syzbot |
sign-in | mailing list | source | docs |
panic: chgproccnt: procs < 0
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*347436 99700 0 0x10 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff835080c4) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff8000344b7248,ffff80003b8e90e0,ffff80003b8e9030) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80003b8e90e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003b8e90e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x827acaa8500, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: chgproccnt: procs < 0
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff835080c4) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff8000344b7248,ffff80003b8e90e0,ffff80003b8e9030) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80003b8e90e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003b8e90e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x827acaa8500, count: -6
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003b8e8ec0
rbx 0xee00 __ALIGN_SIZE+0xde00
rdx 0xffff8000015ec740
rcx 0
rax 0xffff8000344b7248
r8 0x101010101010101
r9 0x8080808080808080
r10 0xe7a6dcad641ef2af
r11 0x10a4f5c69ed1122a
r12 0
r13 0xfffff80007ffd000
r14 0
r15 0x1
rip 0xffffffff814ca275 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003b8e8eb0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=347436 pid=99700 tcnt=3 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
runpri=50, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000344b7778,0xffff800030ca0028
process=0xffff807fffff8018 user=0xffff80003b8e4000, vmspace=0xfffff8006bc66018
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
1754 503447 55032 0 2 0x1000000 syz-executor
1754 469203 55032 0 3 0x5000080 fsleep syz-executor
99700 70562 24498 0 2 0x10 syz-executor
*99700 347436 24498 0 7 0x4000010 syz-executor
99700 461519 24498 0 2 0x4000010 syz-executor
9058 49906 84209 0 2 0 syz-executor
9058 299549 84209 0 3 0x4000080 fsleep syz-executor
9058 24514 84209 0 3 0x4000080 fsleep syz-executor
9058 480029 84209 0 2 0x4000000 syz-executor
9542 71902 4929 0 2 0x1 syz-executor
9542 228901 4929 0 3 0x4000080 fsleep syz-executor
67489 141997 47913 0 2 0x1 syz-executor
67489 190764 47913 0 3 0x4000080 fsleep syz-executor
48221 250326 11854 0 2 0x1 syz-executor
48221 408810 11854 0 3 0x4000080 fsleep syz-executor
48221 383119 11854 0 3 0x4000080 fsleep syz-executor
17802 214636 67286 0 2 0x1 syz-executor
17802 317003 67286 0 3 0x4000080 fsleep syz-executor
36630 251927 37331 0 3 0x80 nanoslp syz-executor
36630 517016 37331 0 3 0x4000080 bpf syz-executor
36630 228210 37331 0 3 0x4000080 lockf syz-executor
36630 133583 37331 0 3 0x4000080 fsleep syz-executor
47913 213413 4079 0 3 0x82 nanoslp syz-executor
24498 181546 4079 0 3 0x82 nanoslp syz-executor
67286 107826 4079 0 3 0x82 nanoslp syz-executor
4929 488276 4079 0 3 0x82 nanoslp syz-executor
11854 272322 4079 0 3 0x82 nanoslp syz-executor
84209 2764 4079 0 3 0x82 nanoslp syz-executor
37331 33220 4079 0 3 0x82 nanoslp syz-executor
55032 33634 4079 0 3 0x82 nanoslp syz-executor
4079 275341 89571 0 3 0x82 kqread syz-executor
89571 228780 83900 0 3 0x10008a sigsusp ksh
83900 327286 68124 0 3 0x98 kqread sshd-session
68124 475885 8385 0 3 0x92 kqread sshd-session
18727 177548 1 0 3 0x100083 ttyin getty
8385 427900 1 0 3 0x88 kqread sshd
28465 494905 58074 73 3 0x1100090 kqread syslogd
58074 73822 1 0 3 0x100082 sbwait syslogd
97142 5959 1 0 3 0x100080 kqread resolvd
30733 102867 62502 77 3 0x100092 kqread dhcpleased
36265 365571 62502 77 3 0x100092 kqread dhcpleased
62502 213943 1 0 3 0x80 kqread dhcpleased
88526 175819 0 0 3 0x14200 bored smr
18786 483133 0 0 2 0x14200 zerothread
31737 151913 0 0 3 0x14200 aiodoned aiodoned
47080 163019 0 0 3 0x14200 syncer update
81225 472665 0 0 3 0x14200 cleaner cleaner
61298 13562 0 0 3 0x14200 reaper reaper
29508 28398 0 0 3 0x14200 pgdaemon pagedaemon
92228 438328 0 0 3 0x14200 bored viomb
84812 84304 0 0 3 0x40014200 acpi0 acpi0
