Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts. 2019/02/16 05:15:55 fuzzer started 2019/02/16 05:16:01 dialing manager at 10.128.15.235:24177 2019/02/16 05:16:01 syscalls: 1 2019/02/16 05:16:01 code coverage: enabled 2019/02/16 05:16:01 comparison tracing: enabled 2019/02/16 05:16:01 extra coverage: support is not implemented in syzkaller 2019/02/16 05:16:01 setuid sandbox: enabled 2019/02/16 05:16:01 namespace sandbox: support is not implemented in syzkaller 2019/02/16 05:16:01 Android sandbox: support is not implemented in syzkaller 2019/02/16 05:16:01 fault injection: support is not implemented in syzkaller 2019/02/16 05:16:01 leak checking: support is not implemented in syzkaller 2019/02/16 05:16:01 net packet injection: enabled 2019/02/16 05:16:01 net device setup: support is not implemented in syzkaller 05:16:06 executing program 0: r0 = kqueue() r1 = openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/wsmouse\x00', 0xc08, 0x0) r2 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000040)) recvfrom$inet6(r2, &(0x7f0000000080)=""/4096, 0x1000, 0x1, &(0x7f0000001080)={0x18, 0x0, 0x4, 0x59}, 0xc) kevent(r0, &(0x7f00000010c0)=[{{r1}, 0xffffffffffffffff, 0x2e, 0x0, 0x7, 0x1ff}, {{r1}, 0xffffffffffffffff, 0x9, 0x5, 0x9, 0xffffffffffff0f9a}], 0x7, &(0x7f0000001100)=[{{r2}, 0xfffffffffffffffe, 0x0, 0x0, 0x200, 0x2}], 0x3, &(0x7f0000001140)={0x5, 0x1}) read(r1, &(0x7f0000001180)=""/52, 0x34) r3 = msgget(0x2, 0x200) msgctl$IPC_RMID(r3, 0x0) mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4) getsockopt$SO_PEERCRED(r2, 0xffff, 0x1022, &(0x7f00000011c0), 0xc) getpgrp() getsockopt$sock_cred(r2, 0xffff, 0x1022, &(0x7f0000001200)={0x0}, &(0x7f0000001240)=0xc) r5 = openat(0xffffffffffffff9c, &(0x7f0000001280)='./file0\x00', 0x10, 0x100) ioctl$WSDISPLAYIO_SMODE(r5, 0x8004574c, &(0x7f00000012c0)=0x2) ioctl$WSDISPLAYIO_DELSCREEN(r5, 0x80085754, &(0x7f0000001300)={0x800, 0x3}) mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x6b2994d559424f49, 0x2811, r2, 0x0, 0x0) fcntl$setown(r5, 0x6, r4) r6 = shmget(0x1, 0x12000, 0x140, &(0x7f0000fee000/0x12000)=nil) fcntl$getflags(r0, 0x3) r7 = shmget(0x3, 0x4000, 0x2, &(0x7f0000ffa000/0x4000)=nil) shmctl$SHM_UNLOCK(r7, 0x4) unlinkat(r5, &(0x7f0000001340)='./file0\x00', 0x0) sendmsg(r5, &(0x7f0000002740)={&(0x7f0000001380)=@in={0x2, 0x0}, 0xc, &(0x7f0000001400)=[{&(0x7f00000013c0)="ae178aa59bbcf316dd3759eb4a40a9099c5b121bb00e383545ac2c038fad2fc460edbfdda1d9e58e229acc1dde913df41cf39c647f087ecb88705b", 0x3b}], 0x1, &(0x7f0000001440)=[{0x60, 0x1, 0x10000, "cd3104ab8392c5cbb8d3a3e1964e5f58b917a338d3fe4c937c3d9b3ead8095378ebd62286887dd1e9eca629494a8c3b191dd83dffa556c51b48552fb5f4c5357b754c8298c93da67ad77"}, {0x18, 0x1, 0x100000001, "032aa176ae"}, {0x110, 0x1, 0x9, "eab065f3c31c9553f9bc0223a0e8228e0744f1c3fc908ee7c97261cdd0934440284bb2d9d04e55277213c5ad715e86467aadad52c9f94b80ac7cd9b31214866a3169267dbb2d64462f8b94f39296eb3a79824a8c8dea9d560c090ee31576b56f8c71a48ac05ec09c11c673363dba3433c6f4064376fd4531bd2c4cde009d663eea8636e1e94cf66171caa75464844640e4260fa55e1a45cb843e612c9f6e54595bf94d1f1e536519758466891d6d17241ece6100bbb1e6ce3f7c5755a094dcdac3488f204d0d594dce640840cc57889da11c8efb7b6cc0e3e40715fa7811bc1160caba4cbbdcd6505ae5be8d53d5b3fa6523fe3027d4cb0c80d7da89"}, {0x1010, 0xffff, 0x4, "fdce789ddbd42214b6bca8e375fcb74a10a4d721a82a7a1501bdf95223757213b3a863d96acc470e86cf1b46c741362a327229a2701d6a6d69ae66ee1cb925197fed30e63892dafcf65df9dae03a6e851e10c17de550290f662401ebafd4450855167952f83e3c46c553aebaf38028ed45edd52c6c58467d8fd90e823563c11b09172ab068bd945ef60f13a12c003e0da3966ba21d0b0061ff54c87d2b9a7a077d619490028685751716dbf097a765a9c4ef220d8c619ee308b858ce286bbc12d661f50775c20481a423890988a97ddf2aaf33325c87a20dea351ada96398298dfebc862af8f86556301ede46e63f9d04127416da4b2f092fe5945c030dbd1d4096b1a6cd991f12cf656b909832b31f27eab4f0ed56a91843d1f44860214c71adea44d9bd33a07fef4fb1365a3d7fbc40e12f5b730222010371263f5ad75b8c725bdf4b08b03049e2c8b996cf1475b9cc88241c599226112f2f347a93fd4fe8b1b720a7d7f09f01232f52c46dc72d0d6963ddfebb3c50ecf8a067cfa6ccc5176426c60e8f11ac9a504d653bc30882cbb6689c3a68a1bcfa8e561407cc8a9bc6c71e9c6f737119d964d39cd4ac8b72765a5d36e9d9fe69cfb2b86a24c952168c46a6100e880c29e58173c7e4cd46ce1b958081f215453c2a2e8e20d10406993c9d68b20fddab0eb26532a1a40ea3b979cddaa6f07c3dc2ff4aabd5de6328e814d365a9cc5d42ed05eaa23781421319683bbd7aa97c42f328609d0190199a3783e4ccc79b4161636e90ddbc16115fe8f33dac28854b0cdb218bb065cdd1ff093d89b5f6cda76be75f6c3327786f3de9d8d93323ecc8b14c18759e97b485f4987586b41201c99bb3718cf9bd6bda6f71e0e30f294b2a7fa1ef2cf2b4850bb4e86837efa164ab8fbd4949fa64c433ba2f783e86c0ed0065b8733546ac4707556a2aba99770fc386518c605de3b20b7362fdb7c3266ac47602104bb4e257c1f0dc07d7b1e2566dcdb2c614fd94196cdbd0