kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu Feb 4 05:48:21 PST 2021 OpenBSD/amd64 (ci-openbsd-main-3.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.200' (ECDSA) to the list of known hosts. 2021/02/04 05:48:34 fuzzer started 2021/02/04 05:48:36 dialing manager at 10.128.15.235:2224 2021/02/04 05:48:36 syscalls: 383 2021/02/04 05:48:36 code coverage: enabled 2021/02/04 05:48:36 comparison tracing: enabled 2021/02/04 05:48:36 extra coverage: enabled 2021/02/04 05:48:36 setuid sandbox: enabled 2021/02/04 05:48:36 namespace sandbox: support is not implemented in syzkaller 2021/02/04 05:48:36 Android sandbox: support is not implemented in syzkaller 2021/02/04 05:48:36 fault injection: support is not implemented in syzkaller 2021/02/04 05:48:36 leak checking: support is not implemented in syzkaller 2021/02/04 05:48:36 net packet injection: enabled 2021/02/04 05:48:36 net device setup: support is not implemented in syzkaller 2021/02/04 05:48:36 concurrency sanitizer: support is not implemented in syzkaller 2021/02/04 05:48:36 devlink PCI setup: support is not implemented in syzkaller 2021/02/04 05:48:36 USB emulation: support is not implemented in syzkaller 2021/02/04 05:48:36 hci packet injection: support is not implemented in syzkaller 2021/02/04 05:48:36 wifi device emulation: support is not implemented in syzkaller 2021/02/04 05:48:36 fetching corpus: 0, signal 0/2000 (executing program) 2021/02/04 05:48:36 fetching corpus: 50, signal 11454/15331 (executing program) 2021/02/04 05:48:36 fetching corpus: 100, signal 16858/22555 (executing program) 2021/02/04 05:48:36 fetching corpus: 150, signal 24431/31860 (executing program) 2021/02/04 05:48:36 fetching corpus: 200, signal 25602/34842 (executing program) 2021/02/04 05:48:36 fetching corpus: 250, signal 29147/40130 (executing program) 2021/02/04 05:48:36 fetching corpus: 300, signal 33292/45952 (executing program) 2021/02/04 05:48:37 fetching corpus: 350, signal 38347/52563 (executing program) 2021/02/04 05:48:37 fetching corpus: 400, signal 41447/57254 (executing program) 2021/02/04 05:48:37 fetching corpus: 450, signal 46396/63692 (executing program) 2021/02/04 05:48:37 fetching corpus: 500, signal 48357/67274 (executing program) 2021/02/04 05:48:37 fetching corpus: 550, signal 51274/71671 (executing program) 2021/02/04 05:48:37 fetching corpus: 600, signal 53282/75254 (executing program) 2021/02/04 05:48:37 fetching corpus: 650, signal 57643/80934 (executing program) 2021/02/04 05:48:37 fetching corpus: 700, signal 60868/85549 (executing program) 2021/02/04 05:48:37 fetching corpus: 750, signal 65938/91757 (executing program) 2021/02/04 05:48:37 fetching corpus: 800, signal 70312/97250 (executing program) 2021/02/04 05:48:37 fetching corpus: 850, signal 71822/100181 (executing program) 2021/02/04 05:48:37 fetching corpus: 900, signal 76871/106189 (executing program) 2021/02/04 05:48:37 fetching corpus: 950, signal 77872/108593 (executing program) 2021/02/04 05:48:37 fetching corpus: 1000, signal 80470/112432 (executing program) 2021/02/04 05:48:37 fetching corpus: 1050, signal 82604/115841 (executing program) 2021/02/04 05:48:37 fetching corpus: 1100, signal 83942/118498 (executing program) 2021/02/04 05:48:37 fetching corpus: 1150, signal 85519/121378 (executing program) 2021/02/04 05:48:37 fetching corpus: 1200, signal 88271/125235 (executing program) 2021/02/04 05:48:37 fetching corpus: 1250, signal 95168/132500 (executing program) 2021/02/04 05:48:37 fetching corpus: 1300, signal 98264/136519 (executing program) 2021/02/04 05:48:37 fetching corpus: 1350, signal 100608/139901 (executing program) 2021/02/04 05:48:37 fetching corpus: 1400, signal 101194/141795 (executing program) 2021/02/04 05:48:37 fetching corpus: 1450, signal 103086/144693 (executing program) 2021/02/04 05:48:37 fetching corpus: 1500, signal 104947/147602 (executing program) 2021/02/04 05:48:38 fetching corpus: 1550, signal 107529/151111 (executing program) 2021/02/04 05:48:38 fetching corpus: 1600, signal 110380/154728 (executing program) 2021/02/04 05:48:38 fetching corpus: 1650, signal 112580/157799 (executing program) 2021/02/04 05:48:38 fetching corpus: 1700, signal 113846/160145 (executing program) 2021/02/04 05:48:38 fetching corpus: 1750, signal 117008/163921 (executing program) 2021/02/04 05:48:38 fetching corpus: 1800, signal 117534/165636 (executing program) 2021/02/04 05:48:38 fetching corpus: 1850, signal 120072/168907 (executing program) 2021/02/04 05:48:38 fetching corpus: 1900, signal 121471/171253 (executing program) 2021/02/04 05:48:38 fetching corpus: 1950, signal 124484/174892 (executing program) 2021/02/04 05:48:38 fetching corpus: 2000, signal 126458/177705 (executing program) 2021/02/04 05:48:38 fetching corpus: 2050, signal 127194/179517 (executing program) 2021/02/04 05:48:38 fetching corpus: 2100, signal 128116/181601 (executing program) 2021/02/04 05:48:38 fetching corpus: 2150, signal 128502/183109 (executing program) 2021/02/04 05:48:38 fetching corpus: 2200, signal 128871/184602 (executing program) 2021/02/04 05:48:38 fetching corpus: 2250, signal 131223/187517 (executing program) 2021/02/04 05:48:38 fetching corpus: 2300, signal 131925/189230 (executing program) 2021/02/04 05:48:38 fetching corpus: 2350, signal 132406/190825 (executing program) 2021/02/04 05:48:38 fetching corpus: 2400, signal 133022/192453 (executing program) 2021/02/04 05:48:38 fetching corpus: 2450, signal 133895/194351 (executing program) 2021/02/04 05:48:38 fetching corpus: 2500, signal 137056/197701 (executing program) 2021/02/04 05:48:38 fetching corpus: 2550, signal 138026/199624 (executing program) 2021/02/04 05:48:38 fetching corpus: 2600, signal 138762/201292 (executing program) 2021/02/04 05:48:39 fetching corpus: 2650, signal 139390/202896 (executing program) 2021/02/04 05:48:39 fetching corpus: 2700, signal 141989/205758 (executing program) 2021/02/04 05:48:39 fetching corpus: 2750, signal 143516/207926 (executing program) 2021/02/04 05:48:39 fetching corpus: 2800, signal 143930/209351 (executing program) 2021/02/04 05:48:39 fetching corpus: 2850, signal 144714/211025 (executing program) 2021/02/04 05:48:39 fetching corpus: 2900, signal 146153/213091 (executing program) 2021/02/04 05:48:39 fetching corpus: 2950, signal 147803/215272 (executing program) 2021/02/04 05:48:39 fetching corpus: 3000, signal 148614/216890 (executing program) 2021/02/04 05:48:39 fetching corpus: 3050, signal 149859/218784 (executing program) 2021/02/04 05:48:39 fetching corpus: 3100, signal 150768/220520 (executing program) 2021/02/04 05:48:39 fetching corpus: 3150, signal 151363/221998 (executing program) 2021/02/04 05:48:39 fetching corpus: 3200, signal 152030/223500 (executing program) 2021/02/04 05:48:39 fetching corpus: 3250, signal 154492/226046 (executing program) 2021/02/04 05:48:39 fetching corpus: 3300, signal 155622/227761 (executing program) 2021/02/04 05:48:39 fetching corpus: 3350, signal 156540/229381 (executing program) 2021/02/04 05:48:39 fetching corpus: 3400, signal 157210/230832 (executing program) 2021/02/04 05:48:39 fetching corpus: 3450, signal 158318/232523 (executing program) 2021/02/04 05:48:39 fetching corpus: 3500, signal 159169/234097 (executing program) 2021/02/04 05:48:39 fetching corpus: 3550, signal 159677/235436 (executing program) 2021/02/04 05:48:39 fetching corpus: 3600, signal 162071/237800 (executing program) 2021/02/04 05:48:39 fetching corpus: 3650, signal 162609/239171 (executing program) 2021/02/04 05:48:39 fetching corpus: 3700, signal 163259/240666 (executing program) 2021/02/04 05:48:39 fetching corpus: 3750, signal 165786/243046 (executing program) 2021/02/04 05:48:40 fetching corpus: 3800, signal 167210/244758 (executing program) 2021/02/04 05:48:40 fetching corpus: 3850, signal 167796/246063 (executing program) 2021/02/04 05:48:40 fetching corpus: 3900, signal 168192/247310 (executing program) 2021/02/04 05:48:40 fetching corpus: 3950, signal 168871/248659 (executing program) 2021/02/04 05:48:40 fetching corpus: 4000, signal 169938/250228 (executing program) 2021/02/04 05:48:40 fetching corpus: 4050, signal 170269/251406 (executing program) 2021/02/04 05:48:40 fetching corpus: 4100, signal 171655/253109 (executing program) 2021/02/04 05:48:40 fetching corpus: 4150, signal 172557/254516 (executing program) 2021/02/04 05:48:40 fetching corpus: 4200, signal 174134/256291 (executing program) 2021/02/04 05:48:40 fetching corpus: 4250, signal 175549/257992 (executing program) 2021/02/04 05:48:40 fetching corpus: 4300, signal 175892/259107 (executing program) 2021/02/04 05:48:40 fetching corpus: 4350, signal 176553/260423 (executing program) 2021/02/04 05:48:40 fetching corpus: 4400, signal 178340/262217 (executing program) 2021/02/04 05:48:40 fetching corpus: 4450, signal 178644/263281 (executing program) 2021/02/04 05:48:40 fetching corpus: 4500, signal 179071/264435 (executing program) 2021/02/04 05:48:40 fetching corpus: 4550, signal 179580/265611 (executing program) 2021/02/04 05:48:40 fetching corpus: 4600, signal 180174/266819 (executing program) 2021/02/04 05:48:40 fetching corpus: 4650, signal 181166/268294 (executing program) 2021/02/04 05:48:40 fetching corpus: 4700, signal 182175/269701 (executing program) 2021/02/04 05:48:40 fetching corpus: 4750, signal 182687/270833 (executing program) 2021/02/04 05:48:40 fetching corpus: 4800, signal 183024/271881 (executing program) 2021/02/04 05:48:40 fetching corpus: 4850, signal 183387/272953 (executing program) 2021/02/04 05:48:40 fetching corpus: 4900, signal 183753/274034 (executing program) 2021/02/04 05:48:40 fetching corpus: 4950, signal 184465/275231 (executing program) 2021/02/04 05:48:41 fetching corpus: 5000, signal 184944/276305 (executing program) 2021/02/04 05:48:41 fetching corpus: 5050, signal 185965/277590 (executing program) 2021/02/04 05:48:41 fetching corpus: 5100, signal 186401/278674 (executing program) 2021/02/04 05:48:41 fetching corpus: 5150, signal 187814/280121 (executing program) 2021/02/04 05:48:41 fetching corpus: 5200, signal 188086/281073 (executing program) 2021/02/04 05:48:41 fetching corpus: 5250, signal 188631/282212 (executing program) 2021/02/04 05:48:41 fetching corpus: 5300, signal 188916/283163 (executing program) 2021/02/04 05:48:41 fetching corpus: 5350, signal 189617/284361 (executing program) 2021/02/04 05:48:41 fetching corpus: 5400, signal 190563/285601 (executing program) 2021/02/04 05:48:41 fetching corpus: 5450, signal 190937/286600 (executing program) 2021/02/04 05:48:41 fetching corpus: 5500, signal 192725/288350 (executing program) 2021/02/04 05:48:41 fetching corpus: 5550, signal 193366/289471 (executing program) 2021/02/04 05:48:41 fetching corpus: 5600, signal 194187/290655 (executing program) 2021/02/04 05:48:41 fetching corpus: 5650, signal 196240/292103 (executing program) 2021/02/04 05:48:41 fetching corpus: 5700, signal 196567/293037 (executing program) 2021/02/04 05:48:41 fetching corpus: 5750, signal 196834/293933 (executing program) 2021/02/04 05:48:41 fetching corpus: 5800, signal 197130/294836 (executing program) 2021/02/04 05:48:42 fetching corpus: 5850, signal 197550/295771 (executing program) 2021/02/04 05:48:42 fetching corpus: 5900, signal 197831/296641 (executing program) 2021/02/04 05:48:42 fetching corpus: 5950, signal 198072/297570 (executing program) 2021/02/04 05:48:42 fetching corpus: 6000, signal 198843/298581 (executing program) 2021/02/04 05:48:42 fetching corpus: 6050, signal 199058/299422 (executing program) 2021/02/04 05:48:42 fetching corpus: 6100, signal 199316/300340 (executing program) 2021/02/04 05:48:42 fetching corpus: 6150, signal 199819/301247 (executing program) 2021/02/04 05:48:42 fetching corpus: 6200, signal 200608/302258 (executing program) 2021/02/04 05:48:42 fetching corpus: 6250, signal 200918/303164 (executing program) 2021/02/04 05:48:42 fetching corpus: 6300, signal 201310/304137 (executing program) 2021/02/04 05:48:42 fetching corpus: 6350, signal 201831/305076 (executing program) 2021/02/04 05:48:42 fetching corpus: 6400, signal 202095/305948 (executing program) 2021/02/04 05:48:42 fetching corpus: 6450, signal 205228/307451 (executing program) 2021/02/04 05:48:42 fetching corpus: 6500, signal 207065/308622 (executing program) 2021/02/04 05:48:42 fetching corpus: 6550, signal 207834/309544 (executing program) 2021/02/04 05:48:42 fetching corpus: 6600, signal 208104/310376 (executing program) 2021/02/04 05:48:43 fetching corpus: 6650, signal 210157/311651 (executing program) 2021/02/04 05:48:43 fetching corpus: 6700, signal 210604/312506 (executing program) 2021/02/04 05:48:43 fetching corpus: 6750, signal 211570/313452 (executing program) 2021/02/04 05:48:43 fetching corpus: 6800, signal 212107/314291 (executing program) 2021/02/04 05:48:43 fetching corpus: 6850, signal 213016/315127 (executing program) 2021/02/04 05:48:43 fetching corpus: 6900, signal 213391/315912 (executing program) 2021/02/04 05:48:43 fetching corpus: 6950, signal 214684/316813 (executing program) 2021/02/04 05:48:43 fetching corpus: 7000, signal 214958/317543 (executing program) 2021/02/04 05:48:43 fetching corpus: 7050, signal 215417/318367 (executing program) 2021/02/04 05:48:43 fetching corpus: 7100, signal 215817/319160 (executing program) 2021/02/04 05:48:43 fetching corpus: 7150, signal 216080/319966 (executing program) 2021/02/04 05:48:43 fetching corpus: 7200, signal 216623/320755 (executing program) 2021/02/04 05:48:43 fetching corpus: 7250, signal 218063/321637 (executing program) 2021/02/04 05:48:43 fetching corpus: 7300, signal 218368/322372 (executing program) 2021/02/04 05:48:43 fetching corpus: 7350, signal 219144/323223 (executing program) 2021/02/04 05:48:43 fetching corpus: 7400, signal 219391/323978 (executing program) 2021/02/04 05:48:44 fetching corpus: 7450, signal 219735/324743 (executing program) 2021/02/04 05:48:44 fetching corpus: 7500, signal 219972/325516 (executing program) 2021/02/04 05:48:44 fetching corpus: 7550, signal 220325/326229 (executing program) 2021/02/04 05:48:44 fetching corpus: 7600, signal 220570/326918 (executing program) 2021/02/04 05:48:44 fetching corpus: 7650, signal 221117/327808 (executing program) 2021/02/04 05:48:44 fetching corpus: 7700, signal 221378/328501 (executing program) 2021/02/04 05:48:44 fetching corpus: 7750, signal 221595/329190 (executing program) 2021/02/04 05:48:44 fetching corpus: 7800, signal 222034/329894 (executing program) 2021/02/04 05:48:44 fetching corpus: 7850, signal 225148/330774 (executing program) 2021/02/04 05:48:44 fetching corpus: 7900, signal 225316/331452 (executing program) 2021/02/04 05:48:44 fetching corpus: 7950, signal 225662/332146 (executing program) 2021/02/04 05:48:44 fetching corpus: 8000, signal 226339/332865 (executing program) 2021/02/04 05:48:44 fetching corpus: 8050, signal 227285/333553 (executing program) 2021/02/04 05:48:44 fetching corpus: 8100, signal 227683/334212 (executing program) 2021/02/04 05:48:44 fetching corpus: 8150, signal 228872/334311 (executing program) 2021/02/04 05:48:44 fetching corpus: 8200, signal 229121/334326 (executing program) 2021/02/04 05:48:45 fetching corpus: 8250, signal 229439/334342 (executing program) 2021/02/04 05:48:45 fetching corpus: 8300, signal 229649/334356 (executing program) 2021/02/04 05:48:45 fetching corpus: 8350, signal 229847/334384 (executing program) 2021/02/04 05:48:45 fetching corpus: 8400, signal 231192/334397 (executing program) 2021/02/04 05:48:45 fetching corpus: 8450, signal 231518/334404 (executing program) 2021/02/04 05:48:45 fetching corpus: 8500, signal 231725/334405 (executing program) 2021/02/04 05:48:45 fetching corpus: 8550, signal 231912/334408 (executing program) 2021/02/04 05:48:45 fetching corpus: 8600, signal 233824/334424 (executing program) 2021/02/04 05:48:45 fetching corpus: 8650, signal 234162/334486 (executing program) 2021/02/04 05:48:45 fetching corpus: 8700, signal 234802/334501 (executing program) 2021/02/04 05:48:45 fetching corpus: 8750, signal 235079/334554 (executing program) 2021/02/04 05:48:45 fetching corpus: 8800, signal 235291/334636 (executing program) 2021/02/04 05:48:45 fetching corpus: 8850, signal 235639/334647 (executing program) 2021/02/04 05:48:45 fetching corpus: 8900, signal 235835/334651 (executing program) 2021/02/04 05:48:45 fetching corpus: 8950, signal 236410/334657 (executing program) 2021/02/04 05:48:45 fetching corpus: 9000, signal 236827/334657 (executing program) 2021/02/04 05:48:45 fetching corpus: 9050, signal 237013/334667 (executing program) 2021/02/04 05:48:45 fetching corpus: 9100, signal 238333/334698 (executing program) 2021/02/04 05:48:45 fetching corpus: 9150, signal 239352/334698 (executing program) 2021/02/04 05:48:45 fetching corpus: 9200, signal 240317/334701 (executing program) 2021/02/04 05:48:45 fetching corpus: 9250, signal 240486/334730 (executing program) 2021/02/04 05:48:45 fetching corpus: 9300, signal 240694/334734 (executing program) 2021/02/04 05:48:45 fetching corpus: 9350, signal 241033/334744 (executing program) 2021/02/04 05:48:45 fetching corpus: 9400, signal 242794/334747 (executing program) 2021/02/04 05:48:45 fetching corpus: 9450, signal 243038/334754 (executing program) 2021/02/04 05:48:46 fetching corpus: 9500, signal 243761/334758 (executing program) 2021/02/04 05:48:46 fetching corpus: 9550, signal 243988/334795 (executing program) 2021/02/04 05:48:46 fetching corpus: 9600, signal 244189/334796 (executing program) 2021/02/04 05:48:46 fetching corpus: 9650, signal 244947/335347 (executing program) 2021/02/04 05:48:46 fetching corpus: 9700, signal 246267/335352 (executing program) 2021/02/04 05:48:46 fetching corpus: 9750, signal 246499/335414 (executing program) 2021/02/04 05:48:46 fetching corpus: 9800, signal 246710/335414 (executing program) 2021/02/04 05:48:46 fetching corpus: 9850, signal 247024/335487 (executing program) 2021/02/04 05:48:46 fetching corpus: 9900, signal 247222/335512 (executing program) 2021/02/04 05:48:46 fetching corpus: 9950, signal 248019/335577 (executing program) 2021/02/04 05:48:46 fetching corpus: 9999, signal 248158/335578 (executing program) 2021/02/04 05:48:46 fetching corpus: 10049, signal 248478/335593 (executing program) 2021/02/04 05:48:46 fetching corpus: 10099, signal 248678/335607 (executing program) 2021/02/04 05:48:46 fetching corpus: 10149, signal 249405/335613 (executing program) 2021/02/04 05:48:46 fetching corpus: 10199, signal 250796/335616 (executing program) 2021/02/04 05:48:46 fetching corpus: 10249, signal 252296/335618 (executing program) 2021/02/04 05:48:46 fetching corpus: 10299, signal 252806/335698 (executing program) 2021/02/04 05:48:46 fetching corpus: 10349, signal 252985/335715 (executing program) 2021/02/04 05:48:46 fetching corpus: 10399, signal 253192/335716 (executing program) 2021/02/04 05:48:46 fetching corpus: 10449, signal 253342/335717 (executing program) 2021/02/04 05:48:46 fetching corpus: 10499, signal 253477/335722 (executing program) 2021/02/04 05:48:46 fetching corpus: 10549, signal 254408/335744 (executing program) 2021/02/04 05:48:46 fetching corpus: 10599, signal 254641/335744 (executing program) 2021/02/04 05:48:46 fetching corpus: 10603, signal 254649/335744 (executing program) 2021/02/04 05:48:46 fetching corpus: 10603, signal 254649/335744 (executing program) 2021/02/04 05:48:46 starting 2 fuzzer processes 05:48:46 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000080)={0x3, &(0x7f00000001c0)=[{0x40}, {0x1c}, {0x6}]}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) syz_emit_ethernet(0xe, &(0x7f0000000380)) 05:48:47 executing program 1: mknod(&(0x7f0000000000)='./file0\x00', 0x6000, 0xee4) acct(&(0x7f00000000c0)='./file0\x00') 05:48:47 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) syz_emit_ethernet(0x78, &(0x7f0000000080)={@local, @random="3f42c22d165c", [], {@ipv6={0x86dd, {0x0, 0x6, "a08000", 0x42, 0x0, 0x0, @rand_addr="0000000000d9ba78127f74899900", @local={0xfe, 0x80, [], 0x0}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @window={0x3, 