uvm_fault(0xffffffff8254db38, 0xfffffd806f6d4578, 0, 4) -> e kernel: page fault trap, code=0 Stopped at 0xfffffd806f6d4578: addb %al,0(%rax) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xffffffff8254db38, 0xfffffd806f6d4578, 0, 4) -> e fffffd806f6d4578(b,ffff800023991788,83,ffff800023991828,0,b) at 0xfffffd806f6d4578 end trace frame: 0xffff800023991880, count: 0 ddb{0}> trace fffffd806f6d4578(b,ffff800023991788,83,ffff800023991828,0,b) at 0xfffffd806f6d4578 rt_clone(ffff800023991898,fffffd806f6d4080,0) at rt_clone+0x78 sys/net/route.c:266 rtalloc_mpath(fffffd806f6d4080,0,0) at rtalloc_mpath+0xba rt_match sys/net/route.c:244 [inline] rtalloc_mpath(fffffd806f6d4080,0,0) at rtalloc_mpath+0xba sys/net/route.c:359 in_pcbselsrc(ffff800023991970,fffffd8069ec3220,fffffd806f6d4000) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd806f6d4000,fffffd8069ec3200) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd80625c24a0,4,0,fffffd8069ec3200,0,ffff800020abe780) at udp_usrreq+0x560 sys_connect(ffff800020abe780,ffff800023991af8,ffff800023991b40) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff800023991bc0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800023991bc0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,15542f71010) at Xsyscall+0x128 end of kernel end trace frame: 0x15821bb6540, count: -9 ddb{0}> show registers rdi 0xffff800000aa8000 rsi 0xb rbp 0xffff800023991770 rbx 0xfffffd806699e8c8 rdx 0xfffffd806699e8c8 rcx 0xffff80002115a000 rax 0xffff80002115a000 r8 0x100 r9 0x7 r10 0x72e3a14a8664a42f r11 0xfffffd806f6d4578 r12 0xfffffd806699e8c8 r13 0xffff800023991788 r14 0xffff800023991828 r15 0xffff80000005b870 rip 0xfffffd806f6d4578 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800023991678 ss 0x10 0xfffffd806f6d4578: addb %al,0(%rax) ddb{0}> show proc PROC (syz-executor.1) pid=242906 stat=onproc flags process=0 proc=4000000 pri=77, usrpri=77, nice=20 forw=0xffffffffffffffff, list=0xffff800020abf8c8,0xffffffff8264fc48 process=0xffff800020adc000 user=0xffff80002398c000, vmspace=0xfffffd807f00b5c0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 61699 220503 82173 0 2 0 syz-executor.1 *61699 242906 82173 0 7 0x4000000 syz-executor.1 69423 354266 68018 60929 3 0x90 nanosleep syz-executor.0 69423 407229 68018 60929 3 0x4000090 netcon2 syz-executor.0 69423 427901 68018 60929 3 0x4000090 fsleep syz-executor.0 68018 355582 77071 0 3 0x82 nanosleep syz-executor.0 82173 19864 77071 0 2 0x482 syz-executor.1 83138 106746 0 0 3 0x14200 acct acct 31874 63212 0 0 3 0x14200 bored sosplice 77071 404207 77933 0 3 0x82 kqread syz-fuzzer 77071 496970 77933 0 2 0x4000482 syz-fuzzer 77071 375046 77933 0 3 0x4000082 thrsleep syz-fuzzer 77071 83470 77933 0 3 0x4000082 thrsleep syz-fuzzer 77071 164966 77933 0 3 0x4000082 thrsleep syz-fuzzer 77071 132040 77933 0 3 0x4000082 thrsleep syz-fuzzer 77071 167984 77933 0 3 0x4000082 thrsleep syz-fuzzer 77071 107131 77933 0 3 0x4000082 thrsleep syz-fuzzer 77071 187027 77933 0 3 0x4000082 thrsleep syz-fuzzer 77071 62547 77933 0 3 0x4000082 thrsleep syz-fuzzer 77933 485964 26897 0 3 0x10008a pause ksh 26897 148041 80231 0 3 0x92 select sshd 59728 356454 1 0 3 0x100083 ttyin getty 80231 264030 1 0 3 0x80 select sshd 63558 