uvm_fault(0xfffffd803f014a50, 0x10, 0, 2) -> e kernel: page fault trap, code=0 Stopped at wsmux_do_ioctl+0x6ba: movq %rax,0x10(%rdx,%r15,8) ddb> ddb> set $lines = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f014a50, 0x10, 0, 2) -> e wsmux_do_ioctl(f45fd5031b55948,80185760,fffffd8037e500e8,3,fffffd803f7c7a20) at wsmux_do_ioctl+0x6ba sys/dev/wscons/wsmux.c:404 end trace frame: 0xffff800014a437e0, count: 0 ddb> trace wsmux_do_ioctl(f45fd5031b55948,80185760,fffffd8037e500e8,3,fffffd803f7c7a20) at wsmux_do_ioctl+0x6ba sys/dev/wscons/wsmux.c:404 VOP_IOCTL(34770027bf955974,80185760,fffffd8030285da8,ffff8000149e5080,fffffd8037e500e8,ffff8000149e5080) at VOP_IOCTL+0x80 sys/kern/vfs_vops.c:290 vn_ioctl(2c70a7fe75dc294b,fffffd8030285da8,ffff8000149e5080,18) at vn_ioctl+0xc5 sys/kern/vfs_vnops.c:512 sys_ioctl(7a56c455485f499,0,ffff8000149e5080) at sys_ioctl+0x639 syscall(8ce14112400cc92) at syscall+0x528 Xsyscall(6,0,ffffffffffffff89,0,3,77af18c01a0) at Xsyscall+0x128 end of kernel end trace frame: 0x77d929dd690, count: -6 ddb> show registers rdi 0xff rsi 0x1 rbp 0xffff800014a43760 rbx 0x1 rdx 0 rcx 0 rax 0 r8 0xffffffff817337a0 wsmux_do_ioctl+0x1e0 r9 0x7 r10 0xebfbefae93d04268 r11 0x78ef68434dcb7cb9 r12 0xffff800000669150 r13 0 r14 0xffff800014a43910 r15 0 rip 0xffffffff81733c7a wsmux_do_ioctl+0x6ba cs 0x8 rflags 0x10293 __ALIGN_SIZE+0xf293 rsp 0xffff800014a43710 ss 0x10 wsmux_do_ioctl+0x6ba: movq %rax,0x10(%rdx,%r15,8) ddb> show proc PROC (syz-executor0) pid=60309 stat=onproc flags process=0 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff8000149e52d8,0xffffffff8222ecb0 process=0xffff8000149d6d40 user=0xffff800014a3e000, vmspace=0xfffffd803f014a50 estcpu=29, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 94066 362996 66193 0 2 0 syz-executor1 94066 471110 66193 0 3 0x4000080 fsleep syz-executor1 29498 372021 66907 0 2 0 syz-executor0 29498 432301 66907 0 3 0x4000080 wsevent_read syz-executor0 29498 413683 66907 0 3 0x4000080 wsevent_read syz-executor0 *29498 60309 66907 0 7 0x4000000 syz-executor0 21895 196961 1 0 3 0x100083 ttyin getty 32401 179605 0 0 3 0x14200 bored sosplice 66193 111944 17426 0 3 0x82 nanosleep syz-executor1 66907 359315 17426 0 3 0x82 nanosleep syz-executor0 17426 193986 49690 0 3 0x82 kqread syz-fuzzer 17426 8023 49690 0 3 0x4000082 thrsleep syz-fuzzer 17426 296117 49690 0 3 0x4000082 thrsleep syz-fuzzer 17426 87469 49690 0 3 0x4000082 thrsleep syz-fuzzer 17426 289779 49690 0 3 0x4000082 thrsleep syz-fuzzer 17426 76561 49690 0 3 0x4000082 thrsleep syz-fuzzer 17426 471400 49690 0 3 0x4000082 thrsleep syz-fuzzer 17426 6069 49690 0 3 0x4000082 thrsleep syz-fuzzer 49690 419455 41353 0 3 0x10008a pause ksh 41353 485140 80931 