uvm_fault(0xfffffd803f014770, 0x24, 0, 1) -> e kernel: page fault trap, code=0 Stopped at frag6_input+0x762: movl 0x24(%rax),%r14d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f014770, 0x24, 0, 1) -> e frag6_input(ffff800015924c08,ffff800015924c14,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 end trace frame: 0xffff800015924a90, count: 0 ddb> trace frag6_input(ffff800015924c08,ffff800015924c14,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 ip_deliver(ffff800015924c08,ffff800015924c14,2c,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:665 ip6_input_if(ffff800015924c08,ffff800015924c14,29,0,ffff80000069c000) at ip6_input_if+0x153a ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff800015924c08,ffff800015924c14,29,0,ffff80000069c000) at ip6_input_if+0x153a sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000069c000,fffffd803a7e2800) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000069c000,fffffd803a7e2800,18) at if_input_local+0x121 sys/net/if.c:783 ip6_output(fffffd803a7e2e00,ffff800000ae5d00,fffffd803ea0c3b8,0,0,fffffd803ea0c348) at ip6_output+0xd35 rip6_output(fffffd803a7e2e00,fffffd803ea0d900,ffff800015924f78,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd803ea0d900,9,fffffd803a7e2e00,0,0,ffff8000ffff2780) at rip6_usrreq+0x5cd sys/netinet6/raw_ip6.c:670 sosend(fffffd803ea0d900,0,ffff8000159251a8,0,0,0) at sosend+0x660 sys/kern/uipc_socket.c:524 dofilewritev(ffff8000ffff2780,3,ffff8000159251a8,0,ffff8000159252b0) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff8000ffff2780,ffff800015925248,ffff8000159252b0) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff800015925310) at syscall+0x508 Xsyscall(6,0,c,0,3,fa5b44db010) at Xsyscall+0x128 end of kernel end trace frame: 0xfa8369a57b0, count: -13 ddb> show registers rdi 0 rsi 0 rbp 0xffff800015924a10 rbx 0x600 rdx 0 rcx 0 rax 0 r8 0x30 r9 0 r10 0x2686362e35851082 r11 0xe03ef17e07f01b5c r12 0 r13 0xfffffd802f624f30 r14 0xfffffd802f624f40 r15 0xfffffd803e46c054 rip 0xffffffff81c4b992 frag6_input+0x762 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff800015924950 ss 0x10 frag6_input+0x762: movl 0x24(%rax),%r14d ddb> show proc PROC (syz-executor.1) pid=443368 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3650,0xffffffff82570880 process=0xffff8000148a2018 user=0xffff800015920000, vmspace=0xfffffd803f014770 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 77610 146067 23258 0 2 0 syz-executor.1 *77610 443368 23258 0 7 0x4000000 syz-executor.1 23258 380123 85241 0 3 0x82 nanosleep syz-executor.1 87782 115431 0 0 3 0x14200 acct acct 94325 467879 85241 0 2 0x2 syz-executor.0 85341 199969 1 0 3 0x100083 ttyin getty 6679 410165 0 0 3 0x14200 bored sosplice 85241 48735 81658 0 3 0x82 thrsleep syz-fuzzer 85241 91857 81658 0 3 0x4000082 nanosleep syz-fuzzer 85241 433278 81658 0 3 0x4000082 kqread syz-fuzzer 85241 180142 