kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Sun Jun 23 00:16:22 PDT 2019 OpenBSD/amd64 (ci-openbsd-main-3.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts. executing program login: kernel: protection fault trap, code=0 Stopped at mrouter6_rtwalk_delete+0x2b: movl 0x5c(%r15),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace mrouter6_rtwalk_delete(e5a827bbe2b466e2,0,0) at mrouter6_rtwalk_delete+0x2b rtable_walk_helper(fffffd8036db2d50,ffff80001498a118) at rtable_walk_helper+0x58 art_table_walk(ffff800000075780,fffffd8036db11c0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x226 art_table_walk(ffff800000075780,fffffd8036db11a0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1180,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1100,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db10c0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1080,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1060,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1020,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1000,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1040,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db10a0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db10e0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1120,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1140,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1160,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db11e0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1200,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1240,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1260,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db12c0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1380,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db13c0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db13e0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1420,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1440,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db14a0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db14e0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1560,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db15a0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db15e0,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1600,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_table_walk(ffff800000075780,fffffd8036db1f60,ffffffff8117ba30,ffff80001498a118) at art_table_walk+0x2a6 art_walk(ffff800000075780,ffffffff8117ba30,ffff80001498a118) at art_walk+0xcf rtable_walk(0,18,0,ffffffff81eebe30,0) at rtable_walk+0xd4 ip6_mrouter_done(fffffd8036413788) at ip6_mrouter_done+0xb5 rip6_detach(fffffd8036413788) at rip6_detach+0x56 soclose(fffffd8036413788,0) at soclose+0xb2 soo_close(fffffd8036168008,ffff8000ffff5648) at soo_close+0x40 fdrop(fffffd8036168008,ffff8000ffff5648) at fdrop+0xc9 closef(fffffd8036168008,ffff8000ffff5648) at closef+0x118 fdfree(ffff8000ffff5648) at fdfree+0xf7 exit1(ffff8000ffff5648,0,1) at exit1+0x32f sys_exit(ffff8000ffff5648,ffff80001498a5b0,ffff80001498a620) at sys_exit+0x17 syscall(ffff80001498a680) at syscall+0x508 Xsyscall(6,1,a944903a000,1,7f7ffffe1048,0) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe0fc0, count: -47 ddb> show registers rdi 0xe5a827bbe2b466e2 rsi 0 rbp 0xffff800014988e50 rbx 0xffff800000075788 rdx 0 rcx 0x1 rax 0x204 r8 0 r9 0x5 r10 0x79522dc48797107d r11 0x2f75a4737faee356 r12 0 r13 0xfffffd8036db11c0 r14 0 r15 0xe5a827bbe2b466e2 rip 0xffffffff81eebe5b mrouter6_rtwalk_delete+0x2b cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800014988e10 ss 0x10 mrouter6_rtwalk_delete+0x2b: movl 0x5c(%r15),%r12d ddb> show proc PROC (syz-executor8714) pid=473591 stat=onproc flags process=a proc=2000 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff4778,0xffffffff8229ff30 process=0xffff800014952a38 user=0xffff800014985000, vmspace=0xfffffd803f014880 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 88150 145650 35644 0 3 0x10008a pause ksh 35644 455803 