last executing test programs: 149.12656ms ago: executing program 6 (id=7): mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1000, 0x0) (async) r0 = openat$diskmap(0xffffffffffffff9c, &(0x7f0000000180), 0x80, 0x0) ioctl$DIOCMAP(r0, 0xc0106477, &(0x7f0000000240)={&(0x7f0000000140)='./file0\x00', r0}) (async) r1 = open(&(0x7f0000000080)='./file0\x00', 0x80, 0x2a) (async) openat$bpf(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r2 = semget$private(0x0, 0x3, 0x2) semctl$GETNCNT(r2, 0x4, 0x3, &(0x7f0000000280)=""/241) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) setrlimit(0x1, &(0x7f0000000240)={0xfffffffffffffffd, 0xffffffffffffffff}) (async) open$dir(&(0x7f00000000c0)='./file0\x00', 0x400, 0x19d) (async) r3 = open(&(0x7f0000000040)='./file0\x00', 0x18289, 0x110) write(r3, &(0x7f00000004c0)="b96abcf5ac7cffa09ea845315c0d853a14", 0xffffff1c) (async) r4 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) open$dir(&(0x7f00000000c0)='./file0\x00', 0xf02, 0x186) mprotect(&(0x7f000038a000/0x2000)=nil, 0x2000, 0x4) (async) getdents(r4, 0x0, 0x0) (async) getdents(r4, 0x0, 0x0) openat$bpf(0xffffffffffffff9c, &(0x7f0000001700), 0x80, 0x0) ioctl$BIOCSHDRCMPLT(0xffffffffffffffff, 0x80044275, 0x0) (async) syz_open_pts() r5 = kqueue() (async) r6 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) ioctl$KDGKBMODE(r6, 0x40044b06) (async) ioctl$VMM_IOC_RESETCPU(0xffffffffffffff9c, 0x82405605, &(0x7f00000019c0)={0xfffffffc, 0xfffffffe, {[0xfffffffffffffffc, 0xa, 0x5, 0x100000000, 0x0, 0x80008000, 0x8000002e, 0x1, 0xffffffff, 0x2f01, 0x2, 0x3, 0xfffffffffffffffe, 0x2, 0x100000000, 0x4, 0xfffffffffffffff5, 0x100], [0x5, 0x5, 0xfffffffbfffffff8, 0x0, 0x81, 0x80000000, 0x800ee4, 0x0, 0x0, 0x800000047], [0x5, 0x2, 0x100000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffe], [0x3, 0x1ffffffffff, 0x0, 0x100000002, 0xfffffffffffffffe], [{0x0, 0xc, 0x4, 0x7d06}, {0x2, 0x2, 0x1, 0x3}, {0x800, 0xfffffffd, 0xfffffffd, 0xffc}, {0x1008, 0x0, 0x6, 0xfffffffffffffffe}, {0x0, 0x400, 0xd, 0x40}, {0x7ffe, 0x2000, 0x40003, 0x1}, {0x6, 0x1, 0x7}, {0x0, 0x95b, 0x200, 0xc}], {0x0, 0x5, 0x0, 0x849}, {0x203, 0x10, 0x1, 0x2}}}) kevent(r5, &(0x7f0000000080), 0xe4a, 0x0, 0xa9fa, 0x0) (async) r7 = openat$vmm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$VMM_IOC_INFO(r7, 0xc0185603, &(0x7f0000000140)={0x0, 0x0, 0x0}) close(r5) (async) ioctl$BIOCSRTIMEOUT(r1, 0x8010426d, &(0x7f0000000040)={0x1, 0x7f}) 146.303843ms ago: executing program 7 (id=8): open(0x0, 0x4000, 0x60) sysctl$net_inet_ip(&(0x7f0000000040)={0x4, 0x2, 0x0, 0x19}, 0x4, 0x0, &(0x7f00000000c0), &(0x7f0000000100)='c', 0x1) setrlimit(0x8, &(0x7f0000000980)={0x42, 0x60}) r0 = syz_open_pts() close(r0) setrlimit(0x4, &(0x7f0000000140)={0x3, 0x3}) r1 = syz_open_pts() ioctl$TIOCSETA(r1, 0x802c7414, &(0x7f0000000000)={0x4, 0xffffffc1, 0x8001, 0x966b, "fb080fffffe5000000100000000100", 0x9, 0x3efff}) ioctl$FIOASYNC(r1, 0x80047460, &(0x7f00000000c0)=0x4) ioctl$TIOCSTOP(r1, 0x2000746f) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000340)=' ', 0x1}], 0x1) sysctl$net_inet_ip(&(0x7f0000000080)={0x4, 0x2, 0x0, 0x11}, 0x4, 0x0, 0x0, 0x0, 0x0) kevent(0xffffffffffffffff, &(0x7f0000000040)=[{{}, 0x0, 0x0, 0x0, 0x4000000000007, 0x7f}], 0x4, 0x0, 0x2, 0x0) sysctl$net_inet_ip(&(0x7f0000000040)={0x4, 0x11}, 0x4000000000000007, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x10004, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60db8344ff8c0600fefd000000010000ff80d1440000200000fe7dc9000000000000000000000000aa4e204e2200089078037904d55d"]) 140.542106ms ago: executing program 0 (id=1): setpgid(0x0, 0x0) r0 = getppid() setpgid(0x0, r0) r1 = getppid() msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={{}, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) ioctl$WSKBDIO_GETMAP(r2, 0x80047476, &(0x7f0000000100)={0x0, 0x0}) open$dir(&(0x7f0000000000)='./file0\x00', 0xf02, 0x0) r3 = fcntl$getown(r2, 0x5) ktrace(&(0x7f0000000200)='./file0\x00', 0x4, 0x1a2c, r3) r4 = socket(0x18, 0x3, 0x0) setsockopt(r4, 0x1000000029, 0x25, &(0x7f0000000040)="5ab7776a", 0x4) syz_emit_ethernet(0x10004, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "db8344", 0xc8c8fb6356f239c1, 0x16, 0x0, @rand_addr="fe000000020000ff80d14400002000", @local={0xfe, 0x80, '\x00', 0x0}, {[], @udp={{0x0, 0x0, 0x8}}}}}}}) mknod(&(0x7f0000000000)='./bus\x00', 0x3a0914c44f7b202d, 0x504) r5 = open(&(0x7f0000000040)='./bus\x00', 0x10005, 0x0) sysctl$kern(&(0x7f0000000040)={0x1, 0x48}, 