kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu Feb 4 04:49:09 PST 2021 OpenBSD/amd64 (ci-openbsd-main-5.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts. 2021/02/04 04:49:28 fuzzer started 2021/02/04 04:49:30 dialing manager at 10.128.15.235:2224 2021/02/04 04:49:30 syscalls: 383 2021/02/04 04:49:30 code coverage: enabled 2021/02/04 04:49:30 comparison tracing: enabled 2021/02/04 04:49:30 extra coverage: enabled 2021/02/04 04:49:30 setuid sandbox: enabled 2021/02/04 04:49:30 namespace sandbox: support is not implemented in syzkaller 2021/02/04 04:49:30 Android sandbox: support is not implemented in syzkaller 2021/02/04 04:49:30 fault injection: support is not implemented in syzkaller 2021/02/04 04:49:30 leak checking: support is not implemented in syzkaller 2021/02/04 04:49:30 net packet injection: enabled 2021/02/04 04:49:30 net device setup: support is not implemented in syzkaller 2021/02/04 04:49:30 concurrency sanitizer: support is not implemented in syzkaller 2021/02/04 04:49:30 devlink PCI setup: support is not implemented in syzkaller 2021/02/04 04:49:30 USB emulation: support is not implemented in syzkaller 2021/02/04 04:49:30 hci packet injection: support is not implemented in syzkaller 2021/02/04 04:49:30 wifi device emulation: support is not implemented in syzkaller 2021/02/04 04:49:30 fetching corpus: 0, signal 0/2000 (executing program) 2021/02/04 04:49:30 fetching corpus: 50, signal 8816/12687 (executing program) 2021/02/04 04:49:30 fetching corpus: 100, signal 21935/27417 (executing program) 2021/02/04 04:49:31 fetching corpus: 150, signal 23763/31022 (executing program) 2021/02/04 04:49:31 fetching corpus: 200, signal 25485/34517 (executing program) 2021/02/04 04:49:31 fetching corpus: 250, signal 26939/37703 (executing program) 2021/02/04 04:49:31 fetching corpus: 300, signal 34048/46255 (executing program) 2021/02/04 04:49:31 fetching corpus: 350, signal 39767/53392 (executing program) 2021/02/04 04:49:31 fetching corpus: 400, signal 43517/58597 (executing program) 2021/02/04 04:49:31 fetching corpus: 450, signal 45381/61975 (executing program) 2021/02/04 04:49:31 fetching corpus: 500, signal 49720/67593 (executing program) 2021/02/04 04:49:31 fetching corpus: 550, signal 51490/70839 (executing program) 2021/02/04 04:49:31 fetching corpus: 600, signal 60477/80514 (executing program) 2021/02/04 04:49:31 fetching corpus: 650, signal 65669/86705 (executing program) 2021/02/04 04:49:31 fetching corpus: 700, signal 67829/90149 (executing program) 2021/02/04 04:49:31 fetching corpus: 750, signal 70862/94278 (executing program) 2021/02/04 04:49:31 fetching corpus: 800, signal 72238/96950 (executing program) 2021/02/04 04:49:32 fetching corpus: 850, signal 78364/103695 (executing program) 2021/02/04 04:49:32 fetching corpus: 900, signal 80194/106701 (executing program) 2021/02/04 04:49:32 fetching corpus: 950, signal 83119/110577 (executing program) 2021/02/04 04:49:32 fetching corpus: 1000, signal 86631/114853 (executing program) 2021/02/04 04:49:32 fetching corpus: 1050, signal 88771/117997 (executing program) 2021/02/04 04:49:32 fetching corpus: 1100, signal 94199/123782 (executing program) 2021/02/04 04:49:32 fetching corpus: 1150, signal 96450/126908 (executing program) 2021/02/04 04:49:32 fetching corpus: 1200, signal 99392/130614 (executing program) 2021/02/04 04:49:32 fetching corpus: 1250, signal 101325/133448 (executing program) 2021/02/04 04:49:32 fetching corpus: 1300, signal 105183/137994 (executing program) 2021/02/04 04:49:32 fetching corpus: 1350, signal 108324/141586 (executing program) 2021/02/04 04:49:32 fetching corpus: 1400, signal 110395/144391 (executing program) 2021/02/04 04:49:33 fetching corpus: 1450, signal 112795/147418 (executing program) 2021/02/04 04:49:33 fetching corpus: 1500, signal 116095/151028 (executing program) 2021/02/04 04:49:33 fetching corpus: 1550, signal 117619/153284 (executing program) 2021/02/04 04:49:33 fetching corpus: 1600, signal 118571/155085 (executing program) 2021/02/04 04:49:33 fetching corpus: 1650, signal 