uvm_fault(0xffffffff82535d88, 0xffff800000af2074, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffffff82535d88, 0xffff800000af2074, 0, 1) -> e
rtable_satoplen(2,ffff800000af1f78) at rtable_satoplen+0x150 sys/net/rtable.c:894
end trace frame: 0xffff800016b21c20, count: 0
ddb> trace
rtable_satoplen(2,ffff800000af1f78) at rtable_satoplen+0x150 sys/net/rtable.c:894
rtable_lookup(66,fffffd802b2c5220,ffff800000af1f78,ffff800000af1f58,4) at rtable_lookup+0xe0 sys/net/rtable.c:391
rtrequest_delete(ffff800016b21cc0,4,ffff800000af3800,ffff800016b21d90,66) at rtrequest_delete+0xe3 sys/net/route.c:775
rt_ifa_del(ffff800000af1f00,800100,ffff800000af1f58,66) at rt_ifa_del+0x3c3 sys/net/route.c:1191
in_purgeaddr(ffff800000af1f00) at in_purgeaddr+0xc6 in_remove_prefix sys/netinet/in.c:738 [inline]
in_purgeaddr(ffff800000af1f00) at in_purgeaddr+0xc6 in_ifscrub sys/netinet/in.c:562 [inline]
in_purgeaddr(ffff800000af1f00) at in_purgeaddr+0xc6 sys/netinet/in.c:678
in_ifinit(ffff800000af3800,ffff800000af1f00,ffff800016b22110,1) at in_ifinit+0x234 sys/netinet/in.c:664
in_ioctl_change_ifaddr(8040691a,ffff800016b22100,ffff800000af3800,1) at in_ioctl_change_ifaddr+0x5de sys/netinet/in.c:452
in_ioctl(8040691a,ffff800016b22100,ffff800000af3800,1) at in_ioctl+0x205 sys/netinet/in.c:234
ifioctl(fffffd8039114040,8040691a,ffff800016b22100,ffff8000179a53e0) at ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff8000179a53e0,ffff800016b22218,ffff800016b22260) at sys_ioctl+0x5b9
syscall(ffff800016b222e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,ee084e2b010) at Xsyscall+0x128
end of kernel
end trace frame: 0xee2e8ed3130, count: -12
ddb> show registers
rdi 0
rsi 0xfd
rbp 0xffff800016b21b80
rbx 0xffffffffffffff07
rdx 0xffff800000af1f7c
rcx 0xffff800000af2075
rax 0xffff800000af2075
r8 0x4
r9 0x5
r10 0xd741b56e30d8d4cd
r11 0x5daddb5b5d202815
r12 0
r13 0xffff800000af2075
r14 0xffffffff8247ee88 inetdomain
r15 0x4
rip 0xffffffff817890f0 rtable_satoplen+0x150
cs 0x8
rflags 0x10283 __ALIGN_SIZE+0xf283
rsp 0xffff800016b21b30
ss 0x10
rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d
ddb> show proc
PROC (syz-executor.0) pid=515287 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=76, usrpri=76, nice=20
forw=0xffffffffffffffff, list=0xffff8000179a5658,0xffffffff8259e288
process=0xffff8000ffff6d90 user=0xffff800016b1d000, vmspace=0xfffffd803f012770
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
66503 350357 60477 0 2 0 syz-executor.0
*66503 515287 60477 0 7 0x4000000 syz-executor.0
57175 487824 93442 0 2 0 syz-executor.1
57175 243744 93442 0 3 0x4000080 msgwait syz-executor.1
60477 11229 50557 0 3 0x82 nanosleep syz-executor.0
93442 368451 50557 0 3 0x82 nanosleep syz-executor.1
52041 32282 0 0 3 0x14200 acct acct
68290 471605 0 0 3 0x14200 bored sosplice
50557 407536 99888 0 3 0x82 kqread syz-fuzzer
50557 473974 99888 0 3 0x4000082 thrsleep syz-fuzzer
50557 309954 99888 0 3 0x4000082 thrsleep syz-fuzzer
50557 137757 99888 0 3 0x4000082 thrsleep syz-fuzzer
