last executing test programs: 4.42268635s ago: executing program 0 (id=115): __semctl$GETNCNT(0x0, 0x0, 0x3) r0 = kqueue() kevent(r0, &(0x7f00000003c0)=[{0xffffffffffffffff, 0xfffffffffffffff9, 0x9, 0x8, 0xe8c5, 0x0, [0x0, 0x0, 0x7, 0x40000000000000]}, {0x7fff, 0xfffffffffffffffa, 0x0, 0x2, 0x3, 0xfffffffffffffffc, [0xfb7, 0x4, 0x10, 0xdba2]}, {0x0, 0xfffffffffffffffb, 0x2, 0x10, 0x1, 0x8000000000000001, [0x0, 0x2, 0x822, 0x1]}], 0x3, 0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) socket(0x2, 0x1, 0x0) syz_emit_ethernet(0x10a, &(0x7f0000000380)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd60f1936a00d4070100000000000000000000000000000001000000000000000000000000000000005c010000000000000401050100050004010805"]) kevent(0xffffffffffffffff, &(0x7f00000000c0)=[{0x1, 0xfffffffffffffffc, 0x9, 0x8, 0xe8c5, 0x0, [0x0, 0x0, 0x7, 0x40000000000004]}, {0x7fff, 0xfffffffffffffff3, 0xc071, 0x40000000, 0x2, 0x7f6, [0xffffffff80000001, 0x2, 0x20001bc8fee3, 0x1]}, {0x4, 0xffffffffffffffff, 0xc00c, 0x100, 0x9, 0x20000000ffffffff, [0x6, 0x200, 0xfffffffffffeffff, 0x200]}, {0xbc, 0xfffffffffffffff5, 0x0, 0x8, 0x7, 0xffffffff, [0x4, 0x101, 0x0, 0xc10]}], 0x4, 0x0, 0x0, 0x0) r1 = kqueue() kevent(r1, &(0x7f0000000080)=[{}], 0x44000000, &(0x7f00000004c0), 0x80000000, 0x0) 4.20188479s ago: executing program 1 (id=118): open(&(0x7f00000000c0)='./file0\x00', 0x615, 0x0) r0 = open$dir(&(0x7f00000016c0)='./file0\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) setrlimit(0x6, &(0x7f0000000000)={0x10000000000b35d, 0x800000b35d}) mlockall(0x1) r1 = kqueue() kevent(r1, 0x0, 0x0, 0x0, 0x8, 0x0) kevent(r1, &(0x7f0000000080)=[{0x0, 0xffffffffffffffff, 0xa1, 0x4, 0x9, 0x4}], 0x40, 0x0, 0xa, 0x0) kevent(r1, &(0x7f0000000000)=[{0x0, 0xfffffffffffffff9, 0x17, 0x10}], 0x29f, 0x0, 0x8001, 0x0) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) mlockall(0x3) 2.348246385s ago: executing program 1 (id=120): mkdir(&(0x7f0000000040)='./file0\x00', 0x38) symlink(&(0x7f0000000080)='./file0\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r0 = open$dir(&(0x7f0000000240)='.\x00', 0x0, 0x0) r1 = __specialfd$inotify(0x2, &(0x7f0000000180), 0x4) inotify_add_watch_at(r1, r0, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20000410) r2 = open$dir(&(0x7f0000000080)='.\x00', 0x10000, 0x0) r3 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r3, &(0x7f00000001c0)='./file1\x00', 0x4) r4 = kqueue() kevent(r4, &(0x7f0000000000)=[{0x4, 0xffffffffffffffff, 0x3, 0x4f, 0x2000000c, 0x0, [0x0, 0x0, 0x0, 0x404]}], 0x1, 0x0, 0x0, 0x0) renameat(r2, &(0x7f0000000040)='./file1\x00', r3, &(0x7f0000000200)='./file0\x00') 1.828680654s ago: executing program 1 (id=121): open$dir(0x0, 0x2, 0x0) r0 = kqueue() kevent(r0, &(0x7f0000000040)=[{0x0, 0xfffffffffffffff9, 0x9, 0x8, 0xe8c5, 0x0, [0x0, 0x0, 0x0, 0x40000000000000]}], 0x1, 0x0, 0x0, 0x0) syz_emit_ethernet(0xe, &(0x7f00000002c0)=ANY=[@ANYRES64=r0, @ANYBLOB="858907d3c2bb805acf218577e1b446efe7b9446bc717f3fb74a11ba4cc1b0bd0e6c19b5e56cb86a637fdf872604a867240ee167e19ebd3c947aabff143d7b76971da37819192b27a663386bdb9252d202b3b963b59f5ae49958c83ed6bee103346b085f61d65ff00c4fc4940750e3c9d9a131e2ff9117ea175aae9ab90a181b34fb3be3f8e1fe8da3f040dff9fc8ef328694fef5105f871063baabfb5fcad30db8ad26282ace37d083c468", @ANYRESOCT=r0]) msgget$private(0x0, 0x716) openat$ptmx(0xffffff9c, 0x0, 0x100000, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) open(0x0, 0x200, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) unmount(&(0x7f00000019c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x1100004b) 1.766905244s ago: executing program 0 (id=122): r0 = socket(0x1c, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0x1c, 0x1c, 0x0, 0x0, @loopback}, 0x1c) r1 = socket(0x1c, 0x1, 0x0) setsockopt$sock_int(r1, 0xffff, 0x10000, &(0x7f0000000140)=0xb, 0x4) bind$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x0, 0x0, @empty}, 0x1c) r2 = socket(0x1c, 0x1, 0x0) setsockopt$sock_int(r2, 0xffff, 0x10000, &(0x7f0000000080)=0xb, 0x4) bind$inet6(r2, &(0x7f0000000000)={0x1c, 0x1c, 0x0, 0x0, @empty}, 0x1c) r3 = socket$inet6(0x1c, 0x1, 0x0) setsockopt(r3, 0x29, 0x40, &(0x7f0000000000)="60c6eabb", 0x4) bind$inet6(r3, &(0x7f0000000040)={0x1c, 0x1c, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x2}, 