kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Mon Nov 18 15:32:32 PST 2019 OpenBSD/amd64 (ci-openbsd-main-6.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. 2019/11/18 15:32:52 fuzzer started 2019/11/18 15:32:55 dialing manager at 10.128.15.235:28351 2019/11/18 15:32:55 syscalls: 337 2019/11/18 15:32:55 code coverage: enabled 2019/11/18 15:32:55 comparison tracing: enabled 2019/11/18 15:32:55 extra coverage: support is not implemented in syzkaller 2019/11/18 15:32:55 setuid sandbox: enabled 2019/11/18 15:32:55 namespace sandbox: support is not implemented in syzkaller 2019/11/18 15:32:55 Android sandbox: support is not implemented in syzkaller 2019/11/18 15:32:55 fault injection: support is not implemented in syzkaller 2019/11/18 15:32:55 leak checking: support is not implemented in syzkaller 2019/11/18 15:32:55 net packet injection: enabled 2019/11/18 15:32:55 net device setup: support is not implemented in syzkaller 2019/11/18 15:32:55 concurrency sanitizer: support is not implemented in syzkaller 2019/11/18 15:32:55 devlink PCI setup: support is not implemented in syzkaller 15:33:01 executing program 0: fcntl$getown(0xffffffffffffff9c, 0x5) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20000, 0x26) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x21) r2 = dup2(r0, r1) getsockname$inet6(0xffffffffffffff9c, &(0x7f0000000080), &(0x7f00000000c0)=0xc) getpid() r3 = dup2(0xffffffffffffff9c, r0) read(r3, &(0x7f0000000100)=""/69, 0x45) fcntl$setown(r3, 0x6, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) getsockopt$sock_linger(r4, 0xffff, 0x80, &(0x7f00000001c0), &(0x7f0000000200)=0x8) r5 = socket$unix(0x1, 0x2, 0x0) fcntl$setstatus(r5, 0x4, 0x4) ioctl$WSMOUSEIO_SRES(r1, 0x80045721, &(0x7f0000000240)=0x7) r6 = fcntl$dupfd(0xffffffffffffff9c, 0x5, r1) ioctl$BIOCLOCK(r6, 0x20004276) getpid() close(0xffffffffffffffff) ioctl$BIOCSDIRFILT(r2, 0x8004427d, &(0x7f0000000280)=0x6) r7 = semget$private(0x0, 0x2, 0x80) semop(r7, &(0x7f00000002c0)=[{0x3, 0x6, 0x1000}], 0x1) chdir(&(0x7f0000000300)='./file0\x00') socket$unix(0x1, 0x1, 0x0) fcntl$getown(r1, 0x5) getpid() accept$inet6(r0, &(0x7f0000000340), &(0x7f0000000380)=0xc) r8 = syz_open_pts() r9 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ttyCcfg\x00', 0x40, 0x0) poll(&(0x7f0000000400)=[{r8, 0x80}, {r1, 0x4}, {r9, 0x2}], 0x3, 0x400) flock(r0, 0x4) 15:33:01 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt(r0, 0x24, 0x8, &(0x7f0000000040)=""/78, &(0x7f00000000c0)=0x4e) r2 = openat$vmm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vmm\x00', 0x81, 0x0) ioctl$VMM_IOC_CREATE(r2, 0xc5005601, &(0x7f0000000140)={0x10, 0x2, 0x4, 