kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu May 9 07:33:59 PDT 2019 OpenBSD/amd64 (ci-openbsd-setuid-9.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. 2019/05/09 07:34:24 fuzzer started 2019/05/09 07:34:33 dialing manager at 10.128.15.235:16299 2019/05/09 07:34:33 syscalls: 320 2019/05/09 07:34:33 code coverage: enabled 2019/05/09 07:34:33 comparison tracing: enabled 2019/05/09 07:34:33 extra coverage: support is not implemented in syzkaller 2019/05/09 07:34:33 setuid sandbox: enabled 2019/05/09 07:34:33 namespace sandbox: support is not implemented in syzkaller 2019/05/09 07:34:33 Android sandbox: support is not implemented in syzkaller 2019/05/09 07:34:33 fault injection: support is not implemented in syzkaller 2019/05/09 07:34:33 leak checking: support is not implemented in syzkaller 2019/05/09 07:34:33 net packet injection: enabled 2019/05/09 07:34:33 net device setup: support is not implemented in syzkaller 07:34:37 executing program 0: 07:34:37 executing program 1: r0 = socket(0x1e, 0x1, 0x0) getsockopt(r0, 0x6, 0x0, 0x0, 0x0) 07:34:38 executing program 0: syz_emit_ethernet(0x3e, &(0x7f0000000140)) 07:34:38 executing program 1: r0 = socket$inet(0x10, 0x4000000000003, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 07:34:38 executing program 1: syz_emit_ethernet(0x74, &(0x7f0000000100)) 07:34:38 executing program 0: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x1, 0x0) faccessat(r0, &(0x7f0000000040)='./file0\x00', 0x20, 0x2) r1 = socket(0x11, 0x3, 0x0) sendmsg(r1, &(0x7f0000002e40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002b00)=[{0x10}], 0x10}, 0x0) 07:34:38 executing program 1: r0 = socket(0x18, 0x1, 0x0) recvmsg(r0, &(0x7f0000000380)={&(0x7f0000000000)=@un=@file={0x0, ""/69}, 0x47, &(0x7f0000000280)=[{&(0x7f0000000080)=""/56, 0x38}, {&(0x7f00000000c0)=""/118, 0x76}, {&(0x7f0000000140)=""/39, 0x27}, {&(0x7f0000000180)=""/97, 0x61}, {&(0x7f0000000200)=""/97, 0x61}], 0x5, &(0x7f0000000300)=""/106, 0x6a}, 0x3) setsockopt(r0, 0x29, 0x9, 0x0, 0x0) 07:34:38 executing program 0: r0 = socket(0x10000000002, 0x2, 0x0) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)) connect$unix(r0, &(0x7f0000000000)=@abs={0x1, 0x0, 0x2}, 0x8) getsockopt(r0, 0x0, 0x7, 0x0, 0x0) 07:34:38 executing program 1: r0 = socket(0x20, 0x8005, 0x0) bind(r0, &(0x7f0000000000)=@un=@file={0x1, './file0\x00'}, 0xa) setsockopt(r0, 0x0, 0x1f, &(0x7f0000000040), 0x0) 07:34:38 executing program 0: r0 = kqueue() r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) kevent(r0, &(0x7f0000000080)=[{{r1}, 0xffffffffffffffff, 0x11}], 0x400000009130dbf, &(0x7f00000000c0)=[{{r1}, 0xff7ffffffffffffc, 0xc19d3ee7c7461ca7, 0xffffffdfffffffff}], 0xdde, 0x0) kevent(r0, &(0x7f0000000300)=[{{r0}, 0xffffffffffffffff, 0x8}], 0x9, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x200, 0x0) kevent(r0, 0x0, 0x0, &(0x7f0000000100), 0x7, 0x0) 07:34:38 executing program 1: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x10, 0x0) r1 = accept(r0, 0x0, &(0x7f0000000080)) preadv(r1, &(0x7f00000004c0), 0x0, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x612, 0x0) pwritev(r2, &(0x7f0000000480)=[{&(0x7f0000000440), 0xff12}], 0x10000000000000ff, 0x0) ftruncate(r2, 0x0) 07:34:38 executing program 0: setsockopt(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000040)="8118680017ea8e6c29068f7b856ff2740c672919c01f66d10554a4ae990f147568858764d9e44c990f765be041a512cea56459f8193494c53cfa8b72767bb5b911e6310e7d07e0bccba9e663b57b35a9e92ef1cfe90fd03b6d903981b0851cdbb3445fea1638779f9cebb9868c5741a11057280faf0e16f20906a4f890bfe0467b5f4d0b8a8c4397503f55c19650d0f21a08c293afa53301766de37d3c273080f7789631487a4b43f70378b323adb23bbfed3f41d4cc044c560bff46d0713e9e56c21fc6f7213e2a7eff3d732b0cbc4c960d0405606d100b11eedef2bbfd05f954c10a430e65550b01f7e450a579e0a3c5076a", 0xf3) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x100000000000000a, &(0x7f0000000000)='\x00', 0x1) r0 = socket$inet6(0x18, 0x1, 0x7) setsockopt(r0, 0x0, 0x9, &(0x7f0000000180)="58f9abdb", 0x0) 07:34:38 executing program 1: r0 = msgget(0x2, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x0, 0x65) openat(r1, &(0x7f0000000100)='./file0\x00', 0xc88, 0x82) msgsnd(r0, 0x0, 0x0, 0x800) mkdirat(r1, &(0x7f0000000080)='./file0/file0\x00', 0x20000) 07:34:38 executing program 0: write(0xffffffffffffffff, &(0x7f00000000c0)="90853856a63efcf2dafd59dbb3ccfeb6a287", 0x12) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000) munmap(&(0x7f000021e000/0x600000)=nil, 0x600000) clock_settime(0x0, &(0x7f0000000040)={0x2, 0x400}) r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) r1 = open(&(0x7f0000000000)='./file0\x00', 0x81, 0x40) write(r1, &(0x7f0000000100)="52626647d7b2074d73eacb55455609bbe15cba4568c6fcb82a290fe89aec73fd337e002cf2013fb9a5e4fe53da4a2bb9cb6f2cc31be666319ed8adf9a1f5bf8770b0b53d54db8a3c20dc20770a7a5abd1b959ba2fa42e839f35320d9436d2c2db30eb38e5c8ee29cdc972a1988d9e525db3818a38bbef682aac1fce2f8b2ef24155eda498925455f9650480743c830d447118dc9fda77509b7ca28870413382822d33d425b10ae862ae9188d391bea1473a509d360d1a566e871967fffd4f6a88edce60d5d73ebab8f0ddb1bf8dce70e", 