kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu Oct 31 15:13:43 PDT 2019 OpenBSD/amd64 (ci-openbsd-setuid-9.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.236' (ECDSA) to the list of known hosts. 2019/10/31 15:13:55 parsed 1 programs 2019/10/31 15:14:03 executed programs: 0 login: kernel: double fault trap, code=0 Stopped at __sanitizer_cov_trace_const_cmp2+0xf: pushq %rdi ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace __sanitizer_cov_trace_const_cmp2(0,0) at __sanitizer_cov_trace_const_cmp2+0xf sbappendaddr(fffffd806b28c190,fffffd806b28c218,ffff800020b8e1a8,fffffd8072fcbb00,0) at sbappendaddr+0x60 udp_sbappend(fffffd806f6ad348,fffffd8072fcbb00,fffffd8072fcbbb0,0,14,fffffd8072fcbbc4) at udp_sbappend+0x314 udp_input(ffff800020b8e428,ffff800020b8e434,11,2) at udp_input+0x12ba ip_deliver(ffff800020b8e428,ffff800020b8e434,11,2) at ip_deliver+0x353 ip_ours(ffff800020b8e428,ffff800020b8e434,fffffd8072fcbbbc,0) at ip_ours+0x412 ip_input_if(ffff800020b8e428,ffff800020b8e434,4,0,ffff80000066d000) at ip_input_if+0x6b9 ipv4_input(ffff80000066d000,fffffd8072fcbb00) at ipv4_input+0x48 if_input_local(ffff80000066d000,fffffd8072fcbb00,2) at if_input_local+0xf9 ip_output(fffffd807f02ac00,0,fffffd806f6ad188,0,0,fffffd806f6ad118) at ip_output+0xae5 udp_output(fffffd806f6ad118,fffffd807f02ac00,0,0) at udp_output+0x5af somove(fffffd806b28c190,2) at somove+0xf3f sorwakeup(fffffd806b28c190) at sorwakeup+0x79 udp_sbappend(fffffd806f6ad348,fffffd807f02ac00,fffffd807f02acb0,0,14,fffffd807f02acc4) at udp_sbappend+0x336 udp_input(ffff800020b8eb18,ffff800020b8eb24,11,2) at udp_input+0x12ba ip_deliver(ffff800020b8eb18,ffff800020b8eb24,11,2) at ip_deliver+0x353 ip_ours(ffff800020b8eb18,ffff800020b8eb24,fffffd807f02acbc,0) at ip_ours+0x412 ip_input_if(ffff800020b8eb18,ffff800020b8eb24,4,0,ffff80000066d000) at ip_input_if+0x6b9 ipv4_input(ffff80000066d000,fffffd807f02ac00) at ipv4_input+0x48 if_input_local(ffff80000066d000,fffffd807f02ac00,2) at if_input_local+0xf9 ip_output(fffffd807f02a100,0,fffffd806f6ad188,0,0,fffffd806f6ad118) at ip_output+0xae5 udp_output(fffffd806f6ad118,fffffd807f02a100,0,0) at udp_output+0x5af somove(fffffd806b28c190,2) at somove+0xf3f sorwakeup(fffffd806b28c190) at sorwakeup+0x79 udp_sbappend(fffffd806f6ad348,fffffd807f02a100,fffffd807f02a1b0,0,14,fffffd807f02a1c4) at udp_sbappend+0x336 udp_input(ffff800020b8f208,ffff800020b8f214,11,2) at udp_input+0x12ba ip_deliver(ffff800020b8f208,ffff800020b8f214,11,2) at ip_deliver+0x353 ip_ours(ffff800020b8f208,ffff800020b8f214,fffffd807f02a1bc,0) at ip_ours+0x412 ip_input_if(ffff800020b8f208,ffff800020b8f214,4,0,ffff80000066d000) at ip_input_if+0x6b9 ipv4_input(ffff80000066d000,fffffd807f02a100) at