82425 85076 0 0 3 0x14200 bored softnet0
994 156254 0 0 3 0x14200 bored systqmp
39933 408243 0 0 3 0x14200 bored systq
82874 245276 0 0 3 0x40014200 tmoslp softclock
44138 289633 0 0 3 0x40014200 idle0
1 358985 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11051 12204K 12331K 166960K 12350 0
pcb 17 16K 18K 166960K 127 0
rtable 239 7K 7K 166960K 361 0
pf 35 14K 19K 166960K 70 0
ifaddr 43 7K 7K 166960K 52 0
ifgroup 52 2K 2K 166960K 66 0
sysctl 3 1K 9K 166960K 9 0
counters 34 17K 18K 166960K 39 0
ioctlops 0 0K 4K 166960K 84 0
iov 0 0K 12K 166960K 74 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1302 82K 82K 166960K 1536 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 5K 5K 166960K 4 0
VM map 2 1K 1K 166960K 2 0
sem 5 0K 0K 166960K 5 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 81K 166960K 252 0
sigio 0 0K 0K 166960K 7 0
proc 63 67K 83K 166960K 518 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 2 0K 0K 166960K 23 0
in_multi 100 7K 7K 166960K 104 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 10 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 67 307K 307K 166960K 67 0
exec 0 0K 1K 166960K 378 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 229 159K 173K 166960K 3857 0
UVM aobj 7 4K 4K 166960K 7 0
pinsyscall 39 78K 88K 166960K 1352 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 9 0
NDP 12 0K 2K 166960K 32 0
temp 36 9106K 9166K 166960K 9512 0
kqueue 14 22K 24K 166960K 39 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 40 0 37 1 0 1 1 0 8 0
rtentry 136 113 0 3 4 0 4 4 0 8 0
unpcb 144 285 0 270 4 3 1 4 0 8 0
syncache 336 5 0 5 1 1 0 1 0 8 0
tcpcb 736 34 0 30 1 0 1 1 0 8 0
arp 96 18 0 0 1 0 1 1 0 8 0
inpcb 328 320 0 311 12 10 2 12 0 8 1
nd6 112 24 0 0 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 1 0 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1072 4 0 3 2 1 1 1 0 8 0
pppxif 1416 1 0 1 1 1 0 1 0 8 0
pfstscr 40 8 0 4 1 0 1 1 0 8 0
pfanchor 1288 4 0 0 1 0 1 1 0 8 0
pfstitem 24 4 0 2 1 0 1 1 0 8 0
pfstkey 128 8 0 5 1 0 1 1 0 8 0
pfstate 384 4 0 2 1 0 1 1 0 8 0
pfrule 1360 1 0 1 1 1 0 1 0 8 0
rttmr 136 1 0 1 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 458 0 6 29 0 29 29 0 8 0
art_table 40 459 0 6 5 0 5 5 0 8 0
art_node 32 113 0 13 1 0 1 1 0 8 0
semapl 72 3 0 0 1 0 1 1 0 8 0
shmpl 112 4 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1864 0 403 92 0 92 92 0 8 0
ffsino 256 1864 0 403 92 0 92 92 0 8 0
nchpl 144 2217 0 518 64 0 64 64 0 8 0
vnodes 216 2002 0 0 112 0 112 112 0 8 0
namei 1024 7026 0 7026 3 2 1 2 0 8 1
kstatmem 264 33 0 8 2 0 2 2 0 8 0
scsiplug 72 2 0 2 2 1 1 1 0 8 1
scxspl 216 7793 0 7793 4 3 1 4 1 8 1
plimitpl 152 43 0 27 1 0 1 1 0 8 0
sigapl 424 547 0 504 6 1 5 6 0 8 0
knotepl 120 6963 0 6914 15 6 9 9 0 8 7
kqueuepl 184 40 0 29 1 0 1 1 0 8 0
pipepl 304 128 0 101 3 0 3 3 0 8 0
fdescpl 448 534 0 504 4 0 4 4 0 8 0
filepl 120 2787 0 2569 11 3 8 11 0 8 1
lockfpl 104 42 0 38 1 0 1 1 0 8 0
lockfspl 48 20 0 17 1 0 1 1 0 8 0
sessionpl 144 95 0 87 1 0 1 1 0 8 0
pgrppl 48 104 0 88 1 0 1 1 0 8 0
ucredpl 104 389 0 376 1 0 1 1 0 8 0
zombiepl 144 511 0 511 1 0 1 1 0 8 1
processpl 1152 547 0 504 4 0 4 4 0 8 0
procpl 664 743 0 686 5 0 5 5 0 8 0
sosppl 176 2 0 2 1 1 0 1 0 8 0
sockpl 552 651 0 624 12 9 3 12 0 8 0
mcl64k 65536 11 0 11 1 1 0 1 0 8 0
mcl16k 16384 3 0 3 1 1 0 1 0 8 0
mcl8k 8192 8 0 8 1 1 0 1 0 8 0
mcl4k 4096 2667 0 2617 15 8 7 15 0 8 0
mcl2k 2048 264 0 264 3 2 1 3 0 8 1
mtagpl 96 4 0 4 1 1 0 1 0 8 0
mbufpl 256 5459 0 5292 14 1 13 14 0 8 0
bufpl 272 2872 0 102 185 0 185 185 0 8 0
anonpl 24 98394 0 95181 44 0 44 44 0 88 15
amapchunkpl 152 11466 0 10974 29 9 20 28 0 158 0
amappl16 200 1767 0 1744 14 0 14 14 0 8 7
amappl15 192 1 0 1 1 1 0 1 0 8 0
amappl14 184 411 0 410 1 0 1 1 0 8 0
amappl13 176 118 0 108 1 0 1 1 0 8 0
amappl12 168 770 0 741 2 0 2 2 0 8 0
amappl11 160 8 0 8 1 1 0 1 0 8 0
amappl10 152 58 0 48 1 0 1 1 0 8 0
amappl9 144 272 0 272 1 1 0 1 0 8 0
amappl8 136 94 0 93 1 0 1 1 0 8 0
amappl7 128 140 0 128 1 0 1 1 0 8 0
