Warning: Permanently added '10.128.0.164' (ECDSA) to the list of known hosts. 2021/02/04 05:32:56 fuzzer started 2021/02/04 05:32:59 dialing manager at 10.128.15.235:43483 2021/02/04 05:32:59 syscalls: 383 2021/02/04 05:32:59 code coverage: enabled 2021/02/04 05:32:59 comparison tracing: enabled 2021/02/04 05:32:59 extra coverage: enabled 2021/02/04 05:32:59 setuid sandbox: enabled 2021/02/04 05:32:59 namespace sandbox: support is not implemented in syzkaller 2021/02/04 05:32:59 Android sandbox: support is not implemented in syzkaller 2021/02/04 05:32:59 fault injection: support is not implemented in syzkaller 2021/02/04 05:32:59 leak checking: support is not implemented in syzkaller 2021/02/04 05:32:59 net packet injection: enabled 2021/02/04 05:32:59 net device setup: support is not implemented in syzkaller 2021/02/04 05:32:59 concurrency sanitizer: support is not implemented in syzkaller 2021/02/04 05:32:59 devlink PCI setup: support is not implemented in syzkaller 2021/02/04 05:32:59 USB emulation: support is not implemented in syzkaller 2021/02/04 05:32:59 hci packet injection: support is not implemented in syzkaller 2021/02/04 05:32:59 wifi device emulation: support is not implemented in syzkaller 2021/02/04 05:32:59 fetching corpus: 0, signal 0/2000 (executing program) 2021/02/04 05:32:59 fetching corpus: 50, signal 9336/13143 (executing program) 2021/02/04 05:32:59 fetching corpus: 100, signal 15150/20719 (executing program) 2021/02/04 05:32:59 fetching corpus: 150, signal 21798/28945 (executing program) 2021/02/04 05:32:59 fetching corpus: 200, signal 28027/36673 (executing program) 2021/02/04 05:32:59 fetching corpus: 250, signal 29637/39950 (executing program) 2021/02/04 05:32:59 fetching corpus: 300, signal 33507/45265 (executing program) 2021/02/04 05:32:59 fetching corpus: 350, signal 35071/48387 (executing program) 2021/02/04 05:32:59 fetching corpus: 400, signal 37088/51899 (executing program) 2021/02/04 05:32:59 fetching corpus: 450, signal 38446/54804 (executing program) 2021/02/04 05:32:59 fetching corpus: 500, signal 39913/57792 (executing program) 2021/02/04 05:32:59 fetching corpus: 550, signal 41433/60714 (executing program) 2021/02/04 05:32:59 fetching corpus: 600, signal 42796/63485 (executing program) 2021/02/04 05:32:59 fetching corpus: 650, signal 43872/66016 (executing program) 2021/02/04 05:32:59 fetching corpus: 700, signal 47092/70353 (executing program) 2021/02/04 05:33:00 fetching corpus: 750, signal 48511/73113 (executing program) 2021/02/04 05:33:00 fetching corpus: 800, signal 49623/75574 (executing program) 2021/02/04 05:33:00 fetching corpus: 850, signal 50680/77979 (executing program) 2021/02/04 05:33:00 fetching corpus: 900, signal 52419/80906 (executing program) 2021/02/04 05:33:00 fetching corpus: 950, signal 54258/83886 (executing program) 2021/02/04 05:33:00 fetching corpus: 1000, signal 55433/86368 (executing program) 2021/02/04 05:33:00 fetching corpus: 1050, signal 56311/88528 (executing program) 2021/02/04 05:33:00 fetching corpus: 1100, signal 57502/90932 (executing program) 2021/02/04 05:33:00 fetching corpus: 1150, signal 59044/93579 (executing program) 2021/02/04 05:33:00 fetching corpus: 1200, signal 59812/95601 (executing program) 2021/02/04 05:33:00 fetching corpus: 1250, signal 60748/97753 (executing program) 2021/02/04 05:33:00 fetching corpus: 1300, signal 61631/99827 (executing program) 2021/02/04 05:33:00 fetching corpus: 1350, signal 62712/102014 (executing program) 2021/02/04 05:33:00 fetching corpus: 1400, signal 63557/104042 (executing program) 2021/02/04 05:33:00 fetching corpus: 1450, signal 64152/105900 (executing program) 2021/02/04 05:33:00 fetching corpus: 1500, signal 64733/107679 (executing program) 2021/02/04 05:33:00 fetching corpus: 1550, signal 65615/109691 (executing program) 2021/02/04 05:33:00 fetching corpus: 1600, signal 67158/112156 (executing program) 2021/02/04 05:33:00 fetching corpus: 1650, signal 67839/114087 (executing program) 2021/02/04 05:33:00 fetching corpus: 