0x1c) 1.742822402s ago: executing program 0 (id=123): r0 = open(&(0x7f0000000340)='./file0\x00', 0x300, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200201, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) flock(r0, 0x1) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x205, 0x0) fcntl$lock(r2, 0x9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000301010005}) fcntl$lock(r1, 0x8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x100000001}) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x201, 0x0) fcntl$lock(r3, 0x9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000300010005}) flock(r0, 0x8) 1.487335165s ago: executing program 3 (id=125): r0 = open$dir(&(0x7f0000000840)='./file1\x00', 0x40000400000002c2, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) aio_write(0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./file0/file0\x00', 0x6) r1 = open$dir(&(0x7f0000000240)='.\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00') chroot(&(0x7f0000000080)='./file0/file0/..\x00') rmdir(&(0x7f00000000c0)='./file0/file0/..\x00') 1.463807985s ago: executing program 1 (id=126): mkdir(&(0x7f0000000040)='./file0\x00', 0x38) symlink(&(0x7f0000000080)='./file0\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r0 = open$dir(&(0x7f0000000240)='.\x00', 0x0, 0x0) r1 = __specialfd$inotify(0x2, &(0x7f0000000180), 0x4) getfh(&(0x7f00000000c0)='./file0/file0\x00', 0x0) inotify_add_watch_at(r1, r0, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20000410) r2 = open$dir(&(0x7f0000000080)='.\x00', 0x10000, 0x0) r3 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r3, &(0x7f00000001c0)='./file1\x00', 0x4) renameat(r2, &(0x7f0000000040)='./file1\x00', r3, &(0x7f0000000180)='./file0\x00') sync() 1.426298771s ago: executing program 2 (id=127): r0 = socket(0x1c, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0x62, 0x1c, 0x3, 0xfffffffb, @loopback}, 0x1c) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x615, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2, 0x11, r1, 0x0) ftruncate(r1, 0x107d2) fspacectl(r1, 0x1, &(0x7f0000000100)={0x0, 0xffff}, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000180)={0x1c, 0x1c, 0x3, 0x0, @empty, 0xfffffffc}, 0x1c) mount(&(0x7f0000000040)='ufs\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000140)) r2 = open$dir(&(0x7f0000000240)='./file0\x00', 0x2000000, 0x126) sendto$inet6(r0, &(0x7f0000000280)="5a4f42c8d1e1d67e0d408ac98b3e3f0d1a029b3a77a09a3dcdeb9f17172836e87ece61171d8bef4e772a1428b4a7d75ccd6c16531a03eaa815500033c9ea65f410d8afb01fc56c2265369f39fb4debde3c5d2a4723fa88", 0x57, 0x20001, 0x0, 0x0) sendfile(r2, r0, 0x1, 0x0, 0x0, 0x0, 0x19) 1.31407605s ago: executing program 1 (id=128): r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x200, 0x24) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200201, 0x0) aio_write(&(0x7f0000000240)={r1, 0x80000001, &(0x7f0000000040)="e2", 0x1, [0x0, 0x1ff], 0x0, 0x0, 0x0, {0x0, 0x7, 0x0}, {0x0, 0x0, @sival_int, @ke_flags=0x9fc040a3bd859cca}}) r2 = open(&(0x7f0000000480)='./file0\x00', 0x80400000000206, 0x0) mlockall(0x2) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x20011, r2, 0x0) r3 = open$dir(&(0x7f0000001240)='./file0\x00', 0x40000400000002c2, 0x0) copy_file_range(r3, 0x0, r2, &(0x7f0000000080)=0x2ffff, 0xf, 0x0) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000001280)=""/4112, 0x1010}], 0x1, 0x3) preadv(r0, &(0x7f0000000880)=[{&(0x7f00000004c0)=""/185, 0xb9}], 0x1, 0x12) 1.292893253s ago: executing program 2 (id=129): r0 = open(&(0x7f0000000480)='./file0\x00', 0x80400000000206, 0x0) r1 = open$dir(&(0x7f0000000240)='.\x00', 0x0, 0x110) symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r2 = __specialfd$inotify(0x2, &(0x7f0000000180), 0x4) inotify_add_watch_at(r2, r1, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20000410) r3 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000180)='./file1\x00', 0x0) chdir(&(0x7f0000000040)='./file1\x00') r4 = open$dir(&(0x7f0000001240)='./file0\x00', 0x40000400000002c2, 0x0) copy_file_range(r4, 0x0, r0, 0x0, 0xf, 0x0) 1.217560971s ago: executing program 0 (id=130): r0 = open(&(0x7f0000000480)='./file0\x00', 0x80000000000206, 0x0) ftruncate(r0, 0x3862) r1 = open(&(0x7f0000000480)='./file0\x00', 