0x3}]}}, {"6118845c8bfdf5a7a65690cdd892ba34249e7fb53f9ca32eda6478b7b84f9ef70f930cc6fb77"}}}}}}}) syz_emit_ethernet(0x40, &(0x7f00000000c0)={@broadcast, @random="45f7b676ee0e", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2}, @tcp={{0x1, 0x3, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, {[@eol]}}, {"0ac9667e7246"}}}}}}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:48:47 executing program 1: mknod(&(0x7f0000000140)='./bus\x00', 0x2400, 0x2000000000086133) r0 = open(&(0x7f0000000040)='./bus\x00', 0x501, 0x0) write(r0, &(0x7f0000000000)="220e22", 0x3) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x6000000000004, 0x19bf}) pwritev(r0, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xff20}], 0x1000000000000182, 0x0, 0x0) 05:48:47 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) syz_emit_ethernet(0x78, &(0x7f0000000080)={@local, @random="3f42c22d165c", [], {@ipv6={0x86dd, {0x0, 0x6, "a08000", 0x42, 0x0, 0x0, @rand_addr="0000000000d9ba78127f74899900", @local={0xfe, 0x80, [], 0x0}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @window={0x3, 0x3}]}}, {"6118845c8bfdf5a7a65690cdd892ba34249e7fb53f9ca32eda6478b7b84f9ef70f930cc6fb77"}}}}}}}) syz_emit_ethernet(0x40, &(0x7f00000000c0)={@broadcast, @random="45f7b676ee0e", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2}, @tcp={{0x1, 0x3, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, {[@eol]}}, {"0ac9667e7246"}}}}}}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:48:47 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) ioctl$WSMOUSEIO_SETPARAMS(0xffffffffffffffff, 0x80105728, &(0x7f0000000080)={&(0x7f0000000040)=[{0x8a}], 0x1}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:48:47 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) syz_emit_ethernet(0x78, &(0x7f0000000080)={@local, @random="3f42c22d165c", [], {@ipv6={0x86dd, {0x0, 0x6, "a08000", 0x42, 0x0, 0x0, @rand_addr="0000000000d9ba78127f74899900", @local={0xfe, 0x80, [], 0x0}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @window={0x3, 0x3}]}}, {"6118845c8bfdf5a7a65690cdd892ba34249e7fb53f9ca32eda6478b7b84f9ef70f930cc6fb77"}}}}}}}) syz_emit_ethernet(0x40, &(0x7f00000000c0)={@broadcast, @random="45f7b676ee0e", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2}, @tcp={{0x1, 0x3, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, {[@eol]}}, {"0ac9667e7246"}}}}}}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:48:47 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x0, 0x9, 0x4}]}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:48:47 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) syz_emit_ethernet(0x78, &(0x7f0000000080)={@local, @random="3f42c22d165c", [], {@ipv6={0x86dd, {0x0, 0x6, "a08000", 0x42, 0x0, 0x0, @rand_addr="0000000000d9ba78127f74899900", @local={0xfe, 0x80, [], 0x0}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @window={0x3, 0x3}]}}, {"6118845c8bfdf5a7a65690cdd892ba34249e7fb53f9ca32eda6478b7b84f9ef70f930cc6fb77"}}}}}}}) syz_emit_ethernet(0x40, &(0x7f00000000c0)={@broadcast, @random="45f7b676ee0e", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2}, @tcp={{0x1, 0x3, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, {[@eol]}}, {"0ac9667e7246"}}}}}}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:48:47 executing program 1: connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="820201f0ffffffff"], 0x1) r0 = socket(0x2, 0x3, 0x1) connect$unix(r0, &(0x7f0000000000)=ANY=[], 0x10) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f00000000c0)="071400000000db00080000000025c6149b33ff0f", 0x14) write(r0, &(0x7f0000000100)="0d0000004ecc4eb8", 0x8) 05:48:47 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000100)="8ac7ca87e1c30ab866cee6a0dc1988e3dfc3314da595b00759cd0a9d2b390099379d728bbe89d0fcc40c361e3db922a5ff", 0x31}], 0x1, 0x0, 0xa8}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:48:47 executing program 1: connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="820201f0ffffffff"], 0x1) r0 = socket(0x2, 0x3, 0x1) connect$unix(r0, &(0x7f0000000000)=ANY=[], 0x10) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f00000000c0)="071400000000db00080000000025c6149b33ff0f", 0x14) write(r0, &(0x7f0000000100)="0d0000004ecc4eb8", 0x8) 05:48:47 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000100)="8ac7ca87e1c30ab866cee6a0dc1988e3dfc3314da595b00759cd0a9d2b390099379d728bbe89d0fcc40c361e3db922a5ff", 0x31}], 0x1, 0x0, 0xa8}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:48:47 executing program 1: connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="820201f0ffffffff"], 0x1) r0 = socket(0x2, 0x3, 0x1) connect$unix(r0, &(0x7f0000000000)=ANY=[], 0x10) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f00000000c0)="071400000000db00080000000025c6149b33ff0f", 0x14) write(r0, &(0x7f0000000100)="0d0000004ecc4eb8", 0x8) 05:48:47 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000100)="8ac7ca87e1c30ab866cee6a0dc1988e3dfc3314da595b00759cd0a9d2b390099379d728bbe89d0fcc40c361e3db922a5ff", 0x31}], 0x1, 0x0, 0xa8}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:48:47 