Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. 2019/03/24 06:05:49 fuzzer started 2019/03/24 06:05:55 dialing manager at 10.128.15.235:34388 2019/03/24 06:05:55 syscalls: 1 2019/03/24 06:05:55 code coverage: enabled 2019/03/24 06:05:55 comparison tracing: enabled 2019/03/24 06:05:55 extra coverage: support is not implemented in syzkaller 2019/03/24 06:05:55 setuid sandbox: enabled 2019/03/24 06:05:55 namespace sandbox: support is not implemented in syzkaller 2019/03/24 06:05:55 Android sandbox: support is not implemented in syzkaller 2019/03/24 06:05:55 fault injection: support is not implemented in syzkaller 2019/03/24 06:05:55 leak checking: support is not implemented in syzkaller 2019/03/24 06:05:55 net packet injection: enabled 2019/03/24 06:05:55 net device setup: support is not implemented in syzkaller 06:06:00 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x80, 0x0) ioctl$KDSETMODE(r0, 0x20004b0a, &(0x7f0000000040)=0x1) fcntl$setflags(r0, 0x2, 0x1) r1 = semget(0x0, 0x0, 0x300) semctl$GETPID(r1, 0x0, 0x4, &(0x7f0000000080)=""/235) semctl$GETVAL(r1, 0x1, 0x5, &(0x7f0000000180)=""/4096) semctl$GETNCNT(r1, 0x3, 0x3, &(0x7f0000001180)=""/25) r2 = openat$tty(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/tty\x00', 0xc0, 0x0) semctl$GETNCNT(r1, 0x3, 0x3, &(0x7f0000001200)=""/58) ioctl$TIOCCDTR(r0, 0x20007478) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000001240)='/dev/zero\x00', 0x0, 0x0) ioctl$TIOCSETAF(r0, 0x802c7416, &(0x7f0000001280)={0x9, 0x1, 0x0, 0x1, "4351c8c0f39c300a0979d7301ec88744a59cbba2", 0x7fffffff, 0x80}) read(r2, &(0x7f00000012c0)=""/185, 0xb9) semctl$SETALL(r1, 0x0, 0x9, &(0x7f0000001380)=[0x3f, 0x1, 0x7fffffff, 0x4, 0x6, 0x940000000000000, 0x6, 0x40]) r4 = syz_open_pts() fchmod(r4, 0x1) ioctl$TIOCSETAF(r3, 0x802c7416, &(0x7f00000013c0)={0x2, 0x8, 0x2, 0x200, "d1a95c6cdbb7a17e8ebe6985be690ebfaac6c9b3", 0x8, 0x4}) r5 = socket(0x18, 0x1, 0x2) ioctl$WSMUXIO_ADD_DEVICE(r3, 0x80085761, &(0x7f0000001400)={0x0, 0x1}) ioctl$TIOCCLRVERAUTH(r0, 0x2000741d) recvmsg(r3, &(0x7f00000037c0)={&(0x7f0000001440)=@in, 0xc, &(0x7f0000003640)=[{&(0x7f0000001480)=""/4096, 0x1000}, {&(0x7f0000002480)=""/179, 0xb3}, {&(0x7f0000002540)=""/4096, 0x1000}, {&(0x7f0000003540)=""/148, 0x94}, {&(0x7f0000003600)=""/56, 0x38}], 0x5, &(0x7f00000036c0)=""/236, 0xec}, 0x2) recvfrom$unix(r0, &(0x7f0000003800)=""/4096, 0x1000, 0x800, &(0x7f0000004800)=@file={0x1, './file0\x00'}, 0xa) getsockopt$SO_PEERCRED(r5, 0xffff, 0x1022, &(0x7f0000004840), 0xc) semop(r1, &(0x7f0000004880)=[{0x3, 0x48d, 0x1000}, {0x7623dc612c3430ae, 0x1, 0x1000}, {0x1, 0x0, 0x1000}, {0x4, 0x9, 0x1000}], 0x4) recvfrom(r0, &(0x7f00000048c0)=""/249, 0xf9, 0x843, &(0x7f00000049c0)=@un=@abs={0x0, 0x0, 0x1}, 0x8) clock_settime(0x3, &(0x7f0000004a00)={0x13a}) semctl$SETVAL(r1, 0x3, 0x8, &(0x7f0000004a40)=0xd40) setsockopt$inet_opts(r3, 0x0, 