My syzkaller machine running a recent snapshot just crashed. The value
0x415efd243b54d319 passed into uvm_map_deallocate looks quite fishy to me.
Some hopefully useful info below.
ddb{4}> trace
uvm_unmap_remove(c05f7f8cd1633180,ffffff036f57f5a8,ffff800000b85f00,ffffff036f57f598,ffff8000222b8040,0)
at uvm_unmap_remove+0x212
uvm_map_deallocate(415efd243b54d319) at uvm_map_deallocate+0x5e
vm_teardown(ffffff036f57f3d8) at vm_teardown+0xf0
vm_run(a186e3e68e0c8d2d) at vm_run+0x226
VOP_IOCTL(d3bfd0b457c4b224,ffffff03c9c6f5f0,32269d81b8d394bf,ffff8000222b4968,ffffff043f7ca420,3)
at VOP_IOCTL+0x5a
vn_ioctl(d3bfd0b4579725f3,ffffff03ca9e15b0,ffff8000222b4968,20) at
vn_ioctl+0x6b
sys_ioctl(7867d986861f8ba2,360,ffff8000222b4968) at sys_ioctl+0x3ec
syscall(3871e5d148df7b3d) at syscall+0x32a
Xsyscall(0,36,0,36,1fc2fafb52d0,1fc2faf35000) at Xsyscall+0x128
end of kernel
end trace frame: 0x1fc5a67a25b0, count: -9
ddb{4}> show proc
PROC (vmd) pid=51765 stat=onproc
flags process=100010<SUGID,PLEDGE> proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000222b5520,0xffff8000222b4270
process=0xffff8000fffecfc8 user=0xffff80002237d000,
vmspace=0xffffff03c12e9
c70
estcpu=36, cpticks=110340, pctcpu=13.31
user=0, sys=110290, intr=0
ddb{4}> show registers
rdi 0x313679 acpi_pdirpa+0x2ff4e1
rsi 0x20656874203a7374
rbp 0xffff800022382510
rbx 0xffff8000223824d0
rdx 0x11f010 acpi_pdirpa+0x10ae78
rcx 0
rax 0xffffff01189c9c80
r8 0x3
r9 0xa0000 acpi_pdirpa+0x8be68
r10 0x843d1fe10f0343b5
r11 0x871ebb2341e37234
r12 0xffffff036df6f800
r13 0xffff800000b85f00
r14 0xffffff036df6f560
r15 0x20000000
rip 0xffffffff81253ea2 uvm_unmap_remove+0x212
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000223824c0
ss 0x10
uvm_unmap_remove+0x212: movq 0x100(%r13),%r8
ddb{4}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
17768 177047 33715 1000 3 0x100082 netio vmctl
29298 159270 33715 1000 3 0x100082 select ssh
64908 229787 65965 107 3 0x100090 fsleep vmd
*64908 51765 65965 107 7 0x4100010 vmd
64908 303902 65965 107 3 0x4100090 kqread vmd
13897 386612 33715 1000 3 0x100082 kqread cu
73064 419314 33715 1000 3 0x100082 select ssh
4542 45446 33715 1000 3 0x100082 select ssh
68055 103187 65965 107 3 0x100090 fsleep vmd
68055 234837 65965 107 7 0x4100010 vmd
68055 264629 65965 107 3 0x4100090 kqread vmd
52273 63673 33715 1000 3 0x100082 kqread cu
66423 519194 65965 107 3 0x100090 fsleep vmd
66423 290968 65965 107 7 0x4100010 vmd
66423 87324 65965 107 3 0x4100090 kqread vmd
99721 216090 33715 1000 3 0x100082 kqread cu
94925 180901 59444 1000 3 0x100083 ttyin ksh
59444 245156 97608 1000 3 0x90 select sshd
97608 190596 7060 0 3 0x92 poll sshd
33715 486116 47331 1000 3 0x82 thrsleep syz-manager
33715 476656 47331 1000 3 0x4000082 nanosleep syz-manager
33715 250648 47331 1000 3 0x4000082 thrsleep syz-manager
33715 416559 47331 1000 3 0x4000082 thrsleep syz-manager
33715 446496 47331 1000 3 0x4000082 thrsleep syz-manager
33715 28430 47331 1000 3 0x4000082 wait syz-manager
33715 416959 47331 1000 3 0x4000082 thrsleep syz-manager
33715 35863 47331 1000 3 0x4000082 thrsleep syz-manager
33715 12026 47331 1000 3 0x4000082 thrsleep syz-manager
33715 50683 47331 1000 3 0x4000082 thrsleep syz-manager
33715 263314 47331 1000 3 0x4000082 thrsleep syz-manager
33715 270714 47331 1000 3 0x4000082 thrsleep syz-manager
33715 504545 47331 1000 3 0x4000082 thrsleep syz-manager
33715 37212 47331 1000 3 0x4000082 thrsleep syz-manager
33715 487285 47331 1000 3 0x4000082 kqread syz-manager