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000100)="8ac7ca87e1c30ab866cee6a0dc1988e3dfc3314da595b00759cd0a9d2b390099379d728bbe89d0fcc40c361e3db922a5ff", 0x31}], 0x1, 0x0, 0xa8}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:48:47 executing program 1: connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="820201f0ffffffff"], 0x1) r0 = socket(0x2, 0x3, 0x1) connect$unix(r0, &(0x7f0000000000)=ANY=[], 0x10) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f00000000c0)="071400000000db00080000000025c6149b33ff0f", 0x14) write(r0, &(0x7f0000000100)="0d0000004ecc4eb8", 0x8) 05:48:47 executing program 0: r0 = kqueue() fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) r1 = semget$private(0x0, 0x3, 0x1da) semctl$GETNCNT(r1, 0x33677a76b2de9ef5, 0x3, &(0x7f0000000180)=""/170) r2 = socket(0x2, 0x2, 0x0) dup2(0xffffffffffffffff, r2) connect$unix(r2, &(0x7f0000000000)=ANY=[], 0x10) writev(r2, &(0x7f0000000340)=[{0x0}], 0x1) lseek(r2, 0x0, 0x400, 0x2) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = kqueue() r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r4, 0x0, 0x0) kevent(r3, &(0x7f0000000040), 0x40000020, &(0x7f0000000080)=[{{}, 0xfffffffffffffffe, 0x1, 0xf0000000}, {{}, 0x4, 0x10, 0x0, 0x7fff, 0x3}, {}], 0x800f93, &(0x7f00000001c0)={0x101}) getuid() fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2, 0x3}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, &(0x7f0000000100)={0x3, &(0x7f0000000280)=[{0x44}, {0x6c}, {0x6, 0x0, 0xfe}]}) fcntl$setown(0xffffffffffffffff, 0x6, 0xffffffffffffffff) 05:48:47 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sysctl$net_inet6_ip6(0x0, 0x0, &(0x7f0000001040)="46cc569489337331b4a10de50fef36191a536b85cfb8b42a0ad74537f93c1cd0cc8eea6c06459865ad725540340bf3bff7c3201f92e2b594aaccf05bc2bb77d74223ea5ee8c6c7903f6205f9c737a6e62ed98fd677a2ac3c13fa347c54fc93a93b", &(0x7f0000000100)=0x61, 0x0, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x20004b08, &(0x7f0000000000)=0x7ff) 05:48:47 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sysctl$net_inet6_ip6(0x0, 0x0, &(0x7f0000001040)="46cc569489337331b4a10de50fef36191a536b85cfb8b42a0ad74537f93c1cd0cc8eea6c06459865ad725540340bf3bff7c3201f92e2b594aaccf05bc2bb77d74223ea5ee8c6c7903f6205f9c737a6e62ed98fd677a2ac3c13fa347c54fc93a93b", &(0x7f0000000100)=0x61, 0x0, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x20004b08, &(0x7f0000000000)=0x7ff) 05:48:47 executing program 0: r0 = kqueue() fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) r1 = semget$private(0x0, 0x3, 0x1da) semctl$GETNCNT(r1, 0x33677a76b2de9ef5, 0x3, &(0x7f0000000180)=""/170) r2 = socket(0x2, 0x2, 0x0) dup2(0xffffffffffffffff, r2) connect$unix(r2, &(0x7f0000000000)=ANY=[], 0x10) writev(r2, &(0x7f0000000340)=[{0x0}], 0x1) lseek(r2, 0x0, 0x400, 0x2) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = kqueue() r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r4, 0x0, 0x0) kevent(r3, &(0x7f0000000040), 0x40000020, &(0x7f0000000080)=[{{}, 0xfffffffffffffffe, 0x1, 0xf0000000}, {{}, 0x4, 0x10, 0x0, 0x7fff, 0x3}, {}], 0x800f93, &(0x7f00000001c0)={0x101}) getuid() fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2, 0x3}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, &(0x7f0000000100)={0x3, &(0x7f0000000280)=[{0x44}, {0x6c}, {0x6, 0x0, 0xfe}]}) fcntl$setown(0xffffffffffffffff, 0x6, 0xffffffffffffffff) 05:48:47 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sysctl$net_inet6_ip6(0x0, 0x0, &(0x7f0000001040)="46cc569489337331b4a10de50fef36191a536b85cfb8b42a0ad74537f93c1cd0cc8eea6c06459865ad725540340bf3bff7c3201f92e2b594aaccf05bc2bb77d74223ea5ee8c6c7903f6205f9c737a6e62ed98fd677a2ac3c13fa347c54fc93a93b", &(0x7f0000000100)=0x61, 0x0, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x20004b08, &(0x7f0000000000)=0x7ff) 05:48:47 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sysctl$net_inet6_ip6(0x0, 0x0, &(0x7f0000001040)="46cc569489337331b4a10de50fef36191a536b85cfb8b42a0ad74537f93c1cd0cc8eea6c06459865ad725540340bf3bff7c3201f92e2b594aaccf05bc2bb77d74223ea5ee8c6c7903f6205f9c737a6e62ed98fd677a2ac3c13fa347c54fc93a93b", &(0x7f0000000100)=0x61, 0x0, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x20004b08, &(0x7f0000000000)=0x7ff) 05:48:47 executing program 0: r0 = kqueue() fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) r1 = semget$private(0x0, 0x3, 0x1da) semctl$GETNCNT(r1, 0x33677a76b2de9ef5, 0x3, &(0x7f0000000180)=""/170) r2 = socket(0x2, 0x2, 0x0) dup2(0xffffffffffffffff, r2) connect$unix(r2, &(0x7f0000000000)=ANY=[], 0x10) writev(r2, &(0x7f0000000340)=[{0x0}], 0x1) lseek(r2, 0x0, 0x400, 0x2) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = kqueue() r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r4, 0x0, 0x0) kevent(r3, &(0x7f0000000040), 0x40000020, &(0x7f0000000080)=[{{}, 0xfffffffffffffffe, 0x1, 0xf0000000}, {{}, 0x4, 0x10, 0x0, 0x7fff, 0x3}, {}], 0x800f93, &(0x7f00000001c0)={0x101}) getuid() fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2, 0x3}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, &(0x7f0000000100)={0x3, &(0x7f0000000280)=[{0x44}, {0x6c}, {0x6, 