uvm_fault(0xfffffd803f015c60, 0x10, 0, 2) -> e kernel: page fault trap, code=0 Stopped at wsmux_do_ioctl+0x6ba: movq %rax,0x10(%rdx,%r15,8) ddb> ddb> set $lines = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f015c60, 0x10, 0, 2) -> e wsmux_do_ioctl(85fa86dc22974767,80185760,fffffd803d7ad108,3,fffffd803f7c7ae0) at wsmux_do_ioctl+0x6ba sys/dev/wscons/wsmux.c:404 end trace frame: 0xffff800014a31fc0, count: 0 ddb> trace wsmux_do_ioctl(85fa86dc22974767,80185760,fffffd803d7ad108,3,fffffd803f7c7ae0) at wsmux_do_ioctl+0x6ba sys/dev/wscons/wsmux.c:404 VOP_IOCTL(47205658c17c6595,80185760,fffffd802c6e4bb8,ffff8000149ef9e0,fffffd803d7ad108,ffff8000149ef9e0) at VOP_IOCTL+0x80 sys/kern/vfs_vops.c:290 vn_ioctl(cf33acb7c8723066,fffffd802c6e4bb8,ffff8000149ef9e0,18) at vn_ioctl+0xc5 sys/kern/vfs_vnops.c:512 sys_ioctl(8d4412d590943c8a,0,ffff8000149ef9e0) at sys_ioctl+0x639 syscall(c24e770f3d785c06) at syscall+0x528 Xsyscall(6,0,ffffffffffffff89,0,3,d69df4f5010) at Xsyscall+0x128 end of kernel end trace frame: 0xd6cd544c590, count: -6 ddb> show registers rdi 0xff rsi 0x1 rbp 0xffff800014a31f40 rbx 0x1 rdx 0 rcx 0 rax 0 r8 0xffffffff8180b340 wsmux_do_ioctl+0x1e0 r9 0x7 r10 0x6c73f5ccb845e5c r11 0xc4f83a16f71aff9a r12 0xffff800000669150 r13 0 r14 0xffff800014a320f0 r15 0 rip 0xffffffff8180b81a wsmux_do_ioctl+0x6ba cs 0x8 rflags 0x10293 __ALIGN_SIZE+0xf293 rsp 0xffff800014a31ef0 ss 0x10 wsmux_do_ioctl+0x6ba: movq %rax,0x10(%rdx,%r15,8) ddb> show proc PROC (syz-executor1) pid=150358 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000149efc38,0xffff8000149ee280 process=0xffff8000149b33d0 user=0xffff800014a2d000, vmspace=0xfffffd803f015c60 estcpu=36, cpticks=61, pctcpu=0.41 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 43082 510205 58733 0 2 0 syz-executor1 *43082 150358 58733 0 7 0x4000000 syz-executor1 43082 345131 58733 0 3 0x4000080 fsleep syz-executor1 23428 371621 1 0 3 0x100083 ttyin getty 19783 175243 0 0 3 0x14200 bored sosplice 36988 522905 33514 0 3 0x2 biowait syz-executor0 58733 242604 33514 0 3 0x82 nanosleep syz-executor1 33514 451760 11565 0 3 0x82 thrsleep syz-fuzzer 33514 94287 11565 0 3 0x4000082 thrsleep syz-fuzzer 33514 131084 11565 0 3 0x4000082 thrsleep syz-fuzzer 33514 292439 11565 0 3 0x4000082 kqread syz-fuzzer 33514 159319 11565 0 3 0x4000082 thrsleep syz-fuzzer 33514 417482 11565 0 3 0x4000082 thrsleep syz-fuzzer 33514 352192 11565 0 3 0x4000082 thrsleep syz-fuzzer 33514 44529 11565 0 3 0x4000082 thrsleep syz-fuzzer 11565 243642 19131 0 3 0x10008a pause ksh 19131 352268 53094 0 3 0x92 select sshd 53094 493002 1 0 3 0x80 select sshd 83980 244090 79470 73 2 0x100090 syslogd 79470 492615 1 0 3 0x100082 netio syslogd 25967 18361 1 77 3 0x100090 poll dhclient 4903 216379 1 0 3 0x80 poll dhclient 12631 93403 0 0 3 0x14200 pgzero zerothread 59527 196983 0 0 3 0x14200 aiodoned aiodoned 94003 228936 0 0 3 0x14200 syncer update 80457 171535 0 0 3 0x14200 cleaner cleaner 95522 235575 0 0 3 0x14200 reaper reaper 98724 171234 0 0 3 0x14200 pgdaemon pagedaemon 1316 70775 0 0 3 0x14200 bored crynlk 29372 502112 0 0 3 0x14200 bored crypto 69091 93219 0 0 3 0x40014200 acpi0 acpi0 5352 107842 0 0 3 0x14200 bored softnet 23284 214253 0 0 3 0x14200 bored systqmp 1009 281785 0 0 3 0x14200 bored systq 16697 376858 0 0 3 0x40014200 bored softclock 50748 216660 0 0 3 0x40014200 idle0 1 508286 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9510 6348K 6356K 78643K 11157 0 0 pcb 23 9K 11K 78643K 1292 0 0 rtable 100 3K 3K 78643K 432 0 0 ifaddr 56 13K 14K 78643K 209 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 35 0 0 iov 0 0K 16K 78643K 252 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1188 74K 75K 78643K 2658 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 35 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 