last executing test programs: 788.814538ms ago: executing program 1 (id=2088): mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x7, 0x410, 0xffffffffffffffff, 0x100000005) 772.0709ms ago: executing program 1 (id=2091): __semctl$IPC_STAT(0x0, 0x0, 0x2, 0xfffffffffffffffe) 749.085148ms ago: executing program 1 (id=2092): openat$crypto(0xffffffffffffff9c, &(0x7f0000000080), 0xd00, 0x0) 723.891817ms ago: executing program 1 (id=2094): setpriority(0x1, 0x0, 0xffffffffffffffcd) 723.720843ms ago: executing program 1 (id=2095): fhstat(&(0x7f0000000140)={{[0x7100ff00, 0x33ea9983]}, {0x800, 0xf, "0008000000000e00eeffffffaf6c80f8"}}, 0x0) 716.567889ms ago: executing program 1 (id=2096): sigtimedwait(&(0x7f0000000200)={[0x686, 0x6, 0x800007, 0x1]}, 0x0, &(0x7f0000000100)={0x2, 0xb0}) 151.937306ms ago: executing program 3 (id=2164): r0 = socket$inet6_icmp_raw(0x1c, 0x3, 0x3a) sendmsg$inet6_sctp(r0, &(0x7f0000000b40)={&(0x7f00000000c0)=@in={0x10, 0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000a80)=[@dstaddrv6={0x1c, 0x84, 0xa, @mcast2}], 0x1c, 0x8}, 0x100) 151.738896ms ago: executing program 0 (id=2165): r0 = socket(0x26, 0x2, 0x0) readv(r0, 0x0, 0x0) 132.313849ms ago: executing program 3 (id=2167): r0 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_int(r0, 0xffff, 0x1023, 0x0, &(0x7f0000000080)) 132.184113ms ago: executing program 0 (id=2168): r0 = socket$inet_sctp(0x2, 0x5, 0x84) fspacectl(r0, 0x1, &(0x7f0000000080)={0x7, 0x7cfe1424}, 0x0, 0x0) 131.975929ms ago: executing program 2 (id=2169): procctl$PROC_REAP_STATUS(0x0, 0x0, 0x4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0}) sigqueue(r0, 0x35, @sigval_int=0x9dea) 123.481483ms ago: executing program 3 (id=2170): r0 = socket(0x2, 0x2, 0x0) sendmsg$inet6_sctp(r0, &(0x7f0000000800)={&(0x7f0000000100)=@in={0x10, 0x2, 0x1}, 0x10, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="13000000000000005b"], 0x14}, 0x0) 110.702153ms ago: executing program 2 (id=2171): r0 = socket$inet6(0x1c, 0x3, 0x0) setsockopt$inet6_int(r0, 0x29, 0x26, &(0x7f0000000080)=0x9bb4, 0x4) 110.325293ms ago: executing program 0 (id=2172): syz_emit_ethernet(0x2a, &(0x7f0000000240)={@random="03cb00", @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x65, 0x0, 0x1, 0x2, 0x0, @rand_addr=0x1000, @multicast2}, @icmp=@generic={0x13, 0x2, 0x0, "423dcc0b"}}}}}) 95.97224ms ago: executing program 3 (id=2173): r0 = socket$unix(0x1, 0x5, 0x0) shutdown(r0, 0x0) 95.656664ms ago: executing program 2 (id=2174): r0 = socket(0x26, 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, 0x0, &(0x7f00000000c0)) 87.393025ms ago: executing program 0 (id=2175): syz_emit_ethernet(0x2a, &(0x7f0000000000)={@broadcast, @empty, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x0, @local, @multicast1, @empty, @local}}}}) 82.323931ms ago: executing program 3 (id=2176): r0 = open(&(0x7f0000000200)='./bus\x00', 0x10537e, 0x0) sendfile(r0, r0, 0x0, 0x100000001, 0x0, 0x0, 0x10) 36.092952ms ago: executing program 2 (id=2177): r0 = kqueue() kevent(r0, &(0x7f00000005c0)=[{0x5, 0xfffffffffffffff9, 0x8087, 0x400, 0x1f, 