kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Sun Dec 30 02:19:49 PST 2018 OpenBSD/amd64 (ci-openbsd-multicore-9.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: pool_p_free: semupl free list modified: page 0xffffff006d4e6000; item addr 0xffffff006d4e6ee0; offset 0x0=0xdead4111 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND 362715 55485 0 0x2 0x480 0 syz-executor5779 * 73677 94006 0 0x14000 0x200 1 systqmp db_enter() at db_enter+0xa panic() at panic+0x147 pool_p_free(ffffffff81ed80f8,0) at pool_p_free+0x18e pool_gc_pages(ffffffff815c7770) at pool_gc_pages+0x1f5 taskq_thread(0) at taskq_thread+0xa2 end trace frame: 0x0, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic pool_p_free: semupl free list modified: page 0xffffff006d4e6000; item addr 0xffffff006d4e6ee0; offset 0x0=0xdead4111 ddb{1}> trace db_enter() at db_enter+0xa panic() at panic+0x147 pool_p_free(ffffffff81ed80f8,0) at pool_p_free+0x18e pool_gc_pages(ffffffff815c7770) at pool_gc_pages+0x1f5 taskq_thread(0) at taskq_thread+0xa2 end trace frame: 0x0, count: -5 ddb{1}> show registers rdi 0xffffffff81e208b8 kprintf_mutex rsi 0x5 rbp 0xffff80002104bbb0 rbx 0xffff80002104bc50 rdx 0x3fd rcx 0 rax 0x1 r8 0xffff80002104bb80 r9 0x8080808080808080 r10 0 r11 0xffffffff816da490 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff80002104bbc0 r14 0x100 r15 0xffffffff81c3b433 apollo_udma100_tim+0xe293 rip 0xffffffff8125fcba db_enter+0xa cs 0x8 rflags 0x202 rsp 0xffff80002104bbb0 ss 0x10 db_enter+0xa: popq %rbp ddb{1}> show proc PROC (systqmp) pid=73677 stat=onproc flags process=14000 proc=200 pri=32, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800021030bb8,0xffff800021030010 process=0xffff800021032978 user=0xffff800021046000, vmspace=0xffffffff81efbef0 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 55485 362715 53640 0 7 0x482 syz-executor5779 53640 3444 65332 0 3 0x10008a pause ksh 65332 518487 56204 0 3 0x92 select sshd 87935 104325 1 0 3 0x100083 ttyin getty 56204 406125 1 0 3 0x80 select sshd 91478 135306 25187 73 3 0x100090 kqread syslogd 25187 477137 1 0 3 0x100082 netio syslogd 78702 457850 1 77 3 0x100090 poll dhclient 67694 402241 1 0 3 0x80 poll dhclient 56049 126278 0 0 3 0x14200 pgzero zerothread 67622 327451 0 0 3 0x14200 aiodoned aiodoned 58186 172580 0 0 3 0x14200 syncer update 93712 246055 0 0 3 0x14200 cleaner cleaner 63610 66195 0 0 3 0x14200 reaper reaper 86908 489372 0 0 3 0x14200 pgdaemon pagedaemon 49789 263503 0 0 3 0x14200 bored crynlk 19364 132853 0 0 3 0x14200 bored crypto 56354 232881 0 0 3 0x40014200 acpi0 acpi0 92359 143245 0 0 3 0x40014200 idle1 32475 53911 0 0 3 0x14200 bored softnet *94006 73677 0 0 7 0x14200 systqmp 2203 378251 0 0 3 0x14200 bored systq 71596 437611 0 0 3 0x40014200 bored softclock 99976 350407 0 0 3 0x40014200 idle0 1 196263 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}>