kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu Feb 4 05:04:19 PST 2021 OpenBSD/amd64 (ci-openbsd-main-6.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. 2021/02/04 05:04:31 fuzzer started 2021/02/04 05:04:35 dialing manager at 10.128.15.235:2224 2021/02/04 05:04:35 syscalls: 383 2021/02/04 05:04:35 code coverage: enabled 2021/02/04 05:04:35 comparison tracing: enabled 2021/02/04 05:04:35 extra coverage: enabled 2021/02/04 05:04:35 setuid sandbox: enabled 2021/02/04 05:04:35 namespace sandbox: support is not implemented in syzkaller 2021/02/04 05:04:35 Android sandbox: support is not implemented in syzkaller 2021/02/04 05:04:35 fault injection: support is not implemented in syzkaller 2021/02/04 05:04:35 leak checking: support is not implemented in syzkaller 2021/02/04 05:04:35 net packet injection: enabled 2021/02/04 05:04:35 net device setup: support is not implemented in syzkaller 2021/02/04 05:04:35 concurrency sanitizer: support is not implemented in syzkaller 2021/02/04 05:04:35 devlink PCI setup: support is not implemented in syzkaller 2021/02/04 05:04:35 USB emulation: support is not implemented in syzkaller 2021/02/04 05:04:35 hci packet injection: support is not implemented in syzkaller 2021/02/04 05:04:35 wifi device emulation: support is not implemented in syzkaller 2021/02/04 05:04:35 fetching corpus: 0, signal 0/2000 (executing program) 2021/02/04 05:04:35 fetching corpus: 50, signal 10978/14832 (executing program) 2021/02/04 05:04:35 fetching corpus: 100, signal 16955/22629 (executing program) 2021/02/04 05:04:35 fetching corpus: 150, signal 21991/29396 (executing program) 2021/02/04 05:04:35 fetching corpus: 200, signal 24317/33507 (executing program) 2021/02/04 05:04:35 fetching corpus: 250, signal 31075/41768 (executing program) 2021/02/04 05:04:35 fetching corpus: 300, signal 38444/50587 (executing program) 2021/02/04 05:04:35 fetching corpus: 350, signal 48044/61431 (executing program) 2021/02/04 05:04:35 fetching corpus: 400, signal 49804/64801 (executing program) 2021/02/04 05:04:35 fetching corpus: 450, signal 54102/70480 (executing program) 2021/02/04 05:04:35 fetching corpus: 500, signal 60308/77877 (executing program) 2021/02/04 05:04:35 fetching corpus: 550, signal 63312/82183 (executing program) 2021/02/04 05:04:35 fetching corpus: 600, signal 67323/87398 (executing program) 2021/02/04 05:04:35 fetching corpus: 650, signal 69213/90652 (executing program) 2021/02/04 05:04:35 fetching corpus: 700, signal 71321/94047 (executing program) 2021/02/04 05:04:35 fetching corpus: 750, signal 76891/100478 (executing program) 2021/02/04 05:04:35 fetching corpus: 800, signal 81779/106334 (executing program) 2021/02/04 05:04:35 fetching corpus: 850, signal 84099/109780 (executing program) 2021/02/04 05:04:35 fetching corpus: 900, signal 86447/113227 (executing program) 2021/02/04 05:04:35 fetching corpus: 950, signal 87641/115663 (executing program) 2021/02/04 05:04:36 fetching corpus: 1000, signal 90029/119145 (executing program) 2021/02/04 05:04:36 fetching corpus: 1050, signal 91074/121408 (executing program) 2021/02/04 05:04:36 fetching corpus: 1100, signal 94970/126028 (executing program) 2021/02/04 05:04:36 fetching corpus: 1150, signal 96278/128495 (executing program) 2021/02/04 05:04:36 fetching corpus: 1200, signal 96926/130378 (executing program) 2021/02/04 05:04:36 fetching corpus: 1250, signal 100604/134784 (executing program) 2021/02/04 05:04:36 fetching corpus: 1300, signal 102735/137822 (executing program) 2021/02/04 05:04:36 fetching corpus: 1350, signal 105158/141066 (executing program) 2021/02/04 05:04:36 fetching corpus: 1400, signal 106033/143042 (executing program) 2021/02/04 05:04:36 fetching corpus: 1450, signal 107537/145506 (executing program) 2021/02/04 05:04:36 fetching corpus: 1500, signal 108827/147797 (executing program) 2021/02/04 05:04:36 fetching corpus: 1550, signal 114268/153370 (executing program) 2021/02/04 05:04:36 fetching corpus: 1600, signal 116103/156005 (executing program) 2021/02/04 05:04:36 fetching corpus: 1650, signal 117910/158570 (executing program) 2021/02/04 05:04:36 fetching corpus: 1700, signal 119153/160727 (executing