kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Wed Mar 9 07:29:39 PST 2022 OpenBSD/amd64 (ci-openbsd-multicore-2.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: kernel: protection fault trap, code=0 Stopped at ktrops+0x4a: movq 0x8(%rbx),%r14 ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace ktrops(ffff800021196000,deadbeefdeadbeef,0,c0001000,fffffd806caf46a8,fffffd807f7d8600) at ktrops+0x4a doktrace(fffffd806caf46a8,4,40001000,0,ffff800021196000) at doktrace+0x514 sys_ktrace(ffff800021196000,ffff800021204808,ffff800021204860) at sys_ktrace+0xd2 syscall(ffff8000212048d0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff56c0, count: -5 ddb{0}> show registers rdi 0xffff800021196000 rsi 0xdeadbeefdeadbeef rbp 0xffff8000212045f0 rbx 0xdeadbeefdeadbeef rdx 0 rcx 0xc0001000 rax 0x1 r8 0xfffffd806caf46a8 r9 0xfffffd807f7d8600 r10 0x8a7bc4f015530f6 r11 0xda83fcb4dc5459fd r12 0xdeadbeefdeadbeef r13 0xfffffd807f7d8600 r14 0xffff800021196000 r15 0xc0001000 rip 0xffffffff824ffc2a ktrops+0x4a cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021204570 ss 0 ktrops+0x4a: movq 0x8(%rbx),%r14 ddb{0}> show proc PROC (syz-executor1627472090) pid=389767 stat=onproc flags process=0 proc=0 pri=17, usrpri=53, nice=20 forw=0xffffffffffffffff, list=0xffff800021197ce0,0xffff800021196fd0 process=0xffff8000ffffba38 user=0xffff8000211ff000, vmspace=0xfffffd806cc2aa20 estcpu=6, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 2779 248986 34669 0 2 0 syz-executor1627472090 *94647 389767 68957 0 7 0 syz-executor1627472090 69704 277297 67086 0 2 0 syz-executor1627472090 50995 4740 67086 0 2 0 syz-executor1627472090 41791 193090 67086 0 2 0 syz-executor1627472090 68957 417900 67086 0 3 0x80 nanoslp syz-executor1627472090 20949 34784 67086 0 7 0 syz-executor1627472090 16084 33251 67086 0 3 0x80 nanoslp syz-executor1627472090 4530 62504 67086 0 2 0 syz-executor1627472090 34669 197734 67086 0 3 0x80 nanoslp syz-executor1627472090 67086 422707 54394 0 3 0x82 nanoslp syz-executor1627472090 54394 339821 32279 0 3 0x10008a sigsusp ksh 32279 425962 57640 0 3 0x9a kqread sshd 4969 361367 1 0 3 0x100083 ttyin getty 57640 155599 1 0 3 0x88 kqread sshd 62341 338362 60485 74 3 0x1100092 bpf pflogd 60485 428917 1 0 3 0x80 netio pflogd 18962 106469 25244 73 3 0x1100090 kqread syslogd 25244 328671 1 0 3 0x100082 netio syslogd 31278 408836 1 0 3 0x100080 kqread resolvd 52577 91399 95020 77 3 0x100092 kqread dhcpleased 86422 218261 95020 77 3 0x100092 kqread dhcpleased 95020 510731 1 0 3 0x80 kqread dhcpleased 71369 24853 0 0 3 0x14200 bored smr 71385 280682 0 0 3 0x14200 pgzero zerothread 61463 394213 0 0 3 0x14200 aiodoned aiodoned 17458 340875 0 0 3 0x14200 syncer update 63309 227638 0 0 3 0x14200 cleaner cleaner 95937 37531 0 0 3 0x14200 reaper reaper 5330 141335 0 0 3 0x14200 pgdaemon pagedaemon 10512 423531 0 0 3 0x14200 bored viomb 68540 108207 0 0 3 0x40014200 acpi0 acpi0 12556 125190 0 0 3 0x40014200 idle1 64867 393842 0 0 3 0x14200 bored softnet 55193 492016 0 0 3 0x14200 bored systqmp 85552 263268 0 0 3 0x14200 bored systq 14059 414658 0 0 3 0x40014200 bored softclock 58465 262220 0 0 3 0x40014200 idle0 1 117011 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 94647 (syz-executor1627472090) thread 0xffff800021196000 (389767) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b83890) #0 witness_lock+0x44d #1 __mp_acquire_count+0x48 #2 mi_switch+0x3d3 #3 sleep_finish+0x198 #4 tsleep+0x12c #5 getblk+0x13c #6 bread+0x3a #7 ffs_update+0x14b #8 ufs_inactive+0x25f #9 VOP_INACTIVE+0xc4 #10 vrele+0xd2 #11 ktrsettrace+0xb3 #12 ktrops+0x1a4 #13 doktrace+0x514 #14 sys_ktrace+0xd2 #15 syscall+0x489 #16 Xsyscall+0x128 Process 50995 (syz-executor1627472090) thread 0xffff800021142d28 (4740) exclusive rrwlock inode r = 0 (0xfffffd806cc39c48) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vget+0x1d3 #6 ufs_ihashget+0x121 #7 ffs_vget+0x7c #8 ufs_lookup+0x13ba #9 VOP_LOOKUP+0x58 #10 vfs_lookup+0x6e5 #11 namei+0x36a #12 dounlinkat+0x99 #13 syscall+0x489 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806cc39098) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vget+0x1d3 #6 cache_lookup+0x2b4 #7 ufs_lookup+0x1ac #8 VOP_LOOKUP+0x58 #9 vfs_lookup+0x6e5 #10 namei+0x36a #11 dounlinkat+0x99 #12 syscall+0x489 #13 Xsyscall+0x128 Process 20949 (syz-executor1627472090) thread 0xffff8000211427e8 (34784) exclusive rrwlock inode r = 0 (0xfffffd806cc393c8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 ufs_ihashins+0x42 #5 ffs_vget+0x141 #6 ffs_inode_alloc+0x1be #7 ufs_mkdir+0xf4 #8 VOP_MKDIR+0xbf #9 domkdirat+0x121 #10 syscall+0x489 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d4165f8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vfs_lookup+0xd1 #6 namei+0x36a #7 domkdirat+0x75 #8 syscall+0x489 #9 Xsyscall+0x128 Process 4530 (syz-executor1627472090) thread 0xffff8000ffff62b0 (62504) exclusive rrwlock inode r = 0 (0xfffffd806cc391a8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 ufs_ihashins+0x42 #5 ffs_vget+0x141 #6 ffs_inode_alloc+0x1be #7 ufs_mkdir+0xf4 #8 VOP_MKDIR+0xbf #9 domkdirat+0x121 #10 syscall+0x489 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d4164e8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 #2 rrw_enter+0x8b #3 VOP_LOCK+0x87 #4 vn_lock+0x84 #5 vfs_lookup+0xd1 #6 namei+0x36a #7 domkdirat+0x75 #8 syscall+0x489 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10149 6454K 6455K 78643K 11239 0 pcb 13 8K 8K 78643K 13 0 rtable 62 2K 2K 78643K 118 0 ifaddr 29 8K 8K 78643K 32 0 counters 40 33K 33K 78643K 40 0 ioctlops 0 0K 4K 78643K 1479 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1167 73K 73K 78643K 1180 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 1 0K 0K 78643K 1 0 proc 67 87K 87K 78643K 282 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 447 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 122 5K 5K 78643K 2277 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 4 0K 0K 78643K 4 0 temp 24 4690K 4754K 78643K 3409 0 kqueue 11 16K 18K 78643K 24 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 20 0 17 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 136 35 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 1 1 1 0 8 1 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 304 32 0 26 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 9 0 7 2 1 1 1 0 8 0 pfstkey 112 9 0 7 2 1 1 1 0 8 0 pfstate 320 9 0 7 2 1 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1460 0 52 89 0 89 89 0 8 0 ffsino 272 1461 0 52 94 0 94 94 0 8 0 nchpl 144 1662 0 88 59 0 59 59 0 8 0 