login: ppuvm_fault(0xfffffd807f00d9d8, 0x8f, 0, 1) -> e kernel: page fault trap, code=0 Stopped at wsmuxclose+0x75: cmpq %r12,0x90(%r15) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic kernel page fault uvm_fault(0xfffffd807f00d9d8, 0x8f, 0, 1) -> e wsmuxclose(65095c2f8a0ddbca,ffffffff81617730,ffff800020c4ce70,fffffd80798c9e28) at wsmuxclose+0x75 wsmux_do_close sys/dev/wscons/wsmux.c:307 [inline] wsmuxclose(65095c2f8a0ddbca,ffffffff81617730,ffff800020c4ce70,fffffd80798c9e28) at wsmuxclose+0x75 sys/dev/wscons/wsmux.c:277 end trace frame: 0xffff800020c4ce60, count: 0 ddb{0}> trace wsmuxclose(65095c2f8a0ddbca,ffffffff81617730,ffff800020c4ce70,fffffd80798c9e28) at wsmuxclose+0x75 wsmux_do_close sys/dev/wscons/wsmux.c:307 [inline] wsmuxclose(65095c2f8a0ddbca,ffffffff81617730,ffff800020c4ce70,fffffd80798c9e28) at wsmuxclose+0x75 sys/dev/wscons/wsmux.c:277 spec_close(cecda3fe856fc5e3) at spec_close+0x39a sys/kern/spec_vnops.c:553 VOP_CLOSE(a8140d32d165b1a3,fffffd80798c9e28,ffff800020b92bd0,fffffd807f7c7960) at VOP_CLOSE+0x6c sys/kern/vfs_vops.c:174 vn_closefile(3f3eb2dd9108835b,ffff800020b92bd0) at vn_closefile+0x150 vn_close sys/kern/vfs_vnops.c:289 [inline] vn_closefile(3f3eb2dd9108835b,ffff800020b92bd0) at vn_closefile+0x150 sys/kern/vfs_vnops.c:575 fdrop(b066a41036daf76c,fffffd807ebbcb50) at fdrop+0xdf sys/kern/kern_descrip.c:1260 closef(1cc5b2e34a9e5745,ffff800020b92bd0) at closef+0x128 sys/kern/kern_descrip.c:1244 fdfree(d8367d7cec911a0c) at fdfree+0xe8 sys/kern/kern_descrip.c:1176 exit1(0,ffff800020b92bd0,7f7ffffcac48) at exit1+0x2d7 sys/kern/kern_exit.c:194 sys_exit(ffffffff81961703,ffff800020c4d070,0) at sys_exit+0x13 sys/kern/kern_exit.c:94 syscall(5ab7717095a4e738) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(5ab7717095a4e738) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:574 Xsyscall(6,1,0,1,0,7f7ffffcac84) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcac50, count: -11 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff800020c4ce10 rbx 0 rdx 0xffffffff81f1fbe5 substchar+0x1540d rcx 0 rax 0 r8 0xffffffff816da4a4 setrunnable+0x94 r9 0x5 r10 0x3e8bb4e0a58ffaa9 r11 0x2c459ddcc963aac r12 0xffff800000026d00 r13 0 r14 0xffff800000026d50 r15 0xffffffffffffffff rip 0xffffffff816177a5 wsmuxclose+0x75 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800020c4cdf0 ss 0x10 wsmuxclose+0x75: cmpq %r12,0x90(%r15) ddb{0}> show proc PROC (syz-executor0) pid=211300 stat=onproc flags process=1008 proc=2000 pri=0, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020b932d8,0xffff800020b939f0 process=0xffff800020b94d30 user=0xffff800020c48000, vmspace=0xfffffd807f00d9d8 estcpu=36, cpticks=5, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 60492 514115 40119 0 2 0 syz-executor1 60492 247094 40119 0 7 0x4000000 syz-executor1 40119 148949 74814 0 3 0x82 nanosleep syz-executor1 72524 177991 1 0 3 0x100083 ttyin getty 78480 247929 74814 