kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Mon Jan 24 01:55:58 PST 2022 OpenBSD/amd64 (ci-openbsd-main-9.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.1.69' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: kernel: protection fault trap, code=0 Stopped at ktrops+0x4a: movq 0x8(%rbx),%r14 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace ktrops(ffff8000215ee2a0,dead4110dead4110,0,80000520,fffffd806ca8be98,fffffd807f7d8c00) at ktrops+0x4a doktrace(fffffd806ca8be98,4,520,0,ffff8000215ee2a0) at doktrace+0x514 sys_ktrace(ffff8000215ee2a0,ffff800021693bc8,ffff800021693c20) at sys_ktrace+0xd2 syscall(ffff800021693c90) at syscall+0x44e Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc4bc0, count: -5 ddb> show registers rdi 0xffff8000215ee2a0 rsi 0xdead4110dead4110 rbp 0xffff8000216939b0 rbx 0xdead4110dead4110 rdx 0 rcx 0x80000520 __kernel_virt_to_phys+0x520 rax 0x1 r8 0xfffffd806ca8be98 r9 0xfffffd807f7d8c00 r10 0xd6fe2b594c38cae3 r11 0x6d033311e36a6667 r12 0xdead4110dead4110 r13 0xfffffd807f7d8c00 r14 0xffff8000215ee2a0 r15 0x80000520 __kernel_virt_to_phys+0x520 rip 0xffffffff812cd8da ktrops+0x4a cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021693930 ss 0x10 ktrops+0x4a: movq 0x8(%rbx),%r14 ddb> show proc PROC (syz-executor4017) pid=40550 stat=onproc flags process=0 proc=0 pri=17, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff8a88,0xffff8000215ef270 process=0xffff80002161e020 user=0xffff80002168e000, vmspace=0xfffffd806e2e6010 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *68865 40550 4665 0 7 0 syz-executor4017 1239 79218 83154 0 2 0 syz-executor4017 74331 165609 83154 0 3 0x80 nanoslp syz-executor4017 16739 28169 83154 0 2 0 syz-executor4017 4665 495728 83154 0 3 0x80 nanoslp syz-executor4017 79007 89453 83154 0 2 0 syz-executor4017 10977 80891 83154 0 3 0x80 nanoslp syz-executor4017 69708 63746 83154 0 2 0 syz-executor4017 34931 189850 83154 0 2 0 syz-executor4017 83154 147696 60724 0 3 0x82 nanoslp syz-executor4017 60724 447294 10205 0 3 0x10008a sigsusp ksh 10205 372132 66899 0 3 0x9a poll sshd 80386 358772 1 0 3 0x100083 ttyin getty 66899 278867 1 0 3 0x88 poll sshd 80897 368943 72550 73 3 0x100090 kqread syslogd 72550 172331 1 0 3 0x100082 netio syslogd 77236 318531 1 0 3 0x100080 kqread resolvd 81383 301245 95095 77 3 0x100092 kqread dhcpleased 47727 507022 95095 77 3 0x100092 kqread dhcpleased 95095 271645 1 0 3 0x80 kqread dhcpleased 98414 223185 0 0 3 0x14200 bored smr 9603 133595 0 0 3 0x14200 pgzero zerothread 27698 497686 0 0 3 0x14200 aiodoned aiodoned 47609 293922 0 0 3 0x14200 syncer update 18689 20405 0 0 3 0x14200 cleaner cleaner 73696 200365 0 0 3 0x14200 reaper reaper 24162 412422 0 0 3 0x14200 pgdaemon pagedaemon 9432 39398 0 0 3 0x14200 bored viomb 22863 118299 0 0 3 0x40014200 acpi0 acpi0 97174 29374 0 0 3 0x14200 bored softnet 62123 161703 0 0 3 0x14200 bored systqmp 76098 84416 0 0 3 0x14200 bored systq 11953 222813 0 0 3 0x40014200 bored softclock 14067 11788 0 0 3 0x40014200 idle0 1 181165 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10126 6380K 6412K 78643K 11216 0 pcb 13 8K 8K 78643K 13 0 rtable 62 2K 2K 78643K 114 0 ifaddr 24 7K 7K 78643K 24 0 counters 19 16K 16K 78643K 19 0 ioctlops 0 0K 2K 78643K 25 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1166 73K 73K 78643K 1179 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 1 0K 0K 78643K 1 0 proc 55 54K 55K 78643K 