95873 0 2 0x12 sshd 23771 97727 1 0 3 0x100083 ttyin getty 95873 499698 1 0 3 0x80 select sshd 76311 350647 85433 73 3 0x100090 kqread syslogd 85433 267251 1 0 3 0x100082 netio syslogd 76314 472521 1 77 3 0x100090 poll dhclient 81149 172171 1 0 3 0x80 poll dhclient 49847 92350 0 0 2 0x14200 zerothread 42572 192787 0 0 3 0x14200 aiodoned aiodoned 22650 380701 0 0 3 0x14200 syncer update 95578 383512 0 0 3 0x14200 cleaner cleaner 30342 234629 0 0 3 0x14200 reaper reaper 89235 44855 0 0 3 0x14200 pgdaemon pagedaemon 53222 127326 0 0 3 0x14200 bored crynlk 25528 516742 0 0 3 0x14200 bored crypto 11177 97671 0 0 3 0x40014200 acpi0 acpi0 94476 18284 0 0 3 0x14200 bored softnet 19592 395409 0 0 2 0x14200 systqmp 24999 42156 0 0 3 0x14200 bored systq 70677 372555 0 0 3 0x40014200 bored softclock 32761 187806 0 0 3 0x40014200 idle0 93198 339682 0 0 3 0x14200 bored smr 1 199491 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9426 6306K 6307K 78643K 10519 0 0 pcb 24 9K 9K 78643K 56 0 0 rtable 62 1K 2K 78643K 118 0 0 ifaddr 21 7K 7K 78643K 21 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 13 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1180 74K 74K 78643K 1185 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 1 0K 0K 78643K 1 0 0 proc 40 30K 38K 78643K 257 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 11 0K 0K 78643K 11 0 0 ether_multi 1 0K 0K 78643K 1 0 0 mrt 1 0K 0K 78643K 2 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 18 79K 79K 78643K 18 0 0 exec 0 0K 1K 78643K 152 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 52 2K 3K 78643K 700 0 0 UVM aobj 2 2K 2K 78643K 2 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 3 0K 0K 78643K 3 0 0 temp 30 2699K 2763K 78643K 1715 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 2 0 0 1 0 1 1 0 8 0 inpcbpl 280 23 0 16 1 0 1 1 0 8 0 rtentry 112 24 0 2 1 0 1 1 0 8 0 syncache 264 5 0 5 2 1 1 1 0 8 1 tcpcb 544 8 0 5 1 0 1 1 0 8 0 rttmr 72 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 23 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1391 0 16 45 0 45 45 0 8 0 ffsino 240 1391 0 16 81 0 81 81 0 8 0 nchpl 144 1564 0 30 57 0 57 57 0 8 0 uvmvnodes 72 1400 0 0 26 0 26 26 0 8 0 vnodes 200 1400 0 0 74 0 74 74 0 8 0 namei 1024 3361 0 3361 2 1 1 1 0 8 1 scxspl 192 2371 0 2371 7 2 5 6 0 8 5 plimitpl 152 13 0 8 1 0 1 1 0 8 0 sigapl 432 176 0 166 2 0 2 2 0 8 0 knotepl 112 5 0 0 1 0 1 1 0 8 0 kqueuepl 104 1 0 0 1 0 1 1 0 8 0 pipepl 112 118 0 111 3 2 1 1 0 8 0 fdescpl 424 177 0 166 2 0 2 2 0 8 0 filepl 120 837 0 794 2 0 2 2 0 8 0 lockfpl 104 6 0 6 1 1 0 1 0 8 0 lockfspl 48 3 0 3 1 1 0 1 0 8 0 sessionpl 112 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 96 47 0 40 1 0 1 1 0 8 0 zombiepl 144 167 0 166 3 2 1 1 0 8 0 processpl 864 191 0 166 4 0 4 4 0 8 0 procpl 632 191 0 166 3 0 3 3 0 8 0 sockpl 384 65 0 48 2 0 2 2 0 8 0 mcl4k 4096 10 0 10 2 1 1 1 0 8 1 mcl2k 2048 5831 0 5798 9 3 6 8 0 8 1 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 9947 0 9896 6 2 4 5 0 8 0 bufpl 256 2056 0 262 113 0 113 113 0 8 0 anonpl 16 17676 0 16537 8 3 5 7 0 62 0 amapchunkpl 152 476 0 441 2 0 2 2 0 158 0 amappl16 192 81 0 74 1 0 1 1 0 8 0 amappl14 176 36 0 32 1 0 1 1 0 8 0 amappl12 160 3 0 3 1 1 0 1 0 8 0 amappl11 152 39 0 28 1 0 1 1 0 8 0 amappl10 144 46 0 46 3 2 1 1 0 8 1 amappl9 136 381 0 380 1 0 1 1 0 8 0 amappl8 128 83 0 79 1 0 1 1 0 8 0 amappl7 120 14 0 13 1 0 1 1 0 8 0 amappl6 112 42 0 37 1 0 1 1 0 8 0 amappl5 104 140 0 130 1 0 1 1 0 8 0 amappl4 96 403 0 381 1 0 1 1 0 8 0 amappl3 88 146 0 136 1 0 1 1 0 8 0 amappl2 80 713 0 663 4 2 2 2 0 8 0 amappl1 72 11970 0 11592 16 7 9 16 0 8 0 amappl 80 364 0 345 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 177 0 166 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 177 0 166 1 0 1 1 0 8 0 vmmpekpl 168 5326 0 5311 1 0 1 1 0 8 0 vmmpepl 168 25488 0 24748 52 16 36 48 0 357 2 vmsppl 272 176 0 166 1 0 1 1 0 8 0 pdppl 4096 360 0 332 5 0 5 5 0 8 0 pvpl 32 70965 0 68239 35 9 26 26 0 265 3 pmappl 200 176 0 166 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 232 0 9 7 0 7 7 0 8 0