uvm_fault(0xfffffd803f013dd0, 0x24, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at frag6_input+0x762: movl 0x24(%rax),%r14d
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd803f013dd0, 0x24, 0, 1) -> e
frag6_input(ffff800016f537e8,ffff800016f537f4,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321
end trace frame: 0xffff800016f53670, count: 0
ddb> trace
frag6_input(ffff800016f537e8,ffff800016f537f4,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321
ip_deliver(ffff800016f537e8,ffff800016f537f4,2c,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:665
ip6_input_if(ffff800016f537e8,ffff800016f537f4,29,0,ffff80000069c000) at ip6_input_if+0x153a ip6_ours sys/netinet6/ip6_input.c:518 [inline]
ip6_input_if(ffff800016f537e8,ffff800016f537f4,29,0,ffff80000069c000) at ip6_input_if+0x153a sys/netinet6/ip6_input.c:340
ipv6_input(ffff80000069c000,fffffd803cf87700) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171
if_input_local(ffff80000069c000,fffffd803cf87700,18) at if_input_local+0x121 sys/net/if.c:783
ip6_output(fffffd803cf87800,ffff80000066d900,fffffd80370163b8,0,0,fffffd8037016348) at ip6_output+0xd35
rip6_output(fffffd803cf87800,fffffd8037017300,ffff800016f53b58,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481
rip6_usrreq(fffffd8037017300,9,fffffd803cf87800,0,0,ffff8000ffff33d8) at rip6_usrreq+0x5cd sys/netinet6/raw_ip6.c:670
sosend(fffffd8037017300,0,ffff800016f53d88,0,0,0) at sosend+0x660 sys/kern/uipc_socket.c:524
dofilewritev(ffff8000ffff33d8,3,ffff800016f53d88,0,ffff800016f53e90) at dofilewritev+0x1ac sys/kern/sys_generic.c:364
sys_write(ffff8000ffff33d8,ffff800016f53e28,ffff800016f53e90) at sys_write+0x83 sys/kern/sys_generic.c:284
syscall(ffff800016f53ef0) at syscall+0x508
Xsyscall(6,0,c,0,3,b9d60036010) at Xsyscall+0x128
end of kernel
end trace frame: 0xba00feffe80, count: -13
ddb> show registers
rdi 0
rsi 0
rbp 0xffff800016f535f0
rbx 0x600
rdx 0
rcx 0
rax 0
r8 0x30
r9 0
r10 0x63d0d1b597aa8454
r11 0x675c86471b5f797d
r12 0
r13 0xfffffd802dd2ff40
r14 0xfffffd802dd2ff50
r15 0xfffffd802e7cf054
rip 0xffffffff8195c922 frag6_input+0x762
cs 0x8
rflags 0x10206 __ALIGN_SIZE+0xf206
rsp 0xffff800016f53530
ss 0x10
frag6_input+0x762: movl 0x24(%rax),%r14d
ddb> show proc
PROC (syz-executor.1) pid=49698 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff2ee8,0xffffffff825604b0
process=0xffff8000ffff6d90 user=0xffff800016f4e000, vmspace=0xfffffd803f013dd0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
15137 202658 59357 0 2 0 syz-executor.1
*15137 49698 59357 0 7 0x4000000 syz-executor.1
57534 241440 99795 0 2 0 syz-executor.0
57534 415918 99795 0 3 0x4000080 fsleep syz-executor.0
59357 22325 73561 0 3 0x82 nanosleep syz-executor.1
99795 467153 73561 0 3 0x82 nanosleep syz-executor.0
59134 332365 0 0 3 0x14200 acct acct
77110 420123 1 0 3 0x100083 ttyin getty
35755 454531 0 0 3 0x14200 bored sosplice
73561 345800 76463 0 3 0x82 kqread syz-fuzzer
73561 130907 76463 0 3 0x4000082 nanosleep syz-fuzzer
73561 45909 76463 0 3 0x4000082 thrsleep syz-fuzzer
