kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons:.
Sat Feb  8 04:45:50 PST 2020

OpenBSD/amd64 (ci-openbsd-multicore-1.c.syzkaller.internal) (tty00)

Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts.
2020/02/08 04:46:00 fuzzer started
2020/02/08 04:46:03 dialing manager at 10.128.15.235:5291
2020/02/08 04:46:03 syscalls: 337
2020/02/08 04:46:03 code coverage: enabled
2020/02/08 04:46:03 comparison tracing: enabled
2020/02/08 04:46:03 extra coverage: support is not implemented in syzkaller
2020/02/08 04:46:03 setuid sandbox: enabled
2020/02/08 04:46:03 namespace sandbox: support is not implemented in syzkaller
2020/02/08 04:46:03 Android sandbox: support is not implemented in syzkaller
2020/02/08 04:46:03 fault injection: support is not implemented in syzkaller
2020/02/08 04:46:03 leak checking: support is not implemented in syzkaller
2020/02/08 04:46:03 net packet injection: enabled
2020/02/08 04:46:03 net device setup: support is not implemented in syzkaller
2020/02/08 04:46:03 concurrency sanitizer: support is not implemented in syzkaller
2020/02/08 04:46:03 devlink PCI setup: support is not implemented in syzkaller
04:46:11 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x8000, 0x0)
ioctl$VT_GETMODE(r0, 0x40087603, &(0x7f0000000040))
mknodat(r0, &(0x7f0000000080)='.\x00', 0x8000, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x80, 0x0)
ioctl$VT_WAITACTIVE(r1, 0x20007606, &(0x7f0000000100)=0x1ff)
dup(r1)
ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000140)={0x7f, 0x4, {0x100}})
r2 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ttyCcfg\x00', 0x20, 0x0)
ioctl$WSDISPLAYIO_GETSCREEN(r2, 0xc0245755, &(0x7f00000001c0)={0x8, './file0\x00', './file0\x00'})
r3 = msgget$private(0x0, 0x446)
msgrcv(r3, &(0x7f0000000200)={0x0, ""/99}, 0x6b, 0x2, 0x1000)
ioctl$WSDISPLAYIO_SETSCREEN(r0, 0x80045756, &(0x7f0000000280)=0xf7ff)
rmdir(&(0x7f00000002c0)='./file0\x00')
msgrcv(r3, &(0x7f0000000300)={0x0, ""/124}, 0x84, 0x3, 0x1800)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/zero\x00', 0x0, 0x0)
pipe2(&(0x7f0000000400)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
r6 = openat$pci(0xffffffffffffff9c, &(0x7f0000000440)='/dev/pci\x00', 0x20000, 0x0)
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000480)='/dev/zero\x00', 0x80, 0x0)
r8 = openat$null(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/null\x00', 0x325d17cf66dfc22e, 0x0)
r9 = openat$zero(0xffffffffffffff9c, &(0x7f0000000500)='/dev/zero\x00', 0x2, 0x0)
r10 = socket$inet(0x2, 0x1, 0xab)
r11 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
kevent(r4, &(0x7f0000000540)=[{{r5}, 0xfffffffffffffffa, 0x3c, 0x1, 0x1, 0xfffffffffffffffd}, {{r6}, 0xffffffffffffffff, 0xb2, 0x80000000, 0xffffffffffffffff, 0x176}, {{r7}, 0xfffffffffffffffb, 0xe, 0x2, 0xfffffffffffffc01, 0x8}, {{r1}, 0xfffffffffffffff8, 0xda, 0xf0000000, 0xff, 0x4}, {{r1}, 0xfffffffffffffffe, 0x83, 0xfffff, 0x2, 0x200}, {{r8}, 0xfffffffffffffffe, 0x0, 0x40, 0x4, 0x6}, {{r9}, 0xffffffffffffffff, 0xc0, 0x8, 0xfff, 0x2}, {{0xffffffffffffff9c}, 0xfffffffffffffffa, 0xac, 0x2, 0x80, 0xf70b}], 0xcc, &(0x7f0000000640)=[{{r10}, 0xfffffffffffffffe, 0x1, 0x1, 0x0, 0x200}, {{r11}, 0xfffffffffffffff8, 0x28, 0x1, 0xfffffffffffffffb}, {{0xffffffffffffff9c}, 0xfffffffffffffffd, 0xf0, 0x1, 0x1, 0xfa5}, {{r2}, 0xffffffffffffffff, 0xd, 0x10, 0x100, 0x8}, {{r0}, 0xfffffffffffffffc, 0x35, 0x2, 0x7, 0x529}], 0x3, &(0x7f0000000700)={0xfffffffffffffff8, 0x1})
pipe(&(0x7f0000000740)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
r14 = open$dir(&(0x7f00000007c0)='./file0\x00', 0x0, 0x51)
ioctl$DIOCMAP(r13, 0xc0106477, &(0x7f0000000800)={&(0x7f0000000780)='./file0\x00', r14, 0x3})
r15 = openat$zero(0xffffffffffffff9c, &(0x7f0000000840)='/dev/zero\x00', 0x800, 0x0)
r16 = accept(0xffffffffffffff9c, &(0x7f00000008c0)=@un=@file={0x0, ""/4096}, &(0x7f0000001900)=0x1002)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001940)={0xffffffffffffffff, <r17=>0xffffffffffffffff})
r18 = open(&(0x7f0000001980)='./file0\x00', 0x10, 0xcc)
r19 = openat(0xffffffffffffff9c, &(0x7f00000019c0)='./file0\x00', 0x200, 0xa2)
r20 = socket$inet6(0x18, 0x3, 0x8)
kevent(r15, &(0x7f0000000880)=[{{r0}, 0xfffffffffffffffa, 0x2, 0x20, 0x2, 0xfa}], 0x0, &(0x7f0000001a00)=[{{r16}, 0xfffffffffffffffd, 0x1, 0x4, 0x100000001, 0x90f9}, {{r17}, 0xfffffffffffffffb, 0x90, 0x20, 0x110000000, 0xa80}, {{r18}, 0xfffffffffffffff8, 0x44, 0x40000000, 0xfffffffffffffffb, 0x1}, {{0xffffffffffffff9c}, 0xfffffffffffffffe, 0x80, 0x2, 0x3}, {{r12}, 0xfffffffffffffff9, 0x0, 0x1}, {{r19}, 0xfffffffffffffffb, 0x9, 0x40000000, 0x1, 0x7}, {{r20}, 0xfffffffffffffffa, 0x8, 0x1, 0x3, 0x7}], 0x2, &(0x7f0000001b00)={0x80000001, 0x6})

