û[û[uvm_fault(0xffffffff82201e00, 0xffff800004d41002, 0, 1) -> e kernel: page fault trap, code=0 Stopped at rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff82201e00, 0xffff800004d41002, 0, 1) -> e rtable_satoplen(21,ffff800004d40f59) at rtable_satoplen+0x150 sys/net/rtable.c:888 end trace frame: 0xffff800014a3f5e0, count: 0 ddb> trace rtable_satoplen(21,ffff800004d40f59) at rtable_satoplen+0x150 sys/net/rtable.c:888 rtable_lookup(0,ffff800004d40f09,ffff800004d40f59,ffff800004d40f11,21) at rtable_lookup+0xed sys/net/rtable.c:391 rtm_output(ffff800004d40f00,ffff800014a3f6d0,ffff800014a3f6d8,21,0) at rtm_output+0x1a7 sys/net/rtsock.c:952 route_output(fffffd803f030500,fffffd8036431d88,0,0) at route_output+0x78b sys/net/rtsock.c:806 route_usrreq(fffffd8036431d88,9,fffffd803f030500,0,0,ffff800014a07788) at route_usrreq+0x35d sys/net/rtsock.c:271 sosend(fffffd8036431d88,0,ffff800014a3f998,0,0,0) at sosend+0x6e3 sys/kern/uipc_socket.c:513 sendit(ffff800014a07788,3,ffff800014a3fa58,0,ffff800014a3fb20) at sendit+0x58f sys/kern/uipc_syscalls.c:662 sys_sendto(ffff800014a07788,ffff800014a3fb38,ffff800014a3fb20) at sys_sendto+0x92 syscall(ffff800014a3fbd0) at syscall+0x541 Xsyscall(6,0,ffffffffffffffd8,0,6,6631dc31010) at Xsyscall+0x128 end of kernel end trace frame: 0x665eab023d0, count: -10 ddb> show registers rdi 0 rsi 0xaa rbp 0xffff800014a3f540 rbx 0xffffffffffffff5a rdx 0xffff800004d40f5d rcx 0xffff800004d41003 rax 0xffff800004d41003 r8 0x21 r9 0x1 r10 0xffff800000936c40 r11 0xba2980f74636d0f5 r12 0 r13 0xffff800004d41003 r14 0xffffffff82192808 mplsdomain r15 0x4 rip 0xffffffff813df7c0 rtable_satoplen+0x150 cs 0x8 rflags 0x10287 __ALIGN_SIZE+0xf287 rsp 0xffff800014a3f4f0 ss 0x10 rtable_satoplen+0x150: movzbl 0xffffffffffffffff(%r13),%r12d ddb> show proc PROC (syz-executor.1) pid=484070 stat=onproc flags process=0 proc=4000000 pri=77, usrpri=77, nice=20 forw=0xffffffffffffffff, list=0xffff800014a07c38,0xffffffff8224cb48 process=0xffff800014962d38 user=0xffff800014a3a000, vmspace=0xfffffd803f014528 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 80739 27864 26837 0 2 0 syz-executor.1 *80739 484070 26837 0 7 0x4000000 syz-executor.1 76221 304892 70856 0 2 0 syz-executor.0 76221 151578 70856 0 2 0x4000000 syz-executor.0 76221 308463 70856 0 3 0x4000000 inode syz-executor.0 76221 522981 70856 0 3 0x4000000 uvn_get syz-executor.0 76221 3818 70856 0 3 0x4000000 uvn_term syz-executor.0 26837 48195 20021 0 3 0x82 nanosleep syz-executor.1 70856 15861 20021 0 3 0x82 nanosleep syz-executor.0 10671 208336 0 0 3 0x14200 bored sosplice 20021 503771 26228 0 3 0x82 thrsleep syz-fuzzer 20021 54958 26228 0 3 0x4000082 nanosleep syz-fuzzer 20021 84262 26228 0 3 0x4000082 thrsleep syz-fuzzer 20021 