Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. 2019/12/14 17:25:19 fuzzer started 2019/12/14 17:25:24 dialing manager at 10.128.15.235:1901 2019/12/14 17:25:24 syscalls: 337 2019/12/14 17:25:24 code coverage: enabled 2019/12/14 17:25:24 comparison tracing: enabled 2019/12/14 17:25:24 extra coverage: support is not implemented in syzkaller 2019/12/14 17:25:24 setuid sandbox: enabled 2019/12/14 17:25:24 namespace sandbox: support is not implemented in syzkaller 2019/12/14 17:25:24 Android sandbox: support is not implemented in syzkaller 2019/12/14 17:25:24 fault injection: support is not implemented in syzkaller 2019/12/14 17:25:24 leak checking: support is not implemented in syzkaller 2019/12/14 17:25:24 net packet injection: enabled 2019/12/14 17:25:24 net device setup: support is not implemented in syzkaller 2019/12/14 17:25:24 concurrency sanitizer: support is not implemented in syzkaller 2019/12/14 17:25:24 devlink PCI setup: support is not implemented in syzkaller 17:25:32 executing program 0: chdir(&(0x7f0000000000)='./file0\x00') shmget$private(0x0, 0x2000, 0x600, &(0x7f0000ffb000/0x2000)=nil) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BIOCGETIF(r1, 0x4020426b, &(0x7f0000000080)={""/16, @ifru_flags}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BIOCGSTATS(r1, 0x4008426f, &(0x7f0000000140)) r4 = shmget$private(0x0, 0x1000, 0xcd6cc602f2c9673d, &(0x7f0000ffb000/0x1000)=nil) r5 = geteuid() getsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) getsockopt$sock_cred(r3, 0xffff, 0x1022, &(0x7f0000000200)={0x0, 0x0}, &(0x7f0000000240)=0xc) r8 = getgid() r9 = getpgrp() r10 = getpgid(0x0) shmctl$IPC_SET(r4, 0x1, &(0x7f0000000280)={{0x80000000, r5, r6, r7, r8, 0x1, 0x5}, 0x3, 0x7ff, r9, r10, 0xf49d, 0x0, 0x10}) ioctl$TIOCMBIS(r0, 0x8004746c, &(0x7f0000000300)=0x3) syz_emit_ethernet(0x5c, &(0x7f0000000340)="998a998bd6d25a60ef94bd3b68376e861fa9cb7abdf21535826132e117701d2ce63a81787a26b2c7eafd714939cea948a1c160d47f06276ff90938eb330055543db84d5c6284f3c9b2da22afcd7a38a8aaa70fb6e84213fb52803728") r11 = semget$private(0x0, 0x3, 0x200) semctl$GETPID(r11, 0x4, 0x4, &(0x7f00000003c0)=""/50) r12 = accept$inet(0xffffffffffffff9c, 0x0, &(0x7f0000000400)) accept$inet(r12, &(0x7f0000000440), &(0x7f0000000480)=0xc) ioctl$BIOCSBLEN(r0, 0xc0044266, &(0x7f00000004c0)=0x9) msgget$private(0x0, 0x2) r13 = semget$private(0x0, 0x3, 0x274) r14 = getuid() getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000500)={0x0, 0x0, 0x0}, &(0x7f0000000540)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000580)={0x0, 0x0}, &(0x7f00000005c0)=0xc) getsockopt$SO_PEERCRED(r2, 0xffff, 0x1022, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0xc) semctl$IPC_SET(r13, 0x0, 0x1, &(0x7f0000000640)={{0x800, r14, r15, r16, r17, 0x1}, 0x7ff, 0x6, 0x4}) r18 = shmget(0x3, 0x4000, 0x8, &(0x7f0000ffc000/0x4000)=nil) r19 = geteuid() getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f00000006c0)={0x0, 0x0, 0x0}, &(0x7f0000000700)=0xc) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0xc) r22 = getpgid(0xffffffffffffffff) getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000780)={0x0}, &(0x7f00000007c0)=0xc) shmctl$IPC_SET(r18, 0x1, &(0x7f0000000800)={{0xc5, r19, r20, 0x0, r21, 0x2, 0x5}, 0x5, 0x2c57, r22, r23, 0x800, 0x2, 0x5170}) 17:25:32 executing program 1: acct(&(0x7f0000000000)='./file0\x00') r0 = socket$unix(0x1, 0x0, 0x0) recvmsg(r0, &(0x7f0000002140)={&(0x7f0000000040)=@in, 0xc, &(0x7f0000001100)=[{&(0x7f0000000080)=""/125, 