226 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 406 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 113 5K 5K 78643K 2014 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 3 0K 0K 78643K 3 0 temp 19 4678K 4742K 78643K 3264 0 kqueue 9 12K 12K 78643K 9 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 20 0 17 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 136 33 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 88 2 0 0 1 0 1 1 0 8 0 inpcb 304 25 0 19 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1490 0 85 88 0 88 88 0 8 0 ffsino 240 1490 0 85 83 0 83 83 0 8 0 nchpl 144 1731 0 167 59 0 59 59 0 8 0 uvmvnodes 80 1499 0 0 31 0 31 31 0 8 0 vnodes 224 1499 0 0 89 0 89 89 0 8 0 namei 1024 4488 0 4487 3 1 2 2 0 8 1 scxspl 216 4192 0 4192 18 17 1 8 0 8 1 plimitpl 152 15 0 9 1 0 1 1 0 8 0 sigapl 424 341 0 305 5 0 5 5 0 8 0 knotepl 112 124 0 101 1 0 1 1 0 8 0 kqueuepl 184 5 0 0 1 0 1 1 0 8 0 pipepl 304 82 0 79 2 1 1 1 0 8 0 fdescpl 432 328 0 305 4 0 4 4 0 8 1 filepl 120 1091 0 1035 2 0 2 2 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 96 64 0 54 1 0 1 1 0 8 0 zombiepl 144 306 0 304 2 1 1 1 0 8 0 processpl 1000 341 0 304 6 0 6 6 0 8 1 procpl 672 341 0 304 4 0 4 4 0 8 0 sockpl 448 78 0 56 3 0 3 3 0 8 0 mcl8k 8192 9 0 9 2 1 1 1 0 8 1 mcl4k 4096 5 0 5 2 1 1 1 0 8 1 mcl2k 2048 5677 0 5649 8 2 6 6 0 8 2 mtagpl 96 4 0 4 1 1 0 1 0 8 0 mbufpl 256 10436 0 10369 6 0 6 6 0 8 0 bufpl 288 2009 0 86 138 0 138 138 0 8 0 anonpl 24 42081 0 39157 21 3 18 18 0 188 0 amapchunkpl 152 3983 0 3784 9 1 8 8 0 158 0 amappl16 200 68 0 58 2 1 1 1 0 8 0 amappl15 192 63 0 60 1 0 1 1 0 8 0 amappl14 184 1 0 0 1 0 1 1 0 8 0 amappl13 176 32 0 31 2 1 1 1 0 8 0 amappl12 168 12 0 12 2 1 1 1 0 8 1 amappl11 160 38 0 28 1 0 1 1 0 8 0 amappl9 144 430 0 428 1 0 1 1 0 8 0 amappl8 136 353 0 350 1 0 1 1 0 8 0 amappl7 128 62 0 58 1 0 1 1 0 8 0 amappl6 120 109 0 96 1 0 1 1 0 8 0 amappl5 112 218 0 201 1 0 1 1 0 8 0 amappl4 104 590 0 571 1 0 1 1 0 8 0 amappl3 96 139 0 129 1 0 1 1 0 8 0 amappl2 88 355 0 319 1 0 1 1 0 8 0 amappl1 80 8618 0 8214 11 2 9 9 0 8 0 amappl 88 1744 0 1654 3 0 3 3 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 328 0 305 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 328 0 305 1 0 1 1 0 8 0 vmmpekpl 168 6013 0 5998 1 0 1 1 0 8 0 vmmpepl 168 26760 0 25696 53 2 51 51 0 357 1 vmsppl 272 327 0 305 3 1 2 2 0 8 0 rwobjpl 24 9433 0 7369 13 0 13 13 0 8 0 pdppl 4096 662 0 610 86 26 60 60 0 8 8 pvpl 32 131278 0 126325 42 1 41 41 0 265 0 pmappl 216 327 0 305 2 0 2 2 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 437 0 34 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ktrops(ffff8000215ee2a0,dead4110dead4110,0,80000520,fffffd806ca8be98,fffffd807f7d8c00) at ktrops+0x4a doktrace(fffffd806ca8be98,4,520,0,ffff8000215ee2a0) at doktrace+0x514 sys_ktrace(ffff8000215ee2a0,ffff800021693bc8,ffff800021693c20) at sys_ktrace+0xd2 syscall(ffff800021693c90) at syscall+0x44e Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc4bc0, count: -5 ddb> machine ddbcpu 1 No such command ddb> trace ktrops(ffff8000215ee2a0,dead4110dead4110,0,80000520,fffffd806ca8be98,fffffd807f7d8c00) at ktrops+0x4a doktrace(fffffd806ca8be98,4,520,0,ffff8000215ee2a0) at doktrace+0x514 sys_ktrace(ffff8000215ee2a0,ffff800021693bc8,ffff800021693c20) at sys_ktrace+0xd2 syscall(ffff800021693c90) at syscall+0x44e Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc4bc0, count: -5