uvm_fault(0xfffffd803f015210, 0x10, 0, 2) -> e kernel: page fault trap, code=0 Stopped at wsmux_do_ioctl+0x6ba: movq %rax,0x10(%rdx,%r15,8) ddb> ddb> set $lines = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f015210, 0x10, 0, 2) -> e wsmux_do_ioctl(1d5c62d241736a22,80185760,fffffd803a37fa00,3,fffffd803f7c7a80) at wsmux_do_ioctl+0x6ba sys/dev/wscons/wsmux.c:404 end trace frame: 0xffff800014a5af60, count: 0 ddb> trace wsmux_do_ioctl(1d5c62d241736a22,80185760,fffffd803a37fa00,3,fffffd803f7c7a80) at wsmux_do_ioctl+0x6ba sys/dev/wscons/wsmux.c:404 VOP_IOCTL(ea61679ee847cf8e,80185760,fffffd8030393d30,ffff800014a457b0,fffffd803a37fa00,ffff800014a457b0) at VOP_IOCTL+0x80 sys/kern/vfs_vops.c:290 vn_ioctl(28760949ed4eacc0,fffffd8030393d30,ffff800014a457b0,18) at vn_ioctl+0xc5 sys/kern/vfs_vnops.c:512 sys_ioctl(7b56d65e139d2d12,0,ffff800014a457b0) at sys_ioctl+0x639 syscall(a4311e90943cf8cd) at syscall+0x528 Xsyscall(6,0,ffffffffffffff89,0,3,17f407fe0d8) at Xsyscall+0x128 end of kernel end trace frame: 0x181d16aa5e0, count: -6 ddb> show registers rdi 0xff rsi 0x1 rbp 0xffff800014a5aee0 rbx 0x1 rdx 0 rcx 0 rax 0 r8 0xffffffff8180b340 wsmux_do_ioctl+0x1e0 r9 0x7 r10 0x9924f2b797f0ffb0 r11 0xb866c4119f499aad r12 0xffff800000669150 r13 0 r14 0xffff800014a5b090 r15 0 rip 0xffffffff8180b81a wsmux_do_ioctl+0x6ba cs 0x8 rflags 0x10293 __ALIGN_SIZE+0xf293 rsp 0xffff800014a5ae90 ss 0x10 wsmux_do_ioctl+0x6ba: movq %rax,0x10(%rdx,%r15,8) ddb> show proc PROC (syz-executor0) pid=507602 stat=onproc flags process=0 proc=4000000 pri=73, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff800014a45300,0xffff800014a44050 process=0xffff8000149b29f8 user=0xffff800014a56000, vmspace=0xfffffd803f015210 estcpu=23, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 80986 193578 1448 0 2 0 syz-executor1 80986 40731 1448 0 2 0x4000000 syz-executor1 84613 239760 9687 0 2 0 syz-executor0 84613 419805 9687 0 3 0x4000080 wsevent_read syz-executor0 *84613 507602 9687 0 7 0x4000000 syz-executor0 52380 504663 1 0 3 0x100083 ttyin getty 7737 66812 0 0 3 0x14200 bored sosplice 9687 464556 75908 0 3 0x82 nanosleep syz-executor0 1448 125143 75908 0 3 0x82 nanosleep syz-executor1 75908 425909 43341 0 3 0x82 thrsleep syz-fuzzer 75908 293076 43341 0 3 0x4000082 thrsleep syz-fuzzer 75908 423606 43341 0 3 0x4000082 thrsleep syz-fuzzer 75908 159960 43341 0 3 0x4000082 thrsleep syz-fuzzer 75908 35736 43341 0 3 0x4000082 thrsleep syz-fuzzer 75908 218473 43341 0 3 0x4000082 kqread syz-fuzzer 75908 339425 43341 0 3 0x4000082 thrsleep syz-fuzzer 75908 139962 43341 0 3 0x4000082 thrsleep syz-fuzzer 43341 464941 55831 0 3 0x10008a pause ksh 55831 242146 63293 0 3 0x92 select sshd 63293 93045 1 0 3 0x80 select sshd 33040 445842 33696 73 2 0x100090 syslogd 33696 90414 1 0 3 0x100082 netio syslogd 24624 161587 1 77 3 0x100090 poll dhclient 18005 47911 1 0 3 0x80 poll dhclient 5554 442084 0 0 2 0x14200 zerothread 90535 108898 0 0 3 0x14200 aiodoned aiodoned 2316 261563 0 0 3 0x14200 syncer update 71099 401570 0 0 3 0x14200 cleaner cleaner 24829 462976 0 0 3 0x14200 reaper reaper 11238 57820 0 0 3 0x14200 pgdaemon pagedaemon 64545 440494 0 0 3 0x14200 bored crynlk 30921 300118 0 0 3 0x14200 bored crypto 39922 503581 0 0 3 0x40014200 acpi0 acpi0 68726 274641 0 0 3 0x14200 bored softnet 8486 233731 0 0 3 0x14200 bored systqmp 49821 368014 0 0 3 0x14200 bored systq 31417 308839 0 0 3 0x40014200 bored softclock 96964 304933 0 0 3 0x40014200 idle0 1 120544 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9541 6355K 6364K 78643K 11445 0 0 pcb 23 9K 11K 78643K 1679 0 0 rtable 100 3K 3K 78643K 556 0 0 ifaddr 67 15K 16K 78643K 291 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 31 0 0 iov 0 0K 28K 78643K 373 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1183 74K 76K 78643K 3377 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 57 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 