kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Sun May 24 11:12:55 PDT 2020 OpenBSD/amd64 (ci-openbsd-main-9.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. 2020/05/24 11:13:07 fuzzer started 2020/05/24 11:13:11 dialing manager at 10.128.15.235:41724 2020/05/24 11:13:11 syscalls: 338 2020/05/24 11:13:11 code coverage: enabled 2020/05/24 11:13:11 comparison tracing: enabled 2020/05/24 11:13:11 extra coverage: support is not implemented in syzkaller 2020/05/24 11:13:11 setuid sandbox: enabled 2020/05/24 11:13:11 namespace sandbox: support is not implemented in syzkaller 2020/05/24 11:13:11 Android sandbox: support is not implemented in syzkaller 2020/05/24 11:13:11 fault injection: support is not implemented in syzkaller 2020/05/24 11:13:11 leak checking: support is not implemented in syzkaller 2020/05/24 11:13:11 net packet injection: enabled 2020/05/24 11:13:11 net device setup: support is not implemented in syzkaller 2020/05/24 11:13:11 concurrency sanitizer: support is not implemented in syzkaller 2020/05/24 11:13:11 devlink PCI setup: support is not implemented in syzkaller 2020/05/24 11:13:11 USB emulation: support is not implemented in syzkaller 11:13:16 executing program 0: shmget(0x2, 0xd000, 0x60, &(0x7f0000ff3000/0xd000)=nil) openat$klog(0xffffffffffffff9c, &(0x7f0000000000)='/dev/klog\x00', 0x0, 0x0) r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040)=@abs, &(0x7f0000000080)=0x8) fchmod(r0, 0x10d) r1 = dup(0xffffffffffffff9c) fchmod(r1, 0x1c1) r2 = fcntl$dupfd(r0, 0x0, r1) faccessat(r2, &(0x7f00000000c0)='./file0\x00', 0x20, 0x1) ioctl$VMM_IOC_CREATE(r2, 0xc5005601, &(0x7f0000000100)={0x10, 0xfffffffffffffffc, 0x4, 0x0, [{&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil}, {&(0x7f0000ff3000/0x2000)=nil, &(0x7f0000c00000/0x400000)=nil, 0xfffffffffffff625}, {&(0x7f0000cb9000/0x3000)=nil, &(0x7f0000c0e000/0x3000)=nil, 0xb8}, {&(0x7f0000c0e000/0x4000)=nil, &(0x7f0000a00000/0x600000)=nil, 0x5}, {&(0x7f0000b41000/0x1000)=nil, &(0x7f0000df7000/0x4000)=nil, 0x5}, {&(0x7f0000b7a000/0x2000)=nil, &(0x7f0000ecb000/0x4000)=nil, 0x80000001}, {&(0x7f0000fff000/0x1000)=nil, &(0x7f0000d91000/0x4000)=nil, 0x3ff}, {&(0x7f0000d21000/0x3000)=nil, &(0x7f0000e76000/0x4000)=nil, 0x5}, {&(0x7f0000b6c000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x40}, {&(0x7f0000c8f000/0x1000)=nil, &(0x7f0000c3a000/0x4000)=nil, 0x7}, {&(0x7f0000ab2000/0x2000)=nil, &(0x7f0000d4d000/0x2000)=nil, 0x40}, {&(0x7f0000be2000/0x2000)=nil, &(0x7f0000e41000/0x4000)=nil, 0x3ff}, {&(0x7f0000b6e000/0x1000)=nil, &(0x7f0000f99000/0x3000)=nil, 0x7fffffff}, {&(0x7f0000d96000/0x3000)=nil, &(0x7f0000f0c000/0x3000)=nil, 0x9}, {&(0x7f0000bd5000/0x4000)=nil, &(0x7f0000a8f000/0x2000)=nil, 0x14000}, {&(0x7f0000c8e000/0x4000)=nil, &(0x7f0000cc1000/0x4000)=nil, 0x9}], ['./file0\x00', './file0\x00', './file0\x00', './file0\x00'], './file0\x00', './file0\x00', './file0\x00', ['./file', './file', './file', './file'], 0x6}) r3 = openat$klog(0xffffffffffffff9c, &(0x7f0000000600)='/dev/klog\x00', 0x80, 0x0) ioctl$FIOGETOWN(r3, 0x4004667b, &(0x7f0000000640)) r4 = accept(0xffffffffffffffff, &(0x7f0000000680)=@un=@abs, &(0x7f00000006c0)=0x8) getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000840)={0x0, 