kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Sat Feb 8 04:45:50 PST 2020 OpenBSD/amd64 (ci-openbsd-multicore-1.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts. 2020/02/08 04:46:00 fuzzer started 2020/02/08 04:46:03 dialing manager at 10.128.15.235:5291 2020/02/08 04:46:03 syscalls: 337 2020/02/08 04:46:03 code coverage: enabled 2020/02/08 04:46:03 comparison tracing: enabled 2020/02/08 04:46:03 extra coverage: support is not implemented in syzkaller 2020/02/08 04:46:03 setuid sandbox: enabled 2020/02/08 04:46:03 namespace sandbox: support is not implemented in syzkaller 2020/02/08 04:46:03 Android sandbox: support is not implemented in syzkaller 2020/02/08 04:46:03 fault injection: support is not implemented in syzkaller 2020/02/08 04:46:03 leak checking: support is not implemented in syzkaller 2020/02/08 04:46:03 net packet injection: enabled 2020/02/08 04:46:03 net device setup: support is not implemented in syzkaller 2020/02/08 04:46:03 concurrency sanitizer: support is not implemented in syzkaller 2020/02/08 04:46:03 devlink PCI setup: support is not implemented in syzkaller 04:46:11 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x8000, 0x0) ioctl$VT_GETMODE(r0, 0x40087603, &(0x7f0000000040)) mknodat(r0, &(0x7f0000000080)='.\x00', 0x8000, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x80, 0x0) ioctl$VT_WAITACTIVE(r1, 0x20007606, &(0x7f0000000100)=0x1ff) dup(r1) ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000140)={0x7f, 0x4, {0x100}}) r2 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ttyCcfg\x00', 0x20, 0x0) ioctl$WSDISPLAYIO_GETSCREEN(r2, 0xc0245755, &(0x7f00000001c0)={0x8, './file0\x00', './file0\x00'}) r3 = msgget$private(0x0, 0x446) msgrcv(r3, &(0x7f0000000200)={0x0, ""/99}, 0x6b, 0x2, 0x1000) ioctl$WSDISPLAYIO_SETSCREEN(r0, 0x80045756, &(0x7f0000000280)=0xf7ff) rmdir(&(0x7f00000002c0)='./file0\x00') msgrcv(r3, &(0x7f0000000300)={0x0, ""/124}, 0x84, 0x3, 0x1800) r4 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/zero\x00', 0x0, 0x0) pipe2(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = openat$pci(0xffffffffffffff9c, &(0x7f0000000440)='/dev/pci\x00', 0x20000, 0x0) r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000480)='/dev/zero\x00', 0x80, 0x0) r8 = openat$null(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/null\x00', 0x325d17cf66dfc22e, 0x0) r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000500)='/dev/zero\x00', 0x2, 0x0) r10 = socket$inet(0x2, 0x1, 0xab) r11 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) kevent(r4, &(0x7f0000000540)=[{{r5}, 0xfffffffffffffffa, 0x3c, 0x1, 0x1, 0xfffffffffffffffd}, {{r6}, 0xffffffffffffffff, 0xb2, 0x80000000, 0xffffffffffffffff, 0x176}, {{r7}, 0xfffffffffffffffb, 0xe, 0x2, 0xfffffffffffffc01, 0x8}, {{r1}, 0xfffffffffffffff8, 0xda, 0xf0000000, 0xff, 0x4}, {{r1}, 0xfffffffffffffffe, 0x83, 0xfffff, 0x2, 0x200}, {{r8}, 0xfffffffffffffffe, 0x0, 0x40, 0x4, 0x6}, {{r9}, 0xffffffffffffffff, 0xc0, 0x8, 0xfff, 0x2}, {{0xffffffffffffff9c}, 0xfffffffffffffffa, 0xac, 0x2, 0x80, 0xf70b}], 0xcc, &(0x7f0000000640)=[{{r10}, 0xfffffffffffffffe, 0x1, 0x1, 0x0, 0x200}, {{r11}, 0xfffffffffffffff8, 0x28, 0x1, 0xfffffffffffffffb}, {{0xffffffffffffff9c}, 