496010 88517 74 3 0x100092 bpf pflogd 88517 1574 1 0 3 0x80 netio pflogd 68563 19582 826 73 7 0x100090 syslogd 826 464084 1 0 3 0x100082 netio syslogd 50297 65730 1 77 3 0x100090 poll dhclient 23053 151883 1 0 3 0x80 poll dhclient 18928 274304 0 0 3 0x14200 pgzero zerothread 57372 11912 0 0 3 0x14200 aiodoned aiodoned 34326 350752 0 0 3 0x14200 syncer update 6904 173024 0 0 3 0x14200 cleaner cleaner 48161 203275 0 0 3 0x14200 reaper reaper 52825 58376 0 0 3 0x14200 pgdaemon pagedaemon 24345 520345 0 0 3 0x14200 bored crynlk 55070 458698 0 0 3 0x14200 bored crypto 96432 427926 0 0 3 0x40014200 acpi0 acpi0 32204 202632 0 0 3 0x40014200 idle1 7717 86372 0 0 3 0x14200 bored softnet 88944 64298 0 0 3 0x14200 bored systqmp 36497 262204 0 0 3 0x14200 bored systq 26055 285971 0 0 3 0x40014200 bored softclock 78448 475664 0 0 3 0x40014200 idle0 16441 25924 0 0 3 0x14200 bored smr 1 412758 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 61699 (syz-executor.1) thread 0xffff800020abe780 (242906) exclusive rwlock netlock r = 0 (0xffffffff8246c0b8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 uvn_io+0x3b2 sys/uvm/uvm_vnode.c:1206 #2 uvn_get+0x226 sys/uvm/uvm_vnode.c:1049 #3 uvm_fault+0x11cc sys/uvm/uvm_fault.c:1023 #4 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199 #5 kerntrap+0xec sys/arch/amd64/amd64/trap.c:287 #6 alltraps_kern_meltdown+0x7b #7 copyin+0x4b #8 sys_connect+0x9c sys/kern/uipc_syscalls.c:367 #9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #10 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 2 (0xffffffff82651848) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9615 7226K 7863K 78643K 17265 0 0 pcb 13 10K 12K 78643K 506 0 0 rtable 127 9K 9K 78643K 1800 0 0 ifaddr 95 21K 23K 78643K 634 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1554 0 0 iov 0 0K 32K 78643K 498 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1223 77K 77K 78643K 3623 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 28 0 0 VM map 2 1K 1K 78643K 22 0 0 sem 12 0K 1K 78643K 369 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 6 17K 25K 78643K 2606 0 0 sigio 0 0K 0K 78643K 24 0 0 proc 62 63K 95K 78643K 1054 0 0 subproc 32 2K 2K 78643K 227 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 242 0 0 in_multi 36 2K 2K 78643K 301 0 0 ether_multi 1 0K 0K 78643K 31 0 0 mrt 0 0K 0K 78643K 21 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 552 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 108 22K 31K 78643K 10115 0 0 UVM aobj 108 3K 3K 78643K 121 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 544 0 0 NDP 22 0K 0K 78643K 188 0 0 temp 243 3563K 4201K 78643K 38741 0 0 kqueue 0 0K 0K 78643K 28 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 64 0 56 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 201 0 199 1 0 1 1 0 8 0 rtentry 112 276 0 227 2 0 2 2 0 8 0 unpcb 120 1168 0 1156 2 1 1 2 0 8 0 syncache 264 21 0 21 8 7 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 6501 0 6501 4 3 1 2 0 8 1 tcpcb 544 3210 0 3204 18 9 9 15 0 8 8 inpcb 280 4942 0 4929 13 4 9 9 0 8 8 rttmr 72 6 0 6 6 6 0 1 0 8 0 nd6 48 33 0 29 2 1 1 1 0 8 0 pkpcb 40 12 0 12 6 6 0 1 0 8 0 ppxss 1128 97 0 97 6 5 1 1 0 8 1 pffrag 232 46 0 46 10 9 1 1 0 482 1 