0x7d}, {&(0x7f0000000100)=""/4096, 0x1000}], 0x2, &(0x7f0000001140)=""/4096, 0x1000}, 0x1) socketpair(0x2, 0x2, 0x4, &(0x7f0000002180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt(r2, 0x0, 0x5, &(0x7f00000021c0)="25eaaad90062486633b52e61fc7c1a5cf7ccc86e402f4b56b36aa4a6", 0x1c) r3 = socket$unix(0x1, 0xd, 0x0) setsockopt$sock_int(r3, 0xffff, 0x1001, &(0x7f0000002200), 0x4) r4 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000002240)='/dev/ttyCcfg\x00', 0x200, 0x0) ioctl$VT_SETMODE(r4, 0x80087602, &(0x7f0000002280)={0x0, 0x9, 0x5, 0x1, 0x7}) r5 = dup(0xffffffffffffffff) ioctl$WSDISPLAYIO_GETSCREEN(r5, 0xc0245755, &(0x7f00000022c0)={0x1719, './file0\x00', './file0/file0\x00'}) chroot(&(0x7f0000002300)='./file0/file0\x00') open$dir(&(0x7f0000002340)='./file0\x00', 0x200, 0x2a) utimes(&(0x7f0000002380)='./file0\x00', &(0x7f00000023c0)={{0xf2, 0x1}, {0x100000001, 0xfff}}) setsockopt$sock_timeval(r3, 0xffff, 0x200c, &(0x7f0000002400)={0x43, 0x80000000}, 0x10) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) sendto$inet6(r6, &(0x7f0000002440)="6f25f892aff934ee823846bb48baa7e70074a66bea7a0cb61aa528ddf29d86579356e526b61cbb76ba1afdda4f83dbde76fab0c465c9602c961b70dd623bda1cd29b891b0b41fd0cd9a4116179746a72c4ed79df974312b2d69f0d62f6f38af56b4293c319066f", 0x67, 0x804, 0x0, 0x0) r7 = semget(0x3, 0x2, 0x0) semctl$GETALL(r7, 0x0, 0x6, &(0x7f00000024c0)=""/84) truncate(&(0x7f0000002540)='./file0/file0\x00', 0x0, 0x81) r8 = open(&(0x7f0000002580)='./file0/file0\x00', 0x80, 0x20) ioctl$LIOCSFD(r8, 0x80046c7f, &(0x7f00000025c0)=0xffffffffffffff9c) r9 = accept(r2, 0x0, &(0x7f0000002600)) setsockopt(r9, 0x3, 0x6, &(0x7f0000002640)="900774b2a785f40e8c30de2099ac69989283900095c5fe61d51abd7dc17c3d604d8c91df7a89716be5e6002f95099598a74efa481e1969e8fdd2f88963f3b95e4a5e2ba1ae5919a58851d687d34133604d61d9ab7da866683b431c3ce675154b5cfadedf546569c53f8cee640e73e4c734da1c31f84fda8ee9b2fafb41f1ff99617a53c764a5dc6f52c80197", 0x8c) r10 = accept$inet(r5, 0x0, &(0x7f0000002700)) r11 = dup2(r4, r10) ioctl$WSMUXIO_REMOVE_DEVICE(r11, 0x80085762, &(0x7f0000002740)={0x2}) socket$unix(0x1, 0xb, 0x0) semctl$GETZCNT(r7, 0x1, 0x7, &(0x7f0000002780)=""/131) flock(r9, 0x0) 17:25:33 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) close(r0) r1 = open$dir(&(0x7f0000000280)='./file1\x00', 0x40000400000002c2, 0x0) ftruncate(r1, 0x0, 0x69a88df4) preadv(r0, &(0x7f0000000600)=[{&(0x7f0000000100)=""/37, 0xfffffde0}], 0x1000000000000159, 0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f00000002c0)='q', 0x1}], 0x1) ftruncate(r0, 0x0, 0x20000a) setrlimit(0x7, &(0x7f0000000000)={0x400, 0x7ff}) 17:25:33 executing program 1: writev(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000040)="601036d1000000186004008b00062b", 0xf}], 0x1) ioctl$TIOCFLUSH(0xffffffffffffffff, 0x82907003, &(0x7f0000000040)=0x2) ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f00000000c0)={0x0, 0x0, 0xffffffffffffffff, 0x0, "00000000000000000000000000001000"}) ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0x0, 0x0, {0x0, 0x1}}) r0 = socket(0x18, 0x1, 0x0) close(r0) r1 = socket(0x18, 0x400000002, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) mlockall(0x1) close(r1) openat$speaker(0xffffffffffffff9c, &(0x7f0000000080)='/dev/speaker\x00', 0x200, 0x0) socket(0x400000000018, 0x3, 0x3a) setsockopt(r1, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) r2 = msgget$private(0x0, 0x408) r3 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000300)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETIF(r3, 