kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu Oct 10 22:12:05 PDT 2019 OpenBSD/amd64 (ci-openbsd-multicore-3.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: uvm_fault(0xfffffd807f00ba10, 0x9b, 0, 1) -> e kernel: page fault trap, code=0 Stopped at bpfioctl+0xc7: movzbl 0x9b(%r14),%ebx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xfffffd807f00ba10, 0x9b, 0, 1) -> e bpfioctl(31700,80104267,ffff800020b299d0,1,ffff800020a5ec60) at bpfioctl+0xc7 end trace frame: 0xffff800020b298b0, count: 0 ddb{1}> trace bpfioctl(31700,80104267,ffff800020b299d0,1,ffff800020a5ec60) at bpfioctl+0xc7 VOP_IOCTL(fffffd807e84f768,80104267,ffff800020b299d0,1,fffffd807f7c69c0,ffff800020a5ec60) at VOP_IOCTL+0x88 vn_ioctl(fffffd806d965c88,80104267,ffff800020b299d0,ffff800020a5ec60) at vn_ioctl+0xb7 sys_ioctl(ffff800020a5ec60,ffff800020b29ae8,ffff800020b29b30) at sys_ioctl+0x5b9 syscall(ffff800020b29bb0) at syscall+0x4a4 Xsyscall(6,0,67a1b40c0c8,0,67a1b40c0a8,67a1b40c0a0) at Xsyscall+0x128 end of kernel end trace frame: 0x67c6c667c70, count: -6 ddb{1}> show registers rdi 0x100 rsi 0x300 rbp 0xffff800020b29800 rbx 0x300 rdx 0xffff800020b299d0 rcx 0x1 rax 0 r8 0xffff800020a5ec60 r9 0x5 r10 0x9d09e084c90c9eb r11 0x3a6dadfec3ac148 r12 0x80104267 __kernel_virt_to_phys+0x104267 r13 0xffff800020a5ec60 r14 0 r15 0xffff800020b299d0 rip 0xffffffff820fecf7 bpfioctl+0xc7 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800020b29790 ss 0x10 bpfioctl+0xc7: movzbl 0x9b(%r14),%ebx ddb{1}> show proc PROC (syz-executor2152) pid=489659 stat=onproc flags process=0 proc=4000000 pri=52, usrpri=52, nice=20 forw=0xffffffffffffffff, list=0xffff800020a5e280,0xffff800020ac13e0 process=0xffff800020addc00 user=0xffff800020b24000, vmspace=0xfffffd807f00ba10 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 89171 210521 67741 0 7 0 syz-executor2152 *89171 489659 67741 0 7 0x4000000 syz-executor2152 89171 133080 67741 0 3 0x4000000 tqbar syz-executor2152 67741 433914 63926 0 3 0x80 nanosleep syz-executor2152 53423 168063 63926 0 3 0x80 nanosleep syz-executor2152 63926 127059 44334 0 3 0x82 nanosleep syz-executor2152 44334 3052 79917 0 3 0x10008a pause ksh 79917 420261 97534 0 3 0x92 select sshd 15460 454608 1 0 3 0x100083 ttyin getty 97534 396000 1 0 3 0x80 select sshd 43026 42652 15792 74 3 0x100092 bpf pflogd 15792 148394 1 0 3 0x80 netio pflogd 41606 165094 60385 73 3 0x100090 kqread syslogd 60385 41420 1 0 3 0x100082 netio syslogd 22753 313517 1 77 3 0x100090 poll dhclient 29715 24990 1 0 3 0x80 poll dhclient 3002 473659 0 0 2 0x14200 zerothread 40840 505303 0 0 3 0x14200 aiodoned aiodoned 51439 19642 0 0 3 0x14200 syncer update 22841 434352 0 0 3 0x14200 cleaner cleaner 24718 164826 0 0 3 0x14200 reaper reaper 28926 429306 0 0 3 0x14200 pgdaemon pagedaemon 41200 161171 0 0 3 0x14200 bored crynlk 44760 459780 0 0 3 0x14200 bored crypto 83927 99745 0 0 3 0x40014200 acpi0 acpi0 40212 351269 0 0 3 0x40014200 idle1 58977 209078 0 0 3 0x14200 bored softnet 68482 378981 0 0 3 0x14200 bored systqmp 41066 213933 0 0 2 0x14200 systq 42570 424732 0 0 3 0x40014200 bored softclock 34106 302700 0 0 3 0x40014200 idle0 1269 117803 0 0 3 0x14200 pause smr 1 263125 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 89171 (syz-executor2152) thread 0xffff800020a5ec60 (489659) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82628c50) #0 