kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Fri Jul 31 19:09:16 PDT 2020 OpenBSD/amd64 (ci-openbsd-main-3.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts. 2020/07/31 19:09:25 fuzzer started 2020/07/31 19:09:29 dialing manager at 10.128.15.235:13100 2020/07/31 19:09:29 syscalls: 381 2020/07/31 19:09:29 code coverage: enabled 2020/07/31 19:09:29 comparison tracing: enabled 2020/07/31 19:09:29 extra coverage: support is not implemented in syzkaller 2020/07/31 19:09:29 setuid sandbox: enabled 2020/07/31 19:09:29 namespace sandbox: support is not implemented in syzkaller 2020/07/31 19:09:29 Android sandbox: support is not implemented in syzkaller 2020/07/31 19:09:29 fault injection: support is not implemented in syzkaller 2020/07/31 19:09:29 leak checking: support is not implemented in syzkaller 2020/07/31 19:09:29 net packet injection: enabled 2020/07/31 19:09:29 net device setup: support is not implemented in syzkaller 2020/07/31 19:09:29 concurrency sanitizer: support is not implemented in syzkaller 2020/07/31 19:09:29 devlink PCI setup: support is not implemented in syzkaller 2020/07/31 19:09:29 USB emulation: support is not implemented in syzkaller 2020/07/31 19:09:29 hci packet injection: support is not implemented in syzkaller 19:09:34 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x200, 0x0) ioctl$WSMUXIO_REMOVE_DEVICE(r0, 0x80085762, &(0x7f0000000040)={0x2, 0x6}) r1 = openat(r0, &(0x7f0000000080)='./file0\x00', 0x400, 0x4) pread(r1, &(0x7f00000000c0)="2559d87052569b2b1fc65d8633e23b300a7839578624a539c78601acefba6424f4258338774357a6df3fa035dd250a9312d078ba5a32a050174be1e06b3d8869eba05e946dd8d1a28131ed4e82fab31c4b3555cc1b946c0f89af08b57811cea9dd219c210da003a5147a652eb36125248d957ac2a0bff976a0e66ecbd68a9d6adf6b8ba2fccf81d440fc4193af4ce3830a3e9f2c3eaea3762620c932eb2ef5c977400bf9e6450a99cb1409922ec8b75f47", 0xb1, 0x0, 0xfffffffffffffffd) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x400, 0x0) ioctl$TIOCCDTR(r2, 0x20007478) pipe2(&(0x7f00000001c0), 0x10000) r3 = semget(0x3, 0x1, 0x5) semctl$GETALL(r3, 0x0, 0x6, &(0x7f0000000200)=""/48) r4 = openat$speaker(0xffffffffffffff9c, &(0x7f0000000240)='/dev/speaker\x00', 0x20, 0x0) fcntl$dupfd(r4, 0xa, r0) fchflags(r1, 0x10000) pipe(&(0x7f0000000280)) sysctl$net_inet_ipip(&(0x7f00000002c0)={0x4, 0x2, 0x4, 0x1}, 0x4, &(0x7f0000000300)="fe4eb5a66b3bf59b563902c6a19c002d10d1ca99e9f5fe76ab393aec5de6c4315df174a9892e2afd96d1142bbc787497a81532a61818298814a4305eb850381475cf947f313f72c005f5608f8acd81227242f0dc356b815c0184866a9291a51a0e3594b774d27690bc337fdc1afdd86561c474daa13e45595659ccba6c29ffbafee3d4d9fa82320a41b2192cc83f0b45f32828941c0070783fcabf44b187eaf3ce3f7376ddf654f4d5aed4a2ff03a9aaaa9f9fe562a451e0120c53f219eecd1ce17d915b385750ce", &(0x7f0000000400)=0xc8, &(0x7f0000000440)="f78dbd1363743b39ee1eee395cf871cbe573da11a66720a3f25eb13d55f593177f7f8c4a01c5537559ea0e6079ed32c2982ed44699284e48c3402a5cbde3288717cb7c2b25274736ff0da1437de50a30b5bd21889882e7d45d924801745c5f94c5cd381acd88113a0610620c38c7dc8c6514fe993ce1dcb9a7c508e4ec389856e1f0c77c6b1caed420661d98ca980831084427b4c3c3593bbe16d7bfe46a7026c826ff7eecb1b6c5a4c3557044d87fb531e6186dd1704e24e257b656270037ed578d37a0", 0xc4) ioctl$VMM_IOC_INFO(r0, 0xc0185603, &(0x7f00000005c0)={0x66, 0x0, &(0x7f0000000540)=""/102}) r5 = openat$wsmuxkbd(0xffffffffffffff9c, &(0x7f0000000600)='/dev/wskbd\x00', 0x200, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000640)={0x0}, &(0x7f0000000680)=0xc) fcntl$lock(r5, 0x9, &(0x7f00000006c0)={0x1, 0x2, 0x10000, 0x4, r6}) r7 = socket$inet(0x2, 0x4, 0x9) pwrite(r7, &(0x7f0000000700)="fd42ccf3a94ca18fb0f53288016eed81b0fd562e1bb31e5433bc10aaa3f1e1b29ef7f4bf150bdf30b43f8c1fb212f0017cca3be2acdd95d8361383b38d11e691c81ecf2fff244a3289907439c7893584fea70028043f7e371cff5fc64324723f2c5aee72712b7d79cf50c0095b92ba78e6bf3f3a4ae76025b8c643ec99b8c6ca21c31a0f160273d2cd5faacd097138858d5c4330bc8c82f91f57cd0d8c585c6f605a40f4cfc0eb4259043c2da67dc0830316673c", 0xb4, 0x0, 0x6) 19:09:34 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x200, 0x0) ioctl$BIOCGDIRFILT(r0, 0x4004427c, &(0x7f0000000040)) r1 = fcntl$dupfd(0xffffffffffffff9c, 0xa, 0xffffffffffffff9c) ioctl$FIONBIO(r1, 0x8004667e, &(0x7f0000000080)=0x8) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x80, 0x0) ioctl$TIOCSTAT(r2, 0x20007465, &(0x7f0000000100)) rmdir(&(0x7f0000000140)='./file0\x00') r3 = socket$inet(0x2, 0x8000, 0x20) write(r3, &(0x7f0000000180)="e4b92450b1de22502f4077d548a68b1a921496788cc2aa43032ff0be78ca15b20bc1bd4bb205dd39c87416c56577d77b041b7f4d4f4c0b4b4301d28c35e6c1f8ce478ef479589d177188bc04587465ebf4269d3489c791e46bf9311ca1374d95f328df6d4ce243d849974c8a027605a6fe9ca0ae7855bbcf1a35f9bd5dec67a000a19f9713f831d9c01a37a44e50b709e43fe260886d68928bca459052d22a27e52f6f00c17edc201c08f9c187cd57155cd47d7b", 0xb4) socketpair(0x20, 0x4, 0x9, &(0x7f0000000240)={0xffffffffffffffff}) close(r4) ioctl$VT_ACTIVATE(r1, 0x20007605, &(0x7f0000000280)=0x9) pipe2(&(0x7f00000002c0)={0xffffffffffffffff}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000300)={0x0}, &(0x7f0000000340)=0xc) fcntl$lock(r5, 0x8, &(0x7f0000000380)={0x2, 0x3, 0x9, 0x100, r6}) r7 = accept$unix(r0, &(0x7f00000003c0)=@file={0x0, ""/39}, &(0x7f0000000400)=0x29) dup2(r7, r5) r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000440)='/dev/zero\x00', 0x20000, 0x0) fchmodat(r8, &(0x7f0000000480)='./file0\x00', 0x18, 0x2) listen(0xffffffffffffffff, 0x80) 19:09:35 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$pf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x2, 0x0) ioctl$FIOASYNC(r1, 0xcd60441a, &(0x7f0000000240)=0x2) poll(&(0x7f0000000280)=[{r1, 0x21}], 0x1, 0x0) write(r0, &(0x7f00000001c0), 0xfffffef3) execve(0x0, 0x0, 0x0) r2 = openat$pf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x2, 0x0) ioctl$FIOASYNC(r2, 0xcd60441a, &(0x7f0000000240)=0x2) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x20, 0x41) fcntl$dupfd(r2, 0xa, r3) login: pckbd_enable: command error 19:09:35 executing program 0: syz_emit_ethernet(0x7e, &(0x7f0000000000)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @multicast2, @broadcast}, @icmp=@time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @local={0xac, 0x14, 0x0}, @rand_addr, {[@lsrr={0x83, 0x17, 0x0, [@rand_addr, @rand_addr, @remote={0xac, 0x14, 0x0}, @empty, @empty]}, @rr={0x7, 0x1b, 0x0, [@empty, @remote={0xac, 0x14, 0x0}, @multicast1, @loopback, @multicast2, @empty]}, @ssrr={0x89, 0xb, 0x0, [@remote={0xac, 0x14, 0x0}, @rand_addr]}]}}}}}}}) 19:09:35 executing program 0: munmap(&(0x7f0000001000/0x2000)=nil, 0x2000) r0 = open(&(0x7f0000000040)='./bus\x00', 0x2, 0x0) write(r0, &(0x7f0000000140)="220e22", 