0x1, &(0x7f0000004a80)="dc5fca88741764abc0b662c0be19e6d9f91145edc30c9d645dccbdfdfe03374e770c548244b16628930b79d47f74a3efbe2911d7f7681d2aa08497024aac94e970829f00ee7b4a67e5bb29329faa14df61b0570adb8bb5c0b1d40edc4624f193baf42aaf5abba65a46dcc53df06b4102dce30c9a8d38b61a80ab0dcce0830032ca91f01eb8732c037c06ed2c527a", 0x8e) semctl$IPC_RMID(r1, 0x0, 0x0) ioctl$TIOCFLUSH(r0, 0x80047410, &(0x7f0000004b40)=0x4) 06:06:00 executing program 1: r0 = socket$unix(0x1, 0x5, 0x0) setsockopt(r0, 0x6, 0x10000, &(0x7f0000000000)="96379ecfadbb00b762dd8e2bf3def5d826a633f15a37885cc2b1bf394fe323826dbc20292300e39aba9160c5a6d049e0911e173af2ee248222f248ccdf073465eb2e1d1b026b453b856fb3b95c55e812795b63f64cb603b4895687059ee17cc0e7bac4990a5f23d69de7a3080ea925ea268527bd36f7e3513ee4be6c0ff85f66aae1f16229d4f27bd606d302f9", 0x8d) r1 = openat$wsmuxkbd(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/wskbd\x00', 0x100, 0x0) getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0xc) setuid(r3) getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0xc) getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, &(0x7f0000000180)={0x0}, 0xc) getsockopt$sock_timeval(r0, 0xffff, 0x1007, &(0x7f00000001c0), &(0x7f0000000200)=0x10) setsockopt(r0, 0x7f, 0x7, &(0x7f0000000240)="60273e6bafcd2125de39eafb2b55d48bedaf62456e6f28ecaa63ea9c722f56b97e4c40e9e58acaccd84fca36ca036fd8ca19382f323e35f04800870a16cc973b5f701d9562362e06e664f6c6a7863f48b522ca2652dc583f3784a36f727c462c5db1914e8673fd0f3881", 0x6a) r8 = openat$wsmuxkbd(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/wskbd\x00', 0x8000, 0x0) r9 = dup(r1) r10 = openat(r9, &(0x7f0000000300)='./file0\x00', 0xa2, 0x4d) r11 = openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/wsmouse\x00', 0x200, 0x0) kevent(r9, &(0x7f0000000380)=[{{r0}, 0xffffffffffffffff, 0x0, 0x4, 0xfffffffffffffffc, 0x2}, {{r11}, 0xffffffffffffffff, 0x8, 0x20, 0x7, 0x94a}, {{r1}, 0xfffffffffffffffe, 0x0, 0x10, 0x20, 0xd49b}, {{r9}, 0xfffffffffffffffc, 0xc0, 0xc, 0x1, 0x3849}, {{r9}, 0xffffffffffffffff, 0x12, 0x8, 0x9, 0x539}, {{r8}, 0xfffffffffffffffe, 0x4, 0x80, 0xfffffffffffffffa, 0x5}], 0x4, &(0x7f0000000440)=[{{r0}, 0xffffffffffffffff, 0x80, 0x1, 0x9, 0x9}, {{r10}, 0xffffffffffffffff, 0x40, 0xfffff, 0x5, 0x2}, {{r8}, 0xffffffffffffffff, 0x22, 0x1dd8199104b5da6b, 0xe6, 0x7}, {{r9}, 0xffffffffffffffff, 0x2, 0x82, 0x8, 0x9ddb}], 0x8, &(0x7f00000004c0)={0xcc, 0x7fff}) close(r8) setsockopt$sock_linger(r10, 0xffff, 0x80, &(0x7f0000000500)={0x7, 0x6c6}, 0x8) setsockopt$sock_cred(r9, 0xffff, 0x1022, &(0x7f0000000540)={r7, r5, r6}, 0xc) setsockopt$sock_cred(r10, 0xffff, 0x1022, &(0x7f0000000580)={r2, r3, r4}, 0xc) r12 = openat(r10, &(0x7f00000005c0)='./file0\x00', 0x20, 0x10) openat$wsmuxkbd(0xffffffffffffff9c, &(0x7f0000000600)='/dev/wskbd\x00', 0x80, 0x0) ioctl$WSMUXIO_ADD_DEVICE(r12, 0x80085761, &(0x7f0000000640)={0x3, 0x7}) r13 = accept$unix(r0, &(0x7f0000000680)=@file={0x0, ""/9}, &(0x7f00000006c0)=0xb) clock_getres(0x4, &(0x7f0000000700)) r14 = openat$zero(0xffffffffffffff9c, &(0x7f0000000740)='/dev/zero\x00', 0x800, 0x0) ioctl$KDSETMODE(r14, 0x20004b0a, &(0x7f0000000780)=0x1) clock_settime(0x0, &(0x7f00000007c0)={0x8, 0x3}) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x2010, r1, 0x0, 0x0) getsockopt$sock_cred(r13, 0xffff, 0x1022, &(0x7f0000000800), &(0x7f0000000840)=0xc) ioctl$TIOCGTSTAMP(r12, 0x4010745b, &(0x7f0000000880)) r15 = semget(0x3, 0x1, 0x0) semctl$GETVAL(r15, 0x3, 0x5, &(0x7f00000008c0)=""/141) 06:06:00 executing program 0: r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000004c0)="90c3fe67eb586898600425f2f573e0d1ac83c18d65c8e22066c0d389fe894a974c8d45aaf9d2e7ae9fed58938ea6ac68a0b0632688ca0fab3647175abf22fea120c9b3bb77ca60c128295bf234505356095dbf9e50a4a5079723b57fed8ef0a251b91e67e1f5d347d5b668a390a25beea3962e7c10b8d9f53f5c82b5eacc26757d14f2fa6be9a2cbb2cfacc5e906dfd1e3208364bbc454327b6a1522c332ea628b8cb672e9e7247818f970e017c7cb9303e6b505059f34d3fb9df3993b7535fa269859e24b2802782224d7d5c13c21d4eee4f8621037c3d78695ad9a278978b26c46049befba997acb9ac407791cdf6046f9f71e36d09827a4493c17a0921dc3", 0x100}], 0x1, 0x0) mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x5, 0x10, r0, 0x0, 0x0) r1 = msgget$private(0x0, 0x20) msgsnd(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="03000000000000000bc992994cc8745125c0e94f9cc5e3db5f9cd5acef31565c6493fc25a4a939a8bbbe5c21863b5b7156224a2c8371373dab156ac0e422f63da13e3b931e4e2e53f35a18c5e50ed2081c915c923af8acfccd35234b0f5005a2814c96a1e3dbce6fa6e42843e17c95eec978c2884705920045f3a0f50cce79bbe87ceae0bd821d211884e93cbb8c274b35b710b5062950d610f8a9d56bd15223646cc9bd16299d1cebb33481a2a20a377a64584dba8722648e20dd3ee39a8c9b10591454035ea4eaa04ef73dbaa92b9267c8b570c834c8ccb82ab345421acf690db394df2dee6bda77c41cd1d3a3d9af0d044ff55a0b8b934ef93a4eee9aa0a37f1ff0b0958897a610e8adaa79f4c8001b6546376928d45d2d0918a1afa5a9b220da89b26e552dde74d240e036e7456e4a6fd540a89dcf3ba8440c708c4518819bc315e870bcd0ed7759a57647076082c2dc1b540a93abc8cd0284892558b2d21c81acda62a6d700c59b9e1412eb08cfa65f04b900a4fa431bb9d54791b4d38b38e0b4fa3d68e6af3615217d7c929765867a000000000000000087696b53bcd013223a048b522e14401a4bd4b669bf1ba6587275ff7f6b748adcabbbfb"], 0x102, 0x800) openat$wskbd(0xffffffffffffff9c, &(0x7f0000000000)='/dev/wskbd0\x00', 0x0, 0x0) pledge(&(0x7f00000000c0)='/dev/wskbd0\x00', &(0x7f0000000100)='\x00') 16:00:08 executing program 1: r0 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil) mknod(&(0x7f0000000040)='./file0\x00', 0x8, 0x7fff) getsockopt$SO_PEERCRED(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc) getgroups(0x4, &(0x7f0000000240)=[0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff]) r3 = getegid() setgroups(0x3, &(0x7f00000002c0)=[r1, r2, r3]) getgroups(0x7, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0]) setegid(r4) setgroups(0x0, 