witness_lock+0x52e #1 syscall+0x400 #2 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9481 6649K 7041K 78643K 11730 0 0 pcb 13 8K 8K 78643K 13 0 0 rtable 61 2K 2K 78643K 669 0 0 ifaddr 34 13K 15K 78643K 448 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1467 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1189 75K 75K 78643K 1518 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 1 0K 0K 78643K 1 0 0 proc 59 63K 71K 78643K 344 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 11 0K 0K 78643K 11 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 18 79K 79K 78643K 18 0 0 exec 0 0K 1K 78643K 179 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 69 19K 19K 78643K 1135 0 0 UVM aobj 2 2K 2K 78643K 2 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 6 0K 0K 78643K 141 0 0 temp 54 3544K 3608K 78643K 3242 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 2 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 15 0 13 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 120 141 0 129 1 0 1 1 0 8 0 syncache 264 5 0 5 2 1 1 1 0 8 1 tcpcb 544 8 0 5 1 0 1 1 0 8 0 inpcb 280 29 0 23 1 0 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 8 0 2 1 0 1 1 0 8 0 pfstkey 112 8 0 2 1 0 1 1 0 8 0 pfstate 328 8 0 2 1 0 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1401 0 17 45 0 45 45 0 8 0 ffsino 272 1401 0 17 93 0 93 93 0 8 0 nchpl 144 1588 0 44 58 0 58 58 0 8 0 uvmvnodes 72 1687 0 0 31 0 31 31 0 8 0 vnodes 208 1687 0 0 89 0 89 89 0 8 0 namei 1024 4313 0 4313 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 2662 0 2662 8 5 3 7 0 8 3 plimitpl 152 16 0 8 1 0 1 1 0 8 0 sigapl 432 276 0 261 2 0 2 2 0 8 0 futexpl 56 1016 0 1016 1 0 1 1 0 8 1 knotepl 112 5 0 0 1 0 1 1 0 8 0 kqueuepl 104 1 0 0 1 0 1 1 0 8 0 pipepl 112 134 0 127 3 2 1 1 0 8 0 fdescpl 488 277 0 261 3 0 3 3 0 8 0 filepl 152 1396 0 1343 3 0 3 3 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 112 20 0 9 1 0 1 1 0 8 0 pgrppl 48 20 0 9 1 0 1 1 0 8 0 ucredpl 96 52 0 43 1 0 1 1 0 8 0 zombiepl 144 261 0 260 3 2 1 1 0 8 0 processpl 896 292 0 260 4 0 4 4 0 8 0 procpl 632 478 0 444 4 0 4 4 0 8 1 sockpl 384 185 0 165 3 0 3 3 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 75 0 0 9 0 9 9 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 97 0 0 6 0 6 6 0 8 0 bufpl 256 2185 0 278 120 0 120 120 0 8 0 anonpl 16 23588 0 22295 9 3 6 7 0 124 0 amapchunkpl 152 970 0 926 3 0 3 3 0 158 0 amappl16 192 160 0 154 1 0 1 1 0 8 0 amappl14 176 15 0 14 3 2 1 1 0 8 0 amappl12 160 1 0 1 1 1 0 1 0 8 0 amappl11 152 46 0 31 1 0 1 1 0 8 0 amappl10 144 6 0 4 1 0 1 1 0 8 0 amappl9 136 448 0 444 1 0 1 1 0 8 0 amappl8 128 171 0 163 1 0 1 1 0 8 0 amappl7 120 19 0 17 1 0 1 1 0 8 0 amappl6 112 60 0 54 1 0 1 1 0 8 0 amappl5 104 130 0 117 1 0 1 1 0 8 0 amappl4 96 469 0 443 1 0 1 1 0 8 0 amappl3 88 102 0 96 1 0 1 1 0 8 0 amappl2 80 1394 0 1329 2 0 2 2 0 8 0 amappl1 72 16405 0 15968 15 5 10 15 0 8 0 amappl 80 670 0 642 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 277 0 261 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 277 0 261 1 0 1 1 0 8 0 vmmpekpl 168 6061 0 6036 2 0 2 2 0 8 0 vmmpepl 168 35339 0 34417 56 11 45 47 0 357 1 vmsppl 368 276 0 261 2 0 2 2 0 8 0 pdppl 4096 561 0 522 6 0 6 6 0 8 0 pvpl 32 88225 0 85115 36 8 28 28 0 265 2 pmappl 232 276 0 261 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 255 0 4 8 0 8 8 0 8 0 ddb{1}>