login: uvm_fault(0xfffffd807f00ca10, 0x9b, 0, 1) -> e kernel: page fault trap, code=0 Stopped at bpfioctl+0xc7: movzbl 0x9b(%r14),%ebx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xfffffd807f00ca10, 0x9b, 0, 1) -> e bpfioctl(61700,40044273,ffff800020b5b510,1,ffff800020acf168) at bpfioctl+0xc7 sys/net/bpf.c:674 end trace frame: 0xffff800020b5b3f0, count: 0 ddb{1}> trace bpfioctl(61700,40044273,ffff800020b5b510,1,ffff800020acf168) at bpfioctl+0xc7 sys/net/bpf.c:674 VOP_IOCTL(fffffd8068e17af0,40044273,ffff800020b5b510,1,fffffd807f7c6a20,ffff800020acf168) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8067840ac0,40044273,ffff800020b5b510,ffff800020acf168) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524 sys_ioctl(ffff800020acf168,ffff800020b5b628,ffff800020b5b690) at sys_ioctl+0x5b8 syscall(ffff800020b5b700) at syscall+0x552 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800020b5b700) at syscall+0x552 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff0a,0,3,5873de17010) at Xsyscall+0x128 end of kernel end trace frame: 0x589ff002d00, count: -6 ddb{1}> show registers rdi 0xffffffff81efb73c bpfioctl+0xac rsi 0x169 rbp 0xffff800020b5b340 rbx 0x600 rdx 0x16a rcx 0xffff80002217a000 rax 0xffff80002217a000 r8 0xffff800020acf168 r9 0x5 r10 0x4 r11 0x79b65a36be666cb7 r12 0x40044273 r13 0xffff800020acf168 r14 0 r15 0xffff800020b5b510 rip 0xffffffff81efb757 bpfioctl+0xc7 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800020b5b2d0 ss 0x10 bpfioctl+0xc7: movzbl 0x9b(%r14),%ebx ddb{1}> show proc PROC (syz-executor.0) pid=91409 stat=onproc flags process=0 proc=4000000 pri=75, usrpri=75, nice=20 forw=0xffffffffffffffff, list=0xffff800020ace510,0xffff800020ace2a8 process=0xffff800020a4bc08 user=0xffff800020b56000, vmspace=0xfffffd807f00ca10 estcpu=25, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 61593 246303 2320 0 2 0 syz-executor.0 *61593 91409 2320 0 7 0x4000000 syz-executor.0 61593 464778 2320 0 2 0x4000000 syz-executor.0 61593 81304 2320 0 3 0x4000000 tqbar syz-executor.0 2320 114974 28023 0 3 0x82 nanosleep syz-executor.0 34308 401769 1 0 3 0x100083 ttyin getty 37397 411168 0 0 3 0x14200 bored sosplice 60415 131376 28023 0 3 0x82 nanosleep syz-executor.1 28023 473486 71585 0 3 0x82 thrsleep syz-fuzzer 28023 18486 71585 0 3 0x4000082 nanosleep syz-fuzzer 28023 386243 71585 0 3 0x4000082 thrsleep syz-fuzzer 28023 292781 71585 0 3 0x4000082 thrsleep syz-fuzzer 28023 431790 71585 0 3 0x4000082 thrsleep syz-fuzzer 28023 83212 71585 0 3 0x4000082 thrsleep syz-fuzzer 28023 101860 71585 0 3 0x4000082 thrsleep syz-fuzzer 28023 137129 71585 0 3 0x4000082 thrsleep syz-fuzzer 28023 294903 71585 0 3 0x4000082 kqread syz-fuzzer 28023 269727 71585 0 3 0x4000082 thrsleep syz-fuzzer 71585 275309 98967 0 3 0x10008a pause ksh 98967 138218 81172 0 3 0x92 select sshd 81172 29947 1 0 3 0x80 select sshd 96625 404856 77842 74 3 0x100092 bpf pflogd 77842 166220 1 0 3 0x80 netio pflogd 84240 461740 23874 73 3 0x100090 kqread syslogd 23874 485813 1 0 3 0x100082 netio syslogd 74612 90342 1 77 2 0x100010 dhclient 18172 55147 1 0 3 0x80 poll dhclient 25560 446402 0 0 3 0x14200 pgzero zerothread 50251 129472 0 0 3 0x14200 aiodoned aiodoned 76968 508267 0 0 3 0x14200 syncer update 33057 197619 0 0 3 0x14200 cleaner cleaner 52651 65244 0 0 3 0x14200 reaper reaper 4759 403247 0 0 3 0x14200 pgdaemon pagedaemon 8340 393425 0 0 3 0x14200 bored crynlk 48994 322138 0 0 3 0x14200 bored crypto 84319 260193 0 0 3 0x40014200 acpi0 acpi0 22098 56096 0 0 3 0x40014200 idle1 58475 523676 0 0 3 0x14200 bored softnet 39601 282461 0 0 3 0x14200 bored systqmp 84032 8848 0 0 7 0x14200 systq 94211 119368 0 0 3 0x40014200 bored softclock 52394 456501 0 0 3 0x40014200 idle0 33328 315866 0 0 3 0x14200 bored smr 1 228193 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 61593 (syz-executor.0) thread 0xffff800020acf168 (91409) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff826648e0) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x412 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x412 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9522 6597K 6905K 78643K 11488 0 0 pcb 13 8K 8K 78643K 47 0 0 rtable 112 12K 12K 78643K 410 0 0 ifaddr 56 13K 13K 78643K 121 