04:46:11 executing program 1:
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x10000)
r1 = fcntl$getown(0xffffffffffffff9c, 0x5)
getsockopt$SO_PEERCRED(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000040)={0x0, <r2=>0x0}, 0xc)
r3 = getegid()
setsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f0000000080)={r1, r2, r3}, 0xc)
truncate(&(0x7f00000000c0)='./file0\x00', 0x0, 0x1)
r4 = semget(0x2, 0x0, 0x1e0)
semop(r4, &(0x7f0000000100)=[{0x1, 0x5, 0x800}, {0x1, 0xb54, 0x800}, {0x4, 0x6, 0x1000}, {0x3, 0x7, 0x1800}, {0x4, 0x401}, {0x4, 0xfff}, {0x1, 0x2fa2, 0x800}, {0x0, 0x3, 0x800}], 0x8)
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x20000, 0x0)
r6 = openat(r5, &(0x7f0000000180)='./file0\x00', 0x0, 0xa8)
r7 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyCcfg\x00', 0x0, 0x0)
ioctl$KDSETLED(r7, 0x20004b42, &(0x7f0000000200)=0x2)
r8 = socket(0x6, 0x3, 0x40)
getsockopt$sock_cred(r8, 0xffff, 0x1022, &(0x7f0000000240), &(0x7f0000000280)=0xc)
getsockopt$SO_PEERCRED(r5, 0xffff, 0x1022, &(0x7f00000002c0), 0xc)
r9 = dup(0xffffffffffffff9c)
fcntl$setstatus(r9, 0x4, 0x4)
close(r6)
r10 = openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0x20288, 0x0)
ioctl$VT_OPENQRY(r10, 0x40047601, &(0x7f0000000340))
r11 = openat$wskbd(0xffffffffffffff9c, &(0x7f0000000380)='/dev/wskbd0\x00', 0x10000, 0x0)
writev(r11, &(0x7f0000000740)=[{&(0x7f00000003c0)="a8ae028724ca52a7d0ff8fe50d253a8cfc467c488077f1068535ff96c850764cdc4f2226d77f5cdcfeb00d8f678ef6c78bf168cec6175951b4192e33e27062868da210fc25c8351c31528678c10d79c865d5f7bbb4b7fcee229c9ac3877c4646775a5cde99668e2c103df2634699d02e33ca8466db46b989de98e5fb49de2f6a5f87f0a2e53852b0de267012f1c63f9c6b4e21be9b9aebdc7ea82d2913072ae86071ba3441f0a1ea2669d2cd8191634b891287abe85dfce50757143662bdde69acb0505b1e2991e584505ce29fc69ad54898f611c4628e5b1797b9b33160f709e42f6abd17de242e795bf552e2424e199e4eb32c65f13e735510b651c3ed", 0xfe}, {&(0x7f00000004c0)="4d8f2f39693502442e1268d8704960c3e51655ea14b28d474a88f496aaa77787addcee0460ebc37ac39ddb33380a7fc7dc3da8c5d80f6cf55f0a585b2fc4f1391db8f650dc594f6f0ba974770a5e8d07357e39ca837eb7369ab8421fa85c1d9696967ef44e72e5556ad3e784811db76e6c69aa3492106d4126c4b11511b13efdfa689aad0967b53a36558edcf7f2aabf3e5a23efec025d4e89f6d5964b53edc69b513c88", 0xa4}, {&(0x7f0000000580)="77a7dc2ff7238c59ded3f7a390336f1b5a35c2f72f040183b606c824db4a4ec3b1befe1bf98bd8fdae", 0x29}, {&(0x7f00000005c0)="aa5ae939e355e53fb121c0be3c4c091f4c0c0449b17e118886ee370df6e5590b8eea4ab206c1ff6abd91071ea669a43c0d3850c6244a699ba34b5dc69a103f826053ad830f5302c072e77b76816cfed944125a80a9c21b800400b7041929825d99d0adc551fb9d0ce226a5d581d9e2ae3996a43a43d518b03241e160e425f64b215d20f95c050ead670209063b0abda3031c2b4fb7c680c6685934596312df17f5e654f81a54009b38facefa0791924129906e0e1e4fb62c400cd93d3066c82eb2065a1ccf686938", 0xc8}, {&(0x7f00000006c0)="7f4dd03b7feb250933b0d402b7e21014b9c2be5605f4850561c6116a64ab3e6a03b33ab290091e5f7f584d9908900032344d3a6ca46b94d42d5b96ba48f929f638849e3a0900fd0ac85f5467d606f1bd2b0c5e0ba5b937e883f1dea8248fb0d7987fb01a9bfc30d5711bd88e81fc20dd90312d158d9a091e581e3980cb59", 0x7e}], 0x5)
ioctl$TIOCCDTR(r10, 0x20007478)
r12 = accept$unix(0xffffffffffffffff, &(0x7f00000007c0)=@file={0x0, ""/108}, &(0x7f0000000840)=0x6e)
recvfrom$unix(r12, &(0x7f0000000880)=""/99, 0x63, 0x0, &(0x7f0000000900)=@file={0x0, './file0\x00'}, 0xa)
pipe2(&(0x7f0000000940)={0xffffffffffffffff, <r13=>0xffffffffffffffff}, 0x4)
ioctl$BIOCLOCK(r13, 0x20004276)
socketpair(0x1, 0x5, 0x40, &(0x7f0000000980)={0xffffffffffffffff, <r14=>0xffffffffffffffff})
r15 = accept$inet(0xffffffffffffff9c, &(0x7f00000009c0), &(0x7f0000000a00)=0xc)
fcntl$dupfd(r14, 0x5, r15)