fadb13f8d6d40c73f2e3126bfb4af9687ebd182b987dfe8b1b9b1fb8339107e763660422e3e08da12eb7a1ba746da654315fe723b728e4852460a85adf48e9838463c596828267212d81602f1a07fdd436de5b0df2059c9b0d6a993daa1aa1683a3ed7ffed53bb923201f28b5579a97966e1ea32438e43623161aa8ebcb4119c1d5ffdccd118d6651744f09f3a862c5b2a6f8ad9f185d7c40b8dd12f3ff74913c0603ba4ff6862b4074381421d9d16d11fdb27d8d67edaef813ede391ec27b713949573b2476cd90b0ca7029cf9b9f46a1d41dc1c99d40bf9b4beedd7b6b8d1f26a2eeb5c091e9a780bb94d877bf4b5c14a4d86afe6b5387354f9e79401efefe457ba5b0ad92ceaaab767cbd3ad631e33511a12287e870a6d430585e3ef3cdb52ee74952843a3ae91961af2784ce3cdeae81f2739654fa6715f2548666ffe02cae8e86c10da582a437dcdadd24315f65ca2a73d41e9ebc5ca2a15954fc60d61979c7604d234731c6b99b8b6a31b0b3ee05a2e0e7dd98626df774b3969a092323474198eaae714132bcdd4778e1e59c367f72f9ca2a13f5dc4fb98c81e14d9f9496e7ea344634790024988f7138da3edcf88d27d6e660cbd144e50f97536d761a1ebc03bd13d35a0c7b3194ac1b1dcbb8faef3024e2805e2cfcf3f1f8890d85681fe4f7fa8a7ae9693529e3a36360040295eab4f07f6c556b348a6900a2e7213c3f13ce23957e0d42a427f4137505075736351d0a5c3d4017f4a5eb40e0f505aa21cbd28e22fd90f3dc1aecaf55946de87fc85e59161a9bc75977556122f8213a8671b86d381c671aa2cae4ac5857dbe8046070ed3ecb6848b92560e449f0024a40ee134ab82b12af4fb50d549fe5c944c691e2f8cb11c25d51d943cf0b4998274409c5d4c86b499125a93f3804305d64732e75400383067593653816b1db69109a45098c5c9135236dbfe89689df21d662e1e5ec39e2cf866acdd6399bea32790bd07d153a9202fde337606510fce6ed0c08fe573b57358b6e25c051502cb9d908f8bc114dc8e57571fd932c7ea568bfd7aabef970624ee4e71659139abc73c462d18fb458e2105cbeb5cc869dc9c8311756ec94a2605d8e81826112d5f07640a09d60318119ce00d274cfaaec803bb77e3f8dac2b63ad3c3fcaf8581ad2a3849b6e7e2eeb0fc22c72ee4fdd107e4445df5eecb6c89ba39c5a414434cb47562153aa112e800d7603cf35d2abca7be3476be200ab2338d1e6ef98134c486daaf83c1fe47733060adbcf00f0c88d481846a9467d5c39c2c25f937a2f9627e46d0bf309ff72f596273e427e426c581131234b0e29281b08edd7c4c714d5076ff8ab9dc33f19237ba98911f62807ea5fc8381bfcb84aad9d0ffa6296ddfa6e44202e2e94f39cd88c89f268b5aeb236ec53295c02b2d62543a5352efe7f746a1e49ff97b1df052de962738d769791edd9897c419ab8762514b36531be5d1ff413d3d6fd2b140077fc6cd8c0262e7c20a1b9713fe0b252c1df46cb04c46d48b861e85b9c762a182704cce266136e6bc81ee5497f505efd8b306af6a6ebfef2b441ba7359ad827224c5de57c45e54b949d2ae8c5670b47d6bc0156ab9aa86c390d01615034e702398c42cbdf1dc4768d0a6561ab08a690a91cecd5453247223c0be729eb861a3b57890dd752a781677ee03dc617c73e72e4e5deee063b3628c5c5a5b72016e58d1532da83d9cd21bb4cad0a4bf3d70cc0a2ae5d90b5255c5334182771c41d1c180a5f73e35a391ced23acba8934c93e5071fdf022d57a0dc608d900cfd7e659f0f676a6702e5179509538be4ace18d9e18f7fd6fdd3153a0237c2042955cceafe3182802a69ca2136e1cdaf0dfefeb724f57bd87db0e80777e98da8ac269ebf1f01ba754b8c897e0ebfe1111cff65b6faa7a65f9a3f8cf26f9184bd3481b0f04a7dfab9d29bc63629ccc7c82d1da463224e282545fda25613ab9b0135f19c6b2359729d0e7ef79557353dc97944490ea9b9746005c78fa34524b843ae1793ea9540a63eb3042a2f192a204f451fda5187c411c3d27b66ebce1cf4425301b9d92672bb461ae26466f2cf84fa1c76412098c0a250497c5a01e641265c8d0df21f7ff0025c1a81c532e427b59c92052cf3e0b437846c1afd337f6c6a7c79b9d3c16da9d371d449b9a0d2471cec3580b979dba0855322bd9f9ec9c694c2782702096b184917671c3696b9a7344685e8205095d802822754d7a9c81a23d092f74d3784adbe1afe080ad42ae6afc03d6d52cc22733b0ec73a7480c5afa3800b971d5609d83ece9871a805114c2a1c824e2d37539bc9300dee8098366a0a0537ffcee46ba215f6b2476089191ec7331433fcc197414ddf4d5bc4cc20dd54c28341a7ea901a06428766fd7560c6120cdaa41d82c2494756a922c3195a5d46c885dff70274d422f6401861b27f6b47dc07ba0c00b0e37312f1b58ad09f00d0e54a505d445924036e306640d18ef1a7880796b482c99cddd8a14cc8e86ff00edf881820684a6ac10ed6149c64b260a9319340f846a55387c2771080e16697edd30d4b65468e0d7b082defde5bea76d1e0b65033c3ac1a75dacd8d7889cad1cfa50ba305385bf54be5dc6171c4cc74d5ad045b359da9819de1f07816d0dc04e77e9724c642c29819ac3d18b3c516fd6eee4f2370fee589af3ba1aeacab3dd45153714f392b69d61cf39ad70fb779041a170336b6f3dae67a93a69a4fd873a6c67359b3f31cc252b6986bd6d9d28c01ef70c1e8f7a192377aa08113596d06e484478e8b946700bd0319f17059ede6222573e629431a509cf967f4e36e755e1b6d7ccda3262f5923808290e84ae105ddc94a2a935e07fdcd850835bf0a85f6463456a09a8049c26fda91dccc7be112903f53fe636aa72c5c2d948a3dff6a81a6a2fd324c1a1fb96199a2a4db7672b0ea910a494e6bfd07315ec58588f0c49c11d25feda86fb3b3ae76905b93c05db0806e61ab3796e6ed9279b7ffda94f03137f04f66d81da3477df3722aa918e818f8f01cfe509da1e348ec3c69ddb77c8baac0e616512ddc172ea01758d8446553711ad63c929fcf036c5844487180d8d29dd4ac0e516e3ba19800799cb06e7abe236704e0ab7f1590fe607dd3df579e822f82fb07df3e017ad00512122a186bba30000795bbc3e803c9ed100872088f58f0275d73b50eaebc6692abaf546d8793254e81afca65bd70a602cddd54b46bbf5a9f4d8bd17eef22030f0c6f32346a4c08530ffabd1d43930ac584b3a0e5d63f5958c533f665de7b4e536eadecef7ed6c882aab73e4ccb022d738a572fac167381