50557 236359 99888 0 3 0x4000082 thrsleep syz-fuzzer
50557 83838 99888 0 3 0x4000082 thrsleep syz-fuzzer
50557 440420 99888 0 3 0x4000082 thrsleep syz-fuzzer
99888 95426 77504 0 3 0x10008a pause ksh
77504 498419 39958 0 3 0x92 select sshd
9218 274251 1 0 3 0x100083 ttyin getty
39958 172615 1 0 3 0x80 select sshd
46954 304291 98900 73 3 0x100090 kqread syslogd
98900 427376 1 0 3 0x100082 netio syslogd
86280 344158 1 77 3 0x100090 poll dhclient
43630 34657 1 0 3 0x80 poll dhclient
77805 429830 0 0 2 0x14200 zerothread
52379 429283 0 0 3 0x14200 aiodoned aiodoned
15608 262663 0 0 3 0x14200 syncer update
26822 51217 0 0 3 0x14200 cleaner cleaner
30084 55230 0 0 3 0x14200 reaper reaper
89688 333385 0 0 3 0x14200 pgdaemon pagedaemon
20758 69192 0 0 3 0x14200 bored crynlk
76862 65823 0 0 3 0x14200 bored crypto
68641 486545 0 0 3 0x40014200 acpi0 acpi0
56647 512442 0 0 3 0x14200 bored softnet
62134 292276 0 0 3 0x14200 bored systqmp
12804 209678 0 0 3 0x14200 bored systq
14360 373069 0 0 3 0x40014200 bored softclock
38754 359785 0 0 3 0x40014200 idle0
2490 268534 0 0 3 0x14200 bored smr
1 333746 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9601 6399K 7943K 78643K 26283 0 0
pcb 13 11K 12K 78643K 1777 0 0
rtable 98 8K 9K 78643K 6549 0 0
ifaddr 93 21K 21K 78643K 878 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 299 0 0
iov 0 0K 24K 78643K 787 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1223 77K 77K 78643K 6732 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 75 0 0
VM map 22 5K 5K 78643K 26 0 0
sem 12 0K 1K 78643K 1566 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1794 195K 288K 78643K 12646 0 0
file desc 6 17K 25K 78643K 8217 0 0
sigio 0 0K 0K 78643K 168 0 0
proc 49 38K 63K 78643K 1282 0 0
subproc 32 2K 2K 78643K 204 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 631 0 0
in_multi 13 0K 2K 78643K 444 0 0
ether_multi 1 0K 0K 78643K 71 0 0
mrt 8 0K 0K 78643K 61 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 180 795K 795K 78643K 180 0 0
exec 0 0K 1K 78643K 725 0 0
pfkey data 0 0K 4K 78643K 5 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 142 233K 233K 78643K 20006 0 0
UVM aobj 130 4K 4K 78643K 148 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 1063 0 0
NDP 21 0K 0K 78643K 263 0 0
temp 234 3541K 3667K 78643K 92852 0 0
kqueue 0 0K 0K 78643K 19 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 267 0 263 1 0 1 1 0 8 0
rtpcb 80 712 0 710 1 0 1 1 0 8 0
rtentry 112 1877 0 1848 2 0 2 2 0 8 0
unpcb 120 2300 0 2285 3 2 1 2 0 8 0
syncache 264 83 0 83 9 9 0 1 0 8 0
sackhl 24 12 0 12 7 7 0 1 0 8 0
tcpqe 32 16 0 16 8 8 0 1 0 8 0
tcpcb 544 2579 0 2575 16 15 1 12 0 8 0
ipq 40 6 0 6 2 2 0 1 0 8 0
ipqe 40 55 0 55 2 2 0 1 0 8 0
inpcb 280 8779 0 8770 22 20 2 9 0 8 1
rttmr 72 16 0 15 3 2 1 1 0 8 0
ip6q 72 1 0 1 1 1 0 1 0 8 0
ip6af 40 2 0 2 1 1 0 1 0 8 0
nd6 48 25 0 25 2 2 0 1 0 8 0
pkpcb 40 28 0 28 5 5 0 1 0 8 0
ppxss 1128 161 0 160 3 2 1 1 0 8 0
art_heap8 4096 63 0 61 6 4 2 3 0 8 0
art_heap4 256 5349 0 5188 21 8 13 16 0 8 0