0x2, &(0x7f0000000300), 0x0, 0x0, 0x0) mknod(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1) link(&(0x7f0000000940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000d40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') link(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mknod$loop(&(0x7f0000001380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, 0x0) acct(&(0x7f00000000c0)='./bus\x00') write(r5, &(0x7f00000001c0)="b313772aaf5adf69f5bb0c52202ff273bf5658857a464d61d6b4795bc524e21fa717dcf01461f6e726221226ef0806810d4fc73341cb4dc197e5f33991ffffffffffffff7f419d126d541d56473b6361da91c5d2c719487ba47d7fe9c58e7594f8c5896a05d30c01d19b46d97c7137379752b1c63d838305b4449201a01d70d8869c9acae4cf9a1fb215bf74314a1c6be09da7aeee58828ddc5220e8751717958459f7cf2fd98e1bb2b22204f38a", 0xae) r6 = kqueue() kevent(r6, &(0x7f0000000040)=[{{}, 0xfffffffffffffff9, 0x6b, 0x11, 0x200000000000001, 0x8}], 0x203, 0x0, 0x0, 0x0) sysctl$vfs_nfs(&(0x7f0000001880)={0xa, 0x2, 0x1}, 0x3, &(0x7f00000018c0)="7e05935b0bdcab568ac572996f5fb3951ea84b18a4c3bc7e35ef59dde9de36eee8283d45c9e578547523fd6114c8623a4803414a7c4b7bb94c91eea1776b3adfbe6d2d13cb0c41c6151e4679524b04ca2b33539d7c4fc3455dd2f0fd8a22537fabc2a629f7c496f64f3fff3ebaf565419bc6b642c884022e94cf1ed8e2b252b2e6beb56d19e9ea25298459eccfd3eeda636e0f76a5ee854e9d351f5e3f52582fdfd1f66bcbbf42ecc0d0d5cb6f66cf4fa80b820357d44634d0ef5a138630076fc9b447a68ad6c6db4cc651c9b93fc38eaea3609f77ddbcdfdfa1335a2851babc143e2b711352728d8c8813e4175e4b4ebaf978f85b198de083cce74ac80d397d0651b6a910a239d70b0d66971c3f51d9220d93ce9db04d9b89936de2233d0d8a6126e192e9ad9c0d763345a0ae47d26623c1cfc8e2e77d6bdc9284bf18aed4c95257aea9e835f3660b96efa87ffdb8ebf9b24a4c3bd9a1151662e3c937b22ec7a99d8810eb93da65c79f73d1199e9830f0a718fc3c552646082d9cd32d27495776a22f8f4c64dc20ebfb1148abcfbf5c0616749b66bd1755ef683a7f029ecacf4e72d4be54394d05b1ee6d16781d654550fe634fe65f6194ab01994e58578a8363312a8e038b9822ac0f5e4cb321af42c207635671ba7f768ce57d2c35e41d53461129d410d242e18b17ca8ded3cc5074c9d13b2ca3ba95f6769f4c4e8878cdd98cf6417077c3528be5583e27b653d1467dca506128b566d3f8bd0564925dc6205eba467309dcc85d90492dd8b69f134ef2da521d24add7b83d8d4c9ddb0debfcfb71ec6d938b9dcfdb60f76f224974680a663efb46a16ce71adb812b0fdec36f18d0d5529e62f2cdb89fc5329ea474d", &(0x7f00000028c0)=0x270, 0x0, 0x0) ioctl$TIOCSETD(r5, 0x8004741b, &(0x7f0000000080)=0x7) 131.916561ms ago: executing program 5 (id=6): r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x1, 0x1000) msgget(0x0, 0x0) (async) r1 = msgget(0x0, 0x0) setrlimit(0x8, &(0x7f0000000080)={0xe, 0x51}) r2 = syz_open_pts() close(r2) r3 = syz_open_pts() syz_emit_ethernet(0x52, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaad0b5049f6b6386dd6036d247001c3afcfe8000000000000100000000005d0000bbff020000000000080052000000000001"]) ioctl$FIOASYNC(r2, 0x80047469, &(0x7f00000000c0)=0x5) (async) ioctl$FIOASYNC(r2, 0x80047469, &(0x7f00000000c0)=0x5) poll(&(0x7f0000000000)=[{r2, 0x104}], 0x1, 0x6) msgctl$IPC_STAT(r1, 0x2, &(0x7f0000000100)=""/158) r4 = socket(0x11, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt(r5, 0x5, 0x8, &(0x7f0000002dc0)="9366144106a0894493003d39613a643b12809736430d469c0bacac0bbf772b2acb98fdcf3e7820926982f5e38655c35796e449d3037bce0722492134e7a08d81d17be772f05eecaf7323bda6d18c1a6e5ae5b9d2ab7a72e7ae671f639948d95ab35f3b845cda58d7fd8a463bd1b1090f80356e7df6a7cb4d0d15bd9917f1ba593db85e2c7c5ead6113cbe458de2fbf83662f0f4602182fc5033c5149609e26da68c85cbe046ed2a3a50762e96326d53cce4870c194d32e5cf9664a9f3557e945edefcafe8e1e052b79468a0ef10eae341c79ddf1da192ac9dc2e9709d0cde216ca72", 0xe2) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000240)="2a5f4cd9b73c31d629e8d68e605e5940744ef138960b671d42c56f79fcb70549247e5504e02f85a6099eff9291731e94399a7e966e783d4073ecd5dc8e540f32190bb47050aee3907495ecf7708d1c295a0836f79ba03ea13db12836c2441989726ffbf7fd1da55bfe2caaf081a1ef55599935c0e60cb0866ee48d420b77a6e269bc30b2650349e16792252c6be8bcc6e9ce2b941299ab505e4779fa1960bb7cf924dcbc53c82e76bcd80731a694d12e8a139d8ecef6f5560939054b7842d25cd73963774d9bcfe2a2383feea17b87393cd892b90742631718b1877d8d83d5f66587e3e5b1e129433ead750143a4c51aa46e78e3b1a54a4634eea2846511719b1637b19ea8c96a95332abd69014f53e91a7319a36efb4052387dc6330aa00b5680142650e8dab5eb6b83ff7d0bbf1293338a8d3e8a6dcd7ed4916279eac230dda46e6fcdebe8a4c12d598883d9392da05791e153d905ce19021189c3503466bf850f59e6649dd0b40d935ba155a9d7e065df6d90a500be9d7e1e77607d495898a8d6c9c48dda88533e75e760dceae91d670f97ebbe68b845c72eb698a9e0389b15cfe768