ipv4_input+0x48 if_input_local(ffff80000066d000,fffffd807f02a100,2) at if_input_local+0xf9 ip_output(fffffd8072fcb000,0,fffffd806f6ad188,0,0,fffffd806f6ad118) at ip_output+0xae5 udp_output(fffffd806f6ad118,fffffd8072fcb000,0,0) at udp_output+0x5af somove(fffffd806b28c190,2) at somove+0xf3f sorwakeup(fffffd806b28c190) at sorwakeup+0x79 udp_sbappend(fffffd806f6ad348,fffffd8072fcb000,fffffd8072fcb0b0,0,14,fffffd8072fcb0c4) at udp_sbappend+0x336 udp_input(ffff800020b8f8f8,ffff800020b8f904,11,2) at udp_input+0x12ba ip_deliver(ffff800020b8f8f8,ffff800020b8f904,11,2) at ip_deliver+0x353 ip_ours(ffff800020b8f8f8,ffff800020b8f904,fffffd8072fcb0bc,0) at ip_ours+0x412 ip_input_if(ffff800020b8f8f8,ffff800020b8f904,4,0,ffff80000066d000) at ip_input_if+0x6b9 ipv4_input(ffff80000066d000,fffffd8072fcb000) at ipv4_input+0x48 if_input_local(ffff80000066d000,fffffd8072fcb000,2) at if_input_local+0xf9 ip_output(fffffd806de7bd00,0,fffffd806f6ad188,0,0,fffffd806f6ad118) at ip_output+0xae5 udp_output(fffffd806f6ad118,fffffd806de7bd00,0,0) at udp_output+0x5af somove(fffffd806b28c190,2) at somove+0xf3f sorwakeup(fffffd806b28c190) at sorwakeup+0x79 udp_sbappend(fffffd806f6ad348,fffffd806de7bd00,fffffd806de7bdb0,0,14,fffffd806de7bdc4) at udp_sbappend+0x336 udp_input(ffff800020b8ffe8,ffff800020b8fff4,11,2) at udp_input+0x12ba ip_deliver(ffff800020b8ffe8,ffff800020b8fff4,11,2) at ip_deliver+0x353 ip_ours(ffff800020b8ffe8,ffff800020b8fff4,fffffd806de7bdbc,0) at ip_ours+0x412 ip_input_if(ffff800020b8ffe8,ffff800020b8fff4,4,0,ffff80000066d000) at ip_input_if+0x6b9 ipv4_input(ffff80000066d000,fffffd806de7bd00) at ipv4_input+0x48 if_input_local(ffff80000066d000,fffffd806de7bd00,2) at if_input_local+0xf9 ip_output(fffffd8072fcb100,0,fffffd806f6ad188,0,0,fffffd806f6ad118) at ip_output+0xae5 udp_output(fffffd806f6ad118,fffffd8072fcb100,0,0) at udp_output+0x5af somove(fffffd806b28c190,2) at somove+0xf3f sorwakeup(fffffd806b28c190) at sorwakeup+0x79 udp_sbappend(fffffd806f6ad348,fffffd8072fcb100,fffffd8072fcb1b0,0,14,fffffd8072fcb1c4) at udp_sbappend+0x336 udp_input(ffff800020b906d8,ffff800020b906e4,11,2) at udp_input+0x12ba ip_deliver(ffff800020b906d8,ffff800020b906e4,11,2) at ip_deliver+0x353 ip_ours(ffff800020b906d8,ffff800020b906e4,fffffd8072fcb1bc,0) at ip_ours+0x412 ip_input_if(ffff800020b906d8,ffff800020b906e4,4,0,ffff80000066d000) at ip_input_if+0x6b9 ipv4_input(ffff80000066d000,fffffd8072fcb100) at ipv4_input+0x48 if_input_local(ffff80000066d000,fffffd8072fcb100,2) at if_input_local+0xf9 ip_output(fffffd806f2fbc00,0,fffffd806f6ad188,0,0,fffffd806f6ad118) at ip_output+0xae5 udp_output(fffffd806f6ad118,fffffd806f2fbc00,0,0) at udp_output+0x5af somove(fffffd806b28c190,2) at somove+0xf3f sorwakeup(fffffd806b28c190) at