0x0}, &(0x7f0000000880)=0xc) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0xc) r7 = fcntl$getown(0xffffffffffffff9c, 0x5) r8 = geteuid() getgroups(0x3, &(0x7f0000000900)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff]) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000940)={0x0}, 0xc) r11 = geteuid() sendmsg$unix(r4, &(0x7f0000000a40)={&(0x7f0000000700)=@abs={0x1, 0x0, 0x2}, 0x8, &(0x7f0000000800)=[{&(0x7f0000000740)='jI', 0x2}, {&(0x7f0000000780)="e58fb74770940eed4266511556686b00acbab68235181e1bb075453f403dfc62bb90f9026d009a9b9ff1fb66a669b9564323e4feb1a7503a730ce8c46258fa8760833fee06840ab4732f92b2fc60e1b69cd81f5bd2b818eace1a90c874e44d246c3eff7d744285a2b2eb12724660315bb64c97c79f213d", 0x77}], 0x2, &(0x7f00000009c0)=[@cred={0x20, 0xffff, 0x0, 0xffffffffffffffff, r5, r6}, @cred={0x20, 0xffff, 0x0, r7, r8, r9}, @cred={0x20, 0xffff, 0x0, r10, r11}], 0x60, 0x2}, 0x0) 11:13:16 executing program 1: r0 = open(&(0x7f0000000000)='./file0\x00', 0x80, 0x10) r1 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x800, 0xc1) r2 = socket$unix(0x1, 0x0, 0x0) lseek(r2, 0x0, 0x0, 0x1) r3 = accept$unix(0xffffffffffffff9c, 0x0, &(0x7f0000000080)) fsync(r3) clock_settime(0x2, &(0x7f00000000c0)={0x56c80000000, 0x9}) clock_settime(0x3, &(0x7f0000000100)={0x3, 0x10000}) ioctl$TIOCSETAF(0xffffffffffffff9c, 0x802c7416, &(0x7f0000000140)={0x1f, 0x1, 0xff, 0x6, "52a7eecdf75e6b2558e3e195528aaa0296c92a50", 0x3, 0x9}) ioctl$TIOCGWINSZ(0xffffffffffffff9c, 0x40087468, &(0x7f0000000180)) bind$unix(0xffffffffffffff9c, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0xa) ioctl$TIOCGETD(r1, 0x4004741a, &(0x7f0000000200)) clock_settime(0x2, &(0x7f0000000240)={0x3, 0x4}) r4 = accept(0xffffffffffffff9c, &(0x7f0000000280)=@in, &(0x7f00000002c0)=0xc) getsockopt$SO_PEERCRED(r4, 0xffff, 0x1022, &(0x7f0000000300), 0xc) r5 = open(&(0x7f0000000340)='./file0\x00', 0x40, 0x62) ioctl$BIOCVERSION(r5, 0x40044271, &(0x7f0000000380)) ioctl$TIOCMBIS(0xffffffffffffffff, 0x8004746c, &(0x7f00000003c0)) r6 = openat$vmm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vmm\x00', 0x20020, 0x0) pwritev(r6, &(0x7f0000001580)=[{&(0x7f0000000440)="32d0b8839ac3c79f9bcb102fb48b7166e5e972b0f2f83d740f652184a050399cd3487c45dfd66e48073f09ba8275f3adf67f940d78d4532c3b5f4f5a98571557ef4e95c8d3a4c60a2bc026eeb06ba431c00a098e26c6463424997602bf73bc4e190f0c190091187d24f71e52753223db4a68e9a7f419394abb06cff6803cdc17b33efeb439d99fb699ddcec1fc7d51381c994b9a89221b62da056797f795750c2411309305fdf2b239fefadf5151b074cd7b688bebd37b7b9566d2c2df30e198201ba8a844e7282260c815802531f3f01b46e77289799952f2d04a8b5d", 0xdd}, {&(0x7f0000000540)="21e84a0edb4391ebaa159c2a30d8a030c65eef9dd5d2d0f20ba40950b1b9ce03308817e45a4bedeeea3697122f", 0x2d}, {&(0x7f0000000580)="2f78c2ecb0504f8c96fe50fc73aa42f7e5411641980876be3ca55ab2b53ae740f7ba5d8cde5140a64378779cede9848c699ee2547e71c989331b49a5def028043abd64590a1c8c779e4464d9f3f17e7fa299dcc61af9801d485bc6e7fc4c53ef49cd5ded3e5c036183001cbd9cf2311d3b3ed8bc99d001cd4685280956a0a15bdcd7a6e7348182a87d4cb0450bed0992b7fc1d82ed3011e95939718cefda760b5fafbb3229cf28428fb3aef7d8a49eb7d9cefd6921fa7d1adb99e7f323bf1deac5f424e730ac1372414a7475c3a201db61244ab47c3380bc371604f9d1fe994cf1e4c8d223c0a628f4fd914bb7a416412bf8e62221be767c7e9b113b1ecf7832a5b51e9939