0x3) pwritev(r0, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xff20}], 0x100000000000005e, 0x0, 0x0) ioctl$KDSETLED(r0, 0x20004b42, &(0x7f00000000c0)) r1 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil) shmat(r1, &(0x7f0000001000/0x2000)=nil, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2) r2 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) r3 = open(&(0x7f0000000040)='./bus\x00', 0x2, 0x0) write(r3, &(0x7f0000000140)="220e22", 0x3) pwritev(r3, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xff20}], 0x100000000000005e, 0x0, 0x0) ioctl$PCIOCGETROM(r3, 0xc0107005, &(0x7f0000000040)={{}, 0x9, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) chflags(&(0x7f0000000100)='./bus/file0\x00', 0x0) ioctl$WSDISPLAYIO_GBURNER(r3, 0x400c5752, &(0x7f0000000080)) shmctl$IPC_STAT(r2, 0x2, 0x0) shmctl$IPC_STAT(r2, 0x2, &(0x7f0000002040)=""/4083) 19:09:35 executing program 1: mknod(&(0x7f0000000ffa)='./bus\x00', 0x1000, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x2, 0x0) r1 = getpgrp() fcntl$setown(r0, 0x6, r1) unlinkat(r0, &(0x7f0000000140)='./bus\x00', 0x0) r2 = openat$diskmap(0xffffffffffffff9c, &(0x7f0000000000)='/dev/diskmap\x00', 0x0, 0x0) r3 = openat$vmm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vmm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r3, r4) r5 = openat$pf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x2, 0x0) ioctl$FIOASYNC(r5, 0xcd60441a, &(0x7f0000000240)=0x2) ioctl$DIOCMAP(r2, 0xc0106477, &(0x7f0000000100)={&(0x7f0000000040)='./bus\x00', r5}) dup2(r2, r3) open(&(0x7f00000000c0)='./bus\x00', 0x1, 0x0) 19:09:35 executing program 0: kqueue() syz_emit_ethernet(0x137, &(0x7f0000000180)=ANY=[@ANYBLOB="f7ffffffffffaaaaaaaaaabb810016000800421601250068011f08039078000000007f000001940600000009940600000008070f807f000001ffffffff7f0000014418ae8000000101000000000000800100000009000094730051ee288581ff28556b1650e26a4dd0163031b9ca2116355c94b6dcb8b670484646524b9e9c66cc7cd561790c230b84c79b03eb2227d5dc1474a46c52f607ab1bc1e9a74100ec411c105c8ba9f4a4a01f98a30dc42e0b512af5b64bf8a5570705b41f5454e68446d275d74e6d3935cf0107418c700589371afea17a6191fddaf48ad611c6e4ef4f4edbf1590eddf3eefdcf2d54b1e0c949af3ffe5071382eaef8d0e73e518f0723b2113017769cbc86e464651fb3054f010000803c975ad24c388bd9fb68a994144877c2196e2a36f52e75693768f574c77a6b29264695"]) r0 = openat$pf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0xa, r0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x2, 0x0) write(r2, &(0x7f0000000140)="220e22", 0x3) clock_gettime(0x3, &(0x7f0000000080)) kqueue() pwritev(r2, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xff20}], 0x100000000000005e, 0x0, 0x0) ioctl$LIOCSFD(r1, 0x80046c7f, &(0x7f0000000000)=r2) 19:09:35 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000280)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000100)={0x4, &(0x7f0000000080)=[{0x10001, 0x0, 0x0, 0x7ff}, {0x3c}, {}, {0x6}]}) munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000) syz_emit_ethernet(0x253, &(0x7f0000000000)) 19:09:35 executing program 1: syz_emit_ethernet(0x92, &(0x7f0000000040)={@random="d54017726c43", @remote, [], {@ipv4={0x800, {{0x19, 0x4, 0x0, 0x0, 0x84, 0x65, 0x5, 0x1f, 0x50, 0x0, @multicast2, @empty, {[@ssrr={0x89, 0x13, 0x6, [@multicast2, @empty, @rand_addr=0xe35, @empty]}, @ssrr={0x89, 