kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Wed Jan 29 04:44:01 PST 2020 OpenBSD/amd64 (ci-openbsd-setuid-6.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts. 2020/01/29 05:00:02 parsed 1 programs 2020/01/29 05:00:11 executed programs: 0 2020/01/29 05:00:16 executed programs: 232 2020/01/29 05:00:21 executed programs: 484 2020/01/29 05:00:26 executed programs: 731 2020/01/29 05:00:31 executed programs: 973 2020/01/29 05:00:36 executed programs: 1220 2020/01/29 05:00:41 executed programs: 1461 2020/01/29 05:00:46 executed programs: 1708 2020/01/29 05:00:51 executed programs: 1953 2020/01/29 05:00:56 executed programs: 2193 2020/01/29 05:01:01 executed programs: 2438 2020/01/29 05:01:06 executed programs: 2683 2020/01/29 05:01:11 executed programs: 2922 2020/01/29 05:01:16 executed programs: 3173 2020/01/29 05:01:21 executed programs: 3420 2020/01/29 05:01:26 executed programs: 3663 2020/01/29 05:01:31 executed programs: 3913 2020/01/29 05:01:36 executed programs: 4150 2020/01/29 05:01:41 executed programs: 4395 login: panic: knote_enqueue:1308: kq=0xfffffd806e9f1d68 kn=0xfffffd806ed5d700 knote !QUEUED Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 144273 44278 32767 0x10 0 1 syz-executor.0 *230704 44278 32767 0x10 0x4000000 0K syz-executor.0 db_enter() at db_enter+0x18 panic(ffffffff8220bc89) at panic+0x15c kqueue_do_check(fffffd806e9f1d68,ffffffff8224fc7f,51c) at kqueue_do_check+0x232 knote_enqueue(fffffd806ed5d700) at knote_enqueue+0x80 kqueue_register(fffffd806e9f1d68,ffff800020b7ae30,ffff800020aa9398) at kqueue_register+0x820 sys_kevent(ffff800020aa9398,ffff800020b7aff8,ffff800020b7b040) at sys_kevent+0x2b6 syscall(ffff800020b7b0c0) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5ef7e845010, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic knote_enqueue:1308: kq=0xfffffd806e9f1d68 kn=0xfffffd806ed5d700 knote !QUEUED ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff8220bc89) at panic+0x15c kqueue_do_check(fffffd806e9f1d68,ffffffff8224fc7f,51c) at kqueue_do_check+0x232 knote_enqueue(fffffd806ed5d700) at knote_enqueue+0x80 kqueue_register(fffffd806e9f1d68,ffff800020b7ae30,ffff800020aa9398) at kqueue_register+0x820 sys_kevent(ffff800020aa9398,ffff800020b7aff8,ffff800020b7b040) at sys_kevent+0x2b6 syscall(ffff800020b7b0c0) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5ef7e845010, count: -8 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020b7abf0 rbx 0xffff800020b7aca0 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff81e0d50f kprintf+0x16f r9 0x1 r10 0xf6abbc5e2a40ed17 r11 0xbf37856d966b26ec r12 0x3000000008 r13 0xffff800020b7ac00 r14 0x100 r15 0x1 rip 0xffffffff81e78428 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020b7abe0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=230704 stat=onproc flags process=10 proc=4000000 pri=72, usrpri=72, nice=20 forw=0xffffffffffffffff, list=0xffff800020aa9608,0xffffffff82645730 process=0xffff800020a90b50 user=0xffff800020b76000, vmspace=0xfffffd806ea18738 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 44278 144273 13997 32767 7 0x10 syz-executor.0 44278 343229 13997 32767 3 0x4000090 fsleep syz-executor.0 *44278 230704 13997 32767 7 0x4000010 syz-executor.0 13997 434422 13594 32767 3 0x90 nanosleep syz-executor.0 13594 295727 19715 0 3 0x82 wait syz-executor.0 19715 286207 2485 0 3 0x82 thrsleep syz-execprog 19715 135597 2485 0 3 0x4000082 nanosleep syz-execprog 19715 480908 2485 0 3 0x4000082 thrsleep syz-execprog 19715 152996 2485 0 3 0x4000082 thrsleep syz-execprog 19715 91196 2485 0 3 0x4000082 nanosleep syz-execprog 19715 196643 2485 0 3 0x4000082 kqread syz-execprog 19715 395878 2485 0 3 0x4000082 thrsleep syz-execprog 19715 271701 2485 0 3 0x4000082 thrsleep syz-execprog 19715 429612 2485 0 3 0x4000082 thrsleep syz-execprog 19715 226501 2485 0 3 0x4000082 thrsleep syz-execprog 2485 505635 6426 0 3 0x10008a pause ksh 6426 277217 82559 0 3 0x92 select sshd 79445 505306 1 0 3 0x100083 ttyin getty 82559 261757 1 0 3 0x80 select sshd 64041 386062 34258 73 3 0x100090 kqread syslogd 34258 205903 1 0 3 0x100082 netio syslogd 39897 110441 1 77 3 0x100090 poll dhclient 82493 464933 1 0 3 0x80 poll dhclient 73789 325326 0 0 3 0x14200 pgzero zerothread 93819 328090 0 0 3 0x14200 