uvm_fault(0xffffffff82553f08, 0xffff800000b2b076, 0, 1) -> e kernel: page fault trap, code=0 Stopped at rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xffffffff82553f08, 0xffff800000b2b076, 0, 1) -> e rtable_satoplen(2,ffff800000b2af78) at rtable_satoplen+0x150 sys/net/rtable.c:894 end trace frame: 0xffff800023db6b30, count: 0 ddb{0}> trace rtable_satoplen(2,ffff800000b2af78) at rtable_satoplen+0x150 sys/net/rtable.c:894 rtable_lookup(0,fffffd8064633320,ffff800000b2af78,ffff800000b2af58,4) at rtable_lookup+0xeb sys/net/rtable.c:391 rtrequest_delete(ffff800023db6bd0,4,ffff800000abf800,ffff800023db6ca0,0) at rtrequest_delete+0xe3 sys/net/route.c:775 rt_ifa_del(ffff800000b2af00,800100,ffff800000b2af58,0) at rt_ifa_del+0x3c3 sys/net/route.c:1191 in_ioctl_change_ifaddr(8040691a,ffff800023db6f30,ffff800000abf800,1) at in_ioctl_change_ifaddr+0x355 in_remove_prefix sys/netinet/in.c:738 [inline] in_ioctl_change_ifaddr(8040691a,ffff800023db6f30,ffff800000abf800,1) at in_ioctl_change_ifaddr+0x355 in_ifscrub sys/netinet/in.c:562 [inline] in_ioctl_change_ifaddr(8040691a,ffff800023db6f30,ffff800000abf800,1) at in_ioctl_change_ifaddr+0x355 sys/netinet/in.c:432 in_ioctl(8040691a,ffff800023db6f30,ffff800000abf800,1) at in_ioctl+0x205 sys/netinet/in.c:234 ifioctl(fffffd8062a08930,8040691a,ffff800023db6f30,ffff800020ab0508) at ifioctl+0xb64 sys/net/if.c:2202 sys_ioctl(ffff800020ab0508,ffff800023db7048,ffff800023db7090) at sys_ioctl+0x5b9 syscall(ffff800023db7110) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800023db7110) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,1d2b4008010) at Xsyscall+0x128 end of kernel end trace frame: 0x1d54d0e5990, count: -10 ddb{0}> show registers rdi 0 rsi 0xff rbp 0xffff800023db6a90 rbx 0xffffffffffffff05 rdx 0xffff800000b2af7c rcx 0xffff800000b2b077 rax 0xffff800000b2b077 r8 0x4 r9 0x7 r10 0xb172ddbbd152c17f r11 0x773fc1080cb8c24f r12 0 r13 0xffff800000b2b077 r14 0xffffffff8251dcc0 inetdomain r15 0x4 rip 0xffffffff820a7b20 rtable_satoplen+0x150 cs 0x8 rflags 0x10287 __ALIGN_SIZE+0xf287 rsp 0xffff800023db6a40 ss 0x10 rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d ddb{0}> show proc PROC (syz-executor.0) pid=110857 stat=onproc flags process=0 proc=4000000 pri=70, usrpri=70, nice=20 forw=0xffffffffffffffff, list=0xffff800020ab0c70,0xffff800020ab1170 process=0xffff800020add880 user=0xffff800023db2000, vmspace=0xfffffd807f00ba10 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 49745 404740 40347 0 2 0 syz-executor.0 *49745 110857 40347 0 7 0x4000000 syz-executor.0 49745 205500 40347 0 3 0x4000080 fsleep syz-executor.0 49745 374956 40347 0 3 0x4000080 fsleep syz-executor.0 79848 360114 1650 0 3 0x80 nanosleep syz-executor.1 79848 351917 1650 0 3 0x4000080 nanosleep syz-executor.1 79848 139822 1650 0 3 0x4000080 fsleep syz-executor.1 1650 204495 93597 0 3 0x82 nanosleep syz-executor.1 40347 501017 93597 0 3 0x82 nanosleep syz-executor.0 77292 73380 0 0 3 0x14200 bored sosplice 93597 460441 55765 0 3 0x82 thrsleep syz-fuzzer 93597 100094 55765 0 3 0x4000082 thrsleep syz-fuzzer 93597 336653 55765 0 3 0x4000082 thrsleep syz-fuzzer 93597 356148 55765 0 3 0x4000082 thrsleep syz-fuzzer 93597 139761 55765 0 3 0x4000082 thrsleep syz-fuzzer 93597 