uvm_fault(0xfffffd803f014bb0, 0x24, 0, 1) -> e kernel: page fault trap, code=0 Stopped at frag6_input+0x762: movl 0x24(%rax),%r14d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f014bb0, 0x24, 0, 1) -> e frag6_input(ffff800014917998,ffff8000149179a4,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 end trace frame: 0xffff800014917820, count: 0 ddb> trace frag6_input(ffff800014917998,ffff8000149179a4,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 ip_deliver(ffff800014917998,ffff8000149179a4,2c,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:665 ip6_input_if(ffff800014917998,ffff8000149179a4,29,0,ffff80000069c000) at ip6_input_if+0x153a ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff800014917998,ffff8000149179a4,29,0,ffff80000069c000) at ip6_input_if+0x153a sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000069c000,fffffd8036cf8300) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000069c000,fffffd8036cf8300,18) at if_input_local+0x121 sys/net/if.c:783 ip6_output(fffffd8036cf8a00,ffff800000a8d280,fffffd8036fe1700,0,0,fffffd8036fe1690) at ip6_output+0xd35 rip6_output(fffffd8036cf8a00,fffffd8036fe2a80,ffff800014917d08,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd8036fe2a80,9,fffffd8036cf8a00,0,0,ffff80001493a780) at rip6_usrreq+0x5cd sys/netinet6/raw_ip6.c:670 sosend(fffffd8036fe2a80,0,ffff800014917f38,0,0,0) at sosend+0x660 sys/kern/uipc_socket.c:524 dofilewritev(ffff80001493a780,3,ffff800014917f38,0,ffff800014918040) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff80001493a780,ffff800014917fd8,ffff800014918040) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff8000149180a0) at syscall+0x508 Xsyscall(6,0,c,0,3,1e0210e5010) at Xsyscall+0x128 end of kernel end trace frame: 0x1e2dba9d850, count: -13 ddb> show registers rdi 0 rsi 0 rbp 0xffff8000149177a0 rbx 0x600 rdx 0 rcx 0 rax 0 r8 0x30 r9 0 r10 0xbcb8634d615f3ec1 r11 0xd2274439367a7061 r12 0 r13 0xfffffd802f889ee8 r14 0xfffffd802f889ef8 r15 0xfffffd80047ac854 rip 0xffffffff818f50a2 frag6_input+0x762 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff8000149176e0 ss 0x10 frag6_input+0x762: movl 0x24(%rax),%r14d ddb> show proc PROC (syz-executor.1) pid=246128 stat=onproc flags process=0 proc=4000000 pri=78, usrpri=78, nice=20 forw=0xffffffffffffffff, list=0xffff80001493b160,0xffffffff8257f9f0 process=0xffff8000ffff70f0 user=0xffff800014913000, vmspace=0xfffffd803f014bb0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 71498 111763 4528 0 2 0 syz-executor.1 *71498 246128 4528 0 7 0x4000000 syz-executor.1 85740 422969 0 0 3 0x14200 acct acct 49139 98088 1 0 3 0x100083 ttyin getty 81385 355206 0 0 3 0x14200 bored sosplice 40978 304249 40568 0 2 0x2 syz-executor.0 4528 194747 40568 0 3 0x82 nanosleep syz-executor.1 40568 426253 34885 0 3 0x82 kqread syz-fuzzer 40568 424758 34885 0 3 0x4000082 nanosleep syz-fuzzer 40568 258651 34885 0 3 0x4000082 thrsleep syz-fuzzer 40568 32064 34885 0 3 0x4000082 thrsleep syz-fuzzer 40568 358190 34885 0 3 0x4000082 thrsleep syz-fuzzer 40568 365251 34885 0 3 0x4000082 thrsleep syz-fuzzer 40568 72910 34885 0 3 0x4000082 thrsleep syz-fuzzer 34885 447919 2922 0 3 0x10008a pause ksh 2922 301870 63096 0 3 0x92 select sshd 63096 201924 1 0 3 0x80 select sshd 38990 328081 62808 73 3 0x100090 kqread syslogd 62808 127171 1 0 3 0x100082 netio syslogd 52071 373571 1 77 3 0x100090 poll dhclient 93426 264394 1 0 3 0x80 poll dhclient 731 479702 0 0 2 0x14200 zerothread 85802 452150 0 0 3 0x14200 aiodoned aiodoned 65441 160332 0 0 3 0x14200 syncer update 66363 517500 0 0 3 0x14200 cleaner cleaner 52938 204030 0 0 3 0x14200 reaper reaper 45319 464364 0 0 3 0x14200 pgdaemon pagedaemon 44264 403714 0 0 3 0x14200 bored crynlk 72943 79367 0 0 3 0x14200 bored crypto 16582 335568 0 0 3 0x40014200 acpi0 acpi0 76588 509923 0 0 3 0x14200 bored softnet 76146 123610 0 0 3 0x14200 bored systqmp 24280 40897 0 0 3 0x14200 bored systq 15410 74915 0 0 3 0x40014200 bored softclock 48009 370416 0 0 3 0x40014200 idle0 84529 167854 0 0 3 0x14200 bored smr 1 303615 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9494 