381799 26228 0 3 0x4000082 kqread syz-fuzzer 20021 401366 26228 0 3 0x4000082 thrsleep syz-fuzzer 20021 228584 26228 0 3 0x4000082 thrsleep syz-fuzzer 20021 369953 26228 0 3 0x4000082 thrsleep syz-fuzzer 26228 357770 10968 0 3 0x10008a pause ksh 10968 458868 90603 0 3 0x92 select sshd 53845 46601 1 0 3 0x100083 ttyin getty 90603 496983 1 0 3 0x80 select sshd 41998 55161 72090 73 2 0x100090 syslogd 72090 138718 1 0 3 0x100082 netio syslogd 69765 326126 1 77 3 0x100090 poll dhclient 3475 357225 1 0 3 0x80 poll dhclient 64338 54818 0 0 2 0x14200 zerothread 72485 375769 0 0 3 0x14200 aiodoned aiodoned 67594 301413 0 0 3 0x14200 syncer update 66158 92890 0 0 3 0x14200 cleaner cleaner 59838 376969 0 0 3 0x14200 reaper reaper 23607 397916 0 0 3 0x14200 pgdaemon pagedaemon 47677 175932 0 0 3 0x14200 bored crynlk 15265 457025 0 0 3 0x14200 bored crypto 3287 227435 0 0 3 0x40014200 acpi0 acpi0 57858 394484 0 0 3 0x14200 bored softnet 32091 302549 0 0 3 0x14200 bored systqmp 36549 380550 0 0 3 0x14200 bored systq 79734 463026 0 0 3 0x40014200 bored softclock 44352 183626 0 0 3 0x40014200 idle0 39959 508169 0 0 3 0x14200 bored smr 1 112758 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9509 6349K 6370K 78643K 11096 0 0 pcb 24 9K 11K 78643K 773 0 0 rtable 104 4K 4K 78643K 786 0 0 ifaddr 58 13K 14K 78643K 261 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 44 0 0 iov 1 8K 16K 78643K 171 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1194 75K 75K 78643K 1880 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 15 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 1K 1K 78643K 127 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 6 17K 25K 78643K 1140 0 0 sigio 0 0K 0K 78643K 21 0 0 proc 42 30K 54K 78643K 611 0 0 subproc 64 65538K 69634K 78643K 443 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 127 0 0 in_multi 33 2K 2K 78643K 188 0 0 ether_multi 1 0K 0K 78643K 6 0 0 mrt 0 0K 0K 78643K 4 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 84 371K 371K 78643K 84 0 0 exec 0 0K 1K 78643K 335 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 81 20K 24K 78643K 3470 0 0 UVM aobj 60 2K 3K 78643K 67 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 54 0 0 NDP 12 0K 0K 78643K 84 0 0 temp 171 2355K 2422K 78643K 6707 0 0 kqueue 0 0K 0K 78643K 7 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 15 0 11 1 0 1 1 0 8 0 inpcbpl 280 570 0 563 2 1 1 2 0 8 0 plimitpl 152 54 0 47 1 0 1 1 0 8 0 rtentry 112 142 0 102 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 49 0 49 1 1 0 1 0 8 0 tcpcb 544 190 0 186 1 0 1 1 0 8 0 nd6 48 26 0 22 1 0 1 1 0 8 0 ppxss 1128 32 0 32 5 4 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 657 0 466 12 0 12 12 0 8 0 art_table 32 658 0 466 2 