kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu May 9 15:54:38 PDT 2019 OpenBSD/amd64 (ci-openbsd-main-3.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. 2019/05/09 15:55:08 fuzzer started 2019/05/09 15:55:12 dialing manager at 10.128.15.235:18446 2019/05/09 15:55:12 syscalls: 320 2019/05/09 15:55:12 code coverage: enabled 2019/05/09 15:55:12 comparison tracing: enabled 2019/05/09 15:55:12 extra coverage: support is not implemented in syzkaller 2019/05/09 15:55:12 setuid sandbox: enabled 2019/05/09 15:55:12 namespace sandbox: support is not implemented in syzkaller 2019/05/09 15:55:12 Android sandbox: support is not implemented in syzkaller 2019/05/09 15:55:12 fault injection: support is not implemented in syzkaller 2019/05/09 15:55:12 leak checking: support is not implemented in syzkaller 2019/05/09 15:55:12 net packet injection: enabled 2019/05/09 15:55:12 net device setup: support is not implemented in syzkaller 15:55:21 executing program 0: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KDMKTONE(r1, 0x20004b08, &(0x7f0000000040)=0x726d8327) ioctl$BIOCSFILDROP(r1, 0x80044279, &(0x7f0000000080)=0x5) connect$inet6(r0, &(0x7f00000000c0)={0x18, 0x3, 0x8, 0x625}, 0xc) r2 = semget(0x1, 0x7, 0x1) semctl$SETVAL(r2, 0x4, 0x8, &(0x7f0000000100)=0x7) ioctl$BIOCSETF(r1, 0x80104267, &(0x7f00000001c0)={0x9, &(0x7f0000000140)=[{0x8, 0x1ff, 0x8, 0x7}, {0x7ff, 0x4, 0x8, 0x8}, {0x9, 0x7fff, 0x1, 0x200}, {0x5d4, 0xbe1f, 0x6, 0x9}, {0x0, 0xdc8, 0x100000001, 0x6}, {0xffc0000000000, 0xfffffffffffffffc, 0x2, 0x1}, {0x47d4, 0x8000, 0x2, 0xa6f3}, {0x401, 0x9bd, 0x7ff, 0xdb7}, {0x4, 0x36, 0x8, 0x7}]}) semctl$IPC_RMID(r2, 0x0, 0x0) ioctl$TIOCGETA(r1, 0x402c7413, &(0x7f0000000200)) ioctl$WSDISPLAYIO_USEFONT(r0, 0x80585750, &(0x7f0000000240)={'./file0\x00', 0x0, 0x325, 0xfffffffffffffffc, 0x0, 0x3f, 0x7, 0x8000, 0x0, 0x0, 0x200}) ioctl$BIOCPROMISC(r1, 0x20004269) getsockname$inet6(r0, &(0x7f00000002c0), &(0x7f0000000300)=0xc) ioctl$KDSETMODE(r0, 0x20004b0a, &(0x7f0000000340)=0x1) connect(r0, &(0x7f0000000380)=@un=@file={0x1, './file0\x00'}, 0xa) clock_gettime(0x4, &(0x7f00000003c0)) fchdir(r1) semctl$IPC_RMID(r2, 0x0, 0x0) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000400)="cf86a0d1e4cf6636220eb0c332a292e2f72c6fd95ee4d45bec1712df30bed529d3c532fd110f07bc276b4d3466b1c0f6d669c22e6a228f238ee7b479892ed452296baa78986cd519c2f490dc2aa9d1dab977afa3e1cb0ab2b6ec47418c5224b2", 0x60}], 0x1) read(r0, &(0x7f00000004c0)=""/110, 0x6e) ioctl$WSDISPLAYIO_SETSCREEN(r1, 0x80045756, &(0x7f0000000540)=0x2) geteuid() semctl$IPC_RMID(r2, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x6, 0x11, r0, 0x0, 0x0) semctl$GETVAL(r2, 0x4, 0x5, &(0x7f0000000580)=""/84) ioctl$FIONREAD(r1, 0x4004667f, &(0x7f0000000600)) open(&(0x7f0000000640)='.\x00', 0x100, 0x111) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000680)={'tap', 0x0}) ioctl$FIONREAD(r1, 0x4004667f, &(0x7f00000006c0)) semget$private(0x0, 0x7, 0x200) ioctl$VT_RELDISP(r1, 0x20007604, &(0x7f0000000700)=0x1) 15:55:21 executing program 1: r0 = fcntl$dupfd(0xffffffffffffff9c, 0xa, 0xffffffffffffffff) ioctl$WSDISPLAYIO_ADDSCREEN(r0, 0x80245753, &(0x7f0000000000)={0x722, './file0\x00', './file0\x00'}) mkdir(&(0x7f0000000040)='./file0\x00', 0x100) ioctl$TIOCMBIS(r0, 0x8004746c, &(0x7f0000000080)=0x3) r1 = fcntl$getown(r0, 0x5) fcntl$lock(r0, 0xf, &(0x7f00000000c0)={0x0, 0x0, 0x614, 0x1000, r1}) r2 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x98) unlinkat(r2, &(0x7f0000000140)='./file0\x00', 0x8) ioctl$TIOCGETD(r2, 0x4004741a, &(0x7f0000000180)) chflags(&(0x7f00000001c0)='./file0\x00', 0x1) ioctl$VT_SETMODE(r0, 0x80087602, &(0x7f0000000200)={0x0, 0x0, 0x5c, 0x0, 0xbd}) mknod(&(0x7f0000000240)='./file0\x00', 0xc030, 0x3) close(r0) bind$unix(r0, &(0x7f0000000280)=@abs={0x1, 0x0, 0x2}, 0x8) fchflags(r2, 0x10000) mkdirat(r2, &(0x7f00000002c0)='./file0\x00', 0xa0) fcntl$lock(r0, 0xf, &(0x7f0000000300)={0x0, 0x3, 0x40, 0xffffffffffffff80, r1}) r3 = openat$tty(0xffffffffffffff9c, &(0x7f0000000340)='/dev/tty\x00', 0x0, 0x0) r4 = shmget$private(0x0, 0x2000, 0x410, &(0x7f0000ffb000/0x2000)=nil) r5 = shmat(r4, &(0x7f0000ffe000/0x2000)=nil, 0x1000) setsockopt$sock_timeval(r2, 0xffff, 0x1007, &(0x7f0000000380)={0x874c, 0x101}, 0x10) ioctl$WSDISPLAYIO_GETSCREEN(r3, 0xc0245755, &(0x7f00000003c0)={0x9, './file0\x00', './file0\x00'}) fsync(r3) sendto(r0, &(0x7f0000000400)="88ca0545ab51b418b462d8b981be585e4fe30af79fece6af3ed982a670fb1f2c2ce2dde0fef48d6d082953cb8b96c8292f249bc643c393eedca873b6c4a0741b2fd53a90ee75450f56b217e18fe07362409b24ab4a12a77349bf307ffc71fbc4b0245bbc0d5dbd2a2fcaf2deffbd608fdb3c0c5441ce8f09951ad62e09097afc460fce2318e94c50b71d7c520cb175d7e44c648fe03a78c72eec5fdaa5122865ad0644778f142ebb1ce1fd7d1444", 0xae, 0xa, &(0x7f00000004c0)=@un=@abs={0x1, 0x0, 0x3}, 0x8) shmdt(r5) nanosleep(&(0x7f0000000500)={0x0, 0xd93a}, &(0x7f0000000540)) ioctl$WSDISPLAYIO_SVIDEO(r2, 0x80045745, &(0x7f0000000580)=0x1) write(r2, &(0x7f00000005c0)="6ac5b1210de2f68f4661002c74de4b2b9b25d47e4d2896674d9859f76b11641f2fc675119f432cde2f701efeece6318689c10f8656f823c7d5a3f8d5bf16fe44e9e694eaec9e925d6e6b709582d3b1c75e2a409239ba3f17cf2118414d6c449be1204e8a2f031a1cb9d31d1f49c6be7b6fe8e87749915faaba807f347dc5eb39c6fda8ca5c5b270b54ffd1fb6449ddd28b166963916655f4e7b30dd1a70b933ca3f030d622125321e5651c33a9ed694286731bb673e199a3b103b8a22bf34bd0", 