uvm_fault(0xfffffd803f014ee0, 0x24, 0, 1) -> e kernel: page fault trap, code=0 Stopped at frag6_input+0x762: movl 0x24(%rax),%r14d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f014ee0, 0x24, 0, 1) -> e frag6_input(ffff800015941f58,ffff800015941f64,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 end trace frame: 0xffff800015941de0, count: 0 ddb> trace frag6_input(ffff800015941f58,ffff800015941f64,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 ip_deliver(ffff800015941f58,ffff800015941f64,2c,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:665 ip6_input_if(ffff800015941f58,ffff800015941f64,29,0,ffff80000069c000) at ip6_input_if+0x153a ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff800015941f58,ffff800015941f64,29,0,ffff80000069c000) at ip6_input_if+0x153a sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000069c000,fffffd803dca3200) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000069c000,fffffd803dca3200,18) at if_input_local+0x121 sys/net/if.c:783 ip6_output(fffffd803dca3300,ffff800000a49980,fffffd8036fd8a48,0,0,fffffd8036fd89d8) at ip6_output+0xd35 rip6_output(fffffd803dca3300,fffffd8036fd9900,ffff8000159422c8,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd8036fd9900,9,fffffd803dca3300,0,0,ffff8000ffff8280) at rip6_usrreq+0x5cd sys/netinet6/raw_ip6.c:670 sosend(fffffd8036fd9900,0,ffff8000159424f8,0,0,0) at sosend+0x660 sys/kern/uipc_socket.c:524 dofilewritev(ffff8000ffff8280,3,ffff8000159424f8,0,ffff800015942600) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff8000ffff8280,ffff800015942598,ffff800015942600) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff800015942660) at syscall+0x508 Xsyscall(6,0,c,0,3,50dc70cd010) at Xsyscall+0x128 end of kernel end trace frame: 0x510292e9950, count: -13 ddb> show registers rdi 0 rsi 0 rbp 0xffff800015941d60 rbx 0x600 rdx 0 rcx 0 rax 0 r8 0x30 r9 0 r10 0xa2b40777507b9313 r11 0x42fbfe72f17ce397 r12 0 r13 0xfffffd803777ff38 r14 0xfffffd803777ff48 r15 0xfffffd80047b1054 rip 0xffffffff818f50a2 frag6_input+0x762 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff800015941ca0 ss 0x10 frag6_input+0x762: movl 0x24(%rax),%r14d ddb> show proc PROC (syz-executor.1) pid=79573 stat=onproc flags process=0 proc=4000000 pri=73, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff8008,0xffffffff8257f9f0 process=0xffff8000148a2378 user=0xffff80001593d000, vmspace=0xfffffd803f014ee0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 7660 128508 17632 0 2 0 syz-executor.1 * 7660 79573 17632 0 7 0x4000000 syz-executor.1 26552 433030 59958 0 3 0x82 nanosleep syz-executor.0 83269 183748 1 0 3 0x100083 ttyin getty 17632 414893 59958 0 3 0x82 nanosleep syz-executor.1 52781 186633 0 0 3 0x14200 acct acct 87185 106180 0 0 3 0x14200 bored sosplice 59958 113303 76748 0 3 0x82 kqread syz-fuzzer 59958 98147 76748 0 3 0x4000082 thrsleep syz-fuzzer 59958 433461 76748 0 3 0x4000082 thrsleep