0x8020426c, &(0x7f00000000c0)={'tap', 0x0}) ioctl$BIOCSETF(r3, 0x80104267, &(0x7f00000000c0)={0x4, &(0x7f00000001c0)=[{0x10001, 0x0, 0x0, 0x8000000000001f}, {0x3c}, {0x61}, {0x4006}]}) r4 = msgget(0x2, 0x20) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) r6 = msgget$private(0x0, 0xfffffffffffffffd) msgsnd(r6, &(0x7f0000000440)=ANY=[], 0x0, 0x0) msgsnd(r6, &(0x7f0000000040)=ANY=[@ANYRES64], 0x1, 0x800) msgrcv(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000831f51f1f32fd93d3b5fc9c5ddf80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0000000000000000000000000000000000000000000000ffffff7f00"/184], 0xfffffffffffffe9f, 0x1, 0x1000) msgsnd(r6, &(0x7f0000000c80)={0x1, "2e1100b0df6d7fcf409def1a1fc1ed341c5533b89b0603ae37c860fe2c09c110ff00f45709d664539e1e381f35071f061ac0e16f328dca5d39656da02489672db6d19f37405111e97aa998473f0e8d1e8f3b32b99730931041cfd6c2df99a9d60031c125814bb6ee11e303000000b33d0000000049ad4ae8d462fcf5fa3b57806356cdb615f058b0fed6706a4d152ed0cea438f8387c3440ba6ba9cc08452fc04250db61cf3bcacfe9d34b6a31de9d05a5615416a1e222dcba8dee9f0cdc7527d27e8a15b700000000000000000000000000000000cd846e9ea6bfe963e86814a576b24813ddfa8130a04b4ad6d8791c698df63e5e23fa327326484829f3f7769669e325cd2485e172bf12"}, 0x44b, 0x800) msgsnd(r6, &(0x7f0000001640)=ANY=[@ANYPTR64=&(0x7f0000000a40)=ANY=[]], 0x1, 0x800) msgrcv(r6, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x78, 0xfffffffffffffffd, 0x1800) msgrcv(r6, &(0x7f0000000240), 0xffffff64, 0x1, 0x0) r7 = geteuid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg(r8, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x28}, 0x0) getsockopt$SO_PEERCRED(r8, 0xffff, 0x1022, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f00000000c0)={0x0, 0x0}, 0xc) r11 = getppid() r12 = fcntl$getown(0xffffffffffffff9c, 0x5) msgctl$IPC_SET(r6, 0x1, &(0x7f0000000980)={{0x2, r7, r9, r10, 0x0, 0x46, 0xffffffff00000001}, 0x100, 0xc07, r11, r12, 0xa5, 0x1, 0x100000000, 0x2}) r13 = msgget$private(0x0, 0xfffffffffffffffd) msgsnd(r13, &(0x7f0000000440)=ANY=[], 0x0, 0x0) msgsnd(r13, &(0x7f0000000040)=ANY=[@ANYRES64], 0x1, 0x800) msgrcv(r13, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000831f51f1f32fd93d3b5fc9c5ddf80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0000000000000000000000000000000000000000000000ffffff7f00"/184], 0xfffffffffffffe9f, 0x1, 0x1000) msgsnd(r13, &(0x7f0000000c80)={0x1, "2e1100b0df6d7fcf409def1a1fc1ed341c5533b89b0603ae37c860fe2c09c110ff00f45709d664539e1e381f35071f061ac0e16f328dca5d39656da02489672db6d19f37405111e97aa998473f0e8d1e8f3b32b99730931041cfd6c2df99a9d60031c125814bb6ee11e303000000b33d0000000049ad4ae8d462fcf5fa3b57806356cdb615f058b0fed6706a4d152ed0cea438f8387c3440ba6ba9cc08452fc04250db61cf3bcacfe9d34b6a31de9d05a5615416a1e222dcba8dee9f0cdc7527d27e8a15b700000000000000000000000000000000cd846e9ea6bfe963e86814a576b24813ddfa8130a04b4ad6d8791c698df63e5e23fa327326484829f3f7769669e325cd2485e172bf12"}, 0x44b, 0x800) msgsnd(r13, &(0x7f0000001640)=ANY=[@ANYPTR64=&(0x7f0000000a40)=ANY=[]], 0x1, 0x800) msgrcv(r13, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x78, 0xfffffffffffffffd, 0x1800) msgrcv(r13, &(0x7f0000000240), 0xffffff64, 0x1, 0x0) r14 = geteuid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg(r15, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x28}, 0x0) getsockopt$SO_PEERCRED(r15, 0xffff, 0x1022, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f00000000c0)={0x0, 0x0}, 0xc) r18 = getppid() r19 = fcntl$getown(0xffffffffffffff9c, 