program) 2021/02/04 05:04:36 fetching corpus: 1750, signal 121446/163677 (executing program) 2021/02/04 05:04:36 fetching corpus: 1800, signal 122059/165329 (executing program) 2021/02/04 05:04:36 fetching corpus: 1850, signal 122559/166869 (executing program) 2021/02/04 05:04:36 fetching corpus: 1900, signal 123950/169061 (executing program) 2021/02/04 05:04:37 fetching corpus: 1950, signal 125087/171079 (executing program) 2021/02/04 05:04:37 fetching corpus: 2000, signal 126174/173031 (executing program) 2021/02/04 05:04:37 fetching corpus: 2050, signal 127821/175429 (executing program) 2021/02/04 05:04:37 fetching corpus: 2100, signal 129774/177896 (executing program) 2021/02/04 05:04:37 fetching corpus: 2150, signal 130671/179664 (executing program) 2021/02/04 05:04:37 fetching corpus: 2200, signal 133058/182405 (executing program) 2021/02/04 05:04:37 fetching corpus: 2250, signal 133546/183858 (executing program) 2021/02/04 05:04:37 fetching corpus: 2300, signal 136070/186657 (executing program) 2021/02/04 05:04:37 fetching corpus: 2350, signal 136547/188063 (executing program) 2021/02/04 05:04:37 fetching corpus: 2400, signal 138708/190600 (executing program) 2021/02/04 05:04:37 fetching corpus: 2450, signal 139482/192104 (executing program) 2021/02/04 05:04:37 fetching corpus: 2500, signal 140104/193542 (executing program) 2021/02/04 05:04:37 fetching corpus: 2550, signal 140396/194762 (executing program) 2021/02/04 05:04:37 fetching corpus: 2600, signal 142142/196941 (executing program) 2021/02/04 05:04:37 fetching corpus: 2650, signal 143133/198576 (executing program) 2021/02/04 05:04:37 fetching corpus: 2700, signal 143701/199955 (executing program) 2021/02/04 05:04:37 fetching corpus: 2750, signal 144221/201303 (executing program) 2021/02/04 05:04:37 fetching corpus: 2800, signal 146509/203765 (executing program) 2021/02/04 05:04:37 fetching corpus: 2850, signal 148612/205975 (executing program) 2021/02/04 05:04:37 fetching corpus: 2900, signal 150556/208166 (executing program) 2021/02/04 05:04:37 fetching corpus: 2950, signal 151118/209475 (executing program) 2021/02/04 05:04:37 fetching corpus: 3000, signal 154017/212148 (executing program) 2021/02/04 05:04:37 fetching corpus: 3050, signal 154368/213304 (executing program) 2021/02/04 05:04:37 fetching corpus: 3100, signal 155655/215019 (executing program) 2021/02/04 05:04:38 fetching corpus: 3150, signal 157536/217023 (executing program) 2021/02/04 05:04:38 fetching corpus: 3200, signal 161099/219867 (executing program) 2021/02/04 05:04:38 fetching corpus: 3250, signal 161724/221140 (executing program) 2021/02/04 05:04:38 fetching corpus: 3300, signal 162637/222517 (executing program) 2021/02/04 05:04:38 fetching corpus: 3350, signal 164073/224171 (executing program) 2021/02/04 05:04:38 fetching corpus: 3400, signal 164846/225421 (executing program) 2021/02/04 05:04:38 fetching corpus: 3450, signal 165688/226728 (executing program) 2021/02/04 05:04:38 fetching corpus: 3500, signal 165949/227743 (executing program) 2021/02/04 05:04:38 fetching corpus: 3550, signal 166292/228789 (executing program) 2021/02/04 05:04:38 fetching corpus: 3600, signal 168101/230569 (executing program) 2021/02/04 05:04:38 fetching corpus: 3650, signal 168476/231631 (executing program) 2021/02/04 05:04:38 fetching corpus: 3700, signal 169062/232822 (executing program) 2021/02/04 05:04:38 fetching corpus: 3750, signal 170544/234405 (executing program) 2021/02/04 05:04:38 fetching corpus: 3800, signal 171946/236097 (executing program) 2021/02/04 05:04:39 fetching corpus: 3850, signal 173186/237480 (executing program) 2021/02/04 05:04:39 fetching corpus: 3900, signal 174860/239069 (executing program) 2021/02/04 05:04:39 fetching corpus: 3950, signal 175763/240312 (executing program) 2021/02/04 05:04:39 fetching corpus: 4000, signal 176491/241416 (executing program) 2021/02/04 05:04:39 fetching corpus: 4050, signal 178761/243179 (executing program) 2021/02/04 05:04:39 fetching corpus: 4100, signal 179202/244131 (executing program) 2021/02/04 05:04:39 fetching corpus: 4150, signal 181102/245850 (executing program) 2021/02/04 05:04:39 fetching corpus: 4200, signal 