kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Sat Feb 15 10:32:28 PST 2020 OpenBSD/amd64 (ci-openbsd-multicore-6.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.15.208' (ECDSA) to the list of known hosts. 2020/02/15 10:32:42 fuzzer started 2020/02/15 10:32:47 dialing manager at 10.128.15.235:23934 2020/02/15 10:32:47 syscalls: 337 2020/02/15 10:32:47 code coverage: enabled 2020/02/15 10:32:47 comparison tracing: enabled 2020/02/15 10:32:47 extra coverage: support is not implemented in syzkaller 2020/02/15 10:32:47 setuid sandbox: enabled 2020/02/15 10:32:47 namespace sandbox: support is not implemented in syzkaller 2020/02/15 10:32:47 Android sandbox: support is not implemented in syzkaller 2020/02/15 10:32:47 fault injection: support is not implemented in syzkaller 2020/02/15 10:32:47 leak checking: support is not implemented in syzkaller 2020/02/15 10:32:47 net packet injection: enabled 2020/02/15 10:32:47 net device setup: support is not implemented in syzkaller 2020/02/15 10:32:47 concurrency sanitizer: support is not implemented in syzkaller 2020/02/15 10:32:47 devlink PCI setup: support is not implemented in syzkaller 10:32:52 executing program 0: r0 = openat$klog(0xffffffffffffff9c, &(0x7f0000000000)='/dev/klog\x00', 0x40, 0x0) lseek(r0, 0x0, 0x2, 0x2) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x1, 0x0) ioctl$TIOCCDTR(r1, 0x20007478) r2 = getpid() ktrace(&(0x7f0000000080)='./file0\x00', 0x4, 0x40001a0a, r2) r3 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c) symlinkat(&(0x7f00000000c0)='./file0\x00', r3, &(0x7f0000000100)='./file0\x00') r4 = dup2(r3, 0xffffffffffffffff) ioctl$TIOCSTART(r4, 0x2000746e) ioctl$VMM_IOC_CREATE(r3, 0xc5005601, &(0x7f0000000140)={0x10, 0x7fff, 0x4, 0x2, [{&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x7fff}, {&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x7f}, {&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x7000)=nil, 0x401}, {&(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7fffffff}, {&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, 0xfffffffffffffff8}, {&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff6000/0x8000)=nil, 0xf700}, {&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x1}, {&(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil}, {&(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ff7000/0x2000)=nil, 0x6a9}, {&(0x7f0000fef000/0x11000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0xfff}, {&(0x7f0000ff2000/0x4000)=nil, &(0x7f0000c00000/0x400000)=nil, 0x40}, {&(0x7f0000ff2000/0x4000)=nil, &(0x7f0000ce1000/0x4000)=nil}, {&(0x7f0000d22000/0x2000)=nil, &(0x7f0000ca9000/0x4000)=nil, 0x10001}, {&(0x7f0000c9c000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x8001}, {&(0x7f0000da6000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x401}, {&(0x7f0000f7e000/0x1000)=nil, &(0x7f0000c20000/0x1000)=nil}], ['./file0\x00', './file0\x00', './file0\x00', './file0\x00'], './file0/file0\x00', './file0\x00', './file0\x00', ['./file', './file', './file', './file'], 0x7fff}) ioctl$VT_GETACTIVE(r1, 0x40047607, &(0x7f0000000640)) ioctl$WSDISPLAYIO_DELFONT(r1, 0x8058574f, &(0x7f0000000680)={'./file0\x00', 0x0, 0x40, 0x7, 0x0, 0x2, 0xfffffffe, 0xffff, 0x2, 0x2, 0x4, 0x9}) acct(&(0x7f0000000700)='./file0/file0\x00') r5 = dup(0xffffffffffffffff) ioctl$TIOCCLRVERAUTH(r5, 0x2000741d) ioctl$WSDISPLAYIO_USEFONT(r1, 