uvm_fault(0xfffffd8069d66740, 0x28, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at bpfioctl+0xe44: movq 0x28(%rax),%rdi
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*253834 79354 0 0 0x4000000 0 syz-executor.3
bpfioctl(31700,20004269,ffff800023166bc0,2,ffff80002b416678) at bpfioctl+0xe44 sys/net/bpf.c:901
VOP_IOCTL(fffffd80761d96c0,20004269,ffff800023166bc0,2,fffffd807f7d75b0,ffff80002b416678) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8068588260,20004269,ffff800023166bc0,ffff80002b416678) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002b416678,ffff800023166cd0,ffff800023166d20) at sys_ioctl+0x49e
syscall(ffff800023166da0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb6960cf1e40, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd8069d66740, 0x28, 0, 1) -> e
ddb> trace
bpfioctl(31700,20004269,ffff800023166bc0,2,ffff80002b416678) at bpfioctl+0xe44 sys/net/bpf.c:901
VOP_IOCTL(fffffd80761d96c0,20004269,ffff800023166bc0,2,fffffd807f7d75b0,ffff80002b416678) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8068588260,20004269,ffff800023166bc0,ffff80002b416678) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002b416678,ffff800023166cd0,ffff800023166d20) at sys_ioctl+0x49e
syscall(ffff800023166da0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb6960cf1e40, count: -6
ddb> show registers
rdi 0xffff800028010000
rsi 0x7f4
rbp 0xffff8000231669f0
rbx 0
rdx 0xffff800028010000
rcx 0x7f3
rax 0
r8 0xffffffff81bc30d0 uvm_map_inentry_pc
r9 0
r10 0xe87b5f05facbe924
r11 0xf0b8cd552549fac8
r12 0
r13 0
r14 0xffff800000d42800
r15 0
rip 0xffffffff820a6f94 bpfioctl+0xe44
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800023166970
ss 0x10
bpfioctl+0xe44: movq 0x28(%rax),%rdi
ddb> show proc
PROC (syz-executor.3) pid=253834 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=84, nice=20
forw=0xffffffffffffffff, list=0xffff80002b417158,0xffff8000216fe5a8
process=0xffff800027fdc3f0 user=0xffff800023161000, vmspace=0xfffffd8069d66740
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
15636 253301 80657 60928 3 0x3010 suspend syz-executor.4
15636 430038 80657 60928 2 0x4081090 syz-executor.4
15636 408249 80657 60928 2 0x4081090 syz-executor.4
15636 200325 80657 60928 2 0x4081090 syz-executor.4
60984 321441 17881 0 3 0x80 nanoslp syz-executor.1
60984 194817 17881 0 2 0x4000000 syz-executor.1
70762 118917 75218 0 3 0x80 nanoslp syz-executor.0
70762 171542 75218 0 3 0x4000080 fsleep syz-executor.0
70762 341003 75218 0 2 0x4000000 syz-executor.0
79354 457335 37252 0 3 0x80 nanoslp syz-executor.3
79354 390135 37252 0 2 0x4000000 syz-executor.3
*79354 253834 37252 0 7 0x4000000 syz-executor.3
43622 409477 17650 0 3 0x82 piperd syz-executor.7
35340 26646 17650 0 3 0x82 piperd syz-executor.2
75218 142763 17650 0 2 0x482 syz-executor.0
