uvm_fault(0xfffffd803f014660, 0x24, 0, 1) -> e kernel: page fault trap, code=0 Stopped at frag6_input+0x762: movl 0x24(%rax),%r14d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f014660, 0x24, 0, 1) -> e frag6_input(ffff800017960308,ffff800017960314,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 end trace frame: 0xffff800017960190, count: 0 ddb> trace frag6_input(ffff800017960308,ffff800017960314,2c,18) at frag6_input+0x762 sys/netinet6/frag6.c:321 ip_deliver(ffff800017960308,ffff800017960314,2c,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:665 ip6_input_if(ffff800017960308,ffff800017960314,29,0,ffff80000069c000) at ip6_input_if+0x153a ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff800017960308,ffff800017960314,29,0,ffff80000069c000) at ip6_input_if+0x153a sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000069c000,fffffd8036ce5200) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000069c000,fffffd8036ce5200,18) at if_input_local+0x121 sys/net/if.c:783 ip6_output(fffffd8036ce5500,ffff800000a99300,fffffd803702f070,0,0,fffffd803702f000) at ip6_output+0xd35 rip6_output(fffffd8036ce5500,fffffd8037030300,ffff800017960678,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd8037030300,9,fffffd8036ce5500,0,0,ffff800014914508) at rip6_usrreq+0x5cd sys/netinet6/raw_ip6.c:670 sosend(fffffd8037030300,0,ffff8000179608a8,0,0,0) at sosend+0x660 sys/kern/uipc_socket.c:524 dofilewritev(ffff800014914508,3,ffff8000179608a8,0,ffff8000179609b0) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff800014914508,ffff800017960948,ffff8000179609b0) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff800017960a10) at syscall+0x508 Xsyscall(6,0,c,0,3,c57ece90010) at Xsyscall+0x128 end of kernel end trace frame: 0xc5aeb27ccd0, count: -13 ddb> show registers rdi 0 rsi 0 rbp 0xffff800017960110 rbx 0x600 rdx 0 rcx 0 rax 0 r8 0x30 r9 0 r10 0x211df3fb893434ec r11 0x3ef893b3409a6b76 r12 0 r13 0xfffffd802f456ee8 r14 0xfffffd802f456ef8 r15 0xfffffd80345ed854 rip 0xffffffff818f50a2 frag6_input+0x762 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff800017960050 ss 0x10 frag6_input+0x762: movl 0x24(%rax),%r14d ddb> show proc PROC (syz-executor.1) pid=172718 stat=onproc flags process=0 proc=4000000 pri=80, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff800014915160,0xffffffff8257f9f0 process=0xffff8000ffff66d0 user=0xffff80001795b000, vmspace=0xfffffd803f014660 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 73381 147683 18629 0 2 0 syz-executor.1 *73381 172718 18629 0 7 0x4000000 syz-executor.1 18629 73509 36599 0 3 0x82 nanosleep syz-executor.1 98639 468366 1 0 3 0x100083 ttyin getty 53255 507145 36599 0 3 0x82 nanosleep syz-executor.0 36599 500346 6483 0 3 0x82 thrsleep syz-fuzzer 36599 522784 6483 0 3 0x4000082 thrsleep syz-fuzzer 36599 291113 6483 0 3 0x4000082 thrsleep syz-fuzzer 36599 51352 6483 0 3 0x4000082 thrsleep syz-fuzzer 36599 332286 6483 0 3 0x4000082 thrsleep syz-fuzzer 36599 232670 6483 0 3 0x4000082 kqread syz-fuzzer 36599 207955 6483 0 3 0x4000082 thrsleep syz-fuzzer 6483 298599 76106 0 3 0x10008a pause ksh 76106 154981 46707 0 3 0x92 select sshd 46707 196679 1 0 3 0x80 select sshd 12087 271929 18581 73 3 0x100090 kqread syslogd 18581 257850 1 0 3 0x100082 netio syslogd 47576 497358 1 77 3 0x100090 poll dhclient 2225 85370 1 0 3 0x80 poll dhclient 91564 354228 0 0 2 0x14200 zerothread 89972 158292 0 0 3 0x14200 aiodoned aiodoned 98051 400434 0 0 3 0x14200 syncer update 94253 174165 0 0 3 0x14200 cleaner cleaner 87084 397992 0 0 3 0x14200 reaper reaper 98295 317968 0 0 3 0x14200 pgdaemon pagedaemon 717 221488 0 0 3 0x14200 bored crynlk 80115 398044 0 0 3 0x14200 bored crypto 43318 343046 0 0 3 0x40014200 acpi0 acpi0 52263 338563 0 0 3 0x14200 bored softnet 39452 258689 0 0 3 0x14200 bored systqmp 47524 509215 0 0 3 0x14200 bored systq 82257 430280 0 0 3 0x40014200 bored softclock 17576 450565 0 0 3 0x40014200 idle0 96682 140709 0 0 3 0x14200 bored smr 1 120921 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9504 6341K 6727K 78643K 11679 0 0 pcb 14 8K 8K 78643K 86 0 0 rtable 108 3K 4K 78643K 309 0 0 ifaddr 