0x80585750, &(0x7f0000000740)={'./file0/file0\x00', 0x9, 0x6, 0x41198d7a, 0x0, 0xfffffc00, 0x3, 0x5, 0x2, 0x1, 0x200, 0x6}) ioctl$BIOCSETIF(r3, 0x8020426c, &(0x7f00000007c0)={'tap', 0x0}) r6 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000800)='/dev/ttyCcfg\x00', 0x40, 0x0) ioctl$WSMUXIO_REMOVE_DEVICE(r6, 0x80085762, &(0x7f0000000840)={0x2, 0x40}) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername$unix(r7, &(0x7f00000008c0)=@file={0x0, ""/108}, &(0x7f0000000940)=0x6e) ioctl$PCIOCWRITE(r3, 0xc0107003, &(0x7f0000000980)={{0x7f, 0xfe, 0xfc}, 0x0, 0x1, 0x9}) r8 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TIOCNOTTY(r8, 0x20007471) r9 = open(&(0x7f00000009c0)='./file0\x00', 0x2, 0x88) ioctl$KDDISABIO(r9, 0x20004b3d) connect$unix(r8, &(0x7f0000000a00)=@abs={0x0, 0x0, 0x3}, 0x8) r10 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000a40)='/dev/bpf\x00', 0x400, 0x0) ioctl$BIOCSETWF(r10, 0x80104277, &(0x7f0000000ac0)={0x8, &(0x7f0000000a80)=[{0x0, 0x5, 0x1f}, {0xebe, 0x7, 0xa4, 0x3}, {0x0, 0x40, 0x9, 0xff}, {0x6, 0x0, 0x6}, {0xe5b3, 0x0, 0x0, 0x86}, {0x3, 0x3, 0x1, 0x8000}, {0x8, 0x4e, 0x4}, {0x7, 0x81, 0x6, 0x80000000}]}) 10:32:52 executing program 1: r0 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000000)) r1 = accept$inet6(r0, &(0x7f0000000040), &(0x7f0000000080)=0xc) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = accept(r2, 0x0, &(0x7f0000000100)) getsockopt$sock_int(r4, 0xffff, 0x200, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$WSDISPLAYIO_LDFONT(0xffffffffffffffff, 0x8058574d, &(0x7f00000001c0)={'./file0\x00', 0x672, 0x9, 0x20, 0x1, 0xfc, 0xc9, 0x64, 0xef327dca657f97f2, 0x1, 0xc1e, 0x3}) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x80, 0x0) setsockopt(r5, 0x7f, 0xde, &(0x7f0000000280)="92a8ad3edc2799f33c9fa50f661fee6328ded9c15d068ebb01f68725d2814ab9622ceb4090b698641f854aa8695cbd259e6a48723e9c8b9308cbb6f8d9cc0ca43332b2c67418e7a38696c04509facefdf11af5ee62145289b7911b4541063c67f83b908fc9bf4bda1d32fadf1014702304639249225b7a99eedadcb39e9b8d0a359f5fc4abb996992342378197c046c5273c3abde7bae36be569cfb884e9317ccf6d655cca1793aa465ad315ca2a413831e8bb9a7f0efb4a985dcbea44d3", 0xbe) pipe2(&(0x7f0000000340)={0xffffffffffffffff}, 0x10004) ioctl$WSDISPLAYIO_LDFONT(r6, 0x8058574d, &(0x7f0000000380)={'./file0\x00', 0x22, 0x8, 0x4, 0x0, 0x3, 0x3, 0x6, 0x1, 0x0, 0x185df927, 0x100000001}) connect$unix(r3, &(0x7f0000000400)=@file={0x0, './file1\x00'}, 0xa) getsockname(r0, &(0x7f0000000440)=@un=@abs, &(0x7f0000000480)=0x8) shutdown(0xffffffffffffffff, 0x1) ioctl$VT_ACTIVATE(r5, 0x20007605, &(0x7f00000004c0)=0x80000001) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_linger(r7, 0xffff, 0x80, &(0x7f0000000540), &(0x7f0000000580)=0x8) r9 = openat$diskmap(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/diskmap\x00', 0x20, 0x0) fcntl$setstatus(r9, 0x4, 0x80) r10 = fcntl$dupfd(r1, 0xa, 0xffffffffffffff9c) ioctl$BIOCVERSION(r10, 0x40044271, &(0x7f0000000600)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt(r11, 0x1, 0x3457ad6d, &(0x7f0000000680)="196d55da244095690c15170dcb879e5bb528eca607bf71ec725205a8e56cee0554175104abc22063cd719abc42118ca9e7bc987df41e9054a289bc25aa73165c1f7293dda3ce2662d54043a294099ca6e9952199d983e16dbab0e3fd9eb4d831e5a49f1cd92d4e749bf49079149c38cf717411934600cd028746a77121d5801a9608d4c4e1386810ed95391f6dcb5ba14887b7db686ab2fd0e7c215664c3c10c63dbc4fc0dd4edb803b917814e72258869f392e11bfc0197b28d5ff6039ac13e5d164def84ef0c6f3ddfeec170601b2205fd0a22a880112d1d", 