6330K 6958K 78643K 11850 0 0 pcb 14 8K 8K 78643K 63 0 0 rtable 108 3K 4K 78643K 273 0 0 ifaddr 55 12K 13K 78643K 93 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 46 0 0 iov 0 0K 16K 78643K 54 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1216 76K 77K 78643K 1650 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 7 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 58 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 496 0 0 sigio 0 0K 0K 78643K 10 0 0 proc 42 30K 46K 78643K 395 0 0 subproc 32 2K 2K 78643K 34 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 26 0 0 in_multi 33 2K 2K 78643K 43 0 0 ether_multi 1 0K 0K 78643K 5 0 0 mrt 0 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 54 238K 238K 78643K 54 0 0 exec 0 0K 1K 78643K 240 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 87 20K 23K 78643K 2044 0 0 UVM aobj 16 2K 2K 78643K 18 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 2 0K 0K 78643K 48 0 0 NDP 11 0K 0K 78643K 25 0 0 temp 155 3533K 3601K 78643K 6992 0 0 kqueue 0 0K 0K 78643K 4 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 29 0 27 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 209 0 201 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1541 0 1541 1 1 0 1 0 8 0 tcpcb 544 81 0 76 1 0 1 1 0 8 0 inpcb 280 241 0 233 1 0 1 1 0 8 0 ip6q 72 1 0 0 1 0 1 1 0 8 0 ip6af 48 1 0 0 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 8 0 8 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 6 1 0 1 1 0 8 0 semapl 112 56 0 46 1 0 1 1 0 8 0 shmpl 112 16 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2196 0 778 47 0 47 47 0 8 0 ffsino 240 2196 0 778 84 0 84 84 0 8 0 nchpl 144 3107 0 1466 62 0 62 62 0 8 0 uvmvnodes 72 2522 0 0 46 0 46 46 0 8 0 vnodes 200 2522 0 0 133 0 133 133 0 8 0 namei 1024 8906 0 8906 1 0 1 1 0 8 1 scxspl 192 8163 0 8163 10 8 2 7 0 8 2 plimitpl 152 52 0 45 1 0 1 1 0 8 0 sigapl 432 668 0 655 2 0 2 2 0 8 0 futexpl 56 7952 0 7952 1 0 1 1 0 8 1 knotepl 112 162 0 143 1 0 1 1 0 8 0 kqueuepl 104 114 0 112 1 0 1 1 0 8 0 pipepl 112 396 0 377 1 0 1 1 0 8 0 fdescpl 424 669 0 655 2 0 2 2 0 8 0 filepl 120 3894 0 3799 4 0 4 4 0 8 0 lockfpl 104 250 0 250 2 1 1 1 0 8 1 lockfspl 48 77 0 77 2 1 1 1 0 8 1 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 24 0 14 1 0 1 1 0 8 0 ucredpl 96 775 0 767 1 0 1 1 0 8 0 zombiepl 144 655 0 655 1 0 1 1 0 8 1 processpl 864 685 0 655 4 0 4 4 0 8 0 procpl 632 1340 0 1303 5 1 4 5 0 8 0 sosppl 128 7 0 7 2 2 0 1 0 8 0 sockpl 384 488 0 470 3 0 3 3 0 8 1 mcl64k 65536 12 0 12 3 2 1 1 0 8 1 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 8 0 8 4 3 1 1 0 8 1 mcl9k 9216 5 0 5 2 1 1 1 0 8 1 mcl8k 8192 9 0 9 1 0 1 1 0 8 1 mcl4k 4096 30 0 30 2 1 1 1 0 8 1 mcl2k2 2112 5 0 5 3 2 1 1 0 8 1 mcl2k 2048 58670 0 58620 18 10 8 14 0 8 1 mtagpl 80 13 0 2 2 1 1 1 0 8 0 mbufpl 256 95617 0 95498 12 2 10 10 0 8 0 bufpl 256 6486 0 1903 289 2 287 287 0 8 0 anonpl 16 70796 0 58384 80 15 65 66 0 62 14 amapchunkpl 152 2930 0 2823 9 3 6 8 0 158 0 amappl16 192 3218 0 2538 53 13 40 46 0 8 6 amappl15 184 8 0 7 1 0 1 1 0 8 0 amappl14 176 54 0 48 1 0 1 1 0 8 0 amappl13 168 7 0 7 1 1 0 1 0 8 0 amappl12 160 12 0 10 1 0 1 1 0 8 0 amappl11 152 310 0 296 1 0 1 1 0 8 0 amappl10 144 271 0 269 1 0 1 1 0 8 0 amappl9 136 560 0 556 1 0 1 1 0 8 0 amappl8 128 143 0 122 1 0 1 1 0 8 0 amappl7 120 242 0 238 1 0 1 1 0 8 0 amappl6 112 304 0 295 1 0 1 1 0 8 0 amappl5 104 137 0 127 1 0 1 1 0 8 0 amappl4 96 896 0 869 1 0 1 1 0 8 0 amappl3 88 183 0 173 1 0 1 1 0 8 0 amappl2 80 4576 0 4510 3 1 2 3 0 8 0 amappl1 72 20984 0 20568 25 16 9 19 0 8 0 amappl 80 1580 0 1544 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 17 0 2 1 0 1 1 0 8 0 uaddrrnd 24 669 0 655 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 669 0 655 1 0 1 1 0 8 0 vmmpekpl 168 8615 0 8591 2 0 2 2 0 8 0 vmmpepl 168 84252 0 82519 127 37 90 120 0 357 14 vmsppl 272 668 0 655 2 1 1 2 0 8 0 pdppl 4096 1344 0 1310 6 1 5 6 0 8 0 pvpl 32 214479 0 199089 173 14 159 160 0 265 34 pmappl 200 668 0 655 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 438 0 22 12 0 12 12 0 8 0