0x4, [{&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil}, {&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0xc000000000000000}, {&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x81}, {&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0xbcb}, {&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x101}, {&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x7ff}, {&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x5}, {&(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x9}, {&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x1}, {&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x21f}, {&(0x7f0000c00000/0x400000)=nil, &(0x7f0000fee000/0x11000)=nil}, {&(0x7f0000d12000/0x2000)=nil, &(0x7f0000e78000/0x2000)=nil, 0x7}, {&(0x7f0000d72000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x3}, {&(0x7f0000fd3000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x6}, {&(0x7f0000cd9000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x7fffffff}, {&(0x7f0000ced000/0x2000)=nil, &(0x7f0000ff6000/0x7000)=nil, 0x1}], ['./file0\x00', './file0\x00', './file0\x00', './file0\x00'], './file0\x00', './file0\x00', './file0\x00', ['./file', './file', './file', './file'], 0x5}) ioctl$VMM_IOC_RESETCPU(0xffffffffffffff9c, 0x82405605, &(0x7f0000000640)={0x9, 0xffff447a, {[0x3, 0x80000001, 0x80000001, 0x101, 0x9, 0xfffffffffffffffc, 0x1000, 0x7ff, 0x650, 0x1f, 0x4, 0x5, 0x6, 0x20, 0x2, 0x101, 0x7, 0x7f], [0x4, 0x7ff, 0x5, 0x1f, 0xffffffff00000001, 0x871, 0x80, 0xad, 0x6, 0x4], [0x100, 0x5, 0x9, 0xfffffffffffffffe, 0x7fff, 0x2, 0x401], [0x20, 0x4, 0x3f, 0x7fff, 0x0, 0x5], [{0xffff, 0x7, 0x1ff, 0x2}, {0x5b7, 0xae54, 0x100, 0xff}, {0x7f, 0x800, 0x3, 0x2}, {0x8, 0xd0d, 0x80000001, 0x40}, {0x96, 0x80000000, 0x101, 0x5d9}, {0x40, 0xfe73, 0x2, 0xcde3}, {0xfff7, 0x6, 0x9bf, 0x7fffffff}, {0x200, 0x8001, 0x8, 0x8}], {0xffff, 0x101, 0x1ff, 0x852}, {0x8, 0xf0a8, 0x0, 0x7ff}}}) getsockopt$sock_cred(r1, 0xffff, 0x1022, &(0x7f00000008c0)={0x0, 0x0}, &(0x7f0000000900)=0xc) r4 = getgid() lchown(&(0x7f0000000880)='./file0\x00', r3, r4) getsockopt(r1, 0x81, 0x9daa, &(0x7f0000000940)=""/43, &(0x7f0000000980)=0x2b) getsockopt(r0, 0x8, 0x3, &(0x7f00000009c0)=""/4096, &(0x7f00000019c0)=0x1000) recvmsg(r0, &(0x7f0000001d40)={&(0x7f0000001a00)=@in6, 0xc, &(0x7f0000001c40)=[{&(0x7f0000001a40)=""/104, 0x68}, {&(0x7f0000001ac0)=""/159, 0x9f}, {&(0x7f0000001b80)=""/191, 0xbf}], 0x3, &(0x7f0000001c80)=""/137, 0x89}, 0x2) setsockopt(r1, 0x0, 0x40, &(0x7f0000001d80)="c40035983d2641591a2b0d116eb578251320f4587c764d1196cf0a04dbd421bb25722f40f646305061c2f2a88e59e777209f857d13787e4783f3dff1bab2ea730c5badade417d4d0e7d2b61633f536f5602987fe41bcee6a41a7177383c22374d638e60df90f9b55ecb64437276c02c359af5db497e1f164232ba4586e2920e727c17390afd1e89d20809a720dea74dbfbfedf939d245f3d83789b58924de4", 0x9f) r5 = socket$unix(0x1, 0x52a0f95f7a1bef13, 0x0) sendmsg(r5, &(0x7f0000002180)={&(0x7f0000001e40)=@un=@file={0x0, './file0\x00'}, 0xa, &(0x7f0000001f80)=[{&(0x7f0000001e80)="1b500d5f88f7f68c51a5deccc1f53c4caaf820e5f45e916bb2cfd924c43f4be1edf316bfffb6bab0a2ce96b61a9ec775b17207744a12252b52dcecea0e8e621a39058b4d1fb4efb14bde25d58572bcd614703cdc7fd1120b137100689078ea228c88f062206830916abdd0c1fde2edd8435dc350cd07cf27b749e45c16185d02b37d57e4bcddc5a2cf6b19ba2d597501ea0aa4a921db9822e2b74c214cb9ec4dcd21626a6b76a9ff97b92c9d8568298708e7354599173e0637d4d7128af50157468cc8c12b083589a662b6b61b1a6d4db975c18ad5e58b77", 