d0dc5aa792c5220a9f8f2cc65a7fb54499daf5a12a384f918718dc247b2f4dbf5ff77acb9fe150afa150cb9c3f4651da68848f5f1fc2f6ce3f6a83ab8b7f8006ccfe6764972caf5f501a2b4838a2f35d8b76374a15d9f68d096ea5d1610f362217257a42cbfbc44f5135a5b9364d4ca84ad90844ee18bd3e79f0f1b2814b7ea6a1fe29a7ee42aeaaaa9d9687a46d9cf11ed21f78dd238a290ca6c0bfd5553f0b847256cee72cbe20bd88e7172a829472072b942aa8e99436f93846ff2ce02e5a98a834a2e7270f263f6ea4b727406cafca6135837210269ca49120c99f3b4fd050e19a8f251d009624b6f40c8dccf964cc3fef7610b57b75b647511c614d994344504dde6da5ee83af0373a211b2f33ccbfa70b8ae9092a813d54f364c50c6ea9a3a7576ebeca7292263e458068dbf8d135e5ae573cc3e7e442c8dca06c0edf3d79bd1aa7ed8248f71e446f91d3b691110164dd3629e5e0e24d5a21c0dd5b3c5bd781ea6fdc8886d1d6501652e128fa584c35d1028b88e3d06510f3aa968853df7b1b225e73595b0b1a49a0a9a9a446fc3a04fc649d28a9ae6147a4d0430185dd835244c54f4522b41657e042428c75ae2c104f69dea98176405f968f0fd1f691e167c02654a8195af96e9b579eb03955f7954b4b878266fa4134dfc56aa70efaad1407484ede12baeb7bc38355a6c50d8e59c5d7729e7eea62c29fc9ce5bc21c240f4fd25cd1c0e21669cbea4f572e7c4f41bb29bde4cf0518d58280dd10c938957cceea8d194a2b4830784a0985919fa94f792ba7ef76daed603ca2f45e618524654bfc3ef1b91ecf1187d49dd896f9e8fd91e758106971ac814f21090bd3aee6bbddf9884a9fe9e509bfc9bc2194d9fb31a49df4c5a0f86fa8a7c957cd1ef9cff8ffdf27867308ed2ed4e80fa43edc18710d2e8dd04d51b344f25891aa1106e2a05e6f3f931dbb4125cb2eff78ea3d30f7f39264a815c9ae636e0135b4bdf805c03cff1613aea4c0abe30b63ca56943275b6b1a2288fb86a1486b01f892a594882143f66622d10d3a9af269f29b8fc1ca491e980f16edd26f76918e7565f0c22eb4838a3649a4768e44537e3158c44c566a9de6ba0416466865c99fd2500b90f99702daab058b5ff5447f687a81d6f5bfda3effce6d3834d54da7bfef69a9fa94231db0ba151b23a2e2919728a9b35842bd65753f64d1d93d0d7acae220cec0eb6d47c46305b69a8d6b26a504cd89355f236c702a2dbdd3ed86e84c61adb3871529063687767d736b52900a550ae54ef6e402ca30f6ac5c1b9df40f6eee1a8893318fab0c6d75b9612e6d61f32cb227bbfe6785510856b1572e6987a3bc4b1cf2b57c02afb89fc29b4c65f2a300cfa2de6d2c877f9f413b5c4468983b799c1bf64c42a1b0d33aa021ace30545685546e34f6b15"}, {0xb0, 0xffff, 0xae92, "13eb3b585251749bba55d048b2c624516e234dadaa70f634509d9a77dbc958cfe7684fb3ac301edeb5a268b085e4ad507a011ba99eadf19a2ad96a2ca835345f2be0fa1cf0f00d83012c3f418f97f29b4697a9bb474d9e7f7753496cf44c3fe232914d863775fcb1703dcae5c3db9e092610545643f3b579f7b29857e0014dcc3d04cde240da712780a67aa7477fa7e3852df42453773681d5f16d5d2ba3"}, {0xb0, 0x0, 0x3, "e6d198dd8caa62b1a711b1a3873ece543ffe1e2e1b1de49b96ec2e50a6a64d54ca2ca1f05cfe373b95c95cbf3e994c18e2e1c4939dce31dc5fa4efb02d1329aac563db293b232cc83520a585ee6ef04636fea756d67f4bc94264475cb61b423a7895b2262382431e3de99548d53f893187f7053550a4b59515b3a80d9ab769a1ad70f507de9e363473f27064d655f59b1fd74748fc38a627a4"}], 0x12f8}, 0x4) shmctl$IPC_STAT(r6, 0x2, &(0x7f0000002780)=""/66) ioctl$KDSETLED(r5, 0x20004b42, &(0x7f0000002800)=0x7) semget$private(0x0, 0x0, 0x200) semget$private(0x0, 0x3, 0xc) preadv(r1, &(0x7f0000002c40)=[{&(0x7f0000002840)=""/23, 0x17}, {&(0x7f0000002880)=""/77, 0x4d}, {&(0x7f0000002900)=""/61, 0x3d}, {&(0x7f0000002940)=""/142, 0x8e}, {&(0x7f0000002a00)=""/23, 0x17}, {&(0x7f0000002a40)=""/117, 0x75}, {&(0x7f0000002ac0)=""/156, 0x9c}, {&(0x7f0000002b80)=""/154, 0x9a}], 0x8, 0x0) r8 = open(&(0x7f0000002cc0)='./file0/file0\x00', 0x1, 0x8) setsockopt$inet6_MRT6_DEL_MFC(r8, 0x29, 0x69, &(0x7f0000002d00)={{0x18, 0x1, 0x5, 0x6}, {0x18, 0x1, 0x5, 0x3}, 0x1, [0x3, 0x4, 0x81, 0xe9, 0x5, 0x5e1f, 0x4, 0x1]}, 0x3c) 05:16:06 executing program 1: r0 = socket$unix(0x1, 0x7, 0x0) getpeername(r0, &(0x7f0000000000)=@in6, &(0x7f0000000040)=0xc) r1 = getpgid(0x0) r2 = geteuid() getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0xc) r5 = fcntl$getown(r0, 0x5) r6 = getuid() getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0xc) r9 = fcntl$getown(r0, 0x5) r10 = geteuid() r11 = getegid() sendmsg$unix(r0, &(0x7f0000000580)={&(0x7f0000000080)=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000000400)=[{&(0x7f00000000c0)="3e2caf52a16aafe889f8da4a1606cd6535cec131a4cc215d825f34bea381db51c4f505c40bf56559aae30e0e5b0377159117eb364d22ba32ac2e3aa9870931bcc8995a25a2232f2f1e40559e6bb315349634660ef83bf76b62713033a7a75be38903866ca3d7dab6a9fa47c634e62e252029e92ddea74f7b3bf894a8c0950293559e0fc39d74acad56ff91917fbf0e7bf64b2df8d011b2771c9db8d7a1eeb4b1b95cb820e3023b8c91e29932585c19f5e04b31b6d1cdcb526feeac945c719d282063ab9828910660c781e67bd7a5e014e2ce22321ee613f0cb", 0xd9}, {&(0x7f00000001c0)="f59f5e4fa9c04f47c150af4aa7615e1e2edacd4642254dbd0a2ab4c459bb282d30f130c2ae219e38201e1ca8da137c04506b3427d49f9472c5a242855641a4436fe9be970cf02d4c6db3a70d3934d0cc6ebcb4a90dd5b02dd437833f800a586c43749b3de41a11f64fc321b0e272693fb1a69196e1f2560d76b3eb21e632250d4dd451cec302794091f15ee1a7909e3f02510d5bd86268d0e69b80a2dba8fb080a1713498e7def60a0", 