uvm_fault(0xffffffff82535d88, 0xffff800000af2074, 0, 1) -> e kernel: page fault trap, code=0 Stopped at rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff82535d88, 0xffff800000af2074, 0, 1) -> e rtable_satoplen(2,ffff800000af1f78) at rtable_satoplen+0x150 sys/net/rtable.c:894 end trace frame: 0xffff800016b21c20, count: 0 ddb> trace rtable_satoplen(2,ffff800000af1f78) at rtable_satoplen+0x150 sys/net/rtable.c:894 rtable_lookup(66,fffffd802b2c5220,ffff800000af1f78,ffff800000af1f58,4) at rtable_lookup+0xe0 sys/net/rtable.c:391 rtrequest_delete(ffff800016b21cc0,4,ffff800000af3800,ffff800016b21d90,66) at rtrequest_delete+0xe3 sys/net/route.c:775 rt_ifa_del(ffff800000af1f00,800100,ffff800000af1f58,66) at rt_ifa_del+0x3c3 sys/net/route.c:1191 in_purgeaddr(ffff800000af1f00) at in_purgeaddr+0xc6 in_remove_prefix sys/netinet/in.c:738 [inline] in_purgeaddr(ffff800000af1f00) at in_purgeaddr+0xc6 in_ifscrub sys/netinet/in.c:562 [inline] in_purgeaddr(ffff800000af1f00) at in_purgeaddr+0xc6 sys/netinet/in.c:678 in_ifinit(ffff800000af3800,ffff800000af1f00,ffff800016b22110,1) at in_ifinit+0x234 sys/netinet/in.c:664 in_ioctl_change_ifaddr(8040691a,ffff800016b22100,ffff800000af3800,1) at in_ioctl_change_ifaddr+0x5de sys/netinet/in.c:452 in_ioctl(8040691a,ffff800016b22100,ffff800000af3800,1) at in_ioctl+0x205 sys/netinet/in.c:234 ifioctl(fffffd8039114040,8040691a,ffff800016b22100,ffff8000179a53e0) at ifioctl+0xb34 sys/net/if.c:2202 sys_ioctl(ffff8000179a53e0,ffff800016b22218,ffff800016b22260) at sys_ioctl+0x5b9 syscall(ffff800016b222e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,ee084e2b010) at Xsyscall+0x128 end of kernel end trace frame: 0xee2e8ed3130, count: -12 ddb> show registers rdi 0 rsi 0xfd rbp 0xffff800016b21b80 rbx 0xffffffffffffff07 rdx 0xffff800000af1f7c rcx 0xffff800000af2075 rax 0xffff800000af2075 r8 0x4 r9 0x5 r10 0xd741b56e30d8d4cd r11 0x5daddb5b5d202815 r12 0 r13 0xffff800000af2075 r14 0xffffffff8247ee88 inetdomain r15 0x4 rip 0xffffffff817890f0 rtable_satoplen+0x150 cs 0x8 rflags 0x10283 __ALIGN_SIZE+0xf283 rsp 0xffff800016b21b30 ss 0x10 rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d ddb> show proc PROC (syz-executor.0) pid=515287 stat=onproc flags process=0 proc=4000000 pri=76, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff8000179a5658,0xffffffff8259e288 process=0xffff8000ffff6d90 user=0xffff800016b1d000, vmspace=0xfffffd803f012770 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 66503 350357 60477 0 2 0 syz-executor.0 *66503 515287 60477 0 7 0x4000000 syz-executor.0 57175 487824 93442 0 2 0 syz-executor.1 57175 243744 93442 0 3 0x4000080 msgwait syz-executor.1 60477 11229 50557 0 3 0x82 nanosleep syz-executor.0 93442 368451 50557 0 3 0x82 nanosleep syz-executor.1 52041 32282 0 0 3 0x14200 acct acct 68290 471605 0 0 3 0x14200 bored sosplice 50557 407536 99888 0 3 0x82 kqread syz-fuzzer 50557 473974 99888 0 3 0x4000082 thrsleep syz-fuzzer 50557 309954 99888 0 3 0x4000082 thrsleep syz-fuzzer 50557 137757 99888 0 3 