0 3 0x82 nanosleep syz-executor0 86351 385240 0 0 3 0x14200 bored sosplice 74814 152895 31193 0 3 0x82 thrsleep syz-fuzzer 74814 427323 31193 0 3 0x4000082 thrsleep syz-fuzzer 74814 8597 31193 0 3 0x4000082 thrsleep syz-fuzzer 74814 189494 31193 0 3 0x4000082 thrsleep syz-fuzzer 74814 182684 31193 0 3 0x4000082 thrsleep syz-fuzzer 74814 248776 31193 0 3 0x4000082 thrsleep syz-fuzzer 74814 143424 31193 0 3 0x4000082 thrsleep syz-fuzzer 74814 80734 31193 0 3 0x4000082 thrsleep syz-fuzzer 74814 77611 31193 0 3 0x4000082 kqread syz-fuzzer 74814 322207 31193 0 3 0x4000082 thrsleep syz-fuzzer 31193 212419 57732 0 3 0x10008a pause ksh 57732 89669 14209 0 3 0x92 select sshd 14209 336997 1 0 3 0x80 select sshd 76959 33774 9151 73 2 0x100090 syslogd 9151 349222 1 0 3 0x100082 netio syslogd 68308 248380 1 77 3 0x100090 poll dhclient 42395 117019 1 0 3 0x80 poll dhclient 75126 35451 0 0 2 0x14200 zerothread 21629 279652 0 0 3 0x14200 aiodoned aiodoned 99460 97787 0 0 3 0x14200 syncer update 48726 276606 0 0 3 0x14200 cleaner cleaner 24264 488339 0 0 3 0x14200 reaper reaper 61857 71603 0 0 3 0x14200 pgdaemon pagedaemon 63707 49987 0 0 3 0x14200 bored crynlk 52141 298243 0 0 3 0x14200 bored crypto 88687 297733 0 0 3 0x40014200 acpi0 acpi0 30901 468925 0 0 3 0x40014200 idle1 10099 308342 0 0 3 0x14200 bored softnet 47649 342605 0 0 3 0x14200 bored systqmp 3377 186712 0 0 3 0x14200 bored systq 34701 297876 0 0 3 0x40014200 bored softclock 1611 305570 0 0 3 0x40014200 idle0 1 466323 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9507 6366K 6366K 78643K 11642 0 0 pcb 23 9K 10K 78643K 761 0 0 rtable 100 3K 4K 78643K 416 0 0 ifaddr 49 12K 13K 78643K 139 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 24 0 0 iov 0 0K 24K 78643K 135 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1209 76K 76K 78643K 2290 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 23 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 1K 1K 78643K 148 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 6 17K 25K 78643K 1684 0 0 sigio 0 0K 0K 78643K 30 0 0 proc 42 38K 58K 78643K 586 0 0 subproc 64 65538K 67586K 78643K 233 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 167 0 0 in_multi 33 2K 2K 78643K 146 0 0 ether_multi 1 0K 0K 78643K 14 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 96 424K 424K 78643K 96 0 0 exec 0 0K 1K 78643K 296 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 87 20K 29K 78643K 5855 0 0 UVM aobj 79 3K 3K 78643K 88 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 37 0 0 NDP 9 0K 0K 78643K 43 0 0 temp 149 2366K 2435K 78643K 7304 0 0 kqueue 0 0K 0K 78643K 30 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 4 1 0 1 1 0 8 0 inpcbpl 280 592 0 585 1 0 1 1 0 8 0 plimitpl 152 39 0 32 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 77 0 37 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 215 0 211 1 0 1 1 0 8 0 nd6 48 12 0 8 1 0 1 1 