kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Mon Mar 11 13:37:07 PDT 2019 OpenBSD/amd64 (ci-openbsd-main-5.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.208' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: uvm_fault(0xffffffff821f4cc8, 0xffff80000093a000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at memcpy+0x15: repe movsq (%rsi),%es:(%rdi) ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff821f4cc8, 0xffff80000093a000, 0, 1) -> e memcpy(fffffd8036ddb230,ffff800000939f0d,0,fffffd8036ddb230,c2d5653092b04796,ffff8000149a0478) at memcpy+0x15 end trace frame: 0xffff8000149a0380, count: 0 ddb> trace memcpy(fffffd8036ddb230,ffff800000939f0d,0,fffffd8036ddb230,c2d5653092b04796,ffff8000149a0478) at memcpy+0x15 rtrequest(1,ffff8000149a0478,38,ffff8000149a03c0,0) at rtrequest+0x83b rtm_output(ffff800000939f00,ffff8000149a0470,ffff8000149a0478,38,0) at rtm_output+0x711 route_output(fffffd803556da00,fffffd8036435788,0,0) at route_output+0x78b route_usrreq(fffffd8036435788,9,fffffd803556da00,0,0,ffff8000ffff52d0) at route_usrreq+0x35d sosend(fffffd8036435788,0,ffff8000149a0738,0,0,0) at sosend+0x6e3 sendit(ffff8000ffff52d0,3,ffff8000149a07f8,0,ffff8000149a08c0) at sendit+0x58f sys_sendto(ffff8000ffff52d0,ffff8000149a08d8,ffff8000149a08c0) at sys_sendto+0x92 syscall(ffff8000149a0970) at syscall+0x541 Xsyscall(6,0,8e,0,24,3) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff1d80, count: -10 ddb> show registers rdi 0xffff800000939ef0 rsi 0xffff800000939ffd rbp 0xffff8000149a0270 rbx 0xffff800000939f0d rdx 0x100 rcx 0x2 rax 0xfffffffffffffef3 r8 0x70 r9 0x5 r10 0x374822ee11ff115b r11 0xffff800000939e00 r12 0xffff800000939e00 r13 0x100 r14 0 r15 0xfffffd8036ddb230 rip 0xffffffff81adeff5 memcpy+0x15 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff8000149a0208 ss 0x10 memcpy+0x15: repe movsq (%rsi),%es:(%rdi) ddb> show proc PROC (syz-executor4544) pid=81416 stat=onproc flags process=0 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff5528,0xffffffff8227c6c8 process=0xffff800014962018 user=0xffff80001499b000, vmspace=0xfffffd803f014210 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *51610 81416 189 0 7 0 syz-executor4544 189 356832 58425 0 3 0x82 nanosleep syz-executor4544 58425 203850 73774 0 3 0x10008a pause ksh 73774 322048 78247 0 3 0x92 select sshd 11360 337340 1 0 3 0x100083 ttyin getty 78247 24794 1 0 3 0x80 select sshd 61275 135379 8111 73 2 0x100090 syslogd 8111 242781 1 0 3 0x100082 netio syslogd 71298 421622 1 77 3 0x100090 poll dhclient 81282 503664 1 0 3 0x80 poll dhclient 66146 486340 0 0 2 0x14200 zerothread 74331 337553 0 0 3 0x14200 aiodoned aiodoned 34149 487003 0 0 3 0x14200 syncer update 61500 367998 0 0 3 0x14200 cleaner cleaner 68011 12540 0 0 3 0x14200 reaper reaper 32895 273601 0 0 3 0x14200 pgdaemon pagedaemon 78202 473596 0 0 3 0x14200 bored crynlk 77592 76706 0 0 3 0x14200 bored crypto 72900 86800 0 0 3 0x40014200 acpi0 acpi0 21580 126647 0 0 2 0x14200 softnet 14 367996 0 0 3 0x14200 bored systqmp 42192 312963 0 0 3 0x14200 bored systq 98609 327370 0 0 3 0x40014200 bored softclock 59726 253880 0 0 3 0x40014200 idle0 10628 218253 0 0 3 0x14200 bored smr 1 194184 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9426 6306K 6307K 78643K 10519 