uvm_fault(0xfffffd803f014880, 0x24, 0, 1) -> e kernel: page fault trap, code=0 Stopped at frag6_input+0x762: movl 0x24(%rax),%r14d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f014880, 0x24, 0, 1) -> e frag6_input(ffff8000148f87e8,ffff8000148f87f4,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 end trace frame: 0xffff8000148f8670, count: 0 ddb> trace frag6_input(ffff8000148f87e8,ffff8000148f87f4,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 ip_deliver(ffff8000148f87e8,ffff8000148f87f4,2c,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:665 ip6_input_if(ffff8000148f87e8,ffff8000148f87f4,29,0,ffff80000069c000) at ip6_input_if+0x153a ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff8000148f87e8,ffff8000148f87f4,29,0,ffff80000069c000) at ip6_input_if+0x153a sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000069c000,fffffd8037924000) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000069c000,fffffd8037924000,18) at if_input_local+0x121 sys/net/if.c:783 ip6_output(fffffd8037924100,ffff800000ab6780,fffffd8036fe5c78,0,0,fffffd8036fe5c08) at ip6_output+0xd35 rip6_output(fffffd8037924100,fffffd8036fe6a80,ffff8000148f8b58,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd8036fe6a80,9,fffffd8037924100,0,0,ffff8000ffff33d8) at rip6_usrreq+0x5cd sys/netinet6/raw_ip6.c:670 sosend(fffffd8036fe6a80,0,ffff8000148f8d88,0,0,0) at sosend+0x660 sys/kern/uipc_socket.c:524 dofilewritev(ffff8000ffff33d8,3,ffff8000148f8d88,0,ffff8000148f8e90) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff8000ffff33d8,ffff8000148f8e28,ffff8000148f8e90) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff8000148f8ef0) at syscall+0x508 Xsyscall(6,0,c,0,3,a77b4dab010) at Xsyscall+0x128 end of kernel end trace frame: 0xa7a7eda2910, count: -13 ddb> show registers rdi 0 rsi 0 rbp 0xffff8000148f85f0 rbx 0x600 rdx 0 rcx 0 rax 0 r8 0x30 r9 0 r10 0xb9a99a97f8992ac0 r11 0xe2658336ee24b0b1 r12 0 r13 0xfffffd8026ef5f00 r14 0xfffffd8026ef5f10 r15 0xfffffd80047a0054 rip 0xffffffff81c4b992 frag6_input+0x762 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff8000148f8530 ss 0x10 frag6_input+0x762: movl 0x24(%rax),%r14d ddb> show proc PROC (syz-executor.0) pid=482898 stat=onproc flags process=0 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2290,0xffffffff82570880 process=0xffff8000148a37b8 user=0xffff8000148f3000, vmspace=0xfffffd803f014880 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 61009 424499 27760 0 2 0 syz-executor.0 *61009 482898 27760 0 7 0x4000000 syz-executor.0 27769 341914 1 0 3 0x100083 ttyin getty 62254 148049 9467 0 2 0x2 syz-executor.1 27760 310148 9467 0 3 0x82 nanosleep syz-executor.0 13355 132376 0 0 3 0x14200 bored sosplice 46707 11956 0 0 3 0x14200 acct acct 9467 72527 6212 0 3 0x82 thrsleep syz-fuzzer 9467 280446 6212 0 3 0x4000082 nanosleep syz-fuzzer 9467 182105 6212 0 3 0x4000082 thrsleep syz-fuzzer 9467 515363 6212 0 