uvm_fault(0xfffffd803f013440, 0x24, 0, 1) -> e kernel: page fault trap, code=0 Stopped at frag6_input+0x762: movl 0x24(%rax),%r14d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f013440, 0x24, 0, 1) -> e frag6_input(ffff800017984088,ffff800017984094,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 end trace frame: 0xffff800017983f10, count: 0 ddb> trace frag6_input(ffff800017984088,ffff800017984094,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 ip_deliver(ffff800017984088,ffff800017984094,2c,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:665 ip6_input_if(ffff800017984088,ffff800017984094,29,0,ffff80000069c000) at ip6_input_if+0x153a ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff800017984088,ffff800017984094,29,0,ffff80000069c000) at ip6_input_if+0x153a sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000069c000,fffffd803a8e0b00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000069c000,fffffd803a8e0b00,18) at if_input_local+0x121 sys/net/if.c:783 ip6_output(fffffd803a8e0900,ffff800000a8c580,fffffd803d8192a0,0,0,fffffd803d819230) at ip6_output+0xd35 rip6_output(fffffd803a8e0900,fffffd80363dbc08,ffff8000179843f8,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd80363dbc08,9,fffffd803a8e0900,0,0,ffff8000ffff38c8) at rip6_usrreq+0x5cd sys/netinet6/raw_ip6.c:670 sosend(fffffd80363dbc08,0,ffff800017984628,0,0,0) at sosend+0x660 sys/kern/uipc_socket.c:524 dofilewritev(ffff8000ffff38c8,3,ffff800017984628,0,ffff800017984730) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff8000ffff38c8,ffff8000179846c8,ffff800017984730) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff800017984790) at syscall+0x508 Xsyscall(6,0,c,0,3,1de5acd0010) at Xsyscall+0x128 end of kernel end trace frame: 0x1e12d2e9a20, count: -13 ddb> show registers rdi 0 rsi 0 rbp 0xffff800017983e90 rbx 0x600 rdx 0 rcx 0 rax 0 r8 0x30 r9 0 r10 0x2b410f074ae5cf57 r11 0xd5a60a9bd46f256d r12 0 r13 0xfffffd8038f16f38 r14 0xfffffd8038f16f48 r15 0xfffffd8038ead854 rip 0xffffffff81221c22 frag6_input+0x762 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff800017983dd0 ss 0x10 frag6_input+0x762: movl 0x24(%rax),%r14d ddb> show proc PROC (syz-executor.0) pid=269263 stat=onproc flags process=0 proc=4000000 pri=81, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2290,0xffff8000ffff3b50 process=0xffff8000ffff6d90 user=0xffff80001797f000, vmspace=0xfffffd803f013440 estcpu=31, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 63060 160590 75003 0 2 0 syz-executor.0 *63060 269263 75003 0 7 0x4000000 syz-executor.0 58984 224866 20347 0 3 0x80 nanosleep syz-executor.1 58984 419330 20347 0 3 0x4000080 fsleep syz-executor.1 58984 74428 20347 0 2 0x4000000 syz-executor.1 58984 366021 20347 0 3 0x4000080 poll syz-executor.1 58984 267885 20347 0 3 0x4000080 fsleep syz-executor.1 75003 513169 88177 0 3 0x82 nanosleep syz-executor.0 10234 417047 0 0 3 0x14200 acct acct 32244 423931 1 0 3 0x100083 ttyin getty 20347 368018 