0xa9}, {&(0x7f0000000280)="81f72537c5297bc6c85363ccb4317ddae33ce4f9f93c9dfd2f9539a7ba2a63f8fc15cbe9f153483137781efa4266b4a569d03d1859742316b5", 0x39}, {&(0x7f00000002c0)="55fe8017d7eea48c0051a822ce67ee50a8fda37c6bf3c8c879c07b7a74a8b5d88e1c843647575b2adbeed24f8e77e275e9d09dcff0657963b80724026fae1674d25395833527d8d6291436040442a70ed1f944d1365b009f418f500d039ca3667aa9247ce0e01e136ac4c5bf378cf50124908563d5e2334f3b30b2c88adf89c797e7360ee406dd3c6ac85910651f94a42b908e682c7864e1", 0x98}, {&(0x7f0000000380)="d0c29044f778259b741ac07c3b131b39879d85331d0cb34ee040db4e41c1dea2d151dd2774c64cf52a85eab6570b812ca56079b43d825a986668bca1ac40f6e64460237806f0e4619c1b38da50ad0e70343196a432e2b296c66a2c4873904c36d234bde4c1d11d1d5da0b09672ff889944409e0d3c3fa579bc106c97642103", 0x7f}], 0x5, &(0x7f0000000500)=[@cred={0x20, 0xffff, 0x0, r1, r2, r4}, @cred={0x20, 0xffff, 0x0, r5, r6, r8}, @cred={0x20, 0xffff, 0x0, r9, r10, r11}], 0x60, 0x400}, 0x6) r12 = fcntl$dupfd(r0, 0x0, r0) ioctl$WSDISPLAYIO_DELSCREEN(r12, 0x80085754, &(0x7f00000005c0)={0x10001}) r13 = syz_open_pts() r14 = fcntl$dupfd(r12, 0xa, r0) r15 = semget$private(0x0, 0x0, 0x0) semctl$IPC_SET(r15, 0x0, 0x1, &(0x7f0000000600)={{0xab7f, r7, r8, r3, r8, 0x8, 0x2}, 0x3, 0x1f, 0x9}) setreuid(r3, r3) geteuid() fchown(r13, r2, r8) write(r12, &(0x7f0000000680)="12d127c230feada2f9defbb335a35c8e9dcaae5124a9e0bd422f8d3660f67d8425856a07ff485bb04e3a90b69fe8205062c1d604ca41da2d2ccac5fef0a3f246e3e9b2e4ac3abbe6c1b47df3166ebc86f1e90cbf570083cd4354c5ff1be65098c09c18da92ff5dded2c4e0470a5465028519a2e563fdbc87efa4cb933e96b96a4e0ce6a3044c6fe788", 0x89) fcntl$getown(r12, 0x5) ioctl$KDGETLED(r14, 0x40044b41, &(0x7f0000000740)=0x1) r16 = dup2(r14, r12) semctl$GETALL(r15, 0x0, 0x6, &(0x7f0000000780)=""/23) r17 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffc000/0x1000)=nil) shmctl$IPC_STAT(r17, 0x2, &(0x7f00000007c0)=""/36) fchown(r16, r3, r8) socket(0x6, 0x6, 0x9) 05:16:06 executing program 0: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0x0, 0x0) ioctl$TIOCDRAIN(r0, 0x2000745e) r1 = fcntl$dupfd(0xffffffffffffff9c, 0xa, 0xffffffffffffff9c) r2 = dup(0xffffffffffffff9c) linkat(r1, &(0x7f0000000280)='./file0\x00', r2, &(0x7f0000000340)='./file0\x00', 0x4) recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0xfffffe43, &(0x7f0000000080)=[{&(0x7f0000000140)=""/169, 0xa9}, {&(0x7f0000000200)=""/114, 0x72}, {0x0}, {&(0x7f0000000440)=""/237, 0x1ad}, {&(0x7f0000000540)=""/229, 0xe5}, {&(0x7f0000000640)=""/202, 0x200}, {0x0}, {0x0}, {&(0x7f0000000740)=""/146, 0x92}, {0x0}], 0xa, &(0x7f00000008c0)=""/87, 0x57}, 0x0) bind(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="3256f7632f83953e221d"], 0xa) mknod(&(0x7f0000000000)='./file0\x00', 0x80002005, 0x2d94) r3 = dup(0xffffffffffffffff) connect$unix(r3, &(0x7f0000000040)=@abs={0x1, 0x0, 0x2}, 0x8) r4 = open(&(0x7f0000001700)='./file0\x00', 0x400000002, 0x0) pwritev(r4, &(0x7f00000002c0)=[{&(0x7f0000000180), 0xff20}], 0x100000000000005e, 0x0) close(r3) 05:16:06 executing program 1: r0 = syz_open_pts() fcntl$lock(r0, 0x400000009, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x101000000}) flock(r0, 0x2) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r1, 0x0, 0x400000000) flock(r0, 0x2) flock(r0, 0x2) ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000000)={0x8001, 0x8, 0x0, 0x4f3d, "dd4bb22ad04d2aa665c877b7eab147972ebd5fed", 0x0, 0xfffffffffffffff9}) 05:16:06 executing program 0: mkdir(&(0x7f0000000280)='./file0\x00', 0x1) getgroups(0x7, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff]) geteuid() setgroups(0x4, &(0x7f0000000180)=[r0, r1, r2, r0]) r3 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c) ioctl$WSMUXIO_LIST_DEVICES(r3, 0xc1045763, &(0x7f0000000300)={0x92cc, [{0x3, 0x8}, {0x3, 0x101}, {0x3, 0x1e55}, {0x1, 0x6}, {0x3, 0x1}, {0x2, 0x1}, {0x1}, {0x3, 0x81}, {0x3}, {0x1, 0x5}, {0x3, 0x7}, {0x2, 0x7}, {0x3, 0x3f}, {0x3, 0xfffffffffffffffb}, {0x0, 0x1}, {0x3, 0x5}, {0x1, 0x400}, {0x1, 0x400}, {0x3, 0x5ce}, {0x3}, {0x2, 0x7}, {0x1, 0x2}, {0x2}, {0x0, 0x2}, {0x2, 0x2}, {0x3, 0x65}, {0x1, 0x40}, {0x3, 0x6}, {0x3, 0x8}, {0x3, 0x7f}, {0x3, 0x8}, {0x1, 0x1}]}) lchown(&(0x7f0000000000)='./file0\x00', 0x0, r2) symlink(&(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='./file0\x00') mknod(&(0x7f0000000040)='./file0/file0\x00', 0x2000, 0xfffffffffffffffc) setgroups(0x0, 0x0) setuid(0xee01) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect(r5, &(0x7f0000000140)=@un=@abs={0x0, 0x0, 0x0}, 0x8) ioctl$WSKBDIO_GETMODE(r4, 0x40045714, &(0x7f00000001c0)) 05:16:06 executing program 0: mknod(&(0x7f0000000000)='./bus\x00', 0x10000000002000, 0x4503) r0 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c) ioctl$KDSETRAD(r0, 