0xd9) ioctl$TIOCMSET(r10, 0x8004746d, &(0x7f0000000780)=0x6) write(r8, &(0x7f00000007c0)="362da0ec6dfb452a737ceec3298fe56522f27c81ea15e62407ffa6868b812a2d97e2143b52cc3e3584cb2168a0c45da2e49cbb64539e435001b5319de0c61767ce16688775090f55698629eb34aa", 0x4e) pipe2(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}, 0x10004) ioctl$BIOCPROMISC(r12, 0x20004269) getsockopt$SO_PEERCRED(r4, 0xffff, 0x1022, &(0x7f0000000880), 0xc) getsockname$unix(r8, &(0x7f00000008c0)=@file={0x0, ""/4096}, &(0x7f0000001900)=0x1002) r14 = openat$wskbd(0xffffffffffffff9c, &(0x7f0000001940)='/dev/wskbd0\x00', 0x220, 0x0) r15 = openat(r12, &(0x7f0000001980)='./file1\x00', 0x611, 0x10) r16 = openat$bpf(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/bpf\x00', 0x0, 0x0) r17 = accept(0xffffffffffffffff, &(0x7f0000001a00)=@un=@abs, &(0x7f0000001a40)=0x8) r18 = open$dir(&(0x7f0000001b40)='./file1/file0\x00', 0xa, 0x25) r19 = socket$inet6(0x18, 0x2, 0x2f) r20 = openat$null(0xffffffffffffff9c, &(0x7f0000001b80)='/dev/null\x00', 0x88, 0x0) r21 = kqueue() r22 = kqueue() kevent(0xffffffffffffff9c, &(0x7f0000001a80)=[{{r14}, 0xffffffffffffffff, 0xc5, 0x1, 0x1, 0x81}, {{r13}, 0xfffffffffffffff9, 0xc, 0x10, 0xfffffffffffffc01, 0xffffffffffffff7f}, {{r15}, 0xfffffffffffffff8, 0x6, 0x80000000, 0xd05a, 0x5}, {{r16}, 0xfffffffffffffffc, 0xe0, 0x4, 0x2, 0x100000000}, {{r17}, 0xfffffffffffffffb, 0x8, 0x40, 0x8, 0xc93e}], 0x9, &(0x7f0000001bc0)=[{{r18}, 0xfffffffffffffff9, 0x22, 0x8, 0x3, 0x2}, {{r19}, 0xfffffffffffffffe, 0x0, 0x20, 0x9, 0x3}, {{r20}, 0xfffffffffffffff9, 0x10, 0x4, 0x4, 0xfa6}, {{r21}, 0xfffffffffffffff8, 0x32, 0x40, 0x40}, {{r22}, 0xfffffffffffffffc, 0x91, 0x10, 0x3f, 0x5}], 0x7, &(0x7f0000001c80)={0x1, 0x101}) 10:32:53 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) r1 = socket(0x2, 0xc003, 0x0) connect$unix(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="8202adfdffffffffff070000169d710a955984c87910bf0902d60f5d00287ead4bcb775ca69dfceac2a84e6abca64896819f507d000000000000d2c549a86488f376fa072951b15801360bcd4c0a162b58fd4237b8fa4d012ae447473c220495aaee48c02f6ac41e6bf3bf554799000000ed52beb85a85f8b2fd57d60f13ad30505eaf5300a4aeef9d612f871f4385f041d76c5f9286c545795ea4a5c5fe659fa202361cd8cac7ecbc5b65c6593d28708418ac1b00000000029cc4c83908ddba44fb4b75550000000000000000000000df28d208000000000000006b47b8d7da4333ac0f994166518bed2e1977bdfd5e5ea1b1009e5a319d54401c8b0fb636710000d2df0ac87e0d7b6524240cf97d7f126da536ef612e9e3b79f7424082bec304ee9a498252abb7cc8e0cd938965d10374c4fea0ee6f28c35bb0edb267ae65c7d44a95bac417e2ab04fd8a9d8e58015f55d09000000cd1460e79918a04434c929b34b0087cf25dd9e1e49f931a4193897b0a30000cbf637786819bf7e26863a111574bd1b6d85eac8a829bf8aa02ae50c83910a9f37f502de8d7ff9f49d884ee2cf3725b1a0581adf2ea95d000000000000f145c4e68bfa8bfc788c2c9ce08a146eb899f51da0ff82a27e42cfc93123b8284efea431c9dc2a8bcc719fe6682881ea2fd58ed735230fb7146a26ab3d3f3708e2028f36d56bf5f227030446137813494af280cccf9136647507bbb35733c133b192061618696b2d44cf727921461f8c0221a54996026fe13c9e7621a6ea47bedb000bc041c7a2994659cc1c56ea6cfc91a379c27f1dee06b8e5c9c1993edc4c0a07948935ddb70ec1b24b761c1b9ee901efb25c669f55e59c4e05087d3839a74b952574fef0a109907f10950cb1bb90ebe58d6f818bdf400937cc88129821f8671feb7cb1355ff3729d0000000000000000000000000000000000000000000000000000000000000087252206726b8d0256228e830deb122a8883c2069553b66d30684e3120126cd415937c35f004449ccf8bebafa1ecfa27054a89fc23e437b08d041b2a0d2eb6acd7776fb95d8038763ae73e7e35978ffe07d44d513cfcfa36e4c1215c"], 