kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons:.
Sat May 16 21:26:03 PDT 2020
OpenBSD/amd64 (ci-openbsd-multicore-1.c.syzkaller.internal) (tty00)
Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts.
2020/05/16 21:26:14 parsed 1 programs
2020/05/16 21:26:18 executed programs: 0
login: uvm_fault(0xfffffd807f000450, 0x13, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xfffffd807f000450, 0x13, 0, 1) -> e
in_delmulti(7) at in_delmulti+0x8d
end trace frame: 0xffff800020f59400, count: 0
ddb{1}> trace
in_delmulti(7) at in_delmulti+0x8d
in_purgeaddr(ffff800000a0d300) at in_purgeaddr+0x156
in_ifdetach(ffff8000009d6000) at in_ifdetach+0x74
if_detach(ffff8000009d6000) at if_detach+0x140
tun_clone_destroy(ffff8000009d6000) at tun_clone_destroy+0x1f2
ifioctl(fffffd806f6db7d0,80206979,ffff800020f59640,ffff800020e6c758) at ifioctl+0x3ea
soo_ioctl(fffffd806d0b6568,80206979,ffff800020f59640,ffff800020e6c758) at soo_ioctl+0x27c
sys_ioctl(ffff800020e6c758,ffff800020f59758,ffff800020f597a0) at sys_ioctl+0x4a5
syscall(ffff800020f59820) at syscall+0x4a4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc52e0, count: -10
ddb{1}> show registers
rdi 0x2
rsi 0
rbp 0xffff800020f593b0
rbx 0
rdx 0x8b
rcx 0x1
rax 0x1
r8 0xffffffff81945803 rt_ifa_purge+0x153
r9 0x5
r10 0x3
r11 0x21ff2373e11d34ef
r12 0
r13 0x3
r14 0x7
r15 0x1
rip 0xffffffff81edc7dd in_delmulti+0x8d
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800020f59350
ss 0x10
in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{1}> show proc
PROC (syz-executor.0) pid=63520 stat=onproc
flags process=0 proc=0
pri=32, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020e6c4e8,0xffffffff8267b4d8
process=0xffff800020e81720 user=0xffff800020f54000, vmspace=0xfffffd807f000450
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*30632 63520 4011 0 7 0 syz-executor.0
4011 23952 67243 0 3 0x82 nanosleep syz-executor.0
67243 58340 76523 0 3 0x82 thrsleep syz-execprog
67243 22312 76523 0 3 0x4000082 thrsleep syz-execprog
67243 214214 76523 0 3 0x4000082 thrsleep syz-execprog
67243 172713 76523 0 3 0x4000082 thrsleep syz-execprog
67243 302914 76523 0 3 0x4000082 thrsleep syz-execprog
67243 81470 76523 0 3 0x4000082 kqread syz-execprog
67243 277106 76523 0 3 0x4000082 thrsleep syz-execprog
67243 365795 76523 0 3 0x4000082 thrsleep syz-execprog
76523 406557 37717 0 3 0x10008a pause ksh
37717 124088 13530 0 3 0x92 select sshd
24331 496519 1 0 3 0x100083 ttyin getty
13530 342290 1 0 3 0x80 select sshd
60473 197388 38998 74 3 0x100092 bpf pflogd
38998 29055 1 0 3 0x80 netio pflogd
77476 359962 29982 73 3 0x100090 kqread syslogd
29982 198520 1 0 3 0x100082 netio syslogd
65061 298750 1 77 7 0x100090 dhclient
82162 292457 1 0 3 0x80 poll dhclient
93582 260737 0 0 3 0x14200 bored smr
96968 301048 0 0 3 0x14200 pgzero zerothread
25569 353113 0 0 3 0x14200 aiodoned aiodoned
87394 26612 0 0 3 0x14200 syncer update
34201 220574 0 0 3 0x14200 cleaner cleaner
85069 489161 0 0 3 0x14200 reaper reaper
50626 450303 0 0 3 0x14200 pgdaemon pagedaemon