121279/158211 (executing program) 2021/02/04 04:49:33 fetching corpus: 1700, signal 123038/160561 (executing program) 2021/02/04 04:49:33 fetching corpus: 1750, signal 123796/162156 (executing program) 2021/02/04 04:49:33 fetching corpus: 1800, signal 124320/163657 (executing program) 2021/02/04 04:49:33 fetching corpus: 1850, signal 125124/165270 (executing program) 2021/02/04 04:49:33 fetching corpus: 1900, signal 126510/167301 (executing program) 2021/02/04 04:49:34 fetching corpus: 1950, signal 127600/169128 (executing program) 2021/02/04 04:49:34 fetching corpus: 2000, signal 129344/171375 (executing program) 2021/02/04 04:49:34 fetching corpus: 2050, signal 130756/173418 (executing program) 2021/02/04 04:49:34 fetching corpus: 2100, signal 131315/174802 (executing program) 2021/02/04 04:49:34 fetching corpus: 2150, signal 135794/178765 (executing program) 2021/02/04 04:49:34 fetching corpus: 2200, signal 137089/180536 (executing program) 2021/02/04 04:49:34 fetching corpus: 2250, signal 137725/181928 (executing program) 2021/02/04 04:49:35 fetching corpus: 2300, signal 138966/183789 (executing program) 2021/02/04 04:49:35 fetching corpus: 2350, signal 139536/185091 (executing program) 2021/02/04 04:49:35 fetching corpus: 2400, signal 142519/187850 (executing program) 2021/02/04 04:49:35 fetching corpus: 2450, signal 143496/189489 (executing program) 2021/02/04 04:49:35 fetching corpus: 2500, signal 144393/190916 (executing program) 2021/02/04 04:49:35 fetching corpus: 2550, signal 144889/192118 (executing program) 2021/02/04 04:49:35 fetching corpus: 2600, signal 145628/193483 (executing program) 2021/02/04 04:49:35 fetching corpus: 2650, signal 145896/194577 (executing program) 2021/02/04 04:49:35 fetching corpus: 2700, signal 146478/195818 (executing program) 2021/02/04 04:49:36 fetching corpus: 2750, signal 147090/197082 (executing program) 2021/02/04 04:49:36 fetching corpus: 2800, signal 148048/198478 (executing program) 2021/02/04 04:49:36 fetching corpus: 2850, signal 148588/199628 (executing program) 2021/02/04 04:49:36 fetching corpus: 2900, signal 149736/201165 (executing program) 2021/02/04 04:49:36 fetching corpus: 2950, signal 150665/202655 (executing program) 2021/02/04 04:49:36 fetching corpus: 3000, signal 151402/203881 (executing program) 2021/02/04 04:49:36 fetching corpus: 3050, signal 152921/205477 (executing program) 2021/02/04 04:49:36 fetching corpus: 3100, signal 154422/207132 (executing program) 2021/02/04 04:49:36 fetching corpus: 3150, signal 157623/209633 (executing program) 2021/02/04 04:49:36 fetching corpus: 3200, signal 158037/210712 (executing program) 2021/02/04 04:49:36 fetching corpus: 3250, signal 158980/211979 (executing program) 2021/02/04 04:49:37 fetching corpus: 3300, signal 160251/213377 (executing program) 2021/02/04 04:49:37 fetching corpus: 3350, signal 161721/214882 (executing program) 2021/02/04 04:49:37 fetching corpus: 3400, signal 162593/216137 (executing program) 2021/02/04 04:49:37 fetching corpus: 3450, signal 163996/217514 (executing program) 2021/02/04 04:49:37 fetching corpus: 3500, signal 165966/219165 (executing program) 2021/02/04 04:49:37 fetching corpus: 3550, signal 166967/220333 (executing program) 2021/02/04 04:49:37 fetching corpus: 3600, signal 167451/221277 (executing program) 2021/02/04 04:49:37 fetching corpus: 3650, signal 167980/222238 (executing program) 2021/02/04 04:49:38 fetching corpus: 3700, signal 168582/223198 (executing program) 2021/02/04 04:49:38 fetching corpus: 3750, signal 169725/224414 (executing program) 2021/02/04 04:49:38 fetching corpus: 3800, signal 170030/225264 (executing program) 2021/02/04 04:49:38 fetching corpus: 3850, signal 170576/226229 (executing program) 2021/02/04 04:49:38 fetching corpus: 3900, signal 172551/227779 (executing program) 2021/02/04 04:49:38 fetching corpus: 3950, signal 174210/229107 (executing program) 2021/02/04 04:49:38 fetching corpus: 4000, signal 174607/229951 (executing program) 2021/02/04 04:49:38 fetching corpus: 4050, signal 174995/230746 (executing program) 