0x0, 0xfe}]}) fcntl$setown(0xffffffffffffffff, 0x6, 0xffffffffffffffff) 05:48:47 executing program 1: setregid(0x0, 0xffffffffffffffff) 05:48:47 executing program 1: r0 = socket(0x2, 0xc003, 0x2) setsockopt(r0, 0x0, 0x64, &(0x7f0000000000)="01000000", 0x4) setsockopt(r0, 0x0, 0x69, 0x0, 0x0) 05:48:47 executing program 1: setrlimit(0x8, &(0x7f0000000000)={0xa, 0x93}) r0 = syz_open_pts() close(r0) r1 = syz_open_pts() ioctl$TIOCSETAW(r0, 0x80047469, &(0x7f00000001c0)={0x5, 0x0, 0x0, 0x0, "1fffff0366dfde850c1913ccd5ab3408ff060070"}) read(r1, &(0x7f0000000080)=""/237, 0xed) write(r0, &(0x7f0000000240)="306022e44dd14fdf6f5952d1be4cabb3834d58a2f9c134b19bc6424f226f0a72a56f4221b976cd03721bb4b30d0979651631217801007d6d6685cc21b94754000000000000c75f7bda0b59c0182d", 0x4e) r2 = openat$pf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x0, 0x0) ioctl$FIOASYNC(r2, 0xc0504417, &(0x7f0000000080)) 05:48:47 executing program 0: r0 = kqueue() fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) r1 = semget$private(0x0, 0x3, 0x1da) semctl$GETNCNT(r1, 0x33677a76b2de9ef5, 0x3, &(0x7f0000000180)=""/170) r2 = socket(0x2, 0x2, 0x0) dup2(0xffffffffffffffff, r2) connect$unix(r2, &(0x7f0000000000)=ANY=[], 0x10) writev(r2, &(0x7f0000000340)=[{0x0}], 0x1) lseek(r2, 0x0, 0x400, 0x2) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = kqueue() r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r4, 0x0, 0x0) kevent(r3, &(0x7f0000000040), 0x40000020, &(0x7f0000000080)=[{{}, 0xfffffffffffffffe, 0x1, 0xf0000000}, {{}, 0x4, 0x10, 0x0, 0x7fff, 0x3}, {}], 0x800f93, &(0x7f00000001c0)={0x101}) getuid() fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2, 0x3}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, &(0x7f0000000100)={0x3, &(0x7f0000000280)=[{0x44}, {0x6c}, {0x6, 0x0, 0xfe}]}) fcntl$setown(0xffffffffffffffff, 0x6, 0xffffffffffffffff) login: vrele: bad writecount: 0xfffffd80679ca6b0, type VCHR, use 0, write 1, hold 0, tag VT_UFS, ino 2676, on dev 4, 0 flags 0x180, effnlink 1, nlink 1 mode 020620, owner 0, group 4, size 0 panic: vrele: v_writecount != 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *225516 22943 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd80679ca6b0) at vrele+0x187 ptmioctl(5100,40287401,ffff800021f29b10,3,ffff8000216717a0) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e6754b0,40287401,ffff800021f29b10,3,fffffd807f7b75a0,ffff8000216717a0) at VOP_IOCTL+0x91 vn_ioctl(fffffd80677e0c48,40287401,ffff800021f29b10,ffff8000216717a0) at vn_ioctl+0xb5 sys_ioctl(ffff8000216717a0,ffff800021f29c20,ffff800021f29c70) at sys_ioctl+0x4ac syscall(ffff800021f29cf0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa6758176610, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic vrele: v_writecount != 0 ddb> trace db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd80679ca6b0) at vrele+0x187 ptmioctl(5100,40287401,ffff800021f29b10,3,ffff8000216717a0) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e6754b0,40287401,ffff800021f29b10,3,fffffd807f7b75a0,ffff8000216717a0) at VOP_IOCTL+0x91 vn_ioctl(fffffd80677e0c48,40287401,ffff800021f29b10,ffff8000216717a0) at vn_ioctl+0xb5 sys_ioctl(ffff8000216717a0,ffff800021f29c20,ffff800021f29c70) at sys_ioctl+0x4ac syscall(ffff800021f29cf0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa6758176610, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800021f29550 rbx 0xffff800021f29560 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff820e50f5 kprintf+0x155 r9 0x1 r10 0xe8dbc3060d1a464d r11 0x1abb0d2db2d79756 r12 0x3000000008 r13 0xffff800021f29600 r14 0x100 r15 0x1 rip 0xffffffff81ab85c8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021f29540 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=225516 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800021670a80,0xffff800021670550 process=0xffff80002165d408 user=0xffff800021f24000, vmspace=0xfffffd807effc990 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 22943 445072 99210 0 2 0 syz-executor.1 *22943 225516 99210 0 7 0x4000000 syz-executor.1 22943 413339 99210 0 3 0x4000080 fsleep syz-executor.1 99210 343226 32541 0 2 0x482 syz-executor.1 30666 287999 32541 0 2 0x2 syz-executor.0 32541 183093 30954 0 3 0x82 thrsleep syz-fuzzer 32541 355893 30954 0 2 0x4000482 syz-fuzzer 32541 18896 30954 0 3 0x4000082 thrsleep syz-fuzzer 32541 490014 30954 0 3 0x4000082 thrsleep syz-fuzzer 32541 121088 30954 0 3 0x4000082 thrsleep syz-fuzzer 32541 98153 30954 0 3 0x4000082 thrsleep syz-fuzzer 32541 42596 30954 0 3 0x4000082 kqread syz-fuzzer 30954 135771 78997 0 3 0x10008a sigsusp ksh 78997 134455 34402 0 3 0x92 select sshd 2622 89596 1 0 3 0x100083 ttyin getty 34402 40116 1 0 3 0x80 select sshd 3640 207038 6124 73 3 0x100090 kqread syslogd 6124 367272 1 0 3 0x100082 netio syslogd 675 429200 1 77 3 0x100090 poll dhclient 91990 86316 1 0 3 0x80 poll dhclient 2659 144364 0 0 3 0x14200 bored smr 29078 176714 0 0 2 0x14200 zerothread 97723 142050 0 0 3 0x14200 aiodoned aiodoned 18581 237651 0 0 3 0x14200 syncer update 