16100 70396 0 0 3 0x14200 bored crynlk
68029 144653 0 0 3 0x14200 bored crypto
76905 380572 0 0 3 0x40014200 acpi0 acpi0
15577 296062 0 0 3 0x40014200 idle1
69551 172886 0 0 3 0x14200 bored softnet
98624 361334 0 0 2 0x14200 systqmp
25295 227054 0 0 3 0x14200 bored systq
96495 160706 0 0 3 0x40014200 bored softclock
65209 479819 0 0 3 0x40014200 idle0
1 455276 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 30632 (syz-executor.0) thread 0xffff800020e6c758 (63520)
exclusive rwlock netlock r = 0 (0xffffffff824a2978)
#0 witness_lock+0x4c7
#1 if_detach+0x70
#2 tun_clone_destroy+0x1f2
#3 ifioctl+0x3ea
#4 soo_ioctl+0x27c
#5 sys_ioctl+0x4a5
#6 syscall+0x4a4
#7 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82695610)
#0 witness_lock+0x4c7
#1 __mp_acquire_count+0x51
#2 mi_switch+0x392
#3 sleep_finish+0x113
#4 cond_wait+0x76
#5 smr_barrier_impl+0xf9
#6 tun_clone_destroy+0x136
#7 ifioctl+0x3ea
#8 soo_ioctl+0x27c
#9 sys_ioctl+0x4a5
#10 syscall+0x4a4
#11 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9465 6396K 6396K 78643K 10560 0
pcb 14 8K 8K 78643K 14 0
rtable 75 2K 2K 78643K 165 0
ifaddr 37 9K 9K 78643K 39 0
counters 41 33K 33K 78643K 41 0
ioctlops 0 0K 4K 78643K 1468 0
mount 1 1K 1K 78643K 1 0
vnodes 1182 74K 75K 78643K 1188 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1824 197K 290K 78643K 13058 0
file desc 3 8K 12K 78643K 18 0
proc 59 63K 83K 78643K 398 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 25 1K 1K 78643K 26 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 19 95K 95K 78643K 19 0
exec 0 0K 1K 78643K 197 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 74 12K 12K 78643K 944 0
UVM aobj 2 2K 2K 78643K 2 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 7 0K 0K 78643K 7 0
temp 29 3033K 3097K 78643K 1867 0
kqueue 3 4K 4K 78643K 3 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 4 0 2 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 17 0 15 1 0 1 1 0 8 0
rtentry 112 34 0 5 1 0 1 1 0 8 0
unpcb 120 29 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 280 35 0 27 1 0 1 1 0 8 0
nd6 48 3 0 0 1 0 1 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 11 0 0 1 0 1 1 0 8 0
pfstkey 112 11 0 0 1 0 1 1 0 8 0
pfstate 328 11 0 0 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 144 0 2 9 0 9 9 0 8 0
art_table 32 145 0 2 2 0 2 2 0 8 0
art_node 16 33 0 6 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1424 0 23 88 0 88 88 0 8 0
ffsino 272 1424 0 23 94 0 94 94 0 8 0
nchpl 144 1640 0 38 60 0 60 60 0 8 0
uvmvnodes 72 1434 0 0 27 0 27 27 0 8 0
vnodes 208 1434 0 0 76 0 76 76 0 8 0
namei 1024 4204 0 4204 1 0 1 1 0 8 1
percpumem 16 31 0 0 1 0 1 1 0 8 0
scxspl 192 3850 0 3850 2 1 1 2 0 8 1
plimitpl 152 15 0 8 1 0 1 1 0 8 0
sigapl 424 241 0 211 4 0 4 4 0 8 0
knotepl 112 47 0 36 1 0 1 1 0 8 0
kqueuepl 144 2 0 0 1 0 1 1 0 8 0
pipelkpl 48 77 0 70 1 0 1 1 0 8 0
pipepl 120 154 0 141 1 0 1 1 0 8 0
fdescpl 496 226 0 211 3 0 3 3 0 8 0
filepl 152 1110 0 1050 3 0 3 3 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 62 0 53 1 0 1 1 0 8 0