0xc0) truncate(&(0x7f0000000680)='./file0\x00', 0x6) mkdir(&(0x7f00000006c0)='./file0\x00', 0x0) 15:55:22 executing program 1: pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x10004) ioctl$BIOCGDIRFILT(r0, 0x4004427c, &(0x7f0000000080)) r1 = semget(0x2, 0x0, 0x0) semctl$SETVAL(r1, 0x4, 0x8, &(0x7f0000000000)) msgget(0x2, 0x80) 15:55:22 executing program 1: r0 = open(&(0x7f0000000080)='./file0\x00', 0x200, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4, 0x8090, r0, 0x0, 0x0) r1 = msgget$private(0x0, 0x200) msgrcv(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="54ef7a42088c658f0000000000000000000000000000000000000000000000050000005c010000000000000099cb000000000000000000000000000059f8c67742949e4414bf002d588e0d0d5f10fa93dc94cd627634b23a57dbb3c1b555fc7d0a2e9c9d0a785654a9c16427270306c95f73d55c93fd4b303b54b383443e6a2dfce3c8473be26f50498289be179e95429a57bdb08d988de097695711099b880b81145526939dc772c9147633f062ab25c0f36f6685cd17267e13d061f5219ac2033dff98215eb726c4b0263e5c3610dea7b48e2c83edb8c553b8027ddca6ab678a75408be241fc450416d10822292a67c023befbdd3b817c7cc9fae2414548fc1fa1b7ef526e"], 0x1, 0xfffffffffffffffc, 0x1000) linkat(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00', 0x4) msgctl$IPC_SET(r1, 0x1, &(0x7f0000000180)={{0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x10f7, 0x1, 0x0, 0x0, 0x3, 0x11af4000, 0xc38}) 15:55:23 executing program 0: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40000000000200, 0x0) getpeername(r0, &(0x7f0000000140)=@un=@abs, &(0x7f0000000180)=0x8) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000001640)=""/247, 0xffffffcc}], 0x1, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x611, 0x0) r3 = geteuid() getgroups(0x2, &(0x7f00000002c0)=[0x0, 0xffffffffffffffff]) chown(&(0x7f0000000280)='./file1\x00', r3, r4) fcntl$setstatus(r2, 0x4, 0x80) pwritev(r2, &(0x7f00000003c0), 0x273, 0x0) getsockopt$sock_cred(r2, 0xffff, 0x1022, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000340)=0xc) r6 = semget(0x1, 0x4, 0x40) semctl$SETVAL(r6, 0x7, 0x8, &(0x7f00000003c0)=0x7fffffff) getgroups(0x1, &(0x7f0000000380)=[r5]) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x5, 0x10, r1, 0x0, 0x0) r7 = semget$private(0x0, 0x1, 0x160) semctl$SETVAL(r7, 0x0, 0x8, &(0x7f00000001c0)=0x81) r8 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_linger(r8, 0xffff, 0x80, &(0x7f0000000000), &(0x7f00000000c0)=0x8) semctl$GETALL(r7, 0x0, 0x6, &(0x7f0000000200)=""/25) close(r8) semctl$GETVAL(r7, 0x3, 0x5, &(0x7f0000000400)=""/7) ioctl$WSKBDIO_SETMODE(r0, 0x80045713, &(0x7f0000000240)=0x1) 15:55:23 executing program 1: getsockopt$SO_PEERCRED(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000040)={0x0, 0x0}, 0xc) getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xc) chown(&(0x7f0000000000)='./file0\x00', r0, r1) socket$inet(0x2, 0x3, 0x102) 15:55:23 executing program 1: open(&(0x7f0000000080)='./file0\x00', 0x40000000000200, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000001640)=""/247, 0xffffffcc}], 0x1, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x611, 0x0) fcntl$setstatus(r1, 0x4, 0x80) pwritev(r1, &(0x7f00000003c0), 0x273, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x5, 0x10, r0, 0x0, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_linger(r2, 0xffff, 0x80, &(0x7f0000000140), 0x8) close(r2) fcntl$setflags(r1, 0x2, 0x1) 15:55:23 executing program 0: setreuid(0x0, 0xee00) r0 = socket(0x800000018, 0x1, 0x0) kevent(0xffffffffffffffff, &(0x7f0000000080)=[{{r0}, 0x0, 0x40000, 0x0, 0x100000000000000}], 0x0, 0x0, 0x0, 0x0) bind$unix(r0, &(0x7f0000000080)=@abs={0x1f95d27d48731892, 0x7}, 0x1c) 15:55:23 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0xb7ec824b014188fc, r0) r2 = semget(0x1, 0x2, 0x1) semctl$IPC_RMID(r2, 0x0, 0x0) fchmodat(r1, &(0x7f0000000080)='./file0\x00', 0x15f, 0x2) chroot(&(0x7f0000000000)='./file0\x00') socketpair(0x3, 0x1, 0xffffffffffffffb2, &(0x7f00000000c0)) setsockopt$inet_opts(r0, 0x0, 0x100000000000000a, &(0x7f0000000040)='\x00', 0x1) fcntl$dupfd(r0, 0x0, r0) 15:55:23 executing program 0: syz_open_pts() r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) fsync(r1) ioctl$WSDISPLAYIO_LDFONT(r1, 0x8058574d, &(0x7f0000000000)={'./file0\x00', 0x80d6, 0x7, 0x10000000000, 0x0, 0x80000000, 0x100, 0x1f, 0x1, 0x2, 0x0, 0x800}) openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/wsmouse\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$TIOCFLUSH(0xffffffffffffffff, 0x8020697a, &(0x7f00000000c0)) 15:55:23 executing program 1: mknod(&(0x7f0000000180)='./file0\x00', 0x1000000000002020, 0x800000006d2) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = kqueue() kevent(r1, &(0x7f0000000300)=[{{r0}, 0xfffffffffffffffe, 0x1}], 0x3, 0x0, 0x0, 0x0) ioctl$FIOGETOWN(r1, 0x4004667b, &(0x7f00000000c0)) r2 = kqueue() read(r0, &(0x7f0000000000)=""/125, 0x7d) kevent(r2, &(0x7f00000000c0), 0x7f, 0x0, 0x100, 0x0) close(r1) 15:55:23 executing program 0: setrlimit(0x8, &(0x7f0000000040)={0x7, 0x91}) r0 = syz_open_pts() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r2, 0x1) close(r0) setrlimit(0x5, &(0x7f0000000000)={0x10001, 0xdded}) msgget(0x1, 0x120) syz_open_pts() shutdown(r1, 0x2) ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000180)={0xfffffffffffffffd, 0x7, 0xc6a, 0xfffffeffefffffbb, "249900e58d03c7f10000efffffd4ff008d90156f", 0x81, 0x3}) write(r0, &(0x7f0000000140)="68e92b98fd0ef23000", 0x9) 15:55:23 executing program 0: r0 = syz_open_pts() mknod(&(0x7f0000000040)='./bus\x00', 0x3a0914c44f7b202c, 0x501) syz_open_pts() ioctl$BIOCSFILDROP(r0, 0x80044279, &(0x7f0000000300)=0x8) r1 = syz_open_pts() mkdir(&(0x7f0000000000)='./bus\x00', 0x10) open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) syz_open_pts() writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)="7478f013c82d90caabddafb30a68ed485ca2ed9914ac4aa6b2220fce064777b7c5f3738349f882477ea4eb4f50d4a797057d5b699528fa59bbb72ac093cac85eeecf9f2f5125f59e21636f74cdecffd864229d070d23a91de2fd6986d84a4f2f8af11316020b6bdd239796a34d02", 0x6e}, {&(0x7f0000000140)="364d87499cd33c2cd7d5fb2473dee18db6b1fc01de7fc8b19299da8b70a56872f53cfe48171373e09de0d87febde7921e114d3ade52419996918bd8debfb7d348a1402e6ae02cc22e11156ef01cc4efe072c16657bbaaa13d2c5a6d18b439f6a7f51e6e3b4865e922d8edce5390c0b96509f0446050ac78277b1a11a7ca66efb6d403589b3d1d137d8680d1d59b97aadc194b0574cf195ef1d920ab4ed8c41333d79b52ad64641069f475e2cdb27c0fbfe7b8cac0622cd4704c68ffd42fea00018f7f8883d03ee5905208edd1bc68151dd86cee502871066d2e0ce8d964c7db3fdff0b", 0xe3}, {&(0x7f0000000240)="22349cf444195b6b4763daeaa7387667401350681b174228a62da22667952f1257717489c92dd2ba81", 0x29}, {&(0x7f0000000280)="b374a6fb2c2f1eba", 0x8}], 0x4) syz_open_pts() 15:55:23 executing program 0: pledge(0x0, &(0x7f0000000080)='\x00') r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x400000002c2, 0xfffffffffffffffc) chmod(&(0x7f0000000000)='./file0\x00', 0x1) r1 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x100, 0x8) ioctl$BIOCGFILDROP(r1, 0x40044278, &(0x7f0000000100)) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 15:55:24 executing program 1: r0 = kqueue() kevent(r0, &(0x7f0000000200)=[{{}, 0xfffffffffffffffb, 0x29}], 0x8, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000000), 0x4) close(r0) openat$pci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pci\x00', 0x8008, 0x0) 15:55:24 executing program 0: r0 = socket(0x18, 0x3, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x200, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000001640)=""/247, 0xffffffcc}], 0x1, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x611, 0x0) fcntl$setstatus(r2, 0x4, 0x80) pwritev(r2, &(0x7f00000003c0), 0x273, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x5, 0x10, r1, 0x0, 0x0) r3 = socket$inet6(0x18, 0x3, 0x102) getsockname(r3, 0x0, &(0x7f0000000040)) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0xfffffffffffffe59) 15:55:24 executing program 1: openat$pci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pci\x00', 0x0, 0x0) r0 = socket$inet(0x2, 0x7, 0x10001) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)=[&(0x7f0000000080)='\x00', &(0x7f00000000c0)='$^,\x00'], &(0x7f0000000240)=[&(0x7f0000000140)='/dev/pci\x00', &(0x7f0000000180)='@-\x00', &(0x7f00000001c0)='[[\x00', &(0x7f0000000200)='/dev/pci\x00']) shutdown(r0, 0x801003) socket$inet(0x2, 0x5, 0xffffffff) 15:55:24 executing program 1: preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000001640)=""/247, 0xffffffcc}], 0x1, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x611, 0x0) fcntl$setstatus(r0, 0x4, 0x80) pwritev(r0, &(0x7f00000003c0), 0x273, 0x0) r1 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyCcfg\x00', 0x20000, 0x0) ftruncate(r0, 0x0) close(r0) preadv(r1, &(0x7f0000000180)=[{&(0x7f0000000080)=""/240, 0xf0}], 0x1, 0x0) 15:55:24 executing program 0: lstat(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)) r0 = dup(0xffffffffffffff9c) ioctl$BIOCLOCK(r0, 0x20004276) getsockname(r0, &(0x7f0000000300)=@un=@abs, &(0x7f0000000340)=0x8) mknod(&(0x7f0000000100)='./bus\x00', 0x2080002005, 0x40004000000028b1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) unlink(&(0x7f0000000280)='./bus\x00') r1 = open(&(0x7f0000000180)='./bus\x00', 0x401, 0x8) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)="000000186004008b00002b27feffffff000000000000000000000000000000000000000f1000001af0286c00", 0x2c}], 0x1) ioctl$TIOCSTAT(r1, 0x20007465, &(0x7f00000003c0)) setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0x68, &(0x7f00000002c0)={{0x18, 0x2, 0x60f, 0x9}, {0x18, 0x0, 0x3, 0x80}, 0x7fffffff, [0x2, 0x7, 0x80, 0x1, 0x4, 0x8001, 0x0, 0x2]}, 0x3c) setsockopt$sock_int(r1, 0xffff, 0x1017, &(0x7f00000001c0)=0xe62, 0x4) 15:55:24 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x8000, 0x0) getsockopt$sock_cred(r0, 0xffff, 0x1022, 0x0, &(0x7f0000000300)) r1 = socket(0x400000000018, 0x3, 0x0) setsockopt(r1, 0x29, 0x1a, 0x0, 0x0) r2 = dup(r1) ioctl$WSMOUSEIO_GETPARAMS(r2, 0x80105727, &(0x7f0000000140)={&(0x7f0000000100)=[{0x0, 0x991}, {0x86, 0x6}, {0xcf, 0xfffffffffffffff7}, {0x27, 0x7}, {0x2, 0x2}], 0x5}) fcntl$setflags(r1, 0x2, 0x1) getsockopt$sock_int(r1, 0xffff, 0x0, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$WSMOUSEIO_GETPARAMS(r0, 0x80105727, &(0x7f0000000400)={&(0x7f0000000380)=[{0x1a3, 0x1ac6}, {0xc7, 0xfffffffffffffff7}, {0xa7be85bb912d1ff7, 0xff}, {0x20, 0x5}, {0x43}, {0xa7, 0xfffffffffffffffc}, {0x4, 0xffffffff}, {0x67, 0x8001}, {0x0, 0x4}], 0x9}) ioctl$BIOCGHDRCMPLT(r2, 0x40044274, &(0x7f0000000340)) setsockopt$sock_int(r2, 0xffff, 0x20, &(0x7f0000000440)=0x7, 0x4) select(0x1c8, &(0x7f0000000180)={0x8, 