080f1fa60d5defe8fe1c6ba079ee7078726d0d9a9bac66faad45c385041f445356b22ef58c8b13a9b4bbbecaf96381ce914e12a27a4a1585758246e1d9c49af5e0dbfd2a89743c9e0ece5bd5f341ff1cd2bc2842ae73186564576468144acfbf586d90836ae0663735e92637c5123cc3ada50ba08dbb9f3290a0279dcf4b5091ecfd3d2d96dfc1606bf891a9719f798cfb8cad69a33b61b0af1fca9cc08a444933653583cf3b3000ac298f1a6cc8bcc3424c4c3aae062429fc7fe920c275f1835a453820aa8f682f00d6d129c3a95ec0cf63ac50100b71f215db1e75acbed3d798955ac19eaefb8e470bbe5d2278cdd01573df27efdce39d6818e3bd9484d1f69d3a0ce2505ef06c0068984d4e5e6380622b6fe8bc8d8221dcee37b188ec78e911c45fdde5260a5b0ada66accf13fb87e4415d4492b7bbec4ae5821cb99638549f845ab6accbfccf5378b3cef9bd1fe5e2cfc633c19ca4d63054fed497dff24f6c5e522793abe6c3a85b3da57f56e2d83517aa35de1c95a01e75e1e19551f08d0454e8841729a989b71c0ac57f24cac25b763159773bbeb18970334e0ecaaa9619722af1cd7d2e532f2fc1647887a53dca51ae9149b7377c549c725d775a0718c7a3cf4d576ba3175a1abb27f97f0ec285288cbd48b4e609d05bb2a8cfabdee04377e0f90155175efca7921b922fac04e882ef94322a9ed605526a6d1954a19cf9580393d6e6b5873c20f1b1bafea5cc73b715a5ca4381b089ea2d8d72358e1093d46cba5c31512523b74f5cfc3d69ab6acefb75e1def808f556cc4a74a236bb2e0c365bd5de6e60028c117b03dcb8f7ca1b02f5c8e7eacc47861e69ed92f727f40276d391b185a2f39cf577c2075764bd79f9edd3faa594086be141c5c4a9398b640c37c0f2c64a5cdd3fda44172082dc16f662cf2dae1e0cfdfde48a1a19aa9d58a0bbcdb3d9cc7fe54526900de77d5242b5d964e6e393ab9398d6ae4846feaa5ad41871b0ef6d667ad3386fb41eb4bdd3445c09f69e33b782b88b724910fbc0c256229d0a145101620523484838d96df0e084356206c77dc64353a5d678df6a1e05becf632b4b00946cd735d518e4e84592b199fa10b2072540b327ac810012acd8c035337282865b13f137d1f65e7440257dc6cd236601412dfc1bcf140140c5909a24dd6d3f13b3b4eec341734c2f0d342637b87bd678e649a5ffd4d25531d6fe5253b954ea35e0d46cc85013595263ea326113d361912a4e7d633af169291c57de14dd56af6e6f17b054c04c8d7be9a89fee7cde1030defaf9717c6bbf0636cda22ecbfc0297bfcbf6a1aafffc7a638c6257728a0a217eb9dc06825d54dba56949854ba98befe839182d90217c155590b33506510ee3475b698a60422208a5575c85b37f5550c24837af3d0b6b71f11bcd5e5cbb9ec135b114eef2de514c97e2ae0263b635f63f2bbcdb4b13433118af4f7606e07fe773f1e4313ceee088b893ea1d3c116bcdc24c3932366e06289f6a21741b3c43dd3803e39c15b239d6553a26d2dd2c200e935cbf2cc7d4fc842f59c3c4c3b472927e21ce4364de6ca432a00a0ced40b7f66a9803a3a5a1450d467cc896d569ded5626e47a15661a72ebf1e4763b239f619e1874abacde55c37259239bc0ce64c063bba8c538b7c7a9ab1447e7d5ddce19c4159fdd5297436da092c958a18974488b628b98998d1f3fff0371d14dc147da616f57be45ee61aced4933d432adfb2f6d02affdcd6caace0228c50a5fb51adeb2321a080aae21e39ff08278a33d18b524da6d252c9e8a9c312ace98138283b83065b4122d66f319302714794e5f761c98f16d9052249be9d06312000657446fabbac61984ff1abb4cd159ce0bb70c9ee854ebf8343322fc87fc1082b896d3ea5e25c4b2bd4ef1f2ab7d96f89d8a4aae752e70295a5a63e1a8aee2826f00eb507fe5556a45c49c7b237e43a051d9f47dd371ec0af25a5b3f2e507b2fb0957ef39e854a51998b5d6e7533ce41587193a3746dea21acece2621c8bfb6172a4cf9ffba297dcdc7d7ac87cfd87c36f83355c7e6e659d2a77fa50dd85c804fdf02cd255d22f00a9cf22457ea229830e73ea6a8f49359b6d6c7103625b3a71b9ada4e220e817ebf2864459688c17bcd830c818ce61c931dec6ae95406a236f28735694b1e44487c51c5620d5075045b0c4349b93de361c37f2a4bd6fd4cf6923e70e64a02a7436a269e5f142db966275173578d562437c1da72fa510c2a9a4f6011c08c36bdfdfd8faea320e34c2064e7282f