uvmvnodes 80 1471 0 0 31 0 31 31 0 8 0 vnodes 224 1471 0 0 87 0 87 87 0 8 0 namei 1024 4600 0 4598 3 1 2 2 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 scxspl 216 4225 0 4225 18 17 1 8 0 8 1 plimitpl 152 16 0 9 1 0 1 1 0 8 0 sigapl 424 351 0 311 5 0 5 5 0 8 0 knotepl 120 44 0 0 2 0 2 2 0 8 0 kqueuepl 216 20 0 13 1 0 1 1 0 8 0 pipepl 336 89 0 86 2 1 1 1 0 8 0 fdescpl 496 337 0 311 4 0 4 4 0 8 0 filepl 152 1187 0 1125 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 69 0 57 1 0 1 1 0 8 0 zombiepl 144 312 0 311 2 1 1 1 0 8 0 processpl 1064 351 0 311 3 0 3 3 0 8 0 procpl 672 351 0 311 4 0 4 4 0 8 0 sockpl 480 87 0 63 5 1 4 4 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 58 0 0 8 0 8 8 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 117 0 0 7 0 7 7 0 8 0 bufpl 288 2052 0 94 140 0 140 140 0 8 0 anonpl 24 43138 0 40032 22 3 19 19 0 186 0 amapchunkpl 152 4173 0 3959 10 1 9 9 0 158 0 amappl16 200 50 0 41 2 1 1 1 0 8 0 amappl15 192 70 0 67 1 0 1 1 0 8 0 amappl13 176 34 0 33 2 1 1 1 0 8 0 amappl12 168 14 0 14 2 1 1 1 0 8 1 amappl11 160 51 0 37 1 0 1 1 0 8 0 amappl10 152 2 0 0 1 0 1 1 0 8 0 amappl9 144 443 0 441 1 0 1 1 0 8 0 amappl8 136 382 0 379 1 0 1 1 0 8 0 amappl7 128 66 0 63 1 0 1 1 0 8 0 amappl6 120 118 0 105 1 0 1 1 0 8 0 amappl5 112 208 0 187 1 0 1 1 0 8 0 amappl4 104 656 0 636 1 0 1 1 0 8 0 amappl3 96 129 0 119 1 0 1 1 0 8 0 amappl2 88 388 0 350 1 0 1 1 0 8 0 amappl1 80 9013 0 8576 11 2 9 9 0 8 0 amappl 88 1980 0 1882 3 0 3 3 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 337 0 311 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 337 0 311 1 0 1 1 0 8 0 vmmpekpl 168 6371 0 6353 1 0 1 1 0 8 0 vmmpepl 168 27702 0 26552 54 4 50 50 0 357 0 vmsppl 368 336 0 311 3 0 3 3 0 8 0 rwobjpl 56 9773 0 7689 30 0 30 30 0 8 0 pdppl 4096 681 0 622 83 24 59 59 0 8 0 pvpl 32 139545 0 134316 50 7 43 43 0 265 0 pmappl 248 336 0 311 2 0 2 2 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 448 0 29 12 0 12 12 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace ktrops(ffff800021196000,deadbeefdeadbeef,0,c0001000,fffffd806caf46a8,fffffd807f7d8600) at ktrops+0x4a doktrace(fffffd806caf46a8,4,40001000,0,ffff800021196000) at doktrace+0x514 sys_ktrace(ffff800021196000,ffff800021204808,ffff800021204860) at sys_ktrace+0xd2 syscall(ffff8000212048d0) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff56c0, count: -5 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82b83688) at __mp_lock+0x122 __mp_acquire_count(ffffffff82b83688,1) at __mp_acquire_count+0x48 mi_switch() at mi_switch+0x3d3 sleep_finish(ffff8000211e57c0,1) at sleep_finish+0x198 tsleep(fffffd806f4c1260,11,ffffffff826435b0,0) at tsleep+0x12c getblk(fffffd807efc8380,ca920,4000,0,ffffffffffffffff) at getblk+0x13c bread(fffffd807efc8380,ca920,4000,ffff8000211e5a60) at bread+0x3a ffs_vget(ffff8000006d6c00,cb1d,ffff8000211e5cc8) at ffs_vget+0x204 ffs_inode_alloc(fffffd806d416560,41ed,fffffd807f7d8600,ffff8000211e5cc8) at ffs_inode_alloc+0x1be ufs_mkdir(ffff8000211e5d20) at ufs_mkdir+0xf4 VOP_MKDIR(fffffd806d41b3f8,ffff8000211e5e80,ffff8000211e5eb0,ffff8000211e5db0) at VOP_MKDIR+0xbf domkdirat(ffff8000211427e8,ffffff9c,7f7fffff56d0,1ff) at domkdirat+0x121 syscall(ffff8000211e6030) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff5730, count: -17