81658 0 3 0x4000082 thrsleep syz-fuzzer 85241 7239 81658 0 3 0x4000082 thrsleep syz-fuzzer 85241 339812 81658 0 3 0x4000082 thrsleep syz-fuzzer 85241 479624 81658 0 3 0x4000082 thrsleep syz-fuzzer 81658 503640 65890 0 3 0x10008a pause ksh 65890 40747 7065 0 3 0x92 select sshd 7065 23210 1 0 3 0x80 select sshd 37266 382783 67464 73 3 0x100090 kqread syslogd 67464 4816 1 0 3 0x100082 netio syslogd 33256 441860 1 77 3 0x100090 poll dhclient 82038 198092 1 0 3 0x80 poll dhclient 2467 123014 0 0 2 0x14200 zerothread 77164 147213 0 0 3 0x14200 aiodoned aiodoned 55970 489183 0 0 3 0x14200 syncer update 70654 360866 0 0 3 0x14200 cleaner cleaner 34621 286958 0 0 3 0x14200 reaper reaper 11819 18221 0 0 3 0x14200 pgdaemon pagedaemon 99006 494160 0 0 3 0x14200 bored crynlk 87607 19826 0 0 3 0x14200 bored crypto 54120 309931 0 0 3 0x40014200 acpi0 acpi0 77487 464646 0 0 2 0x14200 softnet 65940 172189 0 0 3 0x14200 bored systqmp 49226 472206 0 0 3 0x14200 bored systq 71017 68788 0 0 3 0x40014200 bored softclock 81626 269087 0 0 3 0x40014200 idle0 48791 386975 0 0 3 0x14200 bored smr 1 205676 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9584 6515K 7666K 78643K 25850 0 0 pcb 14 8K 8K 78643K 599 0 0 rtable 116 4K 4K 78643K 1964 0 0 ifaddr 79 18K 21K 78643K 634 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 309 0 0 iov 0 0K 32K 78643K 636 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1206 76K 77K 78643K 6824 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 73 0 0 VM map 2 0K 0K 78643K 10 0 0 sem 12 0K 0K 78643K 619 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 6146 0 0 sigio 0 0K 0K 78643K 78 0 0 proc 43 30K 54K 78643K 1768 0 0 subproc 32 2K 2K 78643K 380 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 516 0 0 in_multi 33 2K 2K 78643K 427 0 0 ether_multi 1 0K 0K 78643K 13 0 0 mrt 0 0K 0K 78643K 5 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 96 424K 424K 78643K 96 0 0 exec 0 0K 1K 78643K 931 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 101 21K 39K 78643K 15225 0 0 UVM aobj 130 4K 4K 78643K 149 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 2 0K 1K 78643K 556 0 0 NDP 19 0K 1K 78643K 199 0 0 temp 219 3536K 4176K 78643K 82203 0 0 kqueue 0 0K 0K 78643K 68 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 47 0 41 1 0 1 1 0 8 0 rtpcb 80 314 0 312 1 0 1 1 0 8 0 rtentry 112 274 0 229 3 1 2 2 0 8 0 unpcb 120 2081 0 2073 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 4486 0 4486 1 1 0 1 0 8 0 tcpcb 544 1095 0 1090 1 0 1 1 0 8 0 ipq 40 4 0 4 2 1 1 1 0 8 1 ipqe 40 10 0 10 2 1 1 1 0 8 1 inpcb 280 3129 0 3120 18 16 2 2 0 8 1 ip6q 72 1 0 0 1 0 1 1 0 8 0 ip6af 48 1 0 0 1 0 1 1 0 8 0 nd6 48 66 0 60 1 0 1 1 0 8 0 pkpcb 40 28 0 28 10 10 0 1 0 8 0 swfcl 56 5 0 0 1 0 1 1 0 8 0 ppxss 1128 86 0 86 19 18 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1124 0 931 19 6 13 13 0 8 0 art_table 