2021/02/04 04:49:38 fetching corpus: 4100, signal 175370/231593 (executing program) 2021/02/04 04:49:38 fetching corpus: 4150, signal 176352/232630 (executing program) 2021/02/04 04:49:38 fetching corpus: 4200, signal 176874/233527 (executing program) 2021/02/04 04:49:39 fetching corpus: 4250, signal 177191/234314 (executing program) 2021/02/04 04:49:39 fetching corpus: 4300, signal 177615/235148 (executing program) 2021/02/04 04:49:39 fetching corpus: 4350, signal 178499/236097 (executing program) 2021/02/04 04:49:39 fetching corpus: 4400, signal 179701/237143 (executing program) 2021/02/04 04:49:39 fetching corpus: 4450, signal 181135/238202 (executing program) 2021/02/04 04:49:39 fetching corpus: 4500, signal 181963/239136 (executing program) 2021/02/04 04:49:39 fetching corpus: 4550, signal 182288/239857 (executing program) 2021/02/04 04:49:39 fetching corpus: 4600, signal 183338/241051 (executing program) 2021/02/04 04:49:39 fetching corpus: 4650, signal 185326/242193 (executing program) 2021/02/04 04:49:40 fetching corpus: 4700, signal 186076/243045 (executing program) 2021/02/04 04:49:40 fetching corpus: 4750, signal 186424/243751 (executing program) 2021/02/04 04:49:40 fetching corpus: 4800, signal 186681/244394 (executing program) 2021/02/04 04:49:40 fetching corpus: 4850, signal 186980/245043 (executing program) 2021/02/04 04:49:40 fetching corpus: 4900, signal 187333/245762 (executing program) 2021/02/04 04:49:40 fetching corpus: 4950, signal 187535/246405 (executing program) 2021/02/04 04:49:40 fetching corpus: 5000, signal 188022/247140 (executing program) 2021/02/04 04:49:41 fetching corpus: 5050, signal 189493/248185 (executing program) 2021/02/04 04:49:41 fetching corpus: 5100, signal 190155/248916 (executing program) 2021/02/04 04:49:41 fetching corpus: 5150, signal 190518/249565 (executing program) 2021/02/04 04:49:42 fetching corpus: 5200, signal 190924/250247 (executing program) 2021/02/04 04:49:43 fetching corpus: 5250, signal 191145/250853 (executing program) 2021/02/04 04:49:43 fetching corpus: 5300, signal 192708/251686 (executing program) 2021/02/04 04:49:43 fetching corpus: 5350, signal 194520/252477 (executing program) 2021/02/04 04:49:43 fetching corpus: 5400, signal 194810/253063 (executing program) 2021/02/04 04:49:43 fetching corpus: 5450, signal 195765/253772 (executing program) 2021/02/04 04:49:43 fetching corpus: 5500, signal 196227/254399 (executing program) 2021/02/04 04:49:44 fetching corpus: 5550, signal 197982/255169 (executing program) 2021/02/04 04:49:44 fetching corpus: 5600, signal 198963/255832 (executing program) 2021/02/04 04:49:44 fetching corpus: 5650, signal 201223/256605 (executing program) 2021/02/04 04:49:44 fetching corpus: 5700, signal 201599/257168 (executing program) 2021/02/04 04:49:44 fetching corpus: 5750, signal 202087/257716 (executing program) 2021/02/04 04:49:44 fetching corpus: 5800, signal 202331/258250 (executing program) 2021/02/04 04:49:44 fetching corpus: 5850, signal 202789/258780 (executing program) 2021/02/04 04:49:45 fetching corpus: 5900, signal 203039/259308 (executing program) 2021/02/04 04:49:45 fetching corpus: 5950, signal 204854/259955 (executing program) 2021/02/04 04:49:45 fetching corpus: 6000, signal 205234/260445 (executing program) 2021/02/04 04:49:45 fetching corpus: 6050, signal 205905/260972 (executing program) 2021/02/04 04:49:45 fetching corpus: 6100, signal 206793/261483 (executing program) 2021/02/04 04:49:45 fetching corpus: 6150, signal 207821/262078 (executing program) 2021/02/04 04:49:45 fetching corpus: 6200, signal 208055/262538 (executing program) 2021/02/04 04:49:46 fetching corpus: 6250, signal 208835/262994 (executing program) 2021/02/04 04:49:46 fetching corpus: 6300, signal 210436/263490 (executing program) 2021/02/04 04:49:46 fetching corpus: 6350, signal 210899/263926 (executing program) 2021/02/04 04:49:46 fetching corpus: 6400, signal 211394/264216 (executing program) 2021/02/04 04:49:46 fetching corpus: 6450, signal 211830/264229 (executing program) 2021/02/04 04:49:46 fetching