uvm_fault(0xfffffd807f00c870, 0x40, 0, 2) -> e kernel: page fault trap, code=0 Stopped at wsmux_do_ioctl+0x6ba: movq %rax,0x10(%rdx,%r15,8) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic kernel page fault uvm_fault(0xfffffd807f00c870, 0x40, 0, 2) -> e wsmux_do_ioctl(83bdb3cf2f345dbf,80185760,fffffd80744057b0,3,fffffd807f7c7ae0) at wsmux_do_ioctl+0x6ba sys/dev/wscons/wsmux.c:404 end trace frame: 0xffff800020c86e70, count: 0 ddb{0}> trace wsmux_do_ioctl(83bdb3cf2f345dbf,80185760,fffffd80744057b0,3,fffffd807f7c7ae0) at wsmux_do_ioctl+0x6ba sys/dev/wscons/wsmux.c:404 VOP_IOCTL(cf6913d562493558,80185760,fffffd8069523ef0,ffff800020bbb2d8,fffffd80744057b0,ffff800020bbb2d8) at VOP_IOCTL+0x80 sys/kern/vfs_vops.c:290 vn_ioctl(9c4ed9c96e61d7f0,fffffd8069523ef0,ffff800020bbb2d8,18) at vn_ioctl+0xc5 sys/kern/vfs_vnops.c:512 sys_ioctl(77160a0b8016b7e9,0,ffff800020bbb2d8) at sys_ioctl+0x652 syscall(6f512367d69a4edb) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(6f512367d69a4edb) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffff89,0,3,4b1a01d9268) at Xsyscall+0x128 end of kernel end trace frame: 0x4b3bdc535e0, count: -6 ddb{0}> show registers rdi 0xff rsi 0x3 rbp 0xffff800020c86df0 rbx 0x3 rdx 0 rcx 0xffff800001946ac0 rax 0 r8 0xffffffff81afaf00 wsmux_do_ioctl+0x1e0 r9 0x7 r10 0xb5cc8e0653369d1a r11 0x859918148dfa3dfe r12 0xffff800000026d50 r13 0x2 r14 0xffff800020c86fa0 r15 0x6 rip 0xffffffff81afb3da wsmux_do_ioctl+0x6ba cs 0x8 rflags 0x10293 __ALIGN_SIZE+0xf293 rsp 0xffff800020c86da0 ss 0x10 wsmux_do_ioctl+0x6ba: movq %rax,0x10(%rdx,%r15,8) ddb{0}> show proc PROC (syz-executor1) pid=254036 stat=onproc flags process=0 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff800020bbb080,0xffffffff822e6900 process=0xffff800020b95a50 user=0xffff800020c82000, vmspace=0xfffffd807f00c870 estcpu=29, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 41952 158322 90724 0 2 0 syz-executor1 41952 134507 90724 0 3 0x4000080 wsevent_read syz-executor1 41952 126324 90724 0 3 0x4000080 wsevent_read syz-executor1 41952 298950 90724 0 3 0x4000080 wsevent_read syz-executor1 *41952 254036 90724 0 7 0x4000000 syz-executor1 93831 145654 1 0 3 0x100083 ttyin getty 83434 237977 0 0 3 0x14200 bored sosplice 90724 319011 16373 0 3 0x82 nanosleep syz-executor1 14483 432177 16373 0 3 0x82 piperd syz-executor0 16373 436955 546 0 3 0x82 thrsleep syz-fuzzer 16373 474979 546 0 3 0x4000082 thrsleep syz-fuzzer 16373 401735 546 0 3 0x4000082 thrsleep syz-fuzzer 16373 498583 546 0 3 0x4000082 thrsleep syz-fuzzer 16373 469095 546 0 3 0x4000082 thrsleep syz-fuzzer 16373 427210 546 0 3 0x4000082 thrsleep syz-fuzzer 16373 321820 546 0 3 0x4000082 thrsleep syz-fuzzer 16373 5682 546 0 3 0x4000082 thrsleep syz-fuzzer 16373 232656 546 0 3 0x4000082 thrsleep syz-fuzzer 16373 67435 546 0 3 0x4000082 kqread syz-fuzzer 546 482614 93670 0 3 0x10008a pause ksh 93670 378889 81693 0 3 0x92 select sshd 81693 451374 1 0 3 0x80 select sshd 45999 293756 32465 73 7 0x100090 syslogd 32465 110813 1 0 3 0x100082 netio syslogd 8108 42834 1 77 3 0x100090 poll dhclient 61292 477151 1 0 3 0x80 poll dhclient 38234 70792 0 0 2 0x14200 zerothread 735 70783 0 0 3 0x14200 aiodoned aiodoned 44712 383306 0 0 3 0x14200 syncer update 13564 31599 0 0 3 0x14200 cleaner cleaner 63768 44321 0 0 3 0x14200 reaper reaper 82667 422640 0 0 3 0x14200 pgdaemon pagedaemon 1056 162998 0 0 3 0x14200 bored crynlk 83776 226612 0 0 3 0x14200 bored crypto 12361 260624 0 0 3 0x40014200 acpi0 acpi0 10708 495109 0 0 3 0x40014200 idle1 10101 216016 0 0 3 0x14200 bored softnet 15940 478938 0 0 3 0x14200 bored systqmp 7261 149014 0 0 3 0x14200 bored systq 51211 503856 0 0 3 0x40014200 bored softclock 29196 390951 0 0 3 0x40014200 idle0 1 306802 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 41952 (syz-executor1) thread 0xffff800020bbb2d8 (254036) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822fc730) locked @ /syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9513 10451K 10459K 78643K 11696 0 0 pcb 23 9K 11K 78643K 2360 0 0 rtable 100 3K 4K 78643K 718 0 0 ifaddr 49 13K 14K 78643K 373 