88177 0 3 0x82 nanosleep syz-executor.1 98566 6560 0 0 3 0x14200 bored sosplice 88177 193553 17816 0 3 0x82 thrsleep syz-fuzzer 88177 141076 17816 0 3 0x4000082 thrsleep syz-fuzzer 88177 270404 17816 0 3 0x4000082 thrsleep syz-fuzzer 88177 23349 17816 0 3 0x4000082 thrsleep syz-fuzzer 88177 66293 17816 0 3 0x4000082 thrsleep syz-fuzzer 88177 44266 17816 0 3 0x4000082 kqread syz-fuzzer 88177 320387 17816 0 3 0x4000082 thrsleep syz-fuzzer 88177 507135 17816 0 3 0x4000082 thrsleep syz-fuzzer 17816 73905 1321 0 3 0x10008a pause ksh 1321 107242 41180 0 3 0x92 select sshd 41180 387930 1 0 3 0x80 select sshd 34583 78014 77365 73 3 0x100090 kqread syslogd 77365 521362 1 0 3 0x100082 netio syslogd 69175 308699 1 77 3 0x100090 poll dhclient 63425 132990 1 0 3 0x80 poll dhclient 75820 427731 0 0 2 0x14200 zerothread 67891 94646 0 0 3 0x14200 aiodoned aiodoned 64836 387176 0 0 3 0x14200 syncer update 90372 81373 0 0 3 0x14200 cleaner cleaner 44839 520454 0 0 3 0x14200 reaper reaper 59388 85144 0 0 3 0x14200 pgdaemon pagedaemon 91549 332030 0 0 3 0x14200 bored crynlk 47166 171562 0 0 3 0x14200 bored crypto 96658 256933 0 0 3 0x40014200 acpi0 acpi0 68704 360005 0 0 3 0x14200 bored softnet 53370 509167 0 0 3 0x14200 bored systqmp 34290 287607 0 0 3 0x14200 bored systq 98281 278132 0 0 3 0x40014200 bored softclock 52238 190246 0 0 3 0x40014200 idle0 88621 121413 0 0 3 0x14200 bored smr 1 403032 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9541 6365K 6872K 78643K 18182 0 0 pcb 14 8K 8K 78643K 371 0 0 rtable 111 4K 4K 78643K 1438 0 0 ifaddr 72 18K 20K 78643K 524 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 89 0 0 iov 0 0K 32K 78643K 334 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1206 76K 76K 78643K 4582 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 50 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 1K 1K 78643K 274 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 5119 0 0 sigio 0 0K 0K 78643K 19 0 0 proc 43 30K 54K 78643K 1101 0 0 subproc 32 2K 2K 78643K 189 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 362 0 0 in_multi 33 2K 2K 78643K 361 0 0 ether_multi 1 0K 0K 78643K 40 0 0 mrt 0 0K 0K 78643K 30 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 573 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 102 21K 22K 78643K 12360 0 0 UVM aobj 51 2K 2K 78643K 69 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 2 0K 1K 78643K 402 0 0 NDP 16 0K 0K 78643K 160 0 0 temp 199 3532K 3659K 78643K 72452 0 0 kqueue 0 0K 0K 78643K 20 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 25 0 19 1 0 1 1 0 8 0 rtpcb 80 222 0 220 1 0 1 1 0 8 0 rtentry 112 152 0 108 3 1 2 2 0 8 0 unpcb 120 1266 0 1258 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 sackhl 24 6 0 6 4 3 1 1 0 8 1 tcpqe 32 18 0 18 3 3 0 1 0 8 0 tcpcb 544 747 0 741 1 0 1 1 0 8 0 ipq 40 5 0 5 1 1 0 1 0 8 0 ipqe 40 10 0 10 1 1 0 1 0 8 0 inpcb 280 1975 0 1966 2 1 1 2 0 8 0 ip6q 72 4 0 3 2 1 1 1 0 8 0 ip6af 48 6 0 5 2 1 1 