corpus: 6500, signal 213272/264244 (executing program) 2021/02/04 04:49:46 fetching corpus: 6550, signal 213507/264248 (executing program) 2021/02/04 04:49:46 fetching corpus: 6600, signal 214007/264252 (executing program) 2021/02/04 04:49:47 fetching corpus: 6650, signal 214845/264253 (executing program) 2021/02/04 04:49:47 fetching corpus: 6700, signal 215724/264260 (executing program) 2021/02/04 04:49:47 fetching corpus: 6750, signal 216007/264288 (executing program) 2021/02/04 04:49:47 fetching corpus: 6800, signal 216188/264288 (executing program) 2021/02/04 04:49:47 fetching corpus: 6850, signal 216610/264310 (executing program) 2021/02/04 04:49:47 fetching corpus: 6900, signal 216969/264320 (executing program) 2021/02/04 04:49:47 fetching corpus: 6950, signal 217667/264320 (executing program) 2021/02/04 04:49:47 fetching corpus: 7000, signal 218158/264326 (executing program) 2021/02/04 04:49:47 fetching corpus: 7050, signal 218449/264345 (executing program) 2021/02/04 04:49:47 fetching corpus: 7100, signal 219480/264481 (executing program) 2021/02/04 04:49:47 fetching corpus: 7150, signal 219822/264487 (executing program) 2021/02/04 04:49:48 fetching corpus: 7200, signal 220399/264503 (executing program) 2021/02/04 04:49:48 fetching corpus: 7250, signal 220880/264725 (executing program) 2021/02/04 04:49:48 fetching corpus: 7300, signal 223517/264725 (executing program) 2021/02/04 04:49:48 fetching corpus: 7350, signal 223770/264729 (executing program) 2021/02/04 04:49:48 fetching corpus: 7400, signal 225456/264749 (executing program) 2021/02/04 04:49:48 fetching corpus: 7450, signal 225836/264749 (executing program) 2021/02/04 04:49:48 fetching corpus: 7500, signal 227589/264752 (executing program) 2021/02/04 04:49:48 fetching corpus: 7550, signal 228056/264778 (executing program) 2021/02/04 04:49:48 fetching corpus: 7600, signal 228421/264792 (executing program) 2021/02/04 04:49:48 fetching corpus: 7650, signal 228710/264799 (executing program) 2021/02/04 04:49:48 fetching corpus: 7700, signal 228897/264808 (executing program) 2021/02/04 04:49:49 fetching corpus: 7750, signal 229248/264810 (executing program) 2021/02/04 04:49:49 fetching corpus: 7800, signal 229507/264851 (executing program) 2021/02/04 04:49:49 fetching corpus: 7850, signal 229798/264912 (executing program) 2021/02/04 04:49:49 fetching corpus: 7900, signal 229994/264918 (executing program) 2021/02/04 04:49:49 fetching corpus: 7950, signal 230793/264918 (executing program) 2021/02/04 04:49:49 fetching corpus: 8000, signal 231265/264933 (executing program) 2021/02/04 04:49:49 fetching corpus: 8050, signal 232115/264963 (executing program) 2021/02/04 04:49:49 fetching corpus: 8100, signal 232258/264963 (executing program) 2021/02/04 04:49:49 fetching corpus: 8150, signal 233328/264983 (executing program) 2021/02/04 04:49:49 fetching corpus: 8200, signal 233618/265000 (executing program) 2021/02/04 04:49:49 fetching corpus: 8250, signal 234470/265003 (executing program) 2021/02/04 04:49:50 fetching corpus: 8300, signal 235167/265003 (executing program) 2021/02/04 04:49:50 fetching corpus: 8350, signal 235901/265524 (executing program) 2021/02/04 04:49:50 fetching corpus: 8400, signal 236085/265528 (executing program) 2021/02/04 04:49:50 fetching corpus: 8450, signal 236417/265564 (executing program) 2021/02/04 04:49:50 fetching corpus: 8500, signal 236769/265566 (executing program) 2021/02/04 04:49:50 fetching corpus: 8550, signal 236980/265566 (executing program) 2021/02/04 04:49:50 fetching corpus: 8600, signal 238122/265619 (executing program) 2021/02/04 04:49:50 fetching corpus: 8650, signal 239051/265705 (executing program) 2021/02/04 04:49:50 fetching corpus: 8700, signal 240699/265737 (executing program) 2021/02/04 04:49:50 fetching corpus: 8750, signal 241568/265757 (executing program) 2021/02/04 04:49:51 fetching corpus: 8800, signal 241859/265792 (executing program) 2021/02/04 04:49:51 fetching corpus: 8850, signal 242087/265800 (executing program) 2021/02/04 04:49:51 fetching corpus: 8900, signal 242248/265818 (executing program) 2021/02/04 04:49:51 fetching corpus: 8950, signal 242562/265886 (executing program) 2021/02/04 04:49:51 fetching corpus: 9000, signal 243389/265886 (executing program) 2021/02/04 04:49:51 fetching corpus: 9050, signal 243787/265887 (executing program) 2021/02/04 04:49:51 fetching corpus: 9100, signal 245485/265887 (executing program) 2021/02/04 04:49:51 fetching corpus: 9150, signal 246003/265888 (executing program) 2021/02/04 04:49:51 fetching corpus: 9200, signal 246446/266038 (executing program) 2021/02/04 04:49:51 fetching corpus: 9250, signal 246636/266046 (executing program) 2021/02/04 04:49:52 fetching corpus: 9300, signal 247813/266060 (executing program) 2021/02/04 04:49:52 fetching corpus: 9350, signal 248105/266062 (executing program) 2021/02/04 04:49:52 fetching corpus: 9400, signal 249591/266063 (executing program) 2021/02/04 04:49:52 fetching corpus: 9450, signal 249751/266065 (executing program) 2021/02/04 04:49:52 fetching corpus: 9500, signal 250015/266140 (executing program) 2021/02/04 04:49:52 fetching corpus: 9550, signal 250738/266185 (executing program) 2021/02/04 04:49:52 fetching corpus: 9600, signal 251072/266189 (executing program) 2021/02/04 04:49:52 fetching corpus: 9650, signal 251569/266520 (executing program) 2021/02/04 04:49:53 fetching corpus: 9700, signal 252015/266552 (executing program) 2021/02/04 04:49:53 fetching corpus: 9750, signal 252212/266556 (executing program) 2021/02/04 04:49:53 fetching corpus: 9800, signal 252404/266560 (executing program) 2021/02/04 04:49:53 fetching corpus: 9850, signal 252660/266567 (executing program) 2021/02/04 04:49:53 fetching corpus: 9900, signal 252997/266574 (executing program) 2021/02/04 04:49:53 fetching corpus: 9933, signal 253209/266628 (executing program) 2021/02/04 04:49:53 fetching corpus: 9933, signal 253209/266628 (executing program) 2021/02/04 04:49:53 starting 2 fuzzer processes 04:49:53 executing program 0: sysctl$net_inet6_ip6(&(0x7f0000000040)={0x4, 0x18, 0x29, 0x33}, 0x4, &(0x7f0000000100), 0x0, 0x0, 0x0) 04:49:53 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="61b157c144cc6897ada2431830d710500425f548f472baeb78e0357b6c", 0x1d}, {&(0x7f0000000100)="db7fead7b09da8a39aad5f970811d0c4e8ba17c9ec74eb3709f88461be47f6395865ec10ed3d9814dcbbe53c28c4fa4aaf0bcf", 0x33}], 0x2) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 04:49:53 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x40}, {0x1}, {0x6}]}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000080)={'tap', 0x0}) syz_emit_ethernet(0xe, &(0x7f0000000640)) 04:49:53 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="61b157c144cc6897ada2431830d710500425f548f472baeb78e0357b6c", 0x1d}, {&(0x7f0000000100)="db7fead7b09da8a39aad5f970811d0c4e8ba17c9ec74eb3709f88461be47f6395865ec10ed3d9814dcbbe53c28c4fa4aaf0bcf", 0x33}], 0x2) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 04:49:53 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="61b157c144cc6897ada2431830d710500425f548f472baeb78e0357b6c", 0x1d}, {&(0x7f0000000100)="db7fead7b09da8a39aad5f970811d0c4e8ba17c9ec74eb3709f88461be47f6395865ec10ed3d9814dcbbe53c28c4fa4aaf0bcf", 0x33}], 0x2) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 04:49:53 executing program 0: sysctl$hw(&(0x7f00000000c0)={0x6, 0xf}, 0x2, &(0x7f0000000180)="b1c35b2a24faf92836219f80646d55e04c6750be20af", &(0x7f0000000100)=0x16, 0x0, 0x0) 04:49:53 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)="61b157c144cc6897ada2431830d710500425f548f472baeb78e0357b6c", 0x1d}, {&(0x7f0000000100)="db7fead7b09da8a39aad5f970811d0c4e8ba17c9ec74eb3709f88461be47f6395865ec10ed3d9814dcbbe53c28c4fa4aaf0bcf", 0x33}], 0x2) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 04:49:53 executing program 0: sysctl$hw(&(0x7f00000000c0)={0x6, 0xf}, 0x2, &(0x7f0000000180)="b1c35b2a24faf92836219f80646d55e04c6750be20af", &(0x7f0000000100)=0x16, 0x0, 0x0) 04:49:53 executing program 1: r0 = open(&(0x7f0000000040)='./file0\x00', 0x60e, 0x0) mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x5, 0x10, r0, 0x0, 