cd4e524dbe939bc2d8363ae3b71a454a0a0378cd1f36565ab9d1b92263688195df65151ee9b8158c7a5280019a38f00ea05142b3cc832ece46e326e36a55d7a30f866ca97da61a3877612f0d9f23c052edf60a430d3a9acbae3d9f14f22f38a1eeac7df37ae17748a960b9e0d265bf6cdec73bd2a7b5f25035d845d936936cbfe6f013f8d7c73eba2bd9876ff6db3224e50e75c051979f4cdc41d28ea54e28f560fb0291cd6b6ba527e0f358ffa46b988f0b063d2024380071709ac00ed463e08fd1718a857b567d8b3eda143915e943d9530d25ed15743e117be375dc08e241328a53fa05b58c7c72a35d471a72706afce82b6c57eef81444269e06338bfd0af6f6ef6479dcc26aab0b10c7e58572aa507a69831d63c78c947cecda2c57bb8ae6b2ad7862d160b423de941be69928467db10ee4817536196ad0c5cc02a74ba1a1fb467e472f025f200846112b6b3efd298284d8c0cc498fb9203db18e48e34c137d1285120d809a774d56a62b3dbe8f202cb9cf18c33099f5b9651fc7ae41de53842f327fd40bcfaa601a791da1103351a64cc9815ff1f32cde6fbfe4c92f55a9aff41c055d4edce9c656ecd1becb9035bb8bd46cf47bca0dcb1848da94d05d1475c83a48c02f8f808597eaa9e88a4e4b12d0ef95458eeab115cb189fa7e368186bb68610af4651e27feab061c4ada46e8c12d6d33fe32cd40485b02120418a9aaba8f04c17ea1abdcb9e68f5d8090c0780b3b5ae0382efbb64f62c825527b7e3d60ad9c73ba7f174ea7c7f2d155808052a0ef6ab2af85cf9a758a8c1227c85f2986fc06c5f54807968b18b6b5f9168d0b2de2728689d75f0efaedf79bd8bbbbc1d46b0f6072d46d46687bc92c0b16c4ad36c3fe4c7b3fde0cfec859052dd78d841464a6b4432342ea973bf18f1f5abd7b2fe7962faef39ff38bd88a40dbab0f8c08541e38efe924f9ec1addbd47362e349bfca42fd62cf18fef8db7d3cbf0b1733d37dcdae5b9c738b8426a1cfa205c9671870210508c614f256d199fb822613518b1a6fccfee08c48f0feae1ca4baaf0a02635282d4f630a8df115dc73e72d9f7b8feb4333b2c796f1d3f2cfb398ba1e9c81584185b8b578bac3c64d667da7d91062f0c2ccec0c9d09e0c15c62e7bc509c3204d054c22d4eac685626e48e25cff2fc382279d9cb941c2ca182b1f65b05ff05db880a37b1e7f9b3d89755503000000bbea9213a885b7d43451230e0624403baa77839baa33ae92de771ca76319c2353e9f98ea8191fbb686aed6d08e87bcc2bb8084ae02fafbac1a0bba93f0f155fa2d7bc21bf77f11", 0x54e}], 0x1) (async) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000240)="2a5f4cd9b73c31d629e8d68e605e5940744ef138960b671d42c56f79fcb70549247e5504e02f85a6099eff9291731e94399a7e966e783d4073ecd5dc8e540f32190bb47050aee3907495ecf7708d1c295a0836f79ba03ea13db12836c2441989726ffbf7fd1da55bfe2caaf081a1ef55599935c0e60cb0866ee48d420b77a6e269bc30b2650349e16792252c6be8bcc6e9ce2b941299ab505e4779fa1960bb7cf924dcbc53c82e76bcd80731a694d12e8a139d8ecef6f5560939054b7842d25cd73963774d9bcfe2a2383feea17b87393cd892b90742631718b1877d8d83d5f66587e3e5b1e129433ead750143a4c51aa46e78e3b1a54a4634eea2846511719b1637b19ea8c96a95332abd69014f53e91a7319a36efb4052387dc6330aa00b5680142650e8dab5eb6b83ff7d0bbf1293338a8d3e8a6dcd7ed4916279eac230dda46e6fcdebe8a4c12d598883d9392da05791e153d905ce19021189c3503466bf850f59e6649dd0b40d935ba155a9d7e065df6d90a500be9d7e1e77607d495898a8d6c9c48dda88533e75e760dceae91d670f97ebbe68b845c72eb698a9e0389b15cfe768cd4e524dbe939bc2d8363ae3b71a454a0a0378cd1f36565ab9d1b92263688195df65151ee9b8158c7a5280019a38f00ea05142b3cc832ece46e326e36a55d7a30f866ca97da61a3877612f0d9f23c052edf60a430d3a9acbae3d9f14f22f38a1eeac7df37ae17748a960b9e0d265bf6cdec73bd2a7b5f25035d845d936936cbfe6f013f8d7c73eba2bd9876ff6db3224e50e75c051979f4cdc41d28ea54e28f560fb0291cd6b6ba527e0f358ffa46b988f0b063d2024380071709ac00ed463e08fd1718a857b567d8b3eda143915e943d9530d25ed15743e117be375dc08e241328a53fa05b58c7c72a35d471a72706afce82b6c57eef81444269e06338bfd0af6f6ef6479dcc26aab0b10c7e58572aa507a69831d63c78c947cecda2c57bb8ae6b2ad7862d160b423de941be69928467db10ee4817536196ad0c5cc02a74ba1a1fb467e472f025f200846112b6b3efd298284d8c0cc498fb9203db18e48e34c137d1285120d809a774d56a62b3dbe8f202cb9cf18c33099f5b9651fc7ae41de53842f327fd40bcfaa601a791da1103351a64cc9815ff1f32cde6fbfe4c92f55a9aff41c055d4edce9c656ecd1becb9035bb8bd46cf47bca0dcb1848da94d05d1475c83a48c02f8f808597eaa9e88a4e4b12d0ef95458eeab115cb189fa7e368186bb68610af4651e27feab061c4ada46e8c12d6d33fe32cd40485b02120418a9aaba8f04c17ea1abdcb9e68f5d8090c0780b3b5ae0382efbb64f62c825527b7e3d60ad9c73ba7f174ea7c7f2d155808052a0ef6ab2af85cf9a758a8c1227c85f2986fc06c5f54807968b18b6b5f9168d0b2de2728689d75f0efaedf79bd8bbbbc1d46b0f6072d46d46687bc92c0b16c4ad36c3fe4c7b3fde0cfec859052dd78d841464a6b4432342ea973bf18f1f5abd7b2fe7962faef39ff38bd88a40dbab0f8c08541e38efe924f9ec1addbd47362e349bfca42fd62cf18fef8db7d3cbf0b1733d37dcdae5b9c738b8426a1cfa205c9671870210508c614f256d199fb822613518b1a6fccfee08c48f0feae1ca4baaf0a02635282d4f630a8df115dc73e72d9f7b8feb4333b2c796f1d3f2cfb398ba1e9c81584185b8b578bac3c64d667da7d91062f0c2ccec0c9d09e0c15c62e7bc509c3204d054c22d4eac685626e48e25cff2fc382279d9cb941c2ca182b1f65b05ff05db880a37b1e7f9b3d89755503000000bbea9213a885b7d43451230e0624403baa77839baa33ae92de771ca76319c2353e9f98ea8191fbb686aed6d08e87bcc2bb8084ae02fafbac1a0bba93f0f155fa2d7bc21bf77f11", 0x54e}], 0x1) open$dir(&(0x7f0000000300)='.