kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Wed Dec 15 06:02:13 PST 2021 OpenBSD/amd64 (ci-openbsd-multicore-2.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.1.15' (ED25519) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: vndioctl: null vp Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 393320 80133 0 0 0x4000000 1 syz-executor1231 *140312 70460 0 0 0x4000000 0K syz-executor1231 db_enter() at db_enter+0x18 panic(ffffffff824a2454) at panic+0x177 vndsetcred(2902,80384601,ffff80002123c3a0,1) at vndsetcred VOP_IOCTL(fffffd806e4f4ae8,80384601,ffff80002123c3a0,1,fffffd807f7d7660,ffff800021193268) at VOP_IOCTL+0x96 vn_ioctl(fffffd806e587568,80384601,ffff80002123c3a0,ffff800021193268) at vn_ioctl+0xba sys_ioctl(ffff800021193268,ffff80002123c4b8,ffff80002123c510) at sys_ioctl+0x4a2 syscall(ffff80002123c580) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x171d74be4e0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: vndioctl: null vp ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff824a2454) at panic+0x177 vndsetcred(2902,80384601,ffff80002123c3a0,1) at vndsetcred VOP_IOCTL(fffffd806e4f4ae8,80384601,ffff80002123c3a0,1,fffffd807f7d7660,ffff800021193268) at VOP_IOCTL+0x96 vn_ioctl(fffffd806e587568,80384601,ffff80002123c3a0,ffff800021193268) at vn_ioctl+0xba sys_ioctl(ffff800021193268,ffff80002123c4b8,ffff80002123c510) at sys_ioctl+0x4a2 syscall(ffff80002123c580) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x171d74be4e0, count: -8 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002123bae0 rbx 0xffffffff827e3bff cpu_info_full_primary+0x2bff rdx 0x8b rcx 0x2 rax 0x19 r8 0xffffffff817eb474 kprintf+0x144 r9 0x1 r10 0x8ed20437e8388a88 r11 0xc0887af3ae9824e6 r12 0xffffffff827e3a00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff81552b08 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002123bad0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor1231) pid=140312 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=58, nice=20 forw=0xffffffffffffffff, list=0xffff8000211927e8,0xffff800021193518 process=0xffff8000211f1900 user=0xffff800021237000, vmspace=0xfffffd8008582000 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 80133 211500 53238 0 3 0x80 nanoslp syz-executor1231 80133 393320 53238 0 7 0x4000000 syz-executor1231 80133 184629 53238 0 3 0x4000080 fsleep syz-executor1231 70460 308449 31436 0 3 0x80 nanoslp syz-executor1231 *70460 140312 31436 0 7 0x4000000 syz-executor1231 70460 40575 31436 0 3 0x4000080 fsleep syz-executor1231 53238 318563 57233 0 3 0x80 nanoslp syz-executor1231 31436 102970 57233 0 3 0x80 nanoslp syz-executor1231 57233 281650 71399 0 3 0x82 nanoslp syz-executor1231 71399 282405 54364 0 3 0x10008a sigsusp ksh 54364 172014 51591 0 3 0x9a kqread sshd 69143 98391 1 0 3 0x100083 ttyin getty 51591 209388 1 0 3 0x88 kqread sshd 91055 118854 37160 74 3 0x100092 bpf pflogd 37160 195490 1 0 3 0x80 netio pflogd 59269 489417 78538 73 3 0x100090 kqread syslogd 78538 50481 1 0 3 0x100082 netio syslogd 93138 356985 1 0 3 0x100080 kqread resolvd 74073 150888 46366 77 3 0x100092 kqread dhcpleased 52979 301027 46366 77 3 0x100092 kqread dhcpleased 46366 9037 1 0 3 0x80 kqread dhcpleased 41215 466177 0 0 3 0x14200 bored smr 2980 391234 0 0 3 0x14200 pgzero zerothread 23823 273219 0 0 3 0x14200 aiodoned aiodoned 79095 103314 0 0 3 0x14200 syncer update 28809 260796 0 0 3 0x14200 cleaner cleaner 92625 216351 0 0 3 0x14200 reaper reaper 51428 347553 0 0 3 0x14200 pgdaemon pagedaemon 47197 261302 0 0 3 0x14200 bored viomb 20766 49142 0 0 3 0x40014200 acpi0 acpi0 2523 303346 0 0 3 0x40014200 idle1 11284 148528 0 0 3 0x14200 bored softnet 72783 13181 0 0 3 0x14200 bored systqmp 95706 238264 0 0 3 0x14200 bored systq 38795 301691 0 0 3 0x40014200 bored softclock 79495 18343 0 0 3 0x40014200 idle0 1 135028 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 80133 (syz-executor1231) thread 0xffff800021193508 (393320) exclusive rwlock futex r = 0 (0xffffffff827e4980) #0 witness_lock+0x4b0 #1 sys_futex+0x5c #2 syscall+0x489 #3 Xsyscall+0x128 Process 70460 (syz-executor1231) thread 0xffff800021193268 (140312) exclusive rwlock dklk r = 0 (0xffff8000006ac068) #0 witness_lock+0x4b0 #1 rw_enter+0x3e2 #2 vndioctl+0x4f1 #3 VOP_IOCTL+0x96 #4 vn_ioctl+0xba #5 sys_ioctl+0x4a2 #6 syscall+0x489 #7 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff828ba480) #0 witness_lock+0x4b0 #1 __mp_acquire_count+0x4c #2 mi_switch+0x3d3 #3 sleep_finish+0x1b2 #4 rw_enter+0x35b #5 vndioctl+0x4f1 #6 VOP_IOCTL+0x96 #7 vn_ioctl+0xba #8 sys_ioctl+0x4a2 #9 syscall+0x489 #10 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10109 6415K 6416K 78643K 11429 0 pcb 13 8K 8K 78643K 13 0 rtable 62 2K 2K 78643K 118 0 ifaddr 29 8K 8K 78643K 30 0 counters 40 33K 33K 78643K 40 0 ioctlops 0 0K 4K 78643K 1479 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1183 74K 75K 78643K 1189 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 1 0K 0K 78643K 1 0 proc 67 87K 87K 78643K 278 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 11 0K 0K 78643K 11 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 2K 78643K 368 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 114 4K 6K 78643K 7447 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 4 0K 0K 78643K 4 0 temp 23 4181K 4245K 78643K 3377 0 kqueue 11 16K 16K 78643K 20 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 20 0 17 1 0 1 1 0 8 0 rtentry 112 23 0 1 1 0 1 1 0 8 0 unpcb 128 35 0 20 1 0 1 1 0 8 0 syncache 296 5 0 5 2 2 0 1 0 8 0 tcpcb 736 8 0 5 1 0 1 1 0 8 0 arp 120 2 0 0 1 0 1 1 0 8 0 inpcb 304 32 0 26 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 8 0 2 1 0 1 1 0 8 0 pfstkey 112 8 0 2 1 0 1 1 0 8 0 pfstate 320 8 0 2 1 0 1 1 0 8 0 pfrule 1360 21 0 15 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 97 0 0 7 0 7 7 0 8 0 art_table 32 98 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2301 0 905 88 0 88 88 0 8 0 ffsino 272 2301 0 905 94 0 94 94 0 8 0 nchpl 144 3361 0 1806 58 0 58 58 0 8 0 uvmvnodes 72 2312 0 0 43 0 43 43 0 8 0 vnodes 224 2312 0 0 136 0 136 136 0 8 0 namei 1024 8414 0 8414 2 1 1 1 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 scxspl 216 9065 0 9065 11 10 1 8 0 8 1 plimitpl 152 16 0 9 1 0 1 1 0 8 0 sigapl 424 708 0 675 4 0 4 4 0 8 0 futexpl 64 1634 0 1631 1 0 1 1 0 8 0 knotepl 112 36 0 0 2 0 2 2 0 8 0 kqueuepl 216 16 0 9 1 0 1 1 0 8 0 pipepl 336 72 0 69 2 1 1 1 0 8 0 fdescpl 496 694 0 675 3 0 3 3 0 8 0 filepl 152 2427 0 2365 3 0 3 3 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 299 0 287 1 0 1 1 0 8 0 zombiepl 144 675 0 675 2 1 1 1 0 8 1 processpl 1064 708 0 675 3 0 3 3 0 8 0 procpl 672 2000 0 1963 4 0 4 4 0 8 0 sockpl 480 87 0 63 5 1 4 4 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 75 0 0 10 0 10 10 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 140 0 0 8 0 8 8 0 8 0 bufpl 280 3131 0 92 218 0 218 218 0 8 0 anonpl 24 116335 0 113486 21 3 18 18 0 186 0 amapchunkpl 152 15686 0 15474 10 1 9 9 0 158 0 amappl16 200 473 0 469 2 1 1 1 0 8 0 amappl15 192 70 0 67 1 0 1 1 0 8 0 amappl13 176 18 0 17 2 1 1 1 0 8 0 amappl12 168 3 0 3 1 1 0 1 0 8 0 amappl11 160 59 0 42 1 0 1 1 0 8 0 amappl10 152 10 0 7 1 0 1 1 0 8 0 amappl9 144 230 0 228 1 0 1 1 0 8 0 amappl8 136 295 0 290 1 0 1 1 0 8 0 amappl7 128 33 0 32 1 0 1 1 0 8 0 amappl6 120 35 0 31 1 0 1 1 0 8 0 amappl5 112 213 0 195 1 0 1 1 0 8 0 amappl4 104 987 0 964 1 0 1 1 0 8 0 amappl3 96 602 0 585 1 0 1 1 0 8 0 amappl2 88 308 0 276 1 0 1 1 0 8 0 amappl1 80 14216 0 13798 11 2 9 9 0 8 0 amappl 88 7189 0 7094 3 0 3 3 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 694 0 675 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 694 0 675 1 0 1 1 0 8 0 vmmpekpl 168 9834 0 9820 1 0 1 1 0 8 0 vmmpepl 168 53073 0 52042 50 4 46 46 0 357 1 vmsppl 368 693 0 675 2 0 2 2 0 8 0 rwobjpl 56 15214 0 14618 11 2 9 9 0 8 0 pdppl 4096 1396 0 1350 72 26 46 46 0 8 0 pvpl 32 245590 0 240701 47 6 41 41 0 265 1 pmappl 224 693 0 675 2 0 2 2 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 297 0 30 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff824a2454) at panic+0x177 vndsetcred(2902,80384601,ffff80002123c3a0,1) at vndsetcred VOP_IOCTL(fffffd806e4f4ae8,80384601,ffff80002123c3a0,1,fffffd807f7d7660,ffff800021193268) at VOP_IOCTL+0x96 vn_ioctl(fffffd806e587568,80384601,ffff80002123c3a0,ffff800021193268) at vn_ioctl+0xba sys_ioctl(ffff800021193268,ffff80002123c4b8,ffff80002123c510) at sys_ioctl+0x4a2 syscall(ffff80002123c580) at syscall+0x489 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x171d74be4e0, count: -8 ddb{0}>