0x5) msgctl$IPC_SET(r13, 0x1, &(0x7f0000000980)={{0x2, r14, r16, r17, 0x0, 0x46, 0xffffffff00000001}, 0x100, 0xc07, r18, r19, 0xa5, 0x1, 0x100000000, 0x2}) r20 = getgid() r21 = fcntl$getown(r3, 0x5) msgctl$IPC_SET(r4, 0x1, &(0x7f0000000200)={{0x35b, r5, r9, r17, r20, 0x40, 0x101}, 0x100000000, 0x4, r21, 0xffffffffffffffff, 0x0, 0x2, 0x7, 0x5}) getsockopt$SO_PEERCRED(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0xc) r23 = getuid() r24 = getgid() r25 = msgget$private(0x0, 0xfffffffffffffffd) msgsnd(r25, &(0x7f0000000440)=ANY=[], 0x0, 0x0) msgsnd(r25, &(0x7f0000000040)=ANY=[@ANYRES64], 0x1, 0x800) msgrcv(r25, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000831f51f1f32fd93d3b5fc9c5ddf80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0000000000000000000000000000000000000000000000ffffff7f00"/184], 0xfffffffffffffe9f, 0x1, 0x1000) msgsnd(r25, &(0x7f0000000c80)={0x1, "2e1100b0df6d7fcf409def1a1fc1ed341c5533b89b0603ae37c860fe2c09c110ff00f45709d664539e1e381f35071f061ac0e16f328dca5d39656da02489672db6d19f37405111e97aa998473f0e8d1e8f3b32b99730931041cfd6c2df99a9d60031c125814bb6ee11e303000000b33d0000000049ad4ae8d462fcf5fa3b57806356cdb615f058b0fed6706a4d152ed0cea438f8387c3440ba6ba9cc08452fc04250db61cf3bcacfe9d34b6a31de9d05a5615416a1e222dcba8dee9f0cdc7527d27e8a15b700000000000000000000000000000000cd846e9ea6bfe963e86814a576b24813ddfa8130a04b4ad6d8791c698df63e5e23fa327326484829f3f7769669e325cd2485e172bf12"}, 0x44b, 0x800) msgsnd(r25, &(0x7f0000001640)=ANY=[@ANYPTR64=&(0x7f0000000a40)=ANY=[]], 0x1, 0x800) msgrcv(r25, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x78, 0xfffffffffffffffd, 0x1800) msgrcv(r25, &(0x7f0000000240), 0xffffff64, 0x1, 0x0) r26 = geteuid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg(r27, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x28}, 0x0) getsockopt$SO_PEERCRED(r27, 0xffff, 0x1022, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f00000000c0)={0x0, 0x0}, 0xc) r30 = getppid() r31 = fcntl$getown(0xffffffffffffff9c, 0x5) msgctl$IPC_SET(r25, 0x1, &(0x7f0000000980)={{0x2, r26, r28, r29, 0x0, 0x46, 0xffffffff00000001}, 0x100, 0xc07, r30, r31, 0xa5, 0x1, 0x100000000, 0x2}) r32 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000300)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETIF(r32, 0x8020426c, &(0x7f00000000c0)={'tap', 0x0}) ioctl$BIOCSETF(r32, 0x80104267, &(0x7f00000000c0)={0x4, &(0x7f00000001c0)=[{0x10001, 0x0, 0x0, 0x8000000000001f}, {0x3c}, {0x61}, {0x4006}]}) r33 = msgget(0x2, 0x20) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) r35 = msgget$private(0x0, 0xfffffffffffffffd) msgsnd(r35, &(0x7f0000000440)=ANY=[], 0x0, 0x0) msgsnd(r35, &(0x7f0000000040)=ANY=[@ANYRES64], 0x1, 0x800) msgrcv(r35, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000831f51f1f32fd93d3b5fc9c5ddf80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0000000000000000000000000000000000000000000000ffffff7f00"/184], 0xfffffffffffffe9f, 0x1, 0x1000) msgsnd(r35, &(0x7f0000000c80)={0x1, "2e1100b0df6d7fcf409def1a1fc1ed341c5533b89b0603ae37c860fe2c09c110ff00f45709d664539e1e381f35071f061ac0e16f328dca5d39656da02489672db6d19f37405111e97aa998473f0e8d1e8f3b32b99730931041cfd6c2df99a9d60031c125814bb6ee11e303000000b33d0000000049ad4ae8d462fcf5fa3b57806356cdb615f058b0fed6706a4d152ed0cea438f8387c3440ba6ba9cc08452fc04250db61cf3bcacfe9d34b6a31de9d05a5615416a1e222dcba8dee9f0cdc7527d27e8a15b700000000000000000000000000000000cd846e9ea6bfe963e86814a576b24813ddfa8130a04b4ad6d8791c698df63e5e23fa327326484829f3f7769669e325cd2485e172bf12"}, 