0x1b, 0x7, [@loopback, @multicast2, @remote={0xac, 0x14, 0x0}, @remote={0xac, 0x14, 0x0}, @multicast2, @local={0xac, 0x14, 0x0}]}, @ra={0x94, 0x6, 0x7f}, @ra={0x94, 0x6, 0x40}, @lsrr={0x83, 0x13, 0x7, [@local={0xac, 0x14, 0x0}, @multicast1, @remote={0xac, 0x14, 0x0}, @broadcast]}]}}, @icmp=@dest_unreach={0x3, 0x6, 0x0, 0x0, 0xcd, 0x1, {0x5, 0x4, 0x3, 0x3, 0x0, 0x64, 0xf37, 0x6, 0xff, 0x80, @local={0xac, 0x14, 0x0}, @rand_addr=0x4d62}, "40b15cd2"}}}}}) 19:09:35 executing program 0: ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, &(0x7f00000000c0)={0x0, &(0x7f0000000300)}) r0 = socket(0x2, 0x3, 0x0) r1 = socket(0x2, 0x3, 0x0) kqueue() fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) socket(0x10, 0x8000, 0x0) fcntl$dupfd(0xffffffffffffffff, 0xa, 0xffffffffffffffff) shutdown(r0, 0x1) r2 = fcntl$dupfd(r0, 0x0, r0) ioctl$FIONREAD(0xffffffffffffffff, 0x4004667f, &(0x7f0000000000)) ioctl$TIOCFLUSH(r2, 0xc0106924, &(0x7f00000000c0)=0x8006e) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) ioctl$VMM_IOC_RESETCPU(0xffffffffffffffff, 0x82405605, &(0x7f0000000340)={0x7ff, 0x0, {[0xa, 0xfdfdffff, 0x6, 0x80000001, 0xffffffffffffffff, 0x200000000, 0x200, 0xbf1, 0x0, 0x10000, 0x4000000000, 0x0, 0x4000000000000001, 0x70b4b8fa, 0x0, 0x8001], [0x100000001, 0xfffffffffffffffd, 0x8, 0x0, 0x2, 0x0, 0x81, 0x0, 0x40002, 0x20000006], [0x0, 0x0, 0x7fff, 0x2, 0x4, 0x0, 0x20000], [0x795, 0xfffffffffffffffe, 0x4, 0x76d, 0x81, 0x1001], [{0x0, 0x20800002, 0x0, 0x6}, {0xf203, 0x0, 0xfffffffc}, {0x1f, 0x1, 0x10001}, {0x3, 0x1, 0x3, 0x4}, {0x1, 0x1, 0x0, 0x4}, {0x7f65, 0x5, 0x5ca443f8, 0x3ff}, {0xfffd, 0x0, 0xffffffff, 0x1}, {0x0, 0x7f, 0x5}], {0x0, 0xfffffffd, 0x7140, 0x20000000000}, {0x403, 0x5, 0x4000, 0x974}}}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r3 = socket(0x18, 0x2, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = socket(0x18, 0x2, 0x0) r6 = fcntl$dupfd(r5, 0x0, r2) ioctl$TIOCFLUSH(r6, 0x81206919, &(0x7f0000000300)) ioctl$TIOCFLUSH(r4, 0x8080691a, &(0x7f0000000300)) 19:09:35 executing program 1: sysctl$net_inet_ipip(&(0x7f0000000040)={0x4, 0x2, 0x11, 0x1}, 0x4, &(0x7f0000000000)="00000000cd324371de0fac7600", &(0x7f0000000100)=0xd, &(0x7f0000000440)="009519608b8d5b0ca281872ead6b23002558fd2ab17a078941a2f891c3c6ce16dfb7b2b7bf41163cb3098759ef8745b7ba5ad72e73f6ee8944b7751a0c4b7b812ae80b027786d65084fa9834372b7e6061e2bc951b6c7a74f74f9ef541f2fccb1ffe89dcda9f8d58ea54082ad9c412f3ee39f519bacea99fa0d0bb17399f34f3058f2c9cf7cfd6d5c568cf3c463fa15eff76b793739f3f7d2336c662e260739d146816e5c2438fbadc828b43b3c63128fba7cc7105662109a5b38d439e94e96871e4b43ba14dcce8d3a777ea74072d66a58f9dc045e7bed9a45ecb16b9112304b693ac87bae335c0b58b68fd9692aaca4b084b3c508c017438bc773481f9018e90dfe2ae3a32bce2fedb948c2e02e31591657285a97ce9d6ba7f133cb74aa1027952199b8f7293e49f292320844b79efbd73ea5b390d00229b86085907814e8f353a92de22aa3b7ae0c07c03366ab83774957ef320422d24ab62e325e7290817cd1e4cf245a42dcd8204663c32f92b4e700619de2f6de3bbed77d3553eea4ee2ec1f085a550000000000000000000080ddfda7a965587c91f098a5c8036ad18cc91092d64a180cd7a129ea1ae32de066e6a8e2fdf1c2c7e6a97647282d54e5ee421b123df2256c6a9d732c5020f48d48660616a7b3674f5b17f4657e31aa332c508566b5d493a1c4f0e614c83c7ece3838ead0387d317916aa2b", 0x1fa) r0 = open(&(0x7f0000000040)='./bus\x00', 0x2, 0x0) write(r0, &(0x7f0000000140)="220e22", 