182032/246997 (executing program) 2021/02/04 05:04:39 fetching corpus: 4250, signal 182468/247910 (executing program) 2021/02/04 05:04:39 fetching corpus: 4300, signal 182862/248830 (executing program) 2021/02/04 05:04:39 fetching corpus: 4350, signal 183381/249778 (executing program) 2021/02/04 05:04:39 fetching corpus: 4400, signal 185494/252145 (executing program) 2021/02/04 05:04:39 fetching corpus: 4450, signal 185966/253041 (executing program) 2021/02/04 05:04:39 fetching corpus: 4500, signal 186444/253975 (executing program) 2021/02/04 05:04:39 fetching corpus: 4550, signal 187090/255014 (executing program) 2021/02/04 05:04:39 fetching corpus: 4600, signal 187600/255890 (executing program) 2021/02/04 05:04:39 fetching corpus: 4650, signal 188169/256883 (executing program) 2021/02/04 05:04:39 fetching corpus: 4700, signal 188748/257802 (executing program) 2021/02/04 05:04:39 fetching corpus: 4750, signal 191115/259268 (executing program) 2021/02/04 05:04:39 fetching corpus: 4800, signal 191478/260139 (executing program) 2021/02/04 05:04:39 fetching corpus: 4850, signal 192070/261054 (executing program) 2021/02/04 05:04:40 fetching corpus: 4900, signal 192931/262038 (executing program) 2021/02/04 05:04:40 fetching corpus: 4950, signal 193951/263040 (executing program) 2021/02/04 05:04:40 fetching corpus: 5000, signal 194593/263861 (executing program) 2021/02/04 05:04:40 fetching corpus: 5050, signal 195121/264725 (executing program) 2021/02/04 05:04:40 fetching corpus: 5100, signal 195494/265540 (executing program) 2021/02/04 05:04:40 fetching corpus: 5150, signal 196069/266426 (executing program) 2021/02/04 05:04:40 fetching corpus: 5200, signal 196997/267358 (executing program) 2021/02/04 05:04:40 fetching corpus: 5250, signal 197377/268099 (executing program) 2021/02/04 05:04:40 fetching corpus: 5300, signal 198661/269163 (executing program) 2021/02/04 05:04:40 fetching corpus: 5350, signal 198975/269885 (executing program) 2021/02/04 05:04:40 fetching corpus: 5400, signal 199250/270665 (executing program) 2021/02/04 05:04:40 fetching corpus: 5450, signal 199988/271505 (executing program) 2021/02/04 05:04:40 fetching corpus: 5500, signal 200148/272205 (executing program) 2021/02/04 05:04:40 fetching corpus: 5550, signal 200586/272961 (executing program) 2021/02/04 05:04:40 fetching corpus: 5600, signal 201061/273733 (executing program) 2021/02/04 05:04:40 fetching corpus: 5650, signal 201547/274453 (executing program) 2021/02/04 05:04:41 fetching corpus: 5700, signal 202487/275273 (executing program) 2021/02/04 05:04:41 fetching corpus: 5750, signal 203107/276000 (executing program) 2021/02/04 05:04:41 fetching corpus: 5800, signal 204026/276754 (executing program) 2021/02/04 05:04:41 fetching corpus: 5850, signal 204307/277512 (executing program) 2021/02/04 05:04:41 fetching corpus: 5900, signal 204633/278193 (executing program) 2021/02/04 05:04:41 fetching corpus: 5950, signal 204839/278917 (executing program) 2021/02/04 05:04:41 fetching corpus: 6000, signal 205200/279629 (executing program) 2021/02/04 05:04:41 fetching corpus: 6050, signal 205643/280350 (executing program) 2021/02/04 05:04:41 fetching corpus: 6100, signal 205928/281043 (executing program) 2021/02/04 05:04:41 fetching corpus: 6150, signal 206162/281713 (executing program) 2021/02/04 05:04:41 fetching corpus: 6200, signal 206756/282448 (executing program) 2021/02/04 05:04:41 fetching corpus: 6250, signal 207374/283118 (executing program) 2021/02/04 05:04:41 fetching corpus: 6300, signal 207632/283760 (executing program) 2021/02/04 05:04:41 fetching corpus: 6350, signal 207996/284417 (executing program) 2021/02/04 05:04:41 fetching corpus: 6400, signal 208208/285020 (executing program) 2021/02/04 05:04:41 fetching corpus: 6450, signal 208815/285663 (executing program) 2021/02/04 05:04:41 fetching corpus: 6500, signal 209690/286362 (executing program) 2021/02/04 05:04:42 fetching corpus: 6550, signal 209922/287002 (executing program) 2021/02/04 05:04:42 fetching corpus: 6600, signal 210287/287600 (executing program) 2021/02/04 05:04:42 fetching corpus: 6650, signal 211134/288234 (executing program) 2021/02/04 05:04:42 fetching