kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Tue Mar 15 17:55:24 PDT 2022 OpenBSD/amd64 (ci-openbsd-main-1.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.249' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: kernel: protection fault trap, code=0 Stopped at ktrops+0x4a: movq 0x8(%rbx),%r14 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace ktrops(ffff8000216177a0,deadbeefdeadbeef,0,80000520,fffffd806c922870,fffffd807f7d88a0) at ktrops+0x4a doktrace(fffffd806c922870,4,520,0,ffff8000216177a0) at doktrace+0x514 sys_ktrace(ffff8000216177a0,ffff8000216774c8,ffff800021677520) at sys_ktrace+0xd2 syscall(ffff800021677590) at syscall+0x44e Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe5bd0, count: -5 ddb> show registers rdi 0xffff8000216177a0 rsi 0xdeadbeefdeadbeef rbp 0xffff8000216772b0 rbx 0xdeadbeefdeadbeef rdx 0 rcx 0x80000520 __kernel_virt_to_phys+0x520 rax 0x1 r8 0xfffffd806c922870 r9 0xfffffd807f7d88a0 r10 0x97280598b05a6600 r11 0xe6780a871388ac50 r12 0xdeadbeefdeadbeef r13 0xfffffd807f7d88a0 r14 0xffff8000216177a0 r15 0x80000520 __kernel_virt_to_phys+0x520 rip 0xffffffff8210f77a ktrops+0x4a cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021677230 ss 0x10 ktrops+0x4a: movq 0x8(%rbx),%r14 ddb> show proc PROC (syz-executor298012775) pid=160697 stat=onproc flags process=0 proc=0 pri=17, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff8d28,0xffff800021616010 process=0xffff8000215eafc8 user=0xffff800021672000, vmspace=0xfffffd806e300340 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 28622 449645 2257 0 2 0 syz-executor298012775 78833 114491 47394 0 2 0 syz-executor298012775 *72660 160697 37218 0 7 0 syz-executor298012775 11904 397218 964 0 2 0 syz-executor298012775 2257 334481 964 0 3 0x80 nanoslp syz-executor298012775 77727 90673 964 0 2 0 syz-executor298012775 83073 123832 964 0 2 0 syz-executor298012775 47394 91493 964 0 3 0x80 nanoslp syz-executor298012775 37218 3831 964 0 3 0x80 nanoslp syz-executor298012775 20897 198322 964 0 2 0 syz-executor298012775 85553 204509 964 0 2 0 syz-executor298012775 964 12758 10330 0 3 0x82 nanoslp syz-executor298012775 10330 397603 98143 0 3 0x10008a sigsusp ksh 98143 350090 56860 0 3 0x9a kqread sshd 75963 44906 1 0 3 0x100083 ttyin getty 56860 85982 1 0 3 0x88 kqread sshd 85845 224749 63435 73 3 0x1100090 kqread syslogd 63435 479499 1 0 3 0x100082 netio syslogd 36827 465261 1 0 3 0x100080 kqread resolvd 78779 86202 5323 77 3 0x100092 kqread dhcpleased 3230 203336 5323 77 3 0x100092 kqread dhcpleased 5323 293817 1 0 3 0x80 kqread dhcpleased 59797 454446 0 0 3 0x14200 bored smr 18021 124341 0 0 3 0x14200 pgzero zerothread 63499 287394 0 0 3 0x14200 aiodoned aiodoned 68026 381338 0 0 3 0x14200 syncer update 68513 164284 0 0 3 0x14200 cleaner cleaner 71841 56489 0 0 3 0x14200 reaper reaper 72994 164627 0 0 3 0x14200 pgdaemon pagedaemon 96080 14803 0 0 3 0x14200 bored viomb 75910 338459 0 0 3 0x40014200 acpi0 acpi0 21468 413243 0 0 3 0x14200 bored softnet 99271 446626 0 0 3 0x14200 bored systqmp 12721 61954 0 0 3 0x14200 bored systq 97816 36750 0 0 3 0x40014200 bored softclock 98560 399289 0 0 3 0x40014200 idle0 1 511892 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10131 6381K 6412K 78643K 11221 0 pcb 13 8K 8K 78643K 13 0 rtable 62 2K 2K 78643K 108 0 ifaddr 24 7K 7K 78643K 24 0 counters 19 16K 16K 78643K 19 0 ioctlops 0 0K 2K 78643K 25 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1166 73K 73K 78643K 1179 