sorwakeup+0x79 udp_sbappend(fffffd806f6ad348,fffffd806f2fbc00,fffffd806f2fbcb0,0,14,fffffd806f2fbcc4) at udp_sbappend+0x336 udp_input(ffff800020b90dc8,ffff800020b90dd4,11,2) at udp_input+0x12ba ip_deliver(ffff800020b90dc8,ffff800020b90dd4,11,2) at ip_deliver+0x353 ip_ours(ffff800020b90dc8,ffff800020b90dd4,fffffd806f2fbcbc,0) at ip_ours+0x412 ip_input_if(ffff800020b90dc8,ffff800020b90dd4,4,0,ffff80000066d000) at ip_input_if+0x6b9 ipv4_input(ffff80000066d000,fffffd806f2fbc00) at ipv4_input+0x48 if_input_local(ffff80000066d000,fffffd806f2fbc00,2) at if_input_local+0xf9 ip_output(fffffd8072fcb500,0,fffffd806f6ad188,0,0,fffffd806f6ad118) at ip_output+0xae5 udp_output(fffffd806f6ad118,fffffd8072fcb500,0,0) at udp_output+0x5af somove(fffffd806b28c190,2) at somove+0xf3f sorwakeup(fffffd806b28c190) at sorwakeup+0x79 udp_sbappend(fffffd806f6ad348,fffffd8072fcb500,fffffd8072fcb5b0,0,14,fffffd8072fcb5c4) at udp_sbappend+0x336 udp_input(ffff800020b914b8,ffff800020b914c4,11,2) at udp_input+0x12ba ip_deliver(ffff800020b914b8,ffff800020b914c4,11,2) at ip_deliver+0x353 ip_ours(ffff800020b914b8,ffff800020b914c4,fffffd8072fcb5bc,0) at ip_ours+0x412 ip_input_if(ffff800020b914b8,ffff800020b914c4,4,0,ffff80000066d000) at ip_input_if+0x6b9 ipv4_input(ffff80000066d000,fffffd8072fcb500) at ipv4_input+0x48 if_input_local(ffff80000066d000,fffffd8072fcb500,2) at if_input_local+0xf9 ip_output(fffffd806f2fba00,0,fffffd806f6ad818,0,0,fffffd806f6ad7a8) at ip_output+0xae5 udp_output(fffffd806f6ad7a8,fffffd806f2fba00,0,0) at udp_output+0x5af sosend(fffffd806b28c010,0,ffff800020b918d8,0,0,0) at sosend+0x645 dofilewritev(ffff800020ab13d8,3,ffff800020b918d8,0,ffff800020b919c0) at dofilewritev+0x1b7 sys_write(ffff800020ab13d8,ffff800020b91978,ffff800020b919c0) at sys_write+0x83 syscall(ffff800020b91a40) at syscall+0x4a4 Xsyscall(6,0,c,0,3,fdbbb639010) at Xsyscall+0x128 end of kernel end trace frame: 0xfde236247d0, count: -93 ddb{0}> show registers rdi 0 rsi 0x2 rbp 0xffff800020b8e000 rbx 0x2 rdx 0xffff800020b8e1a8 rcx 0xfffffd8072fcbb00 rax 0xfffffd806b28c190 r8 0 r9 0xfffffd8072fcbbc4 r10 0x47f619c75443acb6 r11 0x40fdb678f13d42c0 r12 0xfffffd806b28c190 r13 0 r14 0xfffffd8072fcbb00 r15 0xfffffd806b28c218 rip 0xffffffff81caacbf __sanitizer_cov_trace_const_cmp2+0xf cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff800020b8e000 ss 0x10 __sanitizer_cov_trace_const_cmp2+0xf: pushq %rdi ddb{0}> show proc PROC (syz-executor.1) pid=508405 stat=onproc flags process=10 proc=4000000 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020ab0780,0xffff800020ab0518 process=0xffff800020a8b510 user=0xffff800020b8c000, vmspace=0xfffffd807f00aa10 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 