17881 176286 17650 0 2 0x482 syz-executor.1
37252 280167 17650 0 2 0x482 syz-executor.3
58066 378411 17650 0 2 0x2 syz-executor.6
44610 41744 17650 0 3 0x82 piperd syz-executor.5
80657 61245 17650 0 2 0x482 syz-executor.4
71920 170483 1 0 3 0x100083 ttyopn getty
30917 143088 0 0 3 0x14200 bored sosplice
17650 433696 81447 0 3 0x82 thrsleep syz-fuzzer
17650 3457 81447 0 3 0x4000082 nanoslp syz-fuzzer
17650 466478 81447 0 3 0x4000082 wait syz-fuzzer
17650 348977 81447 0 3 0x4000082 wait syz-fuzzer
17650 222960 81447 0 3 0x4000082 wait syz-fuzzer
17650 433691 81447 0 3 0x4000082 wait syz-fuzzer
17650 508153 81447 0 3 0x4000082 thrsleep syz-fuzzer
17650 395039 81447 0 2 0x4000002 syz-fuzzer
17650 238164 81447 0 3 0x4000082 wait syz-fuzzer
17650 356344 81447 0 3 0x4000082 thrsleep syz-fuzzer
17650 17273 81447 0 3 0x4000082 thrsleep syz-fuzzer
17650 156442 81447 0 3 0x4000082 wait syz-fuzzer
17650 66212 81447 0 3 0x4000082 wait syz-fuzzer
17650 376690 81447 0 3 0x4000082 wait syz-fuzzer
81447 325590 82419 0 3 0x10008a sigsusp ksh
82419 69311 79025 0 2 0x1a sshd
79025 7196 1 0 3 0x88 kqread sshd
52649 249246 46921 73 3 0x1100090 kqread syslogd
46921 193091 1 0 3 0x100082 netio syslogd
51489 124691 1 0 3 0x100080 kqread resolvd
42898 142248 97633 77 3 0x100092 kqread dhcpleased
8163 316202 97633 77 3 0x100092 kqread dhcpleased
97633 242079 1 0 3 0x80 kqread dhcpleased
73723 378811 0 0 3 0x14200 bored smr
3334 310387 0 0 2 0x14200 zerothread
98455 205606 0 0 3 0x14200 aiodoned aiodoned
89883 118713 0 0 3 0x14200 syncer update
49675 520052 0 0 3 0x14200 cleaner cleaner
71510 417268 0 0 3 0x14200 reaper reaper
80925 201747 0 0 3 0x14200 pgdaemon pagedaemon
37033 208203 0 0 3 0x14200 bored viomb
45218 280970 0 0 3 0x40014200 acpi0 acpi0
11620 335776 0 0 3 0x14200 bored softnet3
25172 199201 0 0 3 0x14200 bored softnet2
82594 220158 0 0 3 0x14200 bored softnet1
15772 64408 0 0 2 0x14200 softnet0
89925 350590 0 0 3 0x14200 bored systqmp
4087 53388 0 0 3 0x14200 bored systq
76381 232436 0 0 2 0x40014200 softclock
71532 123439 0 0 3 0x40014200 idle0
1 343964 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10197 6695K 7213K 78643K 29080 0
pcb 15 18K 21K 78643K 3145 0
rtable 178 16K 18K 78643K 4205 0
pf 47 12K 1039K 78643K 7697 0
ifaddr 39 13K 16K 78643K 708 0
ifgroup 62 2K 2K 78643K 1290 0
sysctl 3 1K 1K 78643K 3 0
counters 28 17K 17K 78643K 603 0
ioctlops 0 0K 2K 78643K 1645 0
iov 0 0K 28K 78643K 2344 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1564 98K 98K 78643K 11484 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 135 0
VM map 2 1K 1K 78643K 2 0
sem 12 1K 1K 78643K 2951 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 14 49K 73K 78643K 14053 0
sigio 0 0K 0K 78643K 243 0
proc 58 59K 75K 78643K 3042 0