33715 367916 47331 1000 3 0x4000082 thrsleep syz-manager
33715 365101 47331 1000 3 0x4000082 thrsleep syz-manager
33715 175614 47331 1000 3 0x4000082 thrsleep syz-manager
33715 86128 47331 1000 3 0x4000082 thrsleep syz-manager
33715 243048 47331 1000 3 0x4000082 thrsleep syz-manager
33715 65128 47331 1000 3 0x4000082 thrsleep syz-manager
7782 391573 1 0 3 0x100083 ttyin getty
61355 476277 1 0 3 0x100098 poll cron
62279 9994 1 1000 3 0x100083 piperd tee
47331 338961 1 1000 3 0x4000083 thrsleep syz-ci
47331 88809 1 1000 3 0x4000083 thrsleep syz-ci
47331 357835 1 1000 3 0x4000083 thrsleep syz-ci
47331 86428 1 1000 3 0x4000083 thrsleep syz-ci
47331 516817 1 1000 3 0x4000083 thrsleep syz-ci
47331 307439 1 1000 3 0x4000083 kqread syz-ci
47331 280879 1 1000 3 0x4000083 thrsleep syz-ci
47331 425939 1 1000 3 0x4000083 thrsleep syz-ci
47331 40398 1 1000 3 0x4000083 thrsleep syz-ci
47331 148862 1 1000 3 0x4000083 thrsleep syz-ci
47331 58299 1 1000 3 0x4000083 thrsleep syz-ci
ddb{4}> machine ddbcpu 0
Stopped at x86_ipi_db+0x12: popq %r11
ddb{0}> bt
x86_ipi_db(9888e7051bef5684) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi(4,ffffffff81caaff0,0,0,0,0) at Xresume_lapic_ipi+0x23
_kernel_lock(bb9edee8e5f890c3,0) at _kernel_lock+0xa2
Xsoftclock(0,0,1388,0,ffff8000000229e0,ffffffff81cab6b0) at Xsoftclock+0x1f
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(0) at sched_idle+0x245
end trace frame: 0x0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x12: popq %r11
ddb{1}> bt
x86_ipi_db(9888e7051bef5684) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi(0,0,1388,0,ffff800000022a40,ffff8000220116b0) at
Xresume_lapi
c_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(0) at sched_idle+0x245
end trace frame: 0x0, count: -5
ddb{1}> machine ddbcpu 2
Stopped at x86_ipi_db+0x12: popq %r11
ddb{2}> bt
x86_ipi_db(9888e7051bef5684) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi(0,ffff800022019ff0,1fc5e1c31188,0,360,ffff8000222b52c8)
at Xr
esume_lapic_ipi+0x23
_kernel_lock(3871e5d148df7b3d,0) at _kernel_lock+0xa2
Xsyscall(0,36,ffff,36,1fc2fafb52d0,1fc2faf35000) at Xsyscall+0x128
end of kernel
end trace frame: 0x1fc5e1c311f0, count: -5
ddb{2}> machine ddbcpu 3
Stopped at x86_ipi_db+0x12: popq %r11
ddb{3}> bt
x86_ipi_db(9888e7051bef5684) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi(0,0,1388,0,ffff800000022ac0,ffff8000220236b0) at
Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(0) at sched_idle+0x245
end trace frame: 0x0, count: -5
ddb{3}> machine ddbcpu 4
Stopped at uvm_unmap_remove+0x212: movq 0x100(%r13),%r8
ddb{4}> bt
uvm_unmap_remove(c05f7f8cd1633180,ffffff036f57f5a8,ffff800000b85f00,ffffff036f57f598,ffff8000222b8040,0)
at uvm_unmap_remove+0x212
uvm_map_deallocate(415efd243b54d319) at uvm_map_deallocate+0x5e
vm_teardown(ffffff036f57f3d8) at vm_teardown+0xf0
vm_run(a186e3e68e0c8d2d) at vm_run+0x226
VOP_IOCTL(d3bfd0b457c4b224,ffffff03c9c6f5f0,32269d81b8d394bf,ffff8000222b4968,f
fffff043f7ca420,3) at VOP_IOCTL+0x5a
vn_ioctl(d3bfd0b4579725f3,ffffff03ca9e15b0,ffff8000222b4968,20) at
vn_ioctl+0x6b
sys_ioctl(7867d986861f8ba2,360,ffff8000222b4968) at sys_ioctl+0x3ec
syscall(3871e5d148df7b3d) at syscall+0x32a
Xsyscall(0,36,0,36,1fc2fafb52d0,1fc2faf35000) at Xsyscall+0x128
end of kernel
end trace frame: 0x1fc5a67a25b0, count: -9
ddb{4}> machine ddbcpu 5
Stopped at x86_ipi_db+0x12: popq %r11
ddb{5}> bt
x86_ipi_db(9888e7051bef5684) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi(0,ffff800022034ff0,3,0,ffff8000222bb300,ffff) at