1700, signal 68637/115971 (executing program) 2021/02/04 05:33:01 fetching corpus: 1750, signal 69607/117949 (executing program) 2021/02/04 05:33:01 fetching corpus: 1800, signal 70263/119700 (executing program) 2021/02/04 05:33:01 fetching corpus: 1850, signal 71055/121533 (executing program) 2021/02/04 05:33:01 fetching corpus: 1900, signal 71822/123392 (executing program) 2021/02/04 05:33:01 fetching corpus: 1950, signal 72209/124981 (executing program) 2021/02/04 05:33:01 fetching corpus: 2000, signal 73310/127011 (executing program) 2021/02/04 05:33:01 fetching corpus: 2050, signal 74064/128737 (executing program) 2021/02/04 05:33:01 fetching corpus: 2100, signal 76263/131284 (executing program) 2021/02/04 05:33:01 fetching corpus: 2150, signal 76774/132831 (executing program) 2021/02/04 05:33:01 fetching corpus: 2200, signal 78344/135011 (executing program) 2021/02/04 05:33:01 fetching corpus: 2250, signal 79158/136708 (executing program) 2021/02/04 05:33:01 fetching corpus: 2300, signal 81388/139173 (executing program) 2021/02/04 05:33:01 fetching corpus: 2350, signal 83488/141505 (executing program) 2021/02/04 05:33:01 fetching corpus: 2400, signal 84230/143137 (executing program) 2021/02/04 05:33:01 fetching corpus: 2450, signal 84827/144683 (executing program) 2021/02/04 05:33:01 fetching corpus: 2500, signal 85319/146167 (executing program) 2021/02/04 05:33:01 fetching corpus: 2550, signal 86198/147824 (executing program) 2021/02/04 05:33:01 fetching corpus: 2600, signal 86793/149307 (executing program) 2021/02/04 05:33:01 fetching corpus: 2650, signal 87099/150676 (executing program) 2021/02/04 05:33:01 fetching corpus: 2700, signal 87665/152116 (executing program) 2021/02/04 05:33:01 fetching corpus: 2750, signal 88027/153452 (executing program) 2021/02/04 05:33:02 fetching corpus: 2800, signal 88372/154819 (executing program) 2021/02/04 05:33:02 fetching corpus: 2850, signal 89081/156304 (executing program) 2021/02/04 05:33:02 fetching corpus: 2900, signal 89530/157684 (executing program) 2021/02/04 05:33:02 fetching corpus: 2950, signal 89848/158997 (executing program) 2021/02/04 05:33:02 fetching corpus: 3000, signal 90219/160319 (executing program) 2021/02/04 05:33:02 fetching corpus: 3050, signal 90832/161748 (executing program) 2021/02/04 05:33:02 fetching corpus: 3100, signal 92159/163431 (executing program) 2021/02/04 05:33:02 fetching corpus: 3150, signal 92698/164795 (executing program) 2021/02/04 05:33:02 fetching corpus: 3200, signal 93060/166075 (executing program) 2021/02/04 05:33:02 fetching corpus: 3250, signal 93541/167385 (executing program) 2021/02/04 05:33:02 fetching corpus: 3300, signal 95541/169240 (executing program) 2021/02/04 05:33:02 fetching corpus: 3350, signal 97026/170847 (executing program) 2021/02/04 05:33:02 fetching corpus: 3400, signal 97319/172028 (executing program) 2021/02/04 05:33:02 fetching corpus: 3450, signal 97734/173277 (executing program) 2021/02/04 05:33:02 fetching corpus: 3500, signal 98202/174495 (executing program) 2021/02/04 05:33:02 fetching corpus: 3550, signal 98541/175700 (executing program) 2021/02/04 05:33:03 fetching corpus: 3600, signal 99324/176999 (executing program) 2021/02/04 05:33:03 fetching corpus: 3650, signal 99799/178226 (executing program) 2021/02/04 05:33:03 fetching corpus: 3700, signal 100001/179365 (executing program) 2021/02/04 05:33:03 fetching corpus: 3750, signal 100375/180549 (executing program) 2021/02/04 05:33:03 fetching corpus: 3800, signal 100692/181672 (executing program) 2021/02/04 05:33:03 fetching corpus: 3850, signal 101548/182913 (executing program) 2021/02/04 05:33:03 fetching corpus: 3900, signal 101945/184034 (executing program) 2021/02/04 05:33:03 fetching corpus: 3950, signal 102339/185155 (executing program) 2021/02/04 05:33:03 fetching corpus: 4000, signal 102678/186277 (executing program) 2021/02/04 05:33:03 fetching corpus: 4050, signal 103006/187365 (executing program) 2021/02/04 05:33:03 fetching corpus: 4100, signal 103368/188466 (executing program) 2021/02/04 05:33:03 fetching corpus: 4150, signal 103715/189517 (executing program) 2021/02/04 05:33:03 fetching corpus: 4200, signal 103918/190598 (executing program) 2021/02/04 05:33:03 fetching corpus: 4250, signal 104307/191706 (executing program) 2021/02/04 05:33:03 fetching corpus: 4300, signal 105629/192928 (executing program) 2021/02/04 05:33:03 fetching corpus: 4350, signal 106009/193973 (executing program) 2021/02/04 05:33:03 fetching corpus: 4400, signal 106743/195109 (executing program) 2021/02/04 05:33:03 fetching corpus: 4450, signal 107503/196222 (executing program) 2021/02/04 05:33:03 fetching corpus: 4500, signal 107800/197228 (executing program) 2021/02/04 05:33:03 fetching corpus: 4550, signal 108097/198298 (executing program) 2021/02/04 05:33:04 fetching corpus: 4600, signal 108487/199319 (executing program) 2021/02/04 05:33:04 fetching corpus: 4650, signal 109204/200392 (executing program) 2021/02/04 05:33:04 fetching corpus: 4700, signal 109448/201422 (executing program) 2021/02/04 05:33:04 fetching corpus: 4750, signal 109670/202412 (executing program) 2021/02/04 05:33:04 fetching corpus: 4800, signal 109956/203373 (executing program) 2021/02/04 05:33:04 fetching corpus: 4850, signal 110370/204434 (executing program) 2021/02/04 05:33:04 fetching corpus: 4900, signal 110599/205402 (executing program) 2021/02/04 05:33:04 fetching corpus: 4950, signal 110882/206388 (executing program) 2021/02/04 05:33:04 fetching corpus: 5000, signal 111171/207365 (executing program) 2021/02/04 05:33:04 fetching corpus: 5050, signal 111428/208327 (executing program) 2021/02/04 05:33:04 fetching corpus: 5100, signal 111930/209282 (executing program) 2021/02/04 05:33:04 fetching corpus: 5150, signal 112118/210174 (executing program) 2021/02/04 05:33:04 fetching corpus: 5200, signal 112294/210193 (executing program) 2021/02/04 05:33:04 fetching corpus: 5250, signal 112553/210195 (executing program) 2021/02/04 05:33:04 fetching corpus: 5300, signal 112910/210198 (executing program) 2021/02/04 05:33:04 fetching corpus: 5350, signal 113248/210200 (executing program) 2021/02/04 05:33:04 fetching corpus: 5400, signal 113484/210200 (executing program) 2021/02/04 05:33:04 fetching corpus: 5450, signal 113722/210200 (executing program) 2021/02/04 05:33:04 fetching corpus: 5500, signal 114037/210217 (executing program) 2021/02/04 05:33:04 fetching corpus: 5550, signal 115247/210234 (executing program) 2021/02/04 05:33:04 fetching corpus: 5600, signal 115484/210249 (executing program) 2021/02/04 05:33:04 fetching corpus: 5650, signal 116473/210249 (executing program) 2021/02/04 05:33:05 fetching corpus: 5700, signal 116969/210258 (executing program) 2021/02/04 05:33:05 fetching corpus: 5750, signal 117239/210260 (executing program) 2021/02/04 05:33:05 fetching corpus: 5800, signal 117510/211065 (executing program) 2021/02/04 05:33:05 fetching corpus: 5850, signal 117774/211078 (executing program) 2021/02/04 05:33:05 fetching corpus: 5900, signal 118031/211078 (executing program) 2021/02/04 05:33:05 fetching corpus: 5950, signal 118247/211080 (executing program) 2021/02/04 05:33:05 fetching corpus: 6000, signal 118596/211093 (executing program) 2021/02/04 05:33:05 fetching corpus: 6050, signal 118855/211120 (executing program) 2021/02/04 05:33:05 fetching corpus: 6100, signal 119045/211129 (executing program) 2021/02/04 05:33:05 fetching corpus: 6150, signal 119299/211137 (executing program) 2021/02/04 05:33:05 fetching corpus: 6200, signal 119459/212708 (executing program) 2021/02/04 05:33:05 fetching corpus: 6250, signal 119755/212713 (executing program) 2021/02/04 05:33:05 fetching corpus: 6300, signal 120037/212713 (executing program) 2021/02/04 05:33:05 fetching corpus: 6350, signal 120296/212715 (executing program) 2021/02/04 05:33:05 fetching corpus: 6400, signal 120530/212733 (executing program) 2021/02/04 05:33:05 fetching corpus: 6450, signal 120867/212748 (executing program) 2021/02/04 05:33:05 fetching corpus: 6500, signal 121153/212753 (executing program) 2021/02/04 05:33:05 fetching corpus: 6550, signal 121385/212753 (executing program) 2021/02/04 05:33:05 fetching corpus: 6600, signal 121551/212758 (executing program) 2021/02/04 05:33:05 fetching corpus: 6650, signal 121959/212918 (executing program) 2021/02/04 05:33:05 fetching corpus: 6700, signal 122195/212933 (executing program) 2021/02/04 05:33:05 fetching corpus: 6750, signal 122465/212936 (executing program) 2021/02/04 05:33:05 fetching corpus: 6800, signal 123526/212937 (executing program) 2021/02/04 05:33:06 fetching corpus: 6850, signal 123891/212941 (executing program) 2021/02/04 05:33:06 fetching corpus: 6900, signal 124108/212964 (executing program) 2021/02/04 05:33:06 fetching corpus: 6950, signal 124371/212968 (executing program) 2021/02/04 05:33:07 fetching corpus: 7000, signal 124576/212982 (executing program) 2021/02/04 05:33:07 fetching corpus: 7050, signal 124917/212989 (executing program) 2021/02/04 05:33:07 fetching corpus: 7100, signal 125135/212990 (executing program) 2021/02/04 05:33:07 fetching corpus: 7150, signal 125410/213010 (executing program) 2021/02/04 05:33:07 fetching corpus: 7200, signal 125642/213012 (executing program) 2021/02/04 05:33:07 fetching corpus: 7250, signal 125851/213017 (executing program) 2021/02/04 05:33:07 fetching corpus: 7300, signal 126419/213022 (executing program) 2021/02/04 05:33:07 fetching corpus: 7350, signal 126597/213023 (executing program) 2021/02/04 05:33:07 fetching corpus: 7400, signal 126769/213041 (executing program) 2021/02/04 05:33:07 fetching corpus: 7450, signal 127075/213061 (executing program) 2021/02/04 05:33:08 fetching corpus: 7500, signal 127301/213061 (executing program) 2021/02/04 05:33:08 fetching corpus: 7550, signal 127711/213090 (executing program) 2021/02/04 05:33:08 fetching corpus: 7600, signal 128421/213611 (executing program) 2021/02/04 05:33:08 fetching corpus: 7650, signal 128732/213612 (executing program) 2021/02/04 05:33:08 fetching corpus: 7700, signal 128921/213613 (executing program) 2021/02/04 05:33:08 fetching corpus: 7750, signal 129649/213636 (executing program) 2021/02/04 05:33:08 fetching corpus: 7800, signal 129830/213649 (executing program) 2021/02/04 05:33:08 fetching corpus: 7850, signal 130150/213651 (executing program) 2021/02/04 05:33:08 fetching corpus: 7900, signal 131290/213973 (executing program) 2021/02/04 05:33:08 fetching corpus: 7950, signal 131427/213980 (executing program) 2021/02/04 05:33:08 fetching corpus: 8000, signal 131570/213987 (executing program) 2021/02/04 05:33:08 fetching corpus: 8050, signal 132033/213991 (executing program) 2021/02/04 05:33:08 fetching corpus: 8100, signal 132209/213997 (executing program) 2021/02/04 05:33:08 fetching corpus: 8150, signal 132437/214005 (executing program) 2021/02/04 05:33:08 fetching corpus: 8200, signal 132685/214008 (executing program) 2021/02/04 05:33:08 fetching corpus: 8250, signal 133021/214027 (executing program) 2021/02/04 05:33:09 fetching corpus: 8300, signal 133303/214038 (executing program) 2021/02/04 05:33:09 fetching corpus: 8350, signal 133861/214050 (executing program) 2021/02/04 05:33:09 fetching corpus: 8400, signal 133994/214050 (executing program) 2021/02/04 05:33:09 fetching corpus: 8450, signal 134156/214052 (executing program) 2021/02/04 05:33:09 fetching corpus: 8500, signal 134324/214057 (executing program) 2021/02/04 05:33:09 fetching corpus: 8550, signal 134560/214069 (executing program) 2021/02/04 05:33:09 fetching corpus: 8600, signal 134752/214073 (executing program) 2021/02/04 05:33:09 fetching corpus: 8650, signal 135047/214077 (executing program) 2021/02/04 05:33:09 fetching corpus: 8700, signal 135192/214080 (executing program) 2021/02/04 05:33:09 fetching corpus: 8750, signal 135708/214083 (executing program) 2021/02/04 05:33:09 fetching corpus: 8800, signal 136074/214117 (executing program) 2021/02/04 05:33:09 fetching corpus: 8850, signal 136444/214294 (executing program) 2021/02/04 05:33:09 fetching corpus: 8900, signal 