syz-fuzzer 59958 350466 76748 0 3 0x4000082 thrsleep syz-fuzzer 59958 419898 76748 0 3 0x4000082 thrsleep syz-fuzzer 59958 116346 76748 0 3 0x4000082 thrsleep syz-fuzzer 59958 215641 76748 0 3 0x4000082 thrsleep syz-fuzzer 59958 96086 76748 0 3 0x4000082 thrsleep syz-fuzzer 76748 500717 7356 0 3 0x10008a pause ksh 7356 403538 62430 0 3 0x92 select sshd 62430 213641 1 0 3 0x80 select sshd 4681 283190 41965 73 3 0x100090 kqread syslogd 41965 258894 1 0 3 0x100082 netio syslogd 42395 390505 1 77 3 0x100090 poll dhclient 87421 374124 1 0 3 0x80 poll dhclient 55342 481995 0 0 2 0x14200 zerothread 1118 196247 0 0 3 0x14200 aiodoned aiodoned 78591 82727 0 0 3 0x14200 syncer update 49296 228489 0 0 3 0x14200 cleaner cleaner 28277 102267 0 0 3 0x14200 reaper reaper 64789 496514 0 0 3 0x14200 pgdaemon pagedaemon 34482 194626 0 0 3 0x14200 bored crynlk 45191 508196 0 0 3 0x14200 bored crypto 75352 200322 0 0 3 0x40014200 acpi0 acpi0 92980 170216 0 0 3 0x14200 bored softnet 51009 120075 0 0 3 0x14200 bored systqmp 89757 397883 0 0 3 0x14200 bored systq 54916 190388 0 0 3 0x40014200 bored softclock 82721 448036 0 0 3 0x40014200 idle0 32719 262972 0 0 3 0x14200 bored smr 1 262705 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9540 6375K 7113K 78643K 20767 0 0 pcb 14 8K 8K 78643K 434 0 0 rtable 111 4K 4K 78643K 1389 0 0 ifaddr 67 15K 16K 78643K 451 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 242 0 0 iov 0 0K 32K 78643K 410 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1201 75K 77K 78643K 5072 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 55 0 0 VM map 2 0K 0K 78643K 4 0 0 sem 12 1K 1K 78643K 310 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 4150 0 0 sigio 0 0K 0K 78643K 85 0 0 proc 42 30K 54K 78643K 1264 0 0 subproc 32 2K 2K 78643K 255 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 349 0 0 in_multi 33 2K 2K 78643K 277 0 0 ether_multi 1 0K 0K 78643K 16 0 0 mrt 0 0K 0K 78643K 6 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 96 424K 424K 78643K 96 0 0 exec 0 0K 1K 78643K 742 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 103 22K 31K 78643K 10714 0 0 UVM aobj 130 4K 4K 78643K 146 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 2 0K 1K 78643K 421 0 0 NDP 15 0K 0K 78643K 140 0 0 temp 190 3532K 4164K 78643K 92785 0 0 kqueue 0 0K 0K 78643K 38 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 33 0 27 1 0 1 1 0 8 0 rtpcb 80 202 0 200 1 0 1 1 0 8 0 rtentry 112 197 0 153 2 0 2 2 0 8 0 unpcb 120 1485 0 1477 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 2006 0 2006 1 1 0 1 0 8 0 tcpcb 544 834 0 829 1 0 1 1 0 8 0 ipq 40 10 0 10 5 5 0 1 0 8 0 ipqe 40 22 0 22 5 5 0 1 0 8 0 inpcb 280 2264 0 2256 1 0 1 1 0 8 0 ip6q 72 2 0 1 2 1 1 1 0 8 0 ip6af 48 1 0 0 1 0 1 1 0 8 0 nd6 48 45 0 39 1 0 1 1 0 8 0 pkpcb 40 22 0 22 8 8 0 1 0 8 0 swfcl 56 5 0 0 1 0 1 1 0 8 0 ppxss 1128 65 0 65 15 14 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 