0xd8}], 0x1, &(0x7f0000001fc0)=[{0xc8, 0xffff, 0x97cd, "d349adf19a0154845ebf3f0b3063d892100525faebfb52cdb947cf5396ef495d1765abd13731f0272bfa98ea6857f4dedceeb78ce783ae1d8d256f275478ce012fcdf49818e7dcc7071299ff6b1fcb8aa7501f7b293f53d13a51cb0d30f2df8c414c5c73662a4ffcd43a194a4ceadf72155b3f877dfd5c322929e55999abcb2b98450898eb20e1b6e9a9da34f6e6ce66b644e2f176524a7faae2351610200d58406b96caa7744e2705805bf14ffa9555194a"}, {0xd0, 0x1, 0x81, "18be633bd1782e5e28a1c6f334825ec4f21f4ca84ffba88943fda9c40da774da0e85378736990533845b3fbdad6746a81bad08eee6a9950cd520382c811c3783caa34c932833a9a5f5f91e761e581b3cc485a03d8a54090e8416a8d39677f13d5ce72d66f1dc3f2322bfd07ca07fb14b862a4f7c89d675909f194813215a5df807c5c6790f37275a90989168206d06e716f2616d506d34717a29ab682cade7ea36eff94cb0a0e630baf15fc29d88319e5f7aad9958ad601b036b"}, {0x28, 0xfffe, 0xd3e, "7dfb716accd73601cfa9ff69d9eab09670344dfafc903e"}], 0x1c0}, 0x1) r6 = getpgrp() getpgid(r6) r7 = openat$wsmuxkbd(0xffffffffffffff9c, &(0x7f00000021c0)='/dev/wskbd\x00', 0x80, 0x0) ioctl$FIONBIO(r7, 0x8004667e, &(0x7f0000002200)=0x7) setsockopt(0xffffffffffffffff, 0x4cef0, 0x20, &(0x7f0000002240)="54eb8e565ddd1d694ddd9661865b6d14dbae4402c5cf1be44cb2623538d896a269450c4beb1922a814020a0ec02addd5a3f7d0a6ac5a99b475ed95f3c31a81e08acec43b5c3ecddb0fbd32968dfede18308f304493", 0x55) socketpair(0x10, 0x3, 0xbe, &(0x7f00000022c0)) r8 = fcntl$dupfd(0xffffffffffffff9c, 0x5, r0) ioctl$WSDISPLAYIO_DELSCREEN(r8, 0x80085754, &(0x7f0000002300)={0x3ff, 0x1}) pipe(&(0x7f0000002340)={0xffffffffffffffff, 0xffffffffffffffff}) listen(r9, 0x4) r10 = fcntl$dupfd(r9, 0x0, 0xffffffffffffffff) ioctl$TIOCCBRK(r10, 0x2000747a) r11 = openat$zero(0xffffffffffffff9c, &(0x7f0000002380)='/dev/zero\x00', 0x400, 0x0) ioctl$VMM_IOC_INTR(r11, 0x800c5606, &(0x7f00000023c0)={0x7, 0x5, 0x6}) r12 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000002400)='/dev/ttyCcfg\x00', 0x80, 0x0) flock(r12, 0x7fc92eb69d9e5c4b) login: pckbd_enable: command error 15:33:02 executing program 1: chown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x100000000000000b, &(0x7f00000000c0)='\x00', 0x1) setsockopt(r0, 0x0, 0x800000000000a, &(0x7f0000000000), 0x0) r1 = socket(0x800000018, 0x2, 0x0) setsockopt(r1, 0x6, 0x4, &(0x7f0000000000), 0x0) getsockname(r1, &(0x7f0000000080)=@un=@file={0x0, ""/96}, &(0x7f0000000100)=0x62) r2 = socket$inet6(0x18, 0x8000, 0x1) listen(r2, 0x7fff) mknod(&(0x7f0000000040)='./file0\x00', 0x2003, 0x1700) r3 = open$dir(&(0x7f0000000140)='./file0\x00', 0x34532, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) geteuid() r5 = socket$unix(0x1, 0x5, 0x0) setsockopt$sock_int(r5, 0xffff, 0x1023, 0x0, 0x0) getsockopt$sock_cred(r5, 0xffff, 0x1022, &(0x7f0000000300), &(0x7f0000000640)=0xc) r6 = msgget$private(0x0, 0xfffffffffffffffd) msgsnd(r6, &(0x7f0000000440)=ANY=[], 0x0, 0x0) r7 = msgget(0x0, 0x10) r8 = syz_open_pts() close(r8) writev(r8, &(0x7f0000002a00)=[{&(0x7f0000000440), 0xff52}], 0x1) ioctl$TIOCSTOP(r8, 0x2000746f) writev(r8, &(0x7f0000000700)=[{&(0x7f00000003c0)='G', 