0 3 0x92 select sshd 80931 173952 1 0 3 0x80 select sshd 47208 131490 20860 73 2 0x100090 syslogd 20860 47274 1 0 3 0x100082 netio syslogd 80649 366954 1 77 3 0x100090 poll dhclient 29864 478200 1 0 3 0x80 poll dhclient 99929 211426 0 0 2 0x14200 zerothread 24733 270632 0 0 3 0x14200 aiodoned aiodoned 68934 155331 0 0 3 0x14200 syncer update 28558 21874 0 0 3 0x14200 cleaner cleaner 4550 83033 0 0 3 0x14200 reaper reaper 61651 328281 0 0 3 0x14200 pgdaemon pagedaemon 96530 96204 0 0 3 0x14200 bored crynlk 14533 102014 0 0 3 0x14200 bored crypto 37320 252897 0 0 3 0x40014200 acpi0 acpi0 85613 467856 0 0 3 0x14200 bored softnet 34081 342521 0 0 3 0x14200 bored systqmp 70717 446715 0 0 3 0x14200 bored systq 65251 391877 0 0 3 0x40014200 bored softclock 82547 156373 0 0 3 0x40014200 idle0 1 127989 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9648 8956K 11518K 78643K 17886 0 0 pcb 23 9K 11K 78643K 15616 0 0 rtable 100 3K 3K 78643K 3428 0 0 ifaddr 95 28K 36K 78643K 2071 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 254 0 0 iov 0 0K 44K 78643K 3593 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1178 74K 75K 78643K 21593 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 449 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 1K 78643K 2730 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1777 193K 286K 78643K 12501 0 0 file desc 6 17K 25K 78643K 32031 0 0 sigio 0 0K 0K 78643K 504 0 0 proc 42 30K 54K 78643K 4754 0 0 subproc 64 65538K 69634K 78643K 316 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 4463 0 0 in_multi 33 2K 2K 78643K 1187 0 0 ether_multi 1 0K 0K 78643K 143 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 180 795K 795K 78643K 180 0 0 exec 0 0K 1K 78643K 2669 0 0 pfkey data 0 0K 4K 78643K 18 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 147 23K 63K 78643K 78219 0 0 UVM aobj 130 4K 4K 78643K 149 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 795 0 0 NDP 24 0K 0K 78643K 569 0 0 temp 255 2349K 2429K 78643K 88008 0 0 kqueue 0 0K 0K 78643K 350 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 inpcbpl 280 13228 0 13221 1 0 1 1 0 8 0 plimitpl 152 341 0 334 1 0 1 1 0 8 0 rtentry 112 41 0 1 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 544 4785 0 4781 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 swfcl 56 4 0 0 1 0 1 1 0 8 0 ppxss 1128 419 0 419 147 147 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 186 0 0 12 0 12 12 0 8 0 art_table 32 187 0 0 2 0 2 2 0 8 0 art_node 16 40 0 6 1 0 1 1 0 8 0 sysvmsgpl 40 25 0 17 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 2728 0 2718 1 0 1 1 0 8 0 shmpl 112 147 0 19 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 64960 0 