0xd0) shmat(r0, &(0x7f0000ffa000/0x3000)=nil, 0x0) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r0, &(0x7f0000734000/0x3000)=nil, 0x0) 07:34:38 executing program 1: ioctl$TIOCCONS(0xffffffffffffffff, 0x80047462, 0x0) 07:34:38 executing program 0: mkdir(&(0x7f0000000040)='./file1\x00', 0x0) unveil(&(0x7f0000000080)='./file1\x00', &(0x7f0000000000)='\x00\x02') pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000200)="99", 0x1) write(r1, &(0x7f0000000340), 0x10000014c) write(r0, &(0x7f0000000480)="822e52fd358f48006df95a6b2b9dac2ab089a9474a0d32e021fd4bc98c732927f4e60a18f6392c6db21f8021bdc9b7e652fc7c624e6214fcef6373273521d3e7fb82eee5dd3ff9aca7cd35c6342a40dd0cfaaa18686b16847741a3ac93541c", 0x5f) read(r0, &(0x7f0000000080)=""/101, 0x65) bind$unix(r1, &(0x7f00000008c0)=ANY=[@ANYBLOB="01002e2f66696c462e9594c59a65310074113d30a0ea1de0d9649b212ca504000000f096eeb895f914592a5647710e1fb7dca586f4f25807fc8ccf596bff8470a0d5575520f4a84c8c05a56bde68d222baa427391d5697166f86fe25c7d02ce41fba1a97e314b8c1aec56877011087b309013dd357bf1d24ed6ccb233bcfd17eedfeed142bbcdef744d30016dff09fb189d5b845bb728a57122f353c346334f554349357c8513e7a7cb1668e9cb50000d29cf98da6b385723ff89e9350787d9491f0855e60986331fda282be553a712fcc380fb81d3a66f62afd5f7ffe1a524e243a5eb748e90287d01ae1cb423e50ee301ba2b01ceff8d104d3845a53b915cae3e9769b654ce63b6c4f1dc05584d9bc9eb0b2a6dff37d3ce8a91ee55face787c350a2d2b8f4c3c607a5352b387bfd895dbb8a7863efc153999ff1e891019736f2b429f4ee6b5d842b2568627c4d7c88c184edea779b2256f36c64bb3aa3074c060932df48666a04e22023d7bbf5ee6b78c889e7d4afd89270a67bd75f7edbb65acf97c3a03ca0a8f22d70781ad6d667ac85e5822c79c0420a243728a3d6bb545e67b061af185d351a82babc318bcc28b4634d326994f823be9117b4aa09c0617987e5d111418c9cbbb327b0111458cf42d4d10ef31ee9b6345b3d07f5e1d05b967ece91f84301865cd6b87d1a06b769de9dbd397c"], 0xa) execve(0x0, 0x0, 0x0) write(r0, &(0x7f00000001c0)="5aaa4b1939902b9d61", 0x9) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/125, 0x7d}, {&(0x7f0000000180)=""/14, 0xe}, {&(0x7f0000000240)=""/228, 0xe4}, {&(0x7f0000000340)=""/17, 0x11}, {&(0x7f0000000380)=""/64, 0x40}], 0x5, 0x0) write(r1, &(0x7f0000000500)="d372d8aab2dc6e85d6385012fe890f851035778afeaf35505eb7646175b061bd530fbe0cbbb81391141ba34f1f9e4c44d387c5ee7c1211099d6561010f9ef4065616dd7002bfe61cefa8bc3a8085d971c905a6bdc670feb40419c39e510ec54b45e4a66d57de2a8fa536c3d8cd773622856c44ee50c54af03d3ba2533cd3213139f80ea9215fca5a005d639655b1833416", 0x91) execve(0x0, 0x0, 0x0) bind(r1, &(0x7f0000000440)=@in={0x2, 0x1}, 0xc) 07:34:38 executing program 1: r0 = syz_open_pts() poll(&(0x7f0000000080)=[{r0, 0x2}, {r0, 0x24}, {r0, 0x80}, {r0, 0x80}], 0xd, 0x1a3) close(r0) ioctl$TIOCSETD(r0, 0x8004741b, &(0x7f0000000040)) semget$private(0x0, 0x1, 0x0) chmod(&(0x7f0000000000)='./file0\x00', 0x20) 07:34:38 executing program 1: r0 = socket$inet6(0x18, 0x2, 0x0) close(r0) r1 = socket(0x18, 0x400000002, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt(r1, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) getsockopt(r0, 0x29, 0x2e, 0x0, 0x0) r2 = shmget(0x3, 0x3000, 0x10, &(0x7f00006ef000/0x3000)=nil) shmctl$IPC_RMID(r2, 0x0) 07:34:38 executing program 1: ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, &(0x7f00000000c0)={0x0, 0x0, 0x7ffe, 0x0, "00207044b8d7b53122c120000001000000000d00"}) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) setitimer(0x0, &(0x7f0000000000)={{}, {0x2}}, 0x0) r0 = socket(0x18, 0x1, 0x0) close(r0) r1 = semget$private(0x0, 0x3, 0x8) semctl$GETNCNT(r1, 0x2, 0x3, &(0x7f0000000100)=""/191) r2 = socket(0x18, 0x400000002, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt(r2, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) 07:34:39 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = accept(0xffffffffffffffff, &(0x7f0000000080)=@in6, &(0x7f00000000c0)=0xc) r2 = socket$inet6(0x18, 0x4000, 0x9) r3 = socket$inet6(0x18, 0x0, 0x800) r4 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyCcfg\x00', 0x80, 0x0) r5 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c) r6 = kqueue() pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe2(&(0x7f0000000180)={0xffffffffffffffff}, 0x10004) r9 = socket$unix(0x1, 0x2, 0x0) r10 = openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/wsmouse\x00', 0x200, 0x0) r11 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000300)='/dev/bpf\x00', 0x10080, 0x0) r12 = accept$inet6(0xffffffffffffff9c, 0x0, &(0x7f0000000340)) r13 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380)='/dev/zero\x00', 0x10, 0x0) kevent(r0, &(0x7f00000001c0)=[{{r1}, 0xffffffffffffffff, 0x4, 0x40, 0x800, 0x5}, {{r2}, 0xfffffffffffffffc, 0x29, 0x0, 0x6d2, 0x7}, {{r3}, 0xfffffffffffffffa, 0xfd, 0x80, 0xf2d, 0x80}, {{r4}, 0xfffffffffffffffd, 0x52, 0x20000000, 0xf4, 0x100}, {{r5}, 0xffffffffffffffff, 0x4, 0x83, 