kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu Jul 2 02:58:24 PDT 2020 OpenBSD/amd64 (ci-openbsd-multicore-3.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts. 2020/07/02 03:16:13 parsed 1 programs 2020/07/02 03:16:16 executed programs: 0 login: uvm_fault(0xffffffff828ad310, 0xfffffd0000000008, 0, 2) -> e kernel: page fault trap, code=0 Stopped at soreceive+0x1100: movq %rbx,0x8(%r13) ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xffffffff828ad310, 0xfffffd0000000008, 0, 2) -> e soreceive(fffffd806f6804b0,0,ffff800020e1d178,0,0,ffff800020e1d084) at soreceive+0x1100 end trace frame: 0xffff800020e1d0c0, count: 0 ddb{1}> trace soreceive(fffffd806f6804b0,0,ffff800020e1d178,0,0,ffff800020e1d084) at soreceive+0x1100 soo_read(fffffd8075bf74c0,ffff800020e1d178,0) at soo_read+0x53 dofilereadv(ffff800020ddd118,6,ffff800020e1d178,0,ffff800020e1d260) at dofilereadv+0x1a1 sys_read(ffff800020ddd118,ffff800020e1d210,ffff800020e1d260) at sys_read+0x83 syscall(ffff800020e1d2e0) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc0020, count: -6 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff800020e1d060 rbx 0xfffffd8076787d00 rdx 0x3348 __ALIGN_SIZE+0x2348 rcx 0x80cf785c78eed33f rax 0x1 r8 0xffffffff81241ed1 soreceive+0x5c1 r9 0x3 r10 0xbaf3f6c6ce4e1924 r11 0xabe9c9b69fc8aae7 r12 0x10de __ALIGN_SIZE+0xde r13 0xfffffd0000000000 r14 0 r15 0xfffffd806f6804b0 rip 0xffffffff81242a10 soreceive+0x1100 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800020e1cf70 ss 0x10 soreceive+0x1100: movq %rbx,0x8(%r13) ddb{1}> show proc PROC (dhclient) pid=348270 stat=onproc flags process=0 proc=0 pri=24, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020ddc4e8,0xffff800020ddd398 process=0xffff800020df1348 user=0xffff800020e18000, vmspace=0xfffffd807f000170 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 6086 226673 57576 0 3 0 tqbarwait syz-executor.0 88836 137523 54405 0 7 0 syz-executor.1 57576 15455 77921 0 3 0x82 nanosleep syz-executor.0 54405 482129 77921 0 3 0x82 nanosleep syz-executor.1 77921 467932 72100 0 3 0x82 thrsleep syz-execprog 77921 207960 72100 0 3 0x4000082 thrsleep syz-execprog 77921 474583 72100 0 3 0x4000082 thrsleep syz-execprog 77921 63962 72100 0 3 0x4000082 thrsleep syz-execprog 77921 90507 72100 0 3 0x4000082 kqread syz-execprog 77921 196546 72100 0 3 0x4000082 thrsleep syz-execprog 77921 46436 72100 0 3 0x4000082 thrsleep syz-execprog 77921 402613 72100 0 3 0x4000082 thrsleep syz-execprog 77921 420317 72100 0 3 0x4000082 thrsleep syz-execprog 77921 511638 72100 0 3 0x4000082 thrsleep syz-execprog 77921 200380 72100 0 3 0x4000082 thrsleep syz-execprog 72100 415750 10485 0 3 0x10008a pause ksh 10485 102377 83445 0 3 0x92 select sshd 28534 416825 1 0 3 0x100083 ttyin getty 83445 153406 1 0 3 0x80 select sshd 3935 414324 68513 74 3 0x100092 bpf pflogd 68513 189393 1 0 3 0x80 netio pflogd 13340 268855 64356 73 3 0x100090 kqread syslogd 64356 103693 1 0 3 0x100082 netio syslogd 90847 103303 1 77 3 0x100090 poll dhclient * 5491 348270 1 0 7 0 dhclient 95976 110489 0 0 3 0x14200 bored smr 76558 