uvm_fault(0xfffffd803f013dd0, 0x24, 0, 1) -> e kernel: page fault trap, code=0 Stopped at frag6_input+0x762: movl 0x24(%rax),%r14d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f013dd0, 0x24, 0, 1) -> e frag6_input(ffff800016f537e8,ffff800016f537f4,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 end trace frame: 0xffff800016f53670, count: 0 ddb> trace frag6_input(ffff800016f537e8,ffff800016f537f4,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 ip_deliver(ffff800016f537e8,ffff800016f537f4,2c,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:665 ip6_input_if(ffff800016f537e8,ffff800016f537f4,29,0,ffff80000069c000) at ip6_input_if+0x153a ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff800016f537e8,ffff800016f537f4,29,0,ffff80000069c000) at ip6_input_if+0x153a sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000069c000,fffffd803cf87700) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000069c000,fffffd803cf87700,18) at if_input_local+0x121 sys/net/if.c:783 ip6_output(fffffd803cf87800,ffff80000066d900,fffffd80370163b8,0,0,fffffd8037016348) at ip6_output+0xd35 rip6_output(fffffd803cf87800,fffffd8037017300,ffff800016f53b58,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd8037017300,9,fffffd803cf87800,0,0,ffff8000ffff33d8) at rip6_usrreq+0x5cd sys/netinet6/raw_ip6.c:670 sosend(fffffd8037017300,0,ffff800016f53d88,0,0,0) at sosend+0x660 sys/kern/uipc_socket.c:524 dofilewritev(ffff8000ffff33d8,3,ffff800016f53d88,0,ffff800016f53e90) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff8000ffff33d8,ffff800016f53e28,ffff800016f53e90) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff800016f53ef0) at syscall+0x508 Xsyscall(6,0,c,0,3,b9d60036010) at Xsyscall+0x128 end of kernel end trace frame: 0xba00feffe80, count: -13 ddb> show registers rdi 0 rsi 0 rbp 0xffff800016f535f0 rbx 0x600 rdx 0 rcx 0 rax 0 r8 0x30 r9 0 r10 0x63d0d1b597aa8454 r11 0x675c86471b5f797d r12 0 r13 0xfffffd802dd2ff40 r14 0xfffffd802dd2ff50 r15 0xfffffd802e7cf054 rip 0xffffffff8195c922 frag6_input+0x762 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff800016f53530 ss 0x10 frag6_input+0x762: movl 0x24(%rax),%r14d ddb> show proc PROC (syz-executor.1) pid=49698 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2ee8,0xffffffff825604b0 process=0xffff8000ffff6d90 user=0xffff800016f4e000, vmspace=0xfffffd803f013dd0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 15137 202658 59357 0 2 0 syz-executor.1 *15137 49698 59357 0 7 0x4000000 syz-executor.1 57534 241440 99795 0 2 0 syz-executor.0 57534 415918 99795 0 3 0x4000080 fsleep syz-executor.0 59357 22325 73561 0 3 0x82 nanosleep syz-executor.1 99795 467153 73561 0 3 0x82 nanosleep syz-executor.0 59134 332365 0 0 3 0x14200 acct acct 77110 420123 1 0 3 0x100083 ttyin getty 35755 454531 0 0 3 0x14200 bored sosplice 73561 345800 76463 0 3 0x82 kqread syz-fuzzer 73561 130907 76463 0 3 0x4000082 nanosleep syz-fuzzer 73561 45909 76463 0 3 0x4000082 thrsleep syz-fuzzer 73561 