pffrnode 88 46 0 46 10 9 1 1 0 8 1 pffrent 40 873 0 873 11 10 1 1 0 8 1 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 1287 0 739 5 0 5 5 0 8 0 pfstkey 112 1287 0 739 20 2 18 20 0 8 0 pfstate 328 1287 0 739 67 16 51 58 0 8 1 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 1142 0 909 25 10 15 15 0 8 0 art_table 32 1144 0 910 2 0 2 2 0 8 0 art_node 16 268 0 224 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 3 1 0 1 1 0 8 0 semapl 112 366 0 356 1 0 1 1 0 8 0 shmpl 112 119 0 13 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 5432 0 4029 46 0 46 46 0 8 0 ffsino 272 5432 0 4029 95 0 95 95 0 8 0 nchpl 144 10051 0 9585 61 40 21 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 32246 0 32246 6 5 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vmpool 552 20 0 20 7 6 1 1 0 8 1 scsiplug 64 3 0 3 2 2 0 1 0 8 0 scxspl 192 29705 0 29705 25 24 1 7 0 8 1 plimitpl 152 234 0 226 1 0 1 1 0 8 0 sigapl 432 2773 0 2757 3 1 2 3 0 8 0 futexpl 56 54672 0 54671 1 0 1 1 0 8 0 knotepl 112 936 0 916 4 3 1 3 0 8 0 kqueuepl 104 2872 0 2869 5 1 4 4 0 8 3 pipepl 112 2440 0 2421 13 11 2 2 0 8 1 fdescpl 488 2774 0 2757 3 0 3 3 0 8 0 filepl 152 26241 0 26136 23 11 12 13 0 8 7 lockfpl 104 733 0 732 1 0 1 1 0 8 0 lockfspl 48 247 0 246 1 0 1 1 0 8 0 sessionpl 112 29 0 18 1 0 1 1 0 8 0 pgrppl 48 53 0 42 1 0 1 1 0 8 0 ucredpl 96 3020 0 3010 1 0 1 1 0 8 0 zombiepl 144 2757 0 2757 5 4 1 1 0 8 1 processpl 896 2791 0 2757 4 0 4 4 0 8 0 procpl 632 8751 0 8705 8 3 5 5 0 8 1 srpgc 64 17 0 17 7 7 0 1 0 8 0 sosppl 128 239 0 239 4 3 1 1 0 8 1 sockpl 384 6350 0 6326 18 6 12 14 0 8 8 mcl64k 65536 368 0 0 38 5 33 33 0 8 0 mcl16k 16384 9 0 0 2 0 2 2 0 8 0 mcl12k 12288 19 0 0 2 0 2 2 0 8 0 mcl9k 9216 11 0 0 1 0 1 1 0 8 0 mcl8k 8192 25 0 0 4 1 3 3 0 8 0 mcl4k 4096 19 0 0 3 1 2 3 0 8 0 mcl2k2 2112 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 218 0 0 24 1 23 24 0 8 1 mtagpl 80 64 0 0 1 0 1 1 0 8 0 mbufpl 256 596 0 0 25 0 25 25 0 8 0 bufpl 256 15744 0 8696 441 0 441 441 0 8 0 anonpl 16 316061 0 299418 133 54 79 86 0 124 7 amapchunkpl 152 19842 0 19731 39 33 6 12 0 158 0 amappl16 192 14885 0 13919 136 84 52 61 0 8 3 amappl15 184 156 0 154 1 0 1 1 0 8 0 amappl14 176 504 0 502 2 1 1 1 0 8 0 amappl13 168 959 0 958 1 0 1 1 0 8 0 amappl12 160 62 0 60 4 3 1 1 0 8 0 amappl11 152 172 0 156 1 0 1 1 0 8 0 amappl10 144 329 0 326 1 0 1 1 0 8 0 amappl9 136 1250 0 1244 1 0 1 1 0 8 0 amappl8 128 786 0 757 2 0 2 2 0 8 0 amappl7 120 402 0 393 1 0 1 1 0 8 0 amappl6 112 157 0 144 1 0 1 1 0 8 0 amappl5 104 277 0 262 1 0 1 1 0 8 0 amappl4 96 3288 0 3255 1 0 1 1 0 8 0 amappl3 88 627 0 622 1 0 1 1 0 8 0 amappl2 80 21306 0 21225 4 1 3 3 0 8 0 amappl1 72 70709 0 70245 27 17 10 20 0 8 0 amappl 80 9216 0 9176 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 120 0 13 2 0 2 2 0 8 0 uaddrrnd 24 2794 0 2757 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2794 0 2757 1 0 1 1 0 8 0 vmmpekpl 168 28015 0 27978 2 0 2 2 0 8 0 vmmpepl 168 352319 0 350098 282 154 128 129 0 357 29 vmsppl 368 2773 0 2757 2 0 2 2 0 8 0 pdppl 4096 5595 0 5554 7 1 6 6 0 8 0 pvpl 32 847388 0 827450 303 110 193 203 0 265 27 pmappl 232 2793 0 2777 8 6 2 2 0 8 1 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 699 0 37 20 0 20 20 0 8 0