\x00', 0x80, 0x4a) (async) open$dir(&(0x7f0000000300)='.\x00', 0x80, 0x4a) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x92) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x92) writev(0xffffffffffffffff, &(0x7f00000009c0)=[{&(0x7f0000000440)="2e06b5a54fdc15d0e5ba5cd619e395d842161263a5bcf8d360b109113dd229c0dd47d6ff4f038bc8f40206bf8a1ef55ba04d8d4e4174e29e744d8606170795a2edaf345611280709000000c3815257c10e07e8f0be3a7366f8123a42cb43f4302bf6b149e9b9bab6116b11b8ae693250f7fa8080cd8a2fc7c7e4ebf5c106c80fd386c7786c0421183de7b10dbde8040d96f51522423ca8e0f70989e1530cd2eaf7faaad41584384bf406007bed944e099fd18b59c86af22bb45fe92b05087191e530bc83a9e0975fc2a0f5988e9ae663b4fe25f69d661eb4ad0842a7be35dbe21e8911da844c7dce8d80f66713e13d96b30d5b4a13fb15282cf2a61a24880049b94a6e46bce752ff3230cd36789c42b37db904fd77060a84ca071839da23ef66bb45a18c9face3b3982d2edef1234405ec89e3ac812208780a2866cf52a8bbbe80b77e07f53d751ea0da7185414c403df8282d22a45b8a5ee7dc9b534106d98bb65aea3af32dea9a7a9881e7fdfbb46801408f1b94018abf7d5816d4e0344ab9dd8a6d43a2503180582f6d553e1a81fe4e8d68fafcd095560e83feda2fcd68d73fc71d7ff20511859f1b895d1a3f42970f1fb4dd61487901de9d5efcb92d63466e92bbe485aaf63988e255cbb607ac7ff9ee30732dd2482be6280b8946e32cf0ec48fc7c89e53c4aecb4af7af69e0dc04dd17405ce02898adf547f851e885964f836ec6b04d77f14d85025e415a01553d6b7e5dd946be3ea735515a624f74e2c09b863881e4412135ecbdd1f1ec73762d2b1bcb0f04f0bd1369f9c374d73fb9cc7465bbdb5e77078870423340ea32c9f49980888427f49eb9d4daf99a87d6d6e44aecd7dfeba2c6f1844b2b537d6de1ba1c8bd90f7ec014b4c84a9bfba26bb92b0d740de1e20c97ec18417a1f3d68fea076ad9aeb884efa6cedf35845dd4bc6eae82e37a2304c76ab6e7467f2d868e76df28b7dbba656b0998da5d54a00e706e8dc0699e961bfe8b6cef550c66eb7e5a40ef12896fb571be1d73d817d17e177f06c0679c784feb85129836c8724bf0c3e6026a3eb831c5335475950287c988059987f9198a074e7d92cdcf6c196d91f9368490b5d5f7033374c20100ed8732fb84933a8fbe2bcaa68b68eea3400b5b022a2fae01ef3df9bf1ba0739b54faaa56ebe38c40fc6d1d99522c07af18", 0x34d}], 0x0) openat$pf(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) ioctl$TIOCSETA(r3, 0xc0504417, &(0x7f0000000740)={0x0, 0xa, 0x0, 0xfffffffb, "00001cc0b3a73b6100", 0x200, 0x9}) execve(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f0000000200)='-&^\x00', &(0x7f0000000240)='${/\xe3&%\x00', &(0x7f0000000280)='/dev/bpf\x00', &(0x7f00000002c0)='tap'], &(0x7f0000000440)=[&(0x7f0000000340)='-\x00', &(0x7f0000000480)='tap\xf8}vB\x88\x88\xbcy{\x02\xdf\xdbleoM\xb5D\x95\xe8\xd8T.\x9b\xae\x17\xf0\x9e\x88e\x1b\xa2\xc5\x92\xd2\xbdt2a\x16\b\x9f\xf3\xfcQ\x98\xbd\x06\xbf\a&\b\xea\xd8d\x93\xee\xa7\x84\v\xfc\xc7\x9c\xa7\x8cL{}\x8b\xfd\x85\xdcg^\xb48\xd9[\x88u\x15\xad*\x1c\x98\xaaOL\xb7\xc5\x9a\xb7\x8f\x97\x1b\x15\xcb\xeba\xe5\x06\x99\x1f[\xf6\xaf\x89\x18\x89\xa5*<\x01\x93\x1c\xc0\xbc\xaf\xb3\n\xdd\x9f\xb2N\xbd\x86\x018p\xd67/\xb7\xd87cE\xdeMs\xaf\v\xb7\x8e\xf1\xf0:d\x86o_Cn\xf6\xc2\xdaX-\x88\xf7\xf57D{*\v\xe0\xe8v\xc4\xb4\r\x9bV\xcd\xc1\b\x8c\xf5\"j\xef\xe5\x17', &(0x7f00000003c0)='/dev/bpf\x00', &(0x7f0000000400)='*}$^*\x00']) (async) execve(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)=[&(0x7f0000000200)='-&^\x00', &(0x7f0000000240)='${/\xe3&%\x00', &(0x7f0000000280)='/dev/bpf\x00', &(0x7f00000002c0)='tap'], &(0x7f0000000440)=[&(0x7f0000000340)='-\x00', &(0x7f0000000480)='tap\xf8}vB\x88\x88\xbcy{\x02\xdf\xdbleoM\xb5D\x95\xe8\xd8T.\x9b\xae\x17\xf0\x9e\x88e\x1b\xa2\xc5\x92\xd2\xbdt2a\x16\b\x9f\xf3\xfcQ\x98\xbd\x06\xbf\a&\b\xea\xd8d\x93\xee\xa7\x84\v\xfc\xc7\x9c\xa7\x8cL{}\x8b\xfd\x85\xdcg^\xb48\xd9[\x88u\x15\xad*\x1c\x98\xaaOL\xb7\xc5\x9a\xb7\x8f\x97\x1b\x15\xcb\xeba\xe5\x06\x99\x1f[\xf6\xaf\x89\x18\x89\xa5*<\x01\x93\x1c\xc0\xbc\xaf\xb3\n\xdd\x9f\xb2N\xbd\x86\x018p\xd67/\xb7\xd87cE\xdeMs\xaf\v\xb7\x8e\xf1\xf0:d\x86o_Cn\xf6\xc2\xdaX-\x88\xf7\xf57D{*\v\xe0\xe8v\xc4\xb4\r\x9bV\xcd\xc1\b\x8c\xf5\"j\xef\xe5\x17', &(0x7f00000003c0)='/dev/bpf\x00', &(0x7f0000000400)='*}$^*\x00']) openat$bpf(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) (async) r6 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$BIOCSETIF(r6, 0x8020426c, &(0x7f0000000800)={'tap', 0x0}) ioctl$BIOCSDLT(r6, 0x8004427a, &(0x7f00000000c0)=0x1) (async) ioctl$BIOCSDLT(r6, 