305599 55765 0 3 0x4000082 thrsleep syz-fuzzer 93597 259514 55765 0 3 0x4000082 thrsleep syz-fuzzer 93597 1815 55765 0 3 0x4000082 thrsleep syz-fuzzer 93597 224357 55765 0 3 0x4000082 thrsleep syz-fuzzer 93597 516191 55765 0 3 0x4000082 kqread syz-fuzzer 55765 494737 9763 0 3 0x10008a pause ksh 9763 228739 41278 0 3 0x92 select sshd 87791 179231 1 0 3 0x100083 ttyin getty 41278 74611 1 0 3 0x80 select sshd 59522 204714 82851 74 3 0x100092 bpf pflogd 82851 503389 1 0 3 0x80 netio pflogd 2031 175161 8165 73 7 0x100090 syslogd 8165 363973 1 0 3 0x100082 netio syslogd 93573 519364 1 77 3 0x100090 poll dhclient 9860 298246 1 0 3 0x80 poll dhclient 45234 270579 0 0 3 0x14200 pgzero zerothread 80876 66120 0 0 3 0x14200 aiodoned aiodoned 86681 79599 0 0 3 0x14200 syncer update 11160 366613 0 0 3 0x14200 cleaner cleaner 29427 286107 0 0 3 0x14200 reaper reaper 231 185783 0 0 3 0x14200 pgdaemon pagedaemon 89904 365139 0 0 3 0x14200 bored crynlk 700 213440 0 0 3 0x14200 bored crypto 94629 492957 0 0 3 0x40014200 acpi0 acpi0 91300 148683 0 0 3 0x40014200 idle1 51992 431959 0 0 3 0x14200 bored softnet 70161 268963 0 0 3 0x14200 bored systqmp 90780 8471 0 0 3 0x14200 bored systq 80643 5767 0 0 2 0x40014200 softclock 99668 271778 0 0 3 0x40014200 idle0 77088 325316 0 0 3 0x14200 bored smr 1 462795 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 49745 (syz-executor.0) thread 0xffff800020ab0508 (110857) exclusive rwlock netlock r = 0 (0xffffffff82464b38) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 in_ioctl_change_ifaddr+0x3f #2 in_ioctl+0x205 sys/netinet/in.c:234 #3 ifioctl+0xb64 sys/net/if.c:2202 #4 sys_ioctl+0x5b9 #5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff8266bc00) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9552 6426K 7331K 78643K 13174 0 0 pcb 13 10K 12K 78643K 210 0 0 rtable 87 5K 6K 78643K 724 0 0 ifaddr 69 14K 15K 78643K 179 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1531 0 0 iov 0 0K 16K 78643K 213 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1221 77K 77K 78643K 2067 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 19 0 0 VM map 11 5K 6K 78643K 19 0 0 sem 12 0K 0K 78643K 225 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 6 17K 25K 78643K 938 0 0 sigio 0 0K 0K 78643K 105 0 0 proc 60 63K 83K 78643K 757 0 0 subproc 32 2K 2K 78643K 136 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 75 0 0 in_multi 19 1K 2K 78643K 132 0 0 ether_multi 1 0K 0K 78643K 11 0 0 mrt 0 0K 0K 78643K 6 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 389 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 147 105K 105K 78643K 4253 0 0 UVM aobj 98 5K 5K 78643K 98 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 148 0 0 NDP 16 0K 0K 78643K 54 0 0 temp 200 3564K 3640K 78643K 35281 0 0 kqueue 0 0K 0K 78643K 15 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 30 0 25 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 81 0 79 1 0 1 1 0 8 0 rtentry 112 147 0 118 2 0 2 2 0 8 0 unpcb 120 959 0 948 2 0 2 2 0 8 1 syncache 264 12 0 12 6 6 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 35 0 35 3 3 0 1 0 8 0 tcpcb 544 2351 0 2343 15 6 9 14 0 8 8 inpcb 280 3180 0 3167 11 2 9 9 0 8 8 rttmr 72 2 0 2 2 2 0 1 0 8 0 nd6 48 18 0 17 1 0 1 1 