0x0) mlock(&(0x7f0000001000/0x2000)=nil, 0x800000) 04:49:53 executing program 0: sysctl$hw(&(0x7f00000000c0)={0x6, 0xf}, 0x2, &(0x7f0000000180)="b1c35b2a24faf92836219f80646d55e04c6750be20af", &(0x7f0000000100)=0x16, 0x0, 0x0) 04:49:53 executing program 1: mknod(&(0x7f0000000080)='./bus\x00', 0x2001, 0x408633c) r0 = kqueue() r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) kevent(r0, &(0x7f00000001c0)=[{{r1}, 0xffffffffffffffff, 0x25f12e15719981ed}], 0x4, 0x0, 0x0, 0x0) kevent(r0, &(0x7f0000000340), 0x7, &(0x7f00000003c0)=[{{r1}, 0xffffffffffffffff, 0x2}], 0xb9, 0x0) 04:49:53 executing program 0: sysctl$hw(&(0x7f00000000c0)={0x6, 0xf}, 0x2, &(0x7f0000000180)="b1c35b2a24faf92836219f80646d55e04c6750be20af", &(0x7f0000000100)=0x16, 0x0, 0x0) 04:49:53 executing program 1: mknod(&(0x7f0000000080)='./bus\x00', 0x2001, 0x408633c) r0 = kqueue() r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) kevent(r0, &(0x7f00000001c0)=[{{r1}, 0xffffffffffffffff, 0x25f12e15719981ed}], 0x4, 0x0, 0x0, 0x0) kevent(r0, &(0x7f0000000340), 0x7, &(0x7f00000003c0)=[{{r1}, 0xffffffffffffffff, 0x2}], 0xb9, 0x0) 04:49:53 executing program 0: r0 = openat$wskbd(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/wskbd0\x00', 0x1, 0x0) ioctl$WSKBDIO_SETMAP(r0, 0x8010570e, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x4}]}) 04:49:53 executing program 1: mknod(&(0x7f0000000080)='./bus\x00', 0x2001, 0x408633c) r0 = kqueue() r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) kevent(r0, &(0x7f00000001c0)=[{{r1}, 0xffffffffffffffff, 0x25f12e15719981ed}], 0x4, 0x0, 0x0, 0x0) kevent(r0, &(0x7f0000000340), 0x7, &(0x7f00000003c0)=[{{r1}, 0xffffffffffffffff, 0x2}], 0xb9, 0x0) 04:49:53 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) ioctl$VMM_IOC_RESETCPU(0xffffffffffffffff, 0x82405605, &(0x7f0000000140)={0x0, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xac2]}}) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000100)={0x200000000000021f, &(0x7f0000000000)=[{0x0, 0x3}]}) 04:49:53 executing program 1: mknod(&(0x7f0000000080)='./bus\x00', 0x2001, 0x408633c) r0 = kqueue() r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) kevent(r0, &(0x7f00000001c0)=[{{r1}, 0xffffffffffffffff, 0x25f12e15719981ed}], 0x4, 0x0, 0x0, 0x0) kevent(r0, &(0x7f0000000340), 0x7, &(0x7f00000003c0)=[{{r1}, 0xffffffffffffffff, 0x2}], 0xb9, 0x0) 04:49:54 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) ioctl$VMM_IOC_RESETCPU(0xffffffffffffffff, 0x82405605, &(0x7f0000000140)={0x0, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xac2]}}) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000100)={0x200000000000021f, &(0x7f0000000000)=[{0x0, 0x3}]}) 04:49:54 executing program 1: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$PCIOCREAD(r0, 0x40047309, &(0x7f0000000000)) 04:49:54 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) ioctl$VMM_IOC_RESETCPU(0xffffffffffffffff, 0x82405605, &(0x7f0000000140)={0x0, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xac2]}}) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000100)={0x200000000000021f, &(0x7f0000000000)=[{0x0, 0x3}]}) 04:49:54 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x7, 0x7, 0x1}, {0x0, 0x4}, {0x0, 0x4, 0x4}]}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 04:49:54 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) ioctl$VMM_IOC_RESETCPU(0xffffffffffffffff, 0x82405605, &(0x7f0000000140)={0x0, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xac2]}}) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000100)={0x200000000000021f, &(0x7f0000000000)=[{0x0, 0x3}]}) 04:49:54 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x7, 0x7, 0x1}, {0x0, 0x4}, {0x0, 0x4, 0x4}]}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 04:49:54 executing program 0: setrlimit(0x8, &(0x7f0000000000)={0x7, 0x95}) r0 = syz_open_pts() close(r0) r1 = syz_open_pts() ioctl$TIOCSTOP(r1, 0x2000746f) ioctl$TIOCSETA(r0, 0x80047470, &(0x7f00000004c0)={0x5, 0x0, 0x0, 0x0, "61aa0db11ce9bae3c6514e6ae973739ea78b7ec0"}) r2 = kqueue() readv(r0, &(0x7f0000000200)=[{&(0x7f0000000140)=""/63, 