Xresume_lapi
c_ipi+0x23
_kernel_lock(c63b1b9f2bc06c11,ffffff036f57fd60) at _kernel_lock+0xa2
vm_run(a186e3e68e0c8d2d) at vm_run+0x1d2
VOP_IOCTL(d3bfd0b457c4b224,ffffff03c9c6f5f0,32269d81b8d394bf,ffff8000222b5c28,f
fffff043f7ca420,ffff800000000003) at VOP_IOCTL+0x5a
vn_ioctl(d3bfd0b4579725f3,ffffff03ca9e15b0,ffff8000222b5c28,20) at
vn_ioctl+0x6
b
sys_ioctl(7867d986861f8ba2,360,ffff8000222b5c28) at sys_ioctl+0x3ec
syscall(3871e5d148df7b3d) at syscall+0x32a
Xsyscall(0,36,0,36,1fc2fafb52d0,1fc2faf35000) at Xsyscall+0x128
end of kernel
end trace frame: 0x1fc551bac200, count: -10
ddb{5}> machine ddbcpu 6
Stopped at x86_ipi_db+0x12: popq %r11
ddb{6}> bt
x86_ipi_db(9888e7051bef5684) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi(0,ffff80002203dff0,7f7ffffc9bf8,0,480,ffff8000ffff52d0)
at Xr
esume_lapic_ipi+0x23
_kernel_lock(3871e5d148df7b3d,0) at _kernel_lock+0xa2
Xsyscall(6,48,0,48,0,1fc566b13000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc9c50, count: -5
ddb{6}> machine ddbcpu 7
Stopped at x86_ipi_db+0x12: popq %r11
ddb{7}> bt
x86_ipi_db(9888e7051bef5684) at x86_ipi_db+0x12
x86_ipi_handler() at x86_ipi_handler+0x80
Xresume_lapic_ipi(c,ffff800022046ff0,ffffff03cafd5d10,0,0,ffff8000ffff4970)
at X
resume_lapic_ipi+0x23
___mp_acquire_count(aab85f2c4e340760,202) at ___mp_acquire_count+0x82
mi_switch() at mi_switch+0x284
sleep_finish(b8227d1459d2e769,ffff800022137ef0) at sleep_finish+0x7f
sleep_finish_all(f363755936598ca5,ffff800022137ef0) at sleep_finish_all+0x1f
tsleep(56cd3baa1ab2dd67,ffffff03c068af10,ffff800022138020,40) at tsleep+0xcd
kqueue_scan(a4ff20195ce2b8b4,ffffff03c068af08,0,ffff800022138350,ffff8000221383
40,ffff8000ffff4970) at kqueue_scan+0x50c
sys_kevent(92645263b4dc28f5,480,ffff8000ffff4970) at sys_kevent+0x2e4
syscall(3871e5d148df7b3d) at syscall+0x32a
Xsyscall(6,48,7f7ffffbc0b0,48,0,1ff891659800) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffbc070, count: -12
db{7}> show uvm
Current UVM status:
pagesize=4096 (0x1000), pagemask=0xfff, pageshift=12
4063023 VM pages: 265502 active, 139594 inactive, 0 wired, 3327460 free
(415936 zero)
min 10% (25) anon, 10% (25) vnode, 5% (12) vtext
freemin=135434, free-target=180578, inactive-target=0, wired-max=1354341
faults=17279190, traps=14877979, intrs=318590, ctxswitch=21541542
fpuswitch=0
softint=3656393, syscalls=717172451, kmapent=11
fault counts:
noram=0, noanon=0, noamap=0, pgwait=0, pgrele=0
ok relocks(total)=270683(270972), anget(retries)=1142214(0),
amapcopy=1090269
neighbor anon/obj pg=1081273/943385, gets(lock/unlock)=580101/270972
cases: anon=1061886, anoncow=80328, obj=535237, prcopy=44575,
przero=15557157
daemon and swap counts:
woke=0, revs=0, scans=0, obscans=0, anscans=0
busy=0, freed=0, reactivate=0, deactivate=0
pageouts=0, pending=0, nswget=0
nswapdev=1
swpages=262143, swpginuse=0, swpgonly=0 paging=0
kernel pointers:
objs(kern)=0xffffffff81d02098
SeaBIOS (version 1.8.2-20171012_061934-google)
Total RAM Size = 0x0000000400000000 = 16384 MiB
CPUs found: 8 Max CPUs supported: 8
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=20971520 = 10240 MiB
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=2097152000 = 1024000 MiB
drive 0x000f2be0: PCHS=0/0/0 translation=lba LCHS=1024/255/63 s=20971520
drive 0x000f2ba0: PCHS=0/0/0 translation=lba LCHS=1024/255/63 s=2097152000
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.41
boot>
[ using 2123928 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2018 OpenBSD. All rights reserved.
