login: uvm_fault(0xfffffd807f00d9d8, 0x9f, 0, 2) -> e kernel: page fault trap, code=0 Stopped at wsmux_detach_sc+0xca: movq %rcx,0(%rax) ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic kernel page fault uvm_fault(0xfffffd807f00d9d8, 0x9f, 0, 2) -> e wsmux_detach_sc(b6cb49a1b8b8e2ec) at wsmux_detach_sc+0xca sys/dev/wscons/wsmux.c:696 end trace frame: 0xffff800020c4f350, count: 0 ddb{1}> trace wsmux_detach_sc(b6cb49a1b8b8e2ec) at wsmux_detach_sc+0xca sys/dev/wscons/wsmux.c:696 wsmouseopen(35b3b2a3fe9ac15d,ffff800020bbb530,ffff800020c4f3c0,1760) at wsmouseopen+0xe5 sys/dev/wscons/wsmouse.c:325 spec_open(212a17d84adcfbd9) at spec_open+0x215 sys/kern/spec_vnops.c:158 VOP_OPEN(2454409d797981d,ffff800020c4f570,1,fffffd8066415a38) at VOP_OPEN+0x72 sys/kern/vfs_vops.c:153 vn_open(4da9b78768060a12,1,1) at vn_open+0x4c2 sys/kern/vfs_vnops.c:174 doopenat(19e6d28610f58448,0,ffff800020bbb530,b1f14e3f8e8,0,50) at doopenat+0x2b9 sys/kern/vfs_syscalls.c:1045 syscall(15e168ee3a3e65f6) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(15e168ee3a3e65f6) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:574 Xsyscall(6,0,ffffffffffffffa8,0,3,b1ceff26010) at Xsyscall+0x128 end of kernel end trace frame: 0xb1f14e3f970, count: -8 ddb{1}> show registers rdi 0xffffffff8196b497 spllower+0x77 rsi 0x990 rbp 0xffff800020c4f310 rbx 0 rdx 0x991 rcx 0xffffffffffffffff rax 0x9f r8 0xffffffff816da4a4 setrunnable+0x94 r9 0x5 r10 0xbb3de0d9614b9f6 r11 0xe80d5943bf33d828 r12 0xffff800000026db8 r13 0x1760 __ALIGN_SIZE+0x760 r14 0xffff80000064dc00 r15 0x1 rip 0xffffffff816175fa wsmux_detach_sc+0xca cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff800020c4f2f0 ss 0x10 wsmux_detach_sc+0xca: movq %rcx,0(%rax) ddb{1}> show proc PROC (syz-executor0) pid=229513 stat=onproc flags process=0 proc=4000000 pri=0, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020bba720,0xffff800020bba280 process=0xffff800020b946a0 user=0xffff800020c4a000, vmspace=0xfffffd807f00d9d8 estcpu=36, cpticks=3, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 29266 42985 66997 0 2 0 syz-executor0 *29266 229513 66997 0 7 0x4000000 syz-executor0 29266 518872 66997 0 7 0x4000000 syz-executor0 5312 130336 1 0 3 0x100083 ttyin getty 41125 312256 0 0 3 0x14200 bored sosplice 12987 190614 65723 0 3 0x2 biowait syz-executor1 66997 188159 65723 0 3 0x82 nanosleep syz-executor0 65723 471783 91171 0 3 0x82 thrsleep syz-fuzzer 65723 376613 91171 0 3 0x4000082 nanosleep syz-fuzzer 65723 117262 91171 0 3 0x4000082 thrsleep syz-fuzzer 65723 460807 91171 0 3 0x4000082 thrsleep syz-fuzzer 65723 232444 91171 0 3 0x4000082 thrsleep syz-fuzzer 65723 482954 91171 0 3 0x4000082 thrsleep syz-fuzzer 65723 326738 91171 0 3 0x4000082 thrsleep syz-fuzzer 65723 436859 91171 0 3 0x4000082 thrsleep syz-fuzzer 65723 382918 91171 0 3 0x4000082 thrsleep syz-fuzzer 65723 302251 91171 0 3 0x4000082 kqread syz-fuzzer 91171 68282 1939 0 3 0x10008a pause ksh 1939 233397 22619 0 3 0x92 select sshd 22619 135808 1 0 3 0x80 select sshd 18787 281599 68228 73 2 0x100090 syslogd 68228 272220 1 0 3 0x100082 netio syslogd 95119 481685 1 77 3 0x100090 poll dhclient 40653 251786 1 0 3 0x80 poll dhclient 7911 15242 0 0 3 0x14200 pgzero zerothread 83972 206538 0 0 3 0x14200 aiodoned aiodoned 85327 79121 0 0 3 0x14200 syncer update 38594 263877 0 0 3 0x14200 cleaner cleaner 95157 125 0 0 3 0x14200 reaper reaper 34520 404643 0 0 3 0x14200 pgdaemon pagedaemon 69334 2223 0 0 3 0x14200 bored crynlk 3961 293188 0 0 3 0x14200 bored crypto 63413 92537 0 0 3 0x40014200 acpi0 acpi0 39220 3438 0 0 3 0x40014200 idle1 71270 446065 0 0 3 0x14200 bored softnet 37210 207818 0 0 3 0x14200 bored systqmp 30929 183770 0 0 3 0x14200 bored systq 63654 11289 0 0 3 0x40014200 bored softclock 94041 398422 0 0 3 0x40014200 idle0 1 274264 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 29266 (syz-executor0) thread 0xffff800020bbb530 (229513) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822d6828) locked @ /syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161 Process 12987 (syz-executor1) thread 0xffff800020b744b8 (190614) exclusive rrwlock inode r = 0 (0xfffffd806e51ee78) locked @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 exclusive rrwlock inode r = 0 (0xfffffd80684b9c58) locked @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9503 6366K 6366K 78643K 10942 0 0 pcb 23 9K 11K 78643K 569 0 0 rtable 100 3K 4K 78643K 334 0 0 ifaddr 50 12K 14K 78643K 145 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 27 0 0 iov 0 0K 32K 78643K 100 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1198 75K 75K 78643K 1932 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 27 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 1K 78643K 128 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 5 13K 25K 78643K 1088 0 0 sigio 0 0K 0K 78643K 9 0 0 proc 42 38K 58K 78643K 461 0 0 subproc 64 65538K 67586K 78643K 72 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 172 0 0 in_multi 33 2K 2K 78643K 68 0 0 ether_multi 1 0K 0K 78643K 5 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 237 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 87 21K 29K 78643K 4282 0 0 UVM aobj 73 4K 4K 78643K 79 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 26 0 0 NDP 9 0K 0K 78643K 39 0 0 temp 148 2362K 2430K 78643K 5697 0 0 kqueue 0 0K 0K 78643K 14 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 inpcbpl 280 499 0 492 1 0 1 1 0 8 0 plimitpl 152 25 0 18 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 41 0 1 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 152 0 148 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 ppxss 1128 18 0 18 5 5 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 185 0 0 12 0 12 12 0 8 0 art_table 32 186 0 0 2 0 2 2 0 8 0 art_node 16 40 0 6 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 4 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 126 0 116 1 0 1 1 0 8 0 shmpl 112 77 0 6 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 3554 0 2153 46 0 46 46 0 8 0 ffsino 272 3554 0 2153 94 0 94 94 0 8 0 nchpl 144 5347 0 3760 59 0 59 59 0 8 0 uvmvnodes 72 3702 0 0 68 0 68 68 0 8 0 vnodes 200 3702 0 0 195 0 195 195 0 8 0 namei 1024 15353 0 15353 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scsiplug 64 3 0 3 3 3 0 1 0 8 0 scxspl 192 13888 0 13886 9 8 1 6 0 8 0 sigapl 432 1257 0 1244 2 0 2 2 0 8 0 futexpl 56 13506 0 13506 1 0 1 1 0 8 1 knotepl 112 373 0 346 4 3 1 2 0 8 0 kqueuepl 104 364 0 362 1 0 1 1 0 8 0 pipepl 112 758 0 739 4 3 1 2 0 8 0 fdescpl 488 1258 0 1244 3 1 2 3 0 8 0 filepl 152 7898 0 7800 6 1 5 6 0 8 1 lockfpl 104 426 0 425 3 2 1 1 0 8 0 lockfspl 32 733 0 732 3 2 1 1 0 8 0 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 21 0 11 1 0 1 1 0 8 0 ucredpl 96 2362 0 2355 1 0 1 1 0 8 0 zombiepl 144 1244 0 1244 2 1 1 1 0 8 1 processpl 840 1273 0 1244 4 0 4 4 0 8 0 procpl 600 3642 0 3602 4 0 4 4 0 8 0 sosppl 128 22 0 22 5 4 1 1 0 8 1 sockpl 384 1027 0 1010 4 1 3 4 0 8 1 mcl64k 65536 581 0 0 69 4 65 65 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 6 0 0 1 0 1 1 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 15 0 0 2 0 2 2 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 110 0 0 13 0 13 13 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 676 0 0 37 0 37 37 0 8 0 bufpl 256 6650 0 982 355 0 355 355 0 8 0 anonpl 16 144639 0 136857 94 46 48 49 0 125 14 amapchunkpl 152 7618 0 7532 28 23 5 11 0 158 0 amappl16 192 6981 0 6568 84 51 33 33 0 8 11 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 2 0 2 2 2 0 1 0 8 0 amappl13 168 25 0 20 1 0 1 1 0 8 0 amappl12 160 535 0 534 1 0 1 1 0 8 0 amappl11 152 185 0 175 1 0 1 1 0 8 0 amappl10 144 1159 0 1153 2 1 1 1 0 8 0 amappl9 136 341 0 340 1 0 1 1 0 8 0 amappl8 128 675 0 651 1 0 1 1 0 8 0 amappl7 120 33 0 28 1 0 1 1 0 8 0 amappl6 112 48 0 42 1 0 1 1 0 8 0 amappl5 104 127 0 116 1 0 1 1 0 8 0 amappl4 96 297 0 273 2 1 1 2 0 8 0 amappl3 88 158 0 152 1 0 1 1 0 8 0 amappl2 80 11365 0 11315 2 0 2 2 0 8 0 amappl1 72 35241 0 34816 23 13 10 18 0 8 0 amappl 72 3879 0 3846 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 78 0 6 2 0 2 2 0 8 0 uaddrrnd 24 1258 0 1244 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1258 0 1244 1 0 1 1 0 8 0 vmmpekpl 168 13847 0 13825 2 0 2 2 0 8 0 vmmpepl 168 141382 0 140018 123 49 74 75 0 357 5 vmsppl 360 1257 0 1244 2 0 2 2 0 8 0 pdppl 4096 2523 0 2488 6 1 5 6 0 8 0 pvpl 32 397103 0 385854 176 50 126 126 0 265 33 pmappl 224 1257 0 1244 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 598 0 7 17 0 17 17 0 8 0