0x4, 0x8}, {{r6}, 0xfffffffffffffffc, 0x80, 0x20000011, 0xa83, 0x48d2}, {{r7}, 0xffffffffffffffff, 0x40, 0x80000000, 0x1, 0x1}, {{r8}, 0xfffffffffffffffe, 0xa0, 0x40000000, 0x1}], 0x6, &(0x7f00000003c0)=[{{r9}, 0xfffffffffffffffb, 0xa5, 0xfffff, 0x6, 0xffffffffffff0001}, {{r10}, 0xffffffffffffffff, 0x0, 0x2, 0x3, 0xfff}, {{r11}, 0xfffffffffffffffd, 0x58, 0xf00fffff, 0x0, 0x6}, {{r12}, 0xfffffffffffffffa, 0x5, 0x12, 0xfffffffffffffeff, 0x3}, {{r13}, 0xfffffffffffffffb, 0x0, 0x1, 0x7, 0x2}], 0x9, &(0x7f0000000480)={0x200}) kqueue() r14 = kqueue() kevent(r14, &(0x7f0000000000), 0x9130fbf, 0x0, 0x4000000, 0x0) truncate(&(0x7f00000004c0)='./file0\x00', 0x800000005) madvise(&(0x7f000048e000/0x3000)=nil, 0x3000, 0x0) 07:34:39 executing program 1: pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) ioctl$FIOASYNC(r0, 0x8004667d, &(0x7f0000000040)) 07:34:39 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x200000000000d, &(0x7f0000000000)="eaff05003c730000", 0x8) r1 = msgget$private(0x0, 0x60) msgsnd(r1, &(0x7f0000000040)={0x1, "895385ef2c34528b2fcf336f460df255557671a1efad16c0f434e90e87a2f7ac609a6a8c334fc75392992aa0b5be3d58eaa0082f43529e37cb6479b0b828b21f7b731742e06fb6a3a4a9f4e5052232fd2124be9f0972ca333f90518a4a96510433e06491fcf63cc22b9a25c306dea4e1"}, 0x78, 0x22897edbca0feeca) 07:34:39 executing program 0: setrlimit(0x8, &(0x7f00000000c0)={0xa, 0x91}) r0 = syz_open_pts() close(r0) r1 = syz_open_pts() ioctl$TIOCSETA(r1, 0x802c7414, &(0x7f0000000000)={0xfffffffffffffff9, 0x0, 0x3ff, 0x7ffffffe, "73cc0e527b00748f482e2d0656e73fc9c06d00"}) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000ac0)="3a5e917fbecd4c9372cc1e8f6ad9e47c7c6776ff88e5ed96aea99f3dcf51127d3482841c890427736617ac55526fdfbee141d505d51446e4d1cb81ca78d50061fb104481592d8bc5124b5b82157e78a8e23301348e96e9b3b3fd027c603bab4bc122582094bb44c863f62b6bb1bd824223e421b863d0add81ae313f929179fd3d9ce05a61b0e2d694d327e3fc8aa126b0715c4ef679b662db45d443ef4fe4aa7d81dd1f51efa0f47c0bb0b56b5c6f8a19d896791670ccd5c4a2abdd439c3e9329523d1edf861342e4cb6615fb8946184856b8e6c8d02ed97eaa11873d437c7baceac399448ffbab3021ac35cf9a7deb243013b8ff50d054cf778657854ea19a86b02f1e4831b98c2df0f460a89833438791169fd35629e8f0037022c9adf111d4d58d6811304d74978a2baf3fec0e929171790d3048765434b0c046c3e7071113518bc30bc7627e0e396313cb75b0499345c1ea6452080f94a247e70a667fd829af4049592d15e247e298bcef0c231cef81c63e384dc550e63102c55147976226aec2b05a02e5637e55e6b08fe52944eedfd4f9016c45cbd2c8703a31170f97d26f509916e3f580367b3ad11927cae4dffc8838aa63a986940a6e973fff9acf4f54d490936e4f984390ab909c2e8559bd332ea417e63a2cbf2619b528f15bb4a68ade84e4639227e1ee1c6b8722180fc9730b6e5ae91f944b9d76f365eaf371d8d54b30542ac0237418aeb4b2494c1ef1e1fb991fa97ff97c5b0d7dc9bfc5eafe533132acd5ee3b3a38f670dd1946f015769b04ac12b1437258ee4f043bed79e5bf95423f69f6fe8e842a950b6c7bcfb9be4048b59fbce11fb4af4df5b024e3ff7c6dbdc7491b4f3c569b3e9498be47aea11f48c7a7f670ccd1e665b1f034066507d38ede7ac50bc250f667fc5f438576340f20119e61327026728e4defeb3905e327fa9bea18a6f08880a18218a18dbb1272a972758f20b00692f0e4d3ec8706f58e91846ea02fb606b129b30813cd0d81706acd9e4bd14684d04e22062bc2e69d8d90650accdf0fd70a163fca181c25f2d9c4feaac66d7dc6320bbb7bcc959196826d5dfbdd9b9ffc42e25fc5650d5a7f5e61a1110094d61ff5e250e0ec65613ef0db2f32ec54c4e260f8f71fc80e41b74a0a12dbaf6ce54bc023b44994f3dae90fdf9497bde1752e9ebde9722701ba097884a31fbec66604ebafd3acf6f28fe8dc988a6f2bdad2142547d62903ac75161c3113e1320b42ac8954ec85ba932d2c092079052c9dfaf8711651b082d587de0503d744cf09bc9297ba5ef36066e702070af7741c6f6be34a3e03fe298e8ec7cd9c4ca3f9bd59387f9b17f1f0cb3d0b5bdbc68867c71348c3820d17e0cc08dd33c6df49bf9660c8dc12615a7a3a7bd041ca7db2f1ba372d3550234b4b0a92cb969f0caac69fa770114b2d3f51fa7b868be0a8f42afce8a8975b3376609c9219df2cc0f77261a60e9382d1fa94a4623f1fe1dff0b9543581a08210d64a99a89fe308b1595f9b8aee9799ea52c47e99103c2e6da503915af1a74745dc595e76e6576ab8b43bf98efc21f498ecf40fe6f539ccbf734332df04c99de92fcbe8e47b71fc31fa689835ef81ef07ac13f20fa658c917022c6c44391d566e3385c00", 0x71d}], 0x116d) 07:34:39 executing program 1: r0 = socket(0x2, 0x2, 0x0) r1 = socket(0x10000000002, 0x2, 0x0) r2 = getppid() r3 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyCcfg\x00', 0x30, 0x0) ioctl$VT_ACTIVATE(r3, 0x20007605, &(0x7f0000000280)=0x20000000080003) fcntl$setown(r0, 0x6, r2) pipe2(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) openat(r4, &(0x7f0000000200)='./bus\x00', 0x482, 0x40) socket(0x31, 0x3, 0x3) clock_settime(0x7, &(0x7f00000001c0)={0x8, 0x400}) r5 = dup2(r1, r0) r6 = socket$inet6(0x18, 0x2, 0x6) socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000000140)) getsockopt$sock_int(r6, 0xffff, 0x1004, &(0x7f00000000c0), &(0x7f0000000100)=0x4) semget(0x2, 0x3, 0x0) faccessat(r5, &(0x7f0000000040)='./bus\x00', 0x38, 0x2) mknod(&(0x7f0000000080)='./bus\x00', 0x80002006, 0x2d94) open(&(0x7f0000001d00)='./bus\x00', 0x1, 0x0) r7 = semget$private(0x0, 0x5, 0xe1) semop(r7, &(0x7f0000000240)=[{0x0, 0x1}, {0x3, 0x9, 0x800}, {0x0, 