17841 25458 24089 32767 2 0x10 syz-executor.1 *17841 508405 24089 32767 7 0x4000010 syz-executor.1 48472 112791 3690 32767 7 0x10 syz-executor.0 48472 227529 3690 32767 3 0x4000090 fsleep syz-executor.0 48472 279357 3690 32767 2 0x4000010 syz-executor.0 95370 394957 0 0 3 0x14200 bored sosplice 24089 375345 26805 32767 3 0x90 nanosleep syz-executor.1 26805 146333 893 0 3 0x82 wait syz-executor.1 3690 173360 72567 32767 3 0x90 nanosleep syz-executor.0 72567 503693 893 0 3 0x82 wait syz-executor.0 893 386109 60526 0 3 0x82 thrsleep syz-execprog 893 444276 60526 0 3 0x4000082 thrsleep syz-execprog 893 30085 60526 0 3 0x4000082 thrsleep syz-execprog 893 520906 60526 0 3 0x4000082 thrsleep syz-execprog 893 294664 60526 0 3 0x4000082 thrsleep syz-execprog 893 154346 60526 0 3 0x4000082 thrsleep syz-execprog 893 317714 60526 0 3 0x4000082 thrsleep syz-execprog 893 178886 60526 0 3 0x4000082 thrsleep syz-execprog 893 481528 60526 0 3 0x4000082 kqread syz-execprog 60526 488600 67553 0 3 0x10008a pause ksh 67553 473637 31342 0 3 0x92 select sshd 19001 154645 1 0 3 0x100083 ttyin getty 31342 183879 1 0 3 0x80 select sshd 1994 181834 88705 73 3 0x100090 kqread syslogd 88705 446654 1 0 3 0x100082 netio syslogd 39298 111459 1 77 3 0x100090 poll dhclient 13568 306825 1 0 3 0x80 poll dhclient 43874 377903 0 0 2 0x14200 zerothread 52165 176457 0 0 3 0x14200 aiodoned aiodoned 11629 463718 0 0 3 0x14200 syncer update 18517 119701 0 0 3 0x14200 cleaner cleaner 73831 283253 0 0 3 0x14200 reaper reaper 7184 319312 0 0 3 0x14200 pgdaemon pagedaemon 82599 478673 0 0 3 0x14200 bored crynlk 18266 111958 0 0 3 0x14200 bored crypto 32214 431030 0 0 3 0x40014200 acpi0 acpi0 9335 498258 0 0 3 0x40014200 idle1 40375 172742 0 0 3 0x14200 bored softnet 1085 123406 0 0 3 0x14200 bored systqmp 31826 203263 0 0 3 0x14200 bored systq 59976 44930 0 0 3 0x40014200 bored softclock 84145 417156 0 0 3 0x40014200 idle0 81270 200201 0 0 3 0x14200 bored smr 1 297498 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 17841 (syz-executor.1) thread 0xffff800020ab13d8 (508405) exclusive rwlock netlock r = 0 (0xffffffff824e9da8) #0 witness_lock+0x52e #1 solock+0x5a #2 sosend+0x51b #3 dofilewritev+0x1b7 #4 sys_write+0x83 #5 syscall+0x4a4 #6 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9455 6321K 6321K 78643K 10542 0 0 pcb 13 8K 8K 78643K 13 0 0 rtable 105 3K 3K 78643K 191 0 0 ifaddr 34 9K 9K 78643K 34 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 15 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1180 74K 74K 78643K 1185 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 7 24K 32K 78643K 39 0 0 proc 48 50K 83K 78643K 359 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 33 2K 2K 78643K 