uvm_fault(0xfffffd807f00c9d8, 0x28, 0, 2) -> e kernel: page fault trap, code=0 Stopped at wsmux_do_ioctl+0x6ba: movq %rax,0x10(%rdx,%r15,8) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic kernel page fault uvm_fault(0xfffffd807f00c9d8, 0x28, 0, 2) -> e wsmux_do_ioctl(baf1a8ccf26155b4,80185760,fffffd80648ff220,f,fffffd807f7c7b40) at wsmux_do_ioctl+0x6ba sys/dev/wscons/wsmux.c:404 end trace frame: 0xffff800020c79570, count: 0 ddb{0}> trace wsmux_do_ioctl(baf1a8ccf26155b4,80185760,fffffd80648ff220,f,fffffd807f7c7b40) at wsmux_do_ioctl+0x6ba sys/dev/wscons/wsmux.c:404 VOP_IOCTL(1b529f9937b8e892,80185760,fffffd806ceb5d20,ffff800020b93530,fffffd80648ff220,ffff800020b93530) at VOP_IOCTL+0x80 sys/kern/vfs_vops.c:290 vn_ioctl(86e36f4472fd8e5d,fffffd806ceb5d20,ffff800020b93530,18) at vn_ioctl+0xc5 sys/kern/vfs_vnops.c:512 sys_ioctl(d5b720531a139d17,0,ffff800020b93530) at sys_ioctl+0x652 syscall(aac141101b31654e) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(aac141101b31654e) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffff8b,0,3,4534064e010) at Xsyscall+0x128 end of kernel end trace frame: 0x45544f0c3f0, count: -6 ddb{0}> show registers rdi 0xff rsi 0x2 rbp 0xffff800020c794f0 rbx 0x2 rdx 0 rcx 0xffff800000941c80 rax 0x3 r8 0xffffffff815384e0 wsmux_do_ioctl+0x1e0 r9 0x7 r10 0xd10cc8e33df4b0fe r11 0x657e37f5c3d1682 r12 0xffff800000026f50 r13 0 r14 0xffff800020c796a0 r15 0x3 rip 0xffffffff815389ba wsmux_do_ioctl+0x6ba cs 0x8 rflags 0x10297 __ALIGN_SIZE+0xf297 rsp 0xffff800020c794a0 ss 0x10 wsmux_do_ioctl+0x6ba: movq %rax,0x10(%rdx,%r15,8) ddb{0}> show proc PROC (syz-executor0) pid=450565 stat=onproc flags process=0 proc=4000000 pri=83, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff800020b93080,0xffff800020b92be0 process=0xffff800020b95a50 user=0xffff800020c74000, vmspace=0xfffffd807f00c9d8 estcpu=33, cpticks=1, pctcpu=1.2 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 60191 122448 65301 0 2 0 syz-executor0 *60191 450565 65301 0 7 0x4000000 syz-executor0 60191 125839 65301 0 2 0x4000000 syz-executor0 60191 42906 65301 0 3 0x4000080 fsleep syz-executor0 66032 342827 1 0 3 0x100083 ttyin getty 76312 362081 76340 0 3 0x82 nanosleep syz-executor1 34787 80074 0 0 3 0x14200 bored sosplice 65301 54093 76340 0 3 0x82 nanosleep syz-executor0 76340 498620 52116 0 3 0x82 thrsleep syz-fuzzer 76340 33605 52116 0 3 0x4000082 thrsleep syz-fuzzer 76340 271901 52116 0 3 0x4000082 thrsleep syz-fuzzer 76340 8771 52116 0 3 0x4000082 kqread syz-fuzzer 76340 185247 52116 0 3 0x4000082 thrsleep syz-fuzzer 76340 134814 52116 0 3 0x4000082 thrsleep syz-fuzzer 76340 55367 52116 0 3 0x4000082 thrsleep syz-fuzzer 76340 38243 52116 0 3 0x4000082 thrsleep syz-fuzzer 76340 182752 52116 0 3 0x4000082 thrsleep syz-fuzzer 76340 305206 52116 0 3 0x4000082 thrsleep syz-fuzzer 52116 394588 37587 0 3 0x10008a pause ksh 37587 455996 55409 0 3 0x92 select sshd 55409 276419 1 0 3 0x80 select sshd 85897 200365 95175 73 7 0x100090 syslogd 95175 10767 1 0 3 0x100082 netio syslogd 83782 234839 1 77 3 0x100090 poll dhclient 27084 198307 1 0 3 0x80 poll dhclient 13789 403699 0 0 3 0x14200 pgzero zerothread 56889 168119 0 0 3 0x14200 aiodoned aiodoned 73220 484321 0 0 3 0x14200 syncer update 11891 247205 0 0 3 0x14200 cleaner cleaner 12280 112104 0 0 3 0x14200 reaper reaper 97451 458807 0 0 3 0x14200 pgdaemon pagedaemon 36884 27886 0 0 3 0x14200 bored crynlk 9600 90776 0 0 3 0x14200 bored crypto 58984 36607 0 0 3 0x40014200 acpi0 acpi0 87194 509729 0 0 3 0x40014200 idle1 68525 27732 0 0 3 0x14200 bored softnet 10792 281730 0 0 3 0x14200 bored systqmp 63990 176535 0 0 3 0x14200 bored systq 20173 343059 0 0 3 0x40014200 bored softclock 41883 209624 0 0 3 0x40014200 idle0 1 168951 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 60191 (syz-executor0) thread 0xffff800020b93530 (450565) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff8230c478) locked @ /syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9529 6357K 6373K 78643K 11866 0 0 pcb 23 9K 11K 78643K 2599 0 0 rtable 100 3K 4K 78643K 802 0 0 ifaddr 57 14K 15K 78643K 423 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 51 0 0 iov 0 0K 