0x1, 0x2, 0x4, 0x0, 0x101, 0x20, 0x400}, &(0x7f0000000480)={0x9, 0x2, 0x101, 0x5, 0x4, 0x101, 0x1, 0x80000000}, &(0x7f00000004c0)={0x9, 0x8, 0x2, 0xfffffffffffffffc, 0xfffffffffffff680, 0x8, 0x8, 0x10fb}, &(0x7f0000000240)={0x8, 0x3}) ioctl$WSMOUSEIO_GETPARAMS(r2, 0x80105727, &(0x7f00000002c0)={&(0x7f0000000280)=[{0xc7, 0x8}, {0x80}, {0x0, 0x7b}, {0x0, 0xd06}, {0x4, 0x5}], 0x5}) getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, &(0x7f00000001c0), 0xc) setsockopt$sock_int(r1, 0xffff, 0x800, &(0x7f0000000000)=0x5, 0x4) 15:55:24 executing program 0: r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$TIOCSETAF(r0, 0x802c7416, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x10001, "010000000000000000ffffff7f00"}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r1 = socket(0x18, 0x1, 0x0) r2 = getegid() r3 = getegid() setregid(r2, r3) setsockopt(r1, 0x29, 0xb, &(0x7f0000000000)="d5ff9668", 0x4) setsockopt(r1, 0x29, 0x80000000000000d, &(0x7f0000000140)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) 15:55:24 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000140)={0x3, &(0x7f00000000c0)=[{0x64}, {0x200000000000000c}, {0x20006}]}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000100)={'tap', 0x0}) syz_emit_ethernet(0x1, &(0x7f0000000200)="8d") 15:55:24 executing program 0: mknod(&(0x7f0000000040)='./bus\x00', 0x800080002002, 0x5bcc) r0 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) ioctl$TIOCFLUSH(r0, 0x80047410, &(0x7f0000000240)=0x9) r1 = kqueue() ioctl$BIOCSDIRFILT(r0, 0x8004427d, &(0x7f00000001c0)=0xfffffffffffffffa) kevent(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)=[{{r0}, 0xfffffffffffffffe, 0x37}], 0x0, 0x0) kevent(r1, &(0x7f0000000080)=[{{r1}, 0xffffffffffffffff, 0x20, 0x20000000, 0x0, 0x7}, {{r0}, 0x0, 0x8, 0x60000008, 0xfffffffffffffffb, 0x48d8000}, {{r1}, 0xffffffffffffffff, 0x8c, 0xa0, 0x9}], 0x100000000, &(0x7f0000000140)=[{{r0}, 0xfffffffffffffffd, 0x21, 0x2, 0x8, 0x5}, {{r1}, 0xfffffffffffffffb, 0x2, 0xb, 0x7, 0x9}, {{r0}, 0xfffffffffffffffd, 0x8, 0x81, 0x7a, 0x4}], 0x6, &(0x7f0000000000)={0x1}) mknod(&(0x7f0000000200)='./file0\x00', 0x1, 0xffff) kevent(r1, &(0x7f0000000000), 0x66, 0x0, 0x81, 0x0) kevent(r1, 0x0, 0x0, 0x0, 0x8000, 0x0) 15:55:24 executing program 1: r0 = shmget$private(0x0, 0x3000, 0x7af, &(0x7f0000ffa000/0x3000)=nil) shmctl$SHM_UNLOCK(r0, 0x4) r1 = socket$inet(0x2, 0x2, 0x0) r2 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r2, 0x80104267, &(0x7f0000000040)={0x3, &(0x7f0000000100)=[{0x74}, {0x6c}, {0x6}]}) ioctl$BIOCSETIF(r2, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) setsockopt$inet_opts(r1, 0x0, 0x1, &(0x7f0000000080)="0ace8d35e64cc0a70d8e", 0xa) syz_emit_ethernet(0x1, &(0x7f0000000180)="8d") shmat(r0, &(0x7f0000ff9000/0x3000)=nil, 0x1000) r3 = shmat(r0, &(0x7f0000ff8000/0x3000)=nil, 0x3000) shmdt(r3) 15:55:24 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000280)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x20}, {0xfffffffffffffffe}]}) sync() ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) syz_emit_ethernet(0x1b3, &(0x7f0000000480)="71548cf94d7910ed2500afd19ddf8dc41fbbb546d052a70db7bba8ed4d1991287b234a1f42bca5b126da604bb1988c3d63cbdf8c1c07554f2af853d71612cc6a1cae15abd91d9270ac8be8ca0086cbe0bae277062944ce7376afd9e894f49bf431aac91e6ec0ee342170ffbb3fd7cbb933662aaab2a5a3e8eb4bc38b984a4f0acca0707bc72878fb78e1f66d2e6e7b54b988bd0edfd94addf418938e4972628a97770db33e2d339cedcc348059cfcf3cf78c7b7c1f99bfefde8710f21f348af3f785b8e16450d5a5f953350fad9bc8e4c1a5e1804dd249a3cf8c56bf58c5eda5b167ab4009727f3ea911e7e43f89510a8f27f984f8fafa376b69131b92de82e901043455bea4d0a3b118b13495d0926fe60fad347a4409ccd00f30984e2fd161fb1adc21554405e4638cfe807e972d7784325effea6109a196baf1197390def60437dd16832658fa6aadeb65ac189e468a3cb51f7a8424c17537d83f7f89c4e3c154c7754d8ed352685f84caa73986ee93ef83342ecbcc0170332f84a138a7fad4912cf96c2ee806944788a00dc16f189d1d038c3d75d4f5aab7eca81f91f869c981fec6fb203c7cc91b3e39b01fd0bdf8f439") 15:55:24 executing program 1: ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000000c0)={'tap', 0x0}) ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, &(0x7f0000000080)={0x3, &(0x7f0000000140)=[{0x2d}, {0x80}, {0x8000000000000006}]}) syz_emit_ethernet(0x1, &(0x7f00000002c0)="8b") 15:55:25 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000100)={'tap', 0x0}) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f00000000c0)={0x8, &(0x7f0000000040)=[{0x0, 0x40, 0x7, 0xffa6}, {0x3c0dd74b, 0x6, 0x6, 0x1}, {0x0, 0x3, 0x1f, 0x6}, {0x6, 0x1, 0x5}, {0x5, 0xfffffffffffffff8, 0x3331b05a, 0x8001}, {0x7, 0x7fff, 0x800, 0xac2}, {0xfffffffffffffff7, 0x3ff, 0xdf2a, 0x3}, {0x8, 0x6, 0x10000, 0xfff}]}) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x1d}, {0x4000000005c}, {0x6}]}) syz_emit_ethernet(0x1, &(0x7f00000002c0)="8b") 15:55:25 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bpf\x00', 0x0, 0x0) r1 = semget$private(0x0, 0x0, 0x210) semop(r1, &(0x7f0000000040)=[{0x3, 0x3, 0x1000}, {0x3, 0xd53f, 0x800}], 0x2) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000100)={0x3, &(0x7f0000000140)=[{0x28}, {0x10074}, {0x6}]}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) syz_emit_ethernet(0x2, &(0x7f00000000c0)="8f73") 15:55:25 executing program 1: mknod(&(0x7f0000000080)='./file0\x00', 