136588/214297 (executing program) 2021/02/04 05:33:09 fetching corpus: 8950, signal 136760/214298 (executing program) 2021/02/04 05:33:09 fetching corpus: 9000, signal 137019/214322 (executing program) 2021/02/04 05:33:09 fetching corpus: 9050, signal 137339/214325 (executing program) 2021/02/04 05:33:09 fetching corpus: 9100, signal 137742/214325 (executing program) 2021/02/04 05:33:09 fetching corpus: 9150, signal 138124/214355 (executing program) 2021/02/04 05:33:09 fetching corpus: 9200, signal 138588/214666 (executing program) 2021/02/04 05:33:09 fetching corpus: 9250, signal 138736/214667 (executing program) 2021/02/04 05:33:09 fetching corpus: 9300, signal 138916/214684 (executing program) 2021/02/04 05:33:09 fetching corpus: 9350, signal 139044/214684 (executing program) 2021/02/04 05:33:09 fetching corpus: 9400, signal 139324/214718 (executing program) 2021/02/04 05:33:10 fetching corpus: 9450, signal 139646/214727 (executing program) 2021/02/04 05:33:10 fetching corpus: 9500, signal 139897/214749 (executing program) 2021/02/04 05:33:10 fetching corpus: 9550, signal 140142/214750 (executing program) 2021/02/04 05:33:10 fetching corpus: 9600, signal 140306/214768 (executing program) 2021/02/04 05:33:10 fetching corpus: 9650, signal 140512/214768 (executing program) 2021/02/04 05:33:10 fetching corpus: 9700, signal 140793/214797 (executing program) 2021/02/04 05:33:10 fetching corpus: 9750, signal 141470/214817 (executing program) 2021/02/04 05:33:10 fetching corpus: 9800, signal 141633/214818 (executing program) 2021/02/04 05:33:10 fetching corpus: 9850, signal 141814/214853 (executing program) 2021/02/04 05:33:10 fetching corpus: 9900, signal 142015/214885 (executing program) 2021/02/04 05:33:10 fetching corpus: 9950, signal 142356/214886 (executing program) 2021/02/04 05:33:10 fetching corpus: 10000, signal 142796/214887 (executing program) 2021/02/04 05:33:10 fetching corpus: 10050, signal 142926/214890 (executing program) 2021/02/04 05:33:10 fetching corpus: 10063, signal 142954/214890 (executing program) 2021/02/04 05:33:10 fetching corpus: 10063, signal 142954/214890 (executing program) 2021/02/04 05:33:10 starting 2 fuzzer processes 05:33:10 executing program 0: r0 = syz_open_pts() ioctl$TIOCSETD(r0, 0x8004741b, &(0x7f0000000000)=0x7) ioctl$TIOCSETD(r0, 0x8004741b, &(0x7f0000000080)) 05:33:10 executing program 1: write(0xffffffffffffffff, &(0x7f0000000040)="e25aae49000000007d", 0x1f) sysctl$kern(&(0x7f0000000040)={0x1, 0x47}, 0x3, 0x0, 0x0, 0x0, 0xd) 05:33:10 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x5, 0x0, 0x5}, {0xffff, 0x46}]}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:33:10 executing program 0: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000080)="ae89ab775e1d73903f3a4e060378bd816aa10e9929b767fa97895d1e3431c9588179141668f38e9048ac981528967a8e23072560781315d681aff62e618bb5c4b657d5f4de89519124e11e3efe0d23c990bc29953c50a9efbca98ab95779e0af8f6422ad1caeb236be", 0x69) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x0, 0xffffffffffffffff}) 05:33:10 executing program 0: sysctl$net_inet_divert(&(0x7f0000000100)={0x4, 0x18, 0x102, 0x3}, 0x4, 0x0, 0x0, 0x0, 0x0) 05:33:10 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) seteuid(0xffffffffffffffff) fchdir(r0) getgid() getsockopt$SO_PEERCRED(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f00000002c0), 0xc) r1 = getgid() getsockopt$SO_PEERCRED(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f00000002c0)={0x0, 0x0}, 0xc) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000080)={{0x5, 0xffffffffffffffff, r1, r2, 0x0, 0x20, 0x9}, 0x1000000008, 0x1, 0x9}) fchown(0xffffffffffffffff, 0x0, r1) socket(0x11, 0x4003, 0x0) r3 = semget$private(0x0, 0x3, 0x9) semctl$GETNCNT(r3, 0x33677a76b2de9ef5, 0x3, &(0x7f0000000180)=""/170) 05:33:11 executing program 0: minherit(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 05:33:11 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000280)="86c9434057f860da8e092f1e547ab07c", 0x10}], 