0x80400000000206, 0x0) setsockopt$sock_int(r1, 0xffff, 0x1019, 0x0, 0x0) procctl$PROC_REAP_KILL(0x0, 0x0, 0x6, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x20011, r1, 0x0) setrlimit(0x6, &(0x7f0000000000)={0x10000000000b35d, 0x800000b35d}) mlockall(0x1) mlockall(0x3) 1.215541036s ago: executing program 2 (id=131): ioctl$OPIO_KEYMAP(0xffffffffffffff9c, 0x8a026b07, 0x0) r0 = kqueue() kevent(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1001, 0x0, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000000)=@in={0x10, 0x2, 0x0, @rand_addr=0x7fffffff}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x149}, 0x0) r1 = msgget$private(0x0, 0x0) msgsnd(r1, &(0x7f0000000040)=ANY=[@ANYRESOCT], 0x401, 0x0) msgrcv(r1, 0x0, 0x0, 0x1, 0x400) msgsnd(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x48, 0x800) 1.160617642s ago: executing program 3 (id=132): open(&(0x7f0000000340)='./file0\x00', 0x300, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fcntl$lock(r0, 0x8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x100000001}) r1 = open(&(0x7f0000000040)='./file0\x00', 0x300, 0x0) flock(r1, 0x1) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x205, 0x0) fcntl$lock(r2, 0x9, &(0x7f0000000000)={0x0, 0x4, 0x58, 0x1000301010005}) r3 = open(&(0x7f0000000380)='./file0\x00', 0x205, 0x0) open$dir(&(0x7f0000000140)='./file0\x00', 0x8110, 0x0) flock(r3, 0x3) 690.951151ms ago: executing program 1 (id=133): extattr_get_fd(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000340)='./file0\x00', 0x300, 0x0) flock(r0, 0x1) r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x205, 0x0) fcntl$lock(r2, 0x9, &(0x7f0000000000)={0x0, 0x4, 0x58, 0x1000301010005}) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x205, 0x0) r4 = vfork() fcntl$lock(r3, 0xd, &(0x7f0000000000)={0x3, 0x2, 0x58, 0x1000301010005, r4}) fcntl$lock(r1, 0x8, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x100000001, r4}) 345.402406ms ago: executing program 2 (id=134): kevent(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_udp(0x1c, 0x2, 0x0) r0 = socket$inet(0x2, 0x3, 0x0) setsockopt$inet_int(r0, 0x0, 0x42, &(0x7f0000000000)=0x3, 0x4) setgroups(0x0, 0x0) access(0x0, 0x0) kqueue() shmctl$IPC_STAT(0x0, 0x2, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f00000023c0)={@random="57001000", @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x65, 0x0, 0x1, 0x2, 0x0, @rand_addr=0x1000, @multicast1}, @icmp=@generic={0x11, 0x2, 0x0, "a759442b"}}}}}) 283.800702ms ago: executing program 3 (id=135): mkdir(&(0x7f0000000340)='./file\x00', 0x0) mkdir(&(0x7f00000000c0)='./file/file0\x00', 0x0) mkdir(&(0x7f0000000080)='./file/file0/../\x00', 0x0) chdir(&(0x7f0000000400)='./file/file0/..//file0\x00') r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x41) mkdirat(r0, &(0x7f0000000180)='./file1\x00', 0x5f) chdir(&(0x7f0000000040)='./file1\x00') renameat(r0, &(0x7f0000000200)='./file1\x00', r0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x200, 0x0) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000580)=[&(0x7f00000000c0)='/!#\x00'], 0x0) 278.264254ms ago: executing program 0 (id=136): kqueue() mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) listen(0xffffffffffffffff, 0x0) fork() r0 = shm_open2(&(0x7f0000000080)='./file0\x00', 0x200, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x6, 0x10, r0, 0x0) freebsd11_mknod(0x0, 0x1000, 0x800) open(0x0, 0x0, 0x1a1) kqueue() msync(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1) 277.928356ms ago: executing program 2 (id=137): socket(0x1c, 0x1, 0x0) mlock(&(0x7f00009f8000/0x4000)=nil, 0x4000) munmap(&(0x7f00008b2000/0x1000)=nil, 0x1000) r0 = shmget$private(0x0, 0x2000, 0x7, &(0x7f0000844000/0x2000)=nil) shmat(r0, &(0x7f0000fed000/0x4000)=nil, 0x7000) munmap(&(0x7f0000fd6000/0x1000)=nil, 0x1000) mprotect(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x0) munlockall() r1 = shmget$private(0x0, 0x11000, 0x0, &(0x7f0000fec000/0x11000)=nil) shmat(r1, &(0x7f0000fed000/0x4000)=nil, 0x7000) 244.752937ms ago: executing program 2 (id=138): r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x200, 0x24) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200201, 0x0) aio_write(&(0x7f0000000240)={r1, 0x80000001, &(0x7f0000000040)="e2", 0x1, [0x0, 0x1ff], 