0x10) dup2(r1, r0) r2 = dup(r0) sendmsg(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}, 0x0) 10:32:53 executing program 0: r0 = socket(0x2, 0x3, 0x0) r1 = socket(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0xffff, 0x20, &(0x7f0000000000)=0x7fff, 0x4) connect$unix(r1, &(0x7f0000000040)=ANY=[], 0x0) r2 = dup2(r1, r0) r3 = open$dir(&(0x7f0000001240)='./file0\x00', 0x40000400000002c2, 0x0) getpeername$unix(0xffffffffffffff9c, &(0x7f0000000040)=@abs, &(0x7f0000000080)=0x8) pread(r3, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x2010, 0xffffffffffffff9c, 0x0, 0x8) r4 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x111) renameat(r3, &(0x7f0000000440)='./file0\x00', r4, &(0x7f00000004c0)='./file0\x00') write(r0, 0x0, 0x0) ioctl$KDSETLED(r2, 0x20004b42, &(0x7f0000000500)) 10:32:53 executing program 1: connect$unix(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="820201f0ffffffff"], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x2, 0x3, 0x0) bind(r0, &(0x7f0000000000)=@un=@abs={0x0, 0xd}, 0x10) r1 = socket(0x18, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="2809962c1446ac418fe2d80e00b47f000000ffff00000100000000000000a852bd3b84bf64cfa4bff6bc5cb6036f058f5d37f6f8d119c35e3117cd002dc75f849d398fb5cb7e8a47b7a81c424d017289dbd3c45a9f6093d03776ae698f1b9a64c5457f4d73ded5607c6d8639c948e9a929689cb4782a6194ee63f9bbdbbf48f2d87186b0349c7e695a0bcd4e990f3f7656933c564eb9c565df15", @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r2, @ANYRESOCT, @ANYRES32=r3], 0xc5}, 0x0) write(r3, 0x0, 0x0) r4 = fcntl$dupfd(r1, 0x0, r3) ioctl$TIOCFLUSH(r4, 0x8080691a, &(0x7f0000000300)) r5 = accept$inet6(r4, &(0x7f0000000040), &(0x7f0000000080)=0xc) r6 = socket(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="28000000ffff00000100000000000000", @ANYRES32=r8, @ANYRES32=r8, @ANYRES32=r8, @ANYRES32=r7, @ANYRES32=r8, @ANYRES32=r8], 0x28}, 0x0) write(r8, 0x0, 0x0) r9 = dup(r8) pipe(&(0x7f0000000200)) ftruncate(r9, 0x0, 0x8) dup2(r0, r6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r11, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYRESHEX=r5, @ANYRES32=r11, @ANYRES32=r11, @ANYRES32=r11, @ANYRES32=r10, @ANYRES32=r11, @ANYRES32=r11], 0x2a}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r13, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="28000000ffff00000100000000000000e2eedd197742b82e533a602258cad5099ed35e80433748f49f958c9d30f8633ee675ac32047b304769943f9ac237efb2bb82f6febbce55800e77a8598f3abee316cb81f1e054727ca239c6000bd5aa70c293d4", @ANYRES32=r13, @ANYRES32=r13, @ANYRES32=r13, @ANYRES32=r12, @ANYRES32=r13, @ANYRES32=r13], 0x28}, 0x0) write(r13, 0x0, 0x0) connect$unix(r6, &(0x7f0000000140)=ANY=[@ANYRES32=r13], 0x1) accept$unix(r1, &(0x7f00000000c0)=@abs, &(0x7f0000000100)=0x8) sendmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x22a, 0x0, 0xb9, 0x0, 0x6}, 0x0) ioctl$WSDISPLAYIO_DELSCREEN(r4, 0x80085754, &(0x7f00000001c0)={0x8, 0x5}) 10:32:53 executing program 1: r0 = open(&(0x7f0000000040)='./file0\x00', 0x80, 0xa) ioctl$VMM_IOC_RUN(r0, 0xc0205602, &(0x7f0000000100)={0x0, 0xe314, 0x5, 0x4, &(0x7f0000000240)={{0x4, 0x2, 0x26, 0x40, 0x7, 0x7, 0x6}, {[0x3, 0x20, 0x0, 0x5, 0xfff, 0x0, 