0x8004427a, &(0x7f00000000c0)=0x1) sendto$unix(r4, &(0x7f0000000040)="b1000501000000ae05000701070000000000000010000500fef96ecfc72fd3357ae30200004e30ffd2d236acf20bf404be01000000f7c8cf5f882b297be1aa050400ce94e2f0ad3ebbc23de4411f139b672f335c22db830c032bfa896443c32118210000720fd38bfb0000fd54c125191b1257aea8c500001602fbfe0c2300000100be1f25a2e791505c47f8343712cc11ffffffffff52ffffffffffffffff0000ed007f62b60be8b90000000000000000", 0xb1, 0x3db13ebe6b390be4, 0x0, 0x0) msgrcv(r0, &(0x7f0000000000)={0x0, ""/214}, 0xde, 0x0, 0x1000) 123.305055ms ago: executing program 2 (id=3): setrlimit(0x8, &(0x7f0000000980)={0x42, 0x3fb}) r0 = syz_open_pts() close(r0) mknod(&(0x7f0000000280)='./file0\x00', 0x2000, 0x1e5f) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000140), 0x8, 0x0) ioctl$BIOCSETWF(r1, 0x80104277, &(0x7f00000001c0)={0x4, &(0x7f0000000200)=[{0x9, 0x2c, 0x2, 0x2}, {0x99, 0x7, 0xff, 0x4}, {0x8000, 0x9, 0x7f, 0x6}, {0x742, 0xaa, 0x1, 0x145}]}) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x2) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) ioctl$VNDIOCSET(r2, 0xc0104401, &(0x7f00000001c0)={0x0, 0x0, 0x0}) syz_open_pts() writev(r0, &(0x7f0000000440), 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$BIOCGHDRCMPLT(r3, 0x40044274, &(0x7f0000000100)) select(0x40, &(0x7f0000000000)={0x9, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, &(0x7f0000000380)={0xffb, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0) r4 = open(&(0x7f0000000480)='./file0\x00', 0x80000000000206, 0xd6) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000280)='\a!', 0x2}, {&(0x7f0000000000)="8d6bb85551ec8430877ae32fe9bbe42cc8f2147a3eba8e1969f0435119cf4c071c8aee7ef2921be5d7d4796c5566c95989acb3d185587234186e96b8fde9ffac51de05a87b8b893e2abd154dd886eafbe03881d25b7b13b4c32227fc9e5a86a06f59f701322b3a109a13436e486b0a", 0x6f}], 0x2) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 0s ago: executing program 4 (id=5): chmod(&(0x7f0000000440)='.\x00', 0x24f) mkdir(&(0x7f0000000500)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) getdents(r0, &(0x7f0000000e80)=""/4091, 0xffaa) getdents(r0, &(0x7f0000001e80)=""/4096, 0x1000) chmod(&(0x7f0000000180)='./file0\x00', 0x23f) open$dir(&(0x7f0000001240)='.\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') setuid(0xee01) syz_extract_tcp_res(&(0x7f0000000000)={0x41424344}, 0x4, 0x0) syz_extract_tcp_res(&(0x7f0000000040)={0x41424344}, 0x2, 0x40) syz_emit_ethernet(0x153, &(0x7f0000000080)={@random="9ff26b5f1aa2", @remote, [], {@ipv4={0x800, {{0x9, 0x4, 0x2, 0x5, 0x145, 0x67, 0xd00, 0x8, 0xff, 0x0, @local={0xac, 0x14, 0x0}, @multicast2, {[@generic={0x88, 0x2}, @ra={0x94, 0x6, 0x4}, @generic={0x83, 0x8, "895478e23462"}]}}, @tcp={{0x2, 0x0, r1, r2, 0x0, 0x0, 0x9, 0x80, 0x5, 0x0, 0x7f, {[@sack={0x5, 0xe, [0x0, 0x0, 0x6]}]}}, {"dea8e7bdd522e819a5d51c3b2b8180c8dff8c8b75c26149439ec3ee56c4173ccb420f63494f6c80c49a2ff3d2a060d6705ee6e1b7a33f68fcb20a739076e2ba15b053071c57cb59d4642ab250d2f304556d9d9b58e1ee3816a34631d912a9351cd259f972d69dfef9dca8244ce78416476f3ff8c0a62c0c171e4a7ef944c1c8643f6bb74fef3d3da3347313165d0e6089483f61c7cd724e5b5815738500969201fb9b879ed0d78c665d949938d9e46cd6eb1da12c23bf67b8a163e272529603ccc18580a83523681a7c6dedfce193636a0bc82aa0b9ef3dbc5bba6ab92a225b3d846f541d84e251d207e9a6cfd7294c78ceca8e8007c2c5acb4225fb50"}}}}}}) syz_extract_tcp_res$synack(&(0x7f0000000200)={0x41424344, 0x41424344}, 0x1, 0x0) sysctl$vfs_nfs(&(0x7f0000000240)={0xa, 0x2, 0x2}, 0x3, 0x0, &(0x7f0000000340), &(0x7f0000000380)="917c21e7", 0x4) r4 = openat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x80, 0x82) ioctl$WSMUXIO_INJECTEVENT(r4, 0x80185760, &(0x7f0000000400)={0x3, 0x9, {0x0, 0x4}}) syz_extract_tcp_res(&(0x7f0000000440), 0x0, 0x4b) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000480)=0x1) syz_emit_ethernet(0x111, &(0x7f00000004c0)={@empty, @random="6c6fa521e7f7", [{[], {0x8100, 0x4, 0x0, 0x2}}], {@generic={0x8145, "6dd8d385e182660481ee63e0950bad680a333a4e0ea2cbe4e4fd7221ff5fdc3b7d5ab1b285e6ad039be54b8ae8965195ca3554b6c27949615e79ab18e4188dc9506629ee6541ed2e664030c748e3e87ef2a79063dd53581c163c334b32d0f8e16dd11096bb1fc5b1e1ef052a9ab9e9b672eebe7e207e524ab7e921d059c96aae35e0b68513c43bc4e51e5074fc56b4d811cd7fe066513e93cb8d36222f8976f0fa3849bcb904c71a127c78e42a1adb3f1564bcdcd105587644f7c58d3848431b1a9c123a59229ecc2c55b81cd31662419fde5bf9b21fe60f28df5e1c43e5e19c071fe2db2fec0f717a8e95311340530c2c28ccf2968a886d2ac3b74e6ac2a5"}}}) r5 = socket(0x20, 0x4000, 0x2) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x10, r5, 0x0) r6 = kqueue() r7 = getppid() fcntl$setown(r6, 0x6, r7) ioctl$FIOASYNC(r5, 0x8004667d, &(0x7f0000000600)) ioctl$DIOCMAP(r4, 0xc0106477, &(0x7f0000000680)={&(0x7f0000000640)='./file0\x00', r5, 0x1}) socket(0x2, 0x3, 0x3) syz_extract_tcp_res$synack(&(0x7f00000006c0), 0x1, 0x0) syz_emit_ethernet(0x2b7, &(0x7f0000000740)=ANY=[@ANYBLOB="0000000000008cc6916ef8da88a814008100070086dd6030e7010279320500000000000000000000fffffffffffffe8000000000000000000000000000bb7000063866000000000e000000000000c2040000005d040104c2040000000409574d28fa67f39772662388f10379ab62602beed433cc14e91f4e43ad238dea3f88207d693ec16e5a098f65fab2bd13e7ed3da87b309406a1409589293cae37c3fff1b4e74adea5eb8275c494acfc47ca8425fcb2b1a46db0050200400502000204010400000000000c060004000000000000000000000000000000000000000188fdbaf4d81c81720dca3eb205e6568b7da94f07bc7c70de1e374941cc7db5711103000000000000c20400000007040104c204ff800000050200ff04010c000100000000000000000308000800000000c410c98f64f1f95abbc24523582946d500000000000000000000000000000001b555493fb467d25a8cd9f15381e0e497fe8000000000000000000000000000aa5508000c000000000000000000000000000000000000000100000000000000000000000000000000fe8000000000000000000000000000aa485dc75a04533ba59685dc8eed00f65f110300000000000001050000000000000100c20400000004c204000000090401400502100000000032080000000000000741ea70f52c9f0b3e82aa0b351058a4da559525d9d114d4c00f21db669f543c8bb3ab977b07ce433dd8e0a721af784c9c57031aa8f46506cf40f4b3b94d2654ba723a04010700004e214e20", @ANYRES32=0x41424344, @ANYRES32=r3, @ANYBLOB="410406cf9078000002040000050a0000bf97000000100113124b7f0e5c417492fd018688f4e1ab6853000dc3bd9b2bfabe31679f99d004010001000000000000000800003abdb26bfbc3530b3b062a1d59bdd65e7c966205f6931410f2edfe1f9166f43d9a165b6bf05603b75117b220da656619b8f94fd3a3949c1073"]) kernel console output (not intermixed with test programs): OpenBSD/amd64 (Amnesiac) (tty00) Warning: Permanently added '10.128.0.63' (ED25519) to the list of known hosts. login: uvm_fault(0xfffffd806b7787c0, 0xf, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ktrops+0x58: movq 0x10(%r14),%r14 TID PID UID PRFLAGS PFLAGS CPU COMMAND *380808 53929 0 0 0x4000000 0K syz-executor 422142 66245 0 0x2 0x1 1 syz-executor ktrops(ffff80003bc09a18,ffffffffffffffff,0,80000538,fffffd8064135e60,fffffd80097fb000) at ktrops+0x58 doktrace(fffffd8064135e60,4,538,0,ffff80003bc09a18) at doktrace+0x6bd sys_ktrace(ffff80003bc09a18,ffff80003c43be80,ffff80003c43bdd0) at sys_ktrace+0x11c syscall(ffff80003c43be80) at syscall+0xb17 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6027d0a64c0, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd806b7787c0, 0xf, 0, 1) -> e ddb{0}> trace ktrops(ffff80003bc09a18,ffffffffffffffff,0,80000538,fffffd8064135e60,fffffd80097fb000) at ktrops+0x58 doktrace(fffffd8064135e60,4,538,0,ffff80003bc09a18) at doktrace+0x6bd sys_ktrace(ffff80003bc09a18,ffff80003c43be80,ffff80003c43bdd0) at sys_ktrace+0x11c syscall(ffff80003c43be80) at syscall+0xb17 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6027d0a64c0, count: -5 ddb{0}> show registers rdi 0xffff80003bc09a18 rsi 0xffffffffffffffff rbp 0xffff80003c43bb90 rbx 0xfffffd80097fb000 rdx 0 rcx 0xffff80003bc09a18 rax 0xffffffff83787ff0 cpu_info_full_primary+0x1ff0 r8 0xfffffd8064135e60 r9 0xfffffd80097fb000 r10 0xd8133e0d63f04d71 r11 0xfd124fef1b31debf r12 0xffff80003bc09a18 r13 0xffffffffffffffff r14 0xffffffffffffffff r15 0x80000538 __kernel_virt_to_phys+0x538 rip 0xffffffff820fc5f8 ktrops+0x58 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c43bb10 ss 0x10 ktrops+0x58: movq 0x10(%r14),%r14 ddb{0}> show proc PROC (syz-executor) tid=380808 pid=53929 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=17, usrpri=86, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003bc09cb0,0xffff80003bc09790 process=0xffff80002a3cce88 user=0xffff80003c436000, vmspace=0xfffffd806b7787c0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 75303 413804 66662 0 2 0x2 ifconfig 8381 41513 29664 0 2 0x10100002 sh 66662 285905 15149 0 3 0x10008a sigsusp sh 53929 389094 65699 0 2 0 syz-executor *53929 380808 65699 0 7 0x4000000 syz-executor 53929 452087 65699 0 3 0x4000080 fsleep syz-executor 53929 485359 65699 0 3 0x4000080 fsleep syz-executor 90014 372661 47411 0 2 0 syz-executor 90014 263263 47411 0 3 0x4000080 fsleep syz-executor 37350 267851 46497 0 3 0x80 nanoslp syz-executor 37350 242567 46497 0 3 0x4000080 msgwait syz-executor 37350 393580 46497 0 3 0x4000080 fsleep syz-executor 37350 232843 46497 0 3 0x4000080 msgwait syz-executor 86870 454882 23533 0 2 0xc80 syz-executor 86870 304147 23533 0 2 0x4000000 syz-executor 86870 59085 23533 0 3 0x4000080 fsleep syz-executor 86870 354637 23533 0 3 0x4000080 fsleep syz-executor 1993 199982 66245 0 2 0x2 syz-executor 23533 216557 66245 0 3 0x82 nanoslp syz-executor 46497 403022 66245 0 3 0x82 nanoslp syz-executor 47411 464297 66245 0 2 0xc82 syz-executor 29664 443237 66245 0 3 0x82 wait syz-executor 65699 231170 66245 0 2 0xc82 syz-executor 15149 375226 66245 0 3 0x82 wait syz-executor 30487 139295 66245 0 2 0x2 syz-executor 66245 422142 1184 0 7 0x3 syz-executor 1184 202345 30303 0 3 0x10008a sigsusp ksh 30303 280782 84330 0 3 0x98 kqread sshd-session 84330 512780 8982 0 3 0x92 kqread sshd-session 72670 339731 1 0 3 0x100083 ttyin getty 8982 350045 1 0 3 0x88 kqread sshd 86380 44343 89803 74 3 0x1100092 bpf pflogd 89803 500542 1 0 3 0x80 sbwait pflogd 79108 22876 90436 73 3 0x1100090 kqread syslogd 90436 157789 1 0 3 0x100082 sbwait syslogd 10389 360315 1 0 3 0x100080 kqread resolvd 75874 256063 25766 77 3 0x100092 kqread dhcpleased 93103 518359 25766 77 3 0x100092 kqread dhcpleased 25766 331101 1 0 3 0x80 kqread dhcpleased 52675 241905 0 0 3 0x14200 bored smr 71306 409912 0 0 2 0x14200 zerothread 72959 183057 0 0 3 0x14200 aiodoned aiodoned 56080 23997 0 0 3 0x14200 syncer update 27007 430743 0 0 3 0x14200 cleaner cleaner 72816 384865 0 0 3 0x14200 reaper reaper 75476 43683 0 0 3 0x14200 pgdaemon pagedaemon 98820 269879 0 0 3 0x14200 bored viomb 3775 398703 0 0 3 0x40014200 acpi0 acpi0 93967 453969 0 0 3 0x40014200 idle1 57274 414013 0 0 3 0x14200 bored softnet1 42532 460897 0 0 2 0x14200 softnet0 99574 318456 0 0 3 0x14200 smrbar systqmp 9718 509416 0 0 3 0x14200 bored systq 66082 20337 0 0 3 0x14200 tmoslp softclockmp 5574 251075 0 0 3 0x40014200 tmoslp softclock 26940 159530 0 0 3 0x40014200 idle0 1 326918 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 53929 (syz-executor) thread 0xffff80003bc09a18 (380808) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83899970) #0 witness_lock+0x5f1 #1 __mp_acquire_count+0x58 #2 sleep_finish+0x2d8 #3 getblk+0x197 #4 bread+0x45 #5 ffs_update+0x198 #6 ufs_inactive+0x2e1 #7 VOP_INACTIVE+0x104 #8 vrele+0x129 #9 ktrsettrace+0xe7 #10 ktrops+0x26c #11 doktrace+0x6bd #12 sys_ktrace+0x11c #13 syscall+0xb17 #14 Xsyscall+0x128 Process 86870 (syz-executor) thread 0xffff80003bc087f0 (304147) exclusive rrwlock inode r = 0 (0xfffffd806b81f330) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa3 #4 ufs_ihashins+0x4f #5 ffs_vget+0x187 #6 ffs_inode_alloc+0x279 #7 ufs_makeinode+0xcd #8 ufs_mknod+0x5b #9 VOP_MKNOD+0x101 #10 domknodat+0x469 #11 syscall+0xb17 #12 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806bf00578) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa3 #4 vn_lock+0xa4 #5 vfs_lookup+0x11c #6 namei+0x7ca #7 domknodat+0xb4 #8 syscall+0xb17 #9 Xsyscall+0x128 Process 1993 (syz-executor) thread 0xffff8000fffeed18 (199982) exclusive rrwlock inode r = 0 (0xfffffd806b81f580) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa3 #4 ufs_ihashins+0x4f #5 ffs_vget+0x187 #6 ffs_inode_alloc+0x279 #7 ufs_mkdir+0xfc #8 VOP_MKDIR+0x101 #9 domkdirat+0x179 #10 syscall+0xb17 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806bf007c8) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa3 #4 vn_lock+0xa4 #5 vfs_lookup+0x11c #6 namei+0x7ca #7 domkdirat+0x8b #8 syscall+0xb17 #9 Xsyscall+0x128 Process 99574 (systqmp) thread 0xffff8000ffffe298 (318456) shared rwlock systqmp r = 0 (0xffffffff837bed88) #0 witness_lock+0x5f1 #1 taskq_thread+0x12a #2 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10195 11024K 11064K 166960K 11297 0 pcb 17 12K 12K 166960K 18 0 rtable 193 5K 5K 166960K 249 0 pf 34 17K 18K 166960K 45 0 ifaddr 41 7K 7K 166960K 43 0 ifgroup 55 2K 2K 166960K 55 0 sysctl 1 1K 9K 166960K 5 0 counters 68 36K 36K 166960K 68 0 ioctlops 0 0K 4K 166960K 1482 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1343 84K 85K 166960K 1369 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 3 0K 0K 166960K 3 0 dirhash 15 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 89K 166960K 132 0 sigio 0 0K 0K 166960K 1 0 proc 76 131K 164K 166960K 521 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 89 6K 6K 166960K 89 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 61 281K 281K 166960K 61 0 exec 0 0K 1K 166960K 367 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 231 170K 176K 166960K 2963 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 42 84K 100K 166960K 1226 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 26 1K 1K 166960K 26 0 temp 37 8646K 8710K 166960K 3941 0 kqueue 14 22K 24K 166960K 25 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 35 0 31 1 0 1 1 0 8 0 rtentry 176 89 0 1 4 0 4 4 0 8 0 unpcb 144 37 0 16 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 736 6 0 2 1 0 1 1 0 8 0 arp 136 10 0 0 1 0 1 1 0 8 0 inpcb 328 61 0 53 1 0 1 1 0 8 0 nd6 152 14 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 13 0 0 1 0 1 1 0 8 0 pfstkey 128 13 0 0 1 0 1 1 0 8 0 pfstate 384 13 0 0 2 0 2 2 0 8 0 pfrule 1344 21 0 15 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 397 0 0 25 0 25 25 0 8 0 art_table 40 398 0 0 5 0 5 5 0 8 0 art_node 32 89 0 9 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0 semapl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 19 0 0 3 0 3 3 0 8 0 dino2pl 256 1571 0 54 95 0 95 95 0 8 0 ffsino 296 1571 0 54 117 0 117 117 0 8 0 nchpl 144 1757 0 63 63 0 63 63 0 8 0 vnodes 216 1663 0 0 93 0 93 93 0 8 0 namei 1024 5391 0 5389 2 0 2 2 0 8 1 percpumem 16 49 0 0 1 0 1 1 0 8 0 kstatmem 264 26 0 0 2 0 2 2 0 8 0 scxspl 216 6407 0 6407 3 1 2 2 1 8 2 plimitpl 152 31 0 13 1 0 1 1 0 8 0 sigapl 424 437 0 389 8 1 7 7 0 8 1 knotepl 120 58 0 0 2 0 2 2 0 8 0 kqueuepl 224 22 0 12 1 0 1 1 0 8 0 pipepl 344 107 0 79 3 0 3 3 0 8 0 fdescpl 528 421 0 390 3 0 3 3 0 8 0 filepl 160 1467 0 1236 10 0 10 10 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 32 0 15 1 0 1 1 0 8 0 ucredpl 104 93 0 80 1 0 1 1 0 8 0 zombiepl 144 390 0 389 1 0 1 1 0 8 0 processpl 1232 437 0 389 5 0 5 5 0 8 1 procpl 664 454 0 396 7 1 6 6 0 8 0 sockpl 752 133 0 100 4 0 4 4 0 8 0 mcl64k 65536 1 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 115 0 0 15 0 15 15 0 8 0 mcl2k 2048 19 0 0 3 0 3 3 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 134 0 0 9 0 9 9 0 8 0 bufpl 280 2879 0 118 198 0 198 198 0 8 0 anonpl 32 3983 0 0 33 0 33 33 0 246 0 amapchunkpl 152 8399 0 7941 21 1 20 20 0 158 0 amappl16 200 1963 0 1948 5 0 5 5 0 8 4 amappl15 192 7 0 7 1 0 1 1 0 8 1 amappl14 184 115 0 103 1 0 1 1 0 8 0 amappl13 176 41 0 41 1 0 1 1 0 8 1 amappl12 168 1075 0 1042 3 0 3 3 0 8 1 amappl11 160 48 0 34 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 0 1 1 0 8 1 amappl9 144 271 0 271 1 0 1 1 0 8 1 amappl8 136 66 0 64 1 0 1 1 0 8 0 amappl7 128 103 0 91 1 0 1 1 0 8 0 amappl6 120 192 0 186 1 0 1 1 0 8 0 amappl5 112 135 0 125 1 0 1 1 0 8 0 amappl4 104 295 0 275 1 0 1 1 0 8 0 amappl3 96 1268 0 1179 3 0 3 3 0 8 0 amappl2 88 646 0 568 2 0 2 2 0 8 0 amappl1 80 8144 0 7537 15 1 14 14 0 8 0 amappl 88 2284 0 2129 4 0 4 4 0 92 0 uvmvnodes 80 1663 0 0 34 0 34 34 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 422 0 391 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 422 0 391 1 0 1 1 0 8 0 vmmpekpl 168 5095 0 5057 2 0 2 2 0 8 0 vmmpepl 168 33999 0 32123 89 0 89 89 0 357 1 vmsppl 488 421 0 391 5 0 5 5 0 8 0 rwobjpl 80 14088 0 11485 55 0 55 55 0 8 1 pdppl 4096 852 0 782 104 20 84 84 0 8 14 pvpl 32 9445 0 0 77 0 77 77 0 265 0 pmappl 256 421 0 391 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 268 0 22 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace ktrops(ffff80003bc09a18,ffffffffffffffff,0,80000538,fffffd8064135e60,fffffd80097fb000) at ktrops+0x58 doktrace(fffffd8064135e60,4,538,0,ffff80003bc09a18) at doktrace+0x6bd sys_ktrace(ffff80003bc09a18,ffff80003c43be80,ffff80003c43bdd0) at sys_ktrace+0x11c syscall(ffff80003c43be80) at syscall+0xb17 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6027d0a64c0, count: -5 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83899768) at __mp_lock+0x192 ktrgenio(ffff8000ffffcd00,3,1,ffff800000b356a0,7c18) at ktrgenio+0x228 dofilewritev(ffff8000ffffcd00,3,ffff80002a29e5b8,0,ffff80002a29e670) at dofilewritev+0x502 sys_write(ffff8000ffffcd00,ffff80002a29e720,ffff80002a29e670) at sys_write+0xa2 syscall(ffff80002a29e720) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x78d284cd9dc0, count: 6 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83899768) at __mp_lock+0x192 ktrgenio(ffff8000ffffcd00,3,1,ffff800000b356a0,7c18) at ktrgenio+0x228 dofilewritev(ffff8000ffffcd00,3,ffff80002a29e5b8,0,ffff80002a29e670) at dofilewritev+0x502 sys_write(ffff8000ffffcd00,ffff80002a29e720,ffff80002a29e670) at sys_write+0xa2 syscall(ffff80002a29e720) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x78d284cd9dc0, count: -9