0x0) r5 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ttyCcfg\x00', 0x800, 0x0) dup(r5) setuid(0xee01) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x80, 0x0) fchmodat(r6, &(0x7f0000000300)='./file0\x00', 0xe, 0x2) shmat(r0, &(0x7f0000ffc000/0x2000)=nil, 0x0) mknod(&(0x7f0000000280)='./file0\x00', 0x6001, 0x203) mknod(&(0x7f00000001c0)='./file0\x00', 0x2000, 0x2) r7 = semget$private(0x0, 0x5, 0x4) semctl$GETZCNT(r7, 0x3, 0x7, &(0x7f00000000c0)=""/211) 16:00:08 executing program 0: ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "000000000000000100002000"}) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) setitimer(0x0, &(0x7f0000000000)={{}, {0x2}}, 0x0) r0 = socket(0x18, 0x1, 0x0) close(r0) r1 = socket(0x18, 0x400000002, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt(r1, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) connect$unix(r0, &(0x7f0000000040)=@abs={0x0, 0x7}, 0x8) 16:00:08 executing program 1: mknod(&(0x7f0000000080)='./bus\x00', 0x280002002, 0x2065d) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) readlinkat(r0, &(0x7f0000000040)='./bus/file0\x00', &(0x7f00000000c0)=""/72, 0x48) ioctl$TIOCSTAT(r0, 0x20007465, 0x0) ioctl$TIOCFLUSH(r0, 0x80047410, &(0x7f0000000200)) 16:00:08 executing program 0: pipe(&(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) write(r1, 0x0, 0x0) write(r1, 0x0, 0x0) recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000280)=""/47, 0x2f}], 0x1, 0x0, 0x0, 0x9}, 0x40) 16:00:08 executing program 1: ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x401, "000000000000000100002000", 0xff}) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) setitimer(0x0, &(0x7f0000000000)={{}, {0x2}}, 0x0) r0 = socket(0x18, 0x1, 0x0) close(r0) r1 = socket(0x18, 0x400000002, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt(r1, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) 16:00:08 executing program 0: mknod(&(0x7f0000000000)='./bus\x00', 0x80002002, 0xa22) r0 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) ioctl$TIOCCONS(r0, 0x80045604, &(0x7f00000000c0)) r1 = geteuid() seteuid(r1) 16:00:08 executing program 1: mknod(&(0x7f0000000180)='./file0\x00', 0x2001, 0x401) mknod(&(0x7f0000000000)='./bus\x00', 0x2109, 0x401) chflags(&(0x7f00000000c0)='./bus\x00', 0x20004) unlink(&(0x7f0000000040)='./bus\x00') r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TIOCDRAIN(r0, 0x2000745e) mknod(&(0x7f0000000100)='./bus\x00', 0x2000, 0x9) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='./bus\x00') unlink(&(0x7f0000000080)='./file0\x00') 16:00:08 executing program 0: mknod(&(0x7f00000000c0)='./bus\x00', 0x2000, 0x80004501) open$dir(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x2, 0x156) accept$unix(r0, 0x0, &(0x7f0000000080)) 16:00:08 executing program 1: r0 = socket$inet(0x2, 0x3, 0x80000000102) read(r0, &(0x7f0000000000)=""/57, 0x39) r1 = dup2(r0, r0) listen(r1, 0x0) socket$inet(0x2, 0x4000, 0x6) login: wsmux_getmux: no memory for mux 8388609 wsmux_getmux: no memory for mux 8388609 16:00:08 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80, 0x8) ioctl$TIOCSTOP(r0, 0x2000746f) r1 = shmget(0x3, 0x2000, 0x48, &(0x7f0000ffb000/0x2000)=nil) shmat(r1, &(0x7f0000ffc000/0x2000)=nil, 0x3000) shmctl$SHM_UNLOCK(r1, 0x4) r2 = socket(0x18, 0x2, 0x0) getsockopt$sock_timeval(r2, 0xffff, 0x1006, &(0x7f0000000040), &(0x7f0000000080)=0x10) shmat(r1, &(0x7f0000ffd000/0x1000)=nil, 0x3000) 16:00:08 executing program 0: r0 = syz_open_pts() socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCSPGRP(r0, 0x40047477, &(0x7f00000007c0)) setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1000, 0x0, 0x0) getsockname$unix(r2, &(0x7f0000000840)=@abs, &(0x7f0000000880)=0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000680)) r5 = dup2(r4, r0) getdents(r5, 0x0, 0x88da8d22fc571501) ioctl$TIOCNOTTY(r5, 0x20007471) kevent(r5, &(0x7f0000000980)=[{{r0}, 0xfffffffffffffff9, 0x8, 0x25, 0x7, 0x66890555}, {{r4}, 0xfffffffffffffffc, 0x8, 0x20000000, 0xc6, 0x8001}, {{r1}, 0xfffffffffffffffa, 0x8, 0x1, 0x40, 0x80000000}, {{r3}, 0xffffffffffffffff, 0x91, 0x2, 0x8, 0x9a}], 0x3f, &(0x7f0000000900)=[{{r4}, 0xfffffffffffffffc, 0x1, 0x88, 0x10000, 0x60}], 0x5, &(0x7f0000000a00)={0x3ff, 0x46}) setsockopt$sock_linger(r2, 0xffff, 0x80, &(0x7f0000000740)={0x8, 0xb5e0}, 0x7) r6 = dup2(r5, r5) ioctl$TIOCSTSTAMP(r0, 0x8008745a, &(0x7f0000000800)={0x42d, 0x2}) r7 = semget(0x2, 0x2, 0x1086) semctl$SETVAL(r7, 0x4, 0x8, &(0x7f0000000580)) unlinkat(r6, &(0x7f00000008c0)='./file0/file0\x00', 0x8) write(r0, &(0x7f0000000080)="95d409c12e86dcd3d6d7cb904817669b120aa623d87e8f4f66d6d276651892c65f6dc414482ba194dc29bb396887fa671cf6d41598aef1759a6821f02a4289c2859676de0a1662c46a4048f51fb4bb4361484245a225eff45249f62959e56aaac18e6310e03bcf32d8c9413ce2d383c6e67f461a35a253ca704321b4ed0ed3b97d8838f35702af6ce9dd4faba13c28b3fa88bed9187dfd1e6455b338c8358e40381d1ba48a8047fa67da01c33a71a22b6ff90c64970791641a0d356629d1f442a89523a1feb3c0d636422b9f493996229890acbb03f8db78e9d3df58e86b993d9adf9c8855", 0xe5) ioctl$WSDISPLAYIO_GETEMULTYPE(r5, 0xc014575e, &(0x7f0000000040)={0x3, './file0/file0\x00'}) fchmodat(r5, &(0x7f0000000940)='./file0/file0\x00', 0x1, 0x2) r8 = semget(0x2, 0xfffffffffffffffd, 0x102) semctl$GETNCNT(0x0, 0x4, 0x3, 0x0) semctl$GETVAL(r8, 0x3, 0x5, &(0x7f00000005c0)=""/152) ioctl$TIOCEXCL(r0, 0x2000740d) mkdirat(r6, &(0x7f0000000700)='./file0/file0\x00', 0x11) openat(r5, &(0x7f00000006c0)='./file0/file0\x00', 0x419, 0x154) r9 = semget$private(0x0, 0x3, 