aiodoned aiodoned 85074 191074 0 0 3 0x14200 syncer update 69597 490108 0 0 3 0x14200 cleaner cleaner 38807 286034 0 0 3 0x14200 reaper reaper 30595 323059 0 0 3 0x14200 pgdaemon pagedaemon 40584 126900 0 0 3 0x14200 bored crynlk 74654 348268 0 0 3 0x14200 bored crypto 31078 399227 0 0 3 0x40014200 acpi0 acpi0 81508 169404 0 0 3 0x40014200 idle1 75733 492604 0 0 3 0x14200 bored softnet 17032 40487 0 0 3 0x14200 bored systqmp 23583 236743 0 0 3 0x14200 bored systq 8238 33311 0 0 3 0x40014200 bored softclock 3299 191235 0 0 3 0x40014200 idle0 76777 132856 0 0 3 0x14200 bored smr 1 116597 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 44278 (syz-executor.0) thread 0xffff800020aa9398 (230704) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8263ede8) #0 witness_lock+0x52e #1 syscall+0x400 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9458 6329K 6329K 78643K 10549 0 pcb 13 8K 8K 78643K 13 0 rtable 83 2K 2K 78643K 153 0 ifaddr 32 8K 8K 78643K 32 0 counters 41 33K 33K 78643K 41 0 ioctlops 0 0K 2K 78643K 14 0 mount 1 1K 1K 78643K 1 0 vnodes 1180 74K 74K 78643K 1185 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 196K 290K 78643K 12766 0 file desc 4 12K 16K 78643K 4459 0 proc 48 50K 70K 78643K 319 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 22 1K 1K 78643K 22 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 1K 78643K 171 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 81 12K 12K 78643K 14184 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 4 0K 0K 78643K 6 0 temp 23 3005K 3069K 78643K 10570 0 kqueue 5 5K 5K 78643K 8885 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 17 0 15 1 0 1 1 0 8 0 rtentry 112 34 0 1 1 0 1 1 0 8 0 unpcb 120 27 0 19 1 0 1 1 0 8 0 syncache 264 5 0 5 2 2 0 1 0 8 0 tcpcb 544 8 0 5 1 0 1 1 0 8 0 inpcb 280 26 0 20 1 0 1 1 0 8 0 nd6 48 2 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 168 0 0 11 0 11 11 0 8 0 art_table 32 169 0 0 2 0 2 2 0 8 0 art_node 16 33 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 5855 0 4459 46 0 46 46 0 8 0 ffsino 272 5855 0 4459 94 0 94 94 0 8 0 nchpl 144 10520 0 8916 60 0 60 60 0 8 0 uvmvnodes 72 5864 0 0 107 0 107 107 0 8 0 vnodes 208 5864 0 0 309 0 309 309 0 8 0 namei 1024 21624 0 21624 2 1 1 1 0 8 1 percpumem 16 31 0 0 1 0 1 1 0 8 0 scxspl 192 31291 0 31291 39 38 1 7 0 8 1 plimitpl 152 15 0 8 1 0 1 1 0 8 0 sigapl 432 4638 0 4625 2 0 2 2 0 8 0 futexpl 56 17005 0 17004 1 0 1 1 0 8 0 knotepl 112 8921 0 8908 1 0 1 1 0 8 0 kqueuepl 104 8884 0 8880 1 0 1 1 0 8 0 pipelkpl 48 67 0 60 2 1 1 1 0 8 0 pipepl 120 134 0 121 2 1 1 1 0 8 0 fdescpl 496 4639 0 4625 2 0 2 2 0 8 0 filepl 152 14319 0 14264 3 0 3 3 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 112 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 50 0 42 1 0 1 1 0 8 0 zombiepl 144 4625 0 4625 2 1 1 1 0 8 1 processpl 960 4654 0 4625 4 0 4 4 0 8 0 procpl 624 13539 0 13499 4 0 4 4 0 8 0 sockpl 400 70 0 54 2 0 2 2 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 77 0 0 10 0 10 10 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 123 0 0 7 0 7 7 0 8 0 bufpl 280 8164 0 1874 450 0 450 450 0 8 0 anonpl 16 265603 0 263198 18 7 11 13 0 125 0 amapchunkpl 152 22921 0 22829 5 1 4 5 0 158 0 amappl16 192 14126 0 14039 6 1 5 5 0 8 0 amappl15 184 51 0 47 1 0 1 1 0 8 0 amappl14 176 24 0 21 2 1 1 1 0 8 0 amappl13 168 4445 0 4441 2 1 1 1 0 8 0 amappl12 160 4 0 3 2 1 1 1 0 8 0 amappl11 152 43 0 32 1 0 1 1 0 8 0 amappl10 144 10 0 9 1 0 1 1 0 8 0 amappl9 136 404 0 399 1 0 1 1 0 8 0 amappl8 128 91 0 77 1 0 1 1 0 8 0 amappl7 120 87 0 76 1 0 1 1 0 8 0 amappl6 112 54 0 48 1 0 1 1 0 8 0 amappl5 104 133 0 123 1 0 1 1 0 8 0 amappl4 96 9314 0 9289 1 0 1 1 0 8 0 amappl3 88 122 0 115 1 0 1 1 0 8 0 amappl2 80 36378 0 36310 4 2 2 3 0 8 0 amappl1 72 130137 0 129690 25 15 10 20 0 8 0 amappl 80 13739 0 13707 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 4639 0 4625 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4639 0 4625 1 0 1 1 0 8 0 vmmpekpl 168 32593 0 32572 2 0 2 2 0 8 0 vmmpepl 168 438437 0 437357 92 45 47 78 0 357 0 vmsppl 368 4638 0 4625 2 0 2 2 0 8 0 pdppl 4096 9285 0 9250 5 0 5 5 0 8 0 pvpl 32 764122 0 759208 120 79 41 113 0 265 1 pmappl 232 4638 0 4625 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 145 0 3 5 0 5 5 0 8 0