0x3f}], 0x1) kevent(r2, &(0x7f0000000040), 0x8, &(0x7f0000000080)=[{{r0}, 0xffffffffffffffff, 0x15}], 0xfffffffffffffffb, 0x0) login: vrele: bad writecount: 0xfffffd80645febf0, type VCHR, use 0, write 1, hold 0, tag VT_UFS, ino 2676, on dev 4, 0 flags 0x180, effnlink 1, nlink 1 mode 020620, owner 0, group 4, size 0 panic: vrele: v_writecount != 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *372369 77639 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd80645febf0) at vrele+0x187 ptmioctl(5100,40287401,ffff80002170aff0,3,ffff8000216977b0) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e715130,40287401,ffff80002170aff0,3,fffffd807f7b79c0,ffff8000216977b0) at VOP_IOCTL+0x91 vn_ioctl(fffffd8069a9cc48,40287401,ffff80002170aff0,ffff8000216977b0) at vn_ioctl+0xb5 sys_ioctl(ffff8000216977b0,ffff80002170b100,ffff80002170b150) at sys_ioctl+0x4ac syscall(ffff80002170b1d0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xddaeab39d0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic vrele: v_writecount != 0 ddb> trace db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd80645febf0) at vrele+0x187 ptmioctl(5100,40287401,ffff80002170aff0,3,ffff8000216977b0) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e715130,40287401,ffff80002170aff0,3,fffffd807f7b79c0,ffff8000216977b0) at VOP_IOCTL+0x91 vn_ioctl(fffffd8069a9cc48,40287401,ffff80002170aff0,ffff8000216977b0) at vn_ioctl+0xb5 sys_ioctl(ffff8000216977b0,ffff80002170b100,ffff80002170b150) at sys_ioctl+0x4ac syscall(ffff80002170b1d0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xddaeab39d0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002170aa30 rbx 0xffff80002170aa40 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff820e50f5 kprintf+0x155 r9 0x1 r10 0x282bbff76555d25c r11 0x8d84884eb3ce6eb7 r12 0x3000000008 r13 0xffff80002170aae0 r14 0x100 r15 0x1 rip 0xffffffff81ab85c8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002170aa20 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=372369 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffcd28,0xffffffff827ebf10 process=0xffff80002165dff0 user=0xffff800021706000, vmspace=0xfffffd807effcbb0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 77639 437590 74425 0 2 0 syz-executor.0 *77639 372369 74425 0 7 0x4000000 syz-executor.0 41356 460073 5610 0 2 0x482 syz-executor.1 74425 263665 5610 0 2 0x482 syz-executor.0 5610 490167 16644 0 3 0x82 thrsleep syz-fuzzer 5610 55760 16644 0 3 0x4000082 thrsleep syz-fuzzer 5610 422672 16644 0 3 0x4000082 kqread syz-fuzzer 5610 113037 16644 0 3 0x4000082 thrsleep syz-fuzzer 5610 470300 16644 0 3 0x4000082 thrsleep syz-fuzzer 5610 433959 16644 0 3 0x4000082 thrsleep syz-fuzzer 5610 363401 16644 0 3 0x4000082 thrsleep syz-fuzzer 16644 503706 88468 0 3 0x10008a sigsusp ksh 88468 450457 39042 0 3 0x92 select sshd 11135 223683 1 0 3 0x100083 ttyin getty 39042 311098 1 0 3 0x80 select sshd 1553 302645 22098 73 3 0x100090 kqread syslogd 22098 374379 1 0 3 0x100082 netio syslogd 98440 268121 1 77 3 0x100090 poll dhclient 95435 54658 1 0 3 0x80 poll dhclient 73103 521612 0 0 3 0x14200 bored smr 64878 422414 0 0 2 0x14200 zerothread 38722 494219 0 0 3 0x14200 aiodoned aiodoned 37701 307816 0 0 3 0x14200 syncer update 39299 226138 0 0 3 0x14200 cleaner cleaner 67948 441268 0 0 3 0x14200 reaper reaper 60222 96224 0 0 3 0x14200 pgdaemon pagedaemon 90130 469783 0 0 3 0x14200 bored crynlk 76940 170704 0 0 3 0x14200 bored crypto 51142 45769 0 0 3 0x14200 bored viomb 7321 468153 0 0 3 0x40014200 acpi0 acpi0 50374 439342 0 0 3 0x14200 bored softnet 98926 194043 0 0 3 0x14200 bored systqmp 97437 335668 0 0 3 0x14200 bored systq 87173 257964 0 0 3 0x40014200 bored softclock 76653 172802 0 0 3 0x40014200 idle0 1 353788 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9465 6338K 6476K 78643K 10579 0 pcb 13 8K 8K 78643K 13 0 rtable 105 3K 3K 78643K 205 0 ifaddr 39 10K 10K 78643K 56 0 counters 21 16K 16K 78643K 25 0 ioctlops 0 0K 2K 78643K 15 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1228 