62878 75 7 68 68 0 8 0 ffsino 240 64960 0 62878 126 3 123 123 0 8 0 nchpl 144 110952 0 109357 62 2 60 60 0 8 0 uvmvnodes 72 6460 0 0 118 0 118 118 0 8 0 vnodes 200 6460 0 0 340 0 340 340 0 8 0 namei 1024 354477 0 354477 10 9 1 1 0 8 1 scsiplug 64 89 0 89 59 59 0 1 0 8 0 scxspl 192 322910 0 322910 141 140 1 6 0 8 1 sigapl 432 32200 0 32186 2 0 2 2 0 8 0 futexpl 56 510608 0 510607 3 2 1 1 0 8 0 knotepl 112 7968 0 7941 2 0 2 2 0 8 0 kqueuepl 104 10525 0 10523 1 0 1 1 0 8 0 pipepl 112 21320 0 21301 61 60 1 2 0 8 0 fdescpl 424 32201 0 32186 2 0 2 2 0 8 0 filepl 120 205986 0 205891 49 45 4 5 0 8 1 lockfpl 96 10692 0 10692 60 59 1 1 0 8 1 lockfspl 24 18310 0 18310 54 53 1 1 0 8 1 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 395 0 385 1 0 1 1 0 8 0 ucredpl 96 69502 0 69495 1 0 1 1 0 8 0 zombiepl 144 32186 0 32186 15 14 1 1 0 8 1 processpl 840 32215 0 32186 5 1 4 4 0 8 0 procpl 600 76233 0 76193 4 0 4 4 0 8 0 sosppl 128 564 0 564 135 134 1 1 0 8 1 sockpl 384 28172 0 28155 70 67 3 4 0 8 1 mcl64k 65536 18890 0 18890 1674 1674 0 65 0 8 0 mcl16k 16384 120 0 120 87 87 0 1 0 8 0 mcl12k 12288 613 0 613 152 151 1 1 0 8 1 mcl9k 9216 599 0 599 161 161 0 1 0 8 0 mcl8k 8192 645 0 645 158 158 0 1 0 8 0 mcl4k 4096 1500 0 1500 91 90 1 1 0 8 1 mcl2k2 2112 236 0 236 109 109 0 1 0 8 0 mcl2k 2048 87958 0 87932 47 43 4 10 0 8 0 mtagpl 80 6 0 6 3 3 0 1 0 8 0 mbufpl 256 306881 0 306831 886 881 5 36 0 8 0 bufpl 256 59732 0 53215 410 2 408 408 0 8 0 anonpl 16 3028383 0 3020586 1036 988 48 55 0 62 9 amapchunkpl 152 176805 0 176694 1023 1014 9 190 0 158 4 amappl16 192 204144 0 203759 1474 1446 28 33 0 8 8 amappl15 184 15800 0 15797 1 0 1 1 0 8 0 amappl14 176 24 0 21 2 1 1 1 0 8 0 amappl13 168 26 0 23 1 0 1 1 0 8 0 amappl12 160 13 0 13 5 5 0 1 0 8 0 amappl11 152 187 0 178 1 0 1 1 0 8 0 amappl10 144 69 0 66 2 1 1 1 0 8 0 amappl9 136 324 0 323 1 0 1 1 0 8 0 amappl8 128 531 0 446 3 0 3 3 0 8 0 amappl7 120 37 0 30 1 0 1 1 0 8 0 amappl6 112 51 0 42 1 0 1 1 0 8 0 amappl5 104 413 0 402 1 0 1 1 0 8 0 amappl4 96 16738 0 16715 2 1 1 2 0 8 0 amappl3 88 1612 0 1607 1 0 1 1 0 8 0 amappl2 80 337507 0 337446 2 0 2 2 0 8 0 amappl1 72 577871 0 577437 26 17 9 19 0 8 0 amappl 72 76857 0 76816 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 148 0 19 3 0 3 3 0 8 0 uaddrrnd 24 32201 0 32186 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 32201 0 32186 1 0 1 1 0 8 0 vmmpekpl 168 210706 0 210684 2 0 2 2 0 8 0 vmmpepl 168 3284053 0 3282566 927 851 76 78 0 357 7 vmsppl 264 32200 0 32186 2 1 1 2 0 8 0 pdppl 4096 64408 0 64372 6 1 5 6 0 8 0 pvpl 32 9126327 0 9114852 2747 2618 129 234 0 265 36 pmappl 192 32200 0 32186 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 3514 0 2950 22 3 19 19 0 8 0