04:46:12 executing program 1:
socket(0x2, 0x3, 0x0)
socket(0x18, 0x8003, 0x0)
pipe(&(0x7f0000001280))
kqueue()
openat$vmm(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/vmm\x00', 0x0, 0x0)
openat$vmm(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/vmm\x00', 0x0, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$unix(0x1, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
kqueue()
kqueue()
getsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f0000000040), &(0x7f0000000080)=0xc)
open$dir(&(0x7f0000000bc0)='./file1\x00', 0x400000002c5, 0x0)
socket(0x1, 0x1, 0xef)
r1 = open$dir(&(0x7f0000000bc0)='./file1\x00', 0x0, 0x0)
kevent(0xffffffffffffffff, &(0x7f0000000100)=[{{r1}}], 0x0, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="82020000ff"], 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
msgget$private(0x0, 0x4)
r2 = socket(0x2, 0x3, 0x1)
mlock(&(0x7f00003e4000/0x4000)=nil, 0x4000)
connect$unix(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000696c65c12a"], 0x10)
sendto$unix(r2, &(0x7f0000000100)="749703210f6e83f8", 0x8, 0x0, 0x0, 0x0)

04:46:12 executing program 1:
r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x4000000001, 0x0)
ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000080)={'tap', 0x0})
ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f0000000180)={0x3, &(0x7f0000000000)=[{0x35}, {0x14}, {0x6, 0x0, 0x0, 0x100000100}]})
r1 = open(&(0x7f0000000000)='./bus\x00', 0x400000003fd, 0x0)
write(r1, &(0x7f0000000040)='on', 0x2)
r2 = socket$inet(0x2, 0x3, 0xb5)
ioctl$LIOCSFD(r1, 0x80046c7f, &(0x7f00000000c0)=r2)
pwrite(r0, &(0x7f0000000040)="fbaf8a8d1a029be96914f6357e3a", 0xe, 0x0, 0x0)

04:46:12 executing program 0:
r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0)
mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x0, 0x2810, r0, 0x0, 0x0)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x0, 0x10, r1, 0x0, 0x0)
stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080))