0xffffffff, 0x800}], 0x3) 07:34:39 executing program 1: r0 = syz_open_pts() r1 = kqueue() kevent(r1, &(0x7f00000000c0), 0x6, &(0x7f0000000100)=[{{r0}, 0xfffffffffffffffe, 0x1}], 0x100, 0x0) r2 = open$dir(&(0x7f0000000000)='./file0\x00', 0x28080, 0x20) kevent(r1, &(0x7f00000002c0)=[{{r2}, 0xfffffffffffffffd, 0x64, 0x1, 0x2, 0x1000}, {{r0}, 0xfffffffffffffff8, 0x26, 0x80, 0x1, 0x1000}, {{r0}, 0xfffffffffffffffd, 0x1b5e6c7d83e2a146, 0x5, 0x800, 0xfffffffffffffffb}, {{r0}, 0xffffffffffffffff, 0x90, 0x20000000, 0x3f, 0x80000000}, {{r1}, 0xffffffffffffffff, 0x48, 0x2, 0x6, 0x6}, {{r1}, 0xfffffffffffffffb, 0x40, 0x1, 0x1, 0x4}, {{r0}, 0xfffffffffffffffb, 0x20, 0x1, 0x4f, 0xef}], 0x100000001, &(0x7f00000003c0)=[{{r0}, 0xfffffffffffffffe, 0x2, 0x2, 0x0, 0x5}, {{r2}, 0xfffffffffffffff9, 0x52, 0x52, 0x5, 0x2}, {{r2}, 0xfffffffffffffff9, 0x20, 0x1, 0x100, 0x80}, {{r1}, 0xfffffffffffffffb, 0x62, 0x40000000, 0x3, 0x10001}, {{r0}, 0xffffffffffffffff, 0x82, 0x6a08f3dd92dd4703, 0x7a5, 0x1}, {{r0}, 0xfffffffffffffffb, 0x48, 0x10, 0x5, 0xf4ba}, {{r1}, 0xfffffffffffffffe, 0x80, 0x1, 0x29c8, 0x6}, {{r2}, 0xfffffffffffffffd, 0xc0, 0x0, 0xae0, 0x7fffffff}], 0x4, &(0x7f00000000c0)={0x3, 0xffff}) unlinkat(r2, &(0x7f0000000040)='./file0\x00', 0x0) write(r0, &(0x7f0000000140)="908d144e33da16db9fabd10274a105e3dfdb9ac4c00b40b4ed5e915ca57d7ae2d4f72b34bed11e4ff6453dd6ed1096dc4bfb97c4ad7fe36e6e41b547960cb7f273556a18585fa19150cca58239f31a6b0124b3b39128c1c185afa8227d28aa833144d13fcc328b2e5815cffeaf7a4ad8f3e62c9e190d4d25ca57dac1b92a284aa14f55b8903f2022a171915f8584793fa8022463239fd879b39efd7188591609d52a7b2091d5ca1dbacec3453489c606baffd02682f6e01d75c1efcdad214060e818f60f657ceaa7865bbc1930ad515e83f49f83f9ec076feecf41085458e83087b005e49003b7bc7583ffabe55db59a20c11bc2aac99d1d503e63224e8da93b19", 0x101) kevent(r1, &(0x7f0000000280)=[{{r1}, 0xffffffffffffffff, 0x9}], 0x1f, 0x0, 0x0, 0x0) kevent(r1, 0x0, 0x0, 0x0, 0xb0, &(0x7f0000000080)={0x0, 0x20000000}) 07:34:40 executing program 1: r0 = shmget$private(0x0, 0x4000, 0x481, &(0x7f0000ffc000/0x4000)=nil) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) r2 = getgid() r3 = getuid() getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0xc) r5 = getpid() r6 = fcntl$getown(0xffffffffffffff9c, 0x5) shmctl$IPC_SET(r0, 0x1, &(0x7f00000000c0)={{0x200, r1, r2, r3, r4, 0x0, 0x7fffffff}, 0x5, 0x9, r5, r6, 0xffff, 0x100000000, 0x3}) r7 = shmget$private(0x0, 0x600000, 0x0, &(0x7f000000d000/0x600000)=nil) shmctl$IPC_RMID(r7, 0x0) 07:34:40 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0xffff, 0x1004, &(0x7f0000000180)=0x7, 0x4) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) r1 = msgget$private(0x0, 0x2) msgrcv(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400"/4104], 0x1008, 0x0, 0x1000) setsockopt$sock_int(r0, 0xffff, 0x10000000001002, &(0x7f0000000200), 0x66) 07:34:40 executing program 1: ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, &(0x7f00000000c0)={0x0, 0x0, 0xffffffffffffbffe, 0x0, "b0d42000006e9300"}) r0 = socket(0x18, 0x1, 0x0) shutdown(r0, 0x0) connect$unix(r0, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) connect$unix(r0, &(0x7f0000000000)=@abs={0x0, 0x0, 0x2}, 0x8) getsockname$inet6(r0, &(0x7f0000000040), &(0x7f0000000080)=0xc) getsockopt(r0, 0x1, 0x6, &(0x7f0000000100)=""/56, &(0x7f0000000140)=0x38) 07:34:40 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x2000000000009, 0x0, 0x0) 07:34:40 executing program 0: connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) setitimer(0x0, &(0x7f0000000000)={{0x1ff}, {0x2}}, 0x0) r0 = socket(0x18, 0x1, 0x0) close(r0) r1 = socket(0x18, 0x400000002, 0x0) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f0000000040)="79d75bfbd70274387fae0f0aad16a1a6e3bfc14f9340ca48ee374cb7aac116cf5ccfe909d0b13a3fede252", 0x2b) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt(r1, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) 07:34:40 executing program 1: chmod(&(0x7f0000000000)='./file0\x00', 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) recvfrom$unix(r0, &(0x7f0000000040)=""/59, 0x3b, 0x42, 0x0, 0x0) write(r1, &(0x7f00000002c0)="64a356d97ca778a36789156f9b80f04064345389c77719aa0e62f589699919a68b6885cbb6d2495bb90a06fa1acb4bd6ca626507492c9c25484c2b1b", 0x3c) 07:34:40 executing program 0: kevent(0xffffffffffffffff, &(0x7f0000000000)=[{{}, 0x0, 0x0, 0x0, 0x1}], 0x0, 0x0, 0x0, 0x0) ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000140)={0xffffffffffffffff, 0xfffffffffffffffa, 0x0, 0x0, "0100000000000200"}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x1, 0x0) setsockopt(r0, 0x29, 0xc, &(0x7f0000000140)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) setsockopt(r0, 0x80000000000029, 0xc, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) rmdir(&(0x7f0000000040)='./file0\x00') close(r0) 07:34:40 executing program 0: r0 = socket(0x18, 0x2, 0x0) rmdir(&(0x7f0000000040)='./file0\x00') setsockopt(r0, 0x1000000000029, 0x20000002b, &(0x7f0000000000)="4b74954c", 