0x1}], 0x1) r9 = syz_open_pts() ioctl$TIOCSETA(r9, 0x802c7414, &(0x7f0000000000)={0x27de, 0x0, 0x5c11, 0xa995, "373f00000000f5000010ae63f33c1eaa9300"}) r10 = syz_open_pts() ioctl$TIOCSETA(r10, 0x802c7414, &(0x7f0000000000)={0x27de, 0x0, 0x5c11, 0xa995, "373f00000000f5000010ae63f33c1eaa9300"}) r11 = syz_open_pts() ioctl$TIOCSETA(r11, 0x802c7414, &(0x7f0000000000)={0x27de, 0x0, 0x5c11, 0xa995, "373f00000000f5000010ae63f33c1eaa9300"}) r12 = syz_open_pts() close(r12) writev(r12, &(0x7f0000002a00)=[{&(0x7f0000000440), 0xff52}], 0x1) ioctl$TIOCSTOP(r12, 0x2000746f) writev(r12, &(0x7f0000000700)=[{&(0x7f00000003c0)='G', 0x1}], 0x1) r13 = syz_open_pts() ioctl$TIOCSETA(r13, 0x802c7414, &(0x7f0000000000)={0x27de, 0x0, 0x5c11, 0xa995, "373f00000000f5000010ae63f33c1eaa9300"}) r14 = syz_open_pts() close(r14) writev(r14, &(0x7f0000002a00)=[{&(0x7f0000000440), 0xff52}], 0x1) ioctl$TIOCSTOP(r14, 0x2000746f) writev(r14, &(0x7f0000000700)=[{&(0x7f00000003c0)='G', 0x1}], 0x1) r15 = syz_open_pts() close(r15) writev(r15, &(0x7f0000002a00)=[{&(0x7f0000000440), 0xff52}], 0x1) ioctl$TIOCSTOP(r15, 0x2000746f) writev(r15, &(0x7f0000000700)=[{&(0x7f00000003c0)='G', 0x1}], 0x1) r16 = syz_open_pts() ioctl$TIOCSETA(r16, 0x802c7414, &(0x7f0000000000)={0x27de, 0x0, 0x5c11, 0xa995, "373f00000000f5000010ae63f33c1eaa9300"}) r17 = syz_open_pts() ioctl$TIOCSETA(r17, 0x802c7414, &(0x7f0000000000)={0x27de, 0x0, 0x5c11, 0xa995, "373f00000000f5000010ae63f33c1eaa9300"}) r18 = syz_open_pts() close(r18) writev(r18, &(0x7f0000002a00)=[{&(0x7f0000000440), 0xff52}], 0x1) ioctl$TIOCSTOP(r18, 0x2000746f) writev(r18, &(0x7f0000000700)=[{&(0x7f00000003c0)='G', 0x1}], 0x1) r19 = syz_open_pts() close(r19) writev(r19, &(0x7f0000002a00)=[{&(0x7f0000000440), 0xff52}], 0x1) ioctl$TIOCSTOP(r19, 0x2000746f) writev(r19, &(0x7f0000000700)=[{&(0x7f00000003c0)='G', 0x1}], 0x1) r20 = syz_open_pts() close(r20) writev(r20, &(0x7f0000002a00)=[{&(0x7f0000000440), 0xff52}], 0x1) ioctl$TIOCSTOP(r20, 0x2000746f) writev(r20, &(0x7f0000000700)=[{&(0x7f00000003c0)='G', 0x1}], 0x1) r21 = syz_open_pts() close(r21) writev(r21, &(0x7f0000002a00)=[{&(0x7f0000000440), 0xff52}], 0x1) ioctl$TIOCSTOP(r21, 0x2000746f) writev(r21, &(0x7f0000000700)=[{&(0x7f00000003c0)='G', 0x1}], 0x1) r22 = syz_open_pts() ioctl$TIOCSETA(r22, 0x802c7414, &(0x7f0000000000)={0x27de, 0x0, 0x5c11, 0xa995, "373f00000000f5000010ae63f33c1eaa9300"}) r23 = syz_open_pts() close(r23) writev(r23, &(0x7f0000002a00)=[{&(0x7f0000000440), 0xff52}], 0x1) ioctl$TIOCSTOP(r23, 0x2000746f) writev(r23, &(0x7f0000000700)=[{&(0x7f00000003c0)='G', 0x1}], 