7356f74b3e0a263bb70c65dcd33f0e9bea120fc34da9e8d856c9d9652f0770f628f8e38793923dd27f4521017717896d0a297151f61e2bce525c067cce384d35283dcbf0bbcbd18b2b227a0fc242a727ce94050a69eecb53567a8b847acc9cde7821896de2ac337bde28d9e56977b02ac05fe98afe73ed8cec8aa1f255b8bdd82f93a4c4476b4321e47532854b6ade5787303f4e269b32ff35c95f70b401e6e189dc9ad50a3ca2fff7da063ed8aa64a8c2e5e3f1bd912244f2819c2d4e8accbe1f73d8cde14e45c552446d8ae1708ae95fafb9c7bfaa9af9206a3a902172f067b77401831934d37e81a17e5e6278fe5f7aaff6a5e2a3f9acfa5a33b5ce21eb640e32090fc6e53972b6cdccce598c22ab36ce971921ae3cba3e2954fac1caa1d72a00eb14e5976785de88ead9caa34d6ab1d45a7bd7853ef19f94e202bde7e177f258e9f594294df34d146431053b76f2188589f7c5aaebfc43059103e766ec8e7ab5969aaf102ce6dd45a3b2748981a3ddcd772dc92c73e6b3c363de0209be8d62de1f98afa427df72f43c9dfcada8f7c18439bd5cfc422b74215a470c64a4159d65d2591df5c253c7f57f769a00fbe69cb35a689ce1e82acecf563d370c002b8ea93fb6983d372f1d4f01eb0d5157f21b4264e26ad3739caf74dc9e711f1633def3096f9d87bbd11ed312552afcc1137639f3c1ab7e796907421c4ce16ef98b45974314914c8d4db39d91253d048b3783537b86608c4746c22bd228db9cd5dce919305b984cfa13b78a1fe73831b1ebdad143563b83f67bb398ee112b3dfbdbc0d60b1b56498090fdca2f3162cfa86daeaf56e68442cc6ed79a35c8192d6be9490fd0c702ece6a309a8e16442f501d7a18978e44497e883b0b6aad2b9e47fa99cc0550bc006fef32bd5c5daf68c76c8b7d32f16b7db727a3c78700ad549e3d1348c75f4892e886d4dee301c8ab48c72aaa3703b47e84818ce5379fa4236df730725203c14cf5dc752a8b4bfb4e736c08b78333d2986c924babf4157a4cb298785c006ab4eaef45812e1fa270850779e631d41300ad086f09a7e44c65710dd4aef100efdfe4d7d70440d80f4f64617bb70298800a6b4917fce4fcbe0b009c3abaa5b215cd5a5519a8a2fb5b3986586358ca2e1f00633451a7df21a41592999685fdc555d8a0e02771c32f650892a9c768ab77beebf4ff67aea317ffe534e33b6a0b7be1cccbdb5833ba4688f553bd9a1b8e128f2763ea624cc5da2a22ee4cd2cd78d9d5e7bab1dc70b9a907476074f317ef63c2c90fef89e880dd782c1d7036821a1c8c33f04cebf8fa0aa75464b3cfb56be843a9f742acb73def1188376430628403e204c73cf255d7105ee83c3d9bc417f53ea6887b6118ab587b7c97375989eab11e3e151653c18f65c3e044cc2eb0bbf7d63a890d9697a6d29078cad66140435765e26cd234ee61af4dec752f679fe4979aadfe6774c409a4bb801f672a664b0df213ddde4afced03bd83108fbdfed0f3d8b2f4842010f67cd27d3af98652996117f77c10564ee8f47443d1b3c0fa1529e01dc037809b9397ed8bf83b5e20dcdcc0d3a4c9da9187b56bc02de85b6091b3d1fa9130477af0dcc442b2b18c2bbe83dc13f70515eafec44dbd4e0cfa7fe1be3d8e17127d15ffaacbbb272e210088a119276108ef668b73f39526944b11877884d060c72a659c569c3a3b234850b27858727861733745443340e854ee48fa12482b735f780dc0844bed3036d757c978a13f1667be1e64f8f7d433f3c2d6ccdc2c8be53cba1b488013187e81ef77880b4079131fe2758aa8ab3bc181f10b87471be476ee5f1a15f143715a6c6fe9f1e868d7a3cadcaf4f45aff9f37b7fd1e98ed08a707019e6e1027e0a35b8f819ff4bb8c3924a155e2098fd6774a4efc826ac61c50feb2a0e232569f551b652b1faf509c4e5a74bc173a2e751ed63f260b96ce72c1cbcc6cf9e35b07c6c58930122a7713c5fbae8fa765c165a9b260a5649dd943f5848bcf50c92d9e046d482e8453796de7e4e94404564b35e64fe96cc88478d0e26c8b7927e8b592888520e569d794540bbb8fae4ac254beff7d54ed663319fcc5cdabe49117f77218dbb125712dffa02dd5fd021a6d7dbbc52235ec6cb9c31b12e90503efbdd2515446a85dce349101cd8d135b425ffe487dc3e374b5fcbb537bbcfd71064ac30d2aff1f4850f694be3116944363a64d98fbef63087df208ee15304d37807bab237215d055a92f7bcf5a0d431a94ca4e2c2d66469b401d57641c138d1bc20