0x1}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:33:11 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) getsockopt$sock_int(r0, 0xffff, 0x2000, 0x0, 0x0) 05:33:11 executing program 0: r0 = openat$pci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/pci\x00', 0x0, 0x0) fsync(r0) 05:33:11 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000280)="86c9434057f860da8e092f1e547ab07c", 0x10}], 0x1}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:33:11 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) shutdown(r0, 0x1) r1 = dup2(r0, r0) ioctl$PCIOCREAD(r1, 0xc0207534, &(0x7f0000000080)) 05:33:11 executing program 0: r0 = socket(0x2, 0x3, 0x2) connect$unix(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="8202adfdffffffff"], 0x10) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="26d00c2e9dafbee2a343dfffc09989", 0xf}], 0x1) 05:33:11 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000280)="86c9434057f860da8e092f1e547ab07c", 0x10}], 0x1}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) 05:33:11 executing program 0: r0 = syz_open_pts() close(r0) setrlimit(0x8, &(0x7f0000000000)={0x7, 0x95}) r1 = syz_open_pts() close(r0) r2 = syz_open_pts() ioctl$TIOCSETA(r2, 0x802c7414, &(0x7f0000000080)={0x27ee, 0x0, 0xfff, 0xffffffffffffffc2, "25e7f613283958181095e4b6d987e72f21f9bc15"}) ioctl$TIOCSETA(r0, 0x80047460, &(0x7f00000004c0)={0x5, 0x0, 0x0, 0x0, "61aa0db11ce9bae3c6514e6ae973739ea78b7ec0"}) writev(r1, &(0x7f0000001400)=[{&(0x7f00000017c0)="053d3495324850ec8120ed38ee0dcbb364411c07dbcbdf043357b2237c4c2970e14c4f5e9e231b347286aa053197993e6d5e484d10883fbc89795f89175be59b576e1597432a675bcdf267305dba3e562e5bd493b8675686521a3457ffa971784bda4ce4a346d47a345dbd3e3ce27687b4200d773045fff2e6e3946a2c3665d90714f221fd190ab8", 0x88}], 0x1) 05:33:11 executing program 1: r0 = kqueue() r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000280)="86c9434057f860da8e092f1e547ab07c", 0x10}], 0x1}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x2}) vrele: bad writecount: 0xfffffd806ee1d090, type VCHR, use 0, write 1, hold 0, tag VT_UFS, ino 2680, on dev 4, 0 flags 0x180, effnlink 1, nlink 1 mode 020620, owner 0, group 4, size 0 panic: vrele: v_writecount != 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *174602 30022 0 0 0x4000000 0K syz-executor.0 197306 473 0 0x2 0x4000480 1 syz-fuzzer db_enter() at db_enter+0x18 panic(ffffffff8245fb0e) at panic+0x15e vrele(fffffd806ee1d090) at vrele+0x197 ptmioctl(5100,40287401,ffff8000222c1260,3,ffff80002123cfc8) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e2df838,40287401,ffff8000222c1260,3,fffffd807f7b7900,ffff80002123cfc8) at VOP_IOCTL+0x9a vn_ioctl(fffffd8067af2d10,40287401,ffff8000222c1260,ffff80002123cfc8) at vn_ioctl+0xba sys_ioctl(ffff80002123cfc8,ffff8000222c1370,ffff8000222c13c0) at sys_ioctl+0x4b0 syscall(ffff8000222c1440) at syscall+0x4a1 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x604a6774340, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic vrele: v_writecount != 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff8245fb0e) at panic+0x15e vrele(fffffd806ee1d090) at vrele+0x197 ptmioctl(5100,40287401,ffff8000222c1260,3,ffff80002123cfc8) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e2df838,40287401,ffff8000222c1260,3,fffffd807f7b7900,ffff80002123cfc8) at VOP_IOCTL+0x9a vn_ioctl(fffffd8067af2d10,40287401,ffff8000222c1260,ffff80002123cfc8) at vn_ioctl+0xba sys_ioctl(ffff80002123cfc8,ffff8000222c1370,ffff8000222c13c0) at sys_ioctl+0x4b0 syscall(ffff8000222c1440) at syscall+0x4a1 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x604a6774340, count: -9 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000222c0ca0 rbx 0xffff8000222c0cb0 rdx 0x8b rcx 0x2 rax 0x1 r8 0xffffffff81b81665 kprintf+0x145 r9 0x1 r10 0x9a621bad2a6c9eba r11 0xa2ea4805819cb2d8 r12 0x3000000008 r13 0xffff8000222c0d50 r14 0x100 r15 0x1 rip 0xffffffff81e4d228 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000222c0c90 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=174602 