0x854, [0x2, 0x0, 0x7, 0x400]}], 0x1, &(0x7f0000000100)=[{}], 0x1, 0x0) 22.505183ms ago: executing program 0 (id=2178): symlink(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00') lpathconf(&(0x7f00000004c0)='./file0\x00', 0x2) 6.764459ms ago: executing program 2 (id=2179): setsockopt$inet6_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000000)={0x7, 0x5, 0x10, 0x80000001, 0x206, 0x2, 0x8000, 0x1}, 0x20) sigaltstack(&(0x7f0000000000/0x3000)=nil, 0x0) 211.563µs ago: executing program 3 (id=2180): r0 = open$dir(&(0x7f0000000280)='.\x00', 0x80, 0x0) getdirentries(r0, 0x0, 0x0, &(0x7f0000000380)) 69.102µs ago: executing program 0 (id=2181): setresuid(0x0, 0xee01, 0x0) setresuid(0x0, 0x0, 0xffffffffffffffff) 0s ago: executing program 2 (id=2182): openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200201, 0x0) lpathconf(&(0x7f0000000140)='./file0\x00', 0x3d) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts. if_delmulti_locked: detaching ifnet instance 0xfffffe0058589000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058589000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058589000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058589000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058589000 if_delmulti_locked: detaching ifnet instance 0xfffffe0058589000 WARNING pid 933 (syz-executor): ioctl sign-extension ioctl 200000040184567 Jul 23 17:08:58 ci-freebsd-main-5 kernel: attempted source route from 172.20.3.187 to 224.0.0.1 WARNING pid 1274 (syz-executor): ioctl sign-extension ioctl 2000004218456b syz-executor uses obsolete way to create divert(4) socket Jul 23 17:09:03 ci-freebsd-main-5 kernel: nd6_na_input: duplicate IP6 address fe80:6::3aa WARNING pid 1583 (syz-executor): ioctl sign-extension ioctl 200000040184567 WARNING pid 1600 (syz-executor): ioctl sign-extension ioctl 200000040184567 WARNING pid 1619 (syz-executor): ioctl sign-extension ioctl 1a004a684 Jul 23 17:09:04 ci-freebsd-main-5 kernel: attempted source route from 172.20.2.170 to 172.20.2.170 Jul 23 17:09:04 ci-freebsd-main-5 kernel: attempted source route from 172.20.2.187 to 224.0.0.1 syz-executor uses obsolete way to create divert(4) socket WARNING pid 2098 (syz-executor): ioctl sign-extension ioctl 2000004218456b Jul 23 17:09:09 ci-freebsd-main-5 kernel: arp: 00:00:00:00:00:00 is using my IP address 172.20.3.170 on tap3! Jul 23 17:09:09 ci-freebsd-main-5 kernel: attempted source route from 172.20.0.187 to 224.0.0.1 Jul 23 17:09:10 ci-freebsd-main-5 kernel: nd6_na_input: duplicate IP6 address fe80:4::aa arp: 00:00:00:00:00:00 attempts to modify permanent entry for 172.20.0.187 on tap0 FreeBSD/amd64 (ci-freebsd-main-5.us-central1-b.c.syzkaller.internal) (ttyu0) login: nd6_na_input: duplicate IP6 address fe80:4::aa Connection to 10.128.1.45 closed by remote host. arp: 4c:6f:a5:7c:30:6b attempts to modify permanent entry for 172.20.2.187 on tap2 FreeBSD/amd64 (ci-freebsd-main-5.us-central1-b.c.syzkaller.internal) (ttyu0) login: WARNING pid 2389 (syz-executor): ioctl sign-extension ioctl b43e6306628980ca UDP6: M_MCAST