0x20004b43) ioctl$WSDISPLAYIO_USEFONT(r0, 0x80585750, &(0x7f0000000040)={'./file0\x00', 0xffff, 0x6, 0x80, 0x1, 0xffffffff7fffffff, 0x400, 0xcdb, 0x3, 0xfffffffffffffffd, 0x7, 0x1}) ioctl$WSDISPLAYIO_GVIDEO(r0, 0x40045744, &(0x7f0000000100)) r1 = open(&(0x7f00000014c0)='./bus\x00', 0x3, 0x180) getrusage(0x0, &(0x7f0000001500)) ioctl$WSMUXIO_ADD_DEVICE(r1, 0x80085761, &(0x7f00000000c0)={0x2}) fcntl$setstatus(r1, 0x4, 0x84) ioctl$KDGKBMODE(r0, 0x40044b06) ioctl$WSDISPLAYIO_GETSCREENTYPE(r1, 0xc028575d, &(0x7f0000000180)={0x3f, 0x7fff, './bus\x00', 0x5, 0x5, 0x0, 0x1}) getgroups(0x2, &(0x7f0000000140)=[0x0, 0xffffffffffffffff]) getgroups(0x5, &(0x7f0000001440)=[0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0]) getsockopt$sock_cred(r1, 0xffff, 0x1022, &(0x7f0000001480)={0x0, 0x0, 0x0}, &(0x7f00000015c0)=0xc) r5 = getgid() getgroups(0x4, &(0x7f0000001600)=[r2, r3, r4, r5]) preadv(r1, &(0x7f0000001400)=[{&(0x7f00000001c0)=""/65, 0x41}, {&(0x7f0000000240)=""/246, 0xf6}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/142, 0x8e}], 0x4, 0x0) fcntl$setflags(r0, 0x2, 0x1) 05:16:06 executing program 0: r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = socket$inet6(0x18, 0x0, 0x7ff) getsockopt$sock_linger(r1, 0xffff, 0x80, &(0x7f0000000000), &(0x7f0000000040)=0x8) setuid(0xee01) r2 = shmget(0x2, 0x4000, 0x8, &(0x7f0000ffc000/0x4000)=nil) readlinkat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)=""/104, 0x68) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0x66, &(0x7f0000000240)={0x1, 0x100000000000001, 0x9, 0x80007, 0xbb}, 0xfffffffffffffee3) getsockopt$SO_PEERCRED(r1, 0xffff, 0x1022, &(0x7f0000000080)={0x0, 0x0}, 0xc) r4 = getegid() getsockopt$SO_PEERCRED(r1, 0xffff, 0x1022, &(0x7f00000000c0)={0x0, 0x0}, 0xc) getsockopt$sock_cred(r1, 0xffff, 0x1022, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) getsockopt$SO_PEERCRED(r1, 0xffff, 0x1022, &(0x7f0000000180)={0x0}, 0xc) r8 = getpgrp() shmctl$IPC_SET(r2, 0x1, &(0x7f00000001c0)={{0x1, r3, r4, r5, r6, 0x20, 0xfffffffffffffff8}, 0x20000, 0x4, r7, r8, 0x4, 0x676, 0x7}) msgctl$IPC_RMID(r0, 0x0) 05:16:07 executing program 1: mknod(&(0x7f00000004c0)='./bus\x00', 0x80002002, 0x28ac) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) select(0x40, &(0x7f0000000040)={0x0, 0xfffffffffffffffd}, 0x0, &(0x7f0000000200)={0x2f, 0x0, 0x0, 0x3}, 0x0) dup2(r1, r0) 05:16:07 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/73, 0x49) getsockopt$sock_int(r0, 0xffff, 0x1002, 0x0, 0x0) 05:16:07 executing program 0: r0 = syz_open_pts() ioctl$TIOCSETAF(r0, 0x802c7416, &(0x7f0000000080)={0x0, 0x0, 0x90d2, 0x0, "d730c1e7bb6fc6e23c5b00000000000000e74de4"}) write(r0, &(0x7f0000000180)="582720efabd16ebae63225259560f8e5815f73f2a044fd33055552fbd5e41789632dfc94ff334a5619515a4c8ab06198824b3da025bbd47b3bf579456fc7d4096e8c8b6b87cb2d72b8bcdb9ad8a4f5f728193ef16ab93f12fc4d5f16b136a5d00d1628b53a", 0x65) write(r0, &(0x7f0000000300)="408071b63ac8ac436048ae1d3c0b943ed39a4d3ec1721a0c6021a7a5a628aa8a573e945003e7dd9aa053326e8d51301b347d93704b6243974cccffc4966df18b8a15ae97310cf404c13bc2b35fe6901199dbe2aa7f1076de1f8c74f6af582ce100000dd089c3b2e5006ee54933cb36b6ae7c146c3ab143fc081ddb9e174ade2e4427", 0xfffffdde) r1 = syz_open_pts() r2 = dup(r1) ioctl$WSDISPLAYIO_GETSCREEN(r2, 0xc0245755, &(0x7f0000000000)={0x0, './file0\x00', './file0\x00'}) close(r0) dup(r1) r3 = syz_open_pts() ioctl$TIOCSTOP(r3, 0x2000746f) pipe2(&(0x7f0000000200), 0x10004) ioctl$TIOCSETA(r3, 0x802c7414, &(0x7f0000000140)={0x0, 0x1, 0x3, 0xfffffffffffffeff, "854967f5afa680400900", 0x1de}) ioctl$TIOCGETD(r3, 0x4004741a, &(0x7f0000000040)) readv(r3, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/45, 0x2d}], 0x1) 05:16:07 executing program 1: execve(0x0, 0x0, &(0x7f0000000480)=[&(0x7f00000003c0)='\x00', &(0x7f0000000400)='/dev/tty\x00']) r0 = open(&(0x7f0000000180)='./file1\x00', 0x611, 0x0) fcntl$setstatus(r0, 0x4, 0x40) unveil(&(0x7f0000000500)='./file1\x00', &(0x7f0000000540)='r\x00') sendto$unix(r0, &(0x7f00000001c0)="c16147a3b11615faf859be9ea3c7b22339b5be6ce1c778a5117b6e2613b53918b3a735b5e03b18e101b9e375ca66ad8c0b3ad5a36a299061d6e1546ba2846bae294ad71714966a9423b3e865b74390062e35ebb54b08ea594fa08b733f5a31fb8de7092d8a1941cf94caa10707057431b701e7945e3d396101d7c937d9042937c99658cfb67815912a5856a1aba91c47f81e583a75193807c2c4d34fc10a805832305c1d0d6c7a6040a977f656ce138673eced4c7c00aa2bce1cb2ddd02ef5f109c1eb0952663f767064aa0c6fd6181b602415d9f94a4830379cab43bf702ac5600d42acfcdd", 0xe6, 0x8, &(0x7f00000002c0)=@file={0x1, './file1\x00'}, 0xa) pwritev(r0, &(0x7f00000003c0), 0x273, 