0x1) msgsnd(r7, &(0x7f00000002c0)=ANY=[@ANYPTR64=&(0x7f00000004c0)=ANY=[@ANYPTR64=&(0x7f00000008c0)=ANY=[@ANYRES32=r4, @ANYPTR64=&(0x7f0000000800)=ANY=[@ANYPTR64, @ANYPTR64, @ANYRESDEC=r15, @ANYBLOB="422aa1d9617171faaac3c86c7a4b8bf1df0ceeaf278cb7afce9299506fc1eab932577d5f874840c342b3a64c10c397374607938277a45ca7029d36ee70869072260961776f2c79823746753824cb68dd66265ee80dff46946ae47a95fd7b", @ANYRES32=r6], @ANYRESHEX=r21, @ANYRESDEC, @ANYRES16, @ANYRES16, @ANYRES64=r22, @ANYBLOB="a6067b5e1a15f9d4961d03bc96511dba0ed64ae84ceabf67241371121e4dd69c73be6b12ac38b2d8f55244ce30d608d4862f4e624bd1ca3e655a9fff1deffd7921c00f0e682448c2935ef48966da5ec348f9ee8ecd598e45864009f34c836811fa4f267bf434c7ae5e970f1d9e9c3e9c892d7931cd8d97dc2a923fefacebca0274ed20b174cb48632289e6bdaa3cff4b91a84f6e1b", @ANYRESDEC=0x0, @ANYRESHEX=r23], @ANYPTR=&(0x7f0000000580)=ANY=[@ANYRES64=r20, @ANYRESOCT=r14], @ANYRES16=r15]], 0x1, 0x800) msgsnd(r6, &(0x7f0000000a00)=ANY=[@ANYBLOB="01000000000000002e1100b0df6d7fcf409def1a1fc1ed341c5533b89b0603ae37c860fe942f7ce2212c09c110ff00f45709d664539e1e381f0900000000000000328dca5d39656da02489672db6d19f37405111e97aa998473f0e8d1e8f3b32b9973000000000d6c2df99a9d60031c125810bb6ee11e303000000b33d0000000049ad4ae8d462fcf5fa3b57806356cdb615f058b0fed6706a4d152ed0cea438f8387c3440ba6ba9cc08452fc04250db61cf3bcacfe9d34b6a31de9d05a5615416a1e222dcba8dee9f0cdc7527d27e8a15b700000000000000000000000000000000cd846e9ea6bfe963e86814a576b24813ddfa8130a04b4ad6d8791c698df63e5e23fa327326484829f3f7769669e325cd2485e172bf12"], 0x44b, 0x800) msgsnd(r6, &(0x7f0000001640)=ANY=[@ANYPTR64=&(0x7f0000000a40)=ANY=[]], 0x1, 0x800) msgrcv(r6, &(0x7f0000000180)=ANY=[@ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00'], 0x1, 0xfffffffffffffffd, 0x1800) 15:33:03 executing program 0: connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="62020207e0000001"], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x1, 0x0) setsockopt(r0, 0x29, 0x80000000000000c, &(0x7f0000000140)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) r1 = socket(0x2, 0x8002, 0x0) r2 = socket(0x18, 0x1, 0x0) setsockopt(r2, 0x29, 0xc, &(0x7f0000000140)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) setsockopt(r2, 0x80000000000029, 0xd, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) recvfrom(r2, &(0x7f0000000180)=""/4096, 0x1000, 0xa2, &(0x7f0000000040)=@in={0x2, 0x3}, 0xc) connect$unix(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="62020207e00000012000"], 0x10) write(r1, 0x0, 0x0) 15:33:03 executing program 1: r0 = openat$vmm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vmm\x00', 0x0, 0x0) mmap(&(0x7f000071c000/0x400000)=nil, 0x400000, 0x3, 0x4810, 0xffffffffffffffff, 0x0, 0x8000) write(r0, &(0x7f0000000080)="360e66cef4957c809a278523c4ae5d68dfbe521790b902d99fd4c0f9955c7c8222b7e0b95f2382953803158b135fa1e3681a77a9f52994400385d9163c0228d3", 0x40) r1 = kqueue() kevent(r1, &(0x7f0000000000), 0x8, 0x0, 0x3fffffd, 0x0) renameat(r1, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000040)='./file0\x00') munmap(&(0x7f00008fb000/0x1000)=nil, 0x1000) r2 = shmget(0xffffffffffffffff, 0x2000, 0x10d, &(0x7f0000000000/0x2000)=nil) shmat(r2, &(0x7f0000001000/0x2000)=nil, 0x0) shmat(r2, &(0x7f0000a99000/0x1000)=nil, 0x1000) r3 = socket$inet6(0x18, 0x2, 0x0) setsockopt(r3, 0x80, 