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 55 54K 55K 78643K 226 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 391 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 115 5K 5K 78643K 1929 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 3 0K 0K 78643K 3 0 temp 19 4686K 4750K 78643K 2888 0 kqueue 11 16K 18K 78643K 24 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 17 0 14 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 136 33 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 88 2 0 0 1 0 1 1 0 8 0 inpcb 304 25 0 19 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1476 0 77 88 0 88 88 0 8 0 ffsino 240 1479 0 77 83 0 83 83 0 8 0 nchpl 144 1706 0 141 59 0 59 59 0 8 0 uvmvnodes 80 1488 0 0 31 0 31 31 0 8 0 vnodes 224 1488 0 0 88 0 88 88 0 8 0 namei 1024 4404 0 4399 3 1 2 2 0 8 1 scxspl 216 4140 0 4140 18 17 1 8 0 8 1 plimitpl 152 15 0 9 1 0 1 1 0 8 0 sigapl 424 326 0 289 5 0 5 5 0 8 0 knotepl 120 5491 0 5461 3 1 2 2 0 8 1 kqueuepl 184 20 0 13 1 0 1 1 0 8 0 pipepl 304 79 0 76 2 1 1 1 0 8 0 fdescpl 432 313 0 289 4 0 4 4 0 8 1 filepl 120 1086 0 1027 2 0 2 2 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 96 64 0 54 1 0 1 1 0 8 0 zombiepl 144 289 0 289 2 1 1 1 0 8 1 processpl 1000 326 0 289 6 0 6 6 0 8 0 procpl 672 326 0 289 4 0 4 4 0 8 0 sockpl 448 75 0 53 3 0 3 3 0 8 0 mcl8k 8192 9 0 9 2 1 1 1 0 8 1 mcl4k 4096 5 0 5 2 1 1 1 0 8 1 mcl2k 2048 5676 0 5638 9 2 7 8 0 8 1 mtagpl 96 3 0 3 1 1 0 1 0 8 0 mbufpl 256 10385 0 10308 8 1 7 8 0 8 1 bufpl 288 1998 0 86 137 0 137 137 0 8 0 anonpl 24 40277 0 37356 21 3 18 18 0 188 0 amapchunkpl 152 3788 0 3586 9 1 8 8 0 158 0 amappl16 200 62 0 51 2 1 1 1 0 8 0 amappl15 192 59 0 56 1 0 1 1 0 8 0 amappl13 176 32 0 31 2 1 1 1 0 8 0 amappl12 168 9 0 9 2 1 1 1 0 8 1 amappl11 160 38 0 28 1 0 1 1 0 8 0 amappl10 152 1 0 1 1 1 0 1 0 8 0 amappl9 144 427 0 424 1 0 1 1 0 8 0 amappl8 136 340 0 337 1 0 1 1 0 8 0 amappl7 128 61 0 58 1 0 1 1 0 8 0 amappl6 120 107 0 93 1 0 1 1 0 8 0 amappl5 112 228 0 211 1 0 1 1 0 8 0 amappl4 104 576 0 557 1 0 1 1 0 8 0 amappl3 96 128 0 119 1 0 1 1 0 8 0 amappl2 88 337 0 301 1 0 1 1 0 8 0 amappl1 80 8262 0 7862 12 3 9 9 0 8 0 amappl 88 1669 0 1577 3 0 3 3 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 313 0 289 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 313 0 289 1 0 1 1 0 8 0 vmmpekpl 168 5918 0 5902 1 0 1 1 0 8 0 vmmpepl 168 25463 0 24389 53 3 50 50 0 357 3 vmsppl 272 312 0 289 3 1 2 2 0 8 0 rwobjpl 24 9132 0 7083 13 0 13 13 0 8 0 pdppl 4096 632 0 578 78 18 60 60 0 8 6 pvpl 32 127409 0 122437 48 7 41 41 0 265 0 pmappl 216 312 0 289 2 0 2 2 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 430 0 27 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ktrops(ffff8000216177a0,deadbeefdeadbeef,0,80000520,fffffd806c922870,fffffd807f7d88a0) at ktrops+0x4a doktrace(fffffd806c922870,4,520,0,ffff8000216177a0) at doktrace+0x514 sys_ktrace(ffff8000216177a0,ffff8000216774c8,ffff800021677520) at sys_ktrace+0xd2 syscall(ffff800021677590) at syscall+0x44e Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe5bd0, count: -5 ddb> machine ddbcpu 1 No such command ddb> trace ktrops(ffff8000216177a0,deadbeefdeadbeef,0,80000520,fffffd806c922870,fffffd807f7d88a0) at ktrops+0x4a doktrace(fffffd806c922870,4,520,0,ffff8000216177a0) at doktrace+0x514 sys_ktrace(ffff8000216177a0,ffff8000216774c8,ffff800021677520) at sys_ktrace+0xd2 syscall(ffff800021677590) at syscall+0x44e Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe5bd0, count: -5