subproc 104 6K 7K 78643K 1118 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 518 0
in_multi 70 5K 7K 78643K 1411 0
ether_multi 1 0K 0K 78643K 90 0
mrt 1 0K 0K 78643K 79 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 97 440K 440K 78643K 97 0
exec 0 0K 1K 78643K 3060 0
pfkey data 0 0K 0K 78643K 13 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 377 96K 110K 78643K 131756 0
UVM aobj 131 4K 4K 78643K 131 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 643 0
NDP 14 0K 1K 78643K 499 0
temp 74 5856K 14052K 78643K 146748 0
kqueue 12 18K 28K 78643K 1138 0
SYN cache 2 56K 64K 78643K 4 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 1067 0 1064 12 11 1 3 0 8 0
rtentry 112 1196 0 1125 5 2 3 4 0 8 0
unpcb 144 14349 0 14336 163 160 3 9 0 8 2
syncache 296 77 0 77 19 18 1 1 0 8 1
tcpqe 32 305 0 305 15 14 1 1 0 8 1
tcpcb 808 4236 0 4225 136 133 3 11 0 8 0
arp 88 183 0 171 1 0 1 1 0 8 0
ipq 40 8 0 6 4 3 1 1 0 8 0
ipqe 40 15 0 11 4 3 1 1 0 8 0
inpcb 336 14350 0 14334 215 212 3 13 0 8 0
nd6 104 275 0 260 1 0 1 1 0 8 0
pkpcb 40 95 0 95 7 6 1 1 0 8 1
kcovpl 48 86 0 78 1 0 1 1 0 8 0
mppekey 1024 11 0 11 4 4 0 1 0 8 0
ppxss 1160 407 0 407 30 29 1 1 0 8 1
pppxif 1360 250 0 250 12 12 0 1 0 8 0
pfstscr 40 120 0 111 1 0 1 1 0 8 0
pfosfp 40 5 0 3 1 0 1 1 0 8 0
pfosfpen 112 5 0 3 1 0 1 1 0 8 0
pfanchor 1288 788 166 276 47 4 43 43 0 8 0
pfstitem 24 28 0 10 1 0 1 1 0 8 0
pfstkey 128 298 0 285 1 0 1 1 0 8 0
pfstate 344 187 0 177 7 6 1 2 0 8 0
rttmr 136 16 0 16 6 5 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 5246 0 4905 64 41 23 30 0 8 0
art_table 32 5247 0 4905 5 1 4 4 0 8 0
art_node 16 1136 0 1075 1 0 1 1 0 8 0
semapl 112 2949 0 2939 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 19610 0 18123 94 0 94 94 0 8 0
ffsino 240 19610 0 18123 88 0 88 88 0 8 0
nchpl 144 42526 0 42018 63 41 22 63 0 8 0
rtmask 32 10 0 10 4 4 0 1 0 8 0
uvmvnodes 80 27894 0 0 570 0 570 570 0 8 0
vnodes 216 27894 0 0 1550 0 1550 1550 0 8 0
namei 1024 158786 0 158786 12 11 1 3 0 8 1
kstatmem 264 632 0 604 4 1 3 3 0 8 0
scxspl 216 106911 0 106911 28 27 1 8 0 8 1
plimitpl 152 1725 0 1710 1 0 1 1 0 8 0
sigapl 424 14260 0 14218 11 3 8 8 0 8 0
futexpl 64 144849 0 144845 2 1 1 1 0 8 0
knotepl 120 310336 0 310255 186 176 10 20 0 8 4
kqueuepl 184 3083 0 3075 54 51 3 6 0 8 2
pipepl 288 3090 0 3062 81 76 5 11 0 8 2
fdescpl 432 14180 0 14155 4 0 4 4 0 8 0
filepl 120 117274 0 117034 171 158 13 17 0 8 5
lockfpl 104 3564 0 3562 6 5 1 2 0 8 0
lockfspl 48 1085 0 1083 1 0 1 1 0 8 0
sessionpl 144 102 0 86 1 0 1 1 0 8 0
pgrppl 48 176 0 160 1 0 1 1 0 8 0
ucredpl 104 15132 0 15118 1 0 1 1 0 8 0
zombiepl 144 14218 0 14218 3 2 1 1 0 8 1
processpl 1008 14260 0 14218 13 4 9 9 0 8 0
procpl 696 36489 0 36426 34 26 8 10 0 8 0
sosppl 168 137 0 136 21 20 1 1 0 8 0
sockpl 456 29909 0 29877 767 755 12 38 0 8 6
mcl64k 65536 670 0 668 28 27 1 1 0 8 0