0x180) execve(&(0x7f0000000000)='./file0/file0\x00', &(0x7f00000003c0)=[&(0x7f0000000280)='\x00', &(0x7f00000002c0)='\xf7\'@-+\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='&+\\(^\x00', &(0x7f0000000380)=']\x00'], &(0x7f0000000540)=[&(0x7f0000000400)='\x96\x00', &(0x7f0000000440)='\xb0-\x00', &(0x7f0000000480)='$-\x00', &(0x7f00000004c0)='\x00', &(0x7f0000000500)=':\x00']) semctl$IPC_STAT(r9, 0x0, 0x2, &(0x7f0000000000)) 16:00:08 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) chmod(&(0x7f0000000200)='./file0\x00', 0x10) r0 = dup(0xffffffffffffffff) accept$unix(r0, &(0x7f0000000240)=@file={0x0, ""/4096}, &(0x7f0000000000)=0x1002) setuid(0xee01) unveil(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='x\x00') panic: malloc: out of space in kmem_map Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *174081 32836 0 0x2 0 1K syz-executor.1 db_enter() at db_enter+0x18 panic() at panic+0x174 malloc(200000,2a,9) at malloc+0xad5 kcovioctl(1b1300,80084b01,ffff800020c239a0,3,ffff800020b64978) at kcovioctl+0xe6 VOP_IOCTL(fffffd8062663748,80084b01,ffff800020c239a0,3,fffffd807f7c69c0,ffff800020b64978) at VOP_IOCTL+0x9a vn_ioctl(fffffd806785b900,80084b01,ffff800020c239a0,ffff800020b64978) at vn_ioctl+0xc9 sys_ioctl(ffff800020b64978,ffff800020c23ae0,ffff800020c23ad0) at sys_ioctl+0x651 syscall(ffff800020c23b80) at syscall+0x5b8 Xsyscall(6,36,7f7ffffe2528,36,3,77bf86bb890) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe2040, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic malloc: out of space in kmem_map ddb{1}> trace db_enter() at db_enter+0x18 panic() at panic+0x174 malloc(200000,2a,9) at malloc+0xad5 kcovioctl(1b1300,80084b01,ffff800020c239a0,3,ffff800020b64978) at kcovioctl+0xe6 VOP_IOCTL(fffffd8062663748,80084b01,ffff800020c239a0,3,fffffd807f7c69c0,ffff800020b64978) at VOP_IOCTL+0x9a vn_ioctl(fffffd806785b900,80084b01,ffff800020c239a0,ffff800020b64978) at vn_ioctl+0xc9 sys_ioctl(ffff800020b64978,ffff800020c23ae0,ffff800020c23ad0) at sys_ioctl+0x651 syscall(ffff800020c23b80) at syscall+0x5b8 Xsyscall(6,36,7f7ffffe2528,36,3,77bf86bb890) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe2040, count: -9 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020c235d0 rbx 0xffff800020c23680 rdx 0xffffffff81f8b510 cy_pio_rec+0xb6d rcx 0 rax 0 r8 0xffffffff818b7283 kprintf+0x183 r9 0x1 r10 0x25 r11 0x3f901054ac45f24e r12 0x3000000008 r13 0xffff800020c235e0 r14 0x100 r15 0x1 rip 0xffffffff8151a288 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c235c0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.1) pid=174081 stat=onproc flags process=2 proc=0 pri=51, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800020b04260,0xffffffff8235e518 process=0xffff800020b7c018 user=0xffff800020c1e000, vmspace=0xfffffd807f00bb40 estcpu=1, cpticks=3, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND *32836 174081 33480 0 7 0x2 syz-executor.1 58478 460846 33480 0 3 0x82 piperd syz-executor.0 33480 52885 24381 0 3 0x82 thrsleep syz-fuzzer 33480 182742 24381 0 3 0x4000082 