0 8 0 pkpcb 40 5 0 5 2 2 0 1 0 8 0 ppxss 1128 16 0 16 5 5 0 1 0 8 0 pffrag 232 24 0 24 4 3 1 1 0 482 1 pffrnode 88 24 0 24 4 3 1 1 0 8 1 pffrent 40 695 0 695 4 3 1 1 0 8 1 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 100 0 43 1 0 1 1 0 8 0 pfstkey 112 100 0 43 2 0 2 2 0 8 0 pfstate 328 100 0 42 6 0 6 6 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 3 0 2 3 2 1 3 0 8 0 art_heap4 256 617 0 461 18 4 14 15 0 8 2 art_table 32 620 0 463 2 0 2 2 0 8 0 art_node 16 146 0 119 1 0 1 1 0 8 0 sysvmsgpl 40 54 0 45 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 223 0 213 1 0 1 1 0 8 0 shmpl 112 96 0 0 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2683 0 1281 46 0 46 46 0 8 0 ffsino 272 2683 0 1281 95 0 95 95 0 8 0 nchpl 144 4365 0 2760 61 0 61 61 0 8 0 uvmvnodes 72 3422 0 0 63 0 63 63 0 8 0 vnodes 208 3422 0 0 181 0 181 181 0 8 0 namei 1024 13656 0 13656 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 9 0 0 2 0 2 2 0 8 0 vmpool 552 17 0 8 1 0 1 1 0 8 0 scxspl 192 14666 0 14666 14 11 3 7 0 8 3 plimitpl 152 101 0 93 1 0 1 1 0 8 0 sigapl 432 1120 0 1104 3 1 2 3 0 8 0 futexpl 56 25244 0 25241 1 0 1 1 0 8 0 knotepl 112 317 0 298 2 0 2 2 0 8 1 kqueuepl 104 547 0 545 4 0 4 4 0 8 3 pipepl 112 902 0 883 1 0 1 1 0 8 0 fdescpl 488 1121 0 1104 3 0 3 3 0 8 0 filepl 152 10947 0 10842 15 3 12 14 0 8 7 lockfpl 104 301 0 300 1 0 1 1 0 8 0 lockfspl 48 99 0 98 1 0 1 1 0 8 0 sessionpl 112 24 0 13 1 0 1 1 0 8 0 pgrppl 48 32 0 21 1 0 1 1 0 8 0 ucredpl 96 807 0 798 1 0 1 1 0 8 0 zombiepl 144 1104 0 1104 1 0 1 1 0 8 1 processpl 896 1137 0 1104 4 0 4 4 0 8 0 procpl 632 3132 0 3085 5 0 5 5 0 8 1 srpgc 64 14 0 14 4 3 1 1 0 8 1 sosppl 128 11 0 11 4 3 1 1 0 8 1 sockpl 384 4247 0 4221 19 8 11 14 0 8 8 mcl64k 65536 12 0 0 2 0 2 2 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 9 0 0 1 0 1 1 0 8 0 mcl9k 9216 6 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 161 0 0 20 0 20 20 0 8 0 mtagpl 80 25 0 0 1 0 1 1 0 8 0 mbufpl 256 389 0 0 23 0 23 23 0 8 0 bufpl 256 9260 0 2212 441 0 441 441 0 8 0 anonpl 16 160501 0 142514 110 33 77 91 0 124 0 amapchunkpl 152 7965 0 7805 23 13 10 14 0 158 2 amappl16 192 6114 0 5093 90 37 53 63 0 8 1 amappl15 184 727 0 727 1 1 0 1 0 8 0 amappl14 176 73 0 69 1 0 1 1 0 8 0 amappl13 168 46 0 46 2 2 0 1 0 8 0 amappl12 160 118 0 113 1 0 1 1 0 8 0 amappl11 152 166 0 151 1 0 1 1 0 8 0 amappl10 144 110 0 104 1 0 1 1 0 8 0 amappl9 136 838 0 829 1 0 1 1 0 8 0 amappl8 128 400 0 358 2 0 2 2 0 8 0 amappl7 120 158 0 151 1 0 1 1 0 8 0 amappl6 112 173 0 161 1 0 1 1 0 8 0 amappl5 104 288 0 272 1 0 1 1 0 8 0 amappl4 96 1329 0 1292 2 1 1 2 0 8 0 amappl3 88 278 0 272 1 0 1 1 0 8 0 amappl2 80 8006 0 7924 3 1 2 3 0 8 0 amappl1 72 34880 0 34417 25 15 10 20 0 8 0 amappl 80 3512 0 3456 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 97 0 0 2 0 2 2 0 8 0 uaddrrnd 24 1138 0 1104 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1138 0 1104 1 0 1 1 0 8 0 vmmpekpl 168 12735 0 12691 4 1 3 3 0 8 0 vmmpepl 168 150311 0 147991 167 33 134 135 0 357 33 vmsppl 368 1120 0 1104 2 0 2 2 0 8 0 pdppl 4096 2283 0 2233 7 0 7 7 0 8 0 pvpl 32 442405 0 421124 229 39 190 216 0 265 11 pmappl 232 1137 0 1112 2 0 2 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 640 0 15 18 0 18 18 0 8 0