c111c83dd5f5231f9c9ece9734c98bad7111df24c956475995a2f82c6a6b55762f22f6c917ca3d6eab80c4fa57a9b3c35bc8d0fc2a4773f50b6a75b08fcbdf6758d95144217893b761d5105fae97a5e980e6bb9407dea812254557160eea27d822e0ab99b31f63a9491b21c8016a4f47ea4b8710e3c2a00a7f63d680f333fbc170680ea18400fd6a4f5586c172b5ad0d5f2cc52e883b0415406e11155a75cfcc7292f2da7323d777d4c3a2ca0e06dba2ef724bb99f8c1d55681980e3f336c20ac23a1fab249ee9b3b83e3da93ef71c54a7ed19278e3afe975784cf32896714ba865209b6864df9f0806f9559012338710f8ee63ae423c236bf8392325aff8a296fcd6144b5dbe1cf424e8951a3be5c64dbfcd34a2ee17c7a3b7105bcf65eef8cf0e26c4b84a3482fb26d46b30919ba9b2619267238f9a3cc3f360145143e9ab64155fe99f43446bfbdcf0cbfc5ddfc7864b04df623f9af402926d4fb89accacb43763871f6c9d9ad1bea3afe61c05ddabf84de0f8c13d8d0906527ee9ed0f8750866b7dfb3e4f5478babc38169edba47d7cb0324abda5adafe7eaddf8e67c24fe73f63a9a160703bac1edc5fa99abb348fd0f7f1714fbc1ef4e2ea6b81a075570c180aadc7e629869aa8d549eed7e2f746a221f4e9faf22b53749b085778189bdbc97ad449d54dce816a622f02bb1dec9632b43d155d098622318e35a9301f159614d350c0c1171b56dc5c63680f158a0df799af8bf13bbd848a0a5938b422f895ae9cc54eb3f0e5c61e927f012c9944668091527c0c8278bea3c05b968111655d5d4a8377938cab893", 0x1000}], 0x3, 0x0, 0x0) 11:13:16 executing program 0: openat$vmm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vmm\x00', 0x80, 0x0) mknod(&(0x7f0000000100)='./bus\x00', 0x3a0914c44f7b202c, 0xd02) r0 = open(&(0x7f0000000000)='./bus\x00', 0x1, 0x0) mprotect(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0) pwritev(r0, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xfffffe91}], 0x1, 0x0, 0x0) 11:13:16 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000380)={0x3, &(0x7f0000000000)=[{0x20}, {0x87}, {0x6}]}) syz_emit_ethernet(0xe, &(0x7f00000002c0)) getrlimit(0x3, &(0x7f0000000080)) 11:13:16 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x4000000001, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x6c}, {0x84}, {0x6, 0x0, 0x0, 0x182}]}) r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) ioctl$TIOCSETVERAUTH(r1, 0x8004741c, &(0x7f0000000140)=0x8) ioctl$KDGKBMODE(r1, 0x40044b06) ioctl$WSDISPLAYIO_GETSCREEN(r1, 0xc0245755, &(0x7f00000000c0)={0x7, './file0\x00', './file0\x00'}) pwrite(r0, &(0x7f0000000240)="fbaf8a8d1a029be96914f6357e3a", 0xe, 0x0, 0x0) 11:13:16 executing program 0: setreuid(0xee00, 0x0) r0 = getuid() setreuid(0xee00, r0) socket(0x2, 0x2, 0x0) setreuid(r0, r0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) ioctl$TIOCSETVERAUTH(r1, 0x8004741c, &(0x7f0000000140)=0x8) ioctl$KDGKBMODE(r1, 0x40044b06) setsockopt$inet_opts(r1, 0x0, 0x1d, &(0x7f00000000c0)="f36895040000000072b7fa5f68f31cc2d2c83854acd6d5aa3ab246ce92da55ea9a59a8a973a355b989dd7aa798864ae350b566975173140142030791f36a6586d5dc2566670b0580a0d60000000000000000c3736f0000000000000000000000000000f70b527d3fa25b43fcffffff4fdd6f093f8a57b690e78b770e13b571c5ff974b8b35d0a9bafef078d52275fb3dab500119690d516c5ad47b698bd198cf10e0bdece739287f241b9d13d08c2ce8c697e0eef736b5f5392eac", 0xbb) 11:13:16 executing program 1: ioctl$VMM_IOC_WRITEREGS(0xffffffffffffffff, 0x82485608, &(0x7f0000000240)={0x0, 0x0, 0x0, {[], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43eb, 0x0, 0x200000], [0x0, 0x0, 0x0, 0x10000002, 0x80], [0x0, 0x0, 