0x80002005, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) kqueue() dup2(r0, r0) 15:55:25 executing program 0: mknod(&(0x7f0000000000)='./bus\x00', 0x8000, 0x86139) r0 = open(&(0x7f0000000040)='./bus\x00', 0x2, 0x0) r1 = getgid() setegid(r1) pwritev(r0, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xff20}], 0x100000000000005e, 0x0) close(r0) 15:55:25 executing program 1: mknod(&(0x7f0000000080)='./file0\x00', 0x2040, 0x615) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0xa, r0) r3 = dup2(r1, r1) r4 = kqueue() close(r2) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$TIOCGFLAGS(r3, 0x4004745d, &(0x7f0000000040)) kevent(r4, &(0x7f0000000100)=[{{r0}, 0xfffffffffffffffa, 0x4, 0x80, 0x200, 0x3}], 0x3, 0x0, 0x4, 0x0) dup2(r1, r4) 15:55:25 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{0x4}]}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180, 0x4) ioctl$TIOCSBRK(r1, 0x2000747b) 15:55:25 executing program 1: syz_open_pts() kevent(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0) nanosleep(&(0x7f00000000c0)={0xf0, 0xfffffffffffffffe}, 0x0) r0 = kqueue() kevent(r0, &(0x7f00000000c0), 0xf8b4, 0x0, 0x10000fe, 0x0) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x23, 0x8) r2 = openat(r1, &(0x7f0000000040)='./file0\x00', 0x800, 0x82) ioctl$BIOCGFILDROP(r2, 0x40044278, &(0x7f0000000080)) kevent(r0, 0x0, 0x0, &(0x7f0000000080), 0x1f, 0x0) 15:55:25 executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x602, 0x18a) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000040)={0x9, &(0x7f0000000240)=[{0x2400, 0x0, 0x8b7d, 0x3}, {0x7fff, 0x80000000, 0x3a42, 0x100000000}, {0x8, 0xc0, 0x82, 0x1}, {0x5, 0x8, 0x1, 0x1}, {0x80b, 0x3f, 0x2000000000, 0x200}, {0x1000, 0x2, 0x2, 0xffffffffffffff00}, {0x8db9, 0x8, 0x1f, 0x8}, {0xfff, 0x2, 0x4, 0x3}, {0x1, 0x3, 0x40, 0xf6b}]}) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r1, 0x80104267, &(0x7f0000000140)={0x3, &(0x7f00000000c0)=[{0x84}, {0x3c}, {0x6}]}) ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f0000000100)={'tap', 0x0}) syz_emit_ethernet(0x1, &(0x7f0000000200)="8d") 15:55:26 executing program 0: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat(r0, &(0x7f0000000200)='./file0/file0\x00', 0x7) r1 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f00000004c0)="90c3fe67eb586898600425f2f573e0d1ac83c18d65c8e22066c0d389fe894a974c8d45aaf9d2e7ae9fed58938ea6ac68a0b0632688ca0fab3647175abf22fea120c9b3bb77ca60c128295bf234505356095dbf9e50a4a5079723b57fed8ef0a251b91e67e1f5d347d5b668a390a25beea3962e7c10b8d9f53f5c82b5eacc26757d14f2fa6be9a2cbb2cfacc5e906dfd1e3208364bbc454327b6a1522c332ea628b8cb672e9e7247818f970e017c7cb9303e6b505059f34d3fb9df3993b7535fa269859e24b2802782224d7d5c13c21d4eee4f8621037c3d78695ad9a278978b26c46049befba997acb9ac407791cdf6046f9f71e36d09827a4493c17a0921dc38af76420c885862413c6ed4f7fe335a5547ee2d7c65d735b189214606da83f9be40faef7438cbfe1ed0439c46106672cda99d1c3471259d08198e13683ef6b08d5c54bfb991dcca6919362e1a0b65844e9194c2d7fd257281fbcae0694eb4c1e7121b6a2c19d7c82054126e2146349c1c8489aada96f3a84001b5b8d93dfcfb7774d55d9fb631e11", 0x188}], 0x1, 0x0) accept$inet6(r1, &(0x7f0000000100), &(0x7f0000000140)=0xc) mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x5, 0x10, r1, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mkdir(&(0x7f0000000000)='./file0/file0\x00', 0x38) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mkdir(&(0x7f0000000080)='./file0/file0\x00', 0x0) chmod(&(0x7f0000000240)='./file0/file0\x00', 0x82) rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00') open(&(0x7f0000000080)='./file0\x00', 0x60e, 0x0) 15:55:26 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000140)={0x1ffffffffffffd98, &(0x7f0000000040)=[{0x4, 0x4, 0x0, 0x10000}, {0x3, 0x7, 0xfffffffffffffffb, 0x4}, {0x20, 0x0, 0x80000000, 0x9}, {0x40, 0x2, 0x7, 0xb0}, {0x5, 0x81, 0x401, 0x5fa}, {0x7, 0x3, 0xfffffffffffffffc, 0xd6e0}, {0xcc14, 0x2, 0x7, 0x1b2}]}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) syz_emit_ethernet(0x1, &(0x7f0000000200)="8d") 15:55:26 executing program 0: setrlimit(0x8, &(0x7f0000000040)={0x7, 0x95}) r0 = syz_open_pts() close(r0) syz_open_pts() r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x200, 0xa) ioctl$VT_WAITACTIVE(r1, 0x20007606, &(0x7f00000000c0)=0x20000000000000) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000680)="e3dafd0d690f201127848fe5a144e4cc535324db86e815ca0fb0bbaab3e9dbc52c447c7fece68db0b86d4c4945a3277c786d9dbcbd4372d6927d46298a2a24620976f11ca44257d58b1a7bb5a4b0eb0741d6ad46248fe44b6fa8c4cdfb8c042fefe6e83d9d590a1e7b9977b91065883515d23dfacc221805315845073a524d20bb1a950052ea959958759784774bbcba239ddd7963a7e345736b3b598bce3c80a8f78031f4705b6c0362d3ea25af600862baa453ec4bda5b76dd281faf1b24e09469f4fdc1785cedd97a06631491bbe89bfa6f004a752dfd00687aff035fe8349a61c5e81b165995f8f840599817446aaf458d9c9910328a47bb08a2c3867859b79e70e9d98914dd0a572cb44b3fc98500551ea6ae7f3169a6ec078de5408d968a3f4907ac2a46f4ae380d5788bbcdcc0062c6c9b86fb6d6c846c2cac82332c6dd0581f03b557b6bdb59502da41dae40134c33df1071e59f4527c088e9552a6d915db9d1b58214de912cf51ed0e32c29bd0dc0321c0be1070520eff580980355cf735c041c2cbf63e8c5fe7106f0c6a2a0cf81c540dfa5af51f93694b629e85fa266b315cf4d2c633c5c503f66b57c7fd90fe22cc1b850dbfac0e3a420f2b1fa115623dc4348a9303ca2671fd77c2ff35df5ca1d6137357b0fbc3b7d52c245d87838b63c676a068de002f41c6ecca