0x3) pwritev(r0, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xff20}], 0x100000000000005e, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xfffffffffffffd13) setregid(0xffffffffffffffff, r1) r2 = getuid() lchown(&(0x7f0000000040)='./file0\x00', r2, 0x0) setreuid(0xee00, r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r3, 0xffff, 0x1022, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xfffffffffffffd13) setregid(0xffffffffffffffff, r4) r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x2, 0x0) r6 = getpgrp() fcntl$setown(r5, 0x6, r6) r7 = open$dir(&(0x7f0000000080)='./file0\x00', 0x2, 0x0) r8 = getpgrp() fcntl$setown(r7, 0x6, r8) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{0x7f, 0x0, r1, r2, r4, 0x3}, 0x2, 0x8001, r6, r8, 0x2, 0xffffffffffff0000, 0x3, 0xff}) ioctl$BIOCGHDRCMPLT(r0, 0x40044274, &(0x7f0000000080)) 19:09:35 executing program 0: mknod(&(0x7f0000000040)='./bus\x00', 0x800080002002, 0x0) r0 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) r1 = kqueue() r2 = open(&(0x7f0000000000)='./bus\x00', 0x20000, 0x10) r3 = getpid() kevent(r1, &(0x7f0000000080), 0x5, 0x0, 0x0, 0x0) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './bus\x00'}, 0x8) ioctl$WSMOUSEIO_GCALIBCOORDS(r2, 0x41205725, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}) close(r0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) ktrace(&(0x7f0000000380)='./bus\x00', 0x2, 0x0, r3) ioctl$WSKBDIO_GETENCODING(r5, 0x4004570f, &(0x7f0000000240)) sendto(r4, &(0x7f0000000280)="b9b0eed8cc7b9b35445a055be5d3e4c6dbf3ed302cb2af268c75748496d738f74007b7ee6ad3f12b4353a523eb90bbd229f9d0df7eae8bfc800cb3e38b502017f1", 0x41, 0x4, &(0x7f0000000300)=@in6={0x18, 0x3, 0x100, 0x7ff}, 0xc) 19:09:35 executing program 1: openat$wsmuxkbd(0xffffffffffffff9c, &(0x7f0000000000)='/dev/wskbd\x00', 0x8000, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @icmp=@timestamp={0x16}}}}}) socket(0x23, 0x4, 0x4) 19:09:35 executing program 0: r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x2, 0x0) r1 = getpgrp() fcntl$setown(r0, 0x6, r1) getpgid(r1) getrlimit(0x9, 0x0) pckbd_enable: command error 19:09:37 executing program 1: r0 = socket(0x2, 0x4003, 0x0) setsockopt(r0, 0x0, 0x7, &(0x7f0000000140)="0122c18a", 0x4) setsockopt(r0, 0x0, 0x1e, &(0x7f0000000000)="01003fc3d98d516f4d4a10a18a", 0xd) setsockopt$sock_int(r0, 0xffff, 0x100c, &(0x7f0000000180)=0x1, 0xfffffffffffffd19) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r2 = socket(0x2, 0x3, 0x0) connect$unix(r2, &(0x7f0000000780)=ANY=[@ANYBLOB="8202adfdffffffff"], 0x10) dup2(r2, r1) r3 = dup(r1) sendto$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x39) 19:09:37 executing program 0: mknod(&(0x7f0000000100)='./bus\x00', 0x2005, 0x8000000000005200) r0 = open$dir(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) r1 = openat$pf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pf\x00', 0x2, 0x0) ioctl$FIOASYNC(r1, 0xcd60441a, &(0x7f0000000240)=0x6) r2 = dup(r1) fchmodat(r2, &(0x7f0000000000)='./bus\x00', 0x62, 0x2) read(r0, &(0x7f0000000040)=""/47, 0x14) 19:09:37 executing program 0: mknod(&(0x7f0000000100)='./bus\x00', 0x2000, 0x202) r0 = kqueue() acct(&(0x7f0000000040)='./bus\x00') r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) rmdir(&(0x7f0000000080)='./bus\x00') kevent(r0, &(0x7f00000001c0)=[{{r1}, 