0x8], [{}, {}, {}, {}, {}, {}, {0x200}, {0x80}]}}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCFLUSH(r1, 0x8080691a, &(0x7f0000000300)) 11:13:16 executing program 0: r0 = semget$private(0x0, 0x4000000009, 0x82) semop(r0, &(0x7f0000000380)=[{0x1, 0xffff, 0xe5ce97ab354d86be}, {0x7, 0x2, 0x800}, {0x2, 0x4, 0x800}, {0x3, 0x2, 0x800}], 0x4) semop(r0, &(0x7f0000000280)=[{0x0, 0x41, 0x800}, {0x3, 0xa2de, 0x3400}, {0x0, 0x0, 0x800}, {0x2, 0x3, 0x800}], 0x4) semctl$SETVAL(r0, 0x4, 0x8, &(0x7f00000002c0)=0x7) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000040)=""/150) semop(r0, &(0x7f0000000380)=[{0x4, 0x2, 0x3000}, {0x4, 0x6, 0x1000}, {0x2, 0xa, 0x1000}, {0x2, 0x200, 0x1800}, {0x1, 0x2e8, 0x1000}, {0x0, 0x7d12, 0x1000}, {0x2, 0x7}], 0x7) semctl$IPC_RMID(r0, 0x0, 0x0) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r1, 0x80104267, &(0x7f0000000040)={0x3, &(0x7f0000000180)=[{0x44}, {0x3c}, {0x7ffffffe}]}) ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f0000000080)={'tap', 0x0}) r2 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r2, 0x80104267, &(0x7f0000000040)={0x3, &(0x7f0000000180)=[{0x44, 0x0, 0x0, 0xfff}, {0x3c, 0x0, 0xcd}, {0x7ffffffe}]}) ioctl$BIOCSETIF(r2, 0x8020426c, &(0x7f0000000080)={'tap', 0x0}) fcntl$dupfd(r1, 0xa, r2) recvfrom(0xffffffffffffffff, &(0x7f00000004c0)=""/243, 0xf3, 0x40, &(0x7f0000000100)=@in6={0x18, 0x0, 0x9, 0x4}, 0xc) r3 = socket(0x2, 0x1, 0x0) semget$private(0x0, 0x2, 0x4e) connect$unix(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="82022e2f66696c656f30"], 0x10) poll(&(0x7f0000000040)=[{r3, 0x5}], 0x1, 0x7f) shutdown(r3, 0x1) login: uvm_fault(0xfffffd806bc09ee0, 0x7bd857, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc09ee0, 0x7bd857, 0, 1) -> e pool_do_put(ffffffff82595600,fffffd805c259d00) at pool_do_put+0x12e end trace frame: 0xffff80001e832390, count: 0 ddb> trace pool_do_put(ffffffff82595600,fffffd805c259d00) at pool_do_put+0x12e pool_put(ffffffff82595600,fffffd805c259d00) at pool_put+0x4b m_free(fffffd805c259d00) at m_free+0x119 rt_ifa_del(ffff800000a0ad00,800100,ffff800000a0ad40,0) at rt_ifa_del+0x402 in6_unlink_ifa(ffff800000a0ad00,ffff800000a09000) at in6_unlink_ifa+0x571 in6_update_ifa(ffff800000a09000,ffff80001e8328f0,0) at in6_update_ifa+0x13f7 in6_ioctl_change_ifaddr(8080691a,ffff80001e8328f0,ffff800000a09000) at in6_ioctl_change_ifaddr+0x40c ifioctl(fffffd805dac7e18,8080691a,ffff80001e8328f0,ffff80001d739ea8) at ifioctl+0xe60 sys_ioctl(ffff80001d739ea8,ffff80001e832a08,ffff80001e832a50) at sys_ioctl+0x4a1 syscall(ffff80001e832ad0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2aca1843220, count: -11 ddb> show registers rdi 0xffffffff814af955 pool_do_put+0x125 rsi 0x169 rbp 0xffff80001e832340 rbx 0x7bd84f acpi_pdirpa+0x7a96b7 rdx 0x16a rcx 0xffff80001fa33000 rax 0xffff80001fa33000 r8 0x4 r9 0x5 r10 0x67d4e751196c66f6 r11 0xc7e50c86dc4e3c62 r12 0xfffffd805c259d00 r13 0x9eb79f433a7bd84f r14 0xffffffff82595600 mbpool r15 0xfffffd805bdfc6c0 rip 0xffffffff814af95e pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff80001e832290 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=227852 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff80001d73a118,0xffffffff825c0e20 process=0xffff8000ffffb938 