12140 217605 0 0 3 0x14200 cleaner cleaner 44242 391123 0 0 3 0x14200 reaper reaper 95418 69191 0 0 3 0x14200 pgdaemon pagedaemon 48397 358163 0 0 3 0x14200 bored crynlk 18599 54272 0 0 3 0x14200 bored crypto 68386 292449 0 0 3 0x14200 bored viomb 4848 523983 0 0 3 0x40014200 acpi0 acpi0 53615 175249 0 0 2 0x14200 softnet 23395 399463 0 0 3 0x14200 bored systqmp 17790 15261 0 0 3 0x14200 bored systq 8881 231993 0 0 2 0x40014200 softclock 24876 253899 0 0 3 0x40014200 idle0 1 240727 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9473 6345K 6475K 78643K 10576 0 pcb 13 8K 8K 78643K 17 0 rtable 105 3K 3K 78643K 192 0 ifaddr 44 10K 10K 78643K 44 0 counters 21 16K 16K 78643K 21 0 ioctlops 0 0K 2K 78643K 15 0 iov 0 0K 8K 78643K 2 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1226 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 7 0K 0K 78643K 7 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 62 0 proc 47 38K 63K 78643K 364 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 33 2K 2K 78643K 33 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 37 175K 175K 78643K 37 0 exec 0 0K 2K 78643K 317 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 113 23K 24K 78643K 755 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 10 0K 0K 78643K 10 0 temp 66 3963K 4027K 78643K 1856 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 120 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 23 0 15 1 0 1 1 0 8 0 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpqe 32 627 0 627 1 0 1 1 0 8 1 tcpcb 736 10 0 6 1 0 1 1 0 8 0 inpcb 304 44 0 37 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 kcovpl 48 2 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 semapl 112 5 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1448 0 52 88 0 88 88 0 8 0 ffsino 240 1448 0 52 83 0 83 83 0 8 0 nchpl 144 1693 0 96 60 0 60 60 0 8 0 uvmvnodes 72 1493 0 0 28 0 28 28 0 8 0 vnodes 224 1493 0 0 88 0 88 88 0 8 0 namei 1024 4107 0 4107 2 1 1 1 0 8 1 scxspl 216 4666 0 4666 3 2 1 2 0 8 1 plimitpl 152 16 0 7 1 0 1 1 0 8 0 sigapl 424 249 0 220 4 0 4 4 0 8 0 futexpl 56 285 0 284 1 0 1 1 0 8 0 knotepl 112 62 0 42 1 0 1 1 0 8 0 kqueuepl 168 31 0 29 1 0 1 1 0 8 0 pipepl 304 69 0 58 1 0 1 1 0 8 0 fdescpl 432 234 0 220 2 0 2 2 0 8 0 filepl 120 1045 0 942 4 0 4 4 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 60 0 53 1 0 1 1 0 8 0 zombiepl 144 220 0 220 2 1 1 1 0 8 1 processpl 1016 249 0 220 5 0 5 5 0 8 1 procpl 672 284 0 247 4 0 4 4 0 8 0 sockpl 432 86 0 69 4 1 3 3 0 8 1 mcl64k 65536 2 0 2 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl4k 4096 8 0 8 1 1 0 1 0 8 0 mcl2k 2048 176213 0 176143 36 19 17 26 0 8 7 mtagpl 96 2 0 2 1 1 0 1 0 8 0 mbufpl 256 190689 0 190596 14 0 14 14 0 8 5 bufpl 280 3272 0 169 222 0 222 222 0 8 0 anonpl 24 57337 0 38707 139 2 137 137 0 188 21 amapchunkpl 152 1364 0 1012 16 0 16 16 0 158 1 amappl16 200 1952 0 1128 57 0 57 57 0 8 13 amappl15 192 15 0 13 1 0 1 1 0 8 0 amappl14 184 25 0 18 1 0 1 1 0 8 0 amappl13 176 25 0 22 1 0 1 1 0 8 0 amappl12 168 14 0 12 1 0 1 1 0 8 0 amappl11 160 53 0 42 1 0 1 1 0 8 0 amappl10 152 9 0 5 1 0 1 1 0 8 0 amappl9 144 280 0 280 1 1 0 1 0 8 0 amappl8 136 158 0 122 2 0 2 2 0 8 0 amappl7 128 218 0 209 1 0 1 1 0 8 0 amappl6 120 60 0 53 1 0 1 1 0 8 0 amappl5 112 379 0 364 1 0 1 1 0 8 0 amappl4 104 235 0 215 1 0 1 1 0 8 0 amappl3 96 110 0 103 1 0 1 1 0 8 0 amappl2 88 1103 0 1040 3 1 2 3 0 8 0 amappl1 80 14594 0 14133 28 11 17 21 0 8 6 amappl 88 529 0 459 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 234 0 220 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 234 0 220 1 0 1 1 0 8 0 vmmpekpl 168 5855 0 5832 2 0 2 2 0 8 0 vmmpepl 168 37701 0 35733 128 9 119 119 0 357 31 vmsppl 272 233 0 220 2 0 2 2 0 8 1 rwobjpl 24 10988 0 9496 13 2 11 11 0 8 0 pdppl 4096 474 0 440 53 13 40 40 0 8 6 pvpl 32 157802 0 136280 214 0 214 214 0 265 35 pmappl 200 233 0 220 1 0 1 1 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 305 0 36 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd80679ca6b0) at vrele+0x187 ptmioctl(5100,40287401,ffff800021f29b10,3,ffff8000216717a0) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e6754b0,40287401,ffff800021f29b10,3,fffffd807f7b75a0,ffff8000216717a0) at VOP_IOCTL+0x91 vn_ioctl(fffffd80677e0c48,40287401,ffff800021f29b10,ffff8000216717a0) at vn_ioctl+0xb5 sys_ioctl(ffff8000216717a0,ffff800021f29c20,ffff800021f29c70) at sys_ioctl+0x4ac syscall(ffff800021f29cf0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa6758176610, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd80679ca6b0) at vrele+0x187 ptmioctl(5100,40287401,ffff800021f29b10,3,ffff8000216717a0) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e6754b0,40287401,ffff800021f29b10,3,fffffd807f7b75a0,ffff8000216717a0) at VOP_IOCTL+0x91 vn_ioctl(fffffd80677e0c48,40287401,ffff800021f29b10,ffff8000216717a0) at vn_ioctl+0xb5 sys_ioctl(ffff8000216717a0,ffff800021f29c20,ffff800021f29c70) at sys_ioctl+0x4ac syscall(ffff800021f29cf0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa6758176610, count: -9