35270d9d9cddfa1dd868b563b9a5303833f6c708570cc94431fb02881fcae42e4f8e804d4accec8c9ee1722fcafef7fd8cd6cdea97a6492e4165f017fed9f1381f031ee298de94529ea59df48609e682ffe1e1c92f0b17ab5081dbfd32daf3a5ce4626956eff86cd48991343a66d2f746921a10599cef31830c23d40c61cdce217ec0b6383fbaca4c238f4cd6a908aba8596e3a8cac18aabb9a7451693499a8157cc36d2f1a488e0252e02eef899b2a53cf1992ec260797b530c9ccaeda44a1302a364facd8a4b3999c0c01294ccb6be56b66c24d7f85cbd6cc747179f309a928c6cd4e51efff5c4dda8882a9a271259cea0df3f61c08f6d18ef0a741b3c80e7c687656b219e34bb079f81c5b80eaaa4c4b4af00bcd3e3b0de1e85e41604ab30be5f910c372bba6f0b9fdd8483118d2227961dd0195252ab5a3691d861140ab6774c8dbdef4ef928fe57ed901824d87471b52f7d645a343db21e39939e077e3d3de43abb92c00e305fcc3266296b427941483d2522f790c49dfe0bde885a69c7c46e839b6081b209b29f92a62f1a25a64acbd0abde46900bffb5c9ca35f65d678a8bc3503451bcf8084e1371b3158cc6ef281445d6b6fc3fadeab305c93a6496a", 0x3af}], 0x1) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000500)="58f846b9c8d4283b02f31e5d56b213b1ee1662f45404c6106fc4e9a503eeb3a3d1e1783226b609623287c7f0001a633204ade1bae72927d4a23b588b6ea10c997067fc64cf77376d4a941d64c72f3488eecf1efe58d03bdb764ba012a32fd7b9d89fdbefec6d9aa1a6e635cdbcf1711e8eaf3727f1e403fffb6e7d9d3b8d7ba8fbea3864553cf0742a0893f6cab722ebed726a56f62b94d38512ef87d30ca9607216d6ea93d0009e5e1538aa639a5bf1482262c170ca7082dc5708d9ed98286a50c985d5b00339e55d04eb0651895b1cd9937042df3979e8bb2cfb9623627278d80323d635d4097ff6788b83d1013c1f5e5745f9a5757d74d13a9d27886e10ed0040d38bb7cac65b49b0faccb78189ed6ef9035c1ed23cdbf09dd70bbb1999005beda6169e07972ebe1cd0e9065d2f12b45a690a2c5415e1d61ccf7d3342d38449ff4933474b5eeda40c5128b53e50e00dd97a81a5b65bda86ec9aa4d115ae5114caae0c142f1dce31090781f6", 0x16d}], 0x1) 15:55:26 executing program 1: mlockall(0x2) mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4) munlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3) 15:55:26 executing program 1: getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000180)={0x0}, 0xc) getsockopt$SO_PEERCRED(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000200)={0x0}, 0xc) setpgid(r0, r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = getppid() mknod(&(0x7f00000001c0)='./file0\x00', 0x1000, 0x0) r5 = open$dir(&(0x7f0000001480)='./file0\x00', 0x2, 0x0) unlinkat(r5, &(0x7f00000000c0)='./file0\x00', 0x8) getpid() shmget(0x0, 0x2000, 0x1, &(0x7f0000ffd000/0x2000)=nil) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) getpeername$unix(r6, &(0x7f0000000040)=@abs, &(0x7f0000000080)=0x8) fcntl$setown(r3, 0x6, r4) fcntl$setown(r5, 0x6, 0x0) setsockopt$inet6_MRT6_ADD_MFC(r6, 0x29, 0x68, &(0x7f0000000100)={{0x18, 0x0, 0x8, 0xc0c}, {0x18, 0x2, 0x5, 0x3}, 0x5, [0x0, 0x0, 0x5, 0xf532, 0x8, 0x361c, 0x2, 0x4]}, 0x3c) chflags(&(0x7f0000000140)='./file0\x00', 0xdf51af3593c4404d) setpgid(r4, r0) 15:55:26 executing program 0: r0 = semget$private(0x0, 0x7, 0x280) semctl$SETALL(r0, 0x0, 0x9, &(0x7f0000000080)=[0x7fff, 0x9b, 0x9, 0x2, 0x0, 0x1, 0x1]) mknod(&(0x7f0000000040)='./file0\x00', 0x2003, 0x1700) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchflags(r1, 0xffffffffffffffff) 15:55:26 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000440)='/dev/bpf\x00', 0xfffffffffffffffc, 0x0) r1 = msgget$private(0x0, 0x20) msgctl$IPC_RMID(r1, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000100)={'tap', 0x0}) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000080)={0x3, &(0x7f0000000180)=[{0x5c}, {0x2c}, {0x6, 0x0, 0x8000000}]}) dup(r0) pipe2(&(0x7f00000001c0), 0x10000) pipe2(&(0x7f0000000200)={0xffffffffffffffff}, 0x10000) r3 = openat(r2, &(0x7f0000000140)='./file0\x00', 0x2c0, 0x80) mkdirat(r3, &(0x7f00000000c0)='./file0\x00', 0xba) syz_emit_ethernet(0x1, &(0x7f0000000480)='\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x80) 15:55:26 executing program 1: r0 = kqueue() setgroups(0x0, &(0x7f0000001a00)) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) kevent(r0, &(0x7f0000000080)=[{{r1}, 0xfffffffffffffffe, 0x5}], 0x1f, 0x0, 0x0, 0x0) kevent(r2, &(0x7f0000001880)=[{{r0}, 0xffffffffffffffff, 0x40, 0x1, 0x3f}, {{r2}, 0xfffffffffffffffd, 0x80, 0x12, 0xffffffff, 0x1ff}, {{r0}, 0xffffffffffffffff, 0x88, 0x2, 0x5, 0x100000001}, {{r0}, 0xffffffffffffffff, 0x81, 0x40000006, 0x7b, 0x9}, {{r2}, 0xffffffffffffffff, 0x88, 0x6, 0x9, 0xd8}], 0xfffffffffffffffa, &(0x7f0000001a80)=[{{r0}, 0xffffffffffffffff, 0x20, 0x2, 0x80000001, 0xffffffff}, {{r1}, 0xfffffffffffffffb, 0x0, 0x8, 0xffff, 0x5}, {{r1}, 0x0, 0xa6, 0x4, 0x3, 0xc5c}, {{r1}, 0xfffffffffffffffd, 0x91, 0x90, 0x2, 0x9}, {{r0}, 0xffffffffffffffff, 0x100000041, 0x8, 0x2, 0x7fffffff}, {{r2}, 0xffffffffffffffff, 0xa0, 0x47, 0x800, 0x3}], 0x0, &(0x7f0000002ec0)={0x5, 0x1}) ioctl$TIOCSETAF(r1, 0x802c7416, &(0x7f0000002f00)={0x7fffffff, 0x3f, 0x3, 0xc6fa, "5ef94ae1529c92d8800208fc19aa2553b2231695", 0x8, 0x20}) ioctl$TIOCSCTTY(r2, 0x20007461) r3 = dup2(r0, r2) open(&(0x7f0000001840)='./file0\x00', 0x100, 0x40) kevent(r0, 0x0, 0x0, &(0x7f00000002c0), 0x1, 0x0) recvmsg(r1, &(0x7f0000002e80)={&(0x7f0000001940)=@in, 0xc, &(0x7f0000002d40)=[{&(0x7f0000001b40)=""/4096, 0x1000}, {&(0x7f0000001980)=""/119, 0x77}, {&(0x7f0000002b40)=""/48, 0x30}, {&(0x7f0000002b80)=""/203, 0xcb}, {&(0x7f0000002c80)=""/133, 0x85}], 0x5, &(0x7f0000002dc0)=""/173, 0xad}, 0x41) kqueue() recvmsg(r2, &(0x7f0000001800)={&(0x7f00000003c0)=@in6, 