0x0, 0x0, 0x10000, {0x0, 0x7, 0x0}, {0x0, 0x0, @sival_int, @ke_flags=0x9fc040a3bd851cce}}) r2 = open(&(0x7f0000000480)='./file0\x00', 0x80400000000206, 0x0) mlockall(0x2) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x20011, r2, 0x0) r3 = open$dir(&(0x7f0000001240)='./file0\x00', 0x40000400000002c2, 0x0) copy_file_range(r3, 0x0, r2, &(0x7f0000000080)=0x2ffff, 0xf, 0x0) readv(r2, &(0x7f0000000380)=[{&(0x7f0000000300)=""/77, 0x4d}], 0x1) preadv(r0, &(0x7f0000000880)=[{&(0x7f00000003c0)=""/185, 0xb9}], 0x1, 0x4) 214.802116ms ago: executing program 0 (id=139): setrlimit(0x6, &(0x7f0000000000)={0x10000000000b35d, 0x800000b35d}) mlockall(0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200201, 0x0) aio_write(&(0x7f0000000240)={r0, 0x80000001, &(0x7f0000000300)="e2", 0x1, [], 0x0, 0x0, 0x0, {0x0, 0x0, 0x0}, {0x0, 0x0, @sival_int, @spare}}) r1 = open(&(0x7f0000000480)='./file0\x00', 0x80, 0x2) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x7, 0x12, r1, 0x0) r2 = open$dir(&(0x7f0000000240)='./file0\x00', 0x40000400000002c2, 0x0) pwritev(r2, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x1, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 195.857288ms ago: executing program 3 (id=140): r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) bind(r0, &(0x7f0000000100)=@in6={0xffffffffffffff95, 0x1c, 0x2, 0x0, @empty}, 0x1c) listen(r0, 0x5) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) r2 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r2, &(0x7f0000000180)={0xffffffffffffff5f, 0x1c, 0x2, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000180)={0x1c, 0x1c, 0x2, 0x0, @loopback}, 0x1c) r3 = dup2(r0, r1) accept4$inet(r3, 0x0, 0x0, 0x0) 77.645685ms ago: executing program 3 (id=141): mkdir(&(0x7f0000001040)='./file0\x00', 0x1) r0 = open$dir(&(0x7f0000000080)='.\x00', 0x2000000, 0x0) r1 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) r2 = kqueue() kevent(r2, &(0x7f0000000000)=[{0x4, 0xfffffffffffffffe, 0x8085, 0x1, 0x0, 0x0, [0x0, 0x0, 0x0, 0x1]}], 0x1, 0x0, 0x0, 0x0) mkdirat(r1, &(0x7f00000001c0)='./file1\x00', 0x0) renameat(r1, &(0x7f0000000200)='./file1\x00', r1, &(0x7f0000000140)='./file0/file0\x00') mkdir(&(0x7f0000000040)='./file1\x00', 0x0) renameat(r0, &(0x7f0000000340)='./file0/file0\x00', r1, &(0x7f0000000380)='./file1\x00') 0s ago: executing program 3 (id=142): r0 = kqueue() kevent(r0, &(0x7f0000000040)=[{0x0, 0xfffffffffffffffa, 0x5, 0x1, 0x3c, 0x6}], 0x1, &(0x7f0000000100), 0x5, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0) r1 = socket(0x18, 0x1, 0x0) fcntl$dupfd(r1, 0x2, 0xffffffffffffffff) kevent(0xffffffffffffffff, &(0x7f0000000080)=[{0x0, 0xfffffffffffffffb, 0x45, 0xf0000000, 0x2ef5, 0x6}], 0x1005, 0x0, 0x37, 0x0) kevent(r0, &(0x7f0000000000), 0x3ff, 0x0, 0x8000800, 0x0) acct(0x0) acct(&(0x7f0000000080)='./file0\x00') kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.193' (ED25519) to the list of known hosts. Warning! syz-executor[916] uses SF_SYNC sendfile(2) flag. Please follow up to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287348. To be removed in FreeBSD 16 vnode_pager_putpages: zero-length write at 0 resid 8192 0xfffffe006df31000: type VREG state VSTATE_CONSTRUCTED op 0xffffffff837132c0 usecount 5, writecount 3, refcount 35 seqc users 0 hold count flags () flags (VIRF_PGREAD|VMP_LAZYLIST) v_object 0xfffffe00541289b0 ref 1 pages 264 cleanbuf 24 dirtybuf 9 lock type ufs: EXCL by thread 0xfffffe005413b000 (pid 990, syz-executor, tid 100316) nlink=1, effnlink=1, size=1048576, extsize 0 generation=c9f7c0da, uid=0, gid=0, flags=0x40008 ino 103, on dev gpt/rootfs Connection to 10.128.1.193 closed by remote host. FreeBSD/amd64 (ci-freebsd-main-4.us-central1-b.c.syzkaller.internal) (ttyu0) login: Jan 1 00:00:09 ci-freebsd-main-4 dhclient[334]: connection closed Jan 1 00:00:09 ci-freebsd-main-4 dhclient[334]: exiting. FreeBSD/amd64 (ci-freebsd-main-4.us-central1-b.c.syzkaller.internal) (ttyu0) login: panic: handle_written_inodeblock: live inodedep 0xfffffe005815a300 cpuid = 1 time = 11 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056b021d0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056b02330 vpanic() at vpanic+0x257/frame 0xfffffe0056b024f0 panic() at panic+0xb5/frame 0xfffffe0056b025b0 