https://www.OpenBSD.org
OpenBSD 6.4-current (GENERIC.MP) #410: Mon Oct 29 12:13:42 MDT 2018
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17163079680 (16367MB)
avail mem = 16633655296 (15863MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xbffffcf0 (20 entries)
bios0: vendor Google version "Google" date 01/01/2011
bios0: Google Google Compute Engine
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC WAET SRAT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU @ 2.30GHz, 2300.67 MHz, 06-3f-00
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 999MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.87 MHz, 06-3f-00
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.87 MHz, 06-3f-00
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.84 MHz, 06-3f-00
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.86 MHz, 06-3f-00
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,XSAVEOPT,MELTDOWN
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 1, core 0, package 0
cpu5 at mainbus0: apid 3 (application processor)
cpu5: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.90 MHz, 06-3f-00
cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,XSAVEOPT,MELTDOWN
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 1, core 1, package 0
cpu6 at mainbus0: apid 5 (application processor)
cpu6: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.87 MHz, 06-3f-00
cpu6:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,XSAVEOPT,MELTDOWN
cpu6: 256KB 64b/line 8-way L2 cache
cpu6: smt 1, core 2, package 0
cpu7 at mainbus0: apid 7 (application processor)
cpu7: Intel(R) Xeon(R) CPU @ 2.30GHz, 2299.89 MHz, 06-3f-00
cpu7:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,XSAVEOPT,MELTDOWN
cpu7: 256KB 64b/line 8-way L2 cache
cpu7: smt 1, core 3, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpicpu2 at acpi0: C1(@1 halt!)
acpicpu3 at acpi0: C1(@1 halt!)
acpicpu4 at acpi0: C1(@1 halt!)
acpicpu5 at acpi0: C1(@1 halt!)
acpicpu6 at acpi0: C1(@1 halt!)
acpicpu7 at acpi0: C1(@1 halt!)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0: _OSC failed
acpicmos0 at acpi0
"QEMU0001" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371AB PIIX4 ISA" rev 0x03
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: SMBus
disabled
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio SCSI" rev 0x00
vioscsi0 at virtio0: qsize 8192
scsibus1 at vioscsi0: 253 targets
sd0 at scsibus1 targ 1 lun 0: <Google, PersistentDisk, 1> SCSI4 0/direct
fixed serial.Google_PersistentDisk_
sd0: 10240MB, 512 bytes/sector, 20971520 sectors, thin
sd1 at scsibus1 targ 2 lun 0: <Google, PersistentDisk, 1> SCSI4 0/direct
fixed serial.Google_PersistentDisk_
sd1: 1024000MB, 512 bytes/sector, 2097152000 sectors, thin
virtio0: msix shared
virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio1: address 42:01:0a:80:00:4a
virtio1: msix per-VQ
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation)
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (321880e53594cb63.a) swap on sd0b dump on sd0b
Automatic boot in progress: starting file system checks.
/dev/sd0a (321880e53594cb63.a): file system is clean; not checking
setting tty flags
pf enabled
hw.smt: 0 -> 1
starting network
vio0: bound to 10.128.0.74 from 169.254.169.254 (42:01:0a:80:00:01)
reordering libraries: done.
starting early daemons: syslogd pflogd ntpd.
starting RPC daemons:.
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd vmd.
+ echo starting syz-ci
starting syz-ci
+ fsck -y /dev/sd1a
** /dev/rsd1a
** File system is clean; not checking
+ mount /syzkaller
+ mkdir -p /syzkaller/ramdisk
+ mount -t mfs -o-s=10G /dev/sd0b /syzkaller/ramdisk
+ chown syzkaller:syzkaller /syzkaller/ramdisk
+ su -l syzkaller
+ << EOF2
+ test -x syz-ci
+ ./syz-ci -config ./config-openbsd.ci
+ tee syz-ci.log
+ 2>&1
starting local daemons: cron.
Tue Oct 30 10:31:16 PDT 2018
OpenBSD/amd64 (ci-openbsd.syzkaller) (tty00)
login: uvm_fault(0xffffffff81d01538, 0xffff800000b86000, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at uvm_unmap_remove+0x212: movq 0x100(%r13),%r8