0xfffffffffffffffd, 0xf0, 0x1, 0x1, 0xfa5}, {{r2}, 0xffffffffffffffff, 0xd, 0x10, 0x100, 0x8}, {{r0}, 0xfffffffffffffffc, 0x35, 0x2, 0x7, 0x529}], 0x3, &(0x7f0000000700)={0xfffffffffffffff8, 0x1}) pipe(&(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) r14 = open$dir(&(0x7f00000007c0)='./file0\x00', 0x0, 0x51) ioctl$DIOCMAP(r13, 0xc0106477, &(0x7f0000000800)={&(0x7f0000000780)='./file0\x00', r14, 0x3}) r15 = openat$zero(0xffffffffffffff9c, &(0x7f0000000840)='/dev/zero\x00', 0x800, 0x0) r16 = accept(0xffffffffffffff9c, &(0x7f00000008c0)=@un=@file={0x0, ""/4096}, &(0x7f0000001900)=0x1002) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001940)={0xffffffffffffffff, 0xffffffffffffffff}) r18 = open(&(0x7f0000001980)='./file0\x00', 0x10, 0xcc) r19 = openat(0xffffffffffffff9c, &(0x7f00000019c0)='./file0\x00', 0x200, 0xa2) r20 = socket$inet6(0x18, 0x3, 0x8) kevent(r15, &(0x7f0000000880)=[{{r0}, 0xfffffffffffffffa, 0x2, 0x20, 0x2, 0xfa}], 0x0, &(0x7f0000001a00)=[{{r16}, 0xfffffffffffffffd, 0x1, 0x4, 0x100000001, 0x90f9}, {{r17}, 0xfffffffffffffffb, 0x90, 0x20, 0x110000000, 0xa80}, {{r18}, 0xfffffffffffffff8, 0x44, 0x40000000, 0xfffffffffffffffb, 0x1}, {{0xffffffffffffff9c}, 0xfffffffffffffffe, 0x80, 0x2, 0x3}, {{r12}, 0xfffffffffffffff9, 0x0, 0x1}, {{r19}, 0xfffffffffffffffb, 0x9, 0x40000000, 0x1, 0x7}, {{r20}, 0xfffffffffffffffa, 0x8, 0x1, 0x3, 0x7}], 0x2, &(0x7f0000001b00)={0x80000001, 0x6}) 04:46:11 executing program 1: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x10000) r1 = fcntl$getown(0xffffffffffffff9c, 0x5) getsockopt$SO_PEERCRED(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000040)={0x0, 0x0}, 0xc) r3 = getegid() setsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f0000000080)={r1, r2, r3}, 0xc) truncate(&(0x7f00000000c0)='./file0\x00', 0x0, 0x1) r4 = semget(0x2, 0x0, 0x1e0) semop(r4, &(0x7f0000000100)=[{0x1, 0x5, 0x800}, {0x1, 0xb54, 0x800}, {0x4, 0x6, 0x1000}, {0x3, 0x7, 0x1800}, {0x4, 0x401}, {0x4, 0xfff}, {0x1, 0x2fa2, 0x800}, {0x0, 0x3, 0x800}], 0x8) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x20000, 0x0) r6 = openat(r5, &(0x7f0000000180)='./file0\x00', 0x0, 0xa8) r7 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyCcfg\x00', 0x0, 0x0) ioctl$KDSETLED(r7, 0x20004b42, &(0x7f0000000200)=0x2) r8 = socket(0x6, 0x3, 0x40) getsockopt$sock_cred(r8, 0xffff, 0x1022, &(0x7f0000000240), &(0x7f0000000280)=0xc) getsockopt$SO_PEERCRED(r5, 0xffff, 0x1022, &(0x7f00000002c0), 0xc) r9 = dup(0xffffffffffffff9c) fcntl$setstatus(r9, 0x4, 0x4) close(r6) r10 = openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0x20288, 0x0) ioctl$VT_OPENQRY(r10, 0x40047601, &(0x7f0000000340)) r11 = openat$wskbd(0xffffffffffffff9c, &(0x7f0000000380)='/dev/wskbd0\x00', 0x10000, 0x0) writev(r11, &(0x7f0000000740)=[{&(0x7f00000003c0)="a8ae028724ca52a7d0ff8fe50d253a8cfc467c488077f1068535ff96c850764cdc4f2226d77f5cdcfeb00d8f678ef6c78bf168cec6175951b4192e33e27062868da210fc25c8351c31528678c10d79c865d5f7bbb4b7fcee229c9ac3877c4646775a5cde99668e2c103df2634699d02e33ca8466db46b989de98e5fb49de2f6a5f87f0a2e53852b0de267012f1c63f9c6b4e21be9b9aebdc7ea82d2913072ae86071ba3441f0a1ea2669d2cd8191634b891287abe85dfce50757143662bdde69acb0505b1e2991e584505ce29fc69ad54898f611c4628e5b1797b9b33160f709e42f6abd17de242e795bf552e2424e199e4eb32c65f13e735510b651c3ed", 