0xc, &(0x7f0000000780)=[{&(0x7f0000000400)=""/98, 0x62}, {&(0x7f0000000480)=""/132, 0x84}, {&(0x7f0000000540)=""/2, 0x2}, {&(0x7f0000000580)=""/193, 0xc1}, {&(0x7f0000000680)=""/71, 0x47}, {&(0x7f0000000700)=""/123, 0x7b}], 0x6, &(0x7f0000000800)=""/4096, 0x1000}, 0x2) ioctl$VT_GETMODE(r2, 0x40087603, &(0x7f0000001a00)) accept(r2, &(0x7f0000000040)=@in6, &(0x7f00000000c0)=0xc) openat$zero(0xffffffffffffff9c, &(0x7f0000002f40)='/dev/zero\x00', 0x80, 0x0) readv(r3, &(0x7f0000000380)=[{&(0x7f0000000100)=""/119, 0x77}, {&(0x7f0000000180)=""/213, 0xd5}, {&(0x7f0000000280)=""/221, 0xdd}], 0x3) pipe2(&(0x7f0000001a40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x10000) ioctl$TIOCSBRK(r4, 0x2000747b) 15:55:26 executing program 0: r0 = syz_open_pts() ioctl$TIOCSTSTAMP(r0, 0x8008745a, &(0x7f0000000000)={0x6, 0x2}) clock_settime(0x0, 0xffffffffffffffff) 15:55:26 executing program 0: mknod(&(0x7f0000000040)='./bus\x00', 0x3a0914c44f7b202c, 0xd02) r0 = open(&(0x7f0000000180)='./bus\x00', 0x8, 0x146) pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000600)="0921429b9830306075999836d06e6540ccda37a66e8f61e4d5d93ed3f224adabb2acadbbd636b83a8ea9ed18006c12b1f5e99f23aabf1c466023607420cea6f3ffd41c3da0442e71bfbec513bdddc434e57d98d93ee8c1e769068aa5e11ba92b3a6dd4a0a1c28d4df7d996522ceda09dd3d7f71b6b349b9383770892d2cb7739da8b18cd6637847e020dd08bedc92f239912", 0x92}], 0x1, 0x0) ioctl$VT_OPENQRY(r0, 0x40047601, &(0x7f0000000240)) close(r0) r1 = syz_open_pts() writev(r1, &(0x7f0000000480)=[{&(0x7f0000000080)='d', 0x1}], 0x1) fcntl$getown(r1, 0x5) mknod(&(0x7f0000000300)='./file0\x00', 0x1008, 0x20) close(r0) ioctl$TIOCSETD(r1, 0x8004741b, &(0x7f0000000340)=0x4) ioctl$TIOCSETD(r1, 0x8004741b, &(0x7f0000000280)=0x4) getdents(r0, &(0x7f00000004c0)=""/183, 0xb7) ioctl$WSDISPLAYIO_SVIDEO(r0, 0x80045745, &(0x7f0000000440)=0x1) getsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) setgid(r4) setsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f00000003c0)={r2, r3, r4}, 0xc) ioctl$TIOCSTART(r0, 0x2000746e) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0x69, &(0x7f0000000580)={{0x18, 0x0, 0xc000001000000000, 0x400}, {0x18, 0x0, 0x4, 0x1}, 0x5, [0x26, 0x1fffc000000000, 0x0, 0x23, 0xffffffff, 0x8, 0x0, 0x1001]}, 0x3c) socket(0x10, 0x40000004003, 0x0) ioctl$TIOCGETD(r1, 0x4004741a, &(0x7f0000000200)) ioctl$WSDISPLAYIO_LSFONT(r1, 0xc058574e, &(0x7f0000000700)) connect(r0, &(0x7f0000000100)=@un=@abs={0x1, 0x0, 0x2}, 0x8) socket(0x5, 0x82d05ad4eb483af8, 0x100000001) execve(0x0, 0x0, 0x0) r5 = open(&(0x7f00000000c0)='./bus\x00', 0x2, 0x0) pwritev(r5, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xfffffe91}], 0x1, 0x0) pwritev(r0, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xfffffe91}], 0x1, 0x0) syz_execute_func(&(0x7f0000000400)="c0f2ebd1580f622bc4011859700a65f3f1c481fd1183fdfffffff0c5864b00c402fd20116526430fe26000f245adc4e359419b3e00000000") mkdir(&(0x7f0000be0ff8)='./file0\x00', 0x0) login: /: bad dir ino 5 at offset 0: mangled entry panic: bad dir Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *327484 37705 0 0x2 0 0 ifconfig db_enter() at db_enter+0x18 panic() at panic+0x15c ufs_dirbadentry(ffff800014a208a8,ffff800014a208a8,94269d356ab2ad4c) at ufs_dirbadentry VOP_LOOKUP(fffffd803efda000,ffff800014a20950,ffff800014a20910) at VOP_LOOKUP+0x5b unveil_find_cover(fffffd803efda000,ffff8000149fe4c8) at unveil_find_cover+0x139 unveil_add_vnode(ffff8000ffff7078,fffffd803efda000,0) at unveil_add_vnode+0x23c unveil_add(ffff8000149fe4c8,ffff800014a20f18,ffff800014a20fe3) at unveil_add+0x273 sys_unveil(ffff8000149fe4c8,ffff800014a21050,ffff800014a210c0) at sys_unveil+0x405 syscall(ffff800014a21130) at syscall+0x511 Xsyscall(6,72,1,72,7f7ffffd7338,5b827508ac8) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd72c0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic bad dir ddb> trace db_enter() at db_enter+0x18 panic() at panic+0x15c ufs_dirbadentry(ffff800014a208a8,ffff800014a208a8,94269d356ab2ad4c) at ufs_dirbadentry VOP_LOOKUP(fffffd803efda000,ffff800014a20950,ffff800014a20910) at VOP_LOOKUP+0x5b unveil_find_cover(fffffd803efda000,ffff8000149fe4c8) at unveil_find_cover+0x139 unveil_add_vnode(ffff8000ffff7078,fffffd803efda000,0) at unveil_add_vnode+0x23c unveil_add(ffff8000149fe4c8,ffff800014a20f18,ffff800014a20fe3) at unveil_add+0x273 sys_unveil(ffff8000149fe4c8,ffff800014a21050,ffff800014a210c0) at sys_unveil+0x405 syscall(ffff800014a21130) at syscall+0x511 Xsyscall(6,72,1,72,7f7ffffd7338,5b827508ac8) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd72c0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800014a206c0 rbx 0xffff800014a20770 rdx 0x2 rcx 0 rax 0 r8 0xffff800014a20680 r9 0x1 r10 0 r11 0x80f42e62c633cdf3 r12 0x3000000008 r13 0xffff800014a206d0 r14 0x100 r15 0x1 rip 0xffffffff81a73678 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014a206b0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (ifconfig) pid=327484 stat=onproc flags process=2 proc=0 pri=17, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff5078,0xffffffff822b78f0 process=0xffff8000ffff7078 user=0xffff800014a1c000, vmspace=0xfffffd803f014528 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *37705 327484 72941 0 7 0x2 ifconfig 72941 229192 2285 0 3 0x10008a pause sh 2285 45383 28064 0 3 0x82 wait syz-executor.1 