0x0, 0x3, 0x9, 0x1540, 0x75, 0x7, 0x2, 0x400, 0x800, 0x0, 0x80000001, 0x401], [0x3ff, 0x8, 0x2, 0x1, 0x32a, 0x5ca3, 0x3, 0x100, 0x200], [0x1, 0x4, 0x3, 0x35, 0x46a, 0x8, 0x9], [0x7, 0x86a, 0xfe, 0x8001, 0x10000, 0x4], [{0x1000, 0x2f032d7e, 0x165, 0x3}, {0x3, 0x7f}, {0xffff, 0x3, 0x6, 0x3}, {0xffff, 0x0, 0x4, 0x2}, {0x4, 0x58, 0x6, 0x4}, {0xfff7, 0x2, 0x6, 0xfe92}, {0x4, 0x3, 0x7ff, 0x11af}, {0x400, 0x8, 0x0, 0x4}], {0x2, 0x4, 0x6, 0x9}, {0xadb, 0x9, 0x4, 0x10000}}}, 0x9, 0x75}) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r1, 0x80104267, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x44}, {0x87}, {0x6}]}) ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) syz_emit_ethernet(0x3ba, &(0x7f00000000c0)="b6") 10:32:53 executing program 0: execve(0x0, &(0x7f0000000180)=[&(0x7f0000000100)=',.\x00'], 0x0) lchown(&(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="28000000ffff00000100000000000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1], 0x28}, 0x0) write(r1, 0x0, 0x0) r2 = fcntl$dupfd(r1, 0xa, 0xffffffffffffff9c) sendto$inet(r2, &(0x7f0000000040)="0506e146a1ebb263f771be787865a6be809560a3c84ede837710279acfcece8fe64cb3bb2cf06ec8ff23323e4a712cbebc1a327dc519709cc27ed412a435cdf73b88440e1f808b9fb400d78e3066673997503cfe21015b5f83934d70c18b24dafe52f1fe0bdf5ada4e4e29570e24c6cc660657e650f101c29a21d6a694f13a48889480a3b36fcadc67ecec9632a2acbdf4e15a31a715181e7477", 0x9a, 0x409, &(0x7f0000000140)={0x2, 0x2}, 0xc) unveil(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='r\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x12) 10:32:53 executing program 1: ioctl$VMM_IOC_WRITEREGS(0xffffffffffffffff, 0x82485608, &(0x7f0000000240)={0x0, 0x0, 0x0, {[], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd], [0x0, 0x0, 0x0, 0x9, 0xfff7ffffffffffff], [0x0, 0x0, 0x6, 0x0, 0x0, 0xffffffffffffffff], [{}, {}, {0x0, 0x0, 0x7}]}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="28000000ffff00000100000000000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1], 0x28}, 0x0) shutdown(r0, 0x0) recvmsg(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@in6, 0xc, &(0x7f0000000180)=[{&(0x7f0000000040)=""/218, 0xda}, {&(0x7f00000004c0)=""/198, 0xc6}], 0x2, &(0x7f00000005c0)=""/154, 0x9a}, 0x800) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r2 = socket(0x18, 0x2, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$TIOCFLUSH(r3, 0x8080691a, &(0x7f0000000300)) r4 = dup2(r2, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r6, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="28000000ffff00000100000000000000d662ed89cc06b00d282715946d684e9ec8fb30e1a4d06269e3420a8d831443a4a00603e6ee64917e83347acb7d4416e062f67c369cc792274f6a7d4db24ece97266093295c4056208afb819b87ff5ca1c373e27e8aae678bc618ae6a1c2aeb78b4234752709a7661024f1ec46bd797308fe90d3a05dbdf360e126ad84e4d8a14ba5f2bacd76156fea8dec83b00ce1dfacaf8f9a534fb7f5630c6d3d93935883f04f213f9c5814291ad7ba11faef43f1c8cf9ee975223987499f1c0d4cd5b88b4", @ANYRES32=r6, @ANYRES32=r6, @ANYRES32=r6, @ANYRES32=r5, @ANYRES32=r6, @ANYRES32=r6], 0x28}, 0x0) shutdown(r5, 0x0) r7 = fcntl$dupfd(r3, 0xa, 0xffffffffffffff9c) dup2(r5, r7) getsockopt$sock_cred(r4, 0xffff, 0x1022, &(0x7f0000000200)={0x0, 0x0}, &(0x7f0000000680)=0xc) seteuid(r8) socket(0x10, 0x4, 0x1) 10:32:53 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000300)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000100)={'tap', 