kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu Dec 5 04:53:49 PST 2019 OpenBSD/amd64 (ci-openbsd-main-7.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.15.194' (ECDSA) to the list of known hosts. 2019/12/05 04:54:16 parsed 1 programs 2019/12/05 04:54:23 executed programs: 0 login: kernel: protection fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pool_do_put(ffffffff8253d850,fffffd80331bcc00) at pool_do_put+0x12e pool_put(ffffffff8253d850,fffffd80331bcc00) at pool_put+0x4b m_free(fffffd80331bcc00) at m_free+0x119 rt_ifa_del(ffff8000006a2400,800100,ffff8000006a2440,0) at rt_ifa_del+0x436 in6_unlink_ifa(ffff8000006a2400,ffff8000009e3800) at in6_unlink_ifa+0x571 in6_update_ifa(ffff8000009e3800,ffff800014928ae0,0) at in6_update_ifa+0x13f7 in6_ioctl_change_ifaddr(8080691a,ffff800014928ae0,ffff8000009e3800) at in6_ioctl_change_ifaddr+0x40c ifioctl(fffffd80363c1a88,8080691a,ffff800014928ae0,ffff8000ffff89e8) at ifioctl+0xe60 sys_ioctl(ffff8000ffff89e8,ffff800014928bf8,ffff800014928c40) at sys_ioctl+0x5b9 syscall(ffff800014928cc0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffea9d0, count: -11 ddb> show registers rdi 0 rsi 0xddda3b155c04d41e rbp 0xffff800014928530 rbx 0xddda3b155c04d41e rdx 0xffff800014928480 rcx 0x1000 __ALIGN_SIZE rax 0xfffffd80331bd000 r8 0x4 r9 0x5 r10 0x571c08e1b070a055 r11 0x4200ae0b24da3713 r12 0xfffffd80331bcc00 r13 0xddda3b155c04d41e r14 0xffffffff8253d850 mbpool r15 0xfffffd8035961398 rip 0xffffffff8211679e pool_do_put+0x12e cs 0x8 rflags 0x10216 __ALIGN_SIZE+0xf216 rsp 0xffff800014928480 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=165607 stat=onproc flags process=0 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff8770,0xffffffff825420b8 process=0xffff8000148b2d98 user=0xffff800014923000, vmspace=0xfffffd803f012330 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *21335 165607 73338 0 7 0 syz-executor.0 73338 76844 42799 0 3 0x82 nanosleep syz-executor.0 42799 220971 66991 0 3 0x82 thrsleep syz-execprog 42799 304318 66991 0 3 0x4000082 nanosleep syz-execprog 42799 506481 66991 0 3 0x4000082 thrsleep syz-execprog 42799 513536 66991 0 3 0x4000082 thrsleep syz-execprog 42799 368667 66991 0 3 0x4000082 kqread syz-execprog 42799 24734 66991 0 3 0x4000082 thrsleep syz-execprog 42799 466042 66991 0 3 0x4000082 thrsleep syz-execprog 66991 216653 53655 0 3 0x10008a pause ksh 53655 351435 30693 0 3 0x92 select sshd 95674 134738 1 0 3 0x100083 ttyin getty 30693 451049 1 0 3 0x80 select sshd 9834 199760 78800 73 3 0x100090 kqread syslogd 78800 380667 1 0 3 0x100082 netio syslogd 65222 12158 1 77 3 0x100090 poll dhclient 98389 218446 1 0 3 0x80 poll dhclient 90031 445842 0 0 2 0x14200 zerothread 38860 282554 0 0 3 0x14200 aiodoned aiodoned 80812 253758 0 0 3 0x14200 syncer update 80446 428827 0 0 3 0x14200 cleaner cleaner 72916 45788 0 0 3 0x14200 reaper reaper 66573 237345 0 0 3 0x14200 pgdaemon pagedaemon 69837 75266 0 0 3 0x14200 bored crynlk 60580 432336 0 0 3 0x14200 bored crypto 44375 86512 0 0 3 0x40014200 acpi0 acpi0 86974 144373 0 0 3 0x14200 bored softnet 39152 407358 0 0 3 0x14200 bored systqmp 66473 473756 0 0 3 0x14200 bored systq 73895 202891 0 0 3 0x40014200 bored softclock 55859 280372 0 0 3 0x40014200 idle0 77598 457905 0 0 3 0x14200 bored smr 1 42149 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9442 6320K 6320K 78643K 10539 0 pcb 13 8K 8K 78643K 13 0 rtable 83 2K 2K 78643K 155 0 ifaddr 33 9K 9K 78643K 33 0 counters 19 16K 16K 78643K 19 