439064 76463 0 3 0x4000082 thrsleep syz-fuzzer 73561 213076 76463 0 3 0x4000082 thrsleep syz-fuzzer 73561 273197 76463 0 3 0x4000082 thrsleep syz-fuzzer 73561 257523 76463 0 3 0x4000082 thrsleep syz-fuzzer 76463 6059 49696 0 3 0x10008a pause ksh 49696 297894 42269 0 3 0x92 select sshd 42269 354904 1 0 3 0x80 select sshd 24319 325348 97419 73 3 0x100090 kqread syslogd 97419 458952 1 0 3 0x100082 netio syslogd 83819 409026 1 77 3 0x100090 poll dhclient 57075 522854 1 0 3 0x80 poll dhclient 86300 419698 0 0 2 0x14200 zerothread 99393 292264 0 0 3 0x14200 aiodoned aiodoned 80210 237848 0 0 3 0x14200 syncer update 33573 440800 0 0 3 0x14200 cleaner cleaner 89126 92958 0 0 3 0x14200 reaper reaper 18114 405677 0 0 3 0x14200 pgdaemon pagedaemon 87027 57006 0 0 3 0x14200 bored crynlk 95517 414978 0 0 3 0x14200 bored crypto 23439 205934 0 0 3 0x40014200 acpi0 acpi0 84278 320024 0 0 3 0x14200 bored softnet 92920 180045 0 0 3 0x14200 bored systqmp 2035 217711 0 0 3 0x14200 bored systq 64942 200327 0 0 3 0x40014200 bored softclock 2927 273319 0 0 3 0x40014200 idle0 57503 107122 0 0 3 0x14200 bored smr 1 472469 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9592 6512K 14963K 78643K 43631 0 0 pcb 14 8K 8K 78643K 1425 0 0 rtable 117 12K 12K 78643K 4039 0 0 ifaddr 80 23K 25K 78643K 1364 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 609 0 0 iov 0 0K 32K 78643K 1381 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1202 75K 77K 78643K 12787 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 148 0 0 VM map 2 0K 0K 78643K 22 0 0 sem 12 0K 1K 78643K 1209 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 12599 0 0 sigio 1 0K 0K 78643K 182 0 0 proc 42 30K 54K 78643K 3295 0 0 subproc 32 2K 2K 78643K 724 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1190 0 0 in_multi 33 2K 2K 78643K 861 0 0 ether_multi 1 0K 0K 78643K 53 0 0 mrt 0 0K 0K 78643K 25 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 120 530K 530K 78643K 120 0 0 exec 0 0K 1K 78643K 1804 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 117 22K 31K 78643K 30647 0 0 UVM aobj 130 4K 4K 78643K 153 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 2 0K 0K 78643K 1309 0 0 NDP 19 0K 0K 78643K 427 0 0 temp 219 3536K 4176K 78643K 198885 0 0 kqueue 0 0K 0K 78643K 126 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 88 0 82 1 0 1 1 0 8 0 rtpcb 80 575 0 573 1 0 1 1 0 8 0 rtentry 112 503 0 459 2 0 2 2 0 8 0 unpcb 120 4282 0 4272 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 3167 0 3167 1 1 0 1 0 8 0 tcpcb 544 2334 0 2329 1 0 1 1 0 8 0 ipq 40 16 0 16 9 8 1 1 0 8 1 ipqe 40 32 0 32 9 8 1 1 0 8 1 inpcb 280 6856 0 6848 17 16 1 2 0 8 0 ip6q 72 4 0 3 3 2 1 1 0 8 0 ip6af 48 5 0 4 2 1 1 1 0 8 0 nd6 48 128 0 122 1 0 1 1 0 8 0 pkpcb 40 63 0 63 19 19 0 1 0 8 0 swfcl 56 5 0 0 1 0 1 1 0 8 0 ppxss 1128 218 0 218 38 37 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2062 0 1864 19 6 13 14 0 8 0 art_table 32 2063 0 1864 2 0 2 2 0 8 0 art_node 16 488 0 448 