3 0x4000082 thrsleep syz-fuzzer 9467 416388 6212 0 3 0x4000082 kqread syz-fuzzer 9467 313893 6212 0 3 0x4000082 thrsleep syz-fuzzer 9467 445143 6212 0 3 0x4000082 thrsleep syz-fuzzer 9467 29055 6212 0 3 0x4000082 thrsleep syz-fuzzer 6212 202929 80708 0 3 0x10008a pause ksh 80708 354478 61867 0 3 0x92 select sshd 61867 403265 1 0 3 0x80 select sshd 33167 347680 83871 73 3 0x100090 kqread syslogd 83871 300373 1 0 3 0x100082 netio syslogd 95023 262768 1 77 3 0x100090 poll dhclient 40551 62112 1 0 3 0x80 poll dhclient 49028 416827 0 0 2 0x14200 zerothread 11691 418302 0 0 3 0x14200 aiodoned aiodoned 736 230122 0 0 3 0x14200 syncer update 9642 125570 0 0 3 0x14200 cleaner cleaner 31306 330253 0 0 3 0x14200 reaper reaper 43186 77665 0 0 3 0x14200 pgdaemon pagedaemon 78301 273425 0 0 3 0x14200 bored crynlk 64383 129710 0 0 3 0x14200 bored crypto 42396 188559 0 0 3 0x40014200 acpi0 acpi0 98411 310481 0 0 3 0x14200 bored softnet 73486 78008 0 0 3 0x14200 bored systqmp 21431 363058 0 0 3 0x14200 bored systq 21332 15617 0 0 3 0x40014200 bored softclock 12834 22783 0 0 3 0x40014200 idle0 99246 505643 0 0 3 0x14200 bored smr 1 460324 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9594 6521K 7036K 78643K 26515 0 0 pcb 14 8K 8K 78643K 668 0 0 rtable 98 11K 12K 78643K 2196 0 0 ifaddr 77 18K 19K 78643K 696 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 389 0 0 iov 0 0K 32K 78643K 689 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1212 76K 77K 78643K 7136 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 90 0 0 VM map 2 0K 0K 78643K 16 0 0 sem 12 0K 0K 78643K 683 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 6302 0 0 sigio 0 0K 0K 78643K 90 0 0 proc 42 30K 46K 78643K 2005 0 0 subproc 32 2K 2K 78643K 430 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 538 0 0 in_multi 22 1K 2K 78643K 458 0 0 ether_multi 1 0K 0K 78643K 22 0 0 mrt 0 0K 0K 78643K 13 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 84 371K 371K 78643K 84 0 0 exec 0 0K 1K 78643K 1056 0 0 pfkey data 0 0K 4K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 101 21K 39K 78643K 15727 0 0 UVM aobj 130 4K 4K 78643K 149 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 2 0K 1K 78643K 595 0 0 NDP 19 0K 0K 78643K 221 0 0 temp 219 3536K 3612K 78643K 112506 0 0 kqueue 0 0K 0K 78643K 51 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 52 0 48 1 0 1 1 0 8 0 rtpcb 80 339 0 337 1 0 1 1 0 8 0 rtentry 112 308 0 274 3 1 2 2 0 8 0 unpcb 120 2284 0 2276 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 1041 0 1041 1 1 0 1 0 8 0 tcpcb 544 1139 0 1134 1 0 1 1 0 8 0 ipq 40 7 0 7 4 4 0 1 0 8 0 ipqe 40 14 0 14 4 4 0 1 0 8 0 inpcb 280 3284 0 3276 3 2 1 2 0 8 0 ip6q 72 4 0 3 4 3 1 1 0 8 0 ip6af 48 5 0 4 3 2 1 1 0 8 0 nd6 48 75 0 72 2 1 1 1 0 8 0 pkpcb 40 26 0 26 9 9 0 1 0 8 0 ppxss 1128 85 0 85 26 25 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1256 0 1109 27 15 12 13 0 8 0 