0xfffffffffffffffc, 0x25f12e15719981ed}], 0x913e, 0x0, 0x10000, 0x0) 19:09:37 executing program 1: ioctl$VMM_IOC_WRITEREGS(0xffffffffffffffff, 0x82485608, &(0x7f0000000240)={0x0, 0x0, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1fd], [0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff, 0xbf7fffffffffffff], [0x0, 0x0, 0x401, 0x0, 0x81, 0x400000000000], [{}, {0x0, 0x7}, {}, {}, {0x0, 0x0, 0x0, 0x2}], {}, {0x2}}}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCFLUSH(r1, 0x8080691a, &(0x7f0000000300)) 19:09:37 executing program 1: r0 = syz_open_pts() syz_open_pts() fcntl$lock(r0, 0x9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100000100}) fcntl$lock(r0, 0x8, &(0x7f0000000040)={0x3, 0x0, 0xffffffffffffffff, 0x2000300000000}) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000200)={0x3, 0x0, 0xfffffffffffffffd, 0x2000300000001}) 19:09:37 executing program 0: mknod(&(0x7f0000000100)='./bus\x00', 0x2000, 0x86139) kevent(0xffffffffffffffff, &(0x7f0000000180)=[{{}, 0x0, 0x0, 0x0, 0x0, 0x81}], 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x5, 0x0) write(r0, &(0x7f0000000040)="670dc3", 0x3) write(r0, &(0x7f0000000000)="0991d2d0ffffffffff", 0x9) pwritev(r0, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xff20}], 0x100000000000005e, 0x0, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x2, 0x0) r2 = getpgrp() fcntl$setown(r1, 0x6, r2) open(&(0x7f0000000140)='./file0\x00', 0x201, 0x1) openat(r1, &(0x7f00000000c0)='./bus\x00', 0x800, 0x9) 19:09:37 executing program 1: setrlimit(0x8, &(0x7f0000000040)={0x7, 0x95}) r0 = syz_open_pts() close(r0) syz_open_pts() r1 = open(&(0x7f0000000040)='./bus\x00', 0x2, 0x0) write(r1, &(0x7f0000000140)="220e22", 0x3) pwritev(r1, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xff20}], 0x100000000000005e, 0x0, 0x0) ioctl$BIOCGDIRFILT(r1, 0x4004427c, &(0x7f0000000080)) ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f00000000c0)={0xfffffffe, 0x0, 0x7, 0xfffffffffffffff9, "73f300070060c3dce5081af659b0d7317a117c00"}) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000280)="0200"/13, 0xd}], 0x1) panic: receive 1a: so 0xfffffd806315d000, so_type 3, m 0xfffffd805727cb00, m_type 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *520132 82879 0 0 0 0 dhclient db_enter() at db_enter+0x18 panic(ffffffff823d3dee) at panic+0x164 soreceive(fffffd806315d000,0,ffff80001d6e55f8,0,0,ffff80001d6e5504) at soreceive+0x170a soo_read(fffffd8062bf37f8,ffff80001d6e55f8,0) at soo_read+0x53 dofilereadv(ffff80001d6a9278,6,ffff80001d6e55f8,0,ffff80001d6e56e0) at dofilereadv+0x1a1 sys_read(ffff80001d6a9278,ffff80001d6e5690,ffff80001d6e56e0) at sys_read+0x83 syscall(ffff80001d6e5760) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffface0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic receive 1a: so 0xfffffd806315d000, so_type 3, m 0xfffffd805727cb00, m_type 0 ddb> trace db_enter() at db_enter+0x18 panic(ffffffff823d3dee) at panic+0x164 soreceive(fffffd806315d000,0,ffff80001d6e55f8,0,0,ffff80001d6e5504) at soreceive+0x170a soo_read(fffffd8062bf37f8,ffff80001d6e55f8,0) at soo_read+0x53 dofilereadv(ffff80001d6a9278,6,ffff80001d6e55f8,0,ffff80001d6e56e0) at dofilereadv+0x1a1 sys_read(ffff80001d6a9278,ffff80001d6e5690,ffff80001d6e56e0) at sys_read+0x83 