0x44b, 0x800) msgsnd(r35, &(0x7f0000001640)=ANY=[@ANYPTR64=&(0x7f0000000a40)=ANY=[]], 0x1, 0x800) msgrcv(r35, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x78, 0xfffffffffffffffd, 0x1800) msgrcv(r35, &(0x7f0000000240), 0xffffff64, 0x1, 0x0) r36 = geteuid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg(r37, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x28}, 0x0) getsockopt$SO_PEERCRED(r37, 0xffff, 0x1022, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f00000000c0)={0x0, 0x0}, 0xc) r40 = getppid() r41 = fcntl$getown(0xffffffffffffff9c, 0x5) msgctl$IPC_SET(r35, 0x1, &(0x7f0000000980)={{0x2, r36, r38, r39, 0x0, 0x46, 0xffffffff00000001}, 0x100, 0xc07, r40, r41, 0xa5, 0x1, 0x100000000, 0x2}) r42 = msgget$private(0x0, 0xfffffffffffffffd) msgsnd(r42, &(0x7f0000000440)=ANY=[], 0x0, 0x0) msgsnd(r42, &(0x7f0000000040)=ANY=[@ANYRES64], 0x1, 0x800) msgrcv(r42, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000831f51f1f32fd93d3b5fc9c5ddf80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0000000000000000000000000000000000000000000000ffffff7f00"/184], 0xfffffffffffffe9f, 0x1, 0x1000) msgsnd(r42, &(0x7f0000000c80)={0x1, "2e1100b0df6d7fcf409def1a1fc1ed341c5533b89b0603ae37c860fe2c09c110ff00f45709d664539e1e381f35071f061ac0e16f328dca5d39656da02489672db6d19f37405111e97aa998473f0e8d1e8f3b32b99730931041cfd6c2df99a9d60031c125814bb6ee11e303000000b33d0000000049ad4ae8d462fcf5fa3b57806356cdb615f058b0fed6706a4d152ed0cea438f8387c3440ba6ba9cc08452fc04250db61cf3bcacfe9d34b6a31de9d05a5615416a1e222dcba8dee9f0cdc7527d27e8a15b700000000000000000000000000000000cd846e9ea6bfe963e86814a576b24813ddfa8130a04b4ad6d8791c698df63e5e23fa327326484829f3f7769669e325cd2485e172bf12"}, 0x44b, 0x800) msgsnd(r42, &(0x7f0000001640)=ANY=[@ANYPTR64=&(0x7f0000000a40)=ANY=[]], 0x1, 0x800) msgrcv(r42, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x78, 0xfffffffffffffffd, 0x1800) msgrcv(r42, &(0x7f0000000240), 0xffffff64, 0x1, 0x0) r43 = geteuid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg(r44, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x28}, 0x0) getsockopt$SO_PEERCRED(r44, 0xffff, 0x1022, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f00000000c0)={0x0, 0x0}, 0xc) r47 = getppid() r48 = fcntl$getown(0xffffffffffffff9c, 0x5) msgctl$IPC_SET(r42, 0x1, &(0x7f0000000980)={{0x2, r43, r45, r46, 0x0, 0x46, 0xffffffff00000001}, 0x100, 0xc07, r47, r48, 0xa5, 0x1, 0x100000000, 0x2}) r49 = getgid() r50 = fcntl$getown(r32, 0x5) msgctl$IPC_SET(r33, 0x1, &(0x7f0000000200)={{0x35b, r34, r38, r46, r49, 0x40, 0x101}, 0x100000000, 0x4, r50, 0xffffffffffffffff, 0x0, 0x2, 0x7, 0x5}) msgctl$IPC_SET(r2, 0x1, &(0x7f0000000280)={{0x6, r17, r22, r23, r24, 0x100, 0xfff}, 0x100000001, 0x80, r31, r50, 0x5, 0x7, 0x3d, 0x406}) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) write(r1, &(0x7f0000000040)="100a2956b9223776", 0x21d) syz_emit_ethernet(0x8c, &(0x7f0000000100)="83b4d0ec7765cfcd6bb1f73af3e165ca091121180bf99fef3979a9c015c5e47d28569e3d861e66e8dfd1516873b08ebd5da9a6830701226643965be8b347065aabea46eace01467ae8e304646dd3b432c1c4c75a70c536bf7edbcf187879419edf7dad7d384ce7e35f6e26f913efa49b3482ca8b0941223cd37dd1a955e2055e7b4c36da5a283f82337180b3") r51 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x10, 0x0) ioctl$PCIOCREAD(r51, 0xc0107002, &(0x7f0000000200)) 17:25:33 executing program 0: r0 = syz_open_pts() close(r0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x40, 0x0) symlinkat(&(0x7f0000000040)='./file0\x00', r1, &(0x7f00000000c0)='./file0\x00') setrlimit(0x8, &(0x7f0000000000)={0x7, 