0x5, &(0x7f00000000c0)="d3023669fb422c44782a87b81aba1a0edfe98bb6649b708254920db94dffb11585e036ee043e623ad2415a697e4fedd38726cc3bdc74fd2e922e6d30742f08e8b2077e12acffb509ef69e02de1e8dfef7ae02d60d36cb3cef660323949d5d85c3bc361605870c4c74cc8ebff193c39b480716a92ede9d8a3740adfe0f552b6d1c525f8663c57e0d6a26e973f1f9b4202072e30642888858f2ebe82f4c8942f0597c803d6a38144830ff7bec24c2b081bd52ffe939216ce078a", 0xb9) ioctl$VMM_IOC_WRITEREGS(r0, 0xc5005601, &(0x7f0000000580)={0x1, 0x0, 0x1, {[0x0, 0x0, 0x0, 0x20800000, 0x200000]}}) 15:33:03 executing program 0: r0 = syz_open_pts() fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x100000000}) r1 = openat$wsmuxkbd(0xffffffffffffff9c, &(0x7f0000000040)='/dev/wskbd\x00', 0x8110, 0x0) r2 = getpgrp() ktrace(&(0x7f0000000040)='./file0\x00', 0x4, 0x612, r2) ktrace(&(0x7f0000000040)='./file0\x00', 0x4, 0x612, r2) execve(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)=[&(0x7f0000000140)='(\x92\x00'], &(0x7f0000000340)=[&(0x7f0000000200)='($%@(})[\x00', &(0x7f0000000240)='/dev/null\x00', &(0x7f0000000280)='/dev/wskbd\x00', &(0x7f00000002c0)='/dev/null\x00', &(0x7f0000000300)='\x00']) openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x1, 0x0) r3 = fcntl$getown(r1, 0x5) fcntl$lock(r0, 0x9, &(0x7f0000000080)={0x0, 0x2, 0x1, 0xfff, r3}) fcntl$lock(r0, 0x9, &(0x7f0000000000)={0x0, 0x0, 0x400000000000bb, 0x200000005}) pckbd_enable: command error panic: amap_pp_adjref: negative reference count Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *210269 88264 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 panic() at panic+0x15c amap_pp_adjref(fffffd8029b5db48,7f0,200,1) at amap_pp_adjref+0x59e uvm_mapent_clone(ffff800000a78300,0,200000,7f0000,7,7) at uvm_mapent_clone+0x14c uvm_share(ffff800000a78300,0,7,fffffd803f011330,20800000,200000) at uvm_share+0x4b4 vm_impl_init_vmx(ffff800017969a68,ffff8000ffff38c8) at vm_impl_init_vmx+0xf1 vm_create(ffff800000a6f000,ffff8000ffff38c8) at vm_create+0x193 VOP_IOCTL(fffffd8037c8e820,c5005601,ffff800000a6f000,1,fffffd803f7c6a80,ffff8000ffff38c8) at VOP_IOCTL+0x88 vn_ioctl(fffffd802f089e98,c5005601,ffff800000a6f000,ffff8000ffff38c8) at vn_ioctl+0xb7 sys_ioctl(ffff8000ffff38c8,ffff80001491a1b8,ffff80001491a200) at sys_ioctl+0x5b9 syscall(ffff80001491a280) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xdb2ca7b1040, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic amap_pp_adjref: negative reference count ddb> trace db_enter() at db_enter+0x18 panic() at panic+0x15c amap_pp_adjref(fffffd8029b5db48,7f0,200,1) at amap_pp_adjref+0x59e uvm_mapent_clone(ffff800000a78300,0,200000,7f0000,7,7) at uvm_mapent_clone+0x14c uvm_share(ffff800000a78300,0,7,fffffd803f011330,20800000,200000) at uvm_share+0x4b4 vm_impl_init_vmx(ffff800017969a68,ffff8000ffff38c8) at vm_impl_init_vmx+0xf1 vm_create(ffff800000a6f000,ffff8000ffff38c8) at vm_create+0x193 VOP_IOCTL(fffffd8037c8e820,c5005601,ffff800000a6f000,1,fffffd803f7c6a80,ffff8000ffff38c8) at VOP_IOCTL+0x88 vn_ioctl(fffffd802f089e98,c5005601,ffff800000a6f000,ffff8000ffff38c8) at vn_ioctl+0xb7 sys_ioctl(ffff8000ffff38c8,ffff80001491a1b8,ffff80001491a200) at sys_ioctl+0x5b9 syscall(ffff80001491a280) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xdb2ca7b1040, count: -12 ddb> show registers rdi 0 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800014919b10 rbx 0xffff800014919bc0 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800015923000 rax 0xffff800000a67ac0 r8 0xffff800014919ad0 r9 0x1 r10 0xffff800000a67ac0 r11 0x6402d0d08f1e0f3c r12 0x3000000008 r13 0xffff800014919b20 r14 0x100 r15 0x1 rip 0xffffffff81056c28 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014919b00 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=210269 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2ee8,0xffff8000ffff2a08 process=0xffff8000ffff6a30 user=0xffff800014915000, vmspace=0xfffffd803f011330 estcpu=36, cpticks=79, pctcpu=20.28 user=0, sys=11478, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 21262 511996 17714 0 2 0 syz-executor.0 21262 64158 17714 0 3 0x4000080 fsleep syz-executor.0 21262 449751 17714 0 3 0x4000080 fsleep syz-executor.0 88264 495038 36852 0 2 0 syz-executor.1 *88264 210269 36852 0 7 0x4000000 syz-executor.1 12610 336042 0 0 3 0x14200 bored sosplice 36852 485240 2128 0 2 0x482 syz-executor.1 17714 362306 2128 0 2 0x482 syz-executor.0 2128 205982 14208 0 3 0x82 thrsleep syz-fuzzer 2128 402056 14208 0 2 0x4000482 syz-fuzzer 2128 345785 14208 0 3 0x4000082 kqread syz-fuzzer 2128 449759 14208 0 3 0x4000082 thrsleep syz-fuzzer 2128 431988 14208 0 3 0x4000082 thrsleep syz-fuzzer 2128 267630 14208 0 2 0x4000482 syz-fuzzer 2128 204653 14208 0 3 0x4000082 thrsleep syz-fuzzer 14208 179630 92353 0 3 0x10008a pause ksh 92353 269284 97283 0 3 0x92 select sshd 51905 451144 1 0 3 0x100083 ttyin getty 97283 504291 1 0 3 0x80 select sshd 87158 117676 57052 73 2 0x100490 syslogd 57052 19611 1 0 3 0x100082 netio syslogd 32596 317296 1 77 3 0x100090 poll dhclient 25381 517923 1 0 3 0x80 poll dhclient 81398 219427 0 0 2 0x14200 zerothread 34034 169153 0 0 3 0x14200 aiodoned aiodoned 23268 159102 0 0 2 0x14200 update 77930 3914 0 0 3 0x14200 cleaner cleaner 91111 189686 0 0 3 0x14200 reaper reaper 18340 16981 0 0 3 0x14200 pgdaemon pagedaemon 64712 220538 0 0 3 0x14200 bored crynlk 99287 199364 0 0 3 0x14200 bored crypto 82903 193024 0 0 3 0x40014200 acpi0 acpi0 27837 318238 0 0 2 0x14200 softnet 67152 513303 0 0 2 0x14200 systqmp 72923 49707 0 0 3 0x14200 bored systq 87648 36118 0 0 2 0x40014200 softclock 48961 172178 0 0 3 0x40014200 idle0 37800 177324 0 0 3 0x14200 bored smr 1 257007 0 0 3 0x82 wait init 0 0 -1 0 2 0x10200 swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9453 6331K 6331K 78643K 10551 0 0 pcb 13 8K 8K 78643K 13 0 0 rtable 105 3K 3K 78643K 191 0 0 ifaddr 39 10K 10K 78643K 39 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 1 2K 2K 78643K 18 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1212 76K 76K 78643K 1234 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 3 5K 5K 78643K 3 0 0 VM map 3 0K 0K 78643K 3 0 0 sem 4 0K 0K 78643K 4 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1794 195K 288K 78643K 12646 0 0 file desc 6 17K 25K 78643K 40 0 0 proc 47 38K 63K 78643K 358 0 0 