0 2 2 0 8 0 art_node 16 139 0 105 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 12 1 0 1 1 0 8 0 semapl 112 123 0 113 1 0 1 1 0 8 0 shmpl 112 65 0 7 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 3282 0 1826 47 0 47 47 0 8 0 ffsino 240 3282 0 1826 86 0 86 86 0 8 0 nchpl 144 5090 0 3420 62 0 62 62 0 8 0 uvmvnodes 72 3647 0 0 67 0 67 67 0 8 0 vnodes 200 3647 0 0 192 0 192 192 0 8 0 namei 1024 15676 0 15675 1 0 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 17643 0 17643 12 9 3 7 0 8 3 sigapl 432 1277 0 1263 2 0 2 2 0 8 0 futexpl 56 18489 0 18489 1 0 1 1 0 8 1 knotepl 112 548 0 529 1 0 1 1 0 8 0 kqueuepl 104 371 0 369 1 0 1 1 0 8 0 pipepl 112 828 0 807 4 3 1 2 0 8 0 fdescpl 424 1278 0 1263 2 0 2 2 0 8 0 filepl 120 8315 0 8214 5 1 4 5 0 8 0 lockfpl 104 351 0 350 2 1 1 1 0 8 0 lockfspl 32 345 0 344 2 1 1 1 0 8 0 sessionpl 112 28 0 18 1 0 1 1 0 8 0 pgrppl 48 52 0 42 1 0 1 1 0 8 0 ucredpl 96 1630 0 1623 1 0 1 1 0 8 0 zombiepl 144 1263 0 1263 2 1 1 1 0 8 1 processpl 840 1293 0 1263 4 0 4 4 0 8 0 procpl 600 2663 0 2622 4 0 4 4 0 8 0 sosppl 128 26 0 26 6 5 1 1 0 8 1 sockpl 384 1261 0 1243 4 1 3 4 0 8 1 mcl64k 65536 30 0 30 5 4 1 1 0 8 1 mcl16k 16384 2 0 2 2 2 0 1 0 8 0 mcl12k 12288 21 0 21 3 3 0 1 0 8 0 mcl9k 9216 23 0 23 3 2 1 1 0 8 1 mcl8k 8192 20 0 20 5 4 1 1 0 8 1 mcl4k 4096 77 0 77 2 1 1 1 0 8 1 mcl2k2 2112 13 0 13 4 3 1 1 0 8 1 mcl2k 2048 50287 0 50249 13 7 6 11 0 8 0 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 88774 0 88692 14 8 6 8 0 8 0 bufpl 256 9520 0 3859 354 0 354 354 0 8 0 anonpl 16 152640 0 144760 87 33 54 54 0 62 15 amapchunkpl 152 5749 0 5656 20 15 5 14 0 158 0 amappl16 192 6900 0 6377 84 50 34 37 0 8 7 amappl15 184 101 0 96 1 0 1 1 0 8 0 amappl14 176 376 0 372 2 1 1 1 0 8 0 amappl13 168 354 0 351 1 0 1 1 0 8 0 amappl12 160 526 0 520 1 0 1 1 0 8 0 amappl11 152 60 0 49 1 0 1 1 0 8 0 amappl10 144 215 0 213 1 0 1 1 0 8 0 amappl9 136 773 0 770 1 0 1 1 0 8 0 amappl8 128 342 0 327 1 0 1 1 0 8 0 amappl7 120 194 0 187 1 0 1 1 0 8 0 amappl6 112 96 0 90 1 0 1 1 0 8 0 amappl5 104 470 0 457 1 0 1 1 0 8 0 amappl4 96 1125 0 1102 2 1 1 2 0 8 0 amappl3 88 668 0 662 1 0 1 1 0 8 0 amappl2 80 10233 0 10172 2 0 2 2 0 8 0 amappl1 72 32021 0 31583 24 14 10 19 0 8 0 amappl 72 2951 0 2913 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 66 0 7 1 0 1 1 0 8 0 uaddrrnd 24 1278 0 1263 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1278 0 1263 1 0 1 1 0 8 0 vmmpekpl 168 12312 0 12292 2 0 2 2 0 8 0 vmmpepl 168 144267 0 142712 124 43 81 84 0 357 13 vmsppl 264 1277 0 1263 5 4 1 2 0 8 0 pdppl 4096 2562 0 2526 6 1 5 6 0 8 0 pvpl 32 488855 0 477698 223 80 143 211 0 265 40 pmappl 192 1277 0 1263 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 507 0 29 14 0 14 14 0 8 0