0 8 0 ppxss 1128 11 0 11 6 6 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 358 0 170 12 0 12 12 0 8 0 art_table 32 359 0 170 2 0 2 2 0 8 0 art_node 16 76 0 42 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 2 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 146 0 136 1 0 1 1 0 8 0 shmpl 112 86 0 9 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 4563 0 3160 46 0 46 46 0 8 0 ffsino 272 4563 0 3160 94 0 94 94 0 8 0 nchpl 144 7051 0 5479 59 0 59 59 0 8 0 uvmvnodes 72 4846 0 0 89 0 89 89 0 8 0 vnodes 200 4846 0 0 256 0 256 256 0 8 0 namei 1024 20934 0 20934 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scsiplug 64 7 0 7 3 3 0 1 0 8 0 scxspl 192 17562 0 17562 9 8 1 6 0 8 1 sigapl 432 1842 0 1828 2 0 2 2 0 8 0 futexpl 56 17576 0 17576 1 0 1 1 0 8 1 knotepl 112 572 0 545 8 7 1 2 0 8 0 kqueuepl 104 458 0 456 1 0 1 1 0 8 0 pipepl 112 1026 0 1007 5 4 1 2 0 8 0 fdescpl 488 1843 0 1828 3 1 2 3 0 8 0 filepl 152 10770 0 10668 7 2 5 6 0 8 0 lockfpl 104 468 0 468 2 1 1 1 0 8 1 lockfspl 32 616 0 616 2 1 1 1 0 8 1 sessionpl 112 24 0 14 1 0 1 1 0 8 0 pgrppl 48 48 0 38 1 0 1 1 0 8 0 ucredpl 96 2883 0 2876 1 0 1 1 0 8 0 zombiepl 144 1829 0 1828 2 1 1 1 0 8 0 processpl 840 1858 0 1828 4 0 4 4 0 8 0 procpl 600 5138 0 5098 4 0 4 4 0 8 0 srpgc 64 24 0 24 2 2 0 1 0 8 0 sosppl 128 28 0 28 6 6 0 1 0 8 0 sockpl 384 1318 0 1301 3 0 3 3 0 8 1 mcl64k 65536 585 0 0 73 12 61 65 0 8 1 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 9 0 0 1 0 1 1 0 8 0 mcl9k 9216 9 0 0 1 0 1 1 0 8 0 mcl8k 8192 8 0 0 1 0 1 1 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 108 0 0 12 0 12 12 0 8 0 mtagpl 80 5 0 0 1 0 1 1 0 8 0 mbufpl 256 663 0 0 36 0 36 36 0 8 0 bufpl 256 7485 0 969 408 0 408 408 0 8 0 anonpl 16 173247 0 165804 85 50 35 48 0 125 0 amapchunkpl 152 9958 0 9868 32 23 9 11 0 158 5 amappl16 192 9525 0 9110 85 64 21 33 0 8 0 amappl15 184 649 0 647 1 0 1 1 0 8 0 amappl14 176 8 0 7 2 1 1 1 0 8 0 amappl13 168 29 0 26 1 0 1 1 0 8 0 amappl12 160 404 0 400 1 0 1 1 0 8 0 amappl11 152 594 0 583 1 0 1 1 0 8 0 amappl10 144 66 0 64 2 1 1 1 0 8 0 amappl9 136 732 0 730 1 0 1 1 0 8 0 amappl8 128 571 0 546 1 0 1 1 0 8 0 amappl7 120 45 0 39 1 0 1 1 0 8 0 amappl6 112 57 0 50 1 0 1 1 0 8 0 amappl5 104 782 0 771 1 0 1 1 0 8 0 amappl4 96 305 0 281 2 1 1 2 0 8 0 amappl3 88 426 0 419 1 0 1 1 0 8 0 amappl2 80 17118 0 17055 2 0 2 2 0 8 0 amappl1 72 45738 0 45297 24 14 10 19 0 8 0 amappl 72 5388 0 5352 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 87 0 9 2 0 2 2 0 8 0 uaddrrnd 24 1843 0 1828 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1843 0 1828 1 0 1 1 0 8 0 vmmpekpl 168 17305 0 17278 2 0 2 2 0 8 0 vmmpepl 168 196544 0 195088 126 62 64 75 0 357 0 vmsppl 360 1842 0 1828 2 0 2 2 0 8 0 pdppl 4096 3693 0 3656 6 1 5 6 0 8 0 pvpl 32 480723 0 470161 188 92 96 125 0 265 6 pmappl 224 1842 0 1828 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 655 0 16 19 0 19 19 0 8 0