xUi®iZiw* 'v eh`r|^Kt0+i4)DYaWB"Q@*N|aeMQdI:. yg]2E:h^Rvq1sB͏:kAv!TܣoKJuvm_fault(0xfffffd803f013000, 0x24, 0, 1) -> e kernel: page fault trap, code=0 Stopped at frag6_input+0x762: movl 0x24(%rax),%r14d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f013000, 0x24, 0, 1) -> e frag6_input(ffff80001777c368,ffff80001777c374,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 end trace frame: 0xffff80001777c1f0, count: 0 ddb> trace frag6_input(ffff80001777c368,ffff80001777c374,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 ip_deliver(ffff80001777c368,ffff80001777c374,2c,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:665 ip6_input_if(ffff80001777c368,ffff80001777c374,29,0,ffff80000069c000) at ip6_input_if+0x153a ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff80001777c368,ffff80001777c374,29,0,ffff80000069c000) at ip6_input_if+0x153a sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000069c000,fffffd80353f5e00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000069c000,fffffd80353f5e00,18) at if_input_local+0x121 sys/net/if.c:783 ip6_output(fffffd80353f5500,ffff800000aa6180,fffffd802c1ba720,0,0,fffffd802c1ba6b0) at ip6_output+0xd35 rip6_output(fffffd80353f5500,fffffd802d4621f0,ffff80001777c6d8,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd802d4621f0,9,fffffd80353f5500,0,0,ffff8000ffff29f8) at rip6_usrreq+0x5cd sys/netinet6/raw_ip6.c:670 sosend(fffffd802d4621f0,0,ffff80001777c908,0,0,0) at sosend+0x660 sys/kern/uipc_socket.c:524 dofilewritev(ffff8000ffff29f8,3,ffff80001777c908,0,ffff80001777ca10) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff8000ffff29f8,ffff80001777c9a8,ffff80001777ca10) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff80001777ca70) at syscall+0x508 Xsyscall(6,0,c,0,3,cd205b73010) at Xsyscall+0x128 end of kernel end trace frame: 0xcd440af3260, count: -13 ddb> show registers rdi 0 rsi 0 rbp 0xffff80001777c170 rbx 0x600 rdx 0 rcx 0 rax 0 r8 0x30 r9 0 r10 0xa15a767ecae7c5cd r11 0xe7d498b549f73216 r12 0 r13 0xfffffd802d987f38 r14 0xfffffd802d987f48 r15 0xfffffd8037c71854 rip 0xffffffff81221c22 frag6_input+0x762 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff80001777c0b0 ss 0x10 frag6_input+0x762: movl 0x24(%rax),%r14d ddb> show proc PROC (syz-executor.1) pid=82370 stat=onproc flags process=0 proc=4000000 pri=81, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2018,0xffffffff82583dc8 process=0xffff8000ffff66d0 user=0xffff800017777000, vmspace=0xfffffd803f013000 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 61216 188785 10559 0 2 0 syz-executor.1 *61216 82370 10559 0 7 0x4000000 syz-executor.1 19883 201297 40336 0 3 0x80 nanosleep syz-executor.0 19883 201644 40336 0 3 0x4000080 fifor syz-executor.0 19883 431108 40336 0 3 0x4000080 fsleep syz-executor.0 10559 441325 58821 0 3 0x82 nanosleep syz-executor.1 40336 316697 58821 0 3 0x82 nanosleep syz-executor.0 93096 490174 1 0 3 0x100083 ttyin getty 48038 399186 0 0 3 0x14200 acct acct 86416 