uvm_fault(0xfffffd807f00b8a0, 0x9b, 0, 1) -> e kernel: page fault trap, code=0 Stopped at bpfioctl+0xc7: movzbl 0x9b(%r14),%ebx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xfffffd807f00b8a0, 0x9b, 0, 1) -> e bpfioctl(11700,80104277,ffff8000239bd490,2,ffff800020a82f28) at bpfioctl+0xc7 sys/net/bpf.c:672 end trace frame: 0xffff8000239bd370, count: 0 ddb{1}> trace bpfioctl(11700,80104277,ffff8000239bd490,2,ffff800020a82f28) at bpfioctl+0xc7 sys/net/bpf.c:672 VOP_IOCTL(fffffd8066d889d0,80104277,ffff8000239bd490,2,fffffd807f7c66c0,ffff800020a82f28) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd806e6a1c80,80104277,ffff8000239bd490,ffff800020a82f28) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:536 sys_ioctl(ffff800020a82f28,ffff8000239bd5a8,ffff8000239bd5f0) at sys_ioctl+0x5b9 syscall(ffff8000239bd670) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff8000239bd670) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff15,0,3,ebfa15cd1b0) at Xsyscall+0x128 end of kernel end trace frame: 0xec23df3cca0, count: -6 ddb{1}> show registers rdi 0xffffffff8145f73c bpfioctl+0xac rsi 0x72 rbp 0xffff8000239bd2c0 rbx 0x100 rdx 0x73 rcx 0xffff800021b58000 rax 0xffff800021b58000 r8 0xffff800020a82f28 r9 0x5 r10 0x4 r11 0x2c5d5bea219c43cb r12 0x80104277 __kernel_virt_to_phys+0x104277 r13 0xffff800020a82f28 r14 0 r15 0xffff8000239bd490 rip 0xffffffff8145f757 bpfioctl+0xc7 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000239bd250 ss 0x10 bpfioctl+0xc7: movzbl 0x9b(%r14),%ebx ddb{1}> show proc PROC (syz-executor.1) pid=185426 stat=onproc flags process=0 proc=4000000 pri=78, usrpri=78, nice=20 forw=0xffffffffffffffff, list=0xffff800020a83908,0xffff800020a83b90 process=0xffff800020add880 user=0xffff8000239b8000, vmspace=0xfffffd807f00b8a0 estcpu=28, cpticks=0, pctcpu=0.21 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 44016 384904 63285 0 3 0x80 nanosleep syz-executor.0 44016 457405 63285 0 3 0x4000000 tqbar syz-executor.0 44016 303542 63285 0 3 0x4000000 fdlock syz-executor.0 44016 266997 63285 0 3 0x4000000 fdlock syz-executor.0 44016 385542 63285 0 3 0x4000080 fsleep syz-executor.0 70752 117490 97560 0 7 0 syz-executor.1 70752 457736 97560 0 3 0x4000000 tqbar syz-executor.1 70752 260801 97560 0 2 0x4000000 syz-executor.1 *70752 185426 97560 0 7 0x4000000 syz-executor.1 70752 503326 97560 0 3 0x4000080 fsleep syz-executor.1 63285 369617 51178 0 3 0x82 nanosleep syz-executor.0 97560 106799 51178 0 3 0x82 nanosleep syz-executor.1 6103 323563 1 0 3 0x100083 ttyin getty 37242 19144 0 0 3 0x14200 bored sosplice 51178 30462 91843 0 3 0x82 kqread syz-fuzzer 51178 414349 91843 0 3 0x4000082 thrsleep syz-fuzzer 51178 38072 91843 0 3 0x4000082 thrsleep syz-fuzzer 51178 406867 91843 0 3 0x4000082 thrsleep syz-fuzzer 51178 290540 91843 0 3 0x4000082 thrsleep syz-fuzzer 51178 107228 91843 0 3 0x4000082 thrsleep syz-fuzzer 51178 446763 91843 0 3 0x4000082 thrsleep syz-fuzzer 51178 339728 91843 0 3 0x4000082 thrsleep syz-fuzzer 51178 62634 91843 0 3 0x4000082 thrsleep syz-fuzzer 51178 499205 91843 0 3 0x4000082 thrsleep syz-fuzzer 91843 131700 33366 0 3 0x10008a pause ksh 33366 369972 52874 0 3 0x92 select sshd 52874 380186 1 0 3 0x80 select sshd 75306 131792 63109 74 3 0x100092 bpf pflogd 63109 337936 1 0 3 0x80 netio pflogd 67061 260398 87618 73 3 0x100090 