uvm_fault(0xfffffd807f00d2d0, 0x8f, 0, 1) -> e kernel: page fault trap, code=0 Stopped at wsmuxclose+0x75: cmpq %r12,0x90(%r15) ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic kernel page fault uvm_fault(0xfffffd807f00d2d0, 0x8f, 0, 1) -> e wsmuxclose(ab5892ddad13651d,ffffffff8198b300,ffff800020cb9610,fffffd80751d4498) at wsmuxclose+0x75 wsmux_do_close sys/dev/wscons/wsmux.c:307 [inline] wsmuxclose(ab5892ddad13651d,ffffffff8198b300,ffff800020cb9610,fffffd80751d4498) at wsmuxclose+0x75 sys/dev/wscons/wsmux.c:277 end trace frame: 0xffff800020cb9600, count: 0 ddb{1}> trace wsmuxclose(ab5892ddad13651d,ffffffff8198b300,ffff800020cb9610,fffffd80751d4498) at wsmuxclose+0x75 wsmux_do_close sys/dev/wscons/wsmux.c:307 [inline] wsmuxclose(ab5892ddad13651d,ffffffff8198b300,ffff800020cb9610,fffffd80751d4498) at wsmuxclose+0x75 sys/dev/wscons/wsmux.c:277 spec_close(307a615aba6a6770) at spec_close+0x39a sys/kern/spec_vnops.c:553 VOP_CLOSE(f07edff2e119c12a,fffffd80751d4498,ffff800020b93080,fffffd807f7c7840) at VOP_CLOSE+0x6c sys/kern/vfs_vops.c:174 vn_closefile(38c4fa605ff8ddf,ffff800020b93080) at vn_closefile+0x150 vn_close sys/kern/vfs_vnops.c:289 [inline] vn_closefile(38c4fa605ff8ddf,ffff800020b93080) at vn_closefile+0x150 sys/kern/vfs_vnops.c:575 fdrop(92923bfc4709156c,fffffd80675f7e60) at fdrop+0xdf sys/kern/kern_descrip.c:1260 closef(24e4db131364eb29,ffff800020b93080) at closef+0x128 sys/kern/kern_descrip.c:1244 fdrelease(ac9f3e399828496c,ffff800020b93080) at fdrelease+0xd7 sys/kern/kern_descrip.c:744 sys_close(f928528f255d8d25,0,ffff800020b93080) at sys_close+0xaa sys/kern/kern_descrip.c:762 syscall(219cd4f520c21cb9) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(219cd4f520c21cb9) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffff11,0,1,2c1e71b60d8) at Xsyscall+0x128 end of kernel end trace frame: 0x2c4944fdad0, count: -10 ddb{1}> show registers rdi 0 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800020cb95b0 rbx 0 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800002d48000 rax 0xffff800001946900 r8 0 r9 0x1 r10 0xffff800020cb9340 r11 0x6fb18d05ddc6d633 r12 0xffff800000026f00 r13 0 r14 0xffff800000026f50 r15 0xffffffffffffffff rip 0xffffffff8198b375 wsmuxclose+0x75 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800020cb9590 ss 0x10 wsmuxclose+0x75: cmpq %r12,0x90(%r15) ddb{1}> show proc PROC (syz-executor1) pid=184085 stat=onproc flags process=0 proc=4000000 pri=0, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff800020b92bd0,0xffff800020b93c48 process=0xffff800020b946a0 user=0xffff800020cb4000, vmspace=0xfffffd807f00d2d0 estcpu=23, cpticks=2, pctcpu=0.92 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 24026 106602 39126 0 2 0 syz-executor1 24026 18068 39126 0 2 0x4000000 syz-executor1 *24026 184085 39126 0 7 0x4000000 syz-executor1 20035 379749 76434 0 2 0x480 syz-executor0 20035 202579 76434 0 3 0x4000080 lockf syz-executor0 20035 266456 76434 0 3 0x4000080 lockf syz-executor0 20035 15130 76434 0 3 0x4000080 lockf syz-executor0 20035 326011 76434 0 3 0x4000080 lockf syz-executor0 