0x0}) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000000)={0x3, &(0x7f0000000140)=[{0x1d}, {0x4d}, {0x6}]}) ioctl$BIOCGDLTLIST(r0, 0xc010427b, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[0x1, 0x6]}) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0}) syz_emit_ethernet(0xe, &(0x7f0000000040)="0000080093177320494b272aeeda") socket(0x2, 0x5, 0x7) 10:32:53 executing program 1: ioctl$VMM_IOC_WRITEREGS(0xffffffffffffffff, 0x82485608, &(0x7f0000000240)={0x0, 0x0, 0x0, {[0xffffffffffffffff, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x94000020000210], [], [], [{}, {}, {}, {}, {}, {0x8000}]}}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) sync() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="28000000ffff00000100000000000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1], 0x28}, 0x0) write(r1, 0x0, 0x0) pwrite(r1, &(0x7f0000000140)="540d64589de2dfa46c3c0ef1a204a0f8562a86392cf02e800f2d5a656cf44f11a0dc", 0x22, 0x0, 0xebc) r2 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyCcfg\x00', 0x80, 0x0) r3 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyCcfg\x00', 0x10000, 0x0) ioctl$WSDISPLAYIO_GBURNER(r3, 0x400c5752, &(0x7f00000000c0)) ioctl$WSDISPLAYIO_GVIDEO(r2, 0x40045744, &(0x7f0000000040)) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x40, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r4 = socket(0x2, 0x400000000002, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$TIOCFLUSH(r5, 0x8040691a, &(0x7f0000000300)) 10:32:53 executing program 0: mknod(&(0x7f0000000100)='./bus\x00', 0x2000, 0x5dd9) r0 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) readv(r0, &(0x7f0000000300)=[{&(0x7f0000000000)=""/47, 0x2f}], 0x1) r1 = kqueue() r2 = fcntl$dupfd(r1, 0x2, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10, r2, 0x0, 0x0) mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0) execve(0x0, 0x0, 0x0) login: panic: receive 1a: so 0xfffffd806f6ef320, so_type 3, m 0xfffffd806f311c00, m_type 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 315767 73899 0 0 0 1 syz-executor.1 *159847 40225 0 0 0 0K dhclient db_enter() at db_enter+0x18 panic(ffffffff821beada) at panic+0x15c soreceive(fffffd806f6ef320,0,ffff800020abdd88,0,0,ffff800020abdc94) at soreceive+0x174a soo_read(fffffd8072bf4260,ffff800020abdd88,0) at soo_read+0x53 dofilereadv(ffff800020a7cc38,6,ffff800020abdd88,0,ffff800020abde70) at dofilereadv+0x1a1 sys_read(ffff800020a7cc38,ffff800020abde20,ffff800020abde70) at sys_read+0x83 syscall(ffff800020abdef0) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff73e0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic receive 1a: so 0xfffffd806f6ef320, so_type 3, m 0xfffffd806f311c00, m_type 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff821beada) at panic+0x15c soreceive(fffffd806f6ef320,0,ffff800020abdd88,0,0,ffff800020abdc94) at soreceive+0x174a soo_read(fffffd8072bf4260,ffff800020abdd88,0) at soo_read+0x53 dofilereadv(ffff800020a7cc38,6,ffff800020abdd88,0,ffff800020abde70) at dofilereadv+0x1a1 sys_read(ffff800020a7cc38,ffff800020abde20,ffff800020abde70) at sys_read+0x83 syscall(ffff800020abdef0) at syscall+0x4a4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff73e0, count: -8 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020abdad0 rbx 0xffff800020abdb80 rdx 0xffff800020a7cc38 rcx 0 rax 0 r8 0xffffffff819677cf