04:46:12 executing program 1:
r0 = socket(0x11, 0x4003, 0x0)
sendto$unix(r0, &(0x7f0000000340)="b100050160000000000008000701000000c60000cea1fea7fef96ecfc73fd3357af96caa0416e74f376336acf00a7804be781e4991f7c8df5f882b297be1aa5b23ed00f4c8b2ca3ebbc257699a1f132e27acb5d602000d7d026ba8af63ff37282902e4fd89720fd3872babfbb770c1f5a872c881d37d83ff7cc53c894303b22f3119404f36a00e90006ee01be657ae000000020000020000000000000071a3f800040000000000d57c55e383b40000000000000082fccd9840398b61979aaf5270367c0ae12b83d887db7fad8a3b16b323c2042ea6571c416c72f9565342428ba90b0ae69480cfb91ef2ba74bdd7719dbdd6fd23697ffabf589b8f7fcff067c1b2385bdec5c28c15a9f311a6448d604104196724c136a0df74eb682db481204251d1843e6934249530c94ea2d1abf8f5ac9c3a48874d42ccea3038e4", 0xb1, 0x18, 0x0, 0x8a)
setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0x68, &(0x7f0000000140)={{0x18, 0x3, 0xa3, 0x3}, {0x18, 0x3, 0x8, 0x7}, 0x3, [0xe2, 0x5, 0x800, 0x1ff, 0x31, 0x1ff, 0xbe, 0x3f]}, 0x3c)
r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bpf\x00', 0x4000004000000001, 0x0)
r2 = open(&(0x7f00000001c0)='./file0\x00', 0x80, 0x8)
mkdirat(r2, &(0x7f0000000200)='./file0\x00', 0x50)
ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f00000000c0)={'tap', 0x0})
pwrite(r1, &(0x7f0000000040)="fb", 0x2c0, 0x0, 0x0)
r3 = syz_open_pts()
close(r3)
ioctl$TIOCSETA(r3, 0x802c7414, &(0x7f0000000040)={0x0, 0x0, 0x5, 0x2, "33ec0600000a765e2ba40400", 0x9, 0x10000000})
writev(r3, &(0x7f0000000480)=[{&(0x7f0000000640)="b20a", 0x2}], 0x1)
r4 = dup2(r1, r3)
ioctl$WSMOUSEIO_SRES(r4, 0x80045721, &(0x7f0000000000)=0x1)

04:46:12 executing program 0:
openat$bpf(0xffffffffffffff9c, &(0x7f0000000380)='/dev/bpf\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
setuid(0x0)
mknod(&(0x7f0000000040)='./bus\x00', 0x800080002002, 0x5bcf)
open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
mknod(&(0x7f0000000240)='./file0\x00', 0x800080002002, 0x5bc9)
open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0)
select(0x40, &(0x7f0000000040), &(0x7f0000000080)={0x2}, &(0x7f0000000100)={0x103}, 0x0)

04:46:12 executing program 1:
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x20, 0x4)
setreuid(0x0, 0xffffffffffffffff)
r1 = openat$vmm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vmm\x00', 0x0, 0x0)
ioctl$VMM_IOC_WRITEREGS(r1, 0x82485608, &(0x7f0000000140)={0x1, 0x0, 0xaee6, {[0x0, 0x0, 0x0, 0x1], [], [], [0x0, 0x0, 0xfff]}})
ioctl$VMM_IOC_INTR(r1, 0x800c5606, &(0x7f0000000080)={0x7ff, 0x8000, 0x6})
write(r0, &(0x7f0000000040)='on', 0x2)
r2 = dup(0xffffffffffffff9c)
ioctl$VMM_IOC_READREGS(r2, 0xc2485607, &(0x7f00000003c0))
acct(&(0x7f0000000000)='./file0\x00')
ioctl$KDDISABIO(r0, 0x20004b3d)
sync()
r3 = syz_open_pts()
close(r3)
ioctl$TIOCSETA(r3, 0x802c7414, &(0x7f0000000040)={0x0, 0x0, 0x5, 0xffffffffffff65b0, "33ec72735f0a765e2ba400"})
writev(r3, &(0x7f0000000480)=[{&(0x7f0000000640)="b20a", 0x2}], 0x1)
r4 = socket(0x11, 0x4003, 0x0)
sendto$unix(r4, &(0x7f0000000340)="b100050160000000000008000701000000c60000cea1fea7fef96ecfc73fd3357af96caa0416e74f376336acf00a7804be781e4991f7c8df5f882b297be1aa5b23ed00f4c8b2ca3ebbc257699a1f132e27acb5d602000d7d026ba8af63ff37282902e4fd89720fd3872babfbb770c1f5a872c881d37d83ff7cc53c894303b22f3119404f36a00e90006ee01be657ae000000020000020000000000000071a3f800040000000000d57c55e383b40000000000000082fccd9840398b61979aaf5270367c0ae12b83d887db7fad8a3b16b323c2042ea6571c416c72f9565342428ba90b0ae69480cfb91ef2ba74bdd7719dbdd6fd23697ffabf589b8f7fcff067c1b2385bdec5c28c15a9f311a6448d604104196724c136a0df74eb682db481204251d1843e6934249530c94ea2d1abf8f5ac9c3a48874d42ccea3038e4", 0xb1, 0x18, 0x0, 0x8a)
r5 = accept$inet6(r4, &(0x7f0000000640), &(0x7f0000000680)=0xc)
fcntl$dupfd(r3, 0xa, r5)
open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0)
shmctl$SHM_UNLOCK(0xffffffffffffffff, 0x4)