0x4000082 thrsleep syz-fuzzer 50557 236359 99888 0 3 0x4000082 thrsleep syz-fuzzer 50557 83838 99888 0 3 0x4000082 thrsleep syz-fuzzer 50557 440420 99888 0 3 0x4000082 thrsleep syz-fuzzer 99888 95426 77504 0 3 0x10008a pause ksh 77504 498419 39958 0 3 0x92 select sshd 9218 274251 1 0 3 0x100083 ttyin getty 39958 172615 1 0 3 0x80 select sshd 46954 304291 98900 73 3 0x100090 kqread syslogd 98900 427376 1 0 3 0x100082 netio syslogd 86280 344158 1 77 3 0x100090 poll dhclient 43630 34657 1 0 3 0x80 poll dhclient 77805 429830 0 0 2 0x14200 zerothread 52379 429283 0 0 3 0x14200 aiodoned aiodoned 15608 262663 0 0 3 0x14200 syncer update 26822 51217 0 0 3 0x14200 cleaner cleaner 30084 55230 0 0 3 0x14200 reaper reaper 89688 333385 0 0 3 0x14200 pgdaemon pagedaemon 20758 69192 0 0 3 0x14200 bored crynlk 76862 65823 0 0 3 0x14200 bored crypto 68641 486545 0 0 3 0x40014200 acpi0 acpi0 56647 512442 0 0 3 0x14200 bored softnet 62134 292276 0 0 3 0x14200 bored systqmp 12804 209678 0 0 3 0x14200 bored systq 14360 373069 0 0 3 0x40014200 bored softclock 38754 359785 0 0 3 0x40014200 idle0 2490 268534 0 0 3 0x14200 bored smr 1 333746 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9601 6399K 7943K 78643K 26283 0 0 pcb 13 11K 12K 78643K 1777 0 0 rtable 98 8K 9K 78643K 6549 0 0 ifaddr 93 21K 21K 78643K 878 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 299 0 0 iov 0 0K 24K 78643K 787 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1223 77K 77K 78643K 6732 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 75 0 0 VM map 22 5K 5K 78643K 26 0 0 sem 12 0K 1K 78643K 1566 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1794 195K 288K 78643K 12646 0 0 file desc 6 17K 25K 78643K 8217 0 0 sigio 0 0K 0K 78643K 168 0 0 proc 49 38K 63K 78643K 1282 0 0 subproc 32 2K 2K 78643K 204 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 631 0 0 in_multi 13 0K 2K 78643K 444 0 0 ether_multi 1 0K 0K 78643K 71 0 0 mrt 8 0K 0K 78643K 61 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 180 795K 795K 78643K 180 0 0 exec 0 0K 1K 78643K 725 0 0 pfkey data 0 0K 4K 78643K 5 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 142 233K 233K 78643K 20006 0 0 UVM aobj 130 4K 4K 78643K 148 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 1063 0 0 NDP 21 0K 0K 78643K 263 0 0 temp 234 3541K 3667K 78643K 92852 0 0 kqueue 0 0K 0K 78643K 19 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 267 0 263 1 0 1 1 0 8 0 rtpcb 80 712 0 710 1 0 1 1 0 8 0 rtentry 112 1877 0 1848 2 0 2 2 0 8 0 unpcb 120 2300 0 2285 3 2 1 2 0 8 0 syncache 264 83 0 83 9 9 0 1 0 8 0 sackhl 24 12 0 12 7 7 0 1 0 8 0 tcpqe 32 16 0 16 8 8 0 1 0 8 0 tcpcb 544 2579 0 2575 16 15 1 12 0 8 0 ipq 40 6 0 6 2 2 0 1 0 8 0 ipqe 40 55 0 55 2 2 0 1 0 8 0 inpcb 280 8779 0 8770 22 20 2 9 0 8 1 rttmr 72 16 0 15 3 2 1 1 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 48 25 0 25 2 2 0 1 0 8 0 pkpcb 40 28 0 28 5 5 0 1 0 8 0 ppxss 1128 161 0 160 3 2 1 1 0 8 0 art_heap8 4096 63 0 61 6 4 2 3 0 8 0 art_heap4 256 5349 0 