zombiepl 144 211 0 211 1 0 1 1 0 8 1
processpl 984 241 0 211 5 0 5 5 0 8 1
procpl 624 248 0 211 3 0 3 3 0 8 0
srpgc 64 2 0 2 1 0 1 1 0 8 1
sockpl 400 81 0 61 2 0 2 2 0 8 0
mcl4k 4096 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 80 0 0 10 0 10 10 0 8 0
mtagpl 80 1 0 0 1 0 1 1 0 8 0
mbufpl 256 98 0 0 7 0 7 7 0 8 0
bufpl 280 2980 0 133 204 0 204 204 0 8 0
anonpl 16 22287 0 20633 13 1 12 12 0 124 2
amapchunkpl 152 841 0 775 4 0 4 4 0 158 0
amappl16 192 152 0 118 2 0 2 2 0 8 0
amappl15 184 2 0 0 1 0 1 1 0 8 0
amappl14 176 34 0 27 1 0 1 1 0 8 0
amappl13 168 21 0 20 1 0 1 1 0 8 0
amappl12 160 8 0 7 2 1 1 1 0 8 0
amappl11 152 56 0 40 1 0 1 1 0 8 0
amappl10 144 18 0 15 1 0 1 1 0 8 0
amappl9 136 230 0 229 1 0 1 1 0 8 0
amappl8 128 271 0 264 1 0 1 1 0 8 0
amappl7 120 115 0 103 1 0 1 1 0 8 0
amappl6 112 23 0 21 1 0 1 1 0 8 0
amappl5 104 131 0 117 1 0 1 1 0 8 0
amappl4 96 494 0 466 1 0 1 1 0 8 0
amappl3 88 106 0 99 1 0 1 1 0 8 0
amappl2 80 904 0 848 2 0 2 2 0 8 0
amappl1 72 15374 0 14938 23 5 18 18 0 8 8
amappl 80 474 0 445 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
uaddrrnd 24 226 0 211 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 226 0 211 1 0 1 1 0 8 0
vmmpekpl 168 6369 0 6346 2 0 2 2 0 8 0
vmmpepl 168 32618 0 31665 76 4 72 72 0 357 29
vmsppl 368 225 0 211 2 0 2 2 0 8 0
pdppl 4096 460 0 422 6 0 6 6 0 8 0
pvpl 32 113506 0 109453 104 0 104 104 0 265 70
pmappl 232 225 0 211 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 232 0 3 7 0 7 7 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff824abff0) at x86_ipi_db+0x1a
x86_ipi_handler() at x86_ipi_handler+0xc6
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82695408) at __mp_lock+0x127
__mp_acquire_count(ffffffff82695408,2) at __mp_acquire_count+0x51
mi_switch() at mi_switch+0x392
sleep_finish(ffff800020ea75d0,1) at sleep_finish+0x113
sleep_finish_all(ffff800020ea75d0,1) at sleep_finish_all+0x32
tsleep(ffffffff82663c34,118,ffffffff8224a1a6,41e331) at tsleep+0x1cc
doppoll(ffff800020e6c278,7f7fffff5b20,3,ffff800020ea7768,0,ffff800020ea7820) at doppoll+0x57e
sys_poll(ffff800020e6c278,ffff800020ea77d0,ffff800020ea7820) at sys_poll+0xa6
syscall(ffff800020ea78a0) at syscall+0x4a4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff5b00, count: -13
ddb{0}> machine ddbcpu 1
Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d
ddb{1}> trace
in_delmulti(7) at in_delmulti+0x8d
in_purgeaddr(ffff800000a0d300) at in_purgeaddr+0x156
in_ifdetach(ffff8000009d6000) at in_ifdetach+0x74
if_detach(ffff8000009d6000) at if_detach+0x140
tun_clone_destroy(ffff8000009d6000) at tun_clone_destroy+0x1f2
ifioctl(fffffd806f6db7d0,80206979,ffff800020f59640,ffff800020e6c758) at ifioctl+0x3ea
soo_ioctl(fffffd806d0b6568,80206979,ffff800020f59640,ffff800020e6c758) at soo_ioctl+0x27c
sys_ioctl(ffff800020e6c758,ffff800020f59758,ffff800020f597a0) at sys_ioctl+0x4a5
syscall(ffff800020f59820) at syscall+0x4a4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc52e0, count: -10
ddb{1}>