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1493 0 0 iov 0 0K 16K 78643K 38 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1213 76K 77K 78643K 1553 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 10 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 0K 78643K 46 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 5 13K 25K 78643K 416 0 0 sigio 0 0K 0K 78643K 4 0 0 proc 53 50K 83K 78643K 532 0 0 subproc 32 2K 2K 78643K 68 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 25 0 0 in_multi 33 2K 2K 78643K 77 0 0 ether_multi 1 0K 0K 78643K 4 0 0 mrt 0 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 60 265K 265K 78643K 60 0 0 exec 0 0K 1K 78643K 263 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 106 22K 22K 78643K 2218 0 0 UVM aobj 30 2K 2K 78643K 31 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 18 0 0 NDP 11 0K 0K 78643K 35 0 0 temp 143 3537K 3601K 78643K 5107 0 0 kqueue 0 0K 0K 78643K 2 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 11 0 5 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 37 0 35 1 0 1 1 0 8 0 rtentry 112 70 0 26 2 0 2 2 0 8 0 unpcb 120 149 0 137 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 10182 0 10182 2 2 0 2 0 8 0 tcpcb 544 59 0 55 1 0 1 1 0 8 0 inpcb 280 226 0 219 1 0 1 1 0 8 0 nd6 48 12 0 6 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 1 0 1 0 8 0 ppxss 1128 8 0 8 2 1 1 1 0 8 1 pffrag 232 2 0 2 1 1 0 1 0 482 0 pffrnode 88 2 0 2 1 1 0 1 0 8 0 pffrent 40 6 0 6 1 1 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 29 0 6 1 0 1 1 0 8 0 pfstkey 112 29 0 6 1 0 1 1 0 8 0 pfstate 328 29 0 6 2 0 2 2 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 283 0 92 12 0 12 12 0 8 0 art_table 32 284 0 92 2 0 2 2 0 8 0 art_node 16 67 0 27 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 3 2 1 1 1 0 8 0 semapl 112 44 0 34 1 0 1 1 0 8 0 shmpl 112 29 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2007 0 583 47 0 47 47 0 8 0 ffsino 272 2007 0 583 96 0 96 96 0 8 0 nchpl 144 2782 0 1144 62 0 62 62 0 8 0 uvmvnodes 72 2282 0 0 42 0 42 42 0 8 0 vnodes 200 2282 0 0 121 0 121 121 0 8 0 namei 1024 8237 0 8237 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 7387 0 7387 12 9 3 7 0 8 3 plimitpl 152 44 0 36 1 0 1 1 0 8 0 sigapl 432 611 0 596 3 1 2 3 0 8 0 futexpl 56 4749 0 4749 1 0 1 1 0 8 1 knotepl 112 154 0 135 1 0 1 1 0 8 0 kqueuepl 104 99 0 97 1 0 1 1 0 8 0 pipepl 112 400 0 381 2 0 2 2 0 8 1 fdescpl 488 612 0 596 3 0 3 3 0 8 0 filepl 152 3400 0 3294 8 2 6 6 0 8 1 lockfpl 104 103 0 103 2 1 1 1 0 8 1 lockfspl 48 36 0 36 2 1 1 1 0 8 1 sessionpl 112 21 0 10 1 0 1 1 0 8 0 pgrppl 48 23 0 12 1 0 1 1 0 8 0 ucredpl 96 470 0 461 1 0 1 1 0 8 0 zombiepl 144 596 0 595 2 1 1 1 0 8 0 processpl 896 628 0 595 4 0 4 4 0 8 0 procpl 632 1361 0 1316 5 0 5 5 0 8 0 srpgc 64 6 0 4 1 0 1 1 0 8 0 sosppl 128 5 0 5 2 2 0 1 0 8 0 sockpl 384 422 0 401 4 1 3 3 0 8 0 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 219 0 0 27 0 27 27 0 8 0 mtagpl 80 5 0 0 1 0 1 1 0 8 0 mbufpl 256 260 0 0 16 0 16 16 0 8 0 bufpl 256 6470 0 1168 332 0 332 332 0 8 0 anonpl 16 65767 0 55529 64 14 50 63 0 124 0 amapchunkpl 152 3153 0 3018 10 3 7 8 0 158 1 amappl16 192 2477 0 1833 45 10 35 43 0 8 2 amappl15 184 142 0 142 1 0 1 1 0 8 1 amappl14 176 212 0 205 1 0 1 1 0 8 0 amappl13 168 22 0 20 2 1 1 1 0 8 0 amappl12 160 5 0 4 2 1 1 1 0 8 0 amappl11 152 69 0 54 1 0 1 1 0 8 0 amappl10 144 78 0 73 1 0 1 1 0 8 0 amappl9 136 834 0 828 1 0 1 1 0 8 0 amappl8 128 380 0 359 1 0 1 1 0 8 0 amappl7 120 44 0 38 1 0 1 1 0 8 0 amappl6 112 63 0 55 1 0 1 1 0 8 0 amappl5 104 150 0 136 1 0 1 1 0 8 0 amappl4 96 856 0 821 2 1 1 2 0 8 0 amappl3 88 253 0 242 1 0 1 1 0 8 0 amappl2 80 3934 0 3862 3 1 2 3 0 8 0 amappl1 72 23130 0 22680 27 17 10 20 0 8 0 amappl 80 1649 0 1603 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 30 0 1 1 0 1 1 0 8 0 uaddrrnd 24 612 0 596 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 612 0 596 1 0 1 1 0 8 0 vmmpekpl 168 8671 0 8641 2 0 2 2 0 8 0 vmmpepl 168 80719 0 78921 136 35 101 101 0 357 17 vmsppl 368 611 0 596 2 0 2 2 0 8 0 pdppl 4096 1231 0 1192 7 1 6 6 0 8 0 pvpl 32 211225 0 197811 171 28 143 156 0 265 18 pmappl 232 611 0 596 2 1 1 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 507 0 5 15 0 15 15 0 8 0