57 12K 13K 78643K 93 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 42 0 0 iov 0 0K 24K 78643K 52 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1215 76K 77K 78643K 1638 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 9 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 44 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 468 0 0 sigio 0 0K 0K 78643K 4 0 0 proc 42 30K 46K 78643K 416 0 0 subproc 32 2K 2K 78643K 51 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 17 0 0 in_multi 33 2K 2K 78643K 54 0 0 ether_multi 1 0K 0K 78643K 3 0 0 mrt 0 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 233 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 88 20K 21K 78643K 1940 0 0 UVM aobj 19 2K 2K 78643K 26 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 2 0K 0K 78643K 61 0 0 NDP 12 0K 0K 78643K 27 0 0 temp 142 3524K 4161K 78643K 19628 0 0 kqueue 0 0K 0K 78643K 2 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 37 0 35 1 0 1 1 0 8 0 rtentry 112 56 0 12 2 0 2 2 0 8 0 unpcb 120 213 0 205 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 2063 0 2063 1 1 0 1 0 8 0 tcpcb 544 93 0 88 1 0 1 1 0 8 0 ipq 40 2 0 2 1 1 0 1 0 8 0 ipqe 40 4 0 4 1 1 0 1 0 8 0 inpcb 280 247 0 239 1 0 1 1 0 8 0 ip6q 72 1 0 0 1 0 1 1 0 8 0 ip6af 48 1 0 0 1 0 1 1 0 8 0 nd6 48 9 0 3 1 0 1 1 0 8 0 ppxss 1128 6 0 6 4 4 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 235 0 44 12 0 12 12 0 8 0 art_table 32 236 0 44 2 0 2 2 0 8 0 art_node 16 55 0 15 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 4 2 1 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 42 0 32 1 0 1 1 0 8 0 shmpl 112 24 0 7 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2178 0 761 47 1 46 47 0 8 0 ffsino 240 2178 0 761 85 1 84 85 0 8 0 nchpl 144 3023 0 1395 62 1 61 62 0 8 0 uvmvnodes 72 2487 0 0 46 0 46 46 0 8 0 vnodes 200 2487 0 0 131 0 131 131 0 8 0 namei 1024 8696 0 8696 2 1 1 1 0 8 1 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 8237 0 8237 8 7 1 7 0 8 1 plimitpl 152 50 0 43 1 0 1 1 0 8 0 sigapl 432 637 0 624 2 0 2 2 0 8 0 futexpl 56 7123 0 7123 2 1 1 1 0 8 1 knotepl 112 142 0 123 1 0 1 1 0 8 0 kqueuepl 104 90 0 88 1 0 1 1 0 8 0 pipepl 112 372 0 353 1 0 1 1 0 8 0 fdescpl 424 638 0 624 2 0 2 2 0 8 0 filepl 120 3554 0 3459 5 1 4 4 0 8 1 lockfpl 104 145 0 145 3 2 1 1 0 8 1 lockfspl 48 54 0 54 3 2 1 1 0 8 1 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 27 0 17 1 0 1 1 0 8 0 ucredpl 96 537 0 529 1 0 1 1 0 8 0 zombiepl 144 624 0 623 2 1 1 1 0 8 0 processpl 864 652 0 623 4 0 4 4 0 8 0 procpl 632 1212 0 1176 4 0 4 4 0 8 0 sockpl 384 501 0 483 4 1 3 3 0 8 1 mcl64k 65536 16 0 16 3 2 1 1 0 8 1 mcl16k 16384 2 0 2 2 2 0 1 0 8 0 mcl12k 12288 7 0 7 3 2 1 1 0 8 1 mcl9k 9216 7 0 7 5 4 1 1 0 8 1 mcl8k 8192 10 0 10 3 2 1 1 0 8 1 mcl4k 4096 35 0 35 3 2 1 1 0 8 1 mcl2k2 2112 5 0 5 2 1 1 1 0 8 1 mcl2k 2048 58277 0 58229 15 8 7 13 0 8 0 mtagpl 80 16 0 11 2 1 1 1 0 8 0 mbufpl 256 95371 0 95283 12 4 8 10 0 8 0 bufpl 256 6621 0 1964 292 0 292 292 0 8 0 anonpl 16 69818 0 57399 74 19 55 64 0 62 5 amapchunkpl 152 2726 0 2622 9 4 5 7 0 158 0 amappl16 192 3130 0 2442 57 17 40 46 0 8 5 amappl14 176 58 0 52 1 0 1 1 0 8 0 amappl13 168 214 0 213 2 1 1 1 0 8 0 amappl12 160 13 0 11 1 0 1 1 0 8 0 amappl11 152 53 0 42 1 0 1 1 0 8 0 amappl10 144 211 0 211 2 2 0 1 0 8 0 amappl9 136 563 0 560 1 0 1 1 0 8 0 amappl8 128 142 0 123 1 0 1 1 0 8 0 amappl7 120 184 0 180 1 0 1 1 0 8 0 amappl6 112 62 0 52 1 0 1 1 0 8 0 amappl5 104 158 0 147 1 0 1 1 0 8 0 amappl4 96 862 0 835 1 0 1 1 0 8 0 amappl3 88 185 0 175 1 0 1 1 0 8 0 amappl2 80 4455 0 4386 3 1 2 3 0 8 0 amappl1 72 20761 0 20355 28 20 8 19 0 8 0 amappl 80 1455 0 1420 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 25 0 7 1 0 1 1 0 8 0 uaddrrnd 24 638 0 624 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 638 0 624 1 0 1 1 0 8 0 vmmpekpl 168 8130 0 8107 2 0 2 2 0 8 0 vmmpepl 168 80967 0 79249 124 41 83 98 0 357 5 vmsppl 272 637 0 624 2 1 1 2 0 8 0 pdppl 4096 1282 0 1248 6 1 5 6 0 8 0 pvpl 32 209634 0 194241 171 31 140 152 0 265 15 pmappl 200 637 0 624 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 444 0 26 13 1 12 13 0 8 0