user=0xffff80001e82d000, vmspace=0xfffffd806bc09ee0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 15027 226179 3479 0 2 0 syz-executor.1 *15027 227852 3479 0 7 0x4000000 syz-executor.1 3479 490996 9549 0 3 0x82 nanosleep syz-executor.1 7103 16329 9549 0 3 0x2 biowait syz-executor.0 9549 201129 87917 0 3 0x82 thrsleep syz-fuzzer 9549 196609 87917 0 3 0x4000082 nanosleep syz-fuzzer 9549 168766 87917 0 3 0x4000082 kqread syz-fuzzer 9549 249121 87917 0 3 0x4000082 thrsleep syz-fuzzer 9549 381881 87917 0 3 0x4000082 thrsleep syz-fuzzer 9549 432507 87917 0 3 0x4000082 thrsleep syz-fuzzer 9549 449091 87917 0 3 0x4000082 thrsleep syz-fuzzer 87917 267656 2787 0 3 0x10008a pause ksh 2787 187755 72541 0 3 0x92 select sshd 17727 269731 1 0 3 0x100083 ttyin getty 72541 444246 1 0 3 0x80 select sshd 79909 60990 18610 73 3 0x100090 kqread syslogd 18610 451638 1 0 3 0x100082 netio syslogd 56716 459509 1 77 3 0x100090 poll dhclient 15949 517353 1 0 3 0x80 poll dhclient 98730 403569 0 0 3 0x14200 bored smr 87684 132990 0 0 2 0x14200 zerothread 42806 102785 0 0 3 0x14200 aiodoned aiodoned 21274 257162 0 0 3 0x14200 syncer update 57074 41341 0 0 3 0x14200 cleaner cleaner 68884 59481 0 0 3 0x14200 reaper reaper 4828 402261 0 0 3 0x14200 pgdaemon pagedaemon 12989 341556 0 0 3 0x14200 bored crynlk 2280 462815 0 0 3 0x14200 bored crypto 88667 38214 0 0 3 0x40014200 acpi0 acpi0 49241 305650 0 0 3 0x14200 bored softnet 83937 205151 0 0 3 0x14200 bored systqmp 75305 372692 0 0 3 0x14200 bored systq 93320 64009 0 0 3 0x40014200 bored softclock 8641 475274 0 0 3 0x40014200 idle0 1 65053 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9468 6582K 6582K 78643K 10567 0 pcb 13 8K 8K 78643K 13 0 rtable 105 3K 3K 78643K 190 0 ifaddr 40 10K 10K 78643K 40 0 counters 21 16K 16K 78643K 21 0 ioctlops 0 0K 2K 78643K 15 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 77K 77K 78643K 1226 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 41 0 proc 48 38K 63K 78643K 359 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 33 2K 2K 78643K 33 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 1K 78643K 181 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 113 22K 23K 78643K 923 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 9 0K 0K 78643K 9 0 temp 61 3027K 3091K 78643K 1776 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 23 0 15 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 146 0 146 1 0 1 1 0 8 1 tcpcb 544 10 0 6 1 0 1 1 0 8 0 inpcb 280 35 0 27 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1427 0 30 88 0 88 88 0 8 0 ffsino 240 1427 0 30 83 0 83 83 0 8 0 nchpl 144 1658 0 57 60 0 60 60 0 8 0 uvmvnodes 72 1474 0 0 27 0 27 27 0 8 0 vnodes 208 1474 0 0 78 0 78 78 0 8 0 namei 1024 4033 0 4032 1 0 1 1 0 8 0 scxspl 192 4058 0 4057 1 0 1 1 0 8 0 plimitpl 152 14 0 7 1 0 1 1 0 8 0 sigapl 424 227 0 199 4 0 4 4 0 8 0 futexpl 56 141 0 141 1 0 1 1 0 8 1 knotepl 112 61 0 42 1 0 1 1 0 8 0 kqueuepl 144 2 0 0 1 0 1 1 0 8 0 pipelkpl 16 68 0 58 1 0 1 1 0 8 0 pipepl 120 136 0 117 1 0 1 1 0 8 0 fdescpl 432 213 0 199 2 0 2 2 0 8 0 filepl 120 1027 0 931 4 0 4 4 0 8 1 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 50 0 43 1 0 1 1 0 8 0 zombiepl 144 199 0 199 1 0 1 1 0 8 1 processpl 920 227 0 199 4 0 4 4 0 8 0 procpl 624 240 0 205 3 0 