32 1125 0 931 2 0 2 2 0 8 0 art_node 16 266 0 226 1 0 1 1 0 8 0 sysvmsgpl 40 9 0 0 1 0 1 1 0 8 0 semapl 112 617 0 607 1 0 1 1 0 8 0 shmpl 112 147 0 19 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 10834 0 9422 46 0 46 46 0 8 0 ffsino 240 10834 0 9422 84 0 84 84 0 8 0 nchpl 144 19534 0 17904 63 1 62 62 0 8 0 uvmvnodes 72 6653 0 0 121 0 121 121 0 8 0 vnodes 200 6653 0 0 351 0 351 351 0 8 0 namei 1024 63770 0 63770 5 4 1 1 0 8 1 vmpool 520 8 0 8 4 4 0 1 0 8 0 scsiplug 64 8 0 8 6 6 0 1 0 8 0 scxspl 192 63830 0 63830 27 26 1 7 0 8 1 plimitpl 152 552 0 545 1 0 1 1 0 8 0 sigapl 432 6260 0 6247 2 0 2 2 0 8 0 futexpl 56 98542 0 98542 6 5 1 1 0 8 1 knotepl 112 1394 0 1375 2 1 1 2 0 8 0 kqueuepl 104 1264 0 1262 1 0 1 1 0 8 0 pipepl 112 3422 0 3403 10 9 1 2 0 8 0 fdescpl 424 6261 0 6247 2 0 2 2 0 8 0 filepl 120 36897 0 36801 10 6 4 5 0 8 1 lockfpl 104 1903 0 1903 6 5 1 1 0 8 1 lockfspl 48 610 0 610 6 5 1 1 0 8 1 sessionpl 112 40 0 30 1 0 1 1 0 8 0 pgrppl 48 114 0 104 1 0 1 1 0 8 0 ucredpl 96 7316 0 7308 1 0 1 1 0 8 0 zombiepl 144 6247 0 6247 2 1 1 1 0 8 1 processpl 864 6277 0 6247 4 0 4 4 0 8 0 procpl 632 13506 0 13469 4 0 4 4 0 8 0 sosppl 128 69 0 69 21 20 1 1 0 8 1 sockpl 384 5608 0 5590 12 9 3 4 0 8 1 mcl64k 65536 715 0 715 75 48 27 32 0 8 27 mcl16k 16384 26 0 26 15 15 0 1 0 8 0 mcl12k 12288 101 0 101 18 17 1 1 0 8 1 mcl9k 9216 84 0 84 26 25 1 1 0 8 1 mcl8k 8192 95 0 95 25 24 1 1 0 8 1 mcl4k 4096 261 0 261 13 12 1 1 0 8 1 mcl2k2 2112 27 0 27 13 13 0 1 0 8 0 mcl2k 2048 67809 0 67763 26 19 7 15 0 8 1 mtagpl 80 178 0 141 4 3 1 1 0 8 0 mbufpl 256 141014 0 140874 46 26 20 25 0 8 8 bufpl 256 21589 0 14937 417 0 417 417 0 8 0 anonpl 16 574595 0 562178 212 150 62 69 0 62 9 amapchunkpl 152 28876 0 28775 89 83 6 18 0 158 0 amappl16 192 32642 0 31942 209 168 41 48 0 8 5 amappl15 184 605 0 605 6 6 0 1 0 8 0 amappl14 176 586 0 579 1 0 1 1 0 8 0 amappl13 168 894 0 894 4 4 0 1 0 8 0 amappl12 160 1733 0 1731 7 6 1 1 0 8 0 amappl11 152 111 0 99 1 0 1 1 0 8 0 amappl10 144 688 0 687 1 0 1 1 0 8 0 amappl9 136 1695 0 1692 1 0 1 1 0 8 0 amappl8 128 1207 0 1183 1 0 1 1 0 8 0 amappl7 120 689 0 683 1 0 1 1 0 8 0 amappl6 112 82 0 75 1 0 1 1 0 8 0 amappl5 104 2052 0 2040 1 0 1 1 0 8 0 amappl4 96 6228 0 6202 1 0 1 1 0 8 0 amappl3 88 1514 0 1502 1 0 1 1 0 8 0 amappl2 80 48303 0 48237 3 1 2 3 0 8 0 amappl1 72 119383 0 118973 27 18 9 19 0 8 0 amappl 80 14082 0 14048 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 148 0 19 3 0 3 3 0 8 0 uaddrrnd 24 6269 0 6247 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6269 0 6247 1 0 1 1 0 8 0 vmmpekpl 168 38163 0 38136 2 0 2 2 0 8 0 vmmpepl 168 726682 0 724939 333 247 86 105 0 357 5 vmsppl 272 6260 0 6247 5 4 1 2 0 8 0 pdppl 4096 12544 0 12510 6 1 5 6 0 8 0 pvpl 32 1576958 0 1561430 535 344 191 267 0 265 63 pmappl 200 6268 0 6255 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 743 0 161 17 0 17 17 0 8 0