kqread syslogd 87618 297367 1 0 3 0x100082 netio syslogd 89309 286924 0 0 3 0x14200 pgzero zerothread 78160 71067 0 0 3 0x14200 aiodoned aiodoned 56912 227857 0 0 3 0x14200 syncer update 84428 28525 0 0 3 0x14200 cleaner cleaner 74488 207386 0 0 3 0x14200 reaper reaper 49116 289726 0 0 3 0x14200 pgdaemon pagedaemon 460 481152 0 0 3 0x14200 bored crynlk 95512 511962 0 0 3 0x14200 bored crypto 21225 220252 0 0 3 0x40014200 acpi0 acpi0 70699 408561 0 0 3 0x40014200 idle1 41005 513210 0 0 3 0x14200 bored softnet 39708 233065 0 0 3 0x14200 bored systqmp 89233 463943 0 0 3 0x14200 tqbar systq 29279 232658 0 0 3 0x40014200 bored softclock 66048 199656 0 0 3 0x40014200 idle0 78880 250669 0 0 3 0x14200 bored smr 1 42273 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 44016 (syz-executor.0) thread 0xffff800020a822d0 (457405) exclusive rwlock fdlock r = 0 (0xfffffd806e7a9438) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 dodup3+0x1a1 sys/kern/kern_descrip.c:361 #2 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #2 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #3 Xsyscall+0x128 Process 70752 (syz-executor.1) thread 0xffff800020a82f28 (185426) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82640b98) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 Process 89233 (systq) thread 0xffff800020a10278 (463943) shared rwlock systq r = 0 (0xffffffff82481100) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 taskq_thread+0x8f sys/kern/kern_task.c:367 #2 proc_trampoline+0x1c ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9662 7247K 15492K 78643K 37205 0 0 pcb 13 13K 14K 78643K 1140 0 0 rtable 109 13K 14K 78643K 2275 0 0 ifaddr 104 21K 23K 78643K 1017 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1755 0 0 iov 0 0K 32K 78643K 1001 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1225 77K 78K 78643K 13914 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 93 0 0 VM map 29 14K 15K 78643K 50 0 0 sem 12 1K 1K 78643K 16 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 6 17K 25K 78643K 5749 0 0 sigio 1 0K 0K 78643K 60 0 0 proc 57 51K 83K 78643K 2547 0 0 subproc 32 2K 2K 78643K 697 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 1K 78643K 422 0 0 in_multi 29 1K 2K 78643K 700 0 0 ether_multi 1 0K 0K 78643K 48 0 0 mrt 0 0K 0K 78643K 35 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 180 795K 795K 78643K 180 0 0 exec 0 0K 1K 78643K 1341 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 163 283K 284K 78643K 22174 0 0 UVM aobj 130 4K 4K 78643K 138 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 1359 0 0 NDP 26 0K 1K 78643K 329 0 0 temp 273 3564K 4201K 78643K 169228 0 0 kqueue 0 0K 0K 78643K 51 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 150 0 144 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 635 0 635 17 16 1 1 0 8 1 rtentry 112 732 0 695 2 0 2 2 0 8 0 unpcb 120 4344 0 4330 3 2 1 2 0 8 0 syncache 264 33 0 33 14 14 0 1 0 8 0 tcpqe 32 84 0 84 10 10 0 1 0 8 0 tcpcb 544 3935 0 3931 21 20 1 13 0 8 0 inpcb 280 9879 0 9875 52 51 1 13 0 8 0 rttmr 72 10 0 9 8 7 1 1 0 8 0 ip6q 72 2 0 2 2 2 0 1 0 8 0 ip6af 40 6 0 6 2 2 0 1 0 8 0 nd6 48 104 0 102 6 5 1 1 0 8 0 pkpcb 40 28 0 28 8 8 0 1 0 8 0 swfcl 56 1 0 0 1 0 1 1 0 8 0 ppxss 1128 125 0 125 30 30 0 1 0 8 0 pffrag 232 105 0 105 30 30 0 1 0 482 0 pffrnode 