is set in a unicast packet. attempted source route from 172.20.3.170 to 172.20.3.170 WARNING pid 2499 (syz-executor): ioctl sign-extension ioctl 200000004000453b arp: 00:00:00:00:00:00 attempts to modify permanent entry for 172.20.3.187 on tap3 FreeBSD/amd64 (ci-freebsd-main-5.us-central1-b.c.syzkaller.internal) (ttyu0) login: arp: packet with unknown hardware format 0x07 received on tap3 tap1: cannot pullup VLAN header arp: packet with short header received on tap2 FreeBSD/amd64 (ci-freebsd-main-5.us-central1-b.c.syzkaller.internal) (ttyu0) login: 1970-01-01T09:06:13.877166+00:00 ci-freebsd-main-5.us-central1-b.c.syzkaller.internal init 2968 - - getty repeating too quickly on port /dev/ttyv2, sleeping 30 secs 1970-01-01T09:06:13.884928+00:00 ci-freebsd-main-5.us-central1-b.c.syzkaller.internal init 2971 - - getty repeating too quickly on port /dev/ttyv1, sleeping 30 secs 1970-01-01T09:06:13.933829+00:00 ci-freebsd-main-5.us-central1-b.c.syzkaller.internal init 2976 - - getty repeating too quickly on port /dev/ttyv3, sleeping 30 secs 1970-01-01T09:06:13.952962+00:00 ci-freebsd-main-5.us-central1-b.c.syzkaller.internal init 2978 - - getty repeating too quickly on port /dev/ttyv6, sleeping 30 secs arp: short packet received on tap3 pid 3073 (syz-executor), jid 0, uid 0: exited on signal 4 (no core dump - too large) VNASSERT failed: nresid != oresid || *(a)->a_eofflag == 1 not true at vnode_if.c:1824 (VOP_READDIR_APV) 0xfffffe006e4e51b8: type VDIR state VSTATE_CONSTRUCTED op 0xffffffff83712bc0 usecount 2, writecount 0, refcount 2 seqc users 0 mountedhere 0 hold count flags () flags (VMP_LAZYLIST) v_object 0xfffffe00540f20f8 ref 0 pages 0 cleanbuf 0 dirtybuf 1 lock type ufs: SHARED (count 1) nlink=2, effnlink=2, size=512, extsize 0 generation=45f828a2, uid=0, gid=0, flags=0x0 ino 723, on dev gpt/rootfs panic: VOP_READDIR: eofflag not set cpuid = 1 time = 32775 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056cd04b0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056cd0610 vpanic() at vpanic+0x257/frame 0xfffffe0056cd07d0 panic() at panic+0xb5/frame 0xfffffe0056cd0890 VOP_READDIR_APV() at VOP_READDIR_APV+0x4ab/frame 0xfffffe0056cd0990 kern_getdirentries() at kern_getdirentries+0x6f8/frame 0xfffffe0056cd0c50 sys_getdirentries() at sys_getdirentries+0xb6/frame 0xfffffe0056cd0d10 amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056cd0f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056cd0f30 --- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a1afa, rsp = 0x822a89f08, rbp = 0x822a89f80 --- KDB: enter: panic [ thread pid 3132 tid 102331 ] Stopped at kdb_enter+0x6e: movq $0,0x25c5097(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0074200000 rdx 0x7ffff rbx 0xffffffff827c9a00 .str.27 rsp 0xfffffe0056cd05f0 rbp 0xfffffe0056cd0610 rsi 0x80001 rdi 0xffffffff81613ec9 printf+0x149 r8 0 r9 0xffffffff r10 0x1 r11 0xfffffe0054110550 r12 0xfffffe0054110000 r13 0xfffffffffffffffd r14 0xffffffff827c9a00 .str.27 r15 0 rip 0xffffffff815fd9fe kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25c5097(%rip) db>