syscall(ffff80001d6e5760) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffface0, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80001d6e5340 rbx 0xffff80001d6e53f0 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffff80001d6e5300 r9 0xffffffff817fa6cf kprintf+0x15f r10 0x1 r11 0xb26d4c4b0d2948b4 r12 0x3000000008 r13 0xffff80001d6e5350 r14 0x100 r15 0x1 rip 0xffffffff81e60e68 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001d6e5330 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (dhclient) pid=520132 stat=onproc flags process=0 proc=0 pri=24, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6aa5f8,0xffff80001d6a94f8 process=0xffff80001d6c4af0 user=0xffff80001d6e0000, vmspace=0xfffffd806bc0a000 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 24259 483684 87282 0 2 0 syz-executor.0 24259 2132 87282 0 2 0x4000000 syz-executor.0 7909 393753 31002 0 3 0x82 nanosleep syz-executor.1 87282 431438 31002 0 3 0x82 nanosleep syz-executor.0 31002 192590 61190 0 3 0x82 kqread syz-fuzzer 31002 356641 61190 0 3 0x4000082 thrsleep syz-fuzzer 31002 485463 61190 0 3 0x4000082 thrsleep syz-fuzzer 31002 302173 61190 0 3 0x4000082 thrsleep syz-fuzzer 31002 267023 61190 0 3 0x4000082 thrsleep syz-fuzzer 31002 72268 61190 0 3 0x4000082 thrsleep syz-fuzzer 61190 102939 42571 0 3 0x10008a pause ksh 42571 367283 86585 0 3 0x92 select sshd 88882 349125 1 0 3 0x100083 ttyin getty 86585 173726 1 0 3 0x80 select sshd 30617 47713 19748 73 3 0x100090 kqread syslogd 19748 384164 1 0 3 0x100082 netio syslogd 42290 151182 1 77 2 0x100010 dhclient *82879 520132 1 0 7 0 dhclient 44705 349885 0 0 3 0x14200 bored smr 78861 26076 0 0 2 0x14200 zerothread 38889 427493 0 0 3 0x14200 aiodoned aiodoned 41053 389204 0 0 3 0x14200 syncer update 1782 145299 0 0 3 0x14200 cleaner cleaner 85256 133849 0 0 3 0x14200 reaper reaper 78756 126175 0 0 3 0x14200 pgdaemon pagedaemon 61712 148195 0 0 3 0x14200 bored crynlk 6978 284410 0 0 3 0x14200 bored crypto 91777 51230 0 0 3 0x40014200 acpi0 acpi0 75638 92800 0 0 3 0x14200 bored softnet 37776 175587 0 0 3 0x14200 bored systqmp 94991 86247 0 0 3 0x14200 bored systq 8227 376545 0 0 3 0x40014200 bored softclock 38962 361469 0 0 3 0x40014200 idle0 1 150391 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9454 6326K 6452K 78643K 10568 0 pcb 13 8K 8K 78643K 19 0 rtable 109 3K 3K 78643K 199 0 ifaddr 45 10K 10K 78643K 48 0 counters 21 16K 16K 78643K 21 0 ioctlops 0 0K 4K 78643K 25 0 iov 0 0K 2K 78643K 10 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1234 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 3 0 VM map 2 0K 0K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 55 0 proc 48 38K 54K 78643K 359 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 37 2K 2K 78643K 41 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 31 148K 148K 78643K 31 0 exec 0 0K 1K 78643K 183 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 118 22K 22K 78643K 975 0 UVM aobj 7 2K 2K 78643K 7 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 6 0K 0K 78643K 12 0 temp 66 3847K 3911K 78643K 1806 0 kqueue 3 4K 8K 78643K 5 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 49 0 3 2 0 2 2 0 8 0 unpcb 120 37 0 29 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 65 0 65 1 0 1 1 0 8 1 tcpcb 544 10 0 6 1 0 1 1 0 8 0 inpcb 296 46 0 39 2 0 2 2 0 8 1 nd6 48 8 