0xfe}, {&(0x7f00000004c0)="4d8f2f39693502442e1268d8704960c3e51655ea14b28d474a88f496aaa77787addcee0460ebc37ac39ddb33380a7fc7dc3da8c5d80f6cf55f0a585b2fc4f1391db8f650dc594f6f0ba974770a5e8d07357e39ca837eb7369ab8421fa85c1d9696967ef44e72e5556ad3e784811db76e6c69aa3492106d4126c4b11511b13efdfa689aad0967b53a36558edcf7f2aabf3e5a23efec025d4e89f6d5964b53edc69b513c88", 0xa4}, {&(0x7f0000000580)="77a7dc2ff7238c59ded3f7a390336f1b5a35c2f72f040183b606c824db4a4ec3b1befe1bf98bd8fdae", 0x29}, {&(0x7f00000005c0)="aa5ae939e355e53fb121c0be3c4c091f4c0c0449b17e118886ee370df6e5590b8eea4ab206c1ff6abd91071ea669a43c0d3850c6244a699ba34b5dc69a103f826053ad830f5302c072e77b76816cfed944125a80a9c21b800400b7041929825d99d0adc551fb9d0ce226a5d581d9e2ae3996a43a43d518b03241e160e425f64b215d20f95c050ead670209063b0abda3031c2b4fb7c680c6685934596312df17f5e654f81a54009b38facefa0791924129906e0e1e4fb62c400cd93d3066c82eb2065a1ccf686938", 0xc8}, {&(0x7f00000006c0)="7f4dd03b7feb250933b0d402b7e21014b9c2be5605f4850561c6116a64ab3e6a03b33ab290091e5f7f584d9908900032344d3a6ca46b94d42d5b96ba48f929f638849e3a0900fd0ac85f5467d606f1bd2b0c5e0ba5b937e883f1dea8248fb0d7987fb01a9bfc30d5711bd88e81fc20dd90312d158d9a091e581e3980cb59", 0x7e}], 0x5) ioctl$TIOCCDTR(r10, 0x20007478) r12 = accept$unix(0xffffffffffffffff, &(0x7f00000007c0)=@file={0x0, ""/108}, &(0x7f0000000840)=0x6e) recvfrom$unix(r12, &(0x7f0000000880)=""/99, 0x63, 0x0, &(0x7f0000000900)=@file={0x0, './file0\x00'}, 0xa) pipe2(&(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) ioctl$BIOCLOCK(r13, 0x20004276) socketpair(0x1, 0x5, 0x40, &(0x7f0000000980)={0xffffffffffffffff, 0xffffffffffffffff}) r15 = accept$inet(0xffffffffffffff9c, &(0x7f00000009c0), &(0x7f0000000a00)=0xc) fcntl$dupfd(r14, 0x5, r15) 04:46:12 executing program 1: socket(0x2, 0x3, 0x0) socket(0x18, 0x8003, 0x0) pipe(&(0x7f0000001280)) kqueue() openat$vmm(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/vmm\x00', 0x0, 0x0) openat$vmm(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/vmm\x00', 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) kqueue() kqueue() getsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f0000000040), &(0x7f0000000080)=0xc) open$dir(&(0x7f0000000bc0)='./file1\x00', 0x400000002c5, 0x0) socket(0x1, 0x1, 0xef) r1 = open$dir(&(0x7f0000000bc0)='./file1\x00', 0x0, 0x0) kevent(0xffffffffffffffff, &(0x7f0000000100)=[{{r1}}], 0x0, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="82020000ff"], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) msgget$private(0x0, 0x4) r2 = socket(0x2, 0x3, 0x1) mlock(&(0x7f00003e4000/0x4000)=nil, 0x4000) connect$unix(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000696c65c12a"], 0x10) sendto$unix(r2, &(0x7f0000000100)="749703210f6e83f8", 0x8, 0x0, 0x0, 0x0) 04:46:12 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x4000000001, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000080)={'tap', 0x0}) ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f0000000180)={0x3, &(0x7f0000000000)=[{0x35}, {0x14}, {0x6, 0x0, 0x0, 0x100000100}]}) r1 = open(&(0x7f0000000000)='./bus\x00', 0x400000003fd, 0x0) write(r1, &(0x7f0000000040)='on', 