handle_written_inodeblock() at handle_written_inodeblock+0xf69/frame 0xfffffe0056b026f0 softdep_disk_write_complete() at softdep_disk_write_complete+0x87b/frame 0xfffffe0056b02800 bufdone() at bufdone+0x69c/frame 0xfffffe0056b028b0 g_io_deliver() at g_io_deliver+0x6ac/frame 0xfffffe0056b029b0 g_io_deliver() at g_io_deliver+0x6ac/frame 0xfffffe0056b02ab0 g_io_deliver() at g_io_deliver+0x6ac/frame 0xfffffe0056b02bb0 g_disk_done() at g_disk_done+0x26d/frame 0xfffffe0056b02c70 dadone() at dadone+0xda8/frame 0xfffffe0056b02da0 xpt_done_process() at xpt_done_process+0x8e2/frame 0xfffffe0056b02e10 xpt_done_td() at xpt_done_td+0x2bc/frame 0xfffffe0056b02ef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0056b02f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0056b02f30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 4 tid 100045 ] Stopped at kdb_enter+0x6e: movq $0,0x25c45c7(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff827cb4c0 .str.27 rsp 0xfffffe0056b02310 rbp 0xfffffe0056b02330 rsi 0 rdi 0xffffffff81614a99 printf+0x149 r8 0 r9 0xffffffff r10 0xe3cb9b83e403d02b r11 0 r12 0xfffffe0007824000 r13 0xfffffffffffffffd r14 0xffffffff827cb4c0 .str.27 r15 0 rip 0xffffffff815fe5ce kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25c45c7(%rip) db> show proc Process 4 (cam) at 0xfffffe0007807000: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff83b4d060 ABI: null flag: 0x10000284 flag2: 0 reaper: 0xffffffff83b4d060 reapsubtree: 4 sigparent: 20 vmspace: 0xffffffff83b4e040 (map 0xffffffff83b4e040) (map.pmap 0xffffffff83b4e0e0) (pmap 0xffffffff83b4e150) threads: 3 100045 Run CPU 1 [doneq0] 100046 D - 0xffffffff838e62c0 [async] 100075 D - 0xffffffff838e6140 [scanner] db> ps pid ppid pgrp uid state wmesg wchan cmd 1056 766 766 0 R (threaded) syz-executor 100270 RunQ syz-executor 100368 S kqread 0xfffffe0057da2800 syz-executor 1053 763 763 0 R (threaded) syz-executor 100118 D mbusy 0xfffffe0054148c18 syz-executor 100364 Run CPU 0 syz-executor 1052 765 765 0 D (threaded) syz-executor 100103 S nanslp 0xffffffff83ba3c41 syz-executor 100363 D biowr 0xfffffe0007c028c8 syz-executor 100366 S uwait 0xfffffe005963bd80 syz-executor 1051 1 763 0 S uwait 0xfffffe005963b380 syz-executor 1046 1045 764 0 SV lockf 0xfffffe0007673280 syz-executor 1045 764 764 0 D (threaded) syz-executor 100097 S nanslp 0xffffffff83ba3c41 syz-executor 100356 S lockf 0xfffffe0058590500 syz-executor 100357 D ppwait 0xfffffe005412f520 syz-executor 100358 S uwait 0xfffffe00584eb680 syz-executor 1038 0 0 0 DL - 0xffffffff83b4e500 [accounting] 1035 1 1035 0 Ss+ ttyin 0xfffffe00585cdcb0 getty 1034 1 1034 0 Ss+ ttyin 0xfffffe00585cd8b0 getty 1033 1 1033 0 Ss+ ttyin 0xfffffe00585ce0b0 getty 1032 1 1032 0 Ss+ ttyin 0xfffffe00585cd4b0 getty 1031 1 1031 0 Ss+ ttyin 0xfffffe005828dcb0 getty 1029 1 1029 0 Ss+ ttyin 0xfffffe00585cd0b0 getty 1028 1 1028 0 Ss+ ttyin 0xfffffe005828d8b0 getty 1027 1 1027 0 Ss+ ttyin 0xfffffe00585cccb0 getty 1023 1 1023 0 Ss+ ttyin 0xfffffe00582904b0 getty 997 1 766 0 S uwait 0xfffffe005963bc80 syz-executor 992 1 766 0 S uwait 0xfffffe005963b280 syz-executor 989 1 763 0 S uwait 0xfffffe005963b080 syz-executor 982 1 763 0 S uwait 0xfffffe00584ebe80 syz-executor 967 1 766 0 S uwait 0xfffffe005963ba80 syz-executor 966 1 766 0 S uwait 0xfffffe005963c400 syz-executor 953 1 766 0 S uwait 0xfffffe00584eb480 syz-executor 946 1 766 0 S uwait 0xfffffe00584eb580 syz-executor 944 1 763 0 S uwait 0xfffffe00584eb880 syz-executor 940 1 763 0 S uwait 0xfffffe00584eb780 syz-executor 907 1 764 0 S uwait 0xfffffe005825a500 syz-executor 893 1 763 0 S uwait 0xfffffe005825a400 syz-executor 891 1 763 0 S uwait 0xfffffe005963dc80 syz-executor 887 1 763 0 S uwait 0xfffffe005825af00 syz-executor 884 1 764 0 S uwait 0xfffffe005963c700 syz-executor 818 1 764 0 S uwait 0xfffffe00584eb180 syz-executor 813 1 763 0 SV uwait 0xfffffe005825aa00 syz-executor 808 0 0 0 DL aiordy 0xfffffe0054107040 [aiod4] 807 0 0 0 DL aiordy 0xfffffe00541075a0 [aiod3] 806 0 0 0 DL aiordy 0xfffffe0054107b00 [aiod2] 805 0 0 0 DL aiordy 0xfffffe00540cbb00 [aiod1] 766 762 766 0 S nanslp 0xffffffff83ba3c41 syz-executor 765 762 765 0 S nanslp 0xffffffff83ba3c41 syz-executor 764 762 764 0 S nanslp 0xffffffff83ba3c41 syz-executor 763 762 763 0 S nanslp 0xffffffff83ba3c41 