thrsleep syz-fuzzer 33480 478319 24381 0 3 0x4000082 thrsleep syz-fuzzer 33480 250733 24381 0 3 0x4000082 kqread syz-fuzzer 33480 356623 24381 0 3 0x4000082 thrsleep syz-fuzzer 33480 276860 24381 0 3 0x4000082 thrsleep syz-fuzzer 33480 344900 24381 0 3 0x4000082 thrsleep syz-fuzzer 33480 58701 24381 0 3 0x4000082 thrsleep syz-fuzzer 33480 160763 24381 0 3 0x4000082 thrsleep syz-fuzzer 33480 479394 24381 0 3 0x4000082 thrsleep syz-fuzzer 24381 202326 77186 0 3 0x10008a pause ksh 77186 236618 59096 0 3 0x92 select sshd 83815 244238 1 0 3 0x100083 ttyin getty 59096 100535 1 0 3 0x80 select sshd 33311 210773 28583 74 3 0x100092 bpf pflogd 28583 266915 1 0 3 0x80 netio pflogd 9296 290685 13856 73 3 0x100090 kqread syslogd 13856 180008 1 0 3 0x100082 netio syslogd 58323 251920 1 77 3 0x100090 poll dhclient 42664 376268 1 0 3 0x80 poll dhclient 36940 351036 0 0 3 0x14200 pgzero zerothread 41982 322827 0 0 3 0x14200 aiodoned aiodoned 69232 248805 0 0 3 0x14200 syncer update 69281 411863 0 0 3 0x14200 cleaner cleaner 60981 423505 0 0 3 0x14200 reaper reaper 66753 51782 0 0 3 0x14200 pgdaemon pagedaemon 4517 351538 0 0 3 0x14200 bored crynlk 70402 252606 0 0 3 0x14200 bored crypto 9439 422445 0 0 3 0x40014200 acpi0 acpi0 1450 347833 0 0 3 0x40014200 idle1 38636 269527 0 0 3 0x14200 bored softnet 39268 280914 0 0 3 0x14200 bored systqmp 11913 238055 0 0 3 0x14200 bored systq 42228 447957 0 0 3 0x40014200 bored softclock 53545 88591 0 0 7 0x40014200 idle0 63533 363705 0 0 3 0x14200 bored smr 1 184387 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 32836 (syz-executor.1) thread 0xffff800020b64978 (174081) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8234bf90) locked @ /syzkaller/managers/multicore/kernel/sys/sys/syscall_mi.h:90 #0 witness_lock+0x594 #1 syscall+0x48b #2 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9459 71933K 71941K 78643K 10556 0 0 pcb 25 9K 10K 78643K 63 0 0 rtable 79 2K 3K 78643K 183 0 0 ifaddr 32 9K 10K 78643K 39 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1469 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1201 75K 75K 78643K 1225 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 4 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 6 0K 0K 78643K 6 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12628 0 0 file desc 4 9K 21K 78643K 36 0 0 proc 53 50K 71K 78643K 322 0 0 subproc 53 55297K 67586K 78643K 89 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 22 1K 2K 78643K 33 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 36 159K 159K 78643K 36 0 0 exec 0 0K 1K 78643K 195 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 76 12K 21K 78643K 930 0 0 UVM aobj 4 2K 2K 78643K 4 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 8 0 0 NDP 5 0K 0K 78643K 10 0 0 temp 76 2364K 2429K 78643K 3230 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 4 0 1 