33827 417424 91957 0 3 0 vmmaplk syz-executor.0 33827 239754 91957 0 3 0x4000000 vmmaplk syz-executor.0 33827 162987 91957 0 2 0x4000000 syz-executor.0 33827 127790 91957 0 3 0x4000000 vmmaplk syz-executor.0 91957 389307 28064 0 2 0x482 syz-executor.0 28064 62626 24610 0 3 0x82 thrsleep syz-fuzzer 28064 504056 24610 0 3 0x4000082 thrsleep syz-fuzzer 28064 486070 24610 0 3 0x4000082 kqread syz-fuzzer 28064 117503 24610 0 3 0x4000082 thrsleep syz-fuzzer 28064 181552 24610 0 3 0x4000082 thrsleep syz-fuzzer 28064 116544 24610 0 3 0x4000082 thrsleep syz-fuzzer 28064 190127 24610 0 3 0x4000082 thrsleep syz-fuzzer 28064 386750 24610 0 3 0x4000082 thrsleep syz-fuzzer 24610 225160 7651 0 3 0x10008a pause ksh 7651 400895 6052 0 3 0x92 select sshd 1812 111180 1 0 3 0x100083 ttyin getty 6052 347326 1 0 3 0x80 select sshd 70053 24908 22561 73 2 0x100090 syslogd 22561 300137 1 0 3 0x100082 netio syslogd 91357 397313 1 77 3 0x100090 poll dhclient 45974 237027 1 0 3 0x80 poll dhclient 25054 297117 0 0 3 0x14200 pgzero zerothread 73056 127750 0 0 3 0x14200 aiodoned aiodoned 54371 276113 0 0 3 0x14200 syncer update 58657 179798 0 0 3 0x14200 cleaner cleaner 15708 116133 0 0 3 0x14200 reaper reaper 20971 180247 0 0 3 0x14200 pgdaemon pagedaemon 76375 420698 0 0 3 0x14200 bored crynlk 17402 165216 0 0 3 0x14200 bored crypto 44274 392298 0 0 3 0x40014200 acpi0 acpi0 60897 338809 0 0 3 0x14200 bored softnet 93608 352156 0 0 3 0x14200 bored systqmp 90286 521690 0 0 3 0x14200 bored systq 23217 399038 0 0 2 0x40014200 softclock 3044 17165 0 0 3 0x40014200 idle0 114 291589 0 0 3 0x14200 bored smr 1 178855 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9436 6311K 6572K 78643K 10612 0 0 pcb 23 9K 10K 78643K 81 0 0 rtable 83 2K 3K 78643K 197 0 0 ifaddr 28 8K 9K 78643K 34 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 15 0 0 iov 0 0K 24K 78643K 10 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1201 75K 75K 78643K 1262 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 4 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 8 0K 0K 78643K 8 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 7 21K 25K 78643K 82 0 0 sigio 0 0K 0K 78643K 2 0 0 proc 42 46K 62K 78643K 289 0 0 subproc 66 67586K 69634K 78643K 102 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 6 0 0 in_multi 22 1K 2K 78643K 33 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 48 212K 212K 78643K 48 0 0 exec 0 0K 1K 78643K 189 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 82 20K 20K 78643K 965 0 0 UVM aobj 6 2K 2K 78643K 6 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 4 0K 0K 78643K 9 0 0 temp 74 2696K 2762K 78643K 5379 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 2 1 0 1 1 0 8 0 inpcbpl 280 52 0 45 1 0 1 1 0 8 0 plimitpl 152 17 0 10 1 0 1 1 0 8 0 rtentry 112 45 0 12 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 14 0 10 1 0 1 1 0 8 0 nd6 48 6 0 3 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 189 0 44 12 0 12 12 0 8 1 art_table 32 190 0 44 2 0 2 2 0 8 0 art_node 16 44 0 14 1 0 1 1 0 8 0 semapl 112 6 0 0 1 0 1 1 0 8 0 shmpl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1522 0 109 46 0 46 46 0 8 0 ffsino 240 1522 0 109 84 0 84 84 0 8 0 nchpl 144 1828 0 195 61 0 61 61 0 8 0 uvmvnodes 72 1601 0 0 30 0 30 30 0 8 0 vnodes 200 1601 0 0 85 0 85 85 0 8 0 namei 1024 4510 0 4509 2 1 1 1 0 8 0 scxspl 192 10898 0 10898 7 6 1 6 0 8 1 sigapl 432 249 0 234 2 0 2 2 0 8 0 futexpl 56 822 0 822 1 0 1 1 0 8 1 knotepl 112 77 0 56 1 0 1 1 0 8 0 kqueuepl 104 16 0 14 1 0 1 1 0 8 0 pipepl 112 154 0 135 2 1 1 1 0 8 0 fdescpl 424 250 0 234 2 0 2 2 0 8 0 filepl 120 1250 0 1153 4 0 4 4 0 8 1 lockfpl 104 16 0 16 2 1 1 1 0 8 1 lockfspl 48 8 0 8 2 1 1 1 0 8 1 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 22 0 12 1 0 1 1 0 8 0 ucredpl 96 102 0 95 1 0 1 1 0 8 0 zombiepl 144 234 0 234 3 2 1 1 0 8 1 processpl 840 264 0 234 4 0 4 4 0 8 0 procpl 600 342 0 302 4 0 4 4 0 8 0 sockpl 384 114 0 97 3 0 3 3 0 8 1 mcl4k 4096 11 0 11 2 1 1 1 0 8 1 mcl2k2 2112 2 0 2 1 0 1 1 0 8 1 mcl2k 2048 57470 0 57431 11 3 8 9 0 8 2 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 92763 0 92706 12 1 11 11 0 8 3 bufpl 256 17595 0 14482 198 0 198 198 0 8 0 anonpl 16 38436 0 25873 53 2 51 51 0 62 0 amapchunkpl 152 1120 0 981 7 1 6 6 0 158 0 amappl16 192 1166 0 368 41 0 41 41 0 8 0 amappl14 176 29 0 27 2 1 1 1 0 8 0 amappl13 168 50 0 48 2 1 1 1 0 8 0 amappl12 160 13 0 11 1 0 1 1 0 8 0 amappl11 152 41 0 26 1 0 1 1 0 8 0 amappl10 144 63 0 59 2 1 1 1 0 8 0 amappl9 136 565 0 561 1 0 1 1 0 8 0 amappl8 128 127 0 111 1 0 1 1 0 8 0 amappl7 120 33 0 28 1 0 1 1 0 8 0 amappl6 112 56 0 48 1 0 1 1 0 8 0 amappl5 104 141 0 131 1 0 1 1 0 8 0 amappl4 96 482 0 457 2 1 1 2 0 8 0 amappl3 88 118 0 111 1 0 1 1 0 8 0 amappl2 80 1048 0 995 3 1 2 2 0 8 0 amappl1 72 13828 0 13386 25 15 10 19 0 8 0 amappl 72 573 0 533 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 5 0 0 1 0 1 1 0 8 0 uaddrrnd 24 250 0 234 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 250 0 234 1 0 1 1 0 8 0 vmmpekpl 168 5919 0 5901 1 0 1 1 0 8 0 vmmpepl 168 34827 0 33054 116 17 99 99 0 357 21 vmsppl 264 249 0 234 2 0 2 2 0 8 1 pdppl 4096 506 0 468 6 0 6 6 0 8 1 pvpl 32 133256 0 117628 133 6 127 127 0 265 0 pmappl 200 249 0 234 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 334 0 8 10 0 10 10 0 8 0