syz-executor 762 1 760 0 S select 0xfffffe0053ffb640 syz-executor 737 1 17 0 S+ piperd 0xfffffe006df3d5c0 logger 736 735 17 0 S+ nanslp 0xffffffff83ba3c41 sleep 735 1 17 0 S+ wait 0xfffffe0054004b00 sh 685 1 685 0 Ss nanslp 0xffffffff83ba3c41 cron 681 1 681 0 Ss select 0xfffffe00593ecec0 sshd 494 1 494 0 Ss select 0xfffffe0053ffbcc0 syslogd 16 0 0 0 DL syncer 0xffffffff83cc1820 [syncer] 15 0 0 0 DL vlruwt 0xfffffe0054002560 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cbfd60 [bufdaemon] 100082 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100094 D sdflush 0xfffffe005828d4e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d0acc0 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83cf0d88 [dom0] 100080 D launds 0xffffffff83cf0d94 [laundry: dom0] 100081 D umarcl 0xffffffff81de0e10 [uma] 7 0 0 0 DL - 0xffffffff8391c5d8 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff848579e0 [pf purge] 5 0 0 0 DL waiting 0xffffffff844b6700 [sctp_iterator] 4 0 0 0 RL (threaded) [cam] 100045 Run CPU 1 [doneq0] 100046 D - 0xffffffff838e62c0 [async] 100075 D - 0xffffffff838e6140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83cec640 [crypto] 100043 D crypto_ 0xfffffe0057d43030 [crypto returns 0] 100044 D crypto_ 0xfffffe0057d43080 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b4c620 [g_event] 100038 D - 0xffffffff83b4c640 [g_up] 100039 D - 0xffffffff83b4c660 [g_down] 2 0 0 0 WL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809040 [init] 10 0 0 0 DL audit_w 0xffffffff83ced0e0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c3dff0 [swapper] 100005 D - 0xfffffe0007768d00 [softirq_0] 100006 D - 0xfffffe0007768b00 [softirq_1] 100007 D - 0xfffffe0007768900 [if_io_tqg_0] 100008 D - 0xfffffe0007768700 [if_io_tqg_1] 100009 D - 0xfffffe0007768500 [if_config_tqg_0] 100010 D - 0xfffffe00083db100 [kqueue_ctx taskq] 100011 D - 0xfffffe00083db000 [jail_remove taskq] 100012 D - 0xfffffe00083dae00 [bus taskq] 100015 D - 0xfffffe00083da900 [thread taskq] 100017 D - 0xfffffe00083da600 [aiod_kick taskq] 100018 D - 0xfffffe00083da500 [deferred_unmount ta] 100019 D - 0xfffffe00083da400 [inm_free taskq] 100020 D - 0xfffffe00083da300 [in6m_free taskq] 100021 D - 0xfffffe00083da200 [linuxkpi_irq_wq] 100022 D - 0xfffffe00083da100 [linuxkpi_short_wq_0] 100023 D - 0xfffffe00083da100 [linuxkpi_short_wq_1] 100024 D - 0xfffffe00083da100 [linuxkpi_short_wq_2] 100025 D - 0xfffffe00083da100 [linuxkpi_short_wq_3] 100026 D - 0xfffffe00083da000 [linuxkpi_long_wq_0] 100027 D - 0xfffffe00083da000 [linuxkpi_long_wq_1] 100028 D - 0xfffffe00083da000 [linuxkpi_long_wq_2] 100029 D - 0xfffffe00083da000 [linuxkpi_long_wq_3] 100036 D - 0xfffffe00083d9900 [firmware taskq] 100040 D - 0xfffffe0057d47300 [crypto_0] 100041 D - 0xfffffe0057d47300 [crypto_1] 100056 D - 0xfffffe00083dd200 [vtnet0 rxq 0] 100057 D - 0xfffffe0058145500 [vtnet0 txq 0] 100058 D - 0xfffffe0058145400 [vtnet0 rxq 1] 100059 D - 0xfffffe0058145300 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe0057d67400 [virtio_balloon] 100065 D - 0xffffffff827cfba0 [deadlkres] 100069 D - 0xfffffe0057d46e00 [acpi_task_0] 100070 D - 0xfffffe0057d46e00 [acpi_task_1] 100071 D - 0xfffffe0057d46e00 [acpi_task_2] 100073 D - 0xfffffe00083dca00 [mca taskq] 100074 D - 0xfffffe0057d46b00 [CAM taskq] 100076 D - 0xfffffe0058142300 [ipsec_offload] db> show all locks Process 1053 (syz-executor) thread 0xfffffe0054132000 (100364) shared sx vm map (user) (vm map (user)) r = 0 (0xfffffe0054148bc8) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:4998 Process 1052 (syz-executor) thread 0xfffffe0054142000 (100363) exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007c02948) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:4022 exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006df31228) locked @ /syzkaller/managers/main/kernel/sys/ufs/ufs/ufs_vnops.c:2953 Process 4 (cam) thread 0xfffffe0007824000 (100045) exclusive rw SUrw (SUrw) r = 0 (0xfffffe005828d400) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:11283 db> show malloc Type InUse MemUse Requests pf_hash 6 12804K 6 linker 376 5079K 486 tcp_hpts 7 4801K 7 devbuf 4187 4323K 4212 sysctloid 34891 2055K 34966 vtbuf 24 1968K 46 kobj 330 1320K 494 newblk 23 1030K 1611 vfscache 3 1025K 3 pcb 26 671K 91 inodedep 14 517K 467 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 filedesc 52 409K 391 subproc 154 294K 1145 vnet_data 2 224K 2 acpitask 1 224K 1 KTRACE 100 200K 100 acpica 1674 184K 54426 vmem 5 144K 7 tidhash 3 141K 3 pagedep 12 131K 215 tfo_ccache 1 128K 1 IP reass 1 128K 1 sem 4 106K 4 DEVFS1 106 106K 123 gtaskqueue 18 98K 18 bus 997 82K 5063 mtx_pool 3 74K 3 syncache 1 68K 1 NFSD srvcache 3 68K 3 module 521 66K 521 ddb_capture 1 64K 1 temp 32 53K 2002 kdtrace 222 44K 1428 umtx 336 42K 336 hostcache 1 32K 1 shm 1 32K 3 DEVFS3 125 32K 135 msg 4 30K 4 kbdmux 6 28K 6 DEVFS_RULE 56 20K 56 ifaddr 66 19K 68 ufs_mount 4 17K 5 proc 3 17K 3 LRO 16 17K 16 tty 16 16K 16 routetbl 124 16K 395 ithread 90 15K 90 bus-sc 34 15K 1647 eventhandler 163 14K 163 lltable 43 14K 43 ifnet 7 13K 7 ether_multi 152 13K 162 kenv 95 12K 95 GEOM 49 11K 431 CAM queue 5 11K 1528 rman 82 10K 437 rpc 8 9K 8 in6_multi 65 9K 65 bmsafemap 3 9K 385 devstat 4 9K 4 UART 12 9K 12 ksem 1 8K 2 filemon 1 8K 3 shmfd 1 8K 2 pfs_vncache 1 8K 1 audit_evclass 240 8K 303 plimit 20 8K 690 taskqueue 69 8K 72 sglist 6 7K 6 CAM DEV 3 6K 510 cred 22 6K 222 pfs_nodes 22 6K 22 kqueue 69 5K 1165 ufs_dirhash 24 5K 30 UMA 266 5K 266 pf_ifnet 10 5K 19 vt 11 5K 11 pwddesc 65 5K 1066 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 lockf 39 4K 280 acpisem 28 4K 28 terminal 11 3K 11 DEVFSP 42 3K 55 acpidev 20 3K 20 hhook 8 3K 10 clone 9 3K 9 kcovinfo 36 3K 36 proc-args 81 3K 2160 uidinfo 2 3K 11 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 ip6ndp 12 2K 14 session 15 2K 56 Unitno 31 2K 465 sctp_ifa 13 2K 14 selfd 26 2K 72723 CAM XPT 22 2K 543 sctp_timw 6 2K 6 in_multi 6 2K 8 tun 4 2K 4 toponodes 6 2K 6 ipsecpolicy 2 2K 2 dirrem 5 2K 361 msi 9 2K 9 netlink 2 2K 73 softdep 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 nhops 6 1K 8 vnodemarker 2 1K 24 NFSD session 1 1K 1 diradd 7 1K 375 CAM periph 4 1K 271 ipsec 3 1K 3 sctp_ifn 6 1K 14 indirdep 3 1K 392 mld 6 1K 6 igmp 6 1K 6 pfil 6 1K 6 BPF 6 1K 16 isadev 6 1K 6 mount 16 1K 418 pci_link 10 1K 10 newdirblk 5 1K 188 crypto 4 1K 6 encap_export_host 12 1K 12 osd 9 1K 57 mkdir 4 1K 376 CC Mem 4 1K 41 cdev 2 1K 2 lkpikmalloc 8 1K 9 counter_rate 13 1K 13 sctp_atcl 1 1K 26 freefile 3 1K 287 chacha20random 1 1K 1 biobuf 1 1K 1 select 3 1K 38 inpcbpolicy 11 1K 230 ip6_msource 4 1K 5 vnodes 1 1K 2 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 CAM SIM 2 1K 2 feeder 7 1K 7 tcpfunc 3 1K 3 loginclass 3 1K 5 prison 6 1K 6 nexusdev 8 1K 8 apmdev 1 1K 1 atkbddev 2 1K 2 VN POLL 1 1K 22 aio 4 1K 4 pmchooks 1 1K 1 CAM path 4 1K 1034 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 filecaps 3 1K 83 cryptodev 1 1K 48 sctp_vrf 1 1K 1 vnet 1 1K 1 pmc 1 1K 1 filedesc_to_leader 1 1K 2 entropy 2 1K 34 acpiintr 1 1K 1 soname 2 1K 3374 sctp_atky 1 1K 31 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 sctp_athm 1 1K 27 freework 1 1K 456 p1003.1b 1 1K 1 pf_table 0 0K 0 pf_rule 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_krule_item 0 0K 0 pf_temp 0 0K 0 mqdata 0 0K 0 ipcomp 0 0K 0 esp 0 0K 0 ah 0 0K 0 tcp_pcm_rack 0 0K 0 tcp_do_rack 0 0K 0 tcp_fsb_rack 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 3 sctp_iter 0 0K 12 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 12 sctp_aadr 0 0K 0 sctp_stro 0 0K 6 sctp_stri 0 0K 6 sctp_map 0 0K 12 madt_table 0 0K 2 smartpqi 0 0K 0 ixl 0 0K 0 ice-resmgr 0 0K 0 ice-osdep 0 0K 0 ice 0 0K 0 iavf 0 0K 0 axgbe 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 NMI handlers 0 0K 0 bounce 0 0K 0 busdma 0 0K 0 qpidrv 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 amdiommu_dom 0 0K 0 amdiommu_ctx 0 0K 0 isci 0 0K 0 iommu_dmamap 0 0K 0 hyperv_socket 0 0K 0 bxe_ilt 0 0K 0 aesni_data 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 269 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 11 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freeblks 0 0K 241 freefrag 0 0K 63 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 ktls_ocf 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS_RX 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EN 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5DUMP 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 simple_attr 0 0K 0 seq_file 0 0K 0 lkpiskb 0 0K 0 radix 0 0K 0 idr 0 0K 0 lkpindev 0 0K 0 lkpimhi 0 0K 0 lkpifw 0 0K 0 lkpi80211 0 0K 0 NLM 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6opt 0 0K 8 ip6_moptions 0 0K 2 in6_mfilter 0 0K 7 frag6 0 0K 0 tcplog 0 0K 0 tcp_hwpace 0 0K 0 ip_msource 0 0K 0 ip_moptions 0 0K 2 in_mfilter 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 19 fadvise 0 0K 0 statfs 0 0K 189 namei_tracker 0 0K 2 inotify 0 0K 57 export_host 0 0K 0 cl_savebuf 0 0K 41 lio 0 0K 3 acl 0 0K 0 mbuf_tag 0 0K 0 ktls 0 0K 0 accf 0 0K 0 pts 0 0K 0 timerfd 0 0K 0 procdesc 0 0K 10 iov 0 0K 14092 ioctlops 0 0K 105 eventfd 0 0K 0 Witness 0 0K 0 stack 0 0K 0 sbuf 0 0K 318 firmware 0 0K 0 compressor 0 0K 0 SWAP 0 0K 0 sysctltmp 0 0K 696 sysctl 0 0K 3 ekcd 0 0K 0 dumper 0 0K 0 sendfile 0 0K 24 rctl 0 0K 0 cache 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 1 pwd 0 0K 0 tty console 0 0K 0 boottrace 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 tmpfs dir 0 0K 0 tmpfs name 0 0K 0 tmpfs mount 0 0K 0 tmpfs extattr 0 0K 0 NFS FHA 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroff 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 xnb 0 0K 0 xen_acpi 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 pvscsi 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 twsbuf 0 0K 0 tcp_log_dev 0 0K 0 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 SIIS driver 0 0K 0 PUC 0 0K 0 ppbusdev 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 mpi3mrbuf 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 mps_user 0 0K 0 MPSSAS 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 mpr 0 0K 0 mfibuf 0 0K 0 md_sectors 0 0K 0 md_disk 0 0K 1 malodev 0 0K 0 LED 0 0K 0 ix_sriov 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 ciss_data 0 0K 0 BACKLIGHT 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 acpipwr 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 aacraidcam 0 0K 0 aacraid_buf 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 XZ_DEC 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 scsi_pass 0 0K 0 scsi_da 0 0K 70 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 nvme_da 0 0K 0 CAM CCB 0 0K 523 CAM ccb queue 0 0K 0 db> show uma Zone Size Used Free Requests Sleeps Bucket Total Mem XFree mbuf_jumbo_page 4096 8320 1078 14741 0 254 38494208 0 mbuf 256 8618 1044 21193 0 254 2473472 0 BUF TRIE 152 332 11472 1770 0 62 1794208 0 malloc-4096 4096 395 13 1549 0 2 1671168 0 malloc-384 384 4121 49 4468 0 30 1601280 0 malloc-128 128 11463 131 11898 0 126 1484032 0 tcp_log 416 3327 237 7532 0 254 1482624 0 RADIX NODE 152 7791 1226 38338 0 62 1370584 0 UMA Slabs 0 112 10993 17 10993 0 126 1233120 0 sctp_asoc 2256 0 510 6 0 254 1150560 0 mbuf_cluster 2048 508 0 508 0 254 1040384 0 vmem btag 56 16764 123 16764 0 254 945672 0 FFS inode 1168 542 32 832 0 8 670432 0 malloc-65536 65536 9 1 12 0 1 655360 0 sctp_ep 1152 1 510 13 0 254 588672 0 malloc-64 64 544 8654 74312 0 254 588672 0 socket 1024 19 489 1482 0 254 520192 0 lkpicurr 168 2 3094 2 0 62 520128 0 malloc-16384 16384 26 3 191 0 1 475136 0 pbuf 2624 0 166 0 0 2 435584 0 malloc-32768 32768 5 7 339 0 1 393216 0 sctp_raddr 736 0 517 6 0 254 380512 0 malloc-2048 2048 106 78 636 0 8 376832 0 256 Bucket 2048 170 6 1131 0 8 360448 0 VM OBJECT 248 1032 408 16283 0 62 357120 0 malloc-65536 65536 4 1 114 0 1 327680 0 THREAD 1860 156 12 368 0 8 312480 0 VNODE 440 581 112 873 0 30 304920 0 malloc-64 64 4173 174 6207 0 254 278208 0 malloc-16 16 14398 352 14484 0 254 236000 0 DEVCTL 1024 20 200 147 0 0 225280 0 malloc-256 256 337 533 3119 0 62 222720 0 MAP ENTRY 96 1296 720 51247 0 126 193536 0 UMA Zones 768 238 1 238 0 16 183552 0 malloc-32 32 5334 336 5378 0 254 181440 0 malloc-128 128 1213 182 25395 0 126 178560 0 lkpimm 56 1 3095 1 0 254 173376 0 unpcb 320 7 509 1211 0 254 165120 0 FPU_save_area 832 158 40 522 0 16 164736 0 malloc-32768 32768 3 2 14 0 1 163840 0 malloc-1024 1024 124 36 867 0 16 163840 0 FFS2 dinode 256 542 88 832 0 62 161280 0 S VFS Cache 104 993 411 1324 0 126 146016 0 malloc-65536 65536 2 0 2 0 1 131072 0 malloc-65536 65536 2 0 2 0 1 131072 0 malloc-65536 65536 0 2 84 0 1 131072 0 mbuf_packet 256 0 508 248 0 254 130048 0 PROC 1376 64 24 1058 0 8 121088 0 ksiginfo 112 73 971 178 0 126 116928 0 malloc-128 128 522 253 3921 0 126 99200 0