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 12 2 1 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 1207 0 1197 1 0 1 1 0 8 0 shmpl 112 151 0 23 5 1 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 20628 0 19203 47 0 47 47 0 8 0 ffsino 240 20628 0 19203 84 0 84 84 0 8 0 nchpl 144 38118 0 36486 61 0 61 61 0 8 0 uvmvnodes 72 8174 0 0 149 0 149 149 0 8 0 vnodes 200 8174 0 0 431 0 431 431 0 8 0 namei 1024 126359 0 126359 6 5 1 1 0 8 1 vmpool 520 20 0 20 8 8 0 1 0 8 0 scsiplug 64 34 0 34 16 15 1 1 0 8 1 scxspl 192 120469 0 120469 53 51 2 7 0 8 2 plimitpl 152 1049 0 1042 1 0 1 1 0 8 0 sigapl 432 12657 0 12643 2 0 2 2 0 8 0 futexpl 56 206623 0 206622 7 6 1 1 0 8 0 knotepl 112 3100 0 3081 1 0 1 1 0 8 0 kqueuepl 104 2823 0 2821 1 0 1 1 0 8 0 pipepl 112 6784 0 6765 11 10 1 2 0 8 0 fdescpl 424 12658 0 12643 2 0 2 2 0 8 0 filepl 120 75249 0 75152 10 6 4 5 0 8 1 lockfpl 104 4262 0 4262 12 11 1 1 0 8 1 lockfspl 48 1405 0 1405 12 11 1 1 0 8 1 sessionpl 112 64 0 54 1 0 1 1 0 8 0 pgrppl 48 204 0 194 1 0 1 1 0 8 0 ucredpl 96 14166 0 14158 1 0 1 1 0 8 0 zombiepl 144 12645 0 12645 3 2 1 1 0 8 1 processpl 864 12676 0 12645 4 0 4 4 0 8 0 procpl 632 27799 0 27760 4 0 4 4 0 8 0 sosppl 128 121 0 121 38 38 0 1 0 8 0 sockpl 384 11894 0 11874 14 11 3 4 0 8 1 mcl64k 65536 2833 0 2833 241 241 0 33 0 8 0 mcl16k 16384 45 0 45 29 28 1 1 0 8 1 mcl12k 12288 245 0 245 29 28 1 1 0 8 1 mcl9k 9216 165 0 165 41 40 1 1 0 8 1 mcl8k 8192 207 0 207 41 40 1 1 0 8 1 mcl4k 4096 630 0 630 17 16 1 1 0 8 1 mcl2k2 2112 79 0 79 31 30 1 1 0 8 1 mcl2k 2048 79167 0 79115 31 23 8 19 0 8 1 mtagpl 80 347 0 342 4 3 1 1 0 8 0 mbufpl 256 195810 0 195731 142 134 8 26 0 8 0 bufpl 256 38724 0 30537 512 0 512 512 0 8 0 anonpl 16 1185655 0 1173383 313 254 59 69 0 62 0 amapchunkpl 152 56412 0 56308 124 115 9 18 0 158 4 amappl16 192 68277 0 67548 430 392 38 49 0 8 1 amappl15 184 2096 0 2096 8 8 0 1 0 8 0 amappl14 176 1901 0 1895 1 0 1 1 0 8 0 amappl13 168 1650 0 1650 5 5 0 1 0 8 0 amappl12 160 817 0 813 2 1 1 1 0 8 0 amappl11 152 1913 0 1902 1 0 1 1 0 8 0 amappl10 144 2171 0 2166 1 0 1 1 0 8 0 amappl9 136 1987 0 1984 1 0 1 1 0 8 0 amappl8 128 1434 0 1394 3 1 2 2 0 8 0 amappl7 120 2202 0 2194 1 0 1 1 0 8 0 amappl6 112 1865 0 1858 1 0 1 1 0 8 0 amappl5 104 1284 0 1274 1 0 1 1 0 8 0 amappl4 96 12868 0 12838 1 0 1 1 0 8 0 amappl3 88 2641 0 2631 1 0 1 1 0 8 0 amappl2 80 100690 0 100609 3 1 2 3 0 8 0 amappl1 72 231103 0 230685 25 16 9 19 0 8 0 amappl 80 28761 0 28725 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 152 0 23 3 0 3 3 0 8 0 uaddrrnd 24 12678 0 12643 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 12678 0 12643 1 0 1 1 0 8 0 vmmpekpl 168 69101 0 69070 2 0 2 2 0 8 0 vmmpepl 168 1472696 0 1470799 601 496 105 110 0 357 19 vmsppl 272 12657 0 12643 5 4 1 2 0 8 0 pdppl 4096 25362 0 25326 6 1 5 6 0 8 0 pvpl 32 3319276 0 3303766 768 596 172 252 0 265 34 pmappl 200 12677 0 12663 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 1140 0 500 20 1 19 19 0 8 0