0x2) r2 = socket$inet(0x2, 0x3, 0xb5) ioctl$LIOCSFD(r1, 0x80046c7f, &(0x7f00000000c0)=r2) pwrite(r0, &(0x7f0000000040)="fbaf8a8d1a029be96914f6357e3a", 0xe, 0x0, 0x0) 04:46:12 executing program 0: r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x0, 0x2810, r0, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x0, 0x10, r1, 0x0, 0x0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) 04:46:12 executing program 1: r0 = socket(0x11, 0x4003, 0x0) sendto$unix(r0, &(0x7f0000000340)="b100050160000000000008000701000000c60000cea1fea7fef96ecfc73fd3357af96caa0416e74f376336acf00a7804be781e4991f7c8df5f882b297be1aa5b23ed00f4c8b2ca3ebbc257699a1f132e27acb5d602000d7d026ba8af63ff37282902e4fd89720fd3872babfbb770c1f5a872c881d37d83ff7cc53c894303b22f3119404f36a00e90006ee01be657ae000000020000020000000000000071a3f800040000000000d57c55e383b40000000000000082fccd9840398b61979aaf5270367c0ae12b83d887db7fad8a3b16b323c2042ea6571c416c72f9565342428ba90b0ae69480cfb91ef2ba74bdd7719dbdd6fd23697ffabf589b8f7fcff067c1b2385bdec5c28c15a9f311a6448d604104196724c136a0df74eb682db481204251d1843e6934249530c94ea2d1abf8f5ac9c3a48874d42ccea3038e4", 0xb1, 0x18, 0x0, 0x8a) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0x68, &(0x7f0000000140)={{0x18, 0x3, 0xa3, 0x3}, {0x18, 0x3, 0x8, 0x7}, 0x3, [0xe2, 0x5, 0x800, 0x1ff, 0x31, 0x1ff, 0xbe, 0x3f]}, 0x3c) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bpf\x00', 0x4000004000000001, 0x0) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x80, 0x8) mkdirat(r2, &(0x7f0000000200)='./file0\x00', 0x50) ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f00000000c0)={'tap', 0x0}) pwrite(r1, &(0x7f0000000040)="fb", 0x2c0, 0x0, 0x0) r3 = syz_open_pts() close(r3) ioctl$TIOCSETA(r3, 0x802c7414, &(0x7f0000000040)={0x0, 0x0, 0x5, 0x2, "33ec0600000a765e2ba40400", 0x9, 0x10000000}) writev(r3, &(0x7f0000000480)=[{&(0x7f0000000640)="b20a", 0x2}], 0x1) r4 = dup2(r1, r3) ioctl$WSMOUSEIO_SRES(r4, 0x80045721, &(0x7f0000000000)=0x1) 04:46:12 executing program 0: openat$bpf(0xffffffffffffff9c, &(0x7f0000000380)='/dev/bpf\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) setuid(0x0) mknod(&(0x7f0000000040)='./bus\x00', 0x800080002002, 0x5bcf) open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) mknod(&(0x7f0000000240)='./file0\x00', 0x800080002002, 0x5bc9) open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) select(0x40, &(0x7f0000000040), &(0x7f0000000080)={0x2}, &(0x7f0000000100)={0x103}, 0x0) 04:46:12 executing program 1: r0 = open(&(0x7f00000000c0)='./bus\x00', 0x20, 0x4) setreuid(0x0, 0xffffffffffffffff) r1 = openat$vmm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vmm\x00', 0x0, 0x0) ioctl$VMM_IOC_WRITEREGS(r1, 0x82485608, &(0x7f0000000140)={0x1, 0x0, 0xaee6, {[0x0, 0x0, 0x0, 0x1], [], [], [0x0, 0x0, 0xfff]}}) ioctl$VMM_IOC_INTR(r1, 0x800c5606, &(0x7f0000000080)={0x7ff, 0x8000, 0x6}) write(r0, &(0x7f0000000040)='on', 0x2) r2 = dup(0xffffffffffffff9c) ioctl$VMM_IOC_READREGS(r2, 0xc2485607, &(0x7f00000003c0)) acct(&(0x7f0000000000)='./file0\x00') ioctl$KDDISABIO(r0, 0x20004b3d) sync() r3 = syz_open_pts() close(r3) ioctl$TIOCSETA(r3, 0x802c7414, &(0x7f0000000040)={0x0, 0x0, 0x5, 