1 0 1 1 0 8 0 amappl2 80 60232 0 60152 3 1 2 3 0 8 0 amappl1 72 149259 0 148846 26 16 10 20 0 8 0 amappl 80 18191 0 18117 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 145 0 16 3 0 3 3 0 8 0 uaddrrnd 24 7882 0 7741 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 7882 0 7741 1 0 1 1 0 8 0 vmmpekpl 168 46390 0 46343 3 0 3 3 0 8 0 vmmpepl 168 952457 0 949881 574 418 156 156 0 357 35 vmsppl 272 7754 0 7741 3 2 1 2 0 8 0 pdppl 4096 15770 0 15654 17 2 15 15 0 8 0 pvpl 32 2670847 0 2650360 615 396 219 299 0 265 38 pmappl 200 7881 0 7786 8 2 6 6 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 1373 0 742 22 2 20 21 0 8 0