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 40 0 0 iov 0 0K 24K 78643K 446 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1199 75K 76K 78643K 4184 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 76 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 0K 0K 78643K 395 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 5 13K 25K 78643K 4573 0 0 sigio 0 0K 0K 78643K 95 0 0 proc 42 38K 70K 78643K 1014 0 0 subproc 64 65538K 67586K 78643K 99 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 607 0 0 in_multi 33 2K 2K 78643K 231 0 0 ether_multi 1 0K 0K 78643K 31 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 126 556K 556K 78643K 126 0 0 exec 0 0K 1K 78643K 474 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 107 22K 60K 78643K 15386 0 0 UVM aobj 130 4K 4K 78643K 140 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 88 0 0 NDP 9 0K 0K 78643K 103 0 0 temp 149 2362K 2434K 78643K 14960 0 0 kqueue 0 0K 0K 78643K 71 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 inpcbpl 280 1980 0 1973 1 0 1 1 0 8 0 plimitpl 152 65 0 58 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 41 0 1 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 796 0 792 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 swfcl 56 1 0 0 1 0 1 1 0 8 0 ppxss 1128 65 0 65 20 20 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 185 0 0 12 0 12 12 0 8 0 art_table 32 186 0 0 2 0 2 2 0 8 0 art_node 16 40 0 6 1 0 1 1 0 8 0 sysvmsgpl 40 26 0 12 1 0 1 1 0 8 0 semapl 112 393 0 383 1 0 1 1 0 8 0 shmpl 112 138 0 10 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 10377 0 8918 48 0 48 48 0 8 0 ffsino 272 10377 0 8918 98 0 98 98 0 8 0 nchpl 144 17196 0 15607 63 3 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 53635 0 53635 3 2 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scsiplug 64 17 0 17 11 11 0 1 0 8 0 scxspl 192 46093 0 46093 20 19 1 6 0 8 1 sigapl 432 4744 0 4731 2 0 2 2 0 8 0 futexpl 56 55966 0 55966 1 0 1 1 0 8 1 knotepl 112 1218 0 1191 8 7 1 2 0 8 0 kqueuepl 104 1544 0 1542 1 0 1 1 0 8 0 pipepl 112 3028 0 3009 13 12 1 2 0 8 0 fdescpl 488 4745 0 4731 3 1 2 3 0 8 0 filepl 152 29938 0 29843 15 10 5 7 0 8 1 lockfpl 96 1452 0 1452 8 7 1 1 0 8 1 lockfspl 24 2553 0 2553 7 6 1 1 0 8 1 sessionpl 112 21 0 11 1 0 1 1 0 8 0 pgrppl 48 62 0 52 1 0 1 1 0 8 0 ucredpl 96 9781 0 9774 1 0 1 1 0 8 0 zombiepl 144 4731 0 4731 2 1 1 1 0 8 1 processpl 840 4760 0 4731 4 0 4 4 0 8 0 procpl 600 14581 0 14539 6 2 4 5 0 8 0 sosppl 128 79 0 79 21 21 0 1 0 8 0 sockpl 384 4220 0 4203 9 6 3 4 0 8 1 mcl64k 65536 729 0 0 64 17 47 47 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 31 0 0 3 1 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 25 0 0 4 1 3 3 0 8 0 mcl2k2 2112 12 0 0 1 0 1 1 0 8 0 mcl2k 2048 117 0 0 13 0 13 13 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 819 0 0 26 0 26 26 0 8 0 bufpl 256 12224 0 5255 436 0 436 436 0 8 0 anonpl 16 493995 0 486465 183 150 33 48 0 125 0 amapchunkpl 152 34602 0 34502 223 218 5 189 0 158 0 amappl16 192 26095 0 25710 183 163 20 33 0 8 0 amappl15 184 5 0 3 1 0 1 1 0 8 0 amappl14 176 5 0 4 2 1 1 1 0 8 0 amappl13 168 2307 0 2302 1 0 1 1 0 8 0 amappl12 160 2285 0 2282 1 0 1 1 0 8 0 amappl11 152 188 0 178 1 0 1 1 0 8 0 amappl10 144 65 0 63 1 0 1 1 0 8 0 amappl9 136 343 0 342 1 0 1 1 0 8 0 amappl8 128 2457 0 2419 3 1 2 2 0 8 0 amappl7 120 2321 0 2314 1 0 1 1 0 8 0 amappl6 112 45 0 39 1 0 1 1 0 8 0 amappl5 104 152 0 140 1 0 1 1 0 8 0 amappl4 96 321 0 298 2 1 1 2 0 8 0 amappl3 88 701 0 695 1 0 1 1 0 8 0 amappl2 80 46574 0 46522 2 0 2 2 0 8 0 amappl1 72 107946 0 107526 23 14 9 18 0 8 0 amappl 72 14864 0 14826 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 139 0 10 3 0 3 3 0 8 0 uaddrrnd 24 4745 0 4731 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4745 0 4731 1 0 1 1 0 8 0 vmmpekpl 168 41516 0 41495 2 0 2 2 0 8 0 vmmpepl 168 504434 0 503082 185 121 64 74 0 357 1 vmsppl 360 4744 0 4731 2 0 2 2 0 8 0 pdppl 4096 9497 0 9462 6 1 5 6 0 8 0 pvpl 32 1287996 0 1277428 315 207 108 127 0 265 19 pmappl 224 4744 0 4731 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 673 0 23 19 0 19 19 0 8 0