art_table 32 1257 0 1109 3 1 2 2 0 8 0 art_node 16 298 0 268 1 0 1 1 0 8 0 sysvmsgpl 40 24 0 16 1 0 1 1 0 8 0 semapl 112 681 0 671 1 0 1 1 0 8 0 shmpl 112 147 0 19 5 1 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 11041 0 9617 47 0 47 47 0 8 0 ffsino 240 11041 0 9617 85 0 85 85 0 8 0 nchpl 144 19945 0 18323 61 0 61 61 0 8 0 uvmvnodes 72 7544 0 0 138 0 138 138 0 8 0 vnodes 200 7544 0 0 398 0 398 398 0 8 0 namei 1024 66066 0 66065 5 4 1 1 0 8 0 vmpool 520 14 0 14 6 6 0 1 0 8 0 scsiplug 64 13 0 13 10 9 1 1 0 8 1 scxspl 192 68020 0 68020 26 25 1 7 0 8 1 plimitpl 152 557 0 550 1 0 1 1 0 8 0 sigapl 432 6410 0 6397 2 0 2 2 0 8 0 futexpl 56 103124 0 103124 6 5 1 1 0 8 1 knotepl 112 1622 0 1603 1 0 1 1 0 8 0 kqueuepl 104 1473 0 1471 1 0 1 1 0 8 0 pipepl 112 3552 0 3533 8 7 1 2 0 8 0 fdescpl 424 6411 0 6397 2 0 2 2 0 8 0 filepl 120 38861 0 38766 11 7 4 5 0 8 1 lockfpl 104 2171 0 2171 10 9 1 1 0 8 1 lockfspl 48 729 0 729 10 9 1 1 0 8 1 sessionpl 112 46 0 36 1 0 1 1 0 8 0 pgrppl 48 102 0 92 1 0 1 1 0 8 0 ucredpl 96 7359 0 7352 1 0 1 1 0 8 0 zombiepl 144 6397 0 6397 3 2 1 1 0 8 1 processpl 864 6427 0 6397 4 0 4 4 0 8 0 procpl 632 13891 0 13853 4 0 4 4 0 8 0 sosppl 128 53 0 53 17 17 0 1 0 8 0 sockpl 384 5988 0 5970 15 12 3 4 0 8 1 mcl64k 65536 932 0 932 108 107 1 33 0 8 1 mcl16k 16384 23 0 23 15 14 1 1 0 8 1 mcl12k 12288 128 0 128 19 18 1 1 0 8 1 mcl9k 9216 97 0 97 22 22 0 1 0 8 0 mcl8k 8192 88 0 88 22 21 1 1 0 8 1 mcl4k 4096 338 0 338 12 11 1 1 0 8 1 mcl2k2 2112 37 0 37 16 15 1 1 0 8 1 mcl2k 2048 69391 0 69340 24 17 7 13 0 8 0 mtagpl 80 167 0 159 7 6 1 1 0 8 0 mbufpl 256 143381 0 143296 66 58 8 24 0 8 0 bufpl 256 24473 0 16765 484 1 483 483 0 8 0 anonpl 16 560156 0 547616 184 117 67 69 0 62 11 amapchunkpl 152 29427 0 29326 115 109 6 29 0 158 0 amappl16 192 32067 0 31330 191 145 46 50 0 8 8 amappl15 184 767 0 767 5 5 0 1 0 8 0 amappl14 176 1563 0 1556 1 0 1 1 0 8 0 amappl13 168 2016 0 2016 4 4 0 1 0 8 0 amappl12 160 686 0 680 1 0 1 1 0 8 0 amappl11 152 575 0 564 1 0 1 1 0 8 0 amappl10 144 253 0 253 20 20 0 1 0 8 0 amappl9 136 1602 0 1599 1 0 1 1 0 8 0 amappl8 128 1092 0 1063 1 0 1 1 0 8 0 amappl7 120 278 0 271 1 0 1 1 0 8 0 amappl6 112 529 0 521 1 0 1 1 0 8 0 amappl5 104 1013 0 999 1 0 1 1 0 8 0 amappl4 96 6437 0 6414 1 0 1 1 0 8 0 amappl3 88 1739 0 1726 1 0 1 1 0 8 0 amappl2 80 50323 0 50256 3 1 2 3 0 8 0 amappl1 72 122852 0 122437 26 17 9 19 0 8 0 amappl 80 14499 0 14465 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 148 0 19 3 0 3 3 0 8 0 uaddrrnd 24 6425 0 6397 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6425 0 6397 1 0 1 1 0 8 0 vmmpekpl 168 42728 0 42702 2 0 2 2 0 8 0 vmmpepl 168 747026 0 745228 351 261 90 110 0 357 5 vmsppl 272 6410 0 6397 6 5 1 2 0 8 0 pdppl 4096 12856 0 12822 7 2 5 6 0 8 0 pvpl 32 1687058 0 1671406 508 342 166 254 0 265 30 pmappl 200 6424 0 6411 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 868 0 257 19 0 19 19 0 8 0