0x0) unlink(&(0x7f0000000000)='./file1\x00') rmdir(&(0x7f0000000140)='./file1\x00') sendto(r0, &(0x7f0000000040)="c06befaaeaeae3c5d8773ed0c183636ed8d33261b97b18e99e737397e076076df5a211c6e97d2975e1e31d56552b11568c67535a8808ec8d0c8d8c42c373d62c2460bb084026aab30108136b8d9b558ce0e8cf99cfbfd40b0b4daee6b55ce88438c4591372a7231dca0b85dcc96aab8bec63a52bea2cc4bbef8f72227caf20475c4d2cea288909dae3cef889e06ff2ff", 0x90, 0x8, &(0x7f0000000100)=@in6={0x18, 0x1, 0x3ff, 0x5}, 0xc) 05:16:07 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chroot(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x680, 0x20) ioctl$KDGETLED(r0, 0x40044b41, &(0x7f00000000c0)=0x1) openat(0xffffffffffffffff, &(0x7f0000000000)='/', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) 05:16:07 executing program 0: symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000540)='./file0\x00') r0 = open(&(0x7f0000000040)='./file0\x00', 0xb, 0x3) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x2810, r0, 0x0, 0x0) r1 = fcntl$getown(r0, 0x5) lstat(&(0x7f0000000400)='./file0/file0\x00', &(0x7f00000007c0)) r2 = getuid() getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0xc) r4 = getpid() getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, &(0x7f0000000340)={0x0, 0x0}, 0xc) r6 = getgid() r7 = getppid() r8 = geteuid() getsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f0000000380)={0x0, 0x0, 0x0}, &(0x7f00000003c0)=0xc) sendmsg$unix(r0, &(0x7f0000000480)={&(0x7f0000000080)=@abs={0x1, 0x0, 0x1}, 0x8, &(0x7f00000002c0)=[{&(0x7f00000000c0)="de06b30470d3b2809d234bd51f6cb5f77c821314f17e7c51709b2cdc5647fb80f1ecddfd16b2839eb7a8ac5f6e94722b14ad8484b25f2ef8b186f91a64bb3a593c1212b252612e010feade03c9da28d0a40f4d5f7d1e73a5cadfcc089283051c905e7f1a7ced06bc8ac571edd8f486b7dac06308a31f1757d4a2060361329003d0af0e4cd46d30c394c1ef7186ccc7f16221af71b3fd3fbc7212cbc962d441dbf39313b8ddc491042fb3739ee3585af3c0a13d9cc8591c93994ba86bc7b5ad351e266ae7de055e", 0xc7}, {&(0x7f00000001c0)="083c100c20c74d244bc9e2078368b5e9236fbd8e390fb8a617cccd59b983ede8d5ecd98a10a79fc837e1e785e3f4e85f6e2a1376a99d0e7181293b6fe5e9d61bc64190eaa7a25b1dda4d52af95259baa836c7cc513dea106d951a84281632e0b3c7f0fc5d44cb00c215b9087fee6e14ff5795f322be01ca03799324a913b520b81ed1f25f6fc0d9bf8a3c4ec3c10ac8ffb54e1e9669dc654677941e8a5807654a27ef093f1ea65c32ab6d02a", 0xac}, {&(0x7f0000000280)="c476b5e9e0126155f20b4237e747ffd3e39bc75d7c1a23b0f8c5a8dd69ff85ac313842b8238cf43bcd", 0x29}], 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB="2000000000000000ffff000000000000", @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="000000002000000000000000ffff000000000000", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="000000002000000000000000ffff000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="2000000000000000ffff0000000000b4afb4921cd36b68dcae5f00377ffe0f15946946bb4c40fb103e429ebaa5ad567a405dd33a844533645243ccc56af144537368a14bed4f59b6edd503c09f6977766dda34f7641bc197e0e21fd96959f7bd3a151ca230f9c6eb13e3d743c0406954c821c3d524e4495c0c270eda76bda266e0f885ccfd008298d65635c3ab18090b6a0e708a34021ce1f43103882cbfddac20bab2312c4f98bc5ede84223a673adf61f99ba4ca9e15b8a9ad7405127fe56065449e343a1a14461b7aeddbaf00f83ce047005edc", @ANYRES32=r7, @ANYRES32=r8, @ANYRES32=r9, @ANYBLOB='\x00\x00\x00\x00'], 0x80, 0x40b}, 0x1) recvfrom$inet6(r0, &(0x7f0000000580)=""/178, 0xb2, 0x40, &(0x7f00000004c0)={0x18, 0x0, 0x3, 0x9}, 0xc) 05:16:07 executing program 1: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x10004) ioctl$WSDISPLAYIO_GBURNER(r0, 0x400c5752, &(0x7f0000000040)) mknod(&(0x7f0000000100)='./bus\x00', 0x3a0914c44f7b202c, 0x1b00) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x11, 0x0) semget$private(0x0, 0x0, 0x9) ioctl$WSMUXIO_LIST_DEVICES(r1, 0x20005302, &(0x7f0000000140)={0x0, [{0x1, 0x2}, {0xffffffffffffffff}]}) 05:16:07 executing program 0: r0 = syz_open_pts() ioctl$TIOCSETAF(r0, 0x802c7416, &(0x7f0000000080)={0x0, 0x0, 0x90d2, 0x0, "d730c1e7bb6fc6e23c5b00000000000000e74de4"}) write(r0, &(0x7f0000000200)="582720efabd16ebae63225259560f8e5815f73f2a044fd33055552fbd5e41789632dfc94ff334a5619515a4c8ab06198824b3da025bbd45d3bf579456fc7d4096e8c8b6b87cb2d72b8bcdb9ad8a4f5f728193ef16a960387a64d5f16b136a5d00d1628b53a", 0x65) r1 = shmat(0xffffffffffffffff, &(0x7f0000ffa000/0x4000)=nil, 0x2000) shmdt(r1) write(r0, &(0x7f0000000280)="bdfa4d2582c321a8cf98848e4a8051bd24313dea8d0343d605e2d3280d33ee6185c6a19e1a3fbed9d7c7f5ecd505370f55d9bb05dc03e23aa168a0017f559b7cb5e32d0ff2d4e7199679daa987423cab21c6b2748aaa78947da61d75bc9028a2b887f01309bbe061a751731e5c2091f3e9bdd11c4518138f7d1d6a2e60e1f34322c0cdf8648b48935d14a79a15cecdd79cd66c31400b4dc386972d2eae1f50146ed5ead47dfc43c6c3b018be5455ba5fe808f9840f9e13da075ee54c0682247a3e405d535caab085c9a7dee598ca84b10ba7651238225996d2250f6ea821e153a6212dc30a15f3b72c37e6969b9336888fff85cc584aa9720b4a4a8c7d81", 0xfe) r2 = syz_open_pts() close(r0) r3 = dup(r2) r4 = syz_open_pts() openat$tty(0xffffffffffffff9c, &(0x7f0000000180)='/dev/tty\x00', 0x10880, 0x0) ioctl$WSKBDIO_GETMODE(r3, 0x40045714, &(0x7f0000000040)) ioctl$TIOCSETA(r4, 0x802c7414, &(0x7f0000000140)={0x0, 0x0, 0x3, 0x0, "85495500020000000000001167f5afa680400900"}) ioctl$TIOCSETAF(r3, 0x802c7416, &(0x7f00000001c0)={0x7fff, 0x0, 0x2, 0x9, "bbdc0261b44eeea6602a3d4984678d7d3a015849", 0x100000000, 0xfffffffffffffff8}) ioctl$TIOCSETA(r4, 0x802c7414, &(0x7f0000000000)={0xd4f2, 0x10001, 0x3, 0xfdb8, "010000006622dc8dbd8a0c3bab7a8a210524d8e5"}) readv(r4, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/45, 0x2d}], 0x1) panic: timeout_add: to_ticks (-1) < 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 471633 71984 0 0 0 0 syz-executor.1 *239853 71984 0 0 0x4000000 1K syz-executor.1 db_enter() at db_enter+0x18 panic() at panic+0x174 timeout_add(ffff80000066d060,ffffffff) at timeout_add+0x194 pcppi_bell(ffff80000066d000,2,ffffffff,1) at pcppi_bell+0x2a0 spkrioctl(1b00,20005302,ffff800020c1d570,2,ffff800020b259d0) at spkrioctl+0x230 VOP_IOCTL(fffffd80766028c8,20005302,ffff800020c1d570,2,fffffd807f7c7840,ffff800020b259d0) at VOP_IOCTL+0x9a vn_ioctl(fffffd8076639578,20005302,ffff800020c1d570,ffff800020b259d0) at vn_ioctl+0xc9 sys_ioctl(ffff800020b259d0,ffff800020c1d6b8,ffff800020c1d6a0) at sys_ioctl+0x646 syscall(ffff800020c1d750) at syscall+0x5ac Xsyscall(6,0,ffffffffffffff88,0,3,b1cda227010) at Xsyscall+0x128 end of kernel end trace frame: 0xb1fb4217730, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic timeout_add: to_ticks (-1) < 0 ddb{1}> trace db_enter() at db_enter+0x18 panic() at panic+0x174 timeout_add(ffff80000066d060,ffffffff) at timeout_add+0x194 pcppi_bell(ffff80000066d000,2,ffffffff,1) at pcppi_bell+0x2a0 spkrioctl(1b00,20005302,ffff800020c1d570,2,ffff800020b259d0) at spkrioctl+0x230 VOP_IOCTL(fffffd80766028c8,20005302,ffff800020c1d570,2,fffffd807f7c7840,ffff800020b259d0) at VOP_IOCTL+0x9a vn_ioctl(fffffd8076639578,20005302,ffff800020c1d570,ffff800020b259d0) at vn_ioctl+0xc9 sys_ioctl(ffff800020b259d0,ffff800020c1d6b8,ffff800020c1d6a0) at sys_ioctl+0x646 syscall(ffff800020c1d750) at syscall+0x5ac Xsyscall(6,0,ffffffffffffff88,0,3,b1cda227010) at Xsyscall+0x128 end of kernel end trace frame: 0xb1fb4217730, count: -10 ddb{1}> show registers rdi 0xffffffff8125d7b7 db_enter+0x17 rsi 0x1108 __ALIGN_SIZE+0x108 rbp 0xffff800020c1d190 rbx 0xffff800020c1d240 rdx 0x1109 __ALIGN_SIZE+0x109 rcx 0xffff800002b4a000 rax 0xffff800002b4a000 r8 0xffffffff811d6983 kprintf+0x183 r9 0x1 r10 0x25 r11 0x7e7cb93ae6aa0f0a r12 0x3000000008 r13 0xffff800020c1d1a0 r14 0x100 r15 0x1 rip 0xffffffff8125d7b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c1d180 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.1) pid=239853 stat=onproc flags process=0 proc=4000000 pri=21, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020b95078,0xffffffff82310f08 process=0xffff800020b45708 user=0xffff800020c18000, vmspace=0xfffffd807f00cb40 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 71984 471633 34828 0 7 0 syz-executor.1 *71984 239853 34828 0 7 0x4000000 syz-executor.1 34828 349770 67278 0 3 0x82 nanosleep syz-executor.1 50756 140433 67278 0 3 0x2 biowait syz-executor.0 67278 142339 9201 0 3 0x82 thrsleep syz-fuzzer 67278 219698 9201 0 2 0x4000482 syz-fuzzer 67278 149689 9201 0 3 0x4000082 thrsleep syz-fuzzer 67278 14561 9201 0 3 0x4000082 thrsleep syz-fuzzer 67278 54137 9201 0 3 0x4000082 thrsleep syz-fuzzer 67278 64109 9201 0 3 0x4000082 thrsleep syz-fuzzer 67278 199888 9201 0 3 0x4000082 thrsleep syz-fuzzer 67278 283595 9201 0 3 0x4000082 thrsleep syz-fuzzer 67278 175227 9201 0 3 0x4000082 thrsleep syz-fuzzer 67278 306569 9201 0 3 0x4000082 kqread syz-fuzzer 9201 441287 98079 0 3 0x10008a pause ksh 98079 171243 53210 0 3 0x92 select sshd 71774 136063 1 0 3 0x100083 ttyin getty 53210 298917 1 0 3 0x80 select sshd 8215 66716 94229 73 3 0x100090 kqread syslogd 94229 425022 1 0 3 0x100082 netio syslogd 35917 504060 1 77 3 0x100090 poll dhclient 56337 151188 1 0 3 0x80 poll dhclient 23163 176652 0 0 3 0x14200 pgzero zerothread 9256 245238 0 0 3 0x14200 aiodoned aiodoned 24559 387396 0 0 3 0x14200 syncer update 68680 313899 0 0 3 0x14200 cleaner cleaner 14788 467313 0 0 3 0x14200 reaper reaper 92931 407092 0 0 3 0x14200 pgdaemon pagedaemon 59098 159345 0 0 3 0x14200 bored crynlk 39796 5599 0 0 3 0x14200 bored crypto 23870 176519 0 0 3 0x40014200 acpi0 acpi0 38903 416927 0 0 3 0x40014200 idle1 77672 402170 0 0 3 0x14200 bored softnet 58462 264207 0 0 3 0x14200 bored systqmp 7629 33103 0 0 3 0x14200 bored systq 99319 375253 0 0 3 0x40014200 bored softclock 50883 144667 0 0 3 0x40014200 idle0 1 504278 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 71984 (syz-executor.1) thread 