kprintf+0x16f r9 0x1 r10 0x25 r11 0x162796282e9db76 r12 0x3000000008 r13 0xffff800020abdae0 r14 0x100 r15 0x1 rip 0xffffffff8169f2f8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020abdac0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (dhclient) pid=159847 stat=onproc flags process=0 proc=0 pri=24, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020a7c758,0xffff800020a7d128 process=0xffff800020a90f10 user=0xffff800020ab8000, vmspace=0xfffffd807f0002e0 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 73899 315767 93725 0 7 0 syz-executor.1 73899 425252 93725 0 3 0x4000080 fsleep syz-executor.1 93725 154027 94388 0 3 0x82 nanosleep syz-executor.1 88730 193441 94388 0 2 0x2 syz-executor.0 94388 487464 19186 0 3 0x82 thrsleep syz-fuzzer 94388 289191 19186 0 3 0x4000082 nanosleep syz-fuzzer 94388 338464 19186 0 3 0x4000082 thrsleep syz-fuzzer 94388 49375 19186 0 3 0x4000082 thrsleep syz-fuzzer 94388 237613 19186 0 3 0x4000082 thrsleep syz-fuzzer 94388 48177 19186 0 3 0x4000082 thrsleep syz-fuzzer 94388 380088 19186 0 3 0x4000082 thrsleep syz-fuzzer 94388 13132 19186 0 3 0x4000082 thrsleep syz-fuzzer 94388 515905 19186 0 3 0x4000082 thrsleep syz-fuzzer 94388 298430 19186 0 3 0x4000082 kqread syz-fuzzer 19186 349457 39960 0 3 0x10008a pause ksh 39960 475119 1337 0 3 0x92 select sshd 40726 201931 1 0 3 0x100083 ttyin getty 1337 58079 1 0 3 0x80 select sshd 86787 494131 65924 74 3 0x100092 bpf pflogd 65924 14914 1 0 3 0x80 netio pflogd 47157 410322 64369 73 3 0x100090 kqread syslogd 64369 390697 1 0 3 0x100082 netio syslogd 4852 15464 1 77 3 0x100090 poll dhclient *40225 159847 1 0 7 0 dhclient 3423 136012 0 0 3 0x14200 pgzero zerothread 83932 20087 0 0 3 0x14200 aiodoned aiodoned 58530 503955 0 0 3 0x14200 syncer update 25878 511577 0 0 3 0x14200 cleaner cleaner 70762 502193 0 0 3 0x14200 reaper reaper 97649 311803 0 0 3 0x14200 pgdaemon pagedaemon 88359 265278 0 0 3 0x14200 bored crynlk 36653 286034 0 0 3 0x14200 bored crypto 81855 289125 0 0 3 0x40014200 acpi0 acpi0 65183 169065 0 0 3 0x40014200 idle1 68913 495288 0 0 3 0x14200 bored softnet 6307 160722 0 0 3 0x14200 bored systqmp 84806 368949 0 0 3 0x14200 bored systq 23522 332313 0 0 3 0x40014200 bored softclock 92430 506839 0 0 3 0x40014200 idle0 77783 41131 0 0 3 0x14200 bored smr 1 369240 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 88730 (syz-executor.0) thread 0xffff800020a7c9c8 (193441) exclusive rrwlock inode r = 0 (0xfffffd806b427f78) #0 witness_lock+0x52e #1 rw_enter+0x453 #2 rrw_enter+0x88 #3 ufs_ihashins+0x45 #4 ffs_vget+0x13e #5 ffs_inode_alloc+0x1cf #6 ufs_mkdir+0xf4 #7 VOP_MKDIR+0xc6 #8 domkdirat+0x121 #9 syscall+0x4a4 #10 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806b427098) #0 witness_lock+0x52e #1 rw_enter+0x453 #2 rrw_enter+0x88 #3 VOP_LOCK+0x4b #4 vn_lock+0x81 #5 vfs_lookup+0xe6 #6 namei+0x63c #7 domkdirat+0x75 #8 syscall+0x4a4 #9 Xsyscall+0x128 Process 40225 (dhclient) thread 0xffff800020a7cc38 (159847) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff826518c0) #0 witness_lock+0x52e #1 solock+0x66 #2 soreceive+0x114 #3 soo_read+0x53 #4 dofilereadv+0x1a1 #5 sys_read+0x83 #6 syscall+0x4a4 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9485 6656K 6656K 78643K 10589 0 pcb 13 8K 8K 78643K 17 0 rtable 111 3K 3K 78643K 207 0 ifaddr 45 10K 10K 78643K 48 0 counters 43 33K 33K 78643K 43 0 ioctlops 0 0K 