corpus: 6700, signal 211535/288859 (executing program) 2021/02/04 05:04:42 fetching corpus: 6750, signal 212982/289508 (executing program) 2021/02/04 05:04:42 fetching corpus: 6800, signal 213205/290098 (executing program) 2021/02/04 05:04:42 fetching corpus: 6850, signal 213875/290796 (executing program) 2021/02/04 05:04:42 fetching corpus: 6900, signal 214166/291414 (executing program) 2021/02/04 05:04:42 fetching corpus: 6950, signal 214510/291999 (executing program) 2021/02/04 05:04:43 fetching corpus: 7000, signal 215463/292588 (executing program) 2021/02/04 05:04:43 fetching corpus: 7050, signal 215885/293171 (executing program) 2021/02/04 05:04:43 fetching corpus: 7100, signal 216243/293721 (executing program) 2021/02/04 05:04:43 fetching corpus: 7150, signal 216485/293944 (executing program) 2021/02/04 05:04:43 fetching corpus: 7200, signal 216754/293959 (executing program) 2021/02/04 05:04:43 fetching corpus: 7250, signal 217127/293960 (executing program) 2021/02/04 05:04:43 fetching corpus: 7300, signal 217314/293966 (executing program) 2021/02/04 05:04:43 fetching corpus: 7350, signal 217546/293967 (executing program) 2021/02/04 05:04:43 fetching corpus: 7400, signal 217871/294049 (executing program) 2021/02/04 05:04:43 fetching corpus: 7450, signal 218064/294049 (executing program) 2021/02/04 05:04:43 fetching corpus: 7500, signal 218282/294053 (executing program) 2021/02/04 05:04:43 fetching corpus: 7550, signal 218561/294061 (executing program) 2021/02/04 05:04:43 fetching corpus: 7600, signal 219552/294072 (executing program) 2021/02/04 05:04:44 fetching corpus: 7650, signal 221234/294084 (executing program) 2021/02/04 05:04:45 fetching corpus: 7700, signal 221427/294097 (executing program) 2021/02/04 05:04:45 fetching corpus: 7750, signal 221793/294101 (executing program) 2021/02/04 05:04:45 fetching corpus: 7800, signal 222101/294106 (executing program) 2021/02/04 05:04:45 fetching corpus: 7850, signal 222459/294114 (executing program) 2021/02/04 05:04:45 fetching corpus: 7900, signal 222727/294125 (executing program) 2021/02/04 05:04:45 fetching corpus: 7950, signal 223232/294454 (executing program) 2021/02/04 05:04:45 fetching corpus: 8000, signal 223499/294487 (executing program) 2021/02/04 05:04:45 fetching corpus: 8050, signal 224937/295088 (executing program) 2021/02/04 05:04:45 fetching corpus: 8100, signal 229229/295092 (executing program) 2021/02/04 05:04:45 fetching corpus: 8150, signal 229491/295099 (executing program) 2021/02/04 05:04:46 fetching corpus: 8200, signal 230338/295123 (executing program) 2021/02/04 05:04:47 fetching corpus: 8250, signal 230964/295144 (executing program) 2021/02/04 05:04:47 fetching corpus: 8300, signal 231158/295155 (executing program) 2021/02/04 05:04:47 fetching corpus: 8350, signal 231468/295182 (executing program) 2021/02/04 05:04:47 fetching corpus: 8400, signal 232004/295182 (executing program) 2021/02/04 05:04:47 fetching corpus: 8450, signal 232424/295184 (executing program) 2021/02/04 05:04:47 fetching corpus: 8500, signal 233013/295186 (executing program) 2021/02/04 05:04:47 fetching corpus: 8550, signal 233726/295224 (executing program) 2021/02/04 05:04:47 fetching corpus: 8600, signal 233975/295232 (executing program) 2021/02/04 05:04:47 fetching corpus: 8650, signal 234362/295267 (executing program) 2021/02/04 05:04:47 fetching corpus: 8700, signal 234541/295277 (executing program) 2021/02/04 05:04:47 fetching corpus: 8750, signal 235568/295291 (executing program) 2021/02/04 05:04:47 fetching corpus: 8800, signal 235922/295433 (executing program) 2021/02/04 05:04:47 fetching corpus: 8850, signal 236177/295456 (executing program) 2021/02/04 05:04:47 fetching corpus: 8900, signal 237720/295456 (executing program) 2021/02/04 05:04:47 fetching corpus: 8950, signal 238363/295490 (executing program) 2021/02/04 05:04:47 fetching corpus: 9000, signal 238567/295490 (executing program) 2021/02/04 05:04:47 fetching corpus: 9050, signal 239273/295501 (executing program) 2021/02/04 05:04:47 fetching corpus: 9100, signal 240066/295510 (executing program) 2021/02/04 05:04:47 fetching corpus: 9150, signal 240440/295512 (executing program) 