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VMM_IOC_CREATE(r1, 0xc5005601, &(0x7f00000000c0)={0x10, 0x4, 0x4, 0xd393, [{&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x5}, {&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x3}, {&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x5}, {&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x8}, {&(0x7f0000fee000/0x12000)=nil, &(0x7f0000ff1000/0x2000)=nil, 0x9}, {&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff3000/0x4000)=nil, 0x6}, {&(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x100}, {&(0x7f0000ff0000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x1}, {&(0x7f0000ff8000/0x4000)=nil, &(0x7f0000fee000/0x1000)=nil, 0x1}, {&(0x7f0000ff0000/0x2000)=nil, &(0x7f0000ff2000/0x3000)=nil, 0x5004}, {&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff3000/0x4000)=nil, 0x7}, {&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000fef000/0x4000)=nil, 0x5}, {&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x1f}, {&(0x7f0000ff6000/0x4000)=nil, &(0x7f0000ff5000/0x3000)=nil, 0x80}, {&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x5}, {&(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x7}], ['./file0\x00', './file0\x00', './file0\x00', '.\x00'], './file0\x00', './file0\x00', './file0\x00', ['./file', './file', './file', './file'], 0x7}) fsync(r2) 07:34:40 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) close(r0) shutdown(r0, 0x0) chmod(&(0x7f0000000000)='./file0\x00', 0x108) 07:34:40 executing program 1: r0 = syz_open_pts() ioctl$TIOCSTSTAMP(r0, 0x8008745a, &(0x7f0000000000)={0x20, 0x5}) ioctl$TIOCSCTTY(r0, 0x20007461) setrlimit(0x8, &(0x7f0000000040)={0x7, 0x95}) r1 = syz_open_pts() close(r1) syz_open_pts() ioctl$TIOCSETAF(r1, 0x802c7416, &(0x7f0000000080)={0xcf1, 0x6f, 0x20000020000007, 0x528, "0d9f40b12794cb7bd0e6bb91d6f4c6003b99f7bd"}) writev(r1, &(0x7f0000000200)=[{&(0x7f0000001800)="d10b01e1d680f9c6062e6d20da79547c19470756030e4e79668254e737c42132b2f88425f4eb7db503a5c03d41a893a0c73b3c38e32468b9dbf2560d6c575768760056b5d3ab2b1c57e6bc1eaa94d6cc666e8af2db19c4845ace8342f15b175474794bd7845853fc3246e1044321f2b291ad9e303905ae6eed8f620ddea01882a4fe05fb74dc3da97ab05e64632e85b80bfbc0f1db169b67eb682ab34df35e193e36a1af6d5185b6ba3ed3dcdc6d4bb18ce4d900c8e6a206c19dcc94c5275eb46fc82dd3242334b88d5580f891c20a42ad1c516658479257393e16f6c12e499c639039aef61448ac3c7e80669f5557141b711aea87b38637a1b4b65f240ec7f37a09bf59a95a65aa07fb724d671eccf12bdae8df11f389d59ea4bbd573da7bf7ef1711c5d44a8aa9ea0ddbbf0c63318fa69bef49dddd26fff091919895189b9b4174c96a31a9281eaffc5fe6b61c5d6f1bedc9809f5a9d9ad7cfaf84776eb5d5717bdfa4789922265b2f27a230372ec1aa093aefc07e28617cddca6de2941c448cc963e5cccf4dd5814f5610bb3841e0f80d44164db3840d5695ed292f054f8074bd421c42dac937a9d317b2250a8c0a", 0x1b0}], 0x1) 07:34:40 executing program 0: setrlimit(0x8, &(0x7f0000000000)={0x7, 0x95}) r0 = syz_open_pts() close(r0) r1 = syz_open_pts() close(r1) readv(r0, &(0x7f0000001640)=[{&(0x7f0000000100)=""/233, 0xe9}], 0x1) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x200, 0x0) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x5) ioctl$BIOCSDIRFILT(r2, 0x8004427d, &(0x7f00000000c0)=0x1) kevent(r2, &(0x7f0000000200)=[{{r1}, 0xffffffffffffffff, 0x88, 0x92, 0x7, 0x5022}, {{r0}, 0xfffffffffffffffa, 0x80, 0x1, 0x8a2, 0x7c4}, {{r0}, 0xffffffffffffffff, 0x70, 0x20000000, 0x0, 0x4}, {{r1}, 0xfffffffffffffffd, 0x20, 0x6, 0x5, 0x9000000000000}, {{r0}, 0xfffffffffffffffb, 0xa, 0x4c, 0x51, 0xd98200}, {{r1}, 0xffffffffffffffff, 0x20, 0x84, 0x8, 0x8}, {{r0}, 0xfffffffffffffff8, 0x2, 0x0, 0x2c11, 0x7}, {{r0}, 0xfffffffffffffff8, 0x98, 0x10, 0x9, 0x2}], 0x4000000000000000, &(0x7f0000000300)=[{{r1}, 0xffffffffffffffff, 0x80, 0x0, 0x40, 0x7ff}, {{r1}, 0xfffffffffffffffb, 0x2, 0x40000000, 0x2}, {{r0}, 0xfffffffffffffffc, 0x88, 0x0, 0x9, 0x5}, {{r1}, 0xffffffffffffffff, 0x10, 0x4, 0x7, 0x4eea}, {{r1}, 0xfffffffffffffffa, 0x1a, 0x40, 0x4, 0x5}, {{r1}, 0xfffffffffffffffe, 0x8, 0x0, 0x3, 0x76a}, {{r0}, 0xffffffffffffffff, 0x40, 0xf0000001, 0x0, 0xa000000000}, {{r0}, 0xffffffffffffffff, 0x2, 0x20, 0x0, 0x401}, {{r0}, 0x0, 0x4, 0x2, 0x7, 0xffffffff}, {{r1}, 0xffffffffffffffff, 0x40, 0xfffff, 0x6, 0x100000001}], 0x2, &(0x7f0000000080)={0x24d, 0x7}) 07:34:41 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) 07:34:41 executing program 0: poll(0xfffffffffffffffe, 0x303, 0x1) 07:34:41 executing program 1: r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) pwritev(r0, &(0x7f00000003c0)=[{&(0x7f0000000680)="90c3fe67eb586898600425f2f573e0d1ac83c18d65c8e22066c0d389fe894a974c8d45aaf9846f9b3aec3213d2a6ac68a0b0632688ca0fab3647175abf22fea120c9b3bb77ca60c128295bf234505356095dbf9e50a4a5079723b57fed8ef0a251b91e67e1f5d347d5b668a390a25beea3962e7c10b8d9f53f5c82b5eacc26757d14f2fa6be9a2cbb2cfacc5e906dfd1e3208364bb049bd84682cec454327b6a1522c332ea628b8cb672e9e7247818f970e017c7cb9303e6b505059f34d3fb9df3993b7535fa269859e24b2802782224d7d5c13c21d4eee4f8621037c3d78695ad9a278978b26c46049befba997acb9ac407791cdf6046f9f71e36d09827a4493c17a0921dc38af76420c885862413c6ed4f7fe335a5547ee2d7c65d735b189214606da83f9be40faef7438cbfe1ed0439c46106672cda99d1c3471259d08198e13683ef6b08d5c54bfb991d", 0x14c}], 0x1, 0x0) mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x5, 0x10, r0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mkdir(&(0x7f0000000100)='./bus\x00', 0x0) open(&(0x7f0000000080)='./file0\x00', 0x60e, 0x0) rename(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00') execve(&(0x7f0000000480)='./file0\x00', &(0x7f00000005c0)=[&(0x7f00000004c0)='\x00', &(0x7f0000000500)='^@\x00', &(0x7f0000000540)=')).