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80002123c2a8,0xffffffff828c76b0 process=0xffff800021234010 user=0xffff8000222bc000, vmspace=0xfffffd807eff9730 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 30022 51306 3270 0 2 0 syz-executor.0 *30022 174602 3270 0 7 0x4000000 syz-executor.0 71532 223944 473 0 2 0x2 syz-executor.1 3270 444819 473 0 2 0x482 syz-executor.0 473 497124 80814 0 3 0x82 thrsleep syz-fuzzer 473 197306 80814 0 7 0x4000482 syz-fuzzer 473 476610 80814 0 3 0x4000082 thrsleep syz-fuzzer 473 371190 80814 0 3 0x4000082 thrsleep syz-fuzzer 473 444752 80814 0 3 0x4000082 thrsleep syz-fuzzer 473 12401 80814 0 3 0x4000082 thrsleep syz-fuzzer 473 181132 80814 0 3 0x4000082 kqread syz-fuzzer 473 396814 80814 0 2 0x4000482 syz-fuzzer 80814 281354 38286 0 3 0x10008a sigsusp ksh 38286 486944 54375 0 3 0x92 select sshd 62316 488555 1 0 3 0x100083 ttyin getty 54375 217154 1 0 3 0x80 select sshd 8322 81061 66626 74 3 0x100092 bpf pflogd 66626 432622 1 0 3 0x80 netio pflogd 76329 132586 6524 73 2 0x100090 syslogd 6524 206893 1 0 3 0x100082 netio syslogd 63800 370380 1 77 3 0x100090 poll dhclient 91490 1351 1 0 3 0x80 poll dhclient 81879 392784 0 0 3 0x14200 bored smr 49677 505362 0 0 3 0x14200 pgzero zerothread 49144 181344 0 0 3 0x14200 aiodoned aiodoned 37455 469750 0 0 3 0x14200 syncer update 30669 373814 0 0 3 0x14200 cleaner cleaner 32776 406070 0 0 3 0x14200 reaper reaper 38501 495509 0 0 3 0x14200 pgdaemon pagedaemon 21229 392094 0 0 3 0x14200 bored crynlk 33511 254339 0 0 3 0x14200 bored crypto 58628 509535 0 0 3 0x14200 bored viomb 30479 366983 0 0 3 0x40014200 acpi0 acpi0 36183 79537 0 0 3 0x40014200 idle1 62372 522636 0 0 3 0x14200 bored softnet 25374 449380 0 0 3 0x14200 bored systqmp 6269 167339 0 0 3 0x14200 bored systq 79692 271075 0 0 3 0x40014200 bored softclock 79143 499030 0 0 3 0x40014200 idle0 1 204977 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 30022 (syz-executor.0) thread 0xffff80002123cfc8 (174602) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff828d4128) #0 witness_lock+0x4b0 #1 vn_ioctl+0x40 #2 sys_ioctl+0x4b0 #3 syscall+0x4a1 #4 Xsyscall+0x128 Process 71532 (syz-executor.1) thread 0xffff80002123d268 (223944) exclusive rrwlock inode r = 0 (0xfffffd8067f442c0) #0 witness_lock+0x4b0 #1 rw_enter+0x443 #2 rrw_enter+0x88 #3 ufs_ihashins+0x45 #4 ffs_vget+0x135 #5 ffs_inode_alloc+0x1e1 #6 ufs_mkdir+0xf4 #7 VOP_MKDIR+0xc6 #8 domkdirat+0x121 #9 syscall+0x4a1 #10 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8067f44a30) #0 witness_lock+0x4b0 #1 rw_enter+0x443 #2 rrw_enter+0x88 #3 VOP_LOCK+0x4b #4 vn_lock+0x6c #5 vfs_lookup+0xe6 #6 namei+0x5f7 #7 domkdirat+0x75 #8 syscall+0x4a1 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9485 6416K 6417K 78643K 10579 0 pcb 13 8K 8K 78643K 17 0 rtable 105 3K 3K 78643K 199 0 ifaddr 44 10K 10K 78643K 45 0 counters 44 34K 34K 78643K 44 0 ioctlops 0 0K 4K 78643K 1469 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1224 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 3 0K 0K 78643K 3 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 49 0 proc 59 63K 95K 78643K 447 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 33 2K 2K 78643K 33 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 2K 78643K 358 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 138 25K 26K 78643K 849 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 10 0K 0K 78643K 10 0 temp 66 3971K 4035K 78643K 2077 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 120 21 0 19 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 27 0 17 1 0 1 1 0 8 0 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpqe 32 875 0 875 5 1 4 4 0 8 4 tcpcb 736 12 0 5 1 0 1 1 0 8 0 inpcb 304 43 0 35 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 kcovpl 48 2 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 14 0 0 1 0 1 1 0 8 0 pfstkey 112 14 0 0 1 0 1 1 0 8 0 pfstate 320 14 0 0 2 0 2 2 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 semapl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1441 0 37 