0x95}) r2 = syz_open_pts() close(r2) syz_open_pts() ioctl$TIOCSETA(r2, 0x80047470, &(0x7f00000004c0)={0x5, 0x0, 0x0, 0x0, "61aa0db11ce9bae3c6514e6ae973739ea78b7ec0"}) writev(r0, &(0x7f0000002a00)=[{&(0x7f0000000440), 0xff52}], 0x1) poll(&(0x7f0000000180)=[{r0, 0x84}], 0x1, 0x0) 17:25:33 executing program 0: r0 = socket(0x11, 0x4003, 0x0) sendto$unix(r0, &(0x7f00000000c0)="b1000504600000000000080000010000000000cacea1fea7fef96ecfc73fd3357ae26caa0416fa4f376336acf00b7804be781e4991f7c8df5f882b297be1aa5b23ed00f4c8b2ca3ebbc257699a1f132e27acb5d602000d7d02070000000000000021e4fd89720fd3872babfbb770c1f5a872c881ff7cc53c894303b22f310b404f36a00f90006ee01be608a371a3f800040000000000000001000000000000000000000000000000000001000000000000", 0xb1, 0x0, 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=[&(0x7f0000000040)='\x00', &(0x7f0000000080)='-*#-\'\x00', &(0x7f0000000180)='\x00'], &(0x7f0000000240)=[&(0x7f0000000200)='},\x00']) pipe(&(0x7f0000000280)={0xffffffffffffffff}) ioctl$TIOCSETVERAUTH(r1, 0x8004741c, &(0x7f00000002c0)=0xffffff8a) 17:25:33 executing program 0: ioctl$VMM_IOC_WRITEREGS(0xffffffffffffffff, 0x82485608, &(0x7f0000000240)={0x4, 0xffff9059, 0x0, {[], [0x0, 0x1, 0x200, 0x0, 0x4, 0x0, 0x1fc], [0x0, 0x0, 0x10000, 0x9, 0xffffffffffffffff, 0x40], [0x0, 0x0, 0x401, 0x10000000], [{0x0, 0x0, 0x0, 0x75ce}, {}, {0x0, 0x0, 0x419}], {0x0, 0xf2ae}}}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x2, 0x0) r1 = socket(0x2, 0xc003, 0x2) setsockopt(r1, 0x0, 0x64, &(0x7f0000000000)="01000000", 0x7b) r2 = openat$diskmap(0xffffffffffffff9c, &(0x7f0000000000)='/dev/diskmap\x00', 0x0, 0x0) dup2(r1, r2) getsockopt(r1, 0x1, 0x0, &(0x7f0000000000)=""/22, &(0x7f0000000040)=0x16) r3 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCFLUSH(r3, 0x8080691a, &(0x7f0000000300)) login: ppaanniic:c: kpeoronel_lc daiacghen_osittice m_amsasegricti_ocnh e"!c_k:ke mrnbeulfp_ll occpku_h elfdr(ee) "l ifsati lmoedd:i ffiielde: "i/steyzmk aalddler r/0mxafnfafgfefrds8/0m6udl54t9icf0o0re+/16k e0rnxe0l!/=sy0sx/7fkfedrna/ak0e1r2n_6fao44rk0.acb" ,Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 332304 83807 0 0 0 1 syz-executor.1 * 20401 98616 0 0x12 0 0 sshd db_enter() at db_enter+0x18 panic(ffffffff821c547b) at panic+0x15c pool_cache_get(ffffffff82621c18) at pool_cache_get+0x323 pool_get(ffffffff82621c18,2) at pool_get+0x91 m_copym(fffffd8068cc0100,b00,580,2) at m_copym+0x174 tcp_output(ffff8000009fd540) at tcp_output+0x15ba tcp_usrreq(fffffd806e955a88,9,fffffd8068cc0100,0,0,ffff800020aa6288) at tcp_usrreq+0xa55 sosend(fffffd806e955a88,0,ffff800020ac1b48,0,0,80) at sosend+0x671 dofilewritev(ffff800020aa6288,4,ffff800020ac1b48,0,ffff800020ac1c30) at dofilewritev+0x1b7 sys_write(ffff800020aa6288,ffff800020ac1be0,ffff800020ac1c30) at sys_write+0x83 syscall(ffff800020ac1cb0) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe14c0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806d549f00+16 0x0!=0x7ffdaa0126a440ab ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff821c547b) at panic+0x15c pool_cache_get(ffffffff82621c18) at pool_cache_get+0x323 pool_get(ffffffff82621c18,2) at pool_get+0x91 m_copym(fffffd8068cc0100,b00,580,2) at m_copym+0x174 tcp_output(ffff8000009fd540) at tcp_output+0x15ba tcp_usrreq(fffffd806e955a88,9,fffffd8068cc0100,0,0,ffff800020aa6288) at tcp_usrreq+0xa55 sosend(fffffd806e955a88,0,ffff800020ac1b48,0,0,80) at sosend+0x671 dofilewritev(ffff800020aa6288,4,ffff800020ac1b48,0,ffff800020ac1c30) at