222443 0 0 3 0x14200 pgzero zerothread 46584 205502 0 0 3 0x14200 aiodoned aiodoned 80671 316641 0 0 3 0x14200 syncer update 19135 360730 0 0 3 0x14200 cleaner cleaner 876 123183 0 0 3 0x14200 reaper reaper 72101 428757 0 0 3 0x14200 pgdaemon pagedaemon 159 400244 0 0 3 0x14200 bored crynlk 15817 366396 0 0 3 0x14200 bored crypto 61550 288684 0 0 3 0x40014200 acpi0 acpi0 86550 514149 0 0 3 0x40014200 idle1 17955 354584 0 0 3 0x14200 tqbarend softnet 27376 119325 0 0 3 0x14200 bored systqmp 1747 517290 0 0 3 0x14200 bored systq 99269 169705 0 0 3 0x40014200 bored softclock 72480 151264 0 0 3 0x40014200 idle0 1 303104 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 5491 (dhclient) thread 0xffff800020ddd118 (348270) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82923b00) #0 witness_lock+0x4c7 #1 solock+0x66 #2 soreceive+0x114 #3 soo_read+0x53 #4 dofilereadv+0x1a1 #5 sys_read+0x83 #6 syscall+0x4a4 #7 Xsyscall+0x128 Process 17955 (softnet) thread 0xffff800020d88000 (354584) shared rwlock softnet r = 0 (0xffff80000002c070) #0 witness_lock+0x4c7 #1 taskq_thread+0xdf #2 proc_trampoline+0x1c ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9467 6398K 6398K 78643K 10564 0 pcb 13 8K 8K 78643K 13 0 rtable 61 2K 3K 78643K 205 0 ifaddr 29 8K 11K 78643K 47 0 counters 39 33K 33K 78643K 43 0 ioctlops 0 0K 4K 78643K 1469 0 mount 1 1K 1K 78643K 1 0 vnodes 1181 74K 75K 78643K 1188 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 6 17K 25K 78643K 36 0 proc 59 63K 95K 78643K 438 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 23 1K 2K 78643K 41 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 1K 78643K 210 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 80 20K 21K 78643K 1003 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 4 0K 0K 78643K 10 0 temp 24 3853K 3917K 78643K 1972 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 4 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 23 2 0 2 2 0 8 1 unpcb 120 29 0 19 1 0 1 1 0 8 0 syncache 264 5 0 5 2 1 1 1 0 8 1 tcpcb 544 8 0 5 1 0 1 1 0 8 0 inpcb 296 41 0 31 1 0 1 1 0 8 0 nd6 48 6 0 6 1 0 1 1 0 8 1 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 11 0 6 2 1 1 1 0 8 0 pfstkey 112 11 0 6 2 1 1 1 0 8 0 pfstate 328 11 0 6 2 1 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 92 12 0 12 12 0 8 6 art_table 32 189 0 92 2 0 2 2 0 8 1 art_node 16 44 0 24 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1429 0 24 88 0 88 88 0 8 0 ffsino 272 1429 0 24 94 0 94 94 0 8 0 nchpl 144 1651 0 38 60 0 60 60 0 8 0 uvmvnodes 72 1439 0 0 27 0 27 27 0 8 0 vnodes 208 1439 0 0 76 0 76 76 0 8 0 namei 1024 4355 0 4355 2 1 1 1 0 8 1 percpumem 16 32 0 2 1 0 1 1 0 8 0 scxspl 192 4702 0 4702 43 42 1 7 0 8 1 plimitpl 152 16 0 8 1 0 1 1 0 8 0 sigapl 424 255 0 223 4 0 4 4 0 8 0 knotepl 112 59 0 42 1 0 1 1 0 8 0 kqueuepl 144 2 0 0 1 0 1 1 0 8 0 pipepl 304 81 0 71 2 1 1 1 0 8 0 fdescpl 496 240 0 223 3 0 3 3 0 8 0 filepl 152 1149 0 1078 3 0 3 3 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 112 20 0 9 1 0 1 1 0 8 0 pgrppl 48 20 0 9 1 0 1 1 0 8 0 ucredpl 96 62 0 53 1 0 1 1 