33 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 18 79K 79K 78643K 18 0 0 exec 0 0K 1K 78643K 184 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 79 20K 20K 78643K 913 0 0 UVM aobj 2 2K 2K 78643K 2 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 9 0K 0K 78643K 9 0 0 temp 46 3546K 3610K 78643K 3146 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 27 0 19 1 0 1 1 0 8 0 syncache 264 5 0 5 1 1 0 1 0 8 0 tcpcb 544 8 0 5 1 0 1 1 0 8 0 inpcb 280 50 0 41 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 212 0 0 14 0 14 14 0 8 0 art_table 32 213 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1419 0 21 46 0 46 46 0 8 0 ffsino 272 1419 0 21 94 0 94 94 0 8 0 nchpl 144 1662 0 55 60 0 60 60 0 8 0 uvmvnodes 72 1428 0 0 26 0 26 26 0 8 0 vnodes 208 1428 0 0 76 0 76 76 0 8 0 namei 1024 3955 0 3955 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 4050 0 4050 2 1 1 2 0 8 1 plimitpl 152 17 0 8 1 0 1 1 0 8 0 sigapl 432 214 0 198 3 0 3 3 0 8 1 futexpl 56 57 0 56 1 0 1 1 0 8 0 knotepl 112 51 0 34 1 0 1 1 0 8 0 kqueuepl 104 2 0 0 1 0 1 1 0 8 0 pipepl 112 142 0 123 1 0 1 1 0 8 0 fdescpl 488 215 0 198 3 0 3 3 0 8 0 filepl 152 1026 0 961 3 0 3 3 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 53 0 44 1 0 1 1 0 8 0 zombiepl 144 198 0 198 1 0 1 1 0 8 1 processpl 896 231 0 198 4 0 4 4 0 8 0 procpl 632 248 0 204 4 0 4 4 0 8 0 sosppl 128 14 0 8 1 0 1 1 0 8 0 sockpl 384 96 0 73 3 0 3 3 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 71 0 0 9 0 9 9 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 134 0 0 8 0 8 8 0 8 0 bufpl 256 5799 0 1295 282 0 282 282 0 8 0 anonpl 16 20973 0 19315 14 1 13 13 0 124 6 amapchunkpl 152 903 0 829 6 0 6 6 0 158 2 amappl16 192 153 0 108 3 0 3 3 0 8 0 amappl15 184 8 0 6 1 0 1 1 0 8 0 amappl14 176 59 0 51 1 0 1 1 0 8 0 amappl12 160 12 0 9 2 1 1 1 0 8 0 amappl11 152 53 0 42 1 0 1 1 0 8 0 amappl10 144 19 0 13 1 0 1 1 0 8 0 amappl9 136 417 0 413 1 0 1 1 0 8 0 amappl8 128 121 0 110 1 0 1 1 0 8 0 amappl7 120 41 0 33 1 0 1 1 0 8 0 amappl6 112 51 0 46 1 0 1 1 0 8 0 amappl5 104 123 0 114 1 0 1 1 0 8 0 amappl4 96 445 0 419 1 0 1 1 0 8 0 amappl3 88 116 0 111 1 0 1 1 0 8 0 amappl2 80 898 0 825 3 0 3 3 0 8 1 amappl1 72 14165 0 13699 24 6 18 20 0 8 8 amappl 80 460 0 425 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 215 0 198 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 215 0 198 1 0 1 1 0 8 0 vmmpekpl 168 6194 0 6169 2 0 2 2 0 8 0 vmmpepl 168 30151 0 29024 81 4 77 77 0 357 28 vmsppl 368 214 0 198 2 0 2 2 0 8 0 pdppl 4096 437 0 396 6 0 6 6 0 8 0 pvpl 32 107403 0 103189 113 0 113 113 0 265 78 pmappl 232 214 0 198 2 0 2 2 0 8 1 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 424 0 2 13 0 13 13 0 8 0 ddb{0}>