subproc 32 2K 2K 78643K 34 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 8 0 0 in_multi 33 2K 2K 78643K 37 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 48 212K 212K 78643K 48 0 0 exec 0 0K 1K 78643K 182 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 105 34K 34K 78643K 924 0 0 UVM aobj 3 2K 2K 78643K 3 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 5 0K 0K 78643K 9 0 0 temp 66 3524K 3588K 78643K 3177 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 37 0 29 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 278 0 278 1 0 1 1 0 8 1 tcpcb 544 14 0 10 1 0 1 1 0 8 0 inpcb 280 43 0 35 2 0 2 2 0 8 1 nd6 48 4 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 212 0 0 14 0 14 14 0 8 0 art_table 32 213 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 4 1 0 1 1 0 8 0 semapl 112 2 0 0 1 0 1 1 0 8 0 shmpl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1436 0 40 46 0 46 46 0 8 0 ffsino 240 1436 0 40 83 0 83 83 0 8 0 nchpl 144 1686 0 78 60 0 60 60 0 8 0 uvmvnodes 72 1479 0 0 27 0 27 27 0 8 0 vnodes 208 1479 0 0 78 0 78 78 0 8 0 namei 1024 4095 0 4095 1 0 1 1 0 8 1 vmpool 520 1 0 0 1 0 1 1 0 8 0 scxspl 192 4488 0 4488 8 1 7 7 0 8 7 plimitpl 152 14 0 7 1 0 1 1 0 8 0 sigapl 432 210 0 196 2 0 2 2 0 8 0 futexpl 56 326 0 324 1 0 1 1 0 8 0 knotepl 112 53 0 34 1 0 1 1 0 8 0 kqueuepl 104 3 0 0 1 0 1 1 0 8 0 pipepl 128 134 0 115 2 1 1 1 0 8 0 fdescpl 424 211 0 196 2 0 2 2 0 8 0 filepl 120 1148 0 1046 4 0 4 4 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 145 0 138 1 0 1 1 0 8 0 zombiepl 144 196 0 196 2 1 1 1 0 8 1 processpl 864 226 0 196 4 0 4 4 0 8 0 procpl 632 249 0 210 4 0 4 4 0 8 0 sockpl 384 99 0 81 4 0 4 4 0 8 2 mcl8k 8192 2 0 2 1 0 1 1 0 8 1 mcl4k 4096 8 0 8 1 1 0 1 0 8 0 mcl2k 2048 69876 0 69821 20 4 16 17 0 8 8 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 110310 0 110177 13 2 11 11 0 8 2 bufpl 256 6104 0 1327 299 0 299 299 0 8 0 anonpl 16 39640 0 20342 80 2 78 78 0 62 0 amapchunkpl 152 1049 0 884 9 0 9 9 0 158 2 amappl16 192 1171 0 120 53 0 53 53 0 8 0 amappl15 184 18 0 14 1 0 1 1 0 8 0 amappl14 176 46 0 40 1 0 1 1 0 8 0 amappl13 168 1 0 1 1 1 0 1 0 8 0 amappl12 160 2 0 2 1 1 0 1 0 8 0 amappl11 152 52 0 41 1 0 1 1 0 8 0 amappl10 144 15 0 9 1 0 1 1 0 8 0 amappl9 136 561 0 557 1 0 1 1 0 8 0 amappl8 128 148 0 123 2 0 2 2 0 8 0 amappl7 120 40 0 33 1 0 1 1 0 8 0 amappl6 112 56 0 48 1 0 1 1 0 8 0 amappl5 104 134 0 124 1 0 1 1 0 8 0 amappl4 96 416 0 388 1 0 1 1 0 8 0 amappl3 88 110 0 104 1 0 1 1 0 8 0 amappl2 80 907 0 831 4 2 2 3 0 8 0 amappl1 72 13353 0 12931 27 11 16 20 0 8 7 amappl 80 476 0 426 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 212 0 196 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 212 0 196 1 0 1 1 0 8 0 vmmpekpl 168 5766 0 5742 2 0 2 2 0 8 0 vmmpepl 168 33426 0 31210 147 12 135 135 0 357 38 vmsppl 272 210 0 196 2 0 2 2 0 8 1 pdppl 4096 430 0 392 6 0 6 6 0 8 1 pvpl 32 127717 0 104866 188 3 185 185 0 265 0 pmappl 200 211 0 196 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 447 0 9 13 0 13 13 0 8 0