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 58 0 proc 47 38K 54K 78643K 364 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 33 2K 2K 78643K 33 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 31 148K 148K 78643K 31 0 exec 0 0K 2K 78643K 317 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 115 23K 24K 78643K 743 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 9 0K 0K 78643K 13 0 temp 61 3963K 4027K 78643K 1851 0 kqueue 4 6K 8K 78643K 9 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 120 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 23 0 15 1 0 1 1 0 8 0 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpqe 32 374 0 374 2 1 1 1 0 8 1 tcpcb 736 10 0 6 1 0 1 1 0 8 0 inpcb 304 32 0 25 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 kcovpl 48 2 0 0 1 0 1 1 0 8 0 ppxss 1128 4 0 4 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1449 0 53 88 0 88 88 0 8 0 ffsino 240 1449 0 53 83 0 83 83 0 8 0 nchpl 144 1691 0 93 60 0 60 60 0 8 0 uvmvnodes 72 1494 0 0 28 0 28 28 0 8 0 vnodes 224 1494 0 0 88 0 88 88 0 8 0 namei 1024 4096 0 4096 2 1 1 1 0 8 1 scxspl 216 4845 0 4845 9 8 1 8 0 8 1 plimitpl 152 16 0 8 1 0 1 1 0 8 0 sigapl 424 245 0 216 4 0 4 4 0 8 0 futexpl 56 147 0 147 1 0 1 1 0 8 1 knotepl 112 68 0 48 1 0 1 1 0 8 0 kqueuepl 168 21 0 18 1 0 1 1 0 8 0 pipepl 304 71 0 60 2 1 1 1 0 8 0 fdescpl 432 230 0 216 2 0 2 2 0 8 0 filepl 120 1024 0 923 4 0 4 4 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 57 0 50 1 0 1 1 0 8 0 zombiepl 144 216 0 215 2 1 1 1 0 8 0 processpl 1016 245 0 215 5 0 5 5 0 8 1 procpl 672 275 0 238 4 0 4 4 0 8 0 sockpl 432 74 0 57 4 1 3 3 0 8 1 mcl4k 4096 8 0 8 1 1 0 1 0 8 0 mcl2k 2048 172519 0 172465 39 24 15 24 0 8 8 mtagpl 96 2 0 2 1 1 0 1 0 8 0 mbufpl 256 188015 0 187939 18 8 10 14 0 8 2 bufpl 280 3264 0 169 222 0 222 222 0 8 0 anonpl 24 39323 0 21865 109 3 106 106 0 188 0 amapchunkpl 152 1386 0 1006 20 0 20 20 0 158 5 amappl16 200 895 0 165 39 0 39 39 0 8 0 amappl15 192 1 0 0 1 0 1 1 0 8 0 amappl14 184 35 0 30 1 0 1 1 0 8 0 amappl13 176 44 0 39 2 1 1 1 0 8 0 amappl12 168 6 0 4 2 1 1 1 0 8 0 amappl11 160 46 0 35 1 0 1 1 0 8 0 amappl10 152 5 0 1 1 0 1 1 0 8 0 amappl9 144 123 0 122 1 0 1 1 0 8 0 amappl8 136 120 0 87 2 0 2 2 0 8 0 amappl7 128 214 0 210 1 0 1 1 0 8 0 amappl6 120 60 0 53 1 0 1 1 0 8 0 amappl5 112 674 0 659 1 0 1 1 0 8 0 amappl4 104 239 0 215 1 0 1 1 0 8 0 amappl3 96 137 0 126 1 0 1 1 0 8 0 amappl2 88 1076 0 1014 4 2 2 3 0 8 0 amappl1 80 14524 0 14086 28 16 12 20 0 8 1 amappl 88 521 0 448 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 230 0 216 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 230 0 216 1 0 1 1 0 8 0 vmmpekpl 168 5885 0 5863 2 0 2 2 0 8 0 vmmpepl 168 36256 0 34404 133 22 111 111 0 357 30 vmsppl 272 229 0 216 2 0 2 2 0 8 1 rwobjpl 24 9961 0 8585 15 5 10 10 0 8 1 pdppl 4096 466 0 432 58 18 40 40 0 8 6 pvpl 32 135084 0 114720 173 4 169 169 0 265 2 pmappl 200 229 0 216 1 0 1 1 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 316 0 54 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd80645febf0) at vrele+0x187 ptmioctl(5100,40287401,ffff80002170aff0,3,ffff8000216977b0) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e715130,40287401,ffff80002170aff0,3,fffffd807f7b79c0,ffff8000216977b0) at VOP_IOCTL+0x91 vn_ioctl(fffffd8069a9cc48,40287401,ffff80002170aff0,ffff8000216977b0) at vn_ioctl+0xb5 sys_ioctl(ffff8000216977b0,ffff80002170b100,ffff80002170b150) at sys_ioctl+0x4ac syscall(ffff80002170b1d0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xddaeab39d0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd80645febf0) at vrele+0x187 ptmioctl(5100,40287401,ffff80002170aff0,3,ffff8000216977b0) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e715130,40287401,ffff80002170aff0,3,fffffd807f7b79c0,ffff8000216977b0) at VOP_IOCTL+0x91 vn_ioctl(fffffd8069a9cc48,40287401,ffff80002170aff0,ffff8000216977b0) at vn_ioctl+0xb5 sys_ioctl(ffff8000216977b0,ffff80002170b100,ffff80002170b150) at sys_ioctl+0x4ac syscall(ffff80002170b1d0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xddaeab39d0, count: -9