20035 341222 76434 0 3 0x4000080 fsleep syz-executor0 39796 183637 1 0 3 0x100083 ttyin getty 80833 264458 0 0 3 0x14200 bored sosplice 39126 106448 24363 0 2 0x482 syz-executor1 76434 285534 24363 0 2 0x482 syz-executor0 24363 132452 21252 0 3 0x82 thrsleep syz-fuzzer 24363 256123 21252 0 3 0x4000082 thrsleep syz-fuzzer 24363 474580 21252 0 3 0x4000082 thrsleep syz-fuzzer 24363 462350 21252 0 3 0x4000082 thrsleep syz-fuzzer 24363 461890 21252 0 2 0x4000482 syz-fuzzer 24363 382104 21252 0 3 0x4000082 thrsleep syz-fuzzer 24363 334421 21252 0 3 0x4000082 thrsleep syz-fuzzer 24363 494307 21252 0 3 0x4000082 thrsleep syz-fuzzer 24363 413944 21252 0 3 0x4000082 thrsleep syz-fuzzer 24363 161646 21252 0 3 0x4000082 kqread syz-fuzzer 24363 240346 21252 0 3 0x4000082 thrsleep syz-fuzzer 21252 520920 70869 0 3 0x10008a pause ksh 70869 261825 97487 0 3 0x92 select sshd 97487 293378 1 0 3 0x80 select sshd 95896 80079 65737 73 2 0x100090 syslogd 65737 267225 1 0 3 0x100082 netio syslogd 25915 166979 1 77 3 0x100090 poll dhclient 56808 224210 1 0 3 0x80 poll dhclient 31330 509299 0 0 2 0x14200 zerothread 7213 83665 0 0 3 0x14200 aiodoned aiodoned 77206 493768 0 0 2 0x14200 update 7687 316717 0 0 3 0x14200 cleaner cleaner 30839 303119 0 0 3 0x14200 reaper reaper 77272 435605 0 0 3 0x14200 pgdaemon pagedaemon 66793 57660 0 0 3 0x14200 bored crynlk 12903 485893 0 0 3 0x14200 bored crypto 73824 295612 0 0 3 0x40014200 acpi0 acpi0 83070 347282 0 0 3 0x40014200 idle1 8003 500598 0 0 3 0x14200 bored softnet 63409 420290 0 0 2 0x14200 systqmp 60007 307751 0 0 3 0x14200 bored systq 16409 375048 0 0 7 0x40014200 softclock 51050 40751 0 0 3 0x40014200 idle0 1 83793 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 24026 (syz-executor1) thread 0xffff800020b93080 (184085) exclusive kernel_lock &kernel_lock r = 2 (0xffffffff823212a0) locked @ /syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9561 10465K 14560K 78643K 11874 0 0 pcb 23 9K 11K 78643K 2628 0 0 rtable 100 3K 4K 78643K 710 0 0 ifaddr 67 15K 16K 78643K 380 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 41 0 0 iov 0 0K 16K 78643K 463 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1183 74K 75K 78643K 4738 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 104 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 0K 78643K 519 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 6 17K 25K 78643K 5476 0 0 sigio 1 0K 0K 78643K 115 0 0 proc 42 38K 70K 78643K 1163 0 0 subproc 64 65538K 67586K 78643K 70 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 717 0 0 in_multi 33 2K 2K 78643K 242 0 0 ether_multi 1 0K 0K 78643K 25 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 120 530K 530K 78643K 120 0 0 exec 0 0K 1K 78643K 550 0 0 pfkey data 0 0K 4K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 118 22K 30K 78643K 18266 0 0 UVM aobj 130 6K 6K 78643K 144 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 122 0 0 NDP 15 0K 0K 78643K 105 0 0 temp 190 2363K 2440K 78643K 17269 0 0 kqueue 0 0K 0K 78643K 70 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 