dofilewritev+0x1b7 sys_write(ffff800020aa6288,ffff800020ac1be0,ffff800020ac1c30) at sys_write+0x83 syscall(ffff800020ac1cb0) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe14c0, count: -12 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020ac14e0 rbx 0xffff800020ac1590 rdx 0xffff800020aa6288 rcx 0 rax 0 r8 0xffffffff81400edf kprintf+0x16f r9 0x1 r10 0x25 r11 0x855c318de96d648 r12 0x3000000008 r13 0xffff800020ac14f0 r14 0x100 r15 0x1 rip 0xffffffff815de968 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020ac14d0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (sshd) pid=20401 stat=onproc flags process=12 proc=0 pri=51, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800020aa6c68,0xffff800020aa6ef0 process=0xffff800020aa2728 user=0xffff800020abc000, vmspace=0xfffffd806e798008 estcpu=1, cpticks=3, pctcpu=0.0 user=0, sys=3, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 83807 332304 98055 0 7 0 syz-executor.1 98435 186835 0 0 3 0x14200 acct acct 98055 484525 58731 0 3 0x82 nanosleep syz-executor.1 59198 13130 58731 0 3 0x82 piperd syz-executor.0 58731 58879 64140 0 3 0x82 thrsleep syz-fuzzer 58731 370288 64140 0 3 0x4000082 nanosleep syz-fuzzer 58731 78757 64140 0 3 0x4000082 thrsleep syz-fuzzer 58731 29197 64140 0 3 0x4000082 thrsleep syz-fuzzer 58731 102450 64140 0 3 0x4000082 thrsleep syz-fuzzer 58731 450450 64140 0 3 0x4000082 thrsleep syz-fuzzer 58731 73154 64140 0 3 0x4000082 thrsleep syz-fuzzer 58731 133708 64140 0 3 0x4000082 nanosleep syz-fuzzer 58731 268068 64140 0 3 0x4000082 thrsleep syz-fuzzer 58731 7414 64140 0 2 0x4000002 syz-fuzzer 64140 204167 98616 0 3 0x10008a pause ksh *98616 20401 89888 0 7 0x12 sshd 96617 134804 1 0 3 0x100083 ttyin getty 89888 9574 1 0 3 0x80 select sshd 48047 397311 94951 74 3 0x100092 bpf pflogd 94951 391338 1 0 3 0x80 netio pflogd 42265 479631 54198 73 3 0x100090 kqread syslogd 54198 498421 1 0 3 0x100082 netio syslogd 12202 160478 1 77 3 0x100090 poll dhclient 88996 43363 1 0 3 0x80 poll dhclient 56835 400685 0 0 2 0x14200 zerothread 68188 420099 0 0 3 0x14200 aiodoned aiodoned 59768 490036 0 0 3 0x14200 syncer update 86506 5069 0 0 3 0x14200 cleaner cleaner 15389 139240 0 0 3 0x14200 reaper reaper 11768 141657 0 0 3 0x14200 pgdaemon pagedaemon 78746 82589 0 0 3 0x14200 bored crynlk 52079 272550 0 0 3 0x14200 bored crypto 52537 474601 0 0 3 0x14200 bored viomb 10445 487031 0 0 3 0x40014200 acpi0 acpi0 37039 117531 0 0 3 0x40014200 idle1 9114 236286 0 0 3 0x14200 bored softnet 69799 503992 0 0 3 0x14200 bored systqmp 85922 231673 0 0 3 0x14200 bored systq 25471 477462 0 0 3 0x40014200 bored softclock 27006 399257 0 0 3 0x40014200 idle0 26856 382187 0 0 3 0x14200 bored smr 1 436410 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 1: exclusive sched_lock &sched_lock r = 0 (0xffffffff82658cf0) #0 witness_lock+0x52e #1 sleep_setup+0xe9 #2 msleep+0xe2 #3 taskq_next_work+0xba #4 taskq_thread+0xe5 #5 proc_trampoline+0x1c Process 98616 (sshd) thread 0xffff800020aa6288 (20401) exclusive rwlock netlock r = 0 (0xffffffff82478d78) #0 witness_lock+0x52e #1 solock+0x5a #2 sosend+0x559 #3 dofilewritev+0x1b7 #4 sys_write+0x83 #5 syscall+0x4a4 #6 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9493 6537K 6537K 78643K 10584 0 pcb 13 8K 8K 78643K 21 0 rtable 105 3K 3K 78643K 205 0 ifaddr 44 10K 10K 78643K 47 0 counters 39 33K 33K 78643K 39 0 ioctlops 0 0K 4K 78643K 1469 0 iov 0 0K 8K 78643K 2 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 76K 76K 78643K 1223 