0xffff800020b259d0 (239853) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82330470) locked @ /syzkaller/managers/multicore/kernel/sys/kern/sched_bsd.c:436 #0 witness_lock+0x58a #1 ___mp_acquire_count+0x67 #2 mi_switch+0x3b0 #3 sleep_finish+0x110 #4 sleep_finish_all+0x34 #5 tsleep+0x1bc #6 spkrioctl+0x261 #7 VOP_IOCTL+0x9a #8 vn_ioctl+0xc9 #9 sys_ioctl+0x646 #10 syscall+0x5ac #11 Xsyscall+0x128 Process 50756 (syz-executor.0) thread 0xffff800020b24968 (140433) exclusive rrwlock inode r = 0 (0xfffffd80764bdf80) locked @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_ihash.c:140 #0 witness_lock+0x58a #1 _rw_enter+0x44d #2 _rrw_enter+0x60 #3 ufs_ihashins+0x67 #4 ffs_vget+0x13d #5 ffs_inode_alloc+0x1c3 #6 ufs_mkdir+0x10f #7 VOP_MKDIR+0x76 #8 domkdirat+0x12d #9 syscall+0x5ac #10 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806a1f96f8) locked @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 #0 witness_lock+0x58a #1 _rw_enter+0x44d #2 _rrw_enter+0x60 #3 VOP_LOCK+0x57 #4 vn_lock+0x6e #5 vfs_lookup+0xf5 #6 namei+0x4b2 #7 domkdirat+0x81 #8 syscall+0x5ac #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9457 6321K 6322K 78643K 10548 0 0 pcb 23 9K 9K 78643K 59 0 0 rtable 100 3K 4K 78643K 176 0 0 ifaddr 35 10K 10K 78643K 39 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 15 0 0 iov 0 0K 12K 78643K 6 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1199 75K 75K 78643K 1212 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 4 0K 0K 78643K 4 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1792 194K 288K 78643K 12592 0 0 file desc 5 13K 25K 78643K 32 0 0 proc 41 38K 70K 78643K 253 0 0 subproc 64 65538K 67586K 78643K 68 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 33 2K 2K 78643K 33 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 42 185K 185K 78643K 42 0 0 exec 0 0K 1K 78643K 165 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 74 20K 20K 78643K 829 0 0 UVM aobj 4 2K 2K 78643K 4 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 5 0K 0K 78643K 10 0 0 temp 81 2352K 2416K 78643K 2819 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 0 1 0 1 1 0 8 0 inpcbpl 280 28 0 21 1 0 1 1 0 8 0 plimitpl 152 14 0 7 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 41 0 1 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 10 0 6 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 ppxss 1128 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 185 0 0 12 0 12 12 0 8 0 art_table 32 186 0 0 2 0 2 2 0 8 0 art_node 16 40 0 6 1 0 1 1 0 8 0 semapl 112 2 0 0 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1457 0 48 46 0 46 46 0 8 0 ffsino 272 1457 0 48 95 0 95 95 0 8 0 nchpl 144 1709 0 88 61 0 61 61 0 8 0 uvmvnodes 72 1500 0 0 28 0 28 28 0 8 0 vnodes 200 1500 0 0 79 0 79 79 0 8 0 namei 1024 4047 0 4046 2 1 1 1 0 8 0 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 4134 0 4133 9 6 3 5 0 8 2 sigapl 432 200 0 187 2 0 2 2 0 8 0 futexpl 56 258 0 258 1 0 1 1 0 8 1 knotepl 112 63 0 36 1 0 1 1 0 8 0 kqueuepl 104 4 0 2 1 0 1 1 0 8 0 pipepl 112 136 0 115 2 1 1 1 0 8 0 fdescpl 488 201 0 187 3 0 3 3 0 8 1 filepl 152 1004 0 907 6 1 5 5 0 8 1 lockfpl 104 19 0 18 2 1 1 1 0 8 0 lockfspl 32 30 0 29 2 1 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 74 0 67 1 0 1 1 0 8 0 zombiepl 144 187 0 187 2 1 1 1 0 8 1 processpl 840 215 0 187 4 0 4 4 0 8 0 procpl 600 262 0 224 4 0 4 4 0 8 1 sockpl 384 74 0 57 3 0 3 3 0 8 1 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 113 0 0 14 0 14 14 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 126 0 0 8 0 8 8 0 8 0 bufpl 256 5285 0 1013 267 0 267 267 0 8 0 anonpl 16 26852 0 19736 31 1 30 30 0 125 0 amapchunkpl 152 735 0 649 5 0 5 5 0 158 1 amappl16 192 521 0 159 20 0 20 20 0 8 1 amappl15 184 9 0 8 2 1 1 1 0 8 0 amappl14 176 20 0 16 2 1 1 1 0 8 0 amappl13 168 25 0 22 1 0 1 1 0 8 0 amappl12 160 9 0 8 1 0 1 1 0 8 0 amappl11 152 183 0 173 1 0 1 1 0 8 0 amappl10 144 63 0 58 1 0 1 1 0 8 0 amappl9 136 351 0 346 1 0 1 1 0 8 0 amappl8 128 132 0 115 1 0 1 1 0 8 0 amappl7 120 36 0 31 1 0 1 1 0 8 0 amappl6 112 52 0 45 1 0 1 1 0 8 0 amappl5 104 149 0 138 1 0 1 1 0 8 0 amappl4 96 269 0 243 2 0 2 2 0 8 1 amappl3 88 128 0 121 1 0 1 1 0 8 0 amappl2 80 733 0 681 2 0 2 2 0 8 0 amappl1 72 12664 0 12247 23 5 18 19 0 8 8 amappl 72 469 0 436 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 201 0 187 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 201 0 187 1 0 1 1 0 8 0 vmmpekpl 168 5400 0 5377 2 0 2 2 0 8 0 vmmpepl 168 28258 0 26962 85 15 70 70 0 357 13 vmsppl 360 200 0 187 2 0 2 2 0 8 0 pdppl 4096 409 0 374 6 0 6 6 0 8 1 pvpl 32 105003 0 94956 100 4 96 96 0 265 12 pmappl 224 200 0 187 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 412 0 3 12 0 12 12 0 8 0