785 0 591 14 1 13 13 0 8 0 art_table 32 786 0 591 2 0 2 2 0 8 0 art_node 16 188 0 148 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 6 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 308 0 298 1 0 1 1 0 8 0 shmpl 112 144 0 16 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 7913 0 6505 47 0 47 47 0 8 0 ffsino 240 7913 0 6505 84 0 84 84 0 8 0 nchpl 144 13888 0 12260 61 0 61 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 44822 0 44822 2 1 1 1 0 8 1 vmpool 520 2 0 2 1 1 0 1 0 8 0 scsiplug 64 9 0 9 7 7 0 1 0 8 0 scxspl 192 40478 0 40478 13 12 1 7 0 8 1 plimitpl 152 323 0 316 1 0 1 1 0 8 0 sigapl 432 4288 0 4275 2 0 2 2 0 8 0 futexpl 56 67007 0 67007 2 1 1 1 0 8 1 knotepl 112 958 0 939 1 0 1 1 0 8 0 kqueuepl 104 908 0 906 1 0 1 1 0 8 0 pipepl 112 2588 0 2569 8 7 1 2 0 8 0 fdescpl 424 4289 0 4275 2 0 2 2 0 8 0 filepl 120 25867 0 25772 10 6 4 5 0 8 1 lockfpl 104 1388 0 1388 4 3 1 1 0 8 1 lockfspl 48 435 0 435 4 3 1 1 0 8 1 sessionpl 112 36 0 26 1 0 1 1 0 8 0 pgrppl 48 78 0 68 1 0 1 1 0 8 0 ucredpl 96 5077 0 5070 1 0 1 1 0 8 0 zombiepl 144 4275 0 4274 1 0 1 1 0 8 0 processpl 864 4305 0 4274 4 0 4 4 0 8 0 procpl 632 9335 0 9296 5 1 4 5 0 8 0 sosppl 128 54 0 54 13 13 0 1 0 8 0 sockpl 384 4020 0 4002 9 6 3 4 0 8 1 mcl64k 65536 359 0 359 43 27 16 29 0 8 16 mcl16k 16384 16 0 16 11 10 1 1 0 8 1 mcl12k 12288 86 0 86 15 14 1 1 0 8 1 mcl9k 9216 49 0 49 11 11 0 1 0 8 0 mcl8k 8192 67 0 67 12 11 1 1 0 8 1 mcl4k 4096 197 0 197 8 7 1 1 0 8 1 mcl2k2 2112 24 0 24 12 11 1 1 0 8 1 mcl2k 2048 65107 0 65052 22 14 8 14 0 8 0 mtagpl 80 121 0 102 2 1 1 1 0 8 0 mbufpl 256 125828 0 125696 34 15 19 23 0 8 8 bufpl 256 15491 0 10425 317 0 317 317 0 8 0 anonpl 16 377152 0 366282 155 91 64 67 0 62 11 amapchunkpl 152 19137 0 19009 63 56 7 30 0 158 0 amappl16 192 20800 0 20131 125 83 42 46 0 8 6 amappl15 184 928 0 926 2 1 1 1 0 8 0 amappl14 176 1265 0 1257 1 0 1 1 0 8 0 amappl13 168 227 0 227 3 3 0 1 0 8 0 amappl12 160 200 0 198 1 0 1 1 0 8 0 amappl11 152 1216 0 1203 1 0 1 1 0 8 0 amappl10 144 100 0 100 15 14 1 1 0 8 1 amappl9 136 1170 0 1167 1 0 1 1 0 8 0 amappl8 128 711 0 682 2 1 1 2 0 8 0 amappl7 120 103 0 97 1 0 1 1 0 8 0 amappl6 112 1162 0 1155 1 0 1 1 0 8 0 amappl5 104 447 0 436 1 0 1 1 0 8 0 amappl4 96 4135 0 4110 1 0 1 1 0 8 0 amappl3 88 2115 0 2101 1 0 1 1 0 8 0 amappl2 80 32977 0 32909 3 1 2 3 0 8 0 amappl1 72 84667 0 84259 25 15 10 19 0 8 0 amappl 80 9802 0 9760 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 145 0 16 3 0 3 3 0 8 0 uaddrrnd 24 4291 0 4275 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4291 0 4275 1 0 1 1 0 8 0 vmmpekpl 168 31756 0 31730 2 0 2 2 0 8 0 vmmpepl 168 502850 0 501124 260 160 100 115 0 357 19 vmsppl 272 4288 0 4275 3 2 1 2 0 8 0 pdppl 4096 8588 0 8554 6 1 5 6 0 8 0 pvpl 32 1013044 0 999152 330 171 159 166 0 265 29 pmappl 200 4290 0 4277 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 563 0 91 14 0 14 14 0 8 0