1 files changed, 26 insertions, 5 deletions

diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go
index 4dfb1a930..e36c8ae8d 100644
--- a/sys/openbsd/init.go
+++ b/sys/openbsd/init.go
@@ -25,20 +25,41 @@ type arch struct {
 	S_IFCHR uint64
 }
 
+const (
+	mknodMode = 0
+	mknodDev  = 1
+
+	// openbsd:src/etc/etc.amd64/MAKEDEV
+	devFdMajor  = 22
+	devNullDevT = 0x0202
+)
+
+func major(dev uint64) uint64 {
+	// openbsd:src/sys/sys/types.h
+	return (dev >> 8) & 0xff
+}
+
 func (arch *arch) SanitizeCall(c *prog.Call) {
-	// Prevent vnodes of type VBAD from being created. Such vnodes will
-	// likely trigger assertion errors by the kernel.
-	pos := 1
+	argStart := 1
 	switch c.Meta.CallName {
 	case "mknodat":
-		pos = 2
+		argStart = 2
 		fallthrough
 	case "mknod":
-		mode := c.Args[pos].(*prog.ConstArg)
+		// Prevent vnodes of type VBAD from being created. Such vnodes will
+		// likely trigger assertion errors by the kernel.
+		mode := c.Args[argStart+mknodMode].(*prog.ConstArg)
 		if mode.Val&arch.S_IFMT == arch.S_IFMT {
 			mode.Val &^= arch.S_IFMT
 			mode.Val |= arch.S_IFCHR
 		}
+		// Prevent /dev/fd/X devices from getting created. They interfere
+		// with kcov data collection and cause corpus explosion.
+		// https://groups.google.com/d/msg/syzkaller/_IRWeAjVoy4/Akl2XMZTDAAJ
+		mode = c.Args[argStart+mknodDev].(*prog.ConstArg)
+		if major(mode.Val) == devFdMajor {
+			mode.Val = devNullDevT
+		}
 	default:
 		arch.unix.SanitizeCall(c)
 	}