4K 78643K 1469 0 mount 1 1K 1K 78643K 1 0 vnodes 1221 77K 77K 78643K 1230 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 196K 290K 78643K 12766 0 file desc 5 13K 25K 78643K 44 0 proc 59 63K 95K 78643K 441 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 33 2K 2K 78643K 33 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 19 95K 95K 78643K 19 0 exec 0 0K 1K 78643K 209 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 105 21K 22K 78643K 1036 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 6 0K 0K 78643K 10 0 temp 67 3007K 3071K 78643K 2083 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 48 0 1 2 0 2 2 0 8 0 unpcb 120 63 0 51 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 79 0 79 1 0 1 1 0 8 1 tcpcb 544 10 0 6 1 0 1 1 0 8 0 inpcb 280 54 0 46 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 12 0 0 1 0 1 1 0 8 0 pfstkey 112 12 0 0 1 0 1 1 0 8 0 pfstate 328 12 0 0 1 0 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 200 0 0 13 0 13 13 0 8 0 art_table 32 201 0 0 2 0 2 2 0 8 0 art_node 16 47 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1438 0 31 46 0 46 46 0 8 0 ffsino 272 1438 0 31 94 0 94 94 0 8 0 nchpl 144 1683 0 68 61 0 61 61 0 8 0 uvmvnodes 72 1490 0 0 28 0 28 28 0 8 0 vnodes 208 1490 0 0 79 0 79 79 0 8 0 namei 1024 4296 0 4295 1 0 1 1 0 8 0 percpumem 16 32 0 0 1 0 1 1 0 8 0 scxspl 192 5062 0 5054 8 1 7 7 0 8 4 plimitpl 152 15 0 7 1 0 1 1 0 8 0 sigapl 432 243 0 228 3 0 3 3 0 8 1 futexpl 56 259 0 258 1 0 1 1 0 8 0 knotepl 112 53 0 34 1 0 1 1 0 8 0 kqueuepl 144 6 0 4 1 0 1 1 0 8 0 pipelkpl 48 84 0 74 1 0 1 1 0 8 0 pipepl 120 168 0 149 2 0 2 2 0 8 1 fdescpl 496 244 0 228 3 0 3 3 0 8 0 filepl 152 1251 0 1147 6 0 6 6 0 8 2 lockfpl 104 10 0 9 1 0 1 1 0 8 0 lockfspl 48 5 0 4 1 0 1 1 0 8 0 sessionpl 112 18 0 7 1 0 1 1 0 8 0 pgrppl 48 18 0 7 1 0 1 1 0 8 0 ucredpl 96 45 0 36 1 0 1 1 0 8 0 zombiepl 144 228 0 228 1 0 1 1 0 8 1 processpl 960 259 0 228 5 0 5 5 0 8 1 procpl 624 288 0 247 4 0 4 4 0 8 0 sockpl 400 136 0 114 3 0 3 3 0 8 0 mcl8k 8192 1 0 0 1 0 1 1 0 8 0 mcl4k 4096 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 158 0 0 19 0 19 19 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 176 0 0 10 0 10 10 0 8 0 bufpl 280 4067 0 173 279 0 279 279 0 8 0 anonpl 16 38825 0 23050 65 1 64 64 0 125 0 amapchunkpl 152 1055 0 922 8 0 8 8 0 158 2 amappl16 192 1019 0 154 44 0 44 44 0 8 0 amappl15 184 11 0 8 1 0 1 1 0 8 0 amappl14 176 11 0 8 2 1 1 1 0 8 0 amappl13 168 25 0 24 1 0 1 1 0 8 0 amappl12 160 7 0 6 2 1 1 1 0 8 0 amappl11 152 70 0 52 1 0 1 1 0 8 0 amappl10 144 31 0 24 1 0 1 1 0 8 0 amappl9 136 390 0 387 1 0 1 1 0 8 0 amappl8 128 305 0 288 1 0 1 1 0 8 0 amappl7 120 126 0 113 1 0 1 1 0 8 0 amappl6 112 23 0 22 1 0 1 1 0 8 0 amappl5 104 133 0 118 1 0 1 1 0 8 0 amappl4 96 513 0 479 1 0 1 1 0 8 0 amappl3 88 102 0 96 1 0 1 1 0 8 0 amappl2 80 1038 0 963 3 0 3 3 0 8 1 amappl1 72 15494 0 15057 26 9 17 20 0 8 7 amappl 80 534 0 492 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 244 0 228 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 244 0 228 1 0 1 1 0 8 0 vmmpekpl 168 5898 0 5861 2 0 2 2 0 8 0 vmmpepl 168 37221 0 35226 123 8 115 115 0 357 24 vmsppl 368 243 0 228 2 0 2 2 0 8 0 pdppl 4096 495 0 456 6 0 6 6 0 8 0 pvpl 32 133332 0 113963 157 0 157 157 0 265 0 pmappl 232 243 0 228 2 0 2 2 0 8 1 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 163 0 3 5 0 5 5 0 8 0