kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Tue Dec 31 01:29:43 PST 2019 OpenBSD/amd64 (ci-openbsd-main-5.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.1.24' (ECDSA) to the list of known hosts. executing program login: uvm_fault(0xfffffd806bc09880, 0x440010051, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pfi_dynaddr_remove+0x4a: movq 0x58(%r15),%r12 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc09880, 0x440010051, 0, 1) -> e pfi_dynaddr_remove(ffff8000009f3008) at pfi_dynaddr_remove+0x4a end trace frame: 0xffff80001d3de200, count: 0 ddb> trace pfi_dynaddr_remove(ffff8000009f3008) at pfi_dynaddr_remove+0x4a pf_rm_rule(0,ffff8000009f2fd0) at pf_rm_rule+0x3ae pfioctl(4900,cd604404,ffff8000006be000,c2,ffff8000ffff4010) at pfioctl+0x3082 VOP_IOCTL(fffffd80644150d0,cd604404,ffff8000006be000,c2,fffffd806c3bed20,ffff8000ffff4010) at VOP_IOCTL+0x88 vn_ioctl(fffffd805dfa7440,cd604404,ffff8000006be000,ffff8000ffff4010) at vn_ioctl+0xb7 sys_ioctl(ffff8000ffff4010,ffff80001d3de648,ffff80001d3de690) at sys_ioctl+0x5b9 syscall(ffff80001d3de710) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc7eb1c5fea0, count: -8 ddb> show registers rdi 0x2 rsi 0x2 rbp 0xffff80001d3de1a0 rbx 0x2 rdx 0x4 rcx 0x1 rax 0x10 r8 0xf8 r9 0x5 r10 0x51b03886c3577b7f r11 0xf80ef84dcf3c9ed0 r12 0xffff8000009f3008 r13 0x10 r14 0xffff8000009f3008 r15 0x44000fff9 rip 0xffffffff819b386a pfi_dynaddr_remove+0x4a cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff80001d3de170 ss 0x10 pfi_dynaddr_remove+0x4a: movq 0x58(%r15),%r12 ddb> show proc PROC (syz-executor2422) pid=433763 stat=onproc flags process=2 proc=4000000 pri=52, usrpri=52, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff5b38,0xffffffff8256d538 process=0xffff80001d39aa50 user=0xffff80001d3d9000, vmspace=0xfffffd806bc09880 estcpu=2, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 69112 240130 40878 0 2 0x2 syz-executor2422 69112 181471 40878 0 3 0x4000082 lockf syz-executor2422 *69112 433763 40878 0 7 0x4000002 syz-executor2422 40878 453568 46398 0 3 0x10008a pause ksh 46398 449527 6465 0 3 0x92 select sshd 44672 128101 1 0 3 0x100083 ttyin getty 6465 426938 1 0 3 0x80 select sshd 37160 58174 25987 73 3 0x100090 kqread syslogd 25987 56230 1 0 3 0x100082 netio syslogd 59558 25458 1 77 3 0x100090 poll dhclient 74278 45751 1 0 3 0x80 poll dhclient 33845 281488 0 0 2 0x14200 zerothread 82931 408893 0 0 3 0x14200 aiodoned aiodoned 50738 222890 0 0 3 0x14200 syncer update 31777 300726 0 0 3 0x14200 cleaner cleaner 4453 337877 0 0 3 0x14200 reaper reaper 30583 461001 0 0 3 0x14200 pgdaemon pagedaemon 18763 203006 0 0 3 0x14200 bored crynlk 87407 446502 0 0 3 0x14200 bored crypto 26439 115400 0 0 3 0x40014200 acpi0 acpi0 99917 374148 0 0 3 0x14200 bored softnet 5652 346876 0 0 3 0x14200 bored systqmp 66278 398081 0 0 3 0x14200 bored systq 42552 108190 0 0 3 0x40014200 bored softclock 93377 106265 0 0 3 0x40014200 idle0 99721 329354 0 0 3 0x14200 bored smr 1 106596 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9438 