73561 439064 76463 0 3 0x4000082 thrsleep syz-fuzzer
73561 213076 76463 0 3 0x4000082 thrsleep syz-fuzzer
73561 273197 76463 0 3 0x4000082 thrsleep syz-fuzzer
73561 257523 76463 0 3 0x4000082 thrsleep syz-fuzzer
76463 6059 49696 0 3 0x10008a pause ksh
49696 297894 42269 0 3 0x92 select sshd
42269 354904 1 0 3 0x80 select sshd
24319 325348 97419 73 3 0x100090 kqread syslogd
97419 458952 1 0 3 0x100082 netio syslogd
83819 409026 1 77 3 0x100090 poll dhclient
57075 522854 1 0 3 0x80 poll dhclient
86300 419698 0 0 2 0x14200 zerothread
99393 292264 0 0 3 0x14200 aiodoned aiodoned
80210 237848 0 0 3 0x14200 syncer update
33573 440800 0 0 3 0x14200 cleaner cleaner
89126 92958 0 0 3 0x14200 reaper reaper
18114 405677 0 0 3 0x14200 pgdaemon pagedaemon
87027 57006 0 0 3 0x14200 bored crynlk
95517 414978 0 0 3 0x14200 bored crypto
23439 205934 0 0 3 0x40014200 acpi0 acpi0
84278 320024 0 0 3 0x14200 bored softnet
92920 180045 0 0 3 0x14200 bored systqmp
2035 217711 0 0 3 0x14200 bored systq
64942 200327 0 0 3 0x40014200 bored softclock
2927 273319 0 0 3 0x40014200 idle0
57503 107122 0 0 3 0x14200 bored smr
1 472469 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9592 6512K 14963K 78643K 43631 0 0
pcb 14 8K 8K 78643K 1425 0 0
rtable 117 12K 12K 78643K 4039 0 0
ifaddr 80 23K 25K 78643K 1364 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 609 0 0
iov 0 0K 32K 78643K 1381 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1202 75K 77K 78643K 12787 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 148 0 0
VM map 2 0K 0K 78643K 22 0 0
sem 12 0K 1K 78643K 1209 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 6 17K 25K 78643K 12599 0 0
sigio 1 0K 0K 78643K 182 0 0
proc 42 30K 54K 78643K 3295 0 0
subproc 32 2K 2K 78643K 724 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 1190 0 0
in_multi 33 2K 2K 78643K 861 0 0
ether_multi 1 0K 0K 78643K 53 0 0
mrt 0 0K 0K 78643K 25 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 120 530K 530K 78643K 120 0 0
exec 0 0K 1K 78643K 1804 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 117 22K 31K 78643K 30647 0 0
UVM aobj 130 4K 4K 78643K 153 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 2 0K 0K 78643K 1309 0 0
NDP 19 0K 0K 78643K 427 0 0
temp 219 3536K 4176K 78643K 198885 0 0
kqueue 0 0K 0K 78643K 126 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 88 0 82 1 0 1 1 0 8 0
rtpcb 80 575 0 573 1 0 1 1 0 8 0
rtentry 112 503 0 459 2 0 2 2 0 8 0
unpcb 120 4282 0 4272 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 3167 0 3167 1 1 0 1 0 8 0
tcpcb 544 2334 0 2329 1 0 1 1 0 8 0
ipq 40 16 0 16 9 8 1 1 0 8 1
ipqe 40 32 0 32 9 8 1 1 0 8 1
inpcb 280 6856 0 6848 17 16 1 2 0 8 0
ip6q 72 4 0 3 3 2 1 1 0 8 0
ip6af 48 5 0 4 2 1 1 1 0 8 0
nd6 48 128 0 122 1 0 1 1 0 8 0
pkpcb 40 63 0 63 19 19 0 1 0 8 0
swfcl 56 5 0 0 1 0 1 1 0 8 0
ppxss 1128 218 0 218 38 37 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2062 0 1864 19 6 13 14 0 8 0
art_table 32 2063 0 1864 2 0 2 2 0 8 0
art_node 16 488 0 448 1 0 1 1 0 8 0