32K 78643K 408 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1193 75K 76K 78643K 4644 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 71 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 0K 78643K 535 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 5 13K 25K 78643K 5061 0 0 sigio 56 3K 3K 78643K 272 0 0 proc 42 38K 70K 78643K 1133 0 0 subproc 64 65538K 67586K 78643K 169 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 678 0 0 in_multi 33 2K 2K 78643K 229 0 0 ether_multi 1 0K 0K 78643K 27 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 144 636K 636K 78643K 144 0 0 exec 0 0K 1K 78643K 497 0 0 pfkey data 0 0K 0K 78643K 6 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 109 22K 31K 78643K 16947 0 0 UVM aobj 130 4K 4K 78643K 145 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 123 0 0 NDP 11 0K 0K 78643K 117 0 0 temp 163 2367K 2436K 78643K 16183 0 0 kqueue 0 0K 0K 78643K 73 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 5 0 1 1 0 1 1 0 8 0 inpcbpl 280 2075 0 2068 1 0 1 1 0 8 0 plimitpl 152 75 0 68 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 50 0 10 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 742 0 738 1 0 1 1 0 8 0 nd6 48 6 0 2 1 0 1 1 0 8 0 ppxss 1128 78 0 78 24 24 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 229 0 41 12 0 12 12 0 8 0 art_table 32 230 0 41 2 0 2 2 0 8 0 art_node 16 49 0 15 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 16 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 531 0 521 1 0 1 1 0 8 0 shmpl 112 143 0 15 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 11862 0 10376 48 0 48 48 0 8 0 ffsino 272 11862 0 10376 100 0 100 100 0 8 0 nchpl 144 19258 0 17678 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 60035 0 60035 5 4 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scsiplug 64 20 0 20 15 15 0 1 0 8 0 scxspl 192 51675 0 51675 23 22 1 6 0 8 1 sigapl 432 5231 0 5218 2 0 2 2 0 8 0 futexpl 56 62860 0 62859 3 2 1 1 0 8 0 knotepl 112 1386 0 1359 14 13 1 2 0 8 0 kqueuepl 104 1658 0 1656 1 0 1 1 0 8 0 pipepl 112 3596 0 3577 18 17 1 2 0 8 0 fdescpl 488 5232 0 5218 3 1 2 3 0 8 0 filepl 152 33326 0 33229 28 23 5 7 0 8 1 lockfpl 96 1775 0 1774 15 14 1 1 0 8 0 lockfspl 24 3036 0 3035 15 14 1 1 0 8 0 sessionpl 112 24 0 14 1 0 1 1 0 8 0 pgrppl 48 71 0 61 1 0 1 1 0 8 0 ucredpl 96 10490 0 10483 1 0 1 1 0 8 0 zombiepl 144 5218 0 5217 2 1 1 1 0 8 0 processpl 840 5247 0 5217 4 0 4 4 0 8 0 procpl 600 16125 0 16083 4 0 4 4 0 8 0 srpgc 64 6 0 6 1 1 0 1 0 8 0 sosppl 128 78 0 78 23 23 0 1 0 8 0 sockpl 384 4532 0 4515 26 23 3 4 0 8 1 mcl64k 65536 1086 0 0 89 24 65 66 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 18 0 0 2 0 2 2 0 8 0 mcl8k 8192 11 0 0 2 0 2 2 0 8 0 mcl4k 4096 25 0 0 4 1 3 3 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 163 0 0 13 4 9 13 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 1154 0 0 38 2 36 38 0 8 0 bufpl 256 12850 0 5881 436 0 436 436 0 8 0 anonpl 16 584803 0 576701 209 170 39 50 0 125 0 amapchunkpl 152 31114 0 31015 56 51 5 9 0 158 0 amappl16 192 32218 0 31799 254 232 22 34 0 8 0 amappl15 184 2509 0 2506 1 0 1 1 0 8 0 amappl14 176 3 0 2 2 1 1 1 0 8 0 amappl13 168 26 0 22 1 0 1 1 0 8 0 amappl12 160 1239 0 1238 1 0 1 1 0 8 0 amappl11 152 1497 0 1487 1 0 1 1 0 8 0 amappl10 144 64 0 62 2 1 1 1 0 8 0 amappl9 136 1639 0 1638 1 0 1 1 0 8 0 amappl8 128 1428 0 1389 2 0 2 2 0 8 0 amappl7 120 37 0 30 1 0 1 1 0 8 0 amappl6 112 53 0 43 1 0 1 1 0 8 0 amappl5 104 180 0 168 1 0 1 1 0 8 0 amappl4 96 353 0 328 2 1 1 2 0 8 0 amappl3 88 343 0 336 1 0 1 1 0 8 0 amappl2 80 53893 0 53836 2 0 2 2 0 8 0 amappl1 72 119087 0 118675 23 13 10 18 0 8 0 amappl 72 16412 0 16375 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 144 0 15 3 0 3 3 0 8 0 uaddrrnd 24 5232 0 5218 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5232 0 5218 1 0 1 1 0 8 0 vmmpekpl 168 45078 0 45056 2 0 2 2 0 8 0 vmmpepl 168 556699 0 555317 215 148 67 76 0 357 0 vmsppl 360 5231 0 5218 2 0 2 2 0 8 0 pdppl 4096 10471 0 10436 6 1 5 6 0 8 0 pvpl 32 1505003 0 1493226 423 326 97 133 0 265 1 pmappl 224 5231 0 5218 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 713 0 38 20 0 20 20 0 8 0