0 8 0 zombiepl 144 223 0 223 2 1 1 1 0 8 1 processpl 984 255 0 223 5 0 5 5 0 8 1 procpl 624 265 0 223 4 0 4 4 0 8 0 srpgc 64 4 0 4 1 0 1 1 0 8 1 sockpl 400 89 0 67 3 0 3 3 0 8 0 mcl4k 4096 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 76 0 0 10 0 10 10 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 159 0 0 8 0 8 8 0 8 0 bufpl 280 3058 0 133 209 0 209 209 0 8 0 anonpl 16 23353 0 21587 14 2 12 12 0 124 3 amapchunkpl 152 885 0 820 5 0 5 5 0 158 1 amappl16 192 170 0 128 3 0 3 3 0 8 0 amappl15 184 3 0 1 1 0 1 1 0 8 0 amappl14 176 31 0 27 1 0 1 1 0 8 0 amappl13 168 31 0 27 2 1 1 1 0 8 0 amappl11 152 63 0 46 1 0 1 1 0 8 0 amappl10 144 24 0 20 1 0 1 1 0 8 0 amappl9 136 236 0 233 1 0 1 1 0 8 0 amappl8 128 290 0 281 1 0 1 1 0 8 0 amappl7 120 120 0 109 1 0 1 1 0 8 0 amappl6 112 31 0 25 1 0 1 1 0 8 0 amappl5 104 139 0 125 1 0 1 1 0 8 0 amappl4 96 511 0 484 1 0 1 1 0 8 0 amappl3 88 108 0 99 1 0 1 1 0 8 0 amappl2 80 939 0 875 2 0 2 2 0 8 0 amappl1 72 15947 0 15500 23 5 18 18 0 8 8 amappl 80 505 0 474 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 240 0 223 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 240 0 223 1 0 1 1 0 8 0 vmmpekpl 168 6436 0 6409 2 0 2 2 0 8 0 vmmpepl 168 33792 0 32764 81 9 72 72 0 357 27 vmsppl 368 239 0 223 2 0 2 2 0 8 0 pdppl 4096 487 0 446 6 0 6 6 0 8 0 pvpl 32 117182 0 112855 107 2 105 105 0 265 67 pmappl 232 239 0 223 2 0 2 2 0 8 1 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 239 0 4 7 0 7 7 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff8270eff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xc6 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_cmp4(ffffffff829238f8,ffffffff829238f8) at __sanitizer_cov_trace_cmp4+0xb __mp_acquire_count(ffffffff829238f8,1) at __mp_acquire_count+0x51 mi_switch() at mi_switch+0x392 sleep_finish(ffff800020ef2d18,1) at sleep_finish+0x113 sleep_finish_all(ffff800020ef2d18,1) at sleep_finish_all+0x32 msleep(ffff80000002c068,ffff80000002c018,20,ffffffff823d316a,0) at msleep+0x214 taskq_do_barrier(ffff80000002c000) at taskq_do_barrier+0x131 ifq_destroy(ffff800000ac6278) at ifq_destroy+0xd1 if_detach(ffff800000ac6000) at if_detach+0x3f8 tun_clone_destroy(ffff800000ac6000) at tun_clone_destroy+0x1f2 ifioctl(fffffd806cf6ae20,80206979,ffff800020ef3070,ffff800020e23878) at ifioctl+0x3ea soo_ioctl(fffffd806cf50568,80206979,ffff800020ef3070,ffff800020e23878) at soo_ioctl+0x27c sys_ioctl(ffff800020e23878,ffff800020ef3188,ffff800020ef31d0) at sys_ioctl+0x4a5 syscall(ffff800020ef3250) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc3130, count: -18 ddb{0}> machine ddbcpu 1 Stopped at soreceive+0x1100: movq %rbx,0x8(%r13) ddb{1}> trace soreceive(fffffd806f6804b0,0,ffff800020e1d178,0,0,ffff800020e1d084) at soreceive+0x1100 soo_read(fffffd8075bf74c0,ffff800020e1d178,0) at soo_read+0x53 dofilereadv(ffff800020ddd118,6,ffff800020e1d178,0,ffff800020e1d260) at dofilereadv+0x1a1 sys_read(ffff800020ddd118,ffff800020e1d210,ffff800020e1d260) at sys_read+0x83 syscall(ffff800020e1d2e0) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc0020, count: -6