0xffffffffffff65b0, "33ec72735f0a765e2ba400"}) writev(r3, &(0x7f0000000480)=[{&(0x7f0000000640)="b20a", 0x2}], 0x1) r4 = socket(0x11, 0x4003, 0x0) sendto$unix(r4, &(0x7f0000000340)="b100050160000000000008000701000000c60000cea1fea7fef96ecfc73fd3357af96caa0416e74f376336acf00a7804be781e4991f7c8df5f882b297be1aa5b23ed00f4c8b2ca3ebbc257699a1f132e27acb5d602000d7d026ba8af63ff37282902e4fd89720fd3872babfbb770c1f5a872c881d37d83ff7cc53c894303b22f3119404f36a00e90006ee01be657ae000000020000020000000000000071a3f800040000000000d57c55e383b40000000000000082fccd9840398b61979aaf5270367c0ae12b83d887db7fad8a3b16b323c2042ea6571c416c72f9565342428ba90b0ae69480cfb91ef2ba74bdd7719dbdd6fd23697ffabf589b8f7fcff067c1b2385bdec5c28c15a9f311a6448d604104196724c136a0df74eb682db481204251d1843e6934249530c94ea2d1abf8f5ac9c3a48874d42ccea3038e4", 0xb1, 0x18, 0x0, 0x8a) r5 = accept$inet6(r4, &(0x7f0000000640), &(0x7f0000000680)=0xc) fcntl$dupfd(r3, 0xa, r5) open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0) shmctl$SHM_UNLOCK(0xffffffffffffffff, 0x4) 04:46:12 executing program 0: ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0x0, 0x800, {0x9, 0x90000000000001}}) r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000080)={'tap', 0x0}) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f00000000c0)={0x3, &(0x7f0000000180)=[{0x7}, {0x10054}, {0x6}]}) syz_emit_ethernet(0x253, &(0x7f0000000000)="b6") r1 = open(&(0x7f0000000000)='./bus\x00', 0x400000003fd, 0x0) write(r1, &(0x7f0000000040)='on', 0x2) ioctl$VT_GETMODE(r1, 0x40087603, &(0x7f0000000100)) ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, &(0x7f00000000c0)={0x0, 0x0, 0xffffffffffffffff, 0x0, "00000000000000000000f2ffffffffffffff4000"}) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000080)={0x0, 0x0, 0x90d2, 0x0, "d730c1e7bb6fc6e23c5b00000000000000e74de4"}) connect$unix(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB=','], 0x1) ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0x0, "010000000000000000ffffff7f00"}) r2 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r2, 0x80104267, &(0x7f0000000300)={0x3, &(0x7f0000000040)=[{}, {0x54}, {0x80000006}]}) ioctl$BIOCSETIF(r2, 0x8020426c, &(0x7f0000000480)={'tap', 0x0}) ioctl$BIOCGDIRFILT(r2, 0x4004427c, &(0x7f00000001c0)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) socket(0x18, 0x1, 0x0) socket$inet6(0x18, 0x8001, 0x5) setsockopt(r1, 0x29, 0xc, &(0x7f0000000240)="878dcbff13b9fd812eaa4e713048e69931929648", 0xfffffffffffffe69) r3 = socket(0x18, 0x1, 0x0) close(r3) r4 = socket(0x18, 0x2, 0x0) close(r4) socket(0x400000000018, 0x3, 0x3a) setsockopt(r4, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) connect$unix(r3, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) r5 = syz_open_pts() close(r5) ioctl$TIOCSETA(r5, 0x802c7414, &(0x7f0000000040)={0x0, 0x0, 0x5, 0xffffffffffff65b0, "33ec72735f0a765e2ba400"}) writev(r5, &(0x7f0000000480)=[{&(0x7f0000000640)="b20a", 0x2}], 0x1) fcntl$dupfd(r5, 0x0, r2) write(r4, &(0x7f0000000040)="100a2956b9223776", 0x21d) 04:46:12 executing program 0: ioctl$VMM_IOC_WRITEREGS(0xffffffffffffffff, 0x82485608, &(0x7f0000000240)={0x0, 0x0, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff], [0x0, 0x0, 0x0, 0x9, 0xfffdffffffffffff], [0x0, 0x0, 