0 1 1 0 1 1 0 8 0 pfrule 1360 1 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 48 0 7 1 0 1 1 0 8 0 shmpl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1448 0 52 88 0 88 88 0 8 0 ffsino 240 1448 0 52 83 0 83 83 0 8 0 nchpl 144 1704 0 100 60 0 60 60 0 8 0 uvmvnodes 72 1497 0 0 28 0 28 28 0 8 0 vnodes 208 1497 0 0 79 0 79 79 0 8 0 namei 1024 4220 0 4220 1 0 1 1 0 8 1 scxspl 192 4678 0 4678 1 0 1 1 0 8 1 plimitpl 152 16 0 8 1 0 1 1 0 8 0 sigapl 424 241 0 213 4 0 4 4 0 8 0 futexpl 56 426 0 426 1 0 1 1 0 8 1 knotepl 112 64 0 44 1 0 1 1 0 8 0 kqueuepl 144 12 0 10 1 0 1 1 0 8 0 pipepl 272 79 0 68 2 0 2 2 0 8 1 fdescpl 432 227 0 213 2 0 2 2 0 8 0 filepl 120 1158 0 1060 4 0 4 4 0 8 1 lockfpl 104 14 0 13 1 0 1 1 0 8 0 lockfspl 48 6 0 5 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 70 0 63 1 0 1 1 0 8 0 zombiepl 144 213 0 212 1 0 1 1 0 8 0 processpl 928 241 0 212 4 0 4 4 0 8 0 procpl 624 271 0 236 3 0 3 3 0 8 0 sockpl 400 102 0 85 3 0 3 3 0 8 1 mcl4k 4096 10 0 10 2 1 1 1 0 8 1 mcl2k 2048 91400 0 91356 17 3 14 15 0 8 6 mtagpl 96 2 0 2 1 1 0 1 0 8 0 mbufpl 256 144455 0 144369 11 1 10 10 0 8 0 bufpl 280 3241 0 116 224 0 224 224 0 8 0 anonpl 16 39232 0 22743 69 1 68 68 0 107 1 amapchunkpl 152 1110 0 921 10 0 10 10 0 158 1 amappl16 192 1050 0 199 44 0 44 44 0 8 1 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 10 0 7 1 0 1 1 0 8 0 amappl13 168 40 0 34 1 0 1 1 0 8 0 amappl12 160 39 0 34 1 0 1 1 0 8 0 amappl11 152 46 0 36 1 0 1 1 0 8 0 amappl10 144 15 0 10 1 0 1 1 0 8 0 amappl9 136 362 0 360 1 0 1 1 0 8 0 amappl8 128 295 0 266 1 0 1 1 0 8 0 amappl7 120 102 0 92 1 0 1 1 0 8 0 amappl6 112 25 0 22 1 0 1 1 0 8 0 amappl5 104 161 0 149 1 0 1 1 0 8 0 amappl4 96 424 0 395 1 0 1 1 0 8 0 amappl3 88 116 0 108 1 0 1 1 0 8 0 amappl2 80 947 0 882 2 0 2 2 0 8 0 amappl1 72 13835 0 13418 21 5 16 17 0 8 6 amappl 80 521 0 469 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 6 0 0 1 0 1 1 0 8 0 uaddrrnd 24 227 0 213 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 227 0 213 1 0 1 1 0 8 0 vmmpekpl 168 5751 0 5722 2 0 2 2 0 8 0 vmmpepl 168 35384 0 33442 119 1 118 118 0 357 28 vmsppl 272 226 0 213 2 0 2 2 0 8 1 pdppl 4096 460 0 426 6 0 6 6 0 8 1 pvpl 32 131698 0 112263 165 0 165 165 0 265 7 pmappl 200 226 0 213 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 238 0 7 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 panic(ffffffff823d3dee) at panic+0x164 soreceive(fffffd806315d000,0,ffff80001d6e55f8,0,0,ffff80001d6e5504) at soreceive+0x170a soo_read(fffffd8062bf37f8,ffff80001d6e55f8,0) at soo_read+0x53 dofilereadv(ffff80001d6a9278,6,ffff80001d6e55f8,0,ffff80001d6e56e0) at dofilereadv+0x1a1 sys_read(ffff80001d6a9278,ffff80001d6e5690,ffff80001d6e56e0) at sys_read+0x83 syscall(ffff80001d6e5760) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffface0, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 panic(ffffffff823d3dee) at panic+0x164 soreceive(fffffd806315d000,0,ffff80001d6e55f8,0,0,ffff80001d6e5504) at soreceive+0x170a soo_read(fffffd8062bf37f8,ffff80001d6e55f8,0) at soo_read+0x53 dofilereadv(ffff80001d6a9278,6,ffff80001d6e55f8,0,ffff80001d6e56e0) at dofilereadv+0x1a1 sys_read(ffff80001d6a9278,ffff80001d6e5690,ffff80001d6e56e0) at sys_read+0x83 syscall(ffff80001d6e5760) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffface0, count: -8