\x00', &(0x7f0000000580)='\x00'], &(0x7f0000000a00)=[&(0x7f0000000600)='-.!\x00', &(0x7f0000000640)='^@\x00', &(0x7f0000000800)='\x00', &(0x7f0000000840)='-&\x87g+\x00', &(0x7f0000000880)='\x00', &(0x7f00000008c0)='!\x00', &(0x7f0000000900)='-.!\x00', &(0x7f0000000940)='\x00', &(0x7f0000000980)='-&\x87g+\x00', &(0x7f00000009c0)='\x1c\x00']) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000380)=[&(0x7f0000000180)='\x00', &(0x7f00000001c0)='^@\x00', &(0x7f0000000200)='\x00', &(0x7f0000000240)='@-\\\x00', &(0x7f0000000280)='-&\x87g+\x00', &(0x7f00000002c0)='-.!\x00', &(0x7f0000000300)='\x1c\x00', &(0x7f0000000340)='\x00'], &(0x7f0000000440)=[&(0x7f0000000400)='\x00']) 07:34:41 executing program 0: setrlimit(0x8, &(0x7f0000000040)={0x7, 0x95}) r0 = syz_open_pts() close(r0) r1 = syz_open_pts() write(r0, &(0x7f00000001c0)="bbf9b1d49d87b3c4f8a465224900dec7c4d3439340bb0d64915fdfd87b31a40b9ed32146d4bb022fe3b8d5d7f57b27c8679cceaf8e9539000baeaf6e421ce76fd5a634420db04a05964ae91d411385cbeb61b95ba0e417c12dbbbd6e5737f17fda58cc8c3ae1735fac4104e4406929f071b6f16d22ce69b5b1", 0x189) ioctl$TIOCSETA(r1, 0x802c7414, &(0x7f0000000100)={0x40000000002, 0xfffffffffffffffd, 0x48c0, 0x2, "ab5b88ecbc24bedb1a696700", 0x0, 0x40000000000000}) read(r1, &(0x7f0000000080)=""/99, 0x63) ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, "bd80f3f4f98f14f03d973242f69b5fcf405b41d5"}) write(r0, &(0x7f0000000140)="96", 0x1) write(r0, &(0x7f0000000180)="cccde4ce37519ef19ea5dcac24baf0fd63e5146f532426070920d404ceee456e336cf01236043032f4abd128f72a846ada3e00fdddc4538a8ea3613809bb", 0x3e) 07:34:41 executing program 0: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x1, 0x0) r1 = getpgid(0x0) fcntl$setown(r0, 0x6, r1) setsockopt(r0, 0x29, 0xa, &(0x7f0000000000)="d5ff9668", 0x4) getsockopt(r0, 0x29, 0x9, 0x0, 0x0) 07:34:41 executing program 1: r0 = syz_open_pts() ioctl$TIOCSETAW(0xffffffffffffffff, 0x802c7415, &(0x7f0000000040)={0x0, 0x0, 0xfffffffffffffffa, 0x0, "68d19de7f43f0db1cb2fd71bc1c36f1cc6822bc6"}) ioctl$TIOCSTOP(r0, 0x2000746f) r1 = kqueue() kevent(r1, &(0x7f0000000080)=[{{r1}, 0xffffffffffffffff, 0x1}], 0x1f, 0x0, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0xa, r0) ioctl$BIOCIMMEDIATE(r2, 0x80044270, &(0x7f0000000000)=0x101) kevent(r1, &(0x7f0000000000), 0x47eb, 0x0, 0x2, 0x0) close(r1) ioctl$VMM_IOC_CREATE(r0, 0xc5005601, &(0x7f00000000c0)={0x10, 0x2, 0x4, 0x42bab70d, [{&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x7}, {&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x8000}, {&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x6}, {&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, 0x7}, {&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x2ebe8293}, {&(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0xfff}, {&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x7fff}, {&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff9000/0x1000)=nil, 0x9}, {&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x1f}, {&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0xe83}, {&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x9}, {&(0x7f0000fed000/0x13000)=nil, &(0x7f0000ff9000/0x3000)=nil, 0x7}, {&(0x7f0000a00000/0x600000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x8}, {&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000b51000/0x1000)=nil, 0x9}, {&(0x7f0000ad3000/0x2000)=nil, &(0x7f0000c67000/0x2000)=nil}, {&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x7}], ['./file0\x00', './file0\x00', './file0\x00', './file0\x00'], './file0\x00', './file0\x00', './file0\x00', ['./file', './file', './file', './file'], 0xffffffffffffffff}) 07:34:41 executing program 0: unveil(&(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='x\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0xfffffffffffffff4) mkdir(&(0x7f0000000000)='./file0/../file1\x00', 0x0) unveil(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='c\x00') r0 = openat(0xffffffffffffffff, &(0x7f0000000600)='./file0/../file1\x00', 0x8200, 0x8) ioctl$WSDISPLAYIO_GETSCREENTYPE(r0, 0xc028575d, &(0x7f0000000640)={0x3, 0x100000000, './file0/../file1', 0x44ff, 0x1, 0x7fff, 0x10000}) r1 = open(&(0x7f00000004c0)='./file0/../file1\x00', 0x80, 