04:46:12 executing program 0:
ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0x0, 0x800, {0x9, 0x90000000000001}})
r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bpf\x00', 0x0, 0x0)
ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000080)={'tap', 0x0})
ioctl$BIOCSETF(r0, 0x80104267, &(0x7f00000000c0)={0x3, &(0x7f0000000180)=[{0x7}, {0x10054}, {0x6}]})
syz_emit_ethernet(0x253, &(0x7f0000000000)="b6")
r1 = open(&(0x7f0000000000)='./bus\x00', 0x400000003fd, 0x0)
write(r1, &(0x7f0000000040)='on', 0x2)
ioctl$VT_GETMODE(r1, 0x40087603, &(0x7f0000000100))
ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, &(0x7f00000000c0)={0x0, 0x0, 0xffffffffffffffff, 0x0, "00000000000000000000f2ffffffffffffff4000"})
connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c)
ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000080)={0x0, 0x0, 0x90d2, 0x0, "d730c1e7bb6fc6e23c5b00000000000000e74de4"})
connect$unix(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB=','], 0x1)
ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0x0, "010000000000000000ffffff7f00"})
r2 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bpf\x00', 0x0, 0x0)
ioctl$BIOCSETF(r2, 0x80104267, &(0x7f0000000300)={0x3, &(0x7f0000000040)=[{}, {0x54}, {0x80000006}]})
ioctl$BIOCSETIF(r2, 0x8020426c, &(0x7f0000000480)={'tap', 0x0})
ioctl$BIOCGDIRFILT(r2, 0x4004427c, &(0x7f00000001c0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
socket(0x18, 0x1, 0x0)
socket$inet6(0x18, 0x8001, 0x5)
setsockopt(r1, 0x29, 0xc, &(0x7f0000000240)="878dcbff13b9fd812eaa4e713048e69931929648", 0xfffffffffffffe69)
r3 = socket(0x18, 0x1, 0x0)
close(r3)
r4 = socket(0x18, 0x2, 0x0)
close(r4)
socket(0x400000000018, 0x3, 0x3a)
setsockopt(r4, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14)
connect$unix(r3, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c)
r5 = syz_open_pts()
close(r5)
ioctl$TIOCSETA(r5, 0x802c7414, &(0x7f0000000040)={0x0, 0x0, 0x5, 0xffffffffffff65b0, "33ec72735f0a765e2ba400"})
writev(r5, &(0x7f0000000480)=[{&(0x7f0000000640)="b20a", 0x2}], 0x1)
fcntl$dupfd(r5, 0x0, r2)
write(r4, &(0x7f0000000040)="100a2956b9223776", 0x21d)

04:46:12 executing program 0:
ioctl$VMM_IOC_WRITEREGS(0xffffffffffffffff, 0x82485608, &(0x7f0000000240)={0x0, 0x0, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff], [0x0, 0x0, 0x0, 0x9, 0xfffdffffffffffff], [0x0, 0x0, 0x482], [{}, {}, {0x2}]}})
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000300)={'tap', 0x0})
r0 = syz_open_pts()
close(r0)
ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000040)={0x0, 0x0, 0x5, 0xffffffffffff65b0, "33ec72735f0a765e2ba400"})
writev(r0, &(0x7f0000000480)=[{&(0x7f0000000640)="b20a", 0x2}], 0x1)
r1 = dup2(r0, 0xffffffffffffff9c)
ioctl$BIOCGDIRFILT(r1, 0x4004427c, &(0x7f0000000000))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket(0x18, 0x2, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TIOCFLUSH(r3, 0x8080691a, &(0x7f0000000300))
openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0)

04:46:12 executing program 1:
mknod(&(0x7f0000000040)='./bus\x00', 0x2080002002, 0x40004000000028ad)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x400000003fd, 0x0)
write(r0, &(0x7f0000000040)='on', 0x2)
unlinkat(r0, &(0x7f0000000080)='./bus\x00', 0x8)
connect(0xffffffffffffff9c, &(0x7f0000000000)=@un=@abs={0x1, 0x0, 0x1}, 0x8)
open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0)
kevent(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x3, 0x7ffffffe})
r1 = kqueue()
kevent(r1, &(0x7f0000000100), 0x6, 0x0, 0x40000009d1, &(0x7f0000000140)={0x3, 0x7ffffffe})
r2 = syz_open_pts()
close(r2)
ioctl$TIOCSETA(r2, 0x802c7414, &(0x7f0000000040)={0x0, 0x0, 0x5, 0xffffffffffff65b0, "33ec72735f0a765e2ba400"})
writev(r2, &(0x7f0000000480)=[{&(0x7f0000000640)="b20a", 0x2}], 0x1)
dup(r2)

login: panic: receive 1a: so 0xfffffd806f6e5640, so_type 3, m 0xfffffd806f17ea00, m_type 0

Stopped at      db_enter+0x18:  addq    $0x8,%rsp

    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND

 107199  44934      0         0x2  0x4000000    0  syz-fuzzer

*127805  28072      0           0          0    1K dhclient

db_enter() at db_enter+0x18

panic(ffffffff821c0db8) at panic+0x15c

soreceive(fffffd806f6e5640,0,ffff800020abcfe8,0,0,ffff800020abcef4) at soreceive+0x174a

soo_read(fffffd807a7fb2f8,ffff800020abcfe8,0) at soo_read+0x53

dofilereadv(ffff800020a7c4e8,6,ffff800020abcfe8,0,ffff800020abd0d0) at dofilereadv+0x1a1

sys_read(ffff800020a7c4e8,ffff800020abd080,ffff800020abd0d0) at sys_read+0x83

syscall(ffff800020abd150) at syscall+0x4a4

Xsyscall() at Xsyscall+0x128

end of kernel

end trace frame: 0x7f7ffffda750, count: 7

https://www.openbsd.org/ddb.html describes the minimum info required in bug

reports.  Insufficient info makes it difficult to find and fix bugs.

