last executing test programs: 3.611765699s ago: executing program 0 (id=947): thr_suspend(0x0) execve(0x0, 0x0, 0x0) 3.4936485s ago: executing program 3 (id=948): r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect(r0, &(0x7f0000000040)=@in={0x10, 0x2, 0x2, @local={0xac, 0x14, 0x0}}, 0x10) getsockopt$inet6_sctp_SCTP_GET_LOCAL_ADDRESSES(r0, 0x84, 0x8004, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000100)=0x10) 2.636842694s ago: executing program 2 (id=955): r0 = socket$inet_sctp(0x2, 0x5, 0x84) posix_fallocate(r0, 0x3, 0xfffffffffffffffc) getsockopt$inet6_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000500)={@in={{0x10, 0x2, 0x1, @loopback}}, 0x0, 0x7fffffff, 0xda59, 0x1000, 0x0, 0x4}, &(0x7f00000005c0)=0x98) 2.448522491s ago: executing program 0 (id=957): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt$inet_mreqsrc(r0, 0x0, 0x49, &(0x7f0000000080)={@multicast2, @rand_addr=0x5, @rand_addr=0x8}, 0xc) 2.446636861s ago: executing program 3 (id=958): r0 = open(&(0x7f0000000000)='./file0\x00', 0x80400000000206, 0x0) ftruncate(r0, 0x8001) fspacectl(r0, 0x1, &(0x7f0000000380)={0x8, 0x7ffffffffffffff7}, 0x0, 0x0) 2.442111202s ago: executing program 2 (id=959): r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f00000001c0), 0x4) bind$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c, 0xffffffffffffffff, 0xfffffffa, @remote={0xfe, 0x80, '\x00', 0x0}, 0x80000000}, 0x1c) 2.325636034s ago: executing program 0 (id=960): mlock(&(0x7f0000a00000/0x600000)=nil, 0x600000) madvise(&(0x7f00009d6000/0x600000)=nil, 0x600000, 0x5) 2.006831817s ago: executing program 3 (id=961): vfork() lio_listio(0x0, 0x0, 0x0, &(0x7f00000047c0)={0x1, 0x9, @sival_int, @thr={0x0, 0x0}}) setitimer(0x0, &(0x7f0000001140)={{0x0, 0x80000001}, {0x0, 0x3ff}}, 0x0) 1.997754031s ago: executing program 1 (id=962): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, &(0x7f0000000140)={0x10, 0x2, 0x0, @local={0xac, 0x14, 0x0}}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000001880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20109}, 0x80) 1.702943908s ago: executing program 1 (id=963): r0 = socket(0x1c, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x1, 0x1ff, @local={0xfe, 0x80, '\x00', 0x0}, 0x2}, 0x1c) 1.4446398s ago: executing program 0 (id=964): open(&(0x7f00000000c0)='./file0\x00', 0x201, 0x0) ktrace(&(0x7f0000000000)='./file0\x00', 0x4, 0x310, 0x0) setitimer(0x2, 0x0, &(0x7f0000000080)) 1.334558041s ago: executing program 1 (id=965): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000840)={&(0x7f0000000000)=@in={0x10, 0x2, 0x3, @remote={0xac, 0x14, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x58, 0x109}, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000140)={@in={{0x10, 0x2, 0x1, @remote={0xac, 0x14, 0x0}}}, 0x0, 0x5131, 0x8001, 0x1, 0x8, 0x1, 0x2}, 0x98) 1.330486859s ago: executing program 2 (id=966): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000100)={0x0, 0xfe, 0xe0, 0x40, 0xfd, 0xa, 0x5, 0x0, 0x0, 0x9, 0x40}, 0xb) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000240), &(0x7f0000000280)=0xb) 902.874606ms ago: executing program 1 (id=967): bind(0xffffffffffffffff, &(0x7f0000000000)=@in={0x10, 0x2, 0x1, @local={0xac, 0x14, 0x0}}, 0x10) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x100000, 0x0) ioctl$DIOCIGETIFACES(r0, 0xc0184413, &(0x7f0000000000)={0x10, 0x0, 0x400000, 0x6, 0xda}) 892.361949ms ago: executing program 0 (id=968): ksem_init(&(0x7f0000000040)=0x0, 0x800008) rfork(0x90014) ksem_destroy(r0) 890.02846ms ago: executing program 2 (id=969): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x10, 0x2, 0x3, @rand_addr=0x2}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000040)={0x0, 0x54, 0x7fff}, &(0x7f0000000080)=0xc) 450.239697ms ago: executing program 3 (id=970): r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FUNCTION_BLK(r0, 0x6, 0x2000, &(0x7f0000000040)={'rack\x00'}, 0xfe52) setsockopt$inet6_tcp_buf(r0, 0x6, 0x48a, &(0x7f0000000340)='\x00\x00\x00\x00', 0x4) 393.825938ms ago: executing program 2 (id=971): open$dir(&(0x7f0000000b80)='./file0\x00', 0x200, 0x0) mount(&(0x7f0000000000)='ufs\x00', &(0x7f0000000040)='.\x00', 0x80000049, &(0x7f0000000080)) 389.223459ms ago: executing program 1 (id=972): r0 = socket(0x1c, 0x10000001, 0x84) sendmsg$inet6_sctp(r0, &(0x7f00000001c0)={&(0x7f0000000180)=@in6={0x1c, 0x1c, 0x0, 0x0, @local={0xfe, 0x80, '\x00', 0x0}}, 0x1c, 0x0}, 0x0) getsockopt$inet6_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f0000000240)={@in={{0x10, 0x2, 0x3, @multicast1}}}, &(0x7f00000000c0)=0x88) 384.962559ms ago: executing program 0 (id=973): ktimer_create(0x0, 0x0, &(0x7f0000000180)) ktimer_create(0x0, 0x0, &(0x7f00000001c0)) procctl$PROC_REAP_KILL(0x0, 0x0, 0x6, &(0x7f0000000180)={0x13, 0x0, 0xffffffffffffffff}) 208.218298ms ago: executing program 3 (id=974): r0 = open(&(0x7f00000000c0)='.