82795 0 0 3 0x14200 bored sosplice 58821 169464 55101 0 3 0x82 thrsleep syz-fuzzer 58821 304935 55101 0 3 0x4000082 nanosleep syz-fuzzer 58821 47643 55101 0 3 0x4000082 thrsleep syz-fuzzer 58821 230977 55101 0 3 0x4000082 thrsleep syz-fuzzer 58821 43438 55101 0 3 0x4000082 thrsleep syz-fuzzer 58821 416772 55101 0 3 0x4000082 kqread syz-fuzzer 58821 218160 55101 0 3 0x4000082 thrsleep syz-fuzzer 55101 162357 5331 0 3 0x10008a pause ksh 5331 25005 61434 0 3 0x92 select sshd 61434 25784 1 0 3 0x80 select sshd 99645 102991 34658 73 3 0x100090 kqread syslogd 34658 298328 1 0 3 0x100082 netio syslogd 95249 84457 1 77 3 0x100090 poll dhclient 18180 67543 1 0 3 0x80 poll dhclient 55676 146840 0 0 2 0x14200 zerothread 81414 2366 0 0 3 0x14200 aiodoned aiodoned 3241 214479 0 0 3 0x14200 syncer update 42763 41646 0 0 3 0x14200 cleaner cleaner 84275 317544 0 0 3 0x14200 reaper reaper 37688 83738 0 0 3 0x14200 pgdaemon pagedaemon 82800 20266 0 0 3 0x14200 bored crynlk 42892 350939 0 0 3 0x14200 bored crypto 27169 446902 0 0 3 0x40014200 acpi0 acpi0 46981 342485 0 0 3 0x14200 bored softnet 14726 483590 0 0 3 0x14200 bored systqmp 10079 199168 0 0 3 0x14200 bored systq 33917 284418 0 0 3 0x40014200 bored softclock 38811 105913 0 0 3 0x40014200 idle0 97034 166698 0 0 3 0x14200 bored smr 1 502381 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9542 6489K 7375K 78643K 26980 0 0 pcb 14 8K 8K 78643K 645 0 0 rtable 124 12K 13K 78643K 3637 0 0 ifaddr 65 21K 25K 78643K 1564 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 287 0 0 iov 0 0K 24K 78643K 909 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1212 76K 77K 78643K 7983 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 76 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 697 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 9458 0 0 sigio 0 0K 0K 78643K 146 0 0 proc 42 30K 54K 78643K 1979 0 0 subproc 32 2K 2K 78643K 429 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 580 0 0 in_multi 33 2K 2K 78643K 530 0 0 ether_multi 1 0K 0K 78643K 55 0 0 mrt 1 0K 0K 78643K 18 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 90 397K 397K 78643K 90 0 0 exec 0 0K 1K 78643K 1188 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 117 22K 31K 78643K 22337 0 0 UVM aobj 130 4K 4K 78643K 132 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 2 0K 1K 78643K 614 0 0 NDP 14 0K 0K 78643K 442 0 0 temp 184 3535K 4175K 78643K 124372 0 0 kqueue 0 0K 0K 78643K 50 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 59 0 52 1 0 1 1 0 8 0 rtpcb 80 536 0 534 1 0 1 1 0 8 0 rtentry 112 468 0 423 4 2 2 2 0 8 0 unpcb 120 2257 0 2247 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 76 0 76 4 4 0 1 0 8 0 tcpcb 544 1129 0 1124 1 0 1 1 0 8 0 ipq 40 20 0 20 7 6 1 1 0 8 1 ipqe 40 59 0 59 7 6 1 1 0 8 1 inpcb 280 3510 0 3495 14 12 2 2 0 8 0 ip6q 72 2 0 1 2 1 1 1 0 8 0 ip6af 48 1 0 0 1 0 1 1 0 8 0 nd6 48 75 0 69 2 1 1 1 0 8 0 pkpcb 40 22 0 22 6 6 0 1 0 8 0 ppxss 1128 326 0 326 24 23 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1266 0 1069 23 10 13 13 0 8 0 art_table 32 1267 0 1069 3 1 2 2 0 8 0 art_node 16 304 0 263 1 0 1 1 0 8 0 sysvmsgpl 40 79 0 39 1 0 1 1 0 8 0 semapl 112 695 0 685 1 0 1 1 0 8 0 shmpl 112 130 0 2 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 16170 0 14747 47 0 47 47 0 8 0 ffsino 240 16170 0 14747 85 0 85 85 0 8 0 nchpl 144 28118 0 26488 61 0 61 61 0 8 0 uvmvnodes 72 7619 0 0 139 0 139 139 0 8 0 vnodes 200 7619 0 0 401 0 401 401 0 8 0 namei 1024 88618 0 88618 6 5 1 1 0 8 1 scsiplug 64 30 0 30 14 14 0 1 0 8 0 scxspl 192 84451 0 84451 19 17 2 7 0 8 2 plimitpl 152 853 0 846 1 0 1 1 0 8 0 sigapl 432 9568 0 9554 2 0 2 2 0 8 0 futexpl 56 112829 0 112828 7 6 1 1 0 8 0 knotepl 112 1717 0 1698 1 0 1 1 0 8 0 kqueuepl 104 1560 0 1558 1 0 1 1 0 8 0 pipepl 112 3198 0 3179 8 7 1 2 0 8 0 fdescpl 424 9569 0 9554 2 0 2 2 0 8 0 filepl 120 48057 0 47961 6 2 4 5 0 8 1 lockfpl 104 2216 0 2216 11 10 1 1 0 8 1 lockfspl 48 763 0 763 11 10 1 1 0 8 1 sessionpl 112 48 0 38 1 0 1 1 0 8 0 pgrppl 48 108 0 98 1 0 1 1 0 8 0 ucredpl 96 14323 0 14316 1 0 1 1 0 8 0 zombiepl 144 9557 0 9557 4 3 1 1 0 8 1 processpl 864 9588 0 9557 4 0 4 4 0 8 0 procpl 632 20408 0 20368 4 0 4 4 0 8 0 sosppl 128 127 0 127 18 18 0 1 0 8 0 sockpl 384 6361 0 6341 15 12 3 4 0 8 0 mcl64k 65536 842 0 842 83 82 1 33 0 8 1 mcl16k 16384 22 0 22 15 15 0 1 0 8 0 mcl12k 12288 91 0 91 25 24 1 1 0 8 1 mcl9k 9216 143 0 143 24 23 1 1 0 8 1 mcl8k 8192 163 0 163 21 20 1 1 0 8 1 mcl4k 4096 393 0 393 13 12 1 1 0 8 1 mcl2k2 2112 40 0 40 17 16 1 1 0 8 1 mcl2k 2048 35095 0 35063 40 35 5 7 0 8 0 mtagpl 80 181 0 179 6 5 1 1 0 8 0 mbufpl 256 132472 0 132382 50 39 11 26 0 8 1 bufpl 256 28201 0 20588 477 0 477 477 0 8 0 anonpl 16 806835 0 801043 253 221 32 46 0 62 8 amapchunkpl 152 39194 0 39111 73 65 8 14 0 158 4 amappl16 192 50403 0 50124 232 217 15 31 0 8 1 amappl15 184 1178 0 1178 8 8 0 1 0 8 0 amappl14 176 1538 0 1532 1 0 1 1 0 8 0 amappl13 168 3081 0 3079 5 4 1 1 0 8 0 amappl12 160 195 0 191 1 0 1 1 0 8 0 amappl11 152 1165 0 1150 1 0 1 1 0 8 0 amappl10 144 955 0 955 20 20 0 1 0 8 0 amappl9 136 1588 0 1584 1 0 1 1 0 8 0 amappl8 128 1476 0 1427 3 1 2 2 0 8 0 amappl7 120 979 0 974 1 0 1 1 0 8 0 amappl6 112 1144 0 1133 1 0 1 1 0 8 0 amappl5 104 1231 0 1221 1 0 1 1 0 8 0 amappl4 96 10652 0 10620 1 0 1 1 0 8 0 amappl3 88 1138 0 1128 1 0 1 1 0 8 0 amappl2 80 76879 0 76801 3 1 2 3 0 8 0 amappl1 72 171633 0 171198 26 17 9 19 0 8 0 amappl 80 21041 0 21007 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 131 0 2 3 0 3 3 0 8 0 uaddrrnd 24 9569 0 9554 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9569 0 9554 1 0 1 1 0 8 0 vmmpekpl 168 48862 0 48835 2 0 2 2 0 8 0 vmmpepl 168 1087681 0 1086205 254 188 66 77 0 357 1 vmsppl 272 9568 0 9554 2 1 1 2 0 8 0 pdppl 4096 19144 0 19108 6 1 5 6 0 8 0 pvpl 32 2363314 0 2354277 545 436 109 200 0 265 34 pmappl 200 9568 0 9554 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 828 0 222 19 1 18 19 0 8 0