88 0 88 88 0 8 0 ffsino 272 1441 0 37 95 1 94 94 0 8 0 nchpl 144 1674 0 70 60 0 60 60 0 8 0 uvmvnodes 72 1487 0 0 28 0 28 28 0 8 0 vnodes 224 1487 0 0 88 0 88 88 0 8 0 namei 1024 4351 0 4350 2 1 1 1 0 8 0 percpumem 16 33 0 0 1 0 1 1 0 8 0 scxspl 216 4969 0 4969 9 1 8 8 0 8 8 plimitpl 152 16 0 7 1 0 1 1 0 8 0 sigapl 424 265 0 233 4 0 4 4 0 8 0 futexpl 56 88 0 88 1 0 1 1 0 8 1 knotepl 112 62 0 42 1 0 1 1 0 8 0 kqueuepl 168 8 0 6 1 0 1 1 0 8 0 pipepl 336 76 0 65 1 0 1 1 0 8 0 fdescpl 496 249 0 233 3 0 3 3 0 8 0 filepl 152 1147 0 1040 6 1 5 5 0 8 0 lockfpl 104 5 0 4 1 0 1 1 0 8 0 lockfspl 48 3 0 2 1 0 1 1 0 8 0 sessionpl 144 18 0 7 1 0 1 1 0 8 0 pgrppl 48 18 0 7 1 0 1 1 0 8 0 ucredpl 96 72 0 63 1 0 1 1 0 8 0 zombiepl 144 233 0 233 2 1 1 1 0 8 1 processpl 1080 265 0 233 3 0 3 3 0 8 0 procpl 672 295 0 255 5 1 4 4 0 8 0 sockpl 432 91 0 71 3 0 3 3 0 8 0 mcl4k 4096 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 470 0 0 58 0 58 58 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 522 0 0 33 0 33 33 0 8 0 bufpl 280 3351 0 181 227 0 227 227 0 8 0 anonpl 24 39714 0 23242 102 1 101 101 0 186 1 amapchunkpl 152 1369 0 991 18 1 17 17 0 158 2 amappl16 200 822 0 152 36 0 36 36 0 8 0 amappl15 192 4 0 2 1 0 1 1 0 8 0 amappl14 184 31 0 26 1 0 1 1 0 8 0 amappl13 176 26 0 24 1 0 1 1 0 8 0 amappl12 168 14 0 12 1 0 1 1 0 8 0 amappl11 160 70 0 52 1 0 1 1 0 8 0 amappl10 152 8 0 4 1 0 1 1 0 8 0 amappl9 144 281 0 281 1 1 0 1 0 8 0 amappl8 136 155 0 113 2 0 2 2 0 8 0 amappl7 128 248 0 238 1 0 1 1 0 8 0 amappl6 120 63 0 54 1 0 1 1 0 8 0 amappl5 112 403 0 385 1 0 1 1 0 8 0 amappl4 104 279 0 255 1 0 1 1 0 8 0 amappl3 96 122 0 115 1 0 1 1 0 8 0 amappl2 88 1122 0 1050 3 1 2 3 0 8 0 amappl1 80 16221 0 15745 26 9 17 21 0 8 5 amappl 88 586 0 503 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 249 0 233 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 249 0 233 1 0 1 1 0 8 0 vmmpekpl 168 6126 0 6097 2 0 2 2 0 8 0 vmmpepl 168 38619 0 36724 120 11 109 109 0 357 26 vmsppl 368 248 0 233 2 0 2 2 0 8 0 rwobjpl 56 10434 0 9045 28 6 22 22 0 8 1 pdppl 4096 505 0 466 61 16 45 45 0 8 6 pvpl 32 140029 0 120499 163 0 163 163 0 265 4 pmappl 232 248 0 233 2 0 2 2 0 8 1 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 363 0 21 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff8245fb0e) at panic+0x15e vrele(fffffd806ee1d090) at vrele+0x197 ptmioctl(5100,40287401,ffff8000222c1260,3,ffff80002123cfc8) at ptmioctl+0x5b9 VOP_IOCTL(fffffd806e2df838,40287401,ffff8000222c1260,3,fffffd807f7b7900,ffff80002123cfc8) at VOP_IOCTL+0x9a vn_ioctl(fffffd8067af2d10,40287401,ffff8000222c1260,ffff80002123cfc8) at vn_ioctl+0xba sys_ioctl(ffff80002123cfc8,ffff8000222c1370,ffff8000222c13c0) at sys_ioctl+0x4b0 syscall(ffff8000222c1440) at syscall+0x4a1 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x604a6774340, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828d3f20) at __mp_lock+0x122 __mp_acquire_count(ffffffff828d3f20,1) at __mp_acquire_count+0x4c mi_switch() at mi_switch+0x390 sleep_finish(ffff80002125d258,1) at sleep_finish+0x111 sleep_finish_all(ffff80002125d258,1) at sleep_finish_all+0x32 tsleep(ffffffff82895cbc,120,ffffffff823a2c4c,2) at tsleep+0x1f2 sys_nanosleep(ffff8000ffff7cf0,ffff80002125d380,ffff80002125d3d0) at sys_nanosleep+0x1f5 syscall(ffff80002125d450) at syscall+0x4a1 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc00003ff20, count: 3 ddb{1}> trace x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xb7 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828d3f20) at __mp_lock+0x122 __mp_acquire_count(ffffffff828d3f20,1) at __mp_acquire_count+0x4c mi_switch() at mi_switch+0x390 sleep_finish(ffff80002125d258,1) at sleep_finish+0x111 sleep_finish_all(ffff80002125d258,1) at sleep_finish_all+0x32 tsleep(ffffffff82895cbc,120,ffffffff823a2c4c,2) at tsleep+0x1f2 sys_nanosleep(ffff8000ffff7cf0,ffff80002125d380,ffff80002125d3d0) at sys_nanosleep+0x1f5 syscall(ffff80002125d450) at syscall+0x4a1 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc00003ff20, count: -12