inpcbpl 280 2385 0 2378 1 0 1 1 0 8 0 plimitpl 152 81 0 74 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 41 0 1 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 869 0 865 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 ppxss 1128 71 0 71 24 24 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 185 0 0 12 0 12 12 0 8 0 art_table 32 186 0 0 2 0 2 2 0 8 0 art_node 16 40 0 6 1 0 1 1 0 8 0 sysvmsgpl 40 31 0 22 1 0 1 1 0 8 0 semapl 112 515 0 505 1 0 1 1 0 8 0 shmpl 112 142 0 14 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 12189 0 10690 49 0 49 49 0 8 0 ffsino 272 12189 0 10690 101 0 101 101 0 8 0 nchpl 144 20180 0 18592 61 1 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 64027 0 64027 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scsiplug 64 25 0 25 16 16 0 1 0 8 0 scxspl 192 53514 0 53514 24 23 1 5 0 8 1 sigapl 432 5651 0 5637 2 0 2 2 0 8 0 futexpl 56 71046 0 71045 2 1 1 1 0 8 0 knotepl 112 1575 0 1548 10 9 1 2 0 8 0 kqueuepl 104 1910 0 1908 1 0 1 1 0 8 0 pipepl 112 3914 0 3893 14 13 1 2 0 8 0 fdescpl 488 5652 0 5637 3 1 2 3 0 8 0 filepl 152 35897 0 35798 24 19 5 7 0 8 1 lockfpl 96 1692 0 1687 12 11 1 1 0 8 0 lockfspl 24 2836 0 2835 11 10 1 1 0 8 0 sessionpl 112 25 0 15 1 0 1 1 0 8 0 pgrppl 48 69 0 59 1 0 1 1 0 8 0 ucredpl 96 11715 0 11708 1 0 1 1 0 8 0 zombiepl 144 5637 0 5637 3 2 1 1 0 8 1 processpl 840 5667 0 5637 4 0 4 4 0 8 0 procpl 600 17403 0 17356 4 0 4 4 0 8 0 sosppl 128 106 0 106 26 25 1 1 0 8 1 sockpl 384 4915 0 4898 12 9 3 4 0 8 1 mcl64k 65536 868 0 0 81 20 61 61 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 41 0 0 2 0 2 2 0 8 0 mcl9k 9216 28 0 0 2 0 2 2 0 8 0 mcl8k 8192 18 0 0 3 1 2 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 97 0 0 11 0 11 11 0 8 0 mtagpl 80 2 0 0 1 0 1 1 0 8 0 mbufpl 256 953 0 0 34 0 34 34 0 8 0 bufpl 256 13300 0 6331 436 0 436 436 0 8 0 anonpl 16 575254 0 567478 241 193 48 48 0 125 15 amapchunkpl 152 33906 0 33795 76 67 9 12 0 158 4 amappl16 192 31541 0 31146 227 199 28 32 0 8 8 amappl15 184 1 0 1 1 1 0 1 0 8 0 amappl14 176 2727 0 2723 2 1 1 1 0 8 0 amappl13 168 24 0 20 1 0 1 1 0 8 0 amappl12 160 20 0 19 2 1 1 1 0 8 0 amappl11 152 186 0 177 1 0 1 1 0 8 0 amappl10 144 5541 0 5536 1 0 1 1 0 8 0 amappl9 136 342 0 340 1 0 1 1 0 8 0 amappl8 128 231 0 185 2 0 2 2 0 8 0 amappl7 120 33 0 28 1 0 1 1 0 8 0 amappl6 112 2763 0 2755 1 0 1 1 0 8 0 amappl5 104 177 0 165 1 0 1 1 0 8 0 amappl4 96 335 0 312 2 1 1 2 0 8 0 amappl3 88 898 0 893 1 0 1 1 0 8 0 amappl2 80 55262 0 55202 2 0 2 2 0 8 0 amappl1 72 127006 0 126559 25 16 9 19 0 8 0 amappl 72 17697 0 17654 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 143 0 14 3 0 3 3 0 8 0 uaddrrnd 24 5652 0 5637 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5652 0 5637 1 0 1 1 0 8 0 vmmpekpl 168 50683 0 50663 2 0 2 2 0 8 0 vmmpepl 168 598739 0 597260 221 146 75 75 0 357 10 vmsppl 360 5651 0 5637 2 0 2 2 0 8 0 pdppl 4096 11311 0 11274 6 1 5 6 0 8 0 pvpl 32 1499201 0 1487767 444 319 125 126 0 265 32 pmappl 224 5651 0 5637 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 697 0 25 20 0 20 20 0 8 0