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 6 0K 0K 78643K 6 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1810 197K 290K 78643K 12817 0 file desc 5 13K 25K 78643K 42 0 proc 59 63K 95K 78643K 438 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 33 2K 2K 78643K 33 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 30 132K 132K 78643K 30 0 exec 0 0K 1K 78643K 209 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 107 21K 22K 78643K 1053 0 UVM aobj 6 2K 2K 78643K 6 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1 0 NDP 6 0K 0K 78643K 10 0 temp 81 3023K 3087K 78643K 3494 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 21 0 19 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 45 0 35 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 327 0 327 1 0 1 1 0 8 1 tcpcb 544 12 0 8 1 0 1 1 0 8 0 inpcb 280 49 0 42 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 11 0 0 1 0 1 1 0 8 0 pfstkey 112 11 0 0 1 0 1 1 0 8 0 pfstate 328 11 0 0 1 0 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 211 0 0 14 0 14 14 0 8 0 art_table 32 212 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 sysvmsgpl 40 24 0 24 1 0 1 1 0 8 1 semapl 112 4 0 0 1 0 1 1 0 8 0 shmpl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1437 0 28 46 0 46 46 0 8 0 ffsino 272 1437 0 28 95 0 95 95 0 8 1 nchpl 144 1677 0 62 61 0 61 61 0 8 0 uvmvnodes 72 1484 0 0 27 0 27 27 0 8 0 vnodes 208 1484 0 0 79 0 79 79 0 8 0 namei 1024 4303 0 4303 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 4551 0 4549 2 1 1 2 0 8 0 plimitpl 152 19 0 11 1 0 1 1 0 8 0 sigapl 432 241 0 226 3 0 3 3 0 8 1 futexpl 56 251 0 251 1 0 1 1 0 8 1 knotepl 112 53 0 34 1 0 1 1 0 8 0 kqueuepl 104 2 0 0 1 0 1 1 0 8 0 pipepl 160 152 0 133 1 0 1 1 0 8 0 fdescpl 488 242 0 226 3 0 3 3 0 8 0 filepl 152 1231 0 1131 6 1 5 5 0 8 1 lockfpl 104 7 0 6 1 0 1 1 0 8 0 lockfspl 48 4 0 3 1 0 1 1 0 8 0 sessionpl 112 18 0 7 1 0 1 1 0 8 0 pgrppl 48 18 0 7 1 0 1 1 0 8 0 ucredpl 96 51 0 42 1 0 1 1 0 8 0 zombiepl 144 226 0 226 2 1 1 1 0 8 1 processpl 904 259 0 226 4 0 4 4 0 8 0 procpl 632 291 0 249 5 0 5 5 0 8 1 sockpl 384 115 0 96 5 1 4 4 0 8 2 mcl64k 65536 1 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 179 0 0 22 0 22 22 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 185 0 0 12 0 12 12 0 8 0 bufpl 280 8325 0 1340 499 0 499 499 0 8 0 anonpl 16 44723 0 26903 90 1 89 89 0 125 16 amapchunkpl 152 1009 0 877 7 0 7 7 0 158 0 amappl16 192 1312 0 337 61 0 61 61 0 8 12 amappl15 184 64 0 59 1 0 1 1 0 8 0 amappl14 176 29 0 26 1 0 1 1 0 8 0 amappl13 168 1 0 0 1 0 1 1 0 8 0 amappl12 160 17 0 15 2 1 1 1 0 8 0 amappl11 152 51 0 36 1 0 1 1 0 8 0 amappl10 144 12 0 8 1 0 1 1 0 8 0 amappl9 136 602 0 599 1 0 1 1 0 8 0 amappl8 128 123 0 99 1 0 1 1 0 8 0 amappl7 120 111 0 99 1 0 1 1 0 8 0 amappl6 112 64 0 55 1 0 1 1 0 8 0 amappl5 104 127 0 113 1 0 1 1 0 8 0 amappl4 96 497 0 465 2 1 1 2 0 8 0 amappl3 88 115 0 107 1 0 1 1 0 8 0 amappl2 80 1014 0 946 3 1 2 3 0 8 0 amappl1 72 15415 0 14977 27 13 14 21 0 8 4 amappl 80 536 0 494 2 0 2 2 0 84 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 5 0 0 1 0 1 1 0 8 0 uaddrrnd 24 242 0 226 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 242 0 226 1 0 1 1 0 8 0 vmmpekpl 168 5860 0 5831 2 0 2 2 0 8 0 vmmpepl 168 37974 0 35849 140 6 134 134 0 357 41 vmsppl 368 241 0 226 2 0 2 2 0 8 0 pdppl 4096 491 0 452 7 1 6 6 0 8 1 pvpl 32 139505 0 118604 209 1 208 208 0 265 36 pmappl 232 241 0 226 2 0 2 2 0 8 1 extentpl 40 50 0 32 1 0 1 1 0 8 0 phpool 112 171 0 5 5 0 5 5 0 8 0