0x482], [{}, {}, {0x2}]}}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) r0 = syz_open_pts() close(r0) ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000040)={0x0, 0x0, 0x5, 0xffffffffffff65b0, "33ec72735f0a765e2ba400"}) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000640)="b20a", 0x2}], 0x1) r1 = dup2(r0, 0xffffffffffffff9c) ioctl$BIOCGDIRFILT(r1, 0x4004427c, &(0x7f0000000000)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r2 = socket(0x18, 0x2, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$TIOCFLUSH(r3, 0x8080691a, &(0x7f0000000300)) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0) 04:46:12 executing program 1: mknod(&(0x7f0000000040)='./bus\x00', 0x2080002002, 0x40004000000028ad) r0 = open(&(0x7f0000000000)='./bus\x00', 0x400000003fd, 0x0) write(r0, &(0x7f0000000040)='on', 0x2) unlinkat(r0, &(0x7f0000000080)='./bus\x00', 0x8) connect(0xffffffffffffff9c, &(0x7f0000000000)=@un=@abs={0x1, 0x0, 0x1}, 0x8) open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) kevent(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x3, 0x7ffffffe}) r1 = kqueue() kevent(r1, &(0x7f0000000100), 0x6, 0x0, 0x40000009d1, &(0x7f0000000140)={0x3, 0x7ffffffe}) r2 = syz_open_pts() close(r2) ioctl$TIOCSETA(r2, 0x802c7414, &(0x7f0000000040)={0x0, 0x0, 0x5, 0xffffffffffff65b0, "33ec72735f0a765e2ba400"}) writev(r2, &(0x7f0000000480)=[{&(0x7f0000000640)="b20a", 0x2}], 0x1) dup(r2) login: panic: receive 1a: so 0xfffffd806f6e5640, so_type 3, m 0xfffffd806f17ea00, m_type 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 107199 44934 0 0x2 0x4000000 0 syz-fuzzer *127805 28072 0 0 0 1K dhclient db_enter() at db_enter+0x18 panic(ffffffff821c0db8) at panic+0x15c soreceive(fffffd806f6e5640,0,ffff800020abcfe8,0,0,ffff800020abcef4) at soreceive+0x174a soo_read(fffffd807a7fb2f8,ffff800020abcfe8,0) at soo_read+0x53 dofilereadv(ffff800020a7c4e8,6,ffff800020abcfe8,0,ffff800020abd0d0) at dofilereadv+0x1a1 sys_read(ffff800020a7c4e8,ffff800020abd080,ffff800020abd0d0) at sys_read+0x83 syscall(ffff800020abd150) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffda750, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic receive 1a: so 0xfffffd806f6e5640, so_type 3, m 0xfffffd806f17ea00, m_type 0 ddb{1}> trace db_enter() at db_enter+0x18 panic(ffffffff821c0db8) at panic+0x15c soreceive(fffffd806f6e5640,0,ffff800020abcfe8,0,0,ffff800020abcef4) at soreceive+0x174a soo_read(fffffd807a7fb2f8,ffff800020abcfe8,0) at soo_read+0x53 dofilereadv(ffff800020a7c4e8,6,ffff800020abcfe8,0,ffff800020abd0d0) at dofilereadv+0x1a1 sys_read(ffff800020a7c4e8,ffff800020abd080,ffff800020abd0d0) at sys_read+0x83 syscall(ffff800020abd150) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffda750, count: -8 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020abcd30 rbx 0xffff800020abcde0 rdx 0xffff800020a7c4e8 rcx 0 rax 0 r8 0xffffffff81b395df kprintf+0x16f r9 0x1 r10 0x25 r11 0x6a2f28eff33e8f5 r12 0x3000000008 r13 0xffff800020abcd40 r14 0x100 r15 0x1 rip 0xffffffff8177a798 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020abcd20 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (dhclient) pid=127805 stat=onproc flags process=0 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020a7d118,0xffff800020a7c768 