sysvmsgpl 40 16 0 12 2 1 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 1207 0 1197 1 0 1 1 0 8 0
shmpl 112 151 0 23 5 1 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 20628 0 19203 47 0 47 47 0 8 0
ffsino 240 20628 0 19203 84 0 84 84 0 8 0
nchpl 144 38118 0 36486 61 0 61 61 0 8 0
uvmvnodes 72 8174 0 0 149 0 149 149 0 8 0
vnodes 200 8174 0 0 431 0 431 431 0 8 0
namei 1024 126359 0 126359 6 5 1 1 0 8 1
vmpool 520 20 0 20 8 8 0 1 0 8 0
scsiplug 64 34 0 34 16 15 1 1 0 8 1
scxspl 192 120469 0 120469 53 51 2 7 0 8 2
plimitpl 152 1049 0 1042 1 0 1 1 0 8 0
sigapl 432 12657 0 12643 2 0 2 2 0 8 0
futexpl 56 206623 0 206622 7 6 1 1 0 8 0
knotepl 112 3100 0 3081 1 0 1 1 0 8 0
kqueuepl 104 2823 0 2821 1 0 1 1 0 8 0
pipepl 112 6784 0 6765 11 10 1 2 0 8 0
fdescpl 424 12658 0 12643 2 0 2 2 0 8 0
filepl 120 75249 0 75152 10 6 4 5 0 8 1
lockfpl 104 4262 0 4262 12 11 1 1 0 8 1
lockfspl 48 1405 0 1405 12 11 1 1 0 8 1
sessionpl 112 64 0 54 1 0 1 1 0 8 0
pgrppl 48 204 0 194 1 0 1 1 0 8 0
ucredpl 96 14166 0 14158 1 0 1 1 0 8 0
zombiepl 144 12645 0 12645 3 2 1 1 0 8 1
processpl 864 12676 0 12645 4 0 4 4 0 8 0
procpl 632 27799 0 27760 4 0 4 4 0 8 0
sosppl 128 121 0 121 38 38 0 1 0 8 0
sockpl 384 11894 0 11874 14 11 3 4 0 8 1
mcl64k 65536 2833 0 2833 241 241 0 33 0 8 0
mcl16k 16384 45 0 45 29 28 1 1 0 8 1
mcl12k 12288 245 0 245 29 28 1 1 0 8 1
mcl9k 9216 165 0 165 41 40 1 1 0 8 1
mcl8k 8192 207 0 207 41 40 1 1 0 8 1
mcl4k 4096 630 0 630 17 16 1 1 0 8 1
mcl2k2 2112 79 0 79 31 30 1 1 0 8 1
mcl2k 2048 79167 0 79115 31 23 8 19 0 8 1
mtagpl 80 347 0 342 4 3 1 1 0 8 0
mbufpl 256 195810 0 195731 142 134 8 26 0 8 0
bufpl 256 38724 0 30537 512 0 512 512 0 8 0
anonpl 16 1185655 0 1173383 313 254 59 69 0 62 0
amapchunkpl 152 56412 0 56308 124 115 9 18 0 158 4
amappl16 192 68277 0 67548 430 392 38 49 0 8 1
amappl15 184 2096 0 2096 8 8 0 1 0 8 0
amappl14 176 1901 0 1895 1 0 1 1 0 8 0
amappl13 168 1650 0 1650 5 5 0 1 0 8 0
amappl12 160 817 0 813 2 1 1 1 0 8 0
amappl11 152 1913 0 1902 1 0 1 1 0 8 0
amappl10 144 2171 0 2166 1 0 1 1 0 8 0
amappl9 136 1987 0 1984 1 0 1 1 0 8 0
amappl8 128 1434 0 1394 3 1 2 2 0 8 0
amappl7 120 2202 0 2194 1 0 1 1 0 8 0
amappl6 112 1865 0 1858 1 0 1 1 0 8 0
amappl5 104 1284 0 1274 1 0 1 1 0 8 0
amappl4 96 12868 0 12838 1 0 1 1 0 8 0
amappl3 88 2641 0 2631 1 0 1 1 0 8 0
amappl2 80 100690 0 100609 3 1 2 3 0 8 0
amappl1 72 231103 0 230685 25 16 9 19 0 8 0
amappl 80 28761 0 28725 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma64 64 259 0 259 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 152 0 23 3 0 3 3 0 8 0
uaddrrnd 24 12678 0 12643 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 12678 0 12643 1 0 1 1 0 8 0
vmmpekpl 168 69101 0 69070 2 0 2 2 0 8 0
vmmpepl 168 1472696 0 1470799 601 496 105 110 0 357 19
vmsppl 272 12657 0 12643 5 4 1 2 0 8 0
pdppl 4096 25362 0 25326 6 1 5 6 0 8 0
pvpl 32 3319276 0 3303766 768 596 172 252 0 265 34
pmappl 200 12677 0 12663 1 0 1 1 0 8 0
extentpl 40 41 0 26 1 0 1 1 0 8 0
phpool 112 1140 0 500 20 1 19 19 0 8 0