kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Sat Feb 9 15:51:09 PST 2019 OpenBSD/amd64 (ci-openbsd-multicore-1.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.72' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: uvm_fault(0xfffffd806e9755a8, 0x9f, 0, 2) -> e kernel: page fault trap, code=0 Stopped at wsmux_do_ioctl+0x8c0: movq %rcx,0(%rax) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic kernel page fault uvm_fault(0xfffffd806e9755a8, 0x9f, 0, 2) -> e wsmux_do_ioctl(ffff800000026d00,80085762,ffff800020bd3460,82,ffff800020b24e18) at wsmux_do_ioctl+0x8c0 end trace frame: 0xffff800020bd3310, count: 0 ddb{0}> trace wsmux_do_ioctl(ffff800000026d00,80085762,ffff800020bd3460,82,ffff800020b24e18) at wsmux_do_ioctl+0x8c0 VOP_IOCTL(fffffd806dc80710,80085762,ffff800020bd3460,82,fffffd807f7c7d20,ffff800020b24e18) at VOP_IOCTL+0x9a vn_ioctl(fffffd806fcad8e8,80085762,ffff800020bd3460,ffff800020b24e18) at vn_ioctl+0xc9 sys_ioctl(ffff800020b24e18,ffff800020bd35a8,ffff800020bd3590) at sys_ioctl+0x646 syscall(ffff800020bd3640) at syscall+0x5ac Xsyscall(6,0,5e098d7e0c8,0,5e098d7e0a8,5e098d7e0a0) at Xsyscall+0x128 end of kernel end trace frame: 0x5e33b6894d0, count: -6 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff800020bd3260 rbx 0xffff800000026db8 rdx 0xffffffff81f7106c cy_pio_rec+0x1f720 rcx 0xffffffffffffffff rax 0x9f r8 0 r9 0 r10 0xffff800020bc6f30 r11 0xe63cd31056fa6a2f r12 0xffff80000064dc00 r13 0x1 r14 0xffffffff8215ac18 wsmouse_srcops r15 0 rip 0xffffffff810eb9b0 wsmux_do_ioctl+0x8c0 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff800020bd31e0 ss 0x10 wsmux_do_ioctl+0x8c0: movq %rcx,0(%rax) ddb{0}> show proc PROC (syz-executor1711) pid=494600 stat=onproc flags process=0 proc=4000000 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020b25070,0xffff800020b244c8 process=0xffff800020b7b710 user=0xffff800020bce000, vmspace=0xfffffd806e9755a8 estcpu=10, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 12206 119486 52040 0 2 0 syz-executor1711 *12206 494600 52040 0 7 0x4000000 syz-executor1711 92464 428390 27978 0 2 0 syz-executor1711 92464 57200 27978 0 7 0x4000000 syz-executor1711 92464 231975 27978 0 3 0x4000080 fsleep syz-executor1711 52040 305521 88034 0 3 0x80 nanosleep syz-executor1711 27978 301694 88034 0 3 0x80 nanosleep syz-executor1711 88034 4391 87220 0 3 0x82 nanosleep syz-executor1711 87220 264480 76864 0 3 0x10008a pause ksh 76864 126320 930 0 3 0x92 select sshd 35767 508318 1 0 3 0x100083 ttyin getty 930 188034 1 0 3 0x80 select sshd 44830 195838 45399 73 2 0x100090 syslogd 45399 369862 1 0 3 0x100082 netio syslogd 44930 174105 1 77 3 0x100090 poll dhclient 17281 46976 1 0 3 0x80 poll dhclient 60511 338714 0 0 2 0x14200 zerothread 29634 138532 0 0 3 0x14200 aiodoned aiodoned 24116 338829 0 0 3 0x14200 syncer update 57975 472386 0 0 3 0x14200 cleaner cleaner 26226 113940 0 0 3 0x14200 reaper reaper 82938 61333 0 0 3 0x14200 pgdaemon pagedaemon 38300 396304 0 0 3 0x14200 bored crynlk 85918 155232 0 0 3 0x14200 bored crypto 12586 5021 0 0 3 0x40014200 acpi0 acpi0 34501 96372 0 0 3 0x40014200 idle1 41178 297444 0 0 3 0x14200 bored softnet 23596 299014 0 0 3 0x14200 bored systqmp 81782 317157 0 0 3 0x14200 bored systq 33495 379035 0 0 3 0x40014200 bored softclock 65022 81193 0 0 3 0x40014200 idle0 1 48844 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 12206 (syz-executor1711) thread 0xffff800020b24e18 (494600) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82348720) locked @ /syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161 #0 witness_lock+0x58a #1 ___mp_acquire_count+0x67 #2 mi_switch+0x3b0 #3 sleep_finish+0x110 #4 sleep_finish_all+0x34 #5 tsleep+0x1bc #6 pckbc_enqueue_cmd+0x29d #7 pms_change_state+0x1d3 #8 pms_disable+0x39 #9 wsmouse_mux_close+0x3f #10 wsmux_do_ioctl+0x853 #11 VOP_IOCTL+0x9a #12 vn_ioctl+0xc9 #13 sys_ioctl+0x646 #14 syscall+0x5ac #15 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9443 6323K 6323K 78643K 10642 0 0 pcb 23 9K 9K 78643K 55 0 0 rtable 61 2K 2K 78643K 115 0 0 ifaddr 21 7K 7K 78643K 21 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 13 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1166 73K 73K 78643K 1172 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 1 0K 0K 78643K 1 0 0 proc 40 38K 46K 78643K 207 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 11 0K 0K 78643K 11 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 18 79K 79K 78643K 18 0 0 exec 0 0K 1K 78643K 149 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 56 3K 3K 78643K 1149 0 0 UVM aobj 2 2K 2K 78643K 2 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 3 0K 0K 78643K 3 0 0 temp 30 2347K 2411K 78643K 1688 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 2 0 0 1 0 1 1 0 8 0 inpcbpl 280 22 0 16 1 0 1 1 0 8 0 plimitpl 152 13 0 8 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 syncache 264 5 0 5 2 1 1 1 0 8 1 tcpcb 544 8 0 5 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1383 0 18 45 0 45 45 0 8 0 ffsino 272 1383 0 18 92 0 92 92 0 8 0 nchpl 144 1555 0 30 57 0 57 57 0 8 0 uvmvnodes 72 1392 0 0 26 0 26 26 0 8 0 vnodes 200 1392 0 0 74 0 74 74 0 8 0 namei 1024 3993 0 3993 3 2 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 2366 0 2366 11 10 1 6 0 8 1 sigapl 432 298 0 284 2 0 2 2 0 8 0 futexpl 56 490 0 489 1 0 1 1 0 8 0 knotepl 112 5 0 0 1 0 1 1 0 8 0 kqueuepl 104 1 0 0 1 0 1 1 0 8 0 pipepl 112 114 0 107 3 2 1 1 0 8 0 fdescpl 488 299 0 284 2 0 2 2 0 8 0 filepl 152 1297 0 1251 2 0 2 2 0 8 0 lockfpl 104 493 0 490 2 1 1 1 0 8 0 lockfspl 32 116 0 115 2 1 1 1 0 8 0 sessionpl 112 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 96 47 0 40 1 0 1 1 0 8 0 zombiepl 144 284 0 284 3 2 1 1 0 8 1 processpl 840 313 0 284 4 0 4 4 0 8 0 procpl 600 558 0 526 3 0 3 3 0 8 0 sockpl 384 64 0 48 2 0 2 2 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 64 0 0 8 0 8 8 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 89 0 0 5 0 5 5 0 8 0 bufpl 256 2010 0 254 110 0 110 110 0 8 0 anonpl 16 22962 0 21783 7 2 5 6 0 125 0 amapchunkpl 152 1120 0 1075 2 0 2 2 0 158 0 amappl16 192 197 0 191 1 0 1 1 0 8 0 amappl15 184 1 0 1 1 1 0 1 0 8 0 amappl14 176 1 0 1 1 1 0 1 0 8 0 amappl13 168 16 0 13 1 0 1 1 0 8 0 amappl12 160 7 0 7 2 2 0 1 0 8 0 amappl11 152 172 0 163 1 0 1 1 0 8 0 amappl10 144 43 0 43 3 2 1 1 0 8 1 amappl9 136 200 0 198 1 0 1 1 0 8 0 amappl8 128 227 0 216 1 0 1 1 0 8 0 amappl7 120 30 0 25 1 0 1 1 0 8 0 amappl6 112 40 0 36 1 0 1 1 0 8 0 amappl5 104 167 0 157 1 0 1 1 0 8 0 amappl4 96 257 0 240 1 0 1 1 0 8 0 amappl3 88 114 0 107 1 0 1 1 0 8 0 amappl2 80 1670 0 1618 2 0 2 2 0 8 0 amappl1 72 14234 0 13805 15 5 10 15 0 8 0 amappl 72 741 0 715 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 299 0 284 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 299 0 284 1 0 1 1 0 8 0 vmmpekpl 168 5975 0 5955 2 0 2 2 0 8 0 vmmpepl 168 32206 0 31357 52 14 38 43 0 357 1 vmsppl 360 298 0 284 2 0 2 2 0 8 0 pdppl 4096 605 0 568 5 0 5 5 0 8 0 pvpl 32 81468 0 78569 35 9 26 26 0 265 1 pmappl 224 298 0 284 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 237 0 4 7 0 7 7 0 8 0