process=0xffff800020a90b50 user=0xffff800020ab8000, vmspace=0xfffffd807efff2e0 estcpu=0, cpticks=1, pctcpu=0.1 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 56362 139951 98611 0 2 0 syz-executor.1 56362 181635 98611 0 3 0x4000080 fsleep syz-executor.1 84357 244672 0 0 3 0x14200 acct acct 98611 341097 44934 0 3 0x82 nanosleep syz-executor.1 3148 234838 44934 0 3 0x2 biowait syz-executor.0 44934 103459 70688 0 3 0x82 thrsleep syz-fuzzer 44934 132452 70688 0 3 0x4000082 nanosleep syz-fuzzer 44934 23277 70688 0 3 0x4000082 thrsleep syz-fuzzer 44934 180589 70688 0 3 0x4000082 kqread syz-fuzzer 44934 107199 70688 0 7 0x4000002 syz-fuzzer 44934 1927 70688 0 3 0x4000082 thrsleep syz-fuzzer 44934 268128 70688 0 3 0x4000082 thrsleep syz-fuzzer 44934 495357 70688 0 3 0x4000082 thrsleep syz-fuzzer 44934 492049 70688 0 3 0x4000082 thrsleep syz-fuzzer 44934 134822 70688 0 3 0x4000082 thrsleep syz-fuzzer 70688 29952 27888 0 3 0x10008a pause ksh 27888 414276 26240 0 3 0x92 select sshd 95349 55307 1 0 3 0x100083 ttyin getty 26240 130649 1 0 3 0x80 select sshd 9785 163041 60906 74 3 0x100092 bpf pflogd 60906 386131 1 0 3 0x80 netio pflogd 60681 246051 37293 73 3 0x100090 kqread syslogd 37293 402511 1 0 3 0x100082 netio syslogd 81693 117770 1 77 3 0x100090 poll dhclient *28072 127805 1 0 7 0 dhclient 60395 465767 0 0 3 0x14200 pgzero zerothread 42816 443441 0 0 3 0x14200 aiodoned aiodoned 77331 187003 0 0 3 0x14200 syncer update 98505 189286 0 0 3 0x14200 cleaner cleaner 23550 295665 0 0 3 0x14200 reaper reaper 96121 423405 0 0 3 0x14200 pgdaemon pagedaemon 39678 12739 0 0 3 0x14200 bored crynlk 83786 246523 0 0 3 0x14200 bored crypto 7266 386104 0 0 3 0x40014200 acpi0 acpi0 66495 86033 0 0 3 0x40014200 idle1 73494 361898 0 0 3 0x14200 bored softnet 16341 170178 0 0 3 0x14200 bored systqmp 44318 488579 0 0 3 0x14200 bored systq 85411 518551 0 0 3 0x40014200 bored softclock 42711 432975 0 0 3 0x40014200 idle0 24585 274529 0 0 3 0x14200 bored smr 1 186001 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 3148 (syz-executor.0) thread 0xffff800020a7dd48 (234838) exclusive rrwlock inode r = 0 (0xfffffd8066535f80) #0 witness_lock+0x52e #1 rw_enter+0x453 #2 rrw_enter+0x88 #3 VOP_LOCK+0xf9 #4 vn_lock+0x81 #5 vget+0x1c8 #6 ufs_ihashget+0x141 #7 ffs_vget+0x74 #8 ufs_lookup+0x14b7 #9 VOP_LOOKUP+0x5b #10 vfs_lookup+0x7a6 #11 namei+0x63c #12 dounlinkat+0x99 #13 syscall+0x4a4 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806b45a098) #0 witness_lock+0x52e #1 rw_enter+0x453 #2 rrw_enter+0x88 #3 VOP_LOCK+0xf9 #4 vn_lock+0x81 #5 vfs_lookup+0xe6 #6 namei+0x63c #7 dounlinkat+0x99 #8 syscall+0x4a4 #9 Xsyscall+0x128 Process 28072 (dhclient) thread 0xffff800020a7c4e8 (127805) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8264b5f8) #0 witness_lock+0x52e #1 solock+0x66 #2 soreceive+0x114 #3 soo_read+0x53 #4 dofilereadv+0x1a1 #5 sys_read+0x83 #6 syscall+0x4a4 #7 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9492 6594K 6594K 78643K 10603 0 pcb 13 8K 8K 78643K 28 0 rtable 105 3K 3K 78643K 205 0 ifaddr 49 11K 11K 78643K 52 0 counters 45 34K 34K 78643K 45 0 ioctlops 0 0K 4K 78643K 1471 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1232 