ddb{1}> 

ddb{1}> set $lines = 0

ddb{1}> set $maxwidth = 0

ddb{1}> show panic

receive 1a: so 0xfffffd806f6e5640, so_type 3, m 0xfffffd806f17ea00, m_type 0

ddb{1}> trace

db_enter() at db_enter+0x18

panic(ffffffff821c0db8) at panic+0x15c

soreceive(fffffd806f6e5640,0,ffff800020abcfe8,0,0,ffff800020abcef4) at soreceive+0x174a

soo_read(fffffd807a7fb2f8,ffff800020abcfe8,0) at soo_read+0x53

dofilereadv(ffff800020a7c4e8,6,ffff800020abcfe8,0,ffff800020abd0d0) at dofilereadv+0x1a1

sys_read(ffff800020a7c4e8,ffff800020abd080,ffff800020abd0d0) at sys_read+0x83

syscall(ffff800020abd150) at syscall+0x4a4

Xsyscall() at Xsyscall+0x128

end of kernel

end trace frame: 0x7f7ffffda750, count: -8

ddb{1}> show registers

rdi                                0

rsi                              0x1

rbp               0xffff800020abcd30

rbx               0xffff800020abcde0

rdx               0xffff800020a7c4e8

rcx                                0

rax                                0

r8                0xffffffff81b395df    kprintf+0x16f

r9                               0x1

r10                             0x25

r11                0x6a2f28eff33e8f5

r12                     0x3000000008

r13               0xffff800020abcd40

r14                            0x100

r15                              0x1

rip               0xffffffff8177a798    db_enter+0x18

cs                               0x8

rflags                         0x246

rsp               0xffff800020abcd20

ss                              0x10

db_enter+0x18:  addq    $0x8,%rsp

ddb{1}> show proc

PROC (dhclient) pid=127805 stat=onproc

    flags process=0 proc=0

    pri=50, usrpri=50, nice=20

    forw=0xffffffffffffffff, list=0xffff800020a7d118,0xffff800020a7c768

    process=0xffff800020a90b50 user=0xffff800020ab8000, vmspace=0xfffffd807efff2e0

    estcpu=0, cpticks=1, pctcpu=0.1

    user=0, sys=0, intr=0

ddb{1}> ps

   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND

 56362  139951  98611      0  2           0                syz-executor.1

 56362  181635  98611      0  3   0x4000080  fsleep        syz-executor.1

 84357  244672      0      0  3     0x14200  acct          acct

 98611  341097  44934      0  3        0x82  nanosleep     syz-executor.1

  3148  234838  44934      0  3         0x2  biowait       syz-executor.0

 44934  103459  70688      0  3        0x82  thrsleep      syz-fuzzer

 44934  132452  70688      0  3   0x4000082  nanosleep     syz-fuzzer

 44934   23277  70688      0  3   0x4000082  thrsleep      syz-fuzzer

 44934  180589  70688      0  3   0x4000082  kqread        syz-fuzzer

 44934  107199  70688      0  7   0x4000002                syz-fuzzer

 44934    1927  70688      0  3   0x4000082  thrsleep      syz-fuzzer

 44934  268128  70688      0  3   0x4000082  thrsleep      syz-fuzzer

 44934  495357  70688      0  3   0x4000082  thrsleep      syz-fuzzer

 44934  492049  70688      0  3   0x4000082  thrsleep      syz-fuzzer

 44934  134822  70688      0  3   0x4000082  thrsleep      syz-fuzzer

 70688   29952  27888      0  3    0x10008a  pause         ksh

 27888  414276  26240      0  3        0x92  select        sshd

 95349   55307      1      0  3    0x100083  ttyin         getty

 26240  130649      1      0  3        0x80  select        sshd

  9785  163041  60906     74  3    0x100092  bpf           pflogd

 60906  386131      1      0  3        0x80  netio         pflogd

 60681  246051  37293     73  3    0x100090  kqread        syslogd

 37293  402511      1      0  3    0x100082  netio         syslogd

 81693  117770      1     77  3    0x100090  poll          dhclient

*28072  127805      1      0  7           0                dhclient

 60395  465767      0      0  3     0x14200  pgzero        zerothread

 42816  443441      0      0  3     0x14200  aiodoned      aiodoned

 77331  187003      0      0  3     0x14200  syncer        update

 98505  189286      0      0  3     0x14200  cleaner       cleaner

 23550  295665      0      0  3     0x14200  reaper        reaper

 96121  423405      0      0  3     0x14200  pgdaemon      pagedaemon

 39678   12739      0      0  3     0x14200  bored         crynlk

 83786  246523      0      0  3     0x14200  bored         crypto

  7266  386104      0      0  3  0x40014200  acpi0         acpi0

 66495   86033      0      0  3  0x40014200                idle1

 73494  361898      0      0  3     0x14200  bored         softnet

 16341  170178      0      0  3     0x14200  bored         systqmp

 44318  488579      0      0  3     0x14200  bored         systq

 85411  518551      0      0  3  0x40014200  bored         softclock

 42711  432975      0      0  3  0x40014200                idle0

 24585  274529      0      0  3     0x14200  bored         smr

     1  186001      0      0  3        0x82  wait          init

     0       0     -1      0  3     0x10200  scheduler     swapper

ddb{1}> show all locks

Process 3148 (syz-executor.0) thread 0xffff800020a7dd48 (234838)

exclusive rrwlock inode r = 0 (0xfffffd8066535f80)