art_table 32 5412 0 5249 3 1 2 3 0 8 0
art_node 16 1876 0 1849 1 0 1 1 0 8 0
sysvmsgpl 40 49 0 43 2 1 1 1 0 8 0
semupl 112 9 0 9 1 1 0 1 0 8 0
semapl 112 1564 0 1554 1 0 1 1 0 8 0
shmpl 112 146 0 18 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 14201 0 12802 46 0 46 46 0 8 0
ffsino 240 14201 0 12802 83 0 83 83 0 8 0
nchpl 144 25027 0 24562 61 42 19 61 0 8 0
uvmvnodes 72 6291 0 0 115 0 115 115 0 8 0
vnodes 208 6291 0 0 332 0 332 332 0 8 0
namei 1024 73410 0 73410 4 3 1 1 0 8 1
vcpupl 1984 20 0 0 3 0 3 3 0 8 0
vmpool 520 24 0 4 2 0 2 2 0 8 0
scsiplug 64 17 0 17 6 6 0 1 0 8 0
scxspl 192 83582 0 83582 19 18 1 7 0 8 1
plimitpl 152 443 0 436 1 0 1 1 0 8 0
sigapl 432 8358 0 8344 2 0 2 2 0 8 0
futexpl 56 132989 0 132989 3 2 1 1 0 8 1
knotepl 112 1291 0 1272 5 4 1 3 0 8 0
kqueuepl 104 1349 0 1347 4 3 1 4 0 8 0
pipepl 112 2338 0 2319 9 8 1 2 0 8 0
fdescpl 424 8359 0 8344 2 0 2 2 0 8 0
filepl 120 46125 0 46028 26 22 4 11 0 8 1
lockfpl 104 3571 0 3570 1 0 1 1 0 8 0
lockfspl 48 1022 0 1021 1 0 1 1 0 8 0
sessionpl 112 27 0 17 1 0 1 1 0 8 0
pgrppl 48 179 0 169 1 0 1 1 0 8 0
ucredpl 96 7938 0 7931 1 0 1 1 0 8 0
zombiepl 144 8344 0 8344 2 1 1 1 0 8 1
processpl 864 8375 0 8344 4 0 4 4 0 8 0
procpl 632 18494 0 18455 6 2 4 5 0 8 0
sosppl 128 152 0 152 13 13 0 1 0 8 0
sockpl 384 11884 0 11858 36 31 5 14 0 8 2
mcl64k 65536 2579 0 2579 74 73 1 32 0 8 1
mcl16k 16384 85 0 85 12 12 0 1 0 8 0
mcl12k 12288 178 0 178 15 14 1 1 0 8 1
mcl9k 9216 56 0 56 11 10 1 1 0 8 1
mcl8k 8192 322 0 322 18 18 0 1 0 8 0
mcl4k 4096 647 0 647 14 13 1 1 0 8 1
mcl2k2 2112 33 0 33 7 6 1 1 0 8 1
mcl2k 2048 40554 0 40508 60 52 8 14 0 8 0
mtagpl 80 485 0 483 7 6 1 5 0 8 0
mbufpl 256 169947 0 169877 75 64 11 39 0 8 0
bufpl 256 25817 0 19490 397 1 396 396 0 8 0
anonpl 16 764870 0 757231 196 163 33 54 0 62 0
amapchunkpl 152 35413 0 35326 53 49 4 14 0 158 0
amappl16 192 47353 0 46958 184 163 21 37 0 8 1
amappl15 184 249 0 247 2 1 1 1 0 8 0
amappl14 176 2626 0 2622 2 1 1 1 0 8 0
amappl13 168 533 0 533 2 2 0 1 0 8 0
amappl12 160 551 0 545 1 0 1 1 0 8 0
amappl11 152 3187 0 3176 1 0 1 1 0 8 0
amappl10 144 574 0 573 1 0 1 1 0 8 0
amappl9 136 568 0 562 1 0 1 1 0 8 0
amappl8 128 274 0 229 3 1 2 2 0 8 0
amappl7 120 643 0 636 1 0 1 1 0 8 0
amappl6 112 3184 0 3174 1 0 1 1 0 8 0
amappl5 104 1054 0 1042 1 0 1 1 0 8 0
amappl4 96 8287 0 8260 1 0 1 1 0 8 0
amappl3 88 738 0 732 1 0 1 1 0 8 0
amappl2 80 66481 0 66407 4 2 2 3 0 8 0
amappl1 72 147857 0 147432 27 18 9 20 0 8 0
amappl 80 18947 0 18899 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 147 0 18 3 0 3 3 0 8 0
uaddrrnd 24 8383 0 8344 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 8383 0 8344 1 0 1 1 0 8 0
vmmpekpl 168 45648 0 45619 2 0 2 2 0 8 0
vmmpepl 168 961316 0 959721 223 152 71 82 0 357 0
vmsppl 272 8358 0 8344 2 1 1 2 0 8 0
pdppl 4096 16772 0 16716 9 1 8 8 0 8 0
pvpl 32 2309560 0 2298715 526 399 127 231 0 265 39
pmappl 200 8382 0 8348 2 0 2 2 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 796 0 267 17 1 16 16 0 8 0