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 196K 290K 78643K 12766 0 file desc 5 13K 25K 78643K 45 0 proc 59 63K 95K 78643K 438 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 33 2K 2K 78643K 33 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 207 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 105 21K 22K 78643K 1063 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 4 0 NDP 7 0K 0K 78643K 11 0 temp 76 3009K 3073K 78643K 2120 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 23 0 21 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 45 0 35 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 348 0 348 1 0 1 1 0 8 1 tcpcb 544 14 0 10 1 0 1 1 0 8 0 inpcb 280 57 0 50 2 0 2 2 0 8 1 nd6 48 4 0 0 1 0 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 12 0 0 1 0 1 1 0 8 0 pfstkey 112 12 0 0 1 0 1 1 0 8 0 pfstate 328 12 0 0 1 0 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 213 0 0 14 0 14 14 0 8 0 art_table 32 214 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1449 0 39 46 0 46 46 0 8 0 ffsino 272 1449 0 39 95 0 95 95 0 8 0 nchpl 144 1699 0 81 61 0 61 61 0 8 0 uvmvnodes 72 1502 0 0 28 0 28 28 0 8 0 vnodes 208 1502 0 0 80 0 80 80 0 8 0 namei 1024 4403 0 4403 1 0 1 1 0 8 1 percpumem 16 33 0 0 1 0 1 1 0 8 0 scxspl 192 5088 0 5087 8 1 7 7 0 8 6 plimitpl 152 15 0 7 1 0 1 1 0 8 0 sigapl 432 244 0 229 3 0 3 3 0 8 1 futexpl 56 308 0 307 1 0 1 1 0 8 0 knotepl 112 53 0 34 1 0 1 1 0 8 0 kqueuepl 104 8 0 6 1 0 1 1 0 8 0 pipelkpl 48 82 0 72 1 0 1 1 0 8 0 pipepl 120 164 0 145 1 0 1 1 0 8 0 fdescpl 496 245 0 229 3 0 3 3 0 8 0 filepl 152 1329 0 1228 6 0 6 6 0 8 1 lockfpl 104 14 0 12 1 0 1 1 0 8 0 lockfspl 48 7 0 5 1 0 1 1 0 8 0 sessionpl 112 18 0 7 1 0 1 1 0 8 0 pgrppl 48 18 0 7 1 0 1 1 0 8 0 ucredpl 96 69 0 60 1 0 1 1 0 8 0 zombiepl 144 229 0 229 1 0 1 1 0 8 1 processpl 960 261 0 229 5 0 5 5 0 8 0 procpl 624 300 0 258 4 0 4 4 0 8 0 sockpl 400 125 0 106 4 0 4 4 0 8 2 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 168 0 0 20 0 20 20 0 8 0 mtagpl 80 3 0 0 1 0 1 1 0 8 0 mbufpl 256 195 0 0 12 0 12 12 0 8 0 bufpl 280 4137 0 193 282 0 282 282 0 8 0 anonpl 16 38526 0 23090 64 1 63 63 0 125 0 amapchunkpl 152 1223 0 1085 8 0 8 8 0 158 1 amappl16 192 963 0 129 43 1 42 42 0 8 0 amappl15 184 69 0 63 1 0 1 1 0 8 0 amappl14 176 31 0 28 1 0 1 1 0 8 0 amappl12 160 10 0 8 2 1 1 1 0 8 0 amappl11 152 57 0 42 1 0 1 1 0 8 0 amappl10 144 13 0 7 1 0 1 1 0 8 0 amappl9 136 599 0 596 1 0 1 1 0 8 0 amappl8 128 121 0 99 1 0 1 1 0 8 0 amappl7 120 103 0 91 1 0 1 1 0 8 0 amappl6 112 62 0 54 1 0 1 1 0 8 0 amappl5 104 140 0 125 1 0 1 1 0 8 0 amappl4 96 495 0 465 1 0 1 1 0 8 0 amappl3 88 119 0 110 1 0 1 1 0 8 0 amappl2 80 1062 0 986 3 1 2 3 0 8 0 amappl1 72 15592 0 15137 25 8 17 21 0 8 6 amappl 80 549 0 505 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 245 0 229 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 245 0 229 1 0 1 1 0 8 0 vmmpekpl 168 5930 0 5896 2 0 2 2 0 8 0 vmmpepl 168 37575 0 35562 120 2 118 118 0 357 26 vmsppl 368 244 0 229 2 0 2 2 0 8 0 pdppl 4096 497 0 458 6 0 6 6 0 8 0 pvpl 32 133020 0 114456 155 0 155 155 0 265 4 pmappl 232 244 0 229 2 0 2 2 0 8 1 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 168 0 3 5 0 5 5 0 8 0