1 0 8 0 nd6 48 33 0 27 1 0 1 1 0 8 0 pkpcb 40 35 0 35 5 4 1 1 0 8 1 ppxss 1128 87 0 86 5 4 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 615 0 420 17 4 13 13 0 8 0 art_table 32 616 0 420 2 0 2 2 0 8 0 art_node 16 144 0 104 1 0 1 1 0 8 0 sysvmsgpl 40 42 0 28 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 272 0 262 1 0 1 1 0 8 0 shmpl 112 67 0 18 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 9910 0 8492 46 0 46 46 0 8 0 ffsino 240 9910 0 8492 84 0 84 84 0 8 0 nchpl 144 16182 0 14561 61 0 61 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 44831 0 44831 4 3 1 1 0 8 1 scsiplug 64 13 0 13 3 2 1 1 0 8 1 scxspl 192 55321 0 55321 15 13 2 7 0 8 2 plimitpl 152 368 0 361 1 0 1 1 0 8 0 sigapl 432 5267 0 5253 2 0 2 2 0 8 0 futexpl 56 42678 0 42676 4 3 1 1 0 8 0 knotepl 112 925 0 906 1 0 1 1 0 8 0 kqueuepl 104 728 0 726 1 0 1 1 0 8 0 pipepl 112 888 0 867 5 4 1 2 0 8 0 fdescpl 424 5268 0 5253 2 0 2 2 0 8 0 filepl 120 20215 0 20113 6 2 4 5 0 8 0 lockfpl 104 1038 0 1038 8 7 1 1 0 8 1 lockfspl 48 392 0 392 8 7 1 1 0 8 1 sessionpl 112 30 0 20 1 0 1 1 0 8 0 pgrppl 48 30 0 20 1 0 1 1 0 8 0 ucredpl 96 4516 0 4509 1 0 1 1 0 8 0 zombiepl 144 5262 0 5262 1 0 1 1 0 8 1 processpl 864 5293 0 5262 4 0 4 4 0 8 0 procpl 632 11069 0 11026 4 0 4 4 0 8 0 sosppl 128 45 0 45 6 6 0 1 0 8 0 sockpl 384 3544 0 3525 9 6 3 3 0 8 1 mcl64k 65536 565 0 451 32 17 15 29 0 8 0 mcl16k 16384 6 0 6 3 3 0 1 0 8 0 mcl12k 12288 37 0 37 5 5 0 1 0 8 0 mcl9k 9216 86 0 86 7 7 0 1 0 8 0 mcl8k 8192 71 0 71 8 8 0 1 0 8 0 mcl4k 4096 275 0 275 10 9 1 1 0 8 1 mcl2k2 2112 36 0 36 4 3 1 1 0 8 1 mcl2k 2048 27373 0 27341 16 10 6 8 0 8 1 mtagpl 80 128 0 106 4 3 1 1 0 8 0 mbufpl 256 106331 0 106104 45 24 21 21 0 8 2 bufpl 256 20025 0 15270 298 0 298 298 0 8 0 anonpl 16 441198 0 436749 105 75 30 51 0 62 0 amapchunkpl 152 19554 0 19467 16 11 5 7 0 158 1 amappl16 192 28078 0 27866 89 76 13 33 0 8 1 amappl15 184 514 0 514 2 2 0 1 0 8 0 amappl14 176 614 0 608 1 0 1 1 0 8 0 amappl13 168 2177 0 2175 2 1 1 1 0 8 0 amappl12 160 463 0 461 1 0 1 1 0 8 0 amappl11 152 441 0 430 1 0 1 1 0 8 0 amappl10 144 936 0 932 1 0 1 1 0 8 0 amappl9 136 315 0 311 1 0 1 1 0 8 0 amappl8 128 228 0 200 1 0 1 1 0 8 0 amappl7 120 905 0 899 1 0 1 1 0 8 0 amappl6 112 445 0 435 1 0 1 1 0 8 0 amappl5 104 1383 0 1372 1 0 1 1 0 8 0 amappl4 96 5317 0 5287 1 0 1 1 0 8 0 amappl3 88 638 0 628 1 0 1 1 0 8 0 amappl2 80 41891 0 41814 3 1 2 3 0 8 0 amappl1 72 97521 0 97086 26 17 9 19 0 8 0 amappl 80 11459 0 11423 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 68 0 18 1 0 1 1 0 8 0 uaddrrnd 24 5268 0 5253 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5268 0 5253 1 0 1 1 0 8 0 vmmpekpl 168 26889 0 26860 2 0 2 2 0 8 0 vmmpepl 168 598828 0 597446 136 75 61 80 0 357 0 vmsppl 272 5267 0 5253 3 2 1 2 0 8 0 pdppl 4096 10542 0 10506 6 1 5 6 0 8 0 pvpl 32 1400609 0 1392543 240 143 97 131 0 265 21 pmappl 200 5267 0 5253 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 533 0 83 14 0 14 14 0 8 0