3 3 0 8 0 sockpl 400 77 0 59 2 0 2 2 0 8 0 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl4k 4096 9 0 9 2 1 1 1 0 8 1 mcl2k 2048 65164 0 65109 19 3 16 16 0 8 8 mtagpl 80 4 0 2 2 1 1 1 0 8 0 mbufpl 256 103349 0 103209 12 2 10 10 0 8 0 mbufpl: pool(0xffffffff82595600:mbufpl): free list modified: page 0xfffffd805c259000; item ordinal 13; addr 0xfffffd805c259e00 (p 0xfffffd805bdfc000); offset 0x0=0x0 mbufpl: pool(0xffffffff82595600:mbufpl): page inconsistency: page 0xfffffd805c259000; item ordinal 14; addr 0x7bd84f bufpl 280 3222 0 128 221 0 221 221 0 8 0 anonpl 16 33591 0 21096 53 2 51 51 0 107 0 amapchunkpl 152 975 0 848 7 0 7 7 0 158 1 amappl16 192 788 0 128 33 0 33 33 0 8 0 amappl15 184 9 0 5 1 0 1 1 0 8 0 amappl14 176 24 0 19 1 0 1 1 0 8 0 amappl13 168 23 0 22 1 0 1 1 0 8 0 amappl12 160 21 0 14 2 1 1 1 0 8 0 amappl11 152 43 0 34 1 0 1 1 0 8 0 amappl10 144 14 0 8 1 0 1 1 0 8 0 amappl9 136 355 0 354 1 0 1 1 0 8 0 amappl8 128 311 0 275 2 0 2 2 0 8 0 amappl7 120 110 0 96 1 0 1 1 0 8 0 amappl6 112 20 0 18 1 0 1 1 0 8 0 amappl5 104 183 0 171 1 0 1 1 0 8 0 amappl4 96 415 0 391 1 0 1 1 0 8 0 amappl3 88 102 0 94 1 0 1 1 0 8 0 amappl2 80 867 0 800 2 0 2 2 0 8 0 amappl1 72 13698 0 13286 23 6 17 17 0 8 7 amappl 80 461 0 421 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 213 0 199 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 213 0 199 1 0 1 1 0 8 0 vmmpekpl 168 5697 0 5670 2 0 2 2 0 8 0 vmmpepl 168 32892 0 31152 105 6 99 99 0 357 22 vmsppl 272 212 0 199 2 0 2 2 0 8 1 pdppl 4096 432 0 398 6 0 6 6 0 8 1 pvpl 32 120055 0 104647 129 0 129 129 0 265 2 pmappl 200 212 0 199 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 237 0 8 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82595600,fffffd805c259d00) at pool_do_put+0x12e pool_put(ffffffff82595600,fffffd805c259d00) at pool_put+0x4b m_free(fffffd805c259d00) at m_free+0x119 rt_ifa_del(ffff800000a0ad00,800100,ffff800000a0ad40,0) at rt_ifa_del+0x402 in6_unlink_ifa(ffff800000a0ad00,ffff800000a09000) at in6_unlink_ifa+0x571 in6_update_ifa(ffff800000a09000,ffff80001e8328f0,0) at in6_update_ifa+0x13f7 in6_ioctl_change_ifaddr(8080691a,ffff80001e8328f0,ffff800000a09000) at in6_ioctl_change_ifaddr+0x40c ifioctl(fffffd805dac7e18,8080691a,ffff80001e8328f0,ffff80001d739ea8) at ifioctl+0xe60 sys_ioctl(ffff80001d739ea8,ffff80001e832a08,ffff80001e832a50) at sys_ioctl+0x4a1 syscall(ffff80001e832ad0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2aca1843220, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82595600,fffffd805c259d00) at pool_do_put+0x12e pool_put(ffffffff82595600,fffffd805c259d00) at pool_put+0x4b m_free(fffffd805c259d00) at m_free+0x119 rt_ifa_del(ffff800000a0ad00,800100,ffff800000a0ad40,0) at rt_ifa_del+0x402 in6_unlink_ifa(ffff800000a0ad00,ffff800000a09000) at in6_unlink_ifa+0x571 in6_update_ifa(ffff800000a09000,ffff80001e8328f0,0) at in6_update_ifa+0x13f7 in6_ioctl_change_ifaddr(8080691a,ffff80001e8328f0,ffff800000a09000) at in6_ioctl_change_ifaddr+0x40c ifioctl(fffffd805dac7e18,8080691a,ffff80001e8328f0,ffff80001d739ea8) at ifioctl+0xe60 sys_ioctl(ffff80001d739ea8,ffff80001e832a08,ffff80001e832a50) at sys_ioctl+0x4a1 syscall(ffff80001e832ad0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2aca1843220, count: -11