#0  witness_lock+0x52e

#1  rw_enter+0x453

#2  rrw_enter+0x88

#3  VOP_LOCK+0xf9

#4  vn_lock+0x81

#5  vget+0x1c8

#6  ufs_ihashget+0x141

#7  ffs_vget+0x74

#8  ufs_lookup+0x14b7

#9  VOP_LOOKUP+0x5b

#10 vfs_lookup+0x7a6

#11 namei+0x63c

#12 dounlinkat+0x99

#13 syscall+0x4a4

#14 Xsyscall+0x128

exclusive rrwlock inode r = 0 (0xfffffd806b45a098)

#0  witness_lock+0x52e

#1  rw_enter+0x453

#2  rrw_enter+0x88

#3  VOP_LOCK+0xf9

#4  vn_lock+0x81

#5  vfs_lookup+0xe6

#6  namei+0x63c

#7  dounlinkat+0x99

#8  syscall+0x4a4

#9  Xsyscall+0x128

Process 28072 (dhclient) thread 0xffff800020a7c4e8 (127805)

exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8264b5f8)

#0  witness_lock+0x52e

#1  solock+0x66

#2  soreceive+0x114

#3  soo_read+0x53

#4  dofilereadv+0x1a1

#5  sys_read+0x83

#6  syscall+0x4a4

#7  Xsyscall+0x128

ddb{1}> show malloc

           Type InUse  MemUse  HighUse   Limit  Requests Type Lim

         devbuf  9492   6594K    6594K  78643K     10603        0

            pcb    13      8K       8K  78643K        28        0

         rtable   105      3K       3K  78643K       205        0

         ifaddr    49     11K      11K  78643K        52        0

       counters    45     34K      34K  78643K        45        0

       ioctlops     0      0K       4K  78643K      1471        0

          mount     1      1K       1K  78643K         1        0

         vnodes  1219     77K      77K  78643K      1232        0

      UFS quota     1     32K      32K  78643K         1        0

      UFS mount     5     36K      36K  78643K         5        0

            shm     2      1K       1K  78643K         2        0

         VM map     2      1K       1K  78643K         2        0

            sem     2      0K       0K  78643K         2        0

        dirhash    12      2K       2K  78643K        12        0

           ACPI  1809    196K     290K  78643K     12766        0

      file desc     5     13K      25K  78643K        45        0

           proc    59     63K      95K  78643K       438        0

        subproc    32      2K       2K  78643K        34        0

    NFS srvsock     1      0K       0K  78643K         1        0

     NFS daemon     1     16K      16K  78643K         1        0

       in_multi    33      2K       2K  78643K        33        0

    ether_multi     1      0K       0K  78643K         1        0

    ISOFS mount     1     32K      32K  78643K         1        0

  MSDOSFS mount     1     16K      16K  78643K         1        0

           ttys    43    201K     201K  78643K        43        0

           exec     0      0K       1K  78643K       207        0

        pagedep     1      8K       8K  78643K         1        0

       inodedep     1     32K      32K  78643K         1        0

         newblk     1      0K       0K  78643K         1        0

        VM swap     7     26K      26K  78643K         7        0

       UVM amap   105     21K      22K  78643K      1063        0

       UVM aobj     2      2K       2K  78643K         2        0

        memdesc     1      4K       4K  78643K         1        0

    crypto data     1      1K       1K  78643K         1        0

    ip6_options     0      0K       0K  78643K         4        0

            NDP     7      0K       0K  78643K        11        0

           temp    76   3009K    3073K  78643K      2120        0

         kqueue     3      4K       4K  78643K         3        0

      SYN cache     2     16K      16K  78643K         2        0

ddb{1}> show all pools

Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle

arp         64        6    0        0     1     0     1     1     0     8    0

plcache    128       20    0        0     1     0     1     1     0     8    0

rtpcb       80       23    0       21     1     0     1     1     0     8    0

rtentry    112       45    0        1     2     0     2     2     0     8    0

unpcb      120       45    0       35     1     0     1     1     0     8    0

syncache   264        4    0        4     1     1     0     1     0     8    0

tcpqe       32      348    0      348     1     0     1     1     0     8    1

tcpcb      544       14    0       10     1     0     1     1     0     8    0

inpcb      280       57    0       50     2     0     2     2     0     8    1

nd6         48        4    0        0     1     0     1     1     0     8    0

pfosfp      40      846    0      423     5     0     5     5     0     8    0

pfosfpen   112     1428    0      714    21     0    21    21     0     8    0

pfstitem    24       12    0        0     1     0     1     1     0     8    0

pfstkey    112       12    0        0     1     0     1     1     0     8    0

pfstate    328       12    0        0     1     0     1     1     0     8    0

pfrule     1360      21    0       16     2     1     1     2     0     8    0

art_heap8  4096       1    0        0     1     0     1     1     0     8    0

art_heap4  256      213    0        0    14     0    14    14     0     8    0

art_table   32      214    0        0     2     0     2     2     0     8    0

art_node    16       44    0        4     1     0     1     1     0     8    0

dirhash    1024      17    0        0     3     0     3     3     0     8    0