mcl16k 16384 336 0 336 32 31 1 1 0 8 1
mcl12k 12288 506 0 506 29 28 1 1 0 8 1
mcl9k 9216 229 0 229 35 34 1 1 0 8 1
mcl8k 8192 1311 0 1311 19 18 1 1 0 8 1
mcl4k 4096 1480 0 1480 14 13 1 1 0 8 1
mcl2k2 2112 87 0 87 35 34 1 1 0 8 1
mcl2k 2048 102339 0 102292 51 43 8 29 0 8 1
mtagpl 96 1647 0 1475 21 15 6 7 0 8 0
mbufpl 256 334623 0 334372 1201 1180 21 278 0 8 1
bufpl 288 25816 0 19431 457 0 457 457 0 8 0
anonpl 24 1447695 0 1431751 201 92 109 122 0 188 0
amapchunkpl 152 424089 0 423195 148 110 38 50 0 158 0
amappl16 200 27240 0 26734 145 117 28 39 0 8 0
amappl15 192 14 0 14 1 1 0 1 0 8 0
amappl14 184 411 0 397 2 1 1 2 0 8 0
amappl13 176 19 0 19 3 3 0 1 0 8 0
amappl12 168 15985 0 15958 2 0 2 2 0 8 0
amappl11 160 53 0 41 1 0 1 1 0 8 0
amappl10 152 116 0 103 1 0 1 1 0 8 0
amappl9 144 268 0 267 2 1 1 2 0 8 0
amappl8 136 599 0 505 5 1 4 4 0 8 0
amappl7 128 125 0 107 1 0 1 1 0 8 0
amappl6 120 849 0 825 2 1 1 2 0 8 0
amappl5 112 712 0 705 1 0 1 1 0 8 0
amappl4 104 1892 0 1857 3 1 2 2 0 8 0
amappl3 96 81630 0 81551 4 1 3 3 0 8 0
amappl2 88 15002 0 14943 4 2 2 3 0 8 0
amappl1 80 64478 0 63973 23 11 12 22 0 8 0
amappl 88 130259 0 130022 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 14180 0 14155 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 14180 0 14155 1 0 1 1 0 8 0
vmmpekpl 168 105938 0 105880 4 1 3 4 0 8 0
vmmpepl 168 882997 0 880725 380 259 121 135 0 357 0
vmsppl 368 14179 0 14155 3 0 3 3 0 8 0
rwobjpl 24 228214 0 198631 179 0 179 179 0 8 0
pdppl 4096 28366 0 28310 1176 1112 64 68 0 8 8
pvpl 32 3889141 0 3868031 473 288 185 332 0 265 0
pmappl 216 14179 0 14155 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 3694 0 2915 29 4 25 28 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
bpfioctl(31700,20004269,ffff800023166bc0,2,ffff80002b416678) at bpfioctl+0xe44 sys/net/bpf.c:901
VOP_IOCTL(fffffd80761d96c0,20004269,ffff800023166bc0,2,fffffd807f7d75b0,ffff80002b416678) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8068588260,20004269,ffff800023166bc0,ffff80002b416678) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002b416678,ffff800023166cd0,ffff800023166d20) at sys_ioctl+0x49e
syscall(ffff800023166da0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb6960cf1e40, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
bpfioctl(31700,20004269,ffff800023166bc0,2,ffff80002b416678) at bpfioctl+0xe44 sys/net/bpf.c:901
VOP_IOCTL(fffffd80761d96c0,20004269,ffff800023166bc0,2,fffffd807f7d75b0,ffff80002b416678) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8068588260,20004269,ffff800023166bc0,ffff80002b416678) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002b416678,ffff800023166cd0,ffff800023166d20) at sys_ioctl+0x49e
syscall(ffff800023166da0) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb6960cf1e40, count: -6