0x40) sendto(r1, &(0x7f0000000500)="eb7403f4f6386efe58ed9f21fdb7622e053b6eec60a51e9d77ec48326e55785f03e7cd43b71fab9d87985cf7bbf7dca789e4cf7ea55a633295cafcf219165f04a5d0d8ce46aae0547a6249cde55fbe8c226f997366f2eb5488eb2a03136698e0f1e6a252630fbd53a7818313eb4fa499008351f4924ec95f6f8b784094295a3d42a3c59343ccf583b335e351143edc640acbeb4a0ffc124094bf0a8341011517ec020cae13b7a0be59cfe602a3bd06939132c7a4cfba8b4e4c75c1", 0xbb, 0x8, &(0x7f00000005c0)=@in6={0x18, 0x1, 0x7}, 0xc) recvmsg(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)=@in6, 0xc, &(0x7f0000000180), 0x0, &(0x7f0000000680)=""/48, 0x30}, 0x803) r2 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) ioctl$VMM_IOC_WRITEREGS(r2, 0x82485608, &(0x7f0000000240)={0x6f, 0x200, 0xfffffffffffffffe, {[0x58, 0x9, 0x1, 0x8, 0x8, 0x3b, 0x4e, 0x860, 0x1, 0xb3e, 0x7fffffff, 0x100, 0x80000001, 0xffffffffffffffff, 0x10001, 0x81, 0x2, 0x81], [0x400, 0xfff, 0x1, 0x1, 0x4, 0x9ea9, 0x3, 0x1, 0xc5b, 0xffffffff], [0x7, 0x1ff, 0x8, 0x9, 0x0, 0x20, 0x1], [0x3, 0x9, 0x40, 0x4f, 0x17, 0x2], [{0xd3, 0x0, 0x1000, 0xcd8}, {0xd479, 0x101, 0x8, 0x45}, {0x65a, 0xfffffffffffffffe, 0x100, 0x4}, {0x20, 0x8000, 0x0, 0x1}, {0x73, 0x6, 0x1, 0x3}, {0x1, 0xfffffffffffffff9, 0xffffffff, 0x7ff}, {0x8c3, 0x5, 0x58f, 0xf6}, {0xcf, 0x1, 0xffffffffffffffc0, 0xfff}], {0x8, 0x800, 0x6, 0x1}, {0x2, 0x9, 0x9, 0x7}}}) 07:34:41 executing program 1: mknod(&(0x7f0000000180)='./file0\x00', 0x1ffb, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f0000000040)='./file0\x00', 0x400000002c5, 0x0) kevent(0xffffffffffffffff, &(0x7f00000002c0)=[{{r1}, 0xfffffffffffffffe, 0x11}], 0x3ff, 0x0, 0x0, 0x0) ioctl$TIOCCONS(r0, 0x80047462, &(0x7f0000000140)=0xffffffff) r2 = kqueue() utimensat(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={{0x8, 0x5}, {0x3a, 0x33085cf3}}, 0x0) kevent(r2, &(0x7f0000000040), 0x60, 0x0, 0xfffffffffffffff9, 0x0) kevent(r2, 0x0, 0x0, &(0x7f0000000000), 0x3, 0x0) r3 = open$dir(&(0x7f0000000000)='./file0\x00', 0x80, 0x4) kevent(r2, &(0x7f00000001c0)=[{{r2}, 0xfffffffffffffffd, 0x0, 0x1, 0x5, 0xdfbe}, {{r3}, 0xfffffffffffffff8, 0x0, 0x3, 0xe9d, 0x44}, {{r3}, 0xffffffffffffffff, 0x4d, 0xf0000000, 0x8, 0x9}, {{r0}, 0xffffffffffffffff, 0x80, 0x3, 0x7fff, 0x8}, {{r2}, 0x0, 0x43, 0xfffff, 0x200, 0x6}, {{r1}, 0xfffffffffffffffd, 0x45, 0xf0000021, 0x8, 0x6}], 0x700, &(0x7f0000000300)=[{{r1}, 0x0, 0x5, 0x2, 0x0, 0x2}, {{r1}, 0xffffffffffffffff, 0x1, 0x80000000, 0x3ff, 0x7}, {{r2}, 0xffffffffffffffff, 0x10, 0xfffff, 0xe0a, 0xbaf}, {{r0}, 0x0, 0x40, 0x20000042, 0xffffffffffffff2b, 0x4}], 0x4ad, &(0x7f0000000280)={0xff, 0x3}) login: panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_unveil.c", line 196 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 471193 51557 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 panic() at panic+0x15c __assert(ffffffff81f9834f,ffffffff81f4feb7,c4,ffffffff81f5a832) at __assert+0x2e unveil_destroy(ffff800020b3b078) at unveil_destroy+0x19f exit1(ffff800020b39c38,0,1) at exit1+0x354 sys_exit(ffff800020b39c38,ffff800020be7940,ffff800020be79b0) at sys_exit+0x17 syscall(ffff800020be7a20) at syscall+0x552 Xsyscall(6,1,0,1,431bde82d7b634db,7f7ffffce3d8) at Xsyscall+0x128 end trace frame: 0x0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_unveil.c", line 196 ddb{1}> trace db_enter() at db_enter+0x18 panic() at panic+0x15c __assert(ffffffff81f9834f,ffffffff81f4feb7,c4,ffffffff81f5a832) at __assert+0x2e unveil_destroy(ffff800020b3b078) at unveil_destroy+0x19f exit1(ffff800020b39c38,0,1) at exit1+0x354 sys_exit(ffff800020b39c38,ffff800020be7940,ffff800020be79b0) at sys_exit+0x17 syscall(ffff800020be7a20) at syscall+0x552 Xsyscall(6,1,0,1,431bde82d7b634db,7f7ffffce3d8) at Xsyscall+0x128 end trace frame: 0x0, count: -8 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020be7740 rbx 0xffff800020be77f0 rdx 0xffff800020b39c38 rcx 0 rax 0 r8 0xffffffff8177e313 kprintf+0x173 r9 0x1 r10 0x25 r11 0xd2881bb39146329f r12 0x3000000008 r13 0xffff800020be7750 r14 0x100 r15 0x1 rip 0xffffffff81967bf8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020be7730 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.0) pid=475023 stat=onproc flags process=1018 proc=2000 pri=61, usrpri=61, nice=20 forw=0xffffffffffffffff, list=0xffff800020b38018,0xffffffff8235aaa8 process=0xffff800020b3b078 user=0xffff800020be2000, vmspace=0xfffffd807effe168 estcpu=11, cpticks=9, pctcpu=0.0 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 20821 48993 79938 32767 3 0x90 nanosleep syz-executor.0 79938 173731 76858 0 3 0x82 wait syz-executor.0 76858 173992 79753 0 3 0x82 thrsleep syz-fuzzer 76858 33475 79753 0 3 0x4000082 thrsleep syz-fuzzer 76858 460799 79753 0 3 0x4000082 thrsleep syz-fuzzer 76858 266038 79753 0 3 0x4000082 thrsleep syz-fuzzer 76858 363367 79753 0 3 0x4000082 thrsleep syz-fuzzer 76858 52192 79753 0 3 0x4000082 thrsleep syz-fuzzer 76858 233536 79753 0 3 0x4000082 thrsleep syz-fuzzer 76858 366366 79753 0 3 0x4000082 thrsleep syz-fuzzer 76858 60204 79753 