uvm_fault(0xfffffd807f00b5c0, 0x9b, 0, 1) -> e kernel: page fault trap, code=0 Stopped at bpfioctl+0xc7: movzbl 0x9b(%r14),%ebx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xfffffd807f00b5c0, 0x9b, 0, 1) -> e bpfioctl(31700,80104267,ffff800021d55ab0,1,ffff800020acf8d8) at bpfioctl+0xc7 sys/net/bpf.c:674 end trace frame: 0xffff800021d55990, count: 0 ddb{1}> trace bpfioctl(31700,80104267,ffff800021d55ab0,1,ffff800020acf8d8) at bpfioctl+0xc7 sys/net/bpf.c:674 VOP_IOCTL(fffffd80674855b8,80104267,ffff800021d55ab0,1,fffffd807f7c6b40,ffff800020acf8d8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd8067489b48,80104267,ffff800021d55ab0,ffff800020acf8d8) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524 sys_ioctl(ffff800020acf8d8,ffff800021d55bc8,ffff800021d55c10) at sys_ioctl+0x5b9 syscall(ffff800021d55c90) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800021d55c90) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff13,0,3,c06bd3690e0) at Xsyscall+0x128 end of kernel end trace frame: 0xc092d18f5d0, count: -6 ddb{1}> show registers rdi 0xffffffff8211a36c bpfioctl+0xac rsi 0xbe rbp 0xffff800021d558e0 rbx 0x300 rdx 0xbf rcx 0xffff800020d3a000 rax 0xffff800020d3a000 r8 0xffff800020acf8d8 r9 0x5 r10 0x4 r11 0x901c3f11d544ca6 r12 0x80104267 __kernel_virt_to_phys+0x104267 r13 0xffff800020acf8d8 r14 0 r15 0xffff800021d55ab0 rip 0xffffffff8211a387 bpfioctl+0xc7 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021d55870 ss 0x10 bpfioctl+0xc7: movzbl 0x9b(%r14),%ebx ddb{1}> show proc PROC (syz-executor.0) pid=369299 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020acec80,0xffff800020ace528 process=0xffff800020add500 user=0xffff800021d50000, vmspace=0xfffffd807f00b5c0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 28160 320279 8295 0 2 0 syz-executor.0 28160 436665 8295 0 3 0x4000080 netio syz-executor.0 *28160 369299 8295 0 7 0x4000000 syz-executor.0 28160 261915 8295 0 3 0x4000000 tqbar syz-executor.0 8295 375745 39014 0 3 0x82 nanosleep syz-executor.0 61503 371273 1 0 3 0x80 nanosleep init 20938 144542 39014 0 2 0x2 syz-executor.1 48754 397008 0 0 3 0x14200 bored sosplice 39014 399367 50276 0 3 0x82 thrsleep syz-fuzzer 39014 255517 50276 0 3 0x4000082 thrsleep syz-fuzzer 39014 68531 50276 0 3 0x4000082 thrsleep syz-fuzzer 39014 439833 50276 0 3 0x4000082 kqread syz-fuzzer 39014 477896 50276 0 3 0x4000082 thrsleep syz-fuzzer 39014 522087 50276 0 3 0x4000082 thrsleep syz-fuzzer 39014 495770 50276 0 3 0x4000082 thrsleep syz-fuzzer 39014 70976 50276 0 3 0x4000082 thrsleep syz-fuzzer 39014 270932 50276 0 3 0x4000082 thrsleep syz-fuzzer 39014 270800 50276 0 3 0x4000082 thrsleep syz-fuzzer 50276 266852 59454 0 3 0x10008a pause ksh 59454 98596 12589 0 3 0x92 select sshd 12589 368239 1 0 3 0x80 select sshd 84829 39286 48976 74 3 0x100092 bpf pflogd 48976 389834 1 0 3 0x80 netio pflogd 54182 361058 70174 73 3 0x100090 kqread syslogd 70174 519693 1 0 3 0x100082 netio syslogd 46948 298538 1 77 7 0x100011 dhclient 63555 57214 1 0 3 0x80 poll dhclient 11866 515462 0 0 2 0x14200 zerothread 31916 447890 0 0 3 0x14200 aiodoned aiodoned 74798 180692 0 0 3 0x14200 syncer update 13208 417662 0 0 3 0x14200 cleaner cleaner 96906 381686 0 0 3 0x14200 reaper reaper 5724 328184 0 0 3 0x14200 pgdaemon pagedaemon 97455 419738 0 0 3 0x14200 bored crynlk 34711 201800 0 0 3 0x14200 bored crypto 91111 144146 0 0 3 0x40014200 acpi0 acpi0 74512 119865 0 0 3 0x40014200 idle1 70357 498156 0 0 3 0x14200 bored softnet 67602 331149 0 0 3 0x14200 bored systqmp 55486 265971 0 0 2 0x14200 systq 43908 499690 0 0 3 0x40014200 bored softclock 83823 219042 0 0 3 0x40014200 idle0 2157 452979 0 0 3 0x14200 bored smr 1 158583 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 28160 (syz-executor.0) thread 0xffff800020acf8d8 (369299) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82630048) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9544 6494K 7768K 78643K 15117 0 0 pcb 13 10K 12K 78643K 103 0 0 rtable 111 4K 4K 78643K 499 0 0 ifaddr 65 14K 15K 78643K 167 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1486 0 0 iov 0 0K 16K 78643K 72 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1223 77K 77K 78643K 2501 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 