0 ioctlops 0 0K 2K 78643K 14 0 mount 1 1K 1K 78643K 1 0 vnodes 1180 74K 74K 78643K 1185 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 3 8K 12K 78643K 18 0 proc 47 38K 54K 78643K 318 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 22 1K 1K 78643K 22 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 18 79K 79K 78643K 18 0 exec 0 0K 1K 78643K 171 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 75 11K 12K 78643K 861 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 6 0K 0K 78643K 6 0 temp 27 3001K 3065K 78643K 3056 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 rtpcb 80 17 0 15 1 0 1 1 0 8 0 rtentry 112 34 0 1 1 0 1 1 0 8 0 unpcb 120 27 0 19 1 0 1 1 0 8 0 syncache 264 5 0 5 2 1 1 1 0 8 1 tcpcb 544 8 0 5 1 0 1 1 0 8 0 inpcb 280 27 0 20 1 0 1 1 0 8 0 nd6 48 2 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 168 0 0 11 0 11 11 0 8 0 art_table 32 169 0 0 2 0 2 2 0 8 0 art_node 16 33 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1415 0 19 46 0 46 46 0 8 0 ffsino 240 1415 0 19 83 0 83 83 0 8 0 nchpl 144 1640 0 35 60 0 60 60 0 8 0 uvmvnodes 72 1424 0 0 26 0 26 26 0 8 0 vnodes 208 1424 0 0 75 0 75 75 0 8 0 namei 1024 3862 0 3862 2 1 1 1 0 8 1 scxspl 192 4149 0 4149 8 1 7 7 0 8 7 plimitpl 152 14 0 8 1 0 1 1 0 8 0 sigapl 432 197 0 185 2 0 2 2 0 8 0 knotepl 112 39 0 28 1 0 1 1 0 8 0 kqueuepl 104 2 0 0 1 0 1 1 0 8 0 pipepl 128 134 0 121 2 1 1 1 0 8 0 fdescpl 424 198 0 185 2 0 2 2 0 8 0 filepl 120 997 0 943 2 0 2 2 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 112 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 47 0 40 1 0 1 1 0 8 0 zombiepl 144 185 0 185 2 1 1 1 0 8 1 processpl 864 212 0 185 4 0 4 4 0 8 0 procpl 632 218 0 185 3 0 3 3 0 8 0 sockpl 384 71 0 54 2 0 2 2 0 8 0 mcl4k 4096 10 0 10 2 1 1 1 0 8 1 mcl2k 2048 5478 0 5445 8 2 6 8 0 8 1 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 9472 0 9395 9 4 5 5 0 8 0 mbufpl: pool(0xffffffff8253d850:mbufpl): free list modified: page 0xfffffd80331bc000; item ordinal 1; addr 0xfffffd80331bcd00 (p 0xfffffd8035961000); offset 0x0=0x0 pool(mbufpl): free list modified: page 0xfffffd80331bc000; item ordinal 1; addr 0xfffffd80331bcd00 (p 0xfffffd8035961000); offset 0x0=0x0 mbufpl: pool(0xffffffff8253d850:mbufpl): page inconsistency: page 0xfffffd80331bc000; item ordinal 2; addr 0xddda3b155c04d41e bufpl 280 5846 0 1353 321 0 321 321 0 8 0 anonpl 16 20168 0 18683 16 3 13 13 0 62 6 amapchunkpl 152 684 0 624 5 0 5 5 0 158 2 amappl16 192 71 0 47 2 0 2 2 0 8 0 amappl15 184 50 0 46 1 0 1 1 0 8 0 amappl14 176 23 0 20 2 1 1 1 0 8 0 amappl13 168 8 0 6 1 0 1 1 0 8 0 amappl12 160 9 0 7 2 1 1 1 0 8 0 amappl11 152 43 0 32 1 0 1 1 0 8 0 amappl10 144 11 0 10 2 1 1 1 0 8 0 amappl9 136 397 0 392 1 0 1 1 0 8 0 amappl8 128 85 0 75 1 0 1 1 0 8 0 amappl7 120 84 0 75 1 0 1 1 0 8 0 amappl6 112 60 0 53 1 0 1 1 0 8 0 amappl5 104 133 0 123 1 0 1 1 0 8 0 amappl4 96 426 0 402 1 0 1 1 0 8 0 amappl3 88 123 0 116 1 0 1 1 0 8 0 amappl2 80 809 0 751 4 1 3 3 0 8 1 amappl1 72 13116 0 12709 27 10 17 20 0 8 8 amappl 80 419 0 393 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 198 0 185 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 198 0 185 1 0 1 1 0 8 0 vmmpekpl 168 6065 0 6051 1 0 1 1 0 8 0 vmmpepl 168 29333 0 28434 92 14 78 78 0 357 38 vmsppl 272 197 0 185 1 0 1 1 0 8 0 pdppl 4096 402 0 370 5 0 5 5 0 8 0 pvpl 32 102984 0 99211 118 5 113 113 0 265 81 pmappl 200 197 0 185 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 128 0 10 4 0 4 4 0 8 0 ddb>