229 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1777 193K 286K 78643K 12501 0 0 file desc 5 13K 25K 78643K 2281 0 0 sigio 0 0K 0K 78643K 36 0 0 proc 42 30K 54K 78643K 546 0 0 subproc 64 65538K 67586K 78643K 72 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 321 0 0 in_multi 33 2K 2K 78643K 157 0 0 ether_multi 1 0K 0K 78643K 16 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 108 477K 477K 78643K 108 0 0 exec 0 0K 1K 78643K 349 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 95 21K 23K 78643K 6257 0 0 UVM aobj 130 6K 6K 78643K 145 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 55 0 0 NDP 11 0K 0K 78643K 57 0 0 temp 163 2347K 2414K 78643K 8801 0 0 kqueue 0 0K 0K 78643K 19 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 inpcbpl 280 1022 0 1015 1 0 1 1 0 8 0 plimitpl 152 36 0 29 1 0 1 1 0 8 0 rtentry 112 41 0 1 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 392 0 388 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 ppxss 1128 29 0 29 14 14 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 185 0 0 12 0 12 12 0 8 0 art_table 32 186 0 0 2 0 2 2 0 8 0 art_node 16 40 0 6 1 0 1 1 0 8 0 sysvmsgpl 40 20 0 14 1 0 1 1 0 8 0 semapl 112 227 0 217 1 0 1 1 0 8 0 shmpl 112 143 0 15 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 5845 0 4438 46 0 46 46 0 8 0 ffsino 240 5845 0 4438 83 0 83 83 0 8 0 nchpl 144 9322 0 7734 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 28266 0 28265 2 1 1 1 0 8 0 scsiplug 64 6 0 6 6 6 0 1 0 8 0 scxspl 192 24952 0 24951 14 13 1 6 0 8 0 sigapl 432 2450 0 2437 2 0 2 2 0 8 0 futexpl 56 36553 0 36552 1 0 1 1 0 8 0 knotepl 112 708 0 681 2 0 2 2 0 8 0 kqueuepl 104 778 0 776 1 0 1 1 0 8 0 pipepl 112 1732 0 1713 6 5 1 2 0 8 0 fdescpl 424 2451 0 2437 2 0 2 2 0 8 0 filepl 120 15838 0 15743 5 1 4 5 0 8 0 lockfpl 104 738 0 738 4 3 1 1 0 8 1 lockfspl 32 1232 0 1232 4 3 1 1 0 8 1 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 55 0 45 1 0 1 1 0 8 0 ucredpl 96 5074 0 5067 1 0 1 1 0 8 0 zombiepl 144 2437 0 2437 2 1 1 1 0 8 1 processpl 840 2465 0 2437 5 1 4 4 0 8 0 procpl 600 5606 0 5569 4 0 4 4 0 8 0 sosppl 128 43 0 43 9 9 0 1 0 8 0 sockpl 384 2239 0 2222 5 2 3 4 0 8 1 mcl64k 65536 566 0 566 64 63 1 33 0 8 1 mcl16k 16384 10 0 10 9 8 1 1 0 8 1 mcl12k 12288 53 0 53 13 12 1 1 0 8 1 mcl9k 9216 45 0 45 11 11 0 1 0 8 0 mcl8k 8192 58 0 58 11 11 0 1 0 8 0 mcl4k 4096 102 0 102 9 8 1 1 0 8 1 mcl2k2 2112 17 0 17 8 8 0 1 0 8 0 mcl2k 2048 43125 0 43092 12 7 5 10 0 8 0 mtagpl 80 4 0 4 2 2 0 1 0 8 0 mbufpl 256 81889 0 81840 35 29 6 21 0 8 0 bufpl 256 9773 0 4479 333 2 331 332 0 8 0 anonpl 16 216741 0 209180 96 62 34 48 0 62 0 amapchunkpl 152 10371 0 10267 37 32 5 14 0 158 0 amappl16 192 12358 0 11981 93 73 20 31 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 7 0 5 2 1 1 1 0 8 0 amappl13 168 24 0 19 1 0 1 1 0 8 0 amappl12 160 18 0 17 1 0 1 1 0 8 0 amappl11 152 1293 0 1282 1 0 1 1 0 8 0 amappl10 144 2364 0 2363 2 1 1 1 0 8 0 amappl9 136 1418 0 1416 1 0 1 1 0 8 0 amappl8 128 170 0 141 1 0 1 1 0 8 0 amappl7 120 33 0 28 1 0 1 1 0 8 0 amappl6 112 49 0 41 1 0 1 1 0 8 0 amappl5 104 199 0 187 1 0 1 1 0 8 0 amappl4 96 302 0 280 2 1 1 2 0 8 0 amappl3 88 236 0 231 1 0 1 1 0 8 0 amappl2 80 23538 0 23488 2 0 2 2 0 8 0 amappl1 72 52384 0 51961 25 15 10 19 0 8 0 amappl 72 5836 0 5798 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 144 0 15 3 0 3 3 0 8 0 uaddrrnd 24 2451 0 2437 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2451 0 2437 1 0 1 1 0 8 0 vmmpekpl 168 20291 0 20269 2 0 2 2 0 8 0 vmmpepl 168 252869 0 251538 134 71 63 77 0 357 0 vmsppl 264 2450 0 2437 2 1 1 2 0 8 0 pdppl 4096 4908 0 4874 6 1 5 6 0 8 0 pvpl 32 668202 0 657123 282 188 94 220 0 265 4 pmappl 192 2450 0 2437 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 583 0 132 15 0 15 15 0 8 0