2545 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1777 193K 286K 78643K 12501 0 0 file desc 6 17K 25K 78643K 4439 0 0 sigio 0 0K 0K 78643K 55 0 0 proc 42 30K 54K 78643K 765 0 0 subproc 64 65538K 69634K 78643K 90 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 518 0 0 in_multi 33 2K 2K 78643K 173 0 0 ether_multi 1 0K 0K 78643K 21 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 114 503K 503K 78643K 114 0 0 exec 0 0K 1K 78643K 425 0 0 pfkey data 0 0K 0K 78643K 4 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 106 22K 39K 78643K 10927 0 0 UVM aobj 130 8K 8K 78643K 141 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 77 0 0 NDP 15 0K 0K 78643K 80 0 0 temp 192 2348K 2418K 78643K 13888 0 0 kqueue 0 0K 0K 78643K 44 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 inpcbpl 280 1499 0 1492 1 0 1 1 0 8 0 plimitpl 152 1215 0 1208 1 0 1 1 0 8 0 rtentry 112 41 0 1 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 483 0 479 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 ppxss 1128 45 0 45 18 17 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 185 0 0 12 0 12 12 0 8 0 art_table 32 186 0 0 2 0 2 2 0 8 0 art_node 16 40 0 6 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 5 2 1 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 2541 0 2531 1 0 1 1 0 8 0 shmpl 112 139 0 11 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 10210 0 8774 48 1 47 47 0 8 0 ffsino 240 10210 0 8774 85 0 85 85 0 8 0 nchpl 144 17466 0 15878 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 49129 0 49129 2 1 1 1 0 8 1 scsiplug 64 13 0 13 8 8 0 1 0 8 0 scxspl 192 47220 0 47220 8 7 1 6 0 8 1 sigapl 432 4609 0 4595 2 0 2 2 0 8 0 futexpl 56 79031 0 79031 1 0 1 1 0 8 1 knotepl 112 925 0 898 7 6 1 2 0 8 0 kqueuepl 104 1120 0 1118 1 0 1 1 0 8 0 pipepl 112 2208 0 2189 5 4 1 2 0 8 0 fdescpl 424 4610 0 4595 2 0 2 2 0 8 0 filepl 120 25405 0 25310 5 1 4 5 0 8 1 lockfpl 104 1196 0 1196 5 4 1 1 0 8 1 lockfspl 32 1719 0 1719 5 4 1 1 0 8 1 sessionpl 112 20 0 10 1 0 1 1 0 8 0 pgrppl 48 84 0 74 1 0 1 1 0 8 0 ucredpl 96 8398 0 8391 1 0 1 1 0 8 0 zombiepl 144 4595 0 4595 2 1 1 1 0 8 1 processpl 840 4624 0 4595 5 1 4 4 0 8 0 procpl 600 10222 0 10183 9 5 4 4 0 8 0 sosppl 128 60 0 60 12 12 0 1 0 8 0 sockpl 384 3069 0 3052 9 6 3 4 0 8 1 mcl64k 65536 3191 0 3191 208 208 0 65 0 8 0 mcl16k 16384 7 0 7 5 5 0 1 0 8 0 mcl12k 12288 57 0 57 17 16 1 1 0 8 1 mcl9k 9216 76 0 76 13 12 1 1 0 8 1 mcl8k 8192 68 0 68 16 16 0 1 0 8 0 mcl4k 4096 168 0 168 8 7 1 1 0 8 1 mcl2k2 2112 25 0 25 12 12 0 1 0 8 0 mcl2k 2048 45695 0 45658 25 20 5 11 0 8 0 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 94286 0 94229 126 121 5 36 0 8 0 bufpl 256 12169 0 6877 331 0 331 331 0 8 0 anonpl 16 395138 0 387582 159 115 44 48 0 62 9 amapchunkpl 152 17880 0 17798 41 35 6 14 0 158 2 amappl16 192 26472 0 26070 162 137 25 33 0 8 4 amappl15 184 2074 0 2070 1 0 1 1 0 8 0 amappl14 176 6 0 5 2 1 1 1 0 8 0 amappl13 168 20 0 17 1 0 1 1 0 8 0 amappl12 160 18 0 17 1 0 1 1 0 8 0 amappl11 152 183 0 174 1 0 1 1 0 8 0 amappl10 144 60 0 60 5 5 0 1 0 8 0 amappl9 136 273 0 272 1 0 1 1 0 8 0 amappl8 128 195 0 155 2 0 2 2 0 8 0 amappl7 120 38 0 31 1 0 1 1 0 8 0 amappl6 112 43 0 38 1 0 1 1 0 8 0 amappl5 104 278 0 265 1 0 1 1 0 8 0 amappl4 96 2654 0 2630 2 1 1 2 0 8 0 amappl3 88 304 0 297 1 0 1 1 0 8 0 amappl2 80 47208 0 47147 2 0 2 2 0 8 0 amappl1 72 86290 0 85870 25 16 9 18 0 8 0 amappl 72 10470 0 10437 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 140 0 11 3 0 3 3 0 8 0 uaddrrnd 24 4610 0 4595 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4610 0 4595 1 0 1 1 0 8 0 vmmpekpl 168 30167 0 30145 2 0 2 2 0 8 0 vmmpepl 168 464088 0 462655 171 104 67 75 0 357 2 vmsppl 264 4609 0 4595 2 1 1 2 0 8 0 pdppl 4096 9226 0 9190 6 1 5 6 0 8 0 pvpl 32 1183028 0 1171861 398 186 212 220 0 265 120 pmappl 192 4609 0 4595 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 831 0 381 15 1 14 14 0 8 0