0 0 pcb 24 9K 9K 78643K 69 0 0 rtable 64 2K 2K 78643K 157 0 0 ifaddr 21 7K 7K 78643K 21 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 13 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1166 73K 73K 78643K 1171 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 2 0K 0K 78643K 2 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 1 0K 0K 78643K 1 0 0 proc 40 30K 38K 78643K 207 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 11 0K 0K 78643K 11 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 18 79K 79K 78643K 18 0 0 exec 0 0K 1K 78643K 150 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 49 3K 3K 78643K 671 0 0 UVM aobj 2 2K 2K 78643K 2 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 3 0K 0K 78643K 3 0 0 temp 43 2342K 2403K 78643K 1695 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 2 0 0 1 0 1 1 0 8 0 inpcbpl 280 22 0 16 1 0 1 1 0 8 0 plimitpl 152 13 0 8 1 0 1 1 0 8 0 rtentry 112 37 0 14 1 0 1 1 0 8 0 syncache 264 5 0 5 1 0 1 1 0 8 1 tcpqe 32 7 0 7 1 0 1 1 0 8 1 tcpcb 544 8 0 5 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 96 0 0 6 0 6 6 0 8 0 art_table 32 97 0 0 1 0 1 1 0 8 0 art_node 16 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1381 0 16 45 0 45 45 0 8 0 ffsino 240 1381 0 16 81 0 81 81 0 8 0 nchpl 144 1554 0 30 57 0 57 57 0 8 0 uvmvnodes 72 1390 0 0 26 0 26 26 0 8 0 vnodes 200 1390 0 0 74 0 74 74 0 8 0 namei 1024 3260 0 3260 2 1 1 1 0 8 1 scxspl 192 2224 0 2224 4 1 3 3 0 8 3 sigapl 432 188 0 177 2 0 2 2 0 8 0 knotepl 112 5 0 0 1 0 1 1 0 8 0 kqueuepl 104 1 0 0 1 0 1 1 0 8 0 pipepl 112 114 0 107 2 1 1 1 0 8 0 fdescpl 424 189 0 177 2 0 2 2 0 8 0 filepl 120 821 0 778 2 0 2 2 0 8 0 lockfpl 104 6 0 6 1 1 0 1 0 8 0 lockfspl 32 3 0 3 1 1 0 1 0 8 0 sessionpl 112 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 96 47 0 40 1 0 1 1 0 8 0 zombiepl 144 177 0 177 2 1 1 1 0 8 1 processpl 840 203 0 177 4 0 4 4 0 8 0 procpl 600 203 0 177 3 0 3 3 0 8 0 sockpl 384 78 0 61 2 0 2 2 0 8 0 mcl4k 4096 10 0 10 1 0 1 1 0 8 1 mcl2k 2048 5673 0 5645 7 0 7 7 0 8 3 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 9813 0 9735 7 2 5 5 0 8 0 bufpl 256 2017 0 226 112 0 112 112 0 8 0 anonpl 16 17008 0 15915 8 2 6 7 0 62 1 amapchunkpl 152 515 0 479 2 0 2 2 0 158 0 amappl16 192 86 0 80 1 0 1 1 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 24 0 21 1 0 1 1 0 8 0 amappl13 168 14 0 11 1 0 1 1 0 8 0 amappl12 160 5 0 5 1 0 1 1 0 8 1 amappl11 152 173 0 164 1 0 1 1 0 8 0 amappl10 144 46 0 45 1 0 1 1 0 8 0 amappl9 136 191 0 190 1 0 1 1 0 8 0 amappl8 128 82 0 78 1 0 1 1 0 8 0 amappl7 120 13 0 11 1 0 1 1 0 8 0 amappl6 112 41 0 37 1 0 1 1 0 8 0 amappl5 104 197 0 186 1 0 1 1 0 8 0 amappl4 96 254 0 234 1 0 1 1 0 8 0 amappl3 88 112 0 107 1 0 1 1 0 8 0 amappl2 80 561 0 526 1 0 1 1 0 8 0 amappl1 72 11782 0 11396 16 7 9 16 0 8 0 amappl 72 385 0 365 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 189 0 177 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 189 0 177 1 0 1 1 0 8 0 vmmpekpl 168 5217 0 5202 1 0 1 1 0 8 0 vmmpepl 168 23688 0 22991 48 14 34 47 0 357 2 vmsppl 264 188 0 177 1 0 1 1 0 8 0 pdppl 4096 384 0 354 5 0 5 5 0 8 0 pvpl 32 70813 0 68042 29 3 26 26 0 265 3 pmappl 192 188 0 177 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 228 0 5 7 0 7 7 0 8 0 ddb>