2021/02/04 05:04:48 fetching corpus: 9200, signal 241457/295522 (executing program) 2021/02/04 05:04:48 fetching corpus: 9250, signal 242016/295533 (executing program) 2021/02/04 05:04:48 fetching corpus: 9300, signal 242449/295567 (executing program) 2021/02/04 05:04:48 fetching corpus: 9350, signal 242588/295584 (executing program) 2021/02/04 05:04:48 fetching corpus: 9400, signal 243429/295857 (executing program) 2021/02/04 05:04:48 fetching corpus: 9450, signal 243628/295878 (executing program) 2021/02/04 05:04:48 fetching corpus: 9500, signal 246301/295938 (executing program) 2021/02/04 05:04:48 fetching corpus: 9550, signal 246747/296059 (executing program) 2021/02/04 05:04:48 fetching corpus: 9600, signal 246972/296111 (executing program) 2021/02/04 05:04:48 fetching corpus: 9650, signal 248454/296112 (executing program) 2021/02/04 05:04:48 fetching corpus: 9700, signal 248951/296112 (executing program) 2021/02/04 05:04:48 fetching corpus: 9750, signal 250059/296113 (executing program) 2021/02/04 05:04:48 fetching corpus: 9800, signal 250279/296120 (executing program) 2021/02/04 05:04:48 fetching corpus: 9850, signal 250661/296120 (executing program) 2021/02/04 05:04:48 fetching corpus: 9900, signal 250848/296121 (executing program) 2021/02/04 05:04:48 fetching corpus: 9950, signal 250982/296123 (executing program) 2021/02/04 05:04:48 fetching corpus: 10000, signal 251684/296125 (executing program) 2021/02/04 05:04:48 fetching corpus: 10050, signal 252474/296125 (executing program) 2021/02/04 05:04:48 fetching corpus: 10100, signal 252890/296130 (executing program) 2021/02/04 05:04:49 fetching corpus: 10149, signal 253692/296130 (executing program) 2021/02/04 05:04:49 fetching corpus: 10149, signal 253692/296130 (executing program) 2021/02/04 05:04:49 starting 2 fuzzer processes 05:04:49 executing program 1: r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x10, 0x204) preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000040)=""/237, 0xed}, {&(0x7f0000000140)=""/214, 0xd6}, {&(0x7f0000000240)=""/60, 0x3c}, {&(0x7f0000000280)=""/102, 0x66}], 0x4, 0x0, 0x1) r1 = kqueue() r2 = fcntl$dupfd(r1, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r2, 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x80, 0x180) open$dir(&(0x7f00000003c0)='./file1\x00', 0x20, 0x42) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, 0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000001580)={0x2, 0x2}, 0xc) ioctl$WSMUXIO_ADD_DEVICE(r3, 0x80085761, &(0x7f0000000380)={0x3, 0xd7}) r4 = openat$speaker(0xffffffffffffff9c, &(0x7f0000000400)='/dev/speaker\x00', 0x0, 0x0) ioctl$WSKBDIO_GETENCODING(r3, 0x4004570f, &(0x7f0000000440)) readv(r4, &(0x7f00000004c0), 0x0) r5 = fcntl$getown(r2, 0x5) fcntl$lock(r4, 0x8, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x2000000000003, r5}) r6 = semget$private(0x0, 0x4, 0x5b4) semop(r6, &(0x7f0000000180)=[{0x3, 0x3, 0x1000}], 0x1) semop(r6, &(0x7f0000000340)=[{0x3, 0xfffd, 0x3800}, {0x2, 0x7, 0x1800}, {0x2, 0x2, 0x7fc}, {0x1, 0x407, 0x1000}, {0x1, 0x2, 0x1800}, {0x2, 0x1f, 0x1000}, {0x1, 0xfffffffffffffff8, 0x1800}, {0x3, 0xad, 0x1800}, {0x1, 0x81, 0x800}, {0x0, 0x105}, {0x0, 0xfffb, 0x1800}], 0xb) 05:04:49 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x4000000001, 0x0) ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f00000003c0)={0x3, &(0x7f0000000400)=[{0x34, 0x0, 0x0, 0x5}, {0x84}, {0x6, 0x0, 0x0, 0x100}]}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f00000000c0)={'tap', 0x0}) pwrite(r0, &(0x7f0000000100)="fbaf8a8d1a029be96914f6357e3a", 0xe, 0x0, 0x0) 05:04:49 executing program 1: r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x10, 0x204) preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000040)=""/237, 0xed}, {&(0x7f0000000140)=""/214, 0xd6}, {&(0x7f0000000240)=""/60, 0x3c}, {&(0x7f0000000280)=""/102, 0x66}], 0x4, 0x0, 0x1) r1 = kqueue() r2 = fcntl$dupfd(r1, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r2, 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x80, 0x180) open$dir(&(0x7f00000003c0)='./file1\x00', 0x20, 0x42) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, 0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000001580)={0x2, 