\x00', 0x400000, 0x51) rfork(0x85000) fcntl$getflags(r0, 0x10) 258.051µs ago: executing program 3 (id=975): socket(0x2, 0x1, 0x0) r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt$inet6_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000002580)={0x0, 0x3}, 0x8) 84.552µs ago: executing program 2 (id=976): r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendmsg$inet6_sctp(r0, &(0x7f00000000c0)={&(0x7f0000000080)=@in6={0x1c, 0x1c, 0x3, 0x0, @loopback}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x80) getsockopt$inet6_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000100)={@in6={{0x1c, 0x1c, 0x3, 0x3, @loopback={0xffff0000}}}, 0x0, 0x0, 0x0, 0x19}, &(0x7f0000000040)=0x98) 0s ago: executing program 1 (id=977): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0xffff, 0x8000, &(0x7f0000000000)=0x101, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.240' (ED25519) to the list of known hosts. if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 UDP6: M_MCAST is set in a unicast packet. Oct 17 07:02:56 ci-freebsd-main-3 kernel: arp: aa:aa:aa:aa:aa:bb is using my IP address 172.20.0.170 on tap0! Oct 17 07:02:57 ci-freebsd-main-3 kernel: attempted source route from 172.20.0.170 to 224.0.0.1 WARNING pid 999 (syz-executor): ioctl sign-extension ioctl 440004532 WARNING pid 1084 (syz-executor): ioctl sign-extension ioctl 1a004a684 WARNING pid 1268 (syz-executor): ioctl sign-extension ioctl 2000004218456b arp: packet with short header received on tap0 attempted source route from 255.255.255.255 to 172.20.3.170 FreeBSD/amd64 (ci-freebsd-main-3.us-central1-b.c.syzkaller.internal) (ttyu0) login: tap2: cannot pullup VLAN header pid 1912 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1911 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1910 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1906 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1899 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1823 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1367 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1221 (dhclient), jid 0, uid 65: exited on signal 4 (no core dump - bad address) pid 1186 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1140 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 860 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1913 (syz-executor), tap3: tun/tap protocol violation, non-controlling process closed last. ifaddr cache = 0xfffffe00595dc180 is deleted if_delmulti_locked: detaching ifnet instance 0xfffffe0058328000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058328000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058328000 tap3: link state changed to DOWN pid 855 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) ifaddr cache = 0xfffffe00595dc000 is deleted if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 tap2: link state changed to DOWN if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 SYZFAIL: SIGILL pid 854 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 849 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) Connection to 10.128.1.240 closed by remote host. pid 759 (sshd), jid 0, uid 0: exited on signal 4 (no core dump - bad address) pid 737 (sleep), jid 0, uid 0: exited on signal 4 (no core dump - other error) pid 1914 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1909 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) pid 1914 (syz-executor), tap1: tun/tap protocol violation, non-controlling process closed last. ifaddr cache = 0xfffffe00595dc300 is deleted if_delmulti_locked: detaching ifnet instance 0xfffffe0058754000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058754000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058754000 tap1: link state changed to DOWN pid 1909 (syz-executor), tap0: tun/tap protocol violation, non-controlling process closed last. ifaddr cache = 0xfffffe00595dc900 is deleted if_delmulti_locked: detaching ifnet instance 0xfffffe0058754800 if_delmulti_locked: detaching ifnet instance 0xfffffe0058754800 if_delmulti_locked: detaching ifnet instance 0xfffffe0058754800 tap0: link state changed to DOWN pid 1716 (getty), jid 0, uid 0: exited on signal 4 (core dumped) pid 1241 (dhclient), jid 0, uid 0: exited on signal 4 (core dumped) pid 1190 (sh), jid 0, uid 0: exited on signal 4 (core dumped) pid 1705 (getty), jid 0, uid 0: exited on signal 4 (core dumped) pid 1915 (syz-executor), jid 0, uid 0: exited on signal 4 (core dumped) pid 1704 (getty), jid 0, uid 0: exited on signal 4 (core dumped) pid 761 (csh), jid 0, uid 0: exited on signal 4 (core dumped) pid 1694 (getty), jid 0, uid 0: exited on signal 4 (core dumped) pid 1693 (getty), jid 0, uid 0: exited on signal 4 (core dumped) pid 1681 (getty), jid 0, uid 0: exited on signal 4 (core dumped) if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058329000 pid 1680 (getty), jid 0, uid 0: exited on signal 4 (core dumped) if_delmulti_locked: detaching ifnet instance 0xfffffe0058754800 if_delmulti_locked: detaching ifnet instance 0xfffffe0058754800 if_delmulti_locked: detaching ifnet instance 0xfffffe0058754800 pid 1669 (getty), jid 0, uid 0: exited on signal 4 (core dumped) pid 1668 (getty), jid 0, uid 0: exited on signal 4 (core dumped) FreeBSD/amd64 (ci-freebsd-main-3.us-central1-b.c.syzkaller.internal) (ttyu0) login: set $maxwidth = 0 if_delmulti_locked: detaching ifnet instance 0xfffffe0058328000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058328000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058328000 Password: Login incorrect login: if_delmulti_locked: detaching ifnet instance 0xfffffe0058754000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058754000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058754000 show proc Password: Login incorrect login: show all locks Password: Login incorrect login: show uma Password: