last executing test programs: 412.76472ms ago: executing program 0 (id=1): r0 = open(&(0x7f00000000c0)='./file0\x00', 0x615, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2, 0x11, r0, 0x0) ftruncate(r0, 0x8531) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x2, 0x0, 0x0, 0x8000003}, {0x0, 0x0, 0x40}, {0x46, 0x0, 0x0, 0x37f}]}) sysctl$kern(&(0x7f00000000c0)={0x1, 0x42}, 0x6, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8e5f84cf71b59c7afec37082", &(0x7f0000000080)=0x1918, 0x0, 0xffac) ioctl$DIOCNATLOOK(0xffffffffffffffff, 0xc0504417, 0x0) r1 = openat$pf(0xffffffffffffff9c, 0x0, 0x10000, 0x0) ioctl$DIOCIGETIFACES(r1, 0xc0284457, 0x0) r2 = openat$pf(0xffffffffffffff9c, &(0x7f0000000000), 0x81, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x403}, 0x40d) ioctl$TIOCSETA(r2, 0xc450444d, &(0x7f0000000740)={0x0, 0x1, 0xfffffffd, 0x0, "97a2224ff1c14649ebb17a926cc9795a6b47c1d1", 0x4, 0x5}) 186.865814ms ago: executing program 2 (id=3): r0 = openat$speaker(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x2, 0x0) writev(r1, &(0x7f0000000240)=[{&(0x7f0000000040)="d7", 0x1}], 0x1) pwritev(r1, &(0x7f0000000200), 0x0, 0xba9) pselect(0x40, &(0x7f00000038c0)={0x6, 0x8, 0xa, 0x800, 0x7, 0x5, 0x8, 0x7}, &(0x7f0000003900)={0x4, 0x5, 0xfffffffffffffffd, 0x13, 0x0, 0x3, 0x6, 0x1}, &(0x7f0000003940)={0x7af, 0x8, 0x2, 0x1, 0x2, 0x6, 0x2, 0x47}, &(0x7f0000003980)={0xe, 0x7f}, &(0x7f00000039c0)={0x7}) execve(0x0, 0x0, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000280)="84365766889dabe4991e51e4e2b3aed650b0992da3321d6709453d753bf2edab7f1f6165262332c04f686d9e0c77ead7dee0099175e83c380de36eaba2b026f5520d705ce170110a03a5ea7c996baf8eddcab41b2105fecd5599333273ac026ee3b1e63739f630bc4010e642567cb67207c56b286937018c522361c574a8f86a344c1ef6f541478ddf35a618fb4d691ffcc43c05cc6e0600000024a5f9e19e495c08efba386e1417", 0xa8}], 0x1) ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, &(0x7f0000000380)={0x8, 0x49, 0xd, 0xa, "03ec0009007f880000000000f3ff00", 0x1108a, 0x6}) mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x2000, 0x4800) r2 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) ioctl$TIOCFLUSH(r2, 0xc00c7006, &(0x7f0000000080)=0x100) mknod(&(0x7f0000000200)='./file0\x00', 0x2000, 0x412dff) r3 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) writev(r3, &(0x7f0000000340)=[{&(0x7f0000000000), 0x2cfea}], 0x1000000000000013) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@local, @random="00000c000001", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x3d, 0x1c, 0xfffa, 0x0, 0x7, 0x1, 0x0, @multicast1, @multicast1}, @icmp=@info_reply={0x10, 0x0, 0x0, 0x1, 0xff}}}}}) sysctl$net_inet6_ip6(&(0x7f0000000180)={0x4, 0x18, 0x29, 0x34}, 0x4, &(0x7f0000002740), 0x0, 0x0, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000100)={@broadcast, @remote, [{[], {0x8100, 0x0, 0x0, 0x3}}], {@ipv4={0x800, {{0x9, 0x4, 0x0, 0x9, 0x24, 0x68, 0x1, 0x5, 0x70, 0x0, @empty, @loopback, {[@rr={0x7, 0xffffffffffffffb5, 0x7, [@multicast2, @rand_addr=0x768]}, @rr={0x7, 0xb, 0x0, [@rand_addr=0x7ff, @remote={0xac, 0x14, 0x0}]}]}}}}}}) 178.969994ms ago: executing program 6 (id=7): r0 = semget$private(0x0, 0x4, 0x2) r1 = socket(0x18, 0x4000, 0x0) ioctl$FIONREAD(r1, 0x8080691a, 0x0) r2 = openat$pf(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$DIOCRSETTFLAGS(r2, 0xc450444a, &(0x7f0000000b00)={{'./file0\x00', './file0\x00', 0x1, 0xfb}, 0x0, 0x428, 0x0, 0x0, 0x800, 0x200, 0x3fc, 0x0, 0x101ffff}) issetugid() r3 = socket$inet(0x2, 0x1, 0x0) close(r3) r4 = semget$private(0x0, 0x1, 0x391) mknod(&(0x7f0000001040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0xd02) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1) mknod(&(0x7f0000000000)='./file1\x00', 0x2000, 0x285b9a) rename(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r5 = open$dir(&(0x7f0000000000)='.\x00', 0x8000, 0x4) lseek(r5, 0x4, 0x1) getdents(r5, &(0x7f0000002800)=""/4096, 0x1000) r6 = open$dir(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200, 0x1) getdents(r6, &(0x7f0000003800)=""/4077, 0xfed) semctl$IPC_SET(r4, 0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x0, 0xffffffffffffffff, 0x0, 0x34, 0xdfff}, 0x0, 0x232, 0x0, 0x0, 0x6, 0x0, 0x1}) setuid(0xffffffffffffffff) semop(r4, &(0x7f00000000c0)=[{0x2, 0xfffa, 0x1400}], 0x1) socket(0x24, 0x2, 0x0) setsockopt(r3, 0x6, 0x1, &(0x7f00000001c0), 0x0) mknod(&(0x7f0000000080)='./bus\x00', 0x2000, 0x205b1a) r7 = open(&(0x7f0000000080)='./bus\x00', 0x2, 0x0) pwritev(r7, &(0x7f0000000300)=[{&(0x7f0000000200)="f984a390404d01fb022d0e30", 0xc}], 0x1, 0xfffffffffffffffe) semctl$SETALL(r0, 0x0, 0x9, &(0x7f0000000880)) 164.729061ms ago: executing program 7 (id=8): r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000000c0)=@file={0xe, 0x1, './file0\x00'}, 0xa) sysctl$kern(&(0x7f00000000c0)={0x1, 0x3f}, 0x6, &(0x7f0000000240)="71f91e3471ac0058bc5a91501d94a34b8e09000000b59c7afec3b238a7bf2c29f5487082301e8017a796c773a7c70dc7deb9cbc962b678227fe2814bf758dc5a9c15e96ace240445948c69d5d832bd0d91f6fb20c56aea1ad0cf444a3aa0dcad3fc9b7bd95f07268c0eedd9bdb0120d4bcb8dba67f3d929d422552e58552d10a20357139e65487b4c1c9ac4b1fa132b8b02610591d029e1f2af14199e377a6aa1b716972af2623a6494692c5a8225bd87eaff4e067e063259c92799dcbd93296bd067406796a4a573b08e60816e6fe5a15858e9a20fefbedd077aae20d34a55047a7790215ab1d0335635b89ba963ff0183aaa870c39c63d97c27cde2fff881c75decdb57162ff0bcd9a795913a8882d268e72c2f696f27ffbcbcbe87826352b7890ca732edacb183f91c6f0142d589950ce2a0af39a831941ce21aebb2db3f8821915d7c27704523a", &(0x7f0000000100)=0xb115, 0x0, 0xfffffffffffffeff) listen(r0, 0x1) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x5, 0x1, './file0\x00'}, 0xa) accept4(r0, &(0x7f0000000100)=@in, &(0x7f0000000140)=0x10, 0x4000) 163.379215ms ago: executing program 3 (id=4): openat$vmm(0xffffffffffffff9c, 0x0, 0x8, 0x0) mknod(&(0x7f0000000040)='./bus\x00', 0x2000, 0xd02) open(&(0x7f0000000080)='./bus\x00', 0x10, 0x0) mknod(&(0x7f0000000080)='./bus\x00', 0x2000, 0x205b1a) mknod(&(0x7f0000000000)='./file1\x00', 0x2000, 0x285b9a) r0 = open(&(0x7f0000000800)='./file1\x00', 0x800, 0x120) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x205b9a) open(&(0x7f0000000100)='./file0\x00', 0x10000, 0x100) ioctl$DIOCRSETTFLAGS(r0, 0xc450444a, &(0x7f0000000840)={{'./file1\x00', './file0\x00', 0x10, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x18, 0xbda, 0x1, 0x24, 0x1}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet(0x18, 0x3, 0x102) sendmsg(r3, &(0x7f0000000240)={&(0x7f0000000280)=@in6={0x1c, 0x18, 0x1, 0xfffffffd, "00000000000000000000000000000001", 0x101}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000000)="630c00000000069afe51f6f2efa24a85abdd612dd68e59adffbb93232d44372e9bc47e84f7c477d24d9c793909f5480a00"/60, 0x3c}], 0x1, 0x0}, 0x0) sendmsg$unix(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="28000000ffff000001"], 0x28}, 0x0) recvmmsg(r1, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x0}, 0x20000001}, 0x38, 0x1842, 0x0) recvmsg(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000700)=""/140, 0x8c}], 0x1, 0x0}, 0x1840) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1000, 0x0) acct(&(0x7f0000000000)='./file0\x00') open(&(0x7f0000000180)='./file0\x00', 0x0, 0x141) syz_emit_ethernet(0x36, &(0x7f0000000240)={@local, @random="1c71749acf65", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x3d, 0x28, 0x67, 0x0, 0x0, 0x6, 0x0, @multicast1, @local={0xac, 0x14, 0x0}}, @tcp={{0x3, 0x3, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4, 0x9, 0x0, 0xfffc}}}}}}) r4 = socket$inet(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x10, 0x2, 0x3}, 0x10) sysctl$net_inet6_icmp6(&(0x7f0000000a00)={0x4, 0x18, 0x3a, 0x3}, 0x4, &(0x7f0000000a40)="3ddf2bdea3d4cfeba3a809e1267a3199fa4f5284bce8be981ee83a139e592e61d4418221fd01eeaae21b2c2e87ae81cfaebe08ebef36cfbced589aa3aed9c537e41157d2e4b5607829892e5e421155fda88550c0da4e2839d8e87473e8fbd351793102004b30a3885952cf343a0cef59f3c864309019", &(0x7f0000000b00)=0x76, &(0x7f0000000b40)="65eb6834", 0x4) listen(r4, 0x7fff) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local, @broadcast, [{[{0x88a8, 0x1, 0x1, 0x1}], {0x8100, 0x7}}], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x3d, 0x28, 0x67, 0x0, 0x0, 0x6, 0x0, @multicast1, @local={0xac, 0x14, 0x0}}, @tcp={{0x3, 0x3, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x8200, 0x0, 0xfffc}}}}}}) syz_emit_ethernet(0x15b, &(0x7f0000000240)=ANY=[]) 160.793188ms ago: executing program 7 (id=9): ioctl$VMM_IOC_CREATE(0xffffffffffffffff, 0xc2585601, &(0x7f00000000c0)={0x10, 0x800000004, [{&(0x7f000014c000/0x4000)=nil, &(0x7f00000b7000/0x3000)=nil, 0x200007fffffffffe}, {&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000124000/0x3000)=nil, 0x7fffffffffffffff}, {&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000795000/0x2000)=nil, 0xb93a}, {&(0x7f00001da000/0x4000)=nil, &(0x7f00006d4000/0x2000)=nil, 0xfdfffffffffffff9}, {&(0x7f0000312000/0x2000)=nil, &(0x7f0000025000/0x3000)=nil, 0x4001}, {&(0x7f000060b000/0x2000)=nil, &(0x7f0000095000/0x3000)=nil, 0x1}, {&(0x7f0000123000/0x3000)=nil, &(0x7f000014d000/0x4000)=nil, 0x4}, {&(0x7f00002f3000/0x3000)=nil, &(0x7f000063b000/0x2000)=nil, 0xffffffffffffffff}, {&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000026000/0x4000)=nil, 0x6}, {&(0x7f00001dc000/0x1000)=nil, &(0x7f00001db000/0x3000)=nil, 0xc6}, {&(0x7f0000392000/0x1000)=nil, &(0x7f00003a6000/0x3000)=nil, 0x1000}, {&(0x7f00006b8000/0x4000)=nil, &(0x7f0000688000/0x4000)=nil, 0x6}, {&(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x51c}, {&(0x7f000068b000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0xfffffffffffffff9}, {&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0xc0}, {&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000754000/0x4000)=nil, 0x4000009e}], './file0\x00', 0xfffffffa, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4339, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000]}) r0 = openat$pf(0xffffffffffffff9c, &(0x7f00000007c0), 0x82, 0x0) r1 = socket(0x1, 0x2, 0x0) ioctl$FIONREAD(r1, 0xc0106978, &(0x7f00000001c0)) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)}, {&(0x7f0000000080)="5c7d9003c0c338c488c2efccd91dcd29c0bf754c9b4bae272b430b320e0be4a0e9af8cf56aac3f2763d9c0fb1551147cf67d6f06d2626f6d702be99511cfe4ab2c1e5d318d4f473e7d2b2b3113940922e5", 0x51}, {0x0}, {&(0x7f0000000380)}, {&(0x7f0000000940)="a61a2e53a98fe02049b3", 0xa}], 0x5) ioctl$TIOCSETA(r0, 0xcd60441a, &(0x7f0000000040)={0x3, 0x2, 0x3, 0x0, "00000100000000000000000000001561b6c91000", 0x200, 0x1}) r2 = openat$pf(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$TIOCSETA(r2, 0xc1084425, &(0x7f0000000040)={0x3, 0x0, 0xfffffffe, 0x5, "210d000000020000616161610000004021800600", 0x2000000, 0x5}) 149.093724ms ago: executing program 0 (id=10): ioctl$WSMUXIO_LIST_DEVICES(0xffffffffffffffff, 0xc1045763, &(0x7f0000000040)={0x4, [{0x3, 0x7}, {0x2, 0xff03}, {0x1}, {0x0, 0x800}, {0x3}, {0x5}, {0x0, 0xaa59}, {0x3, 0xb59}, {0x1, 0x1}, {0x3, 0x100}, {0x1, 0x1}, {0x3, 0x80000000}, {0x2, 0x3}, {}, {0x0, 0x5}, {0x1, 0xffffffff}, {0x3, 0x1}, {0x1}, {0x3, 0xfffffffe}, {0x3, 0x7ff}, {0xbb08c0840fa32129, 0x6}, {0x0, 0x201}, {0x1}, {0x0, 0xf208}, {0x2, 0x1000000}, {0x1, 0x1}, {0x0, 0x1ff}, {0x0, 0x200}, {0x2, 0xffffffff}, {0x0, 0x9}, {0x1, 0x5}, {0x3}]}) sysctl$kern(&(0x7f00000000c0)={0x1, 0x37}, 0x2, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sysctl$kern(&(0x7f00000000c0)={0x1, 0x37}, 0x4, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8e5f84cf71b59c7afec37082", &(0x7f0000000140)=0x2c, 0x0, 0x2e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000003300)={{0x0, 0x0, 0x0, 0x0, &(0x7f00000032c0)=""/4, 0x4}, 0xe5e}, 0x38, 0x2, 0x0) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f00000034c0)={'./file0\x00', &(0x7f0000003480)=""/6, 0x6, 0x4, 0x0, 0x10}) writev(r0, &(0x7f00000035c0)=[{0x0}], 0x1) sendmsg(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=ANY=[], 0x308}, 0xc) r2 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f0000000e80)=""/4091, 0xffaa) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r4 = kqueue() r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x10091, 0x0) ioctl$DIOCCLRSTATES(r5, 0x0, &(0x7f0000000200)={{0x3, 0x1}, 0x30, '\x00', 0x22f, {@addrmask={@v6=@mcast2, @v4=@multicast2, 0x0, 0x0, 0x8}, [0xfa1, 0x500], 0x7, 0x2, 0x3ff}, {@addrmask={@v6=@loopback, @v4=@rand_addr=0x4, 0x0, 0x0, 0x2}, [0x5], 0x3, 0x0, 0x5}, './file0\x00', './file1\x00', 0x5, 0x7ff}) r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x10091, 0x0) fcntl$lock(r6, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x300000023}) closefrom(r4) sendmmsg(r3, &(0x7f00000003c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x454}, 0x4008}, 0x38, 0x0) 147.780384ms ago: executing program 1 (id=2): r0 = open(&(0x7f0000000240)='./bus/file1\x00', 0x0, 0x0) poll(&(0x7f0000000000)=[{r0, 0x4}], 0x1, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x2100, 0x5f00) ioctl$FIONBIO(r0, 0x8004667e, &(0x7f0000000400)=0x700fe954) mknod(&(0x7f0000000200)='./bus\x00', 0x6060, 0x202) r1 = open(&(0x7f0000000140)='./file0\x00', 0x10686, 0x4) ktrace(0x0, 0x1, 0x4, 0x0) r2 = socket$inet(0x18, 0x3, 0x102) sendmsg(r2, &(0x7f0000000240)={&(0x7f0000000280)=@in6={0x1c, 0x18, 0x1, 0xfffffbfd, "00000000000000000000000000000001", 0x3}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000000)="630c000000008c0550148f613e31b12ecbf6f2efa2ffffffff612dd68e59adffbb93232d44372e9b", 0x28}], 0x1, 0x0}, 0x0) r3 = socket(0x18, 0x1, 0x8) sendto$unix(r3, &(0x7f0000000100)="b10005016000009f05003f0407000000001813fecea10516d09a32693f316e357ae302b37b673031d2d236acf20b8f25be38164991f7c8cf5f882b297be1aa5b23edeb51e2f0ac3ebbc257699a1f139b672f4d335c223e7d026ba8af6300372821020000000000008bfbb770c116a985c881ea772ec5890400000000ff0000361b1257aea8c5000020022138f2d900008a09000000000008e38295f80004073da51a221f00000080042000000000000000", 0xb1, 0x0, 0x0, 0x0) ktrace(0x0, 0x2, 0x1d0e, 0x0) poll(0x0, 0x47, 0x6) r4 = open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x2, 0x10, r4, 0x0) readv(r3, &(0x7f0000000300)=[{&(0x7f00000002c0)=""/53, 0x35}], 0x1) clock_gettime(0x3, &(0x7f0000000080)) ioctl$TIOCSBRK(r1, 0x2000747b) r5 = openat$bpf(0xffffffffffffff9c, &(0x7f00000001c0), 0x40000, 0x0) ioctl$KDSETMODE(r0, 0x20004b0a, &(0x7f00000003c0)) ioctl$BIOCSETF(r5, 0x80104267, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x25, 0x1, 0x3, 0x1}, {0x88, 0x1, 0x9, 0xffffff1a}, {0x9b1e, 0xc, 0xf6, 0x40007fe}]}) stat(&(0x7f0000000340)='./bus/file1\x00', &(0x7f00000004c0)) rename(&(0x7f0000000140)='./bus\x00', &(0x7f0000000040)='./file0\x00') mknod(&(0x7f0000000280)='./file0\x00', 0x2000, 0x1e5f) r6 = open(&(0x7f0000000080)='./file0\x00', 0x80, 0x2a) fcntl$lock(0xffffffffffffffff, 0x9, &(0x7f00000001c0)={0x1, 0x0, 0x10000000000002ff, 0x9f}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$VNDIOCSET(r6, 0x80184404, &(0x7f00000001c0)={0x0, 0x0, 0x0}) chmod(&(0x7f00000000c0)='./bus\x00', 0x4) socket(0x0, 0x1, 0x6) 70.606662ms ago: executing program 3 (id=11): sysctl$net_inet_ip(&(0x7f00000007c0)={0x4, 0x2, 0x0, 0x19}, 0x4, 0x0, 0x0, &(0x7f00000003c0)="42c332", 0x1) clock_settime(0xffffffffffffffff, &(0x7f0000000000)={0x9, 0x4}) kill(0x0, 0x34) 70.391579ms ago: executing program 4 (id=5): mknod(&(0x7f00000000c0)='./bus\x00', 0x2000, 0xd01) r0 = open(&(0x7f0000000700)='.\x00', 0x20, 0x142) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x18289, 0x110) write(r1, &(0x7f00000004c0)="b96abcf5ac7cffa09ea845315c0d853a14", 0xffffff1c) munmap(&(0x7f0000077000/0xc00000)=nil, 0xc00000) getsockopt$sock_cred(r0, 0xffff, 0x1022, 0x0, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) setitimer(0x0, &(0x7f0000000080)={{0xfffffffffffffff2, 0x4000000000007}, {0xffffffffffffffff, 0x6}}, 0x0) sysctl$hw(&(0x7f0000000000)={0x6, 0x5}, 0x2, &(0x7f0000000040), 0x0, 0x0, 0x0) setrlimit(0x8, &(0x7f0000000000)={0xfffffffffffffffb, 0xffffffffffffffff}) r3 = openat$pf(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r3, 0x0, &(0x7f0000000640)={0x1, 0x1, 0x0, 0x100000000002}) readv(r2, &(0x7f0000000040)=[{&(0x7f0000000100)=""/4124, 0x101c}, {&(0x7f0000001140)=""/4086, 0xff6}], 0x2) 49.492756ms ago: executing program 6 (id=12): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_opts(r0, 0x0, 0x64, &(0x7f0000000240)="01000000", 0x4) (async) r1 = syz_open_pts() mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x5900) (async) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8, 0x9bf2d3725864749b) poll(&(0x7f0000000300)=[{r2, 0x40}], 0x1, 0x80) (async) ioctl$BIOCSETIF(r2, 0x80084904, &(0x7f0000000380)={'tap', 0x0}) (async, rerun: 64) poll(&(0x7f0000000040)=[{r1, 0x1}], 0x1, 0x1) (async, rerun: 64) ioctl$FIONREAD(r0, 0xc0287533, &(0x7f0000000340)) 30.668817ms ago: executing program 7 (id=13): r0 = openat$bpf(0xffffffffffffff9c, &(0x7f00000001c0), 0x40000, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f00000000c0)={'tap', 0x0}) pwritev(r0, &(0x7f0000002480), 0x0, 0x893c) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000080)={0x3, &(0x7f0000000100)=[{0x24, 0x1, 0x0, 0x1}, {0x87, 0x1, 0x9, 0xdfffff1a}, {0x9b1e, 0xc, 0xf6, 0x40007fe}]}) syz_emit_ethernet(0x1000e, &(0x7f00000015c0)=ANY=[]) 28.174567ms ago: executing program 0 (id=14): socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = semget(0x0, 0x1, 0x281) setgid(0xffffffffffffffff) setgroups(0x0, 0x0) setuid(0xffffffffffffffff) semop(r0, 0x0, 0x0) ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, 0x0) semctl$GETPID(r0, 0x4, 0x4, 0x0) r1 = socket$inet(0x18, 0x3, 0x102) r2 = socket(0x1, 0x1, 0x0) r3 = syz_open_pts() ioctl$TIOCSCTTY(r3, 0x20007461) r4 = fcntl$getown(r3, 0x5) fcntl$setown(r2, 0x6, r4) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)=0x0) fstatat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6) setsockopt$sock_cred(r1, 0xffff, 0x1022, &(0x7f0000000200)={r4, r5, r6}, 0xc) sendmsg(r1, &(0x7f0000000240)={&(0x7f0000000280)=@in6={0x1c, 0x18, 0x1, 0x7, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00', 0x101}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000000)="638802000000299a8c51f6f2efa24a85abdd612dd68e59ad4e100084410a8591426ee03e5395518b", 0x28}], 0x1, 0x0}, 0xa) 8.655094ms ago: executing program 1 (id=15): r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000200)={'tap', 0x0}) ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x10, 0x80, 0x3, 0x49}, {0x47, 0x0, 0xff}, {0x6, 0x80, 0x8, 0xfffff808}]}) sysctl$kern(0x0, 0x0, &(0x7f0000000240)="c2b0c9dc88112a75068f56058b5d427550143102a60800b2906c850e9c24ad928f29f000fcfe5ae46fb80d34fbcf9f6e054fdded799300067ae30010fcff45ff7f0daf28c17a6d5d93f339253a", &(0x7f0000000000)=0x4d, 0x0, 0x0) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000040)={0x0, 0x0}) (async) syz_emit_ethernet(0x32, &(0x7f00000005c0)=ANY=[]) r1 = open$dir(&(0x7f0000000040)='./file0\x00', 0x201, 0x80) (async, rerun: 64) ktrace(&(0x7f0000000180)='./file0\x00', 0x4, 0x51d73188af82c397, 0xffffffffffffffff) (rerun: 64) setuid(0xee01) (async) fstat(r1, &(0x7f00000001c0)) (async, rerun: 64) sysctl$kern(&(0x7f00000002c0)={0x1, 0x12}, 0x2, &(0x7f00000000c0)="4d8e8af726", 0x0, 0x0, 0x0) (rerun: 64) 8.237322ms ago: executing program 5 (id=6): r0 = openat$pf(0xffffffffffffff9c, &(0x7f0000001000), 0x10000, 0x0) ioctl$DIOCRCLRTSTATS(r0, 0xc4504441, &(0x7f0000002100)={{'./file0\x00', './file0\x00', 0x20, 0xfd}, &(0x7f0000001040)=[{'./file0\x00', './file0/file0\x00', 0x0, 0x2}], 0x428, 0x1, 0x9, 0x4, 0x9, 0x8, 0x12, 0x8}) r1 = socket(0x11, 0x3, 0x0) sendto$unix(r1, &(0x7f0000000100)="b1000501000000ae05003f01070000000508000000000500fef96ecfc72fd3357ae30200004e30ffd2d236acf20bf404be01000000f7c8cf5f882b297de1aa050400ce94e2f0ad3ebbc257e4411f139b672f335c22db830c032bfa896443c32118210000720fd38bfb0000fd54c125191b1257aea8c500001602fbfe0c2300000100be1f25a2e791505c47f8343712cc11fffffffffffffc00"/177, 0xb1, 0x400, 0x0, 0x0) 0s ago: executing program 0 (id=16): mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x2000, 0x4800) r0 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x9) ioctl$TIOCFLUSH(r0, 0xc0187009, &(0x7f0000000080)) (async) ioctl$TIOCFLUSH(r0, 0xc0187009, &(0x7f0000000080)) r1 = open(&(0x7f0000000140)='./file0\x00', 0x78e, 0x130) r2 = socket$inet(0x2, 0x2, 0x0) getsockopt(r2, 0x0, 0x9, 0x0, 0x0) r3 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0xaabf9b9ab671b4cc) faccessat(r3, &(0x7f00000001c0)='./bus\x00', 0x9, 0x1) socket(0x18, 0x1, 0x0) (async) socket(0x18, 0x1, 0x0) fcntl$dupfd(r1, 0xa, r1) (async) r4 = fcntl$dupfd(r1, 0xa, r1) close(r4) open$dir(&(0x7f0000001700)='./file0\x00', 0x0, 0x120) chroot(&(0x7f0000000740)='.\x00') (async) chroot(&(0x7f0000000740)='.\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="28000000ffff000001"], 0x28}, 0x0) recvmsg(r5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/51, 0x33}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.84' (ED25519) to the list of known hosts. panic: uvm_fault_unwire_locked: address not in map Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *513643 58181 0 0 0x4000000 1K syz-executor 489662 58181 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 panic(ffffffff834a12d0) at panic+0x1e5 uvm_fault_unwire_locked(fffffd806c54b020,200000610000,200000611000) at uvm_fault_unwire_locked+0x4be uvm_fault_wire(fffffd806c54b020,200000610000,200000621000,1) at uvm_fault_wire+0x12d uvm_vslock_device(ffff80003abd82b8,2000006104c0,10000,1,ffff80003abd7a98) at uvm_vslock_device+0x112 physio(ffffffff833ad2d0,d01,0,ffffffff833adb20,ffff80003abd7d78) at physio+0x257 spec_write(ffff80003abd7bc0) at spec_write+0x11f VOP_WRITE(fffffd806c38e298,ffff80003abd7d78,5,fffffd80097fd618) at VOP_WRITE+0x101 vn_write(fffffd8069bf0ea8,ffff80003abd7d78,0) at vn_write+0x1d3 dofilewritev(ffff80003abd82b8,4,ffff80003abd7d78,0,ffff80003abd7e30) at dofilewritev+0x2bd sys_write(ffff80003abd82b8,ffff80003abd7ee0,ffff80003abd7e30) at sys_write+0xa2 syscall(ffff80003abd7ee0) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x68324798120, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault_unwire_locked: address not in map ddb{1}> trace db_enter() at db_enter+0x25 panic(ffffffff834a12d0) at panic+0x1e5 uvm_fault_unwire_locked(fffffd806c54b020,200000610000,200000611000) at uvm_fault_unwire_locked+0x4be uvm_fault_wire(fffffd806c54b020,200000610000,200000621000,1) at uvm_fault_wire+0x12d uvm_vslock_device(ffff80003abd82b8,2000006104c0,10000,1,ffff80003abd7a98) at uvm_vslock_device+0x112 physio(ffffffff833ad2d0,d01,0,ffffffff833adb20,ffff80003abd7d78) at physio+0x257 spec_write(ffff80003abd7bc0) at spec_write+0x11f VOP_WRITE(fffffd806c38e298,ffff80003abd7d78,5,fffffd80097fd618) at VOP_WRITE+0x101 vn_write(fffffd8069bf0ea8,ffff80003abd7d78,0) at vn_write+0x1d3 dofilewritev(ffff80003abd82b8,4,ffff80003abd7d78,0,ffff80003abd7e30) at dofilewritev+0x2bd sys_write(ffff80003abd82b8,ffff80003abd7ee0,ffff80003abd7e30) at sys_write+0xa2 syscall(ffff80003abd7ee0) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x68324798120, count: -13 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80003abd77e0 rbx 0xffff8000299bee07 rdx 0xffff8000015f1900 rcx 0xffff80003abd82b8 rax 0xffff8000299bdff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x6d70b7d775faaf9 r11 0x54a09e39e94f231e r12 0xffff8000299bec08 r13 0 r14 0 r15 0x1 rip 0xffffffff817fc5f5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003abd77d0 ss 0 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=513643 pid=58181 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=53, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003abd8d18,0xffff80003abd9788 process=0xffff80002a39c9b8 user=0xffff80003abd2000, vmspace=0xfffffd806c54b020 estcpu=9, cpticks=10, pctcpu=0.0, user=0, sys=10, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 57667 250238 2091 0 2 0 syz-executor 38416 470219 23196 -1 2 0x10 syz-executor 38416 220377 23196 -1 3 0x4000090 sbwait syz-executor 4099 464218 21828 0 2 0 syz-executor 4099 402925 21828 0 3 0x4000080 ttyout syz-executor 4099 447018 21828 0 2 0x4000000 syz-executor 77153 320372 82896 0 2 0 syz-executor 77153 326011 82896 0 3 0x4000080 fsleep syz-executor 77153 454947 82896 0 3 0x4000080 fsleep syz-executor 52050 466553 98512 0 2 0 syz-executor 95575 472659 96770 0 2 0 syz-executor 95575 212655 96770 0 3 0x4000080 fsleep syz-executor 95575 84358 96770 0 3 0x4000080 fsleep syz-executor 58181 88240 56653 0 2 0 syz-executor *58181 513643 56653 0 7 0x4000000 syz-executor 58181 489662 56653 0 7 0x4000000 syz-executor 30352 102306 62727 0 3 0x80 nanoslp syz-executor 30352 209284 62727 0 3 0x4000080 bell syz-executor 30352 98741 62727 0 3 0x4000080 fsleep syz-executor 21828 30488 70326 0 3 0x82 nanoslp syz-executor 96770 120610 70326 0 3 0x82 nanoslp syz-executor 82896 296120 70326 0 3 0x82 nanoslp syz-executor 56653 79990 70326 0 3 0x82 nanoslp syz-executor 2091 334921 70326 0 3 0x82 nanoslp syz-executor 62727 88016 70326 0 3 0x82 nanoslp syz-executor 98512 374884 70326 0 3 0x82 nanoslp syz-executor 23196 30416 70326 0 3 0x82 nanoslp syz-executor 70326 103348 35444 0 3 0x82 kqread syz-executor 35444 453157 77732 0 3 0x10008a sigsusp ksh 77732 409634 62911 0 3 0x98 kqread sshd-session 62911 472058 30247 0 3 0x92 kqread sshd-session 80263 477153 1 0 3 0x100083 ttyin getty 30247 15178 1 0 3 0x88 kqread sshd 4318 55692 93643 74 3 0x1100092 bpf pflogd 93643 184615 1 0 3 0x80 sbwait pflogd 15180 395350 78812 73 3 0x1100090 kqread syslogd 78812 382623 1 0 3 0x100082 sbwait syslogd 78430 459186 1 0 3 0x100080 kqread resolvd 19605 213373 57566 77 3 0x100092 kqread dhcpleased 87182 519861 57566 77 3 0x100092 kqread dhcpleased 57566 413421 1 0 3 0x80 kqread dhcpleased 53280 520089 0 0 3 0x14200 bored smr 34127 107230 0 0 3 0x14200 pgzero zerothread 52985 216286 0 0 3 0x14200 aiodoned aiodoned 35065 314620 0 0 3 0x14200 syncer update 76298 416105 0 0 3 0x14200 cleaner cleaner 4609 309895 0 0 3 0x14200 reaper reaper 93140 243972 0 0 3 0x14200 pgdaemon pagedaemon 9202 490235 0 0 3 0x14200 bored viomb 61658 206989 0 0 3 0x40014200 acpi0 acpi0 28761 196313 0 0 3 0x40014200 idle1 43788 518026 0 0 3 0x14200 bored softnet1 15092 209330 0 0 3 0x14200 bored softnet0 1948 54967 0 0 3 0x14200 bored systqmp 37924 128770 0 0 3 0x14200 bored systq 32046 136450 0 0 3 0x14200 tmoslp softclockmp 49827 244343 0 0 3 0x40014200 tmoslp softclock 17931 205367 0 0 3 0x40014200 idle0 1 457265 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive mutex &uvm.pageqlock r = 0 (0xffffffff839ce710) #0 witness_lock+0x5f1 #1 mtx_enter+0x4b4 #2 uvm_pageclean+0x29c #3 uvm_pagefree+0x26 #4 uvm_anfree+0xe9 #5 amap_wiperange_chunk+0x1a6 #6 amap_wiperange+0x4b4 #7 amap_pp_adjref+0x6d0 #8 amap_adjref_anons+0x22d #9 uvm_unmap_detach+0x8a #10 sys_munmap+0x329 #11 syscall+0xbd4 #12 Xsyscall+0x128 Process 38416 (syz-executor) thread 0xffff80003abd87e8 (220377) exclusive rwlock sbufrcv r = 0 (0xffff800010fdbb78) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 sblock+0xb6 #3 soreceive+0x27d #4 recvit+0x40b #5 sys_recvmmsg+0x410 #6 syscall+0xbd4 #7 Xsyscall+0x128 Process 58181 (syz-executor) thread 0xffff80003abd82b8 (513643) shared rwlock vmmaplk r = 0 (0xfffffd806c54b120) #0 witness_lock+0x5f1 #1 rw_do_enter_read+0x3e8 #2 uvm_fault_wire+0x116 #3 uvm_vslock_device+0x112 #4 physio+0x257 #5 spec_write+0x11f #6 VOP_WRITE+0x101 #7 vn_write+0x1d3 #8 dofilewritev+0x2bd #9 sys_write+0xa2 #10 syscall+0xbd4 #11 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83999540) #0 witness_lock+0x5f1 #1 __mp_acquire_count+0x58 #2 sleep_finish+0x2d8 #3 rw_do_enter_read+0x309 #4 uvmfault_lookup+0x122 #5 uvm_fault_check+0x4f #6 uvm_fault+0x106 #7 uvm_fault_wire+0x73 #8 uvm_vslock_device+0x112 #9 physio+0x257 #10 spec_write+0x11f #11 VOP_WRITE+0x101 #12 vn_write+0x1d3 #13 dofilewritev+0x2bd #14 sys_write+0xa2 #15 syscall+0xbd4 #16 Xsyscall+0x128 Process 58181 (syz-executor) thread 0xffff80003abd9248 (489662) exclusive rwlock amaplk r = 0 (0xfffffd806c266a90) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 amap_unref+0x3d #3 uvm_unmap_detach+0x8a #4 sys_munmap+0x329 #5 syscall+0xbd4 #6 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11061 12150K 12150K 166960K 12158 0 pcb 17 12K 12K 166960K 17 0 rtable 237 6K 7K 166960K 359 0 pf 36 18K 18K 166960K 47 0 ifaddr 43 7K 7K 166960K 45 0 ifgroup 55 2K 2K 166960K 55 0 sysctl 1 1K 9K 166960K 5 0 counters 70 37K 37K 166960K 70 0 ioctlops 0 0K 4K 166960K 1488 0 iov 1 4K 4K 166960K 3 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1290 81K 81K 166960K 1376 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 5 0K 0K 166960K 8 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 93K 166960K 149 0 proc 70 115K 164K 166960K 552 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 99 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 37 175K 175K 166960K 37 0 exec 0 0K 1K 166960K 391 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 236 179K 184K 166960K 3215 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 43 86K 106K 166960K 1326 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 28 2K 2K 166960K 28 0 temp 34 9074K 9138K 166960K 4221 0 kqueue 14 22K 22K 166960K 23 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 37 0 34 1 0 1 1 0 8 0 rtentry 176 111 0 1 5 0 5 5 0 8 0 unpcb 144 52 0 31 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 736 12 0 7 1 0 1 1 0 8 0 arp 136 18 0 0 1 0 1 1 0 8 0 inpcb 328 73 0 64 1 0 1 1 0 8 0 nd6 152 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfstscr 40 2 0 2 1 0 1 1 0 8 1 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 17 0 0 1 0 1 1 0 8 0 pfstkey 128 19 0 2 1 0 1 1 0 8 0 pfstate 448 18 0 1 2 0 2 2 0 8 0 pfrule 1360 22 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 453 0 0 29 0 29 29 0 8 0 art_table 40 454 0 0 5 0 5 5 0 8 0 art_node 32 111 0 11 1 0 1 1 0 8 0 semapl 112 5 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1600 0 134 92 0 92 92 0 8 0 ffsino 296 1600 0 134 114 0 114 114 0 8 0 nchpl 144 1803 0 100 64 0 64 64 0 8 0 vnodes 216 1693 0 0 95 0 95 95 0 8 0 namei 1024 5519 0 5519 2 0 2 2 0 8 2 percpumem 16 50 0 0 1 0 1 1 0 8 0 kstatmem 264 27 0 0 2 0 2 2 0 8 0 scxspl 216 6218 0 6218 3 1 2 2 1 8 2 plimitpl 152 27 0 10 1 0 1 1 0 8 0 sigapl 424 473 0 425 7 0 7 7 0 8 1 knotepl 120 57 0 0 2 0 2 2 0 8 0 kqueuepl 224 21 0 11 1 0 1 1 0 8 0 pipepl 344 126 0 99 3 0 3 3 0 8 0 fdescpl 528 457 0 425 3 0 3 3 0 8 0 filepl 160 1614 0 1390 10 0 10 10 0 8 0 lockfpl 104 11 0 8 1 0 1 1 0 8 0 lockfspl 48 7 0 4 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 30 0 13 1 0 1 1 0 8 0 ucredpl 104 83 0 69 1 0 1 1 0 8 0 zombiepl 144 425 0 425 1 0 1 1 0 8 1 processpl 1232 473 0 425 5 0 5 5 0 8 1 procpl 664 496 0 437 5 0 5 5 0 8 0 sockpl 752 164 0 131 4 0 4 4 0 8 0 mcl64k 65536 6 0 0 1 0 1 1 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 127 0 0 16 0 16 16 0 8 0 mcl2k 2048 18 0 0 3 0 3 3 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 184 0 0 12 0 12 12 0 8 0 bufpl 280 2317 0 105 158 0 158 158 0 8 0 anonpl 32 4867 0 0 40 0 40 40 0 246 0 amapchunkpl 152 8847 0 8352 22 0 22 22 0 158 0 amappl16 200 1583 0 1547 5 0 5 5 0 8 2 amappl15 192 3 0 2 1 0 1 1 0 8 0 amappl14 184 448 0 446 1 0 1 1 0 8 0 amappl13 176 121 0 109 1 0 1 1 0 8 0 amappl12 168 725 0 694 2 0 2 2 0 8 0 amappl11 160 73 0 73 1 0 1 1 0 8 1 amappl10 152 72 0 58 1 0 1 1 0 8 0 amappl9 144 273 0 272 1 0 1 1 0 8 0 amappl8 136 101 0 99 1 0 1 1 0 8 0 amappl7 128 152 0 139 1 0 1 1 0 8 0 amappl6 120 158 0 157 1 0 1 1 0 8 0 amappl5 112 93 0 83 1 0 1 1 0 8 0 amappl4 104 291 0 272 1 0 1 1 0 8 0 amappl3 96 1551 0 1437 3 0 3 3 0 8 0 amappl2 88 542 0 485 2 0 2 2 0 8 0 amappl1 80 9617 0 9015 15 0 15 15 0 8 1 amappl 88 2466 0 2304 4 0 4 4 0 92 0 uvmvnodes 80 101 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 457 0 425 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 457 0 425 1 0 1 1 0 8 0 vmmpekpl 168 5524 0 5495 2 0 2 2 0 8 0 vmmpepl 168 37580 0 35639 86 0 86 86 0 357 0 vmsppl 488 456 0 425 5 0 5 5 0 8 1 rwobjpl 80 13676 0 12643 24 0 24 24 0 8 0 pdppl 4096 921 0 850 101 16 85 85 0 8 14 pvpl 32 10819 0 0 88 0 88 88 0 265 0 pmappl 256 456 0 425 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 274 0 19 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff8393bff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 _rb_nfind(ffffffff8364fe98,fffffd8004885000,fffffd8008166a50) at _rb_nfind+0xf1 uvm_pmr_pnaddr(fffffd8004885000,fffffd8008166a50,ffff80003c3fccd0,ffff80003c3fccd8) at uvm_pmr_pnaddr+0x64 uvm_pmr_insert_addr(fffffd8004885000,fffffd8008166a50,0) at uvm_pmr_insert_addr+0x91 uvm_pmr_freepages(fffffd8008166a50,1) at uvm_pmr_freepages+0x2d1 uvm_anfree(fffffd80601d7080) at uvm_anfree+0xe9 amap_wipeout(fffffd806d1920e0) at amap_wipeout+0x246 uvm_unmap_detach(ffff80003c3fceb0,0) at uvm_unmap_detach+0x8a sys_munmap(ffff80003abd9248,ffff80003c3fcff0,ffff80003c3fcf40) at sys_munmap+0x329 syscall(ffff80003c3fcff0) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x682dcee8580, count: 2 ddb{0}> trace x86_ipi_db(ffffffff8393bff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 _rb_nfind(ffffffff8364fe98,fffffd8004885000,fffffd8008166a50) at _rb_nfind+0xf1 uvm_pmr_pnaddr(fffffd8004885000,fffffd8008166a50,ffff80003c3fccd0,ffff80003c3fccd8) at uvm_pmr_pnaddr+0x64 uvm_pmr_insert_addr(fffffd8004885000,fffffd8008166a50,0) at uvm_pmr_insert_addr+0x91 uvm_pmr_freepages(fffffd8008166a50,1) at uvm_pmr_freepages+0x2d1 uvm_anfree(fffffd80601d7080) at uvm_anfree+0xe9 amap_wipeout(fffffd806d1920e0) at amap_wipeout+0x246 uvm_unmap_detach(ffff80003c3fceb0,0) at uvm_unmap_detach+0x8a sys_munmap(ffff80003abd9248,ffff80003c3fcff0,ffff80003c3fcf40) at sys_munmap+0x329 syscall(ffff80003c3fcff0) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x682dcee8580, count: -13 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x25: addq $0x8,%rsp db_enter() at db_enter+0x25 panic(ffffffff834a12d0) at panic+0x1e5 uvm_fault_unwire_locked(fffffd806c54b020,200000610000,200000611000) at uvm_fault_unwire_locked+0x4be uvm_fault_wire(fffffd806c54b020,200000610000,200000621000,1) at uvm_fault_wire+0x12d uvm_vslock_device(ffff80003abd82b8,2000006104c0,10000,1,ffff80003abd7a98) at uvm_vslock_device+0x112 physio(ffffffff833ad2d0,d01,0,ffffffff833adb20,ffff80003abd7d78) at physio+0x257 spec_write(ffff80003abd7bc0) at spec_write+0x11f VOP_WRITE(fffffd806c38e298,ffff80003abd7d78,5,fffffd80097fd618) at VOP_WRITE+0x101 vn_write(fffffd8069bf0ea8,ffff80003abd7d78,0) at vn_write+0x1d3 dofilewritev(ffff80003abd82b8,4,ffff80003abd7d78,0,ffff80003abd7e30) at dofilewritev+0x2bd sys_write(ffff80003abd82b8,ffff80003abd7ee0,ffff80003abd7e30) at sys_write+0xa2 syscall(ffff80003abd7ee0) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x68324798120, count: 2 ddb{1}> trace db_enter() at db_enter+0x25 panic(ffffffff834a12d0) at panic+0x1e5 uvm_fault_unwire_locked(fffffd806c54b020,200000610000,200000611000) at uvm_fault_unwire_locked+0x4be uvm_fault_wire(fffffd806c54b020,200000610000,200000621000,1) at uvm_fault_wire+0x12d uvm_vslock_device(ffff80003abd82b8,2000006104c0,10000,1,ffff80003abd7a98) at uvm_vslock_device+0x112 physio(ffffffff833ad2d0,d01,0,ffffffff833adb20,ffff80003abd7d78) at physio+0x257 spec_write(ffff80003abd7bc0) at spec_write+0x11f VOP_WRITE(fffffd806c38e298,ffff80003abd7d78,5,fffffd80097fd618) at VOP_WRITE+0x101 vn_write(fffffd8069bf0ea8,ffff80003abd7d78,0) at vn_write+0x1d3 dofilewritev(ffff80003abd82b8,4,ffff80003abd7d78,0,ffff80003abd7e30) at dofilewritev+0x2bd sys_write(ffff80003abd82b8,ffff80003abd7ee0,ffff80003abd7e30) at sys_write+0xa2 syscall(ffff80003abd7ee0) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x68324798120, count: -13