0x2}, 0xc) ioctl$WSMUXIO_ADD_DEVICE(r3, 0x80085761, &(0x7f0000000380)={0x3, 0xd7}) r4 = openat$speaker(0xffffffffffffff9c, &(0x7f0000000400)='/dev/speaker\x00', 0x0, 0x0) ioctl$WSKBDIO_GETENCODING(r3, 0x4004570f, &(0x7f0000000440)) readv(r4, &(0x7f00000004c0), 0x0) r5 = fcntl$getown(r2, 0x5) fcntl$lock(r4, 0x8, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x2000000000003, r5}) r6 = semget$private(0x0, 0x4, 0x5b4) semop(r6, &(0x7f0000000180)=[{0x3, 0x3, 0x1000}], 0x1) semop(r6, &(0x7f0000000340)=[{0x3, 0xfffd, 0x3800}, {0x2, 0x7, 0x1800}, {0x2, 0x2, 0x7fc}, {0x1, 0x407, 0x1000}, {0x1, 0x2, 0x1800}, {0x2, 0x1f, 0x1000}, {0x1, 0xfffffffffffffff8, 0x1800}, {0x3, 0xad, 0x1800}, {0x1, 0x81, 0x800}, {0x0, 0x105}, {0x0, 0xfffb, 0x1800}], 0xb) 05:04:49 executing program 0: ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0x0, 0x0, {0x0, 0x10000000000001}}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x1, 0x0) setsockopt(r0, 0x80000000000029, 0xc, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) setsockopt(r0, 0x29, 0x800000000000009, &(0x7f0000000040), 0x4) 05:04:49 executing program 1: r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x10, 0x204) preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000040)=""/237, 0xed}, {&(0x7f0000000140)=""/214, 0xd6}, {&(0x7f0000000240)=""/60, 0x3c}, {&(0x7f0000000280)=""/102, 0x66}], 0x4, 0x0, 0x1) r1 = kqueue() r2 = fcntl$dupfd(r1, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r2, 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x80, 0x180) open$dir(&(0x7f00000003c0)='./file1\x00', 0x20, 0x42) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, 0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000001580)={0x2, 0x2}, 0xc) ioctl$WSMUXIO_ADD_DEVICE(r3, 0x80085761, &(0x7f0000000380)={0x3, 0xd7}) r4 = openat$speaker(0xffffffffffffff9c, &(0x7f0000000400)='/dev/speaker\x00', 0x0, 0x0) ioctl$WSKBDIO_GETENCODING(r3, 0x4004570f, &(0x7f0000000440)) readv(r4, &(0x7f00000004c0), 0x0) r5 = fcntl$getown(r2, 0x5) fcntl$lock(r4, 0x8, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x2000000000003, r5}) r6 = semget$private(0x0, 0x4, 0x5b4) semop(r6, &(0x7f0000000180)=[{0x3, 0x3, 0x1000}], 0x1) semop(r6, &(0x7f0000000340)=[{0x3, 0xfffd, 0x3800}, {0x2, 0x7, 0x1800}, {0x2, 0x2, 0x7fc}, {0x1, 0x407, 0x1000}, {0x1, 0x2, 0x1800}, {0x2, 0x1f, 0x1000}, {0x1, 0xfffffffffffffff8, 0x1800}, {0x3, 0xad, 0x1800}, {0x1, 0x81, 0x800}, {0x0, 0x105}, {0x0, 0xfffb, 0x1800}], 0xb) 05:04:49 executing program 0: setrlimit(0x8, &(0x7f0000000040)={0x7, 0x95}) r0 = syz_open_pts() close(r0) r1 = syz_open_pts() ioctl$TIOCSETA(r1, 0x802c7414, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffb6, "6fced69c6f03ca2d86d18a4f0fddeb7633e51dd9"}) ioctl$TIOCSETA(r0, 0x8004745f, &(0x7f00000004c0)={0x1d, 0x0, 0x0, 0x0, "61aa0db11ce9bae3c6514e6ae973739ea78b7ec0"}) 05:04:49 executing program 1: r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x10, 0x204) preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000040)=""/237, 0xed}, {&(0x7f0000000140)=""/214, 0xd6}, {&(0x7f0000000240)=""/60, 0x3c}, {&(0x7f0000000280)=""/102, 0x66}], 0x4, 0x0, 0x1) r1 = kqueue() r2 = fcntl$dupfd(r1, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r2, 0x0, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x80, 0x180) open$dir(&(0x7f00000003c0)='./file1\x00', 0x20, 0x42) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, 0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000001580)={0x2, 0x2}, 0xc) ioctl$WSMUXIO_ADD_DEVICE(r3, 0x80085761, &(0x7f0000000380)={0x3, 0xd7}) r4 = openat$speaker(0xffffffffffffff9c, &(0x7f0000000400)='/dev/speaker\x00', 0x0, 0x0) ioctl$WSKBDIO_GETENCODING(r3, 0x4004570f, &(0x7f0000000440)) readv(r4, &(0x7f00000004c0), 0x0) r5 = fcntl$getown(r2, 0x5) fcntl$lock(r4, 0x8, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x2000000000003, r5}) r6 = semget$private(0x0, 0x4, 0x5b4) semop(r6, &(0x7f0000000180)=[{0x3, 0x3, 0x1000}], 0x1) semop(r6, &(0x7f0000000340)=[{0x3, 0xfffd, 0x3800}, {0x2, 0x7, 0x1800}, {0x2, 0x2, 0x7fc}, {0x1, 0x407, 0x1000}, {0x1, 0x2, 0x1800}, {0x2, 0x1f, 0x1000}, {0x1, 0xfffffffffffffff8, 0x1800}, {0x3, 0xad, 