6319K 6320K 78643K 10535 0 pcb 13 8K 8K 78643K 13 0 rtable 64 2K 2K 78643K 120 0 ifaddr 28 8K 8K 78643K 28 0 counters 19 16K 16K 78643K 19 0 ioctlops 1 4K 4K 78643K 15 0 mount 1 1K 1K 78643K 1 0 vnodes 1180 74K 74K 78643K 1185 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 1 0K 0K 78643K 1 0 proc 47 38K 46K 78643K 278 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 1K 78643K 151 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 63 3K 3K 78643K 710 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 3 0K 0K 78643K 3 0 temp 20 3003K 3067K 78643K 1711 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 2 0 0 1 0 1 1 0 8 0 rtpcb 80 15 0 13 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 120 27 0 19 1 0 1 1 0 8 0 syncache 264 5 0 5 2 1 1 1 0 8 1 tcpcb 544 8 0 5 1 0 1 1 0 8 0 inpcb 280 22 0 16 1 0 1 1 0 8 0 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pfrule 1360 2 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1392 0 15 45 0 45 45 0 8 0 ffsino 240 1392 0 15 81 0 81 81 0 8 0 nchpl 144 1567 0 31 57 0 57 57 0 8 0 uvmvnodes 72 1401 0 0 26 0 26 26 0 8 0 vnodes 208 1401 0 0 74 0 74 74 0 8 0 namei 1024 3482 0 3482 2 1 1 1 0 8 1 scxspl 192 2439 0 2439 1 0 1 1 0 8 1 plimitpl 152 13 0 8 1 0 1 1 0 8 0 sigapl 432 176 0 166 2 0 2 2 0 8 0 futexpl 56 8 0 8 1 0 1 1 0 8 1 knotepl 112 5 0 0 1 0 1 1 0 8 0 kqueuepl 104 3 0 0 1 0 1 1 0 8 0 pipepl 112 114 0 107 2 1 1 1 0 8 0 fdescpl 424 177 0 166 2 0 2 2 0 8 0 filepl 120 863 0 816 2 0 2 2 0 8 0 lockfpl 104 7 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 112 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 96 47 0 40 1 0 1 1 0 8 0 zombiepl 144 166 0 166 2 1 1 1 0 8 1 processpl 872 191 0 166 4 0 4 4 0 8 0 procpl 632 193 0 166 3 0 3 3 0 8 0 sockpl 384 64 0 48 2 0 2 2 0 8 0 mcl4k 4096 10 0 10 2 1 1 1 0 8 1 mcl2k 2048 5916 0 5887 8 2 6 7 0 8 2 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 10115 0 10077 5 1 4 5 0 8 0 bufpl 280 2108 0 258 133 0 133 133 0 8 0 anonpl 16 17400 0 16216 7 2 5 7 0 107 0 amapchunkpl 152 470 0 430 2 0 2 2 0 158 0 amappl16 192 29 0 27 1 0 1 1 0 8 0 amappl15 184 42 0 38 1 0 1 1 0 8 0 amappl14 176 13 0 12 2 1 1 1 0 8 0 amappl12 160 4 0 4 1 1 0 1 0 8 0 amappl11 152 41 0 30 1 0 1 1 0 8 0 amappl10 144 1 0 1 1 1 0 1 0 8 0 amappl9 136 370 0 369 1 0 1 1 0 8 0 amappl8 128 66 0 61 1 0 1 1 0 8 0 amappl7 120 63 0 55 1 0 1 1 0 8 0 amappl6 112 44 0 42 1 0 1 1 0 8 0 amappl5 104 162 0 152 1 0 1 1 0 8 0 amappl4 96 394 0 373 1 0 1 1 0 8 0 amappl3 88 111 0 102 1 0 1 1 0 8 0 amappl2 80 738 0 678 3 1 2 2 0 8 0 amappl1 72 12252 0 11840 16 6 10 16 0 8 0 amappl 80 355 0 334 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 177 0 166 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 177 0 166 1 0 1 1 0 8 0 vmmpekpl 168 5233 0 5219 1 0 1 1 0 8 0 vmmpepl 168 26122 0 25294 50 12 38 48 0 357 2 vmsppl 272 176 0 166 1 0 1 1 0 8 0 pdppl 4096 360 0 332 5 0 5 5 0 8 0 pvpl 32 70899 0 68066 32 5 27 27 0 265 4 pmappl 200 176 0 166 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 119 0 7 4 0 4 4 0 8 0