1 0 1 1 0 8 0 inpcbpl 280 45 0 38 1 0 1 1 0 8 0 plimitpl 152 16 0 8 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 41 0 10 2 0 2 2 0 8 1 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 30 0 30 1 0 1 1 0 8 1 tcpcb 544 14 0 10 1 0 1 1 0 8 0 nd6 48 4 0 2 1 0 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 12 0 2 1 0 1 1 0 8 0 pfstkey 112 12 0 2 1 0 1 1 0 8 0 pfstate 328 12 0 2 1 0 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 185 0 41 12 0 12 12 0 8 3 art_table 32 186 0 41 2 0 2 2 0 8 0 art_node 16 40 0 12 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 1 1 0 1 1 0 8 0 semapl 112 4 0 0 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1470 0 49 46 0 46 46 0 8 0 ffsino 272 1470 0 49 95 0 95 95 0 8 0 nchpl 144 1721 0 90 61 0 61 61 0 8 0 uvmvnodes 72 1525 0 0 28 0 28 28 0 8 0 vnodes 200 1525 0 0 81 0 81 81 0 8 0 namei 1024 4386 0 4386 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 4231 0 4231 7 4 3 6 0 8 3 sigapl 432 232 0 218 2 0 2 2 0 8 0 futexpl 56 280 0 280 1 0 1 1 0 8 1 knotepl 112 67 0 46 1 0 1 1 0 8 0 kqueuepl 104 2 0 0 1 0 1 1 0 8 0 pipepl 112 158 0 139 2 1 1 1 0 8 0 fdescpl 488 233 0 218 3 0 3 3 0 8 0 filepl 152 1184 0 1091 5 0 5 5 0 8 1 lockfpl 104 6 0 6 1 1 0 1 0 8 0 lockfspl 32 3 0 3 1 1 0 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 18 0 8 1 0 1 1 0 8 0 ucredpl 96 61 0 52 1 0 1 1 0 8 0 zombiepl 144 218 0 218 2 1 1 1 0 8 1 processpl 840 248 0 218 4 0 4 4 0 8 0 procpl 600 289 0 250 4 0 4 4 0 8 0 srpgc 64 6 0 6 1 0 1 1 0 8 1 sockpl 384 95 0 76 3 0 3 3 0 8 1 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 120 0 0 14 0 14 14 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 142 0 0 8 0 8 8 0 8 0 bufpl 256 5668 0 1143 283 0 283 283 0 8 0 anonpl 16 29999 0 23063 35 2 33 33 0 125 0 amapchunkpl 152 846 0 763 5 0 5 5 0 158 0 amappl16 192 539 0 124 22 0 22 22 0 8 0 amappl15 184 59 0 54 1 0 1 1 0 8 0 amappl14 176 23 0 20 2 1 1 1 0 8 0 amappl13 168 26 0 23 1 0 1 1 0 8 0 amappl12 160 26 0 22 1 0 1 1 0 8 0 amappl11 152 23 0 8 1 0 1 1 0 8 0 amappl10 144 74 0 69 1 0 1 1 0 8 0 amappl9 136 577 0 574 1 0 1 1 0 8 0 amappl8 128 128 0 116 1 0 1 1 0 8 0 amappl7 120 29 0 24 1 0 1 1 0 8 0 amappl6 112 64 0 57 1 0 1 1 0 8 0 amappl5 104 126 0 112 1 0 1 1 0 8 0 amappl4 96 462 0 434 2 1 1 2 0 8 0 amappl3 88 113 0 108 1 0 1 1 0 8 0 amappl2 80 849 0 805 2 0 2 2 0 8 0 amappl1 72 14609 0 14186 25 8 17 20 0 8 7 amappl 72 521 0 489 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 233 0 218 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 233 0 218 1 0 1 1 0 8 0 vmmpekpl 168 5954 0 5932 2 0 2 2 0 8 0 vmmpepl 168 32605 0 31300 90 10 80 80 0 357 18 vmsppl 360 232 0 218 2 0 2 2 0 8 0 pdppl 4096 474 0 436 6 0 6 6 0 8 0 pvpl 32 119490 0 109433 108 5 103 104 0 265 10 pmappl 224 232 0 218 2 0 2 2 0 8 1 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 430 0 4 13 0 13 13 0 8 0