0 3 0x4000082 thrsleep syz-fuzzer 76858 367061 79753 0 3 0x4000082 kqread syz-fuzzer 79753 509383 14617 0 3 0x10008a pause ksh 14617 299969 55883 0 3 0x92 select sshd 22895 281484 1 0 3 0x100083 ttyin getty 55883 254725 1 0 3 0x80 select sshd 57315 57148 76598 73 3 0x100090 kqread syslogd 76598 377119 1 0 3 0x100082 netio syslogd 60099 227690 1 77 3 0x100090 poll dhclient 87030 284747 1 0 3 0x80 poll dhclient 14008 392858 0 0 3 0x14200 pgzero zerothread 55419 343042 0 0 3 0x14200 aiodoned aiodoned 65784 356496 0 0 3 0x14200 syncer update 64600 57669 0 0 3 0x14200 cleaner cleaner 51557 471193 0 0 7 0x14200 reaper 98488 316463 0 0 3 0x14200 pgdaemon pagedaemon 4874 15138 0 0 3 0x14200 bored crynlk 28702 417674 0 0 3 0x14200 bored crypto 92528 204693 0 0 3 0x40014200 acpi0 acpi0 17954 64695 0 0 3 0x40014200 idle1 21946 387951 0 0 3 0x14200 bored softnet 79747 446175 0 0 3 0x14200 bored systqmp 61737 515292 0 0 3 0x14200 bored systq 96557 340934 0 0 3 0x40014200 bored softclock 70033 9352 0 0 3 0x40014200 idle0 7421 516049 0 0 3 0x14200 bored smr 1 113786 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9450 6318K 6320K 78643K 10547 0 0 pcb 23 9K 9K 78643K 67 0 0 rtable 83 2K 3K 78643K 241 0 0 ifaddr 28 8K 9K 78643K 40 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 2K 78643K 18 0 0 iov 0 0K 4K 78643K 2 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1200 75K 75K 78643K 1222 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 3 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 8 0K 0K 78643K 8 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12628 0 0 file desc 4 9K 33K 78643K 94 0 0 sigio 0 0K 0K 78643K 3 0 0 proc 44 50K 78K 78643K 340 0 0 subproc 34 34817K 69634K 78643K 102 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 12 0 0 in_multi 22 1K 2K 78643K 52 0 0 ether_multi 1 0K 0K 78643K 3 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 36 159K 159K 78643K 36 0 0 exec 0 0K 1K 78643K 202 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 76 12K 21K 78643K 1011 0 0 UVM aobj 7 3K 3K 78643K 8 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 12 0 0 NDP 6 0K 0K 78643K 12 0 0 temp 59 2715K 2844K 78643K 5532 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 4 1 0 1 1 0 8 0 inpcbpl 280 72 0 65 1 0 1 1 0 8 0 plimitpl 152 22 0 15 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 56 0 23 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 22 0 18 1 0 1 1 0 8 0 nd6 48 9 0 6 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 233 0 88 12 0 12 12 0 8 1 art_table 32 234 0 88 2 0 2 2 0 8 0 art_node 16 55 0 25 1 0 1 1 0 8 0 semapl 112 6 0 0 1 0 1 1 0 8 0 shmpl 112 6 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1481 0 71 46 0 46 46 0 8 0 ffsino 272 1481 0 71 95 0 95 95 0 8 0 nchpl 144 1779 0 169 61 0 61 61 0 8 0 uvmvnodes 72 1541 0 0 29 0 29 29 0 8 0 vnodes 200 1541 0 0 82 0 82 82 0 8 0 namei 1024 4447 0 4447 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 10266 0 10266 6 5 1 5 0 8 1 sigapl 432 261 0 248 3 0 3 3 0 8 1 futexpl 56 407 0 407 1 0 1 1 0 8 1 knotepl 112 89 0 76 1 0 1 1 0 8 0 kqueuepl 104 6 0 4 1 0 1 1 0 8 0 pipepl 112 154 0 141 2 1 1 1 0 8 0 fdescpl 488 262 0 249 3 0 3 3 0 8 1 filepl 152 1202 0 1130 5 1 4 4 0 8 0 lockfpl 104 12 0 12 2 1 1 1 0 8 1 lockfspl 48 5 0 5 2 1 1 1 0 8 1 sessionpl 112 18 0 9 1 0 1 1 0 8 0 pgrppl 48 18 0 9 1 0 1 1 0 8 0 ucredpl 96 88 0 80 1 0 1 1 0 8 0 zombiepl 144 249 0 248 2 1 1 1 0 8 0 processpl 840 277 0 248 4 0 4 4 0 8 0 procpl 600 357 0 318 4 0 4 4 0 8 0 srpgc 64 12 0 12 1 0 1 1 0 8 1 sockpl 384 126 0 109 3 0 3 3 0 8 1 mcl8k 8192 1 0 0 1 0 1 1 0 8 0 mcl4k 4096 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 127 0 0 14 0 14 14 0 8 0 mtagpl 80 1 0 0 1 0 1 1 0 8 0 mbufpl 256 201 0 0 12 0 12 12 0 8 0 bufpl 256 17763 0 11552 390 0 390 390 0 8 0 anonpl 16 30484 0 24868 28 1 27 27 0 125 0 amapchunkpl 152 1351 0 1265 6 0 6 6 0 158 2 amappl16 192 615 0 294 17 0 17 17 0 8 0 amappl14 176 47 0 42 2 1 1 1 0 8 0 amappl13 168 14 0 14 1 0 1 1 0 8 1 amappl12 160 15 0 15 2 1 1 1 0 8 1 amappl11 152 45 0 30 1 0 1 1 0 8 0 amappl10 144 71 0 67 2 1 1 1 0 8 0 amappl9 136 500 0 498 1 0 1 1 0 8 0 amappl8 128 164 0 149 1 0 1 1 0 8 0 amappl7 120 35 0 31 1 0 1 1 0 8 0 amappl6 112 54 0 46 1 0 1 1 0 8 0 amappl5 104 332 0 323 1 0 1 1 0 8 0 amappl4 96 454 0 430 2 1 1 2 0 8 0 amappl3 88 132 0 126 1 0 1 1 0 8 0 amappl2 80 1042 0 989 2 0 2 2 0 8 0 amappl1 72 14558 0 14126 23 9 14 19 0 8 4 amappl 72 598 0 565 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 7 0 1 1 0 1 1 0 8 0 uaddrrnd 24 262 0 248 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 262 0 248 1 0 1 1 0 8 0 vmmpekpl 168 5971 0 5948 2 0 2 2 0 8 0 vmmpepl 168 34614 0 33350 82 14 68 72 0 357 13 vmsppl 360 261 0 248 2 0 2 2 0 8 0 pdppl 4096 532 0 496 6 0 6 6 0 8 1 pvpl 32 120032 0 111406 104 7 97 101 0 265 20 pmappl 232 261 0 248 2 0 2 2 0 8 1 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 540 0 3 16 0 16 16 0 8 0