11 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 1K 78643K 99 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1809 196K 290K 78643K 12843 0 0 file desc 5 13K 25K 78643K 831 0 0 sigio 0 0K 0K 78643K 6 0 0 proc 54 51K 95K 78643K 615 0 0 subproc 32 2K 2K 78643K 89 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 64 0 0 in_multi 33 2K 2K 78643K 97 0 0 ether_multi 1 0K 0K 78643K 9 0 0 mrt 0 0K 0K 78643K 5 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 318 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 91 21K 22K 78643K 3652 0 0 UVM aobj 28 2K 2K 78643K 29 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 76 0 0 NDP 14 0K 0K 78643K 50 0 0 temp 173 3553K 3619K 78643K 13790 0 0 kqueue 0 0K 0K 78643K 5 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 12 0 6 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 48 0 46 1 0 1 1 0 8 0 rtentry 112 79 0 35 2 0 2 2 0 8 0 unpcb 120 344 0 329 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 sackhl 24 1 0 1 1 0 1 1 0 8 1 tcpqe 32 6243 0 6243 1 1 0 1 0 8 0 tcpcb 544 924 0 920 12 7 5 8 0 8 4 inpcb 280 1492 0 1485 13 7 6 9 0 8 5 nd6 48 10 0 6 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 20 0 20 4 3 1 1 0 8 1 pffrag 232 2 0 2 1 1 0 1 0 482 0 pffrnode 88 2 0 2 1 1 0 1 0 8 0 pffrent 40 6 0 6 1 1 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 33 0 11 1 0 1 1 0 8 0 pfstkey 112 33 0 11 1 0 1 1 0 8 0 pfstate 328 33 0 11 2 0 2 2 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 348 0 129 14 0 14 14 0 8 0 art_table 32 349 0 129 2 0 2 2 0 8 0 art_node 16 74 0 34 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 21 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 95 0 85 1 0 1 1 0 8 0 shmpl 112 27 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2647 0 1248 46 0 46 46 0 8 0 ffsino 272 2647 0 1248 95 1 94 95 0 8 0 nchpl 144 4187 0 2570 61 0 61 61 0 8 0 uvmvnodes 72 3736 0 0 68 0 68 68 0 8 0 vnodes 208 3736 0 0 197 0 197 197 0 8 0 namei 1024 12907 0 12907 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 10912 0 10912 10 9 1 7 0 8 1 plimitpl 152 112 0 105 1 0 1 1 0 8 0 sigapl 432 1024 0 1009 3 1 2 3 0 8 0 futexpl 56 17079 0 17079 1 0 1 1 0 8 1 knotepl 112 210 0 191 1 0 1 1 0 8 0 kqueuepl 104 145 0 143 1 0 1 1 0 8 0 pipepl 112 504 0 483 2 1 1 2 0 8 0 fdescpl 488 1025 0 1009 3 0 3 3 0 8 0 filepl 152 7908 0 7801 16 9 7 10 0 8 2 lockfpl 104 234 0 232 1 0 1 1 0 8 0 lockfspl 48 86 0 84 1 0 1 1 0 8 0 sessionpl 112 22 0 12 1 0 1 1 0 8 0 pgrppl 48 164 0 154 1 0 1 1 0 8 0 ucredpl 96 1108 0 1099 1 0 1 1 0 8 0 zombiepl 144 1009 0 1008 2 1 1 1 0 8 0 processpl 896 1041 0 1008 4 0 4 4 0 8 0 procpl 632 2752 0 2707 6 1 5 5 0 8 0 srpgc 64 8 0 6 4 3 1 1 0 8 0 sosppl 128 5 0 5 2 1 1 1 0 8 1 sockpl 384 1912 0 1888 20 11 9 14 0 8 6 mcl64k 65536 10 0 0 2 0 2 2 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 13 0 0 2 0 2 2 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 156 0 0 18 0 18 18 0 8 0 mtagpl 80 22 0 0 1 0 1 1 0 8 0 mbufpl 256 195 0 0 12 0 12 12 0 8 0 bufpl 256 7599 0 1323 393 0 393 393 0 8 0 anonpl 16 108831 0 95244 79 19 60 68 0 124 2 amapchunkpl 152 5909 0 5798 15 6 9 10 0 158 4 amappl16 192 4658 0 3885 60 21 39 51 0 8 0 amappl15 184 179 0 178 2 1 1 1 0 8 0 amappl14 176 48 0 45 1 0 1 1 0 8 0 amappl12 160 13 0 12 1 0 1 1 0 8 0 amappl11 152 494 0 478 1 0 1 1 0 8 0 amappl10 144 175 0 166 1 0 1 1 0 8 0 amappl9 136 661 0 655 1 0 1 1 0 8 0 amappl8 128 191 0 174 1 0 1 1 0 8 0 amappl7 120 210 0 201 1 0 1 1 0 8 0 amappl6 112 506 0 496 1 0 1 1 0 8 0 amappl5 104 162 0 147 1 0 1 1 0 8 0 amappl4 96 1291 0 1263 1 0 1 1 0 8 0 amappl3 88 149 0 143 1 0 1 1 0 8 0 amappl2 80 7267 0 7196 3 1 2 3 0 8 0 amappl1 72 32332 0 31916 26 16 10 20 0 8 0 amappl 80 3046 0 3007 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 28 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1025 0 1009 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1025 0 1009 1 0 1 1 0 8 0 vmmpekpl 168 11904 0 11868 2 0 2 2 0 8 0 vmmpepl 168 131868 0 130000 162 57 105 111 0 357 18 vmsppl 368 1024 0 1009 2 0 2 2 0 8 0 pdppl 4096 2057 0 2018 7 1 6 6 0 8 0 pvpl 32 323648 0 306973 209 55 154 167 0 265 14 pmappl 232 1024 0 1009 2 1 1 2 0 8 0 extentpl 40 38 0 22 1 0 1 1 0 8 0 phpool 112 571 0 13 16 0 16 16 0 8 0