amappl6 120 157 0 156 1 0 1 1 0 8 0
amappl5 112 102 0 95 1 0 1 1 0 8 0
amappl4 104 260 0 242 1 0 1 1 0 8 0
amappl3 96 2145 0 2033 3 0 3 3 0 8 0
amappl2 88 523 0 468 2 0 2 2 0 8 0
amappl1 80 10465 0 9917 13 1 12 13 0 8 0
amappl 88 3150 0 2986 4 0 4 4 0 92 0
uvmvnodes 80 99 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 254 0 254 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 6 0 0 1 0 1 1 0 8 0
uaddrrnd 24 534 0 504 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 534 0 504 1 0 1 1 0 8 0
vmmpekpl 168 6180 0 6149 2 0 2 2 0 8 0
vmmpepl 168 42645 0 40829 90 0 90 90 0 357 9
vmsppl 368 533 0 504 4 1 3 4 0 8 0
rwobjpl 40 15160 0 14212 12 0 12 12 0 8 0
pdppl 4096 1074 0 1008 92 26 66 74 0 8 0
pvpl 32 250664 0 241787 117 4 113 113 0 265 27
pmappl 216 533 0 504 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 546 0 47 15 0 15 15 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff835080c4) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff8000344b7248,ffff80003b8e90e0,ffff80003b8e9030) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80003b8e90e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003b8e90e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x827acaa8500, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff835080c4) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff8000344b7248,ffff80003b8e90e0,ffff80003b8e9030) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80003b8e90e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003b8e90e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x827acaa8500, count: -6
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/06/23 12:13 | openbsd | a7fbd22dd6cd | 4b1d8f01 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | panic: chgproccnt: procs < NUM | |||
| 2026/06/17 11:11 | openbsd | 2f229140c828 | 62cc6db3 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2026/06/10 12:48 | openbsd | 01c8afc2223d | f79bac11 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | panic: chgproccnt: procs < NUM | |||
| 2026/05/23 22:06 | openbsd | 19a8be4fa5c4 | c69befb3 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2026/05/11 18:40 | openbsd | 9c5367037e8c | 340bcdf0 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | panic: chgproccnt: procs < NUM | |||
| 2026/04/26 21:07 | openbsd | 443952c09f98 | 9c2d0995 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | panic: chgproccnt: procs < NUM | |||
| 2026/04/18 09:57 | openbsd | a9044055e1bf | 1a086e7c | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2026/04/17 12:45 | openbsd | 2dd8b2a80c95 | 1a086e7c | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2026/03/27 00:28 | openbsd | 9c6370df4fcd | 4b3d9a38 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | panic: chgproccnt: procs < NUM | |||
| 2026/03/24 06:56 | openbsd | 2084961b940b | baf8bf12 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2026/03/22 13:46 | openbsd | 67e6794a9e1c | 5b92003d | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2026/01/24 12:14 | openbsd | 652212f689da | 40acda8a | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | panic: chgproccnt: procs < NUM | |||
| 2025/11/27 22:07 | openbsd | 7de01a79e4ba | e8331348 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2025/11/16 02:48 | openbsd | 42d4ce758e42 | f7988ea4 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | panic: chgproccnt: procs < NUM | |||
| 2025/08/26 13:20 | openbsd | d9624900b8bd | bf27483f | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2025/06/18 01:39 | openbsd | 7cbb080c3e94 | e77fae15 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2025/05/17 15:40 | openbsd | 007267a8c99a | f41472b0 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2025/05/12 09:11 | openbsd | 1d7d4b26237d | 77908e5f | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM | |||
| 2025/02/22 06:57 | openbsd | 6a403588e274 | d34966d1 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-multicore | panic: chgproccnt: procs < NUM |