88 105 0 105 30 30 0 1 0 8 0 pffrent 40 2844 0 2844 30 30 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 459 0 423 1 0 1 1 0 8 0 pfstkey 112 461 0 425 3 0 3 3 0 8 0 pfstate 328 461 0 424 12 8 4 7 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 7 0 6 7 6 1 3 0 8 0 art_heap4 256 2973 0 2763 41 27 14 17 0 8 0 art_table 32 2980 0 2769 3 0 3 3 0 8 0 art_node 16 728 0 694 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 6 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 14 0 4 1 0 1 1 0 8 0 shmpl 112 136 0 8 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 9744 0 8327 46 0 46 46 0 8 0 ffsino 272 9744 0 8327 96 1 95 95 0 8 0 nchpl 144 18149 0 17625 62 40 22 62 0 8 0 uvmvnodes 72 6465 0 0 118 0 118 118 0 8 0 vnodes 208 6465 0 0 341 0 341 341 0 8 0 namei 1024 72940 0 72940 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 27 0 0 4 0 4 4 0 8 0 vmpool 552 48 0 21 5 3 2 3 0 8 0 scsiplug 64 6 0 6 5 5 0 1 0 8 0 scxspl 192 58090 0 58090 57 56 1 7 0 8 1 plimitpl 152 421 0 414 1 0 1 1 0 8 0 sigapl 432 5835 0 5821 3 1 2 3 0 8 0 futexpl 56 141059 0 141057 1 0 1 1 0 8 0 knotepl 112 1563 0 1543 5 4 1 3 0 8 0 kqueuepl 104 1473 0 1469 4 3 1 4 0 8 0 pipepl 112 2886 0 2867 8 7 1 2 0 8 0 fdescpl 488 5836 0 5821 3 0 3 3 0 8 0 filepl 152 56720 0 56614 38 33 5 13 0 8 0 lockfpl 104 1817 0 1817 4 3 1 1 0 8 1 lockfspl 48 645 0 645 4 3 1 1 0 8 1 sessionpl 112 60 0 51 1 0 1 1 0 8 0 pgrppl 48 110 0 101 1 0 1 1 0 8 0 ucredpl 96 5295 0 5287 1 0 1 1 0 8 0 zombiepl 144 5825 0 5825 1 0 1 1 0 8 1 processpl 896 5856 0 5825 4 0 4 4 0 8 0 procpl 632 19412 0 19364 12 7 5 5 0 8 0 srpgc 64 58 0 58 21 21 0 1 0 8 0 sosppl 128 68 0 68 17 16 1 1 0 8 1 sockpl 384 14947 0 14929 59 56 3 21 0 8 0 mcl64k 65536 27 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 33 0 0 2 0 2 2 0 8 0 mcl9k 9216 23 0 0 2 0 2 2 0 8 0 mcl8k 8192 25 0 0 4 1 3 3 0 8 0 mcl4k 4096 25 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 195 0 0 20 3 17 20 0 8 0 mtagpl 80 184 0 0 3 1 2 3 0 8 0 mbufpl 256 1008 0 0 22 0 22 22 0 8 0 bufpl 256 28679 0 21631 441 0 441 441 0 8 0 anonpl 16 670324 0 651096 195 116 79 93 0 124 0 amapchunkpl 152 45169 0 45009 89 82 7 20 0 158 0 amappl16 192 29263 0 28177 202 147 55 65 0 8 0 amappl15 184 413 0 413 6 6 0 1 0 8 0 amappl14 176 1791 0 1787 1 0 1 1 0 8 0 amappl13 168 964 0 964 4 4 0 1 0 8 0 amappl12 160 1123 0 1121 2 1 1 1 0 8 0 amappl11 152 782 0 773 1 0 1 1 0 8 0 amappl10 144 306 0 299 1 0 1 1 0 8 0 amappl9 136 1497 0 1489 1 0 1 1 0 8 0 amappl8 128 1094 0 1055 3 1 2 2 0 8 0 amappl7 120 468 0 457 1 0 1 1 0 8 0 amappl6 112 714 0 700 1 0 1 1 0 8 0 amappl5 104 1562 0 1551 1 0 1 1 0 8 0 amappl4 96 5428 0 5396 1 0 1 1 0 8 0 amappl3 88 2402 0 2391 1 0 1 1 0 8 0 amappl2 80 44062 0 43986 3 1 2 3 0 8 0 amappl1 72 142405 0 141993 25 15 10 20 0 8 0 amappl 80 20401 0 20334 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 137 0 8 3 0 3 3 0 8 0 uaddrrnd 24 5884 0 5821 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5884 0 5821 1 0 1 1 0 8 0 vmmpekpl 168 50586 0 50548 4 1 3 3 0 8 0 vmmpepl 168 749318 0 746986 525 399 126 141 0 357 21 vmsppl 368 5835 0 5821 2 0 2 2 0 8 0 pdppl 4096 11775 0 11711 13 4 9 9 0 8 0 pvpl 32 1813646 0 1791141 462 280 182 214 0 265 0 pmappl 232 5883 0 5842 4 1 3 3 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 685 0 66 18 0 18 18 0 8 0