dino1pl    128     1449    0       39    46     0    46    46     0     8    0

ffsino     272     1449    0       39    95     0    95    95     0     8    0

nchpl      144     1699    0       81    61     0    61    61     0     8    0

uvmvnodes   72     1502    0        0    28     0    28    28     0     8    0

vnodes     208     1502    0        0    80     0    80    80     0     8    0

namei      1024    4403    0     4403     1     0     1     1     0     8    1

percpumem   16       33    0        0     1     0     1     1     0     8    0

scxspl     192     5088    0     5087     8     1     7     7     0     8    6

plimitpl   152       15    0        7     1     0     1     1     0     8    0

sigapl     432      244    0      229     3     0     3     3     0     8    1

futexpl     56      308    0      307     1     0     1     1     0     8    0

knotepl    112       53    0       34     1     0     1     1     0     8    0

kqueuepl   104        8    0        6     1     0     1     1     0     8    0

pipelkpl    48       82    0       72     1     0     1     1     0     8    0

pipepl     120      164    0      145     1     0     1     1     0     8    0

fdescpl    496      245    0      229     3     0     3     3     0     8    0

filepl     152     1329    0     1228     6     0     6     6     0     8    1

lockfpl    104       14    0       12     1     0     1     1     0     8    0

lockfspl    48        7    0        5     1     0     1     1     0     8    0

sessionpl  112       18    0        7     1     0     1     1     0     8    0

pgrppl      48       18    0        7     1     0     1     1     0     8    0

ucredpl     96       69    0       60     1     0     1     1     0     8    0

zombiepl   144      229    0      229     1     0     1     1     0     8    1

processpl  960      261    0      229     5     0     5     5     0     8    0

procpl     624      300    0      258     4     0     4     4     0     8    0

sockpl     400      125    0      106     4     0     4     4     0     8    2

mcl4k      4096       3    0        0     1     0     1     1     0     8    0

mcl2k      2048     168    0        0    20     0    20    20     0     8    0

mtagpl      80        3    0        0     1     0     1     1     0     8    0

mbufpl     256      195    0        0    12     0    12    12     0     8    0

bufpl      280     4137    0      193   282     0   282   282     0     8    0

anonpl      16    38526    0    23090    64     1    63    63     0   125    0

amapchunkpl 152    1223    0     1085     8     0     8     8     0   158    1

amappl16   192      963    0      129    43     1    42    42     0     8    0

amappl15   184       69    0       63     1     0     1     1     0     8    0

amappl14   176       31    0       28     1     0     1     1     0     8    0

amappl12   160       10    0        8     2     1     1     1     0     8    0

amappl11   152       57    0       42     1     0     1     1     0     8    0

amappl10   144       13    0        7     1     0     1     1     0     8    0

amappl9    136      599    0      596     1     0     1     1     0     8    0

amappl8    128      121    0       99     1     0     1     1     0     8    0

amappl7    120      103    0       91     1     0     1     1     0     8    0

amappl6    112       62    0       54     1     0     1     1     0     8    0

amappl5    104      140    0      125     1     0     1     1     0     8    0

amappl4     96      495    0      465     1     0     1     1     0     8    0

amappl3     88      119    0      110     1     0     1     1     0     8    0

amappl2     80     1062    0      986     3     1     2     3     0     8    0

amappl1     72    15592    0    15137    25     8    17    21     0     8    6

amappl      80      549    0      505     2     0     2     2     0    84    0

dma4096    4096       1    0        1     1     1     0     1     0     8    0

dma256     256        6    0        6     1     1     0     1     0     8    0

dma128     128      253    0      253     1     1     0     1     0     8    0

dma64       64        6    0        6     1     1     0     1     0     8    0

dma32       32        7    0        7     1     1     0     1     0     8    0

dma16       16       18    0       17     1     0     1     1     0     8    0

aobjpl      64        1    0        0     1     0     1     1     0     8    0

uaddrrnd    24      245    0      229     1     0     1     1     0     8    0

uaddrbest   32        2    0        0     1     0     1     1     0     8    0

uaddr       24      245    0      229     1     0     1     1     0     8    0

vmmpekpl   168     5930    0     5896     2     0     2     2     0     8    0

vmmpepl    168    37575    0    35562   120     2   118   118     0   357   26

vmsppl     368      244    0      229     2     0     2     2     0     8    0

pdppl      4096     497    0      458     6     0     6     6     0     8    0

pvpl        32   133020    0   114456   155     0   155   155     0   265    4

pmappl     232      244    0      229     2     0     2     2     0     8    1

extentpl    40       46    0       29     1     0     1     1     0     8    0

phpool     112      168    0        3     5     0     5     5     0     8    0