0x1800}, {0x1, 0x81, 0x800}, {0x0, 0x105}, {0x0, 0xfffb, 0x1800}], 0xb) login: vrele: bad writecount: 0xfffffd806e1e34e8, type VCHR, use 0, write 1, hold 0, tag VT_UFS, ino 2678, on dev 4, 0 flags 0x180, effnlink 1, nlink 1 mode 020620, owner 0, group 4, size 0 panic: vrele: v_writecount != 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *298886 93518 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd806e1e34e8) at vrele+0x187 ptmioctl(5100,40287401,ffff80002170aed0,3,ffff800021671a40) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806eb05130,40287401,ffff80002170aed0,3,fffffd807f7b7cc0,ffff800021671a40) at VOP_IOCTL+0x91 vn_ioctl(fffffd80679fc9f0,40287401,ffff80002170aed0,ffff800021671a40) at vn_ioctl+0xb5 sys_ioctl(ffff800021671a40,ffff80002170afe0,ffff80002170b030) at sys_ioctl+0x4ac syscall(ffff80002170b0b0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73f377f99d0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic vrele: v_writecount != 0 ddb> trace db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd806e1e34e8) at vrele+0x187 ptmioctl(5100,40287401,ffff80002170aed0,3,ffff800021671a40) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806eb05130,40287401,ffff80002170aed0,3,fffffd807f7b7cc0,ffff800021671a40) at VOP_IOCTL+0x91 vn_ioctl(fffffd80679fc9f0,40287401,ffff80002170aed0,ffff800021671a40) at vn_ioctl+0xb5 sys_ioctl(ffff800021671a40,ffff80002170afe0,ffff80002170b030) at sys_ioctl+0x4ac syscall(ffff80002170b0b0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73f377f99d0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002170a910 rbx 0xffff80002170a920 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff820e50f5 kprintf+0x155 r9 0x1 r10 0xfbade56f62098227 r11 0x9dc4a3a5d43b472 r12 0x3000000008 r13 0xffff80002170a9c0 r14 0x100 r15 0x1 rip 0xffffffff81ab85c8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002170a900 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=298886 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=57, nice=20 forw=0xffffffffffffffff, list=0xffff800021671500,0xffffffff827ebf10 process=0xffff800021698808 user=0xffff800021706000, vmspace=0xfffffd807effccc0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 93518 402183 84847 0 2 0 syz-executor.0 *93518 298886 84847 0 7 0x4000000 syz-executor.0 84847 242066 1753 0 2 0x482 syz-executor.0 15489 514192 1753 0 2 0x2 syz-executor.1 1753 320685 57079 0 3 0x82 thrsleep syz-fuzzer 1753 230354 57079 0 2 0x4000482 syz-fuzzer 1753 160313 57079 0 3 0x4000082 kqread syz-fuzzer 1753 321602 57079 0 3 0x4000082 thrsleep syz-fuzzer 1753 480182 57079 0 3 0x4000082 thrsleep syz-fuzzer 1753 284477 57079 0 3 0x4000082 thrsleep syz-fuzzer 1753 116560 57079 0 3 0x4000082 thrsleep syz-fuzzer 57079 219568 4845 0 3 0x10008a sigsusp ksh 4845 89822 41812 0 3 0x92 select sshd 88079 445839 1 0 3 0x100083 ttyin getty 41812 437143 1 0 3 0x80 select sshd 68772 186155 74007 73 2 0x100090 syslogd 74007 249571 1 0 3 0x100082 netio syslogd 11853 191666 1 77 3 0x100090 poll dhclient 61932 204206 1 0 3 0x80 poll dhclient 20080 77241 0 0 2 0x14200 smr 25264 225135 0 0 2 0x14200 zerothread 95908 185913 0 0 3 0x14200 aiodoned aiodoned 64048 462013 0 0 3 0x14200 syncer update 66685 218952 0 0 3 0x14200 cleaner cleaner 50814 49505 0 0 3 0x14200 reaper reaper 81906 134875 0 0 3 0x14200 pgdaemon pagedaemon 73519 73617 0 0 3 0x14200 bored crynlk 13168 414494 0 0 3 0x14200 bored crypto 88036 296862 0 0 3 0x14200 bored viomb 6649 421742 0 0 3 0x40014200 acpi0 acpi0 82834 82411 0 0 3 0x14200 bored softnet 14674 367169 0 0 3 0x14200 bored systqmp 606 453980 0 0 3 0x14200 bored systq 34259 26372 0 0 2 0x40014200 softclock 30044 182738 0 0 3 0x40014200 idle0 1 359212 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9476 6472K 6472K 78643K 10569 0 pcb 13 8K 8K 78643K 13 0 rtable 105 3K 3K 78643K 190 0 ifaddr 39 10K 10K 78643K 39 0 counters 21 16K 16K 78643K 21 0 ioctlops 0 0K 2K 78643K 15 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 77K 77K 78643K 1223 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 6 0K 0K 78643K 10 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 40 0 proc 47 38K 54K 78643K 364 