5188 21 8 13 16 0 8 0 art_table 32 5412 0 5249 3 1 2 3 0 8 0 art_node 16 1876 0 1849 1 0 1 1 0 8 0 sysvmsgpl 40 49 0 43 2 1 1 1 0 8 0 semupl 112 9 0 9 1 1 0 1 0 8 0 semapl 112 1564 0 1554 1 0 1 1 0 8 0 shmpl 112 146 0 18 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 14201 0 12802 46 0 46 46 0 8 0 ffsino 240 14201 0 12802 83 0 83 83 0 8 0 nchpl 144 25027 0 24562 61 42 19 61 0 8 0 uvmvnodes 72 6291 0 0 115 0 115 115 0 8 0 vnodes 208 6291 0 0 332 0 332 332 0 8 0 namei 1024 73410 0 73410 4 3 1 1 0 8 1 vcpupl 1984 20 0 0 3 0 3 3 0 8 0 vmpool 520 24 0 4 2 0 2 2 0 8 0 scsiplug 64 17 0 17 6 6 0 1 0 8 0 scxspl 192 83582 0 83582 19 18 1 7 0 8 1 plimitpl 152 443 0 436 1 0 1 1 0 8 0 sigapl 432 8358 0 8344 2 0 2 2 0 8 0 futexpl 56 132989 0 132989 3 2 1 1 0 8 1 knotepl 112 1291 0 1272 5 4 1 3 0 8 0 kqueuepl 104 1349 0 1347 4 3 1 4 0 8 0 pipepl 112 2338 0 2319 9 8 1 2 0 8 0 fdescpl 424 8359 0 8344 2 0 2 2 0 8 0 filepl 120 46125 0 46028 26 22 4 11 0 8 1 lockfpl 104 3571 0 3570 1 0 1 1 0 8 0 lockfspl 48 1022 0 1021 1 0 1 1 0 8 0 sessionpl 112 27 0 17 1 0 1 1 0 8 0 pgrppl 48 179 0 169 1 0 1 1 0 8 0 ucredpl 96 7938 0 7931 1 0 1 1 0 8 0 zombiepl 144 8344 0 8344 2 1 1 1 0 8 1 processpl 864 8375 0 8344 4 0 4 4 0 8 0 procpl 632 18494 0 18455 6 2 4 5 0 8 0 sosppl 128 152 0 152 13 13 0 1 0 8 0 sockpl 384 11884 0 11858 36 31 5 14 0 8 2 mcl64k 65536 2579 0 2579 74 73 1 32 0 8 1 mcl16k 16384 85 0 85 12 12 0 1 0 8 0 mcl12k 12288 178 0 178 15 14 1 1 0 8 1 mcl9k 9216 56 0 56 11 10 1 1 0 8 1 mcl8k 8192 322 0 322 18 18 0 1 0 8 0 mcl4k 4096 647 0 647 14 13 1 1 0 8 1 mcl2k2 2112 33 0 33 7 6 1 1 0 8 1 mcl2k 2048 40554 0 40508 60 52 8 14 0 8 0 mtagpl 80 485 0 483 7 6 1 5 0 8 0 mbufpl 256 169947 0 169877 75 64 11 39 0 8 0 bufpl 256 25817 0 19490 397 1 396 396 0 8 0 anonpl 16 764870 0 757231 196 163 33 54 0 62 0 amapchunkpl 152 35413 0 35326 53 49 4 14 0 158 0 amappl16 192 47353 0 46958 184 163 21 37 0 8 1 amappl15 184 249 0 247 2 1 1 1 0 8 0 amappl14 176 2626 0 2622 2 1 1 1 0 8 0 amappl13 168 533 0 533 2 2 0 1 0 8 0 amappl12 160 551 0 545 1 0 1 1 0 8 0 amappl11 152 3187 0 3176 1 0 1 1 0 8 0 amappl10 144 574 0 573 1 0 1 1 0 8 0 amappl9 136 568 0 562 1 0 1 1 0 8 0 amappl8 128 274 0 229 3 1 2 2 0 8 0 amappl7 120 643 0 636 1 0 1 1 0 8 0 amappl6 112 3184 0 3174 1 0 1 1 0 8 0 amappl5 104 1054 0 1042 1 0 1 1 0 8 0 amappl4 96 8287 0 8260 1 0 1 1 0 8 0 amappl3 88 738 0 732 1 0 1 1 0 8 0 amappl2 80 66481 0 66407 4 2 2 3 0 8 0 amappl1 72 147857 0 147432 27 18 9 20 0 8 0 amappl 80 18947 0 18899 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 147 0 18 3 0 3 3 0 8 0 uaddrrnd 24 8383 0 8344 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 8383 0 8344 1 0 1 1 0 8 0 vmmpekpl 168 45648 0 45619 2 0 2 2 0 8 0 vmmpepl 168 961316 0 959721 223 152 71 82 0 357 0 vmsppl 272 8358 0 8344 2 1 1 2 0 8 0 pdppl 4096 16772 0 16716 9 1 8 8 0 8 0 pvpl 32 2309560 0 2298715 526 399 127 231 0 265 39 pmappl 200 8382 0 8348 2 0 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 796 0 267 17 1 16 16 0 8 0