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 2 0 in_multi 33 2K 2K 78643K 36 0 ether_multi 1 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 37 175K 175K 78643K 37 0 exec 0 0K 2K 78643K 317 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 116 23K 24K 78643K 711 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 9 0K 0K 78643K 9 0 temp 60 3963K 4027K 78643K 1804 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 120 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 23 0 15 1 0 1 1 0 8 0 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1163 0 1163 1 0 1 1 0 8 1 tcpcb 736 12 0 6 1 0 1 1 0 8 0 inpcb 304 34 0 27 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 kcovpl 48 2 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 semupl 112 6 0 6 1 0 1 1 0 8 1 semapl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1421 0 25 88 0 88 88 0 8 0 ffsino 240 1421 0 25 83 0 83 83 0 8 0 nchpl 144 1650 0 52 60 0 60 60 0 8 0 uvmvnodes 72 1466 0 0 27 0 27 27 0 8 0 vnodes 224 1466 0 0 87 0 87 87 0 8 0 namei 1024 4022 0 4022 2 1 1 1 0 8 1 scxspl 216 4712 0 4712 9 1 8 8 0 8 8 plimitpl 152 16 0 8 1 0 1 1 0 8 0 sigapl 424 227 0 198 4 0 4 4 0 8 0 futexpl 56 103 0 103 1 0 1 1 0 8 1 knotepl 112 62 0 42 1 0 1 1 0 8 0 kqueuepl 168 6 0 4 1 0 1 1 0 8 0 pipepl 304 69 0 58 1 0 1 1 0 8 0 fdescpl 432 212 0 198 2 0 2 2 0 8 0 filepl 120 997 0 896 4 0 4 4 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 144 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 57 0 50 1 0 1 1 0 8 0 zombiepl 144 198 0 198 2 1 1 1 0 8 1 processpl 1016 227 0 198 5 0 5 5 0 8 1 procpl 672 239 0 203 4 0 4 4 0 8 0 sockpl 432 76 0 59 4 1 3 3 0 8 1 mcl4k 4096 8 0 8 1 1 0 1 0 8 0 mcl2k 2048 166865 0 166803 49 31 18 27 0 8 8 mtagpl 96 4 0 2 2 1 1 1 0 8 0 mbufpl 256 180981 0 180837 16 3 13 14 0 8 3 bufpl 280 3247 0 169 220 0 220 220 0 8 0 anonpl 24 39335 0 21286 112 2 110 110 0 188 0 amapchunkpl 152 1263 0 909 16 0 16 16 0 158 1 amappl16 200 902 0 112 42 0 42 42 0 8 0 amappl15 192 5 0 2 1 0 1 1 0 8 0 amappl14 184 32 0 27 1 0 1 1 0 8 0 amappl13 176 24 0 22 1 0 1 1 0 8 0 amappl12 168 8 0 6 1 0 1 1 0 8 0 amappl11 160 46 0 35 1 0 1 1 0 8 0 amappl10 152 11 0 6 1 0 1 1 0 8 0 amappl9 144 277 0 276 2 1 1 1 0 8 0 amappl8 136 113 0 84 2 0 2 2 0 8 0 amappl7 128 214 0 207 1 0 1 1 0 8 0 amappl6 120 60 0 52 1 0 1 1 0 8 0 amappl5 112 358 0 344 1 0 1 1 0 8 0 amappl4 104 241 0 218 1 0 1 1 0 8 0 amappl3 96 110 0 103 1 0 1 1 0 8 0 amappl2 88 937 0 872 3 1 2 3 0 8 0 amappl1 80 13918 0 13472 27 14 13 20 0 8 2 amappl 88 484 0 413 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 212 0 198 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 212 0 198 1 0 1 1 0 8 0 vmmpekpl 168 5798 0 5778 1 0 1 1 0 8 0 vmmpepl 168 33853 0 31942 128 9 119 119 0 357 35 vmsppl 272 211 0 198 2 0 2 2 0 8 1 rwobjpl 24 9365 0 7927 13 3 10 10 0 8 1 pdppl 4096 430 0 396 56 16 40 40 0 8 6 pvpl 32 130979 0 110054 174 0 174 174 0 265 3 pmappl 200 211 0 198 1 0 1 1 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 322 0 54 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd806e1e34e8) at vrele+0x187 ptmioctl(5100,40287401,ffff80002170aed0,3,ffff800021671a40) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806eb05130,40287401,ffff80002170aed0,3,fffffd807f7b7cc0,ffff800021671a40) at VOP_IOCTL+0x91 vn_ioctl(fffffd80679fc9f0,40287401,ffff80002170aed0,ffff800021671a40) at vn_ioctl+0xb5 sys_ioctl(ffff800021671a40,ffff80002170afe0,ffff80002170b030) at sys_ioctl+0x4ac syscall(ffff80002170b0b0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73f377f99d0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 panic(ffffffff8243627a) at panic+0x15e vrele(fffffd806e1e34e8) at vrele+0x187 ptmioctl(5100,40287401,ffff80002170aed0,3,ffff800021671a40) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806eb05130,40287401,ffff80002170aed0,3,fffffd807f7b7cc0,ffff800021671a40) at VOP_IOCTL+0x91 vn_ioctl(fffffd80679fc9f0,40287401,ffff80002170aed0,ffff800021671a40) at vn_ioctl+0xb5 sys_ioctl(ffff800021671a40,ffff80002170afe0,ffff80002170b030) at sys_ioctl+0x4ac syscall(ffff80002170b0b0) at syscall+0x507 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73f377f99d0, count: -9