last executing test programs: 383.735944ms ago: executing program 0 (id=1): unveil(&(0x7f0000000280)='.\x00', &(0x7f00000002c0)='r\x00') r0 = open(&(0x7f0000000100)='.\x00', 0x200, 0x0) r1 = socket(0x11, 0x3, 0x8) sendto$unix(r1, &(0x7f0000000100)="b10005016000009f0500050007000000001813fecea10500fef96ecfc72fd3357ae302b37b673039d2d236acf20b7804be38164991f7c8cf5f882b297be1aa5b23edeb51e2f0ac3ebbc257699a1f139b672f4d335c223e7d026ba8af630037282102000000720fd38bfbb770c116a972c881ea772ec5890400000000ff0000361b1257aea8c500002002fbff0c1300008a09000000000008e37195f800040700000080042000"/177, 0xb1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000001c0)={&(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/186, 0xba}], 0x1, &(0x7f0000000140)=""/39, 0x27}, 0x7a8b}, 0x10, 0x0, &(0x7f0000000200)={0x7fffffff, 0x2}) 379.71664ms ago: executing program 7 (id=8): r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000040), 0x462, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f00000000c0)={'tap', 0x0}) ioctl$BIOCSHDRCMPLT(r0, 0x80044275, &(0x7f0000000080)=0x1) write(r0, &(0x7f0000000000)="7696e5f343008c37cea8615ac7cf", 0xe) preadv(r0, &(0x7f00000004c0)=[{&(0x7f0000000180)=""/192, 0xc0}, {&(0x7f0000000240)=""/17, 0x11}, {&(0x7f0000000280)=""/7, 0x7}, {&(0x7f00000002c0)=""/201, 0xc9}, {&(0x7f00000003c0)=""/221, 0xdd}], 0x5, 0xffffffff) ioctl$BIOCSFILDROP(r0, 0x80044279, &(0x7f0000000140)) sysctl$net_inet_carp(&(0x7f0000000100)={0x4, 0x2, 0x70, 0x2}, 0x400000000000031e, 0x0, 0x0, 0x0, 0x0) 367.590948ms ago: executing program 1 (id=2): openat$speaker(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x205b9a) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$FIONBIO(r0, 0x82907003, &(0x7f0000000140)=0x3) mknod(&(0x7f0000000240)='./file0\x00', 0x2000, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) mknod(&(0x7f0000000040)='./bus\x00', 0x100000000205f, 0x0) mknod(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x0) link(&(0x7f0000000340)='./bus\x00', &(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') ktrace(&(0x7f0000000000)='./file0\x00', 0x0, 0x100, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0xa01, 0x40) setrlimit(0x6, &(0x7f00000000c0)) mmap(&(0x7f000000d000/0x2000)=nil, 0x2000, 0x0, 0x10, r1, 0x0) mlockall(0x1) munlock(&(0x7f000000d000/0x3000)=nil, 0x3000) getrusage(0x1, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) open(&(0x7f0000000000)='./file0\x00', 0x200, 0x20) r2 = getpid() ktrace(&(0x7f0000000280)='./file0\x00', 0x4, 0x928, r2) wait4(r2, 0x0, 0x1, &(0x7f00000002c0)) openat$pci(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r3 = openat$pci(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0) ioctl$PCIOCREAD(r3, 0xc0107008, &(0x7f0000000540)) unveil(&(0x7f0000000080)='.\x00', &(0x7f0000000000)='x\x00') open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000001b00)={@random="e9b20ade6444", @random="cdd8e05c00", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x1ff, 0x0, 0x0, 0x0, @empty, @local={0xac, 0x14, 0x0}}, @udp={{0x1, 0x2, 0x8}}}}}}) syz_emit_ethernet(0xf0, &(0x7f0000000000)={@local, @remote, [{[], {0x8100, 0x6}}], {@generic={0x803a, "752ca6369dab8b64b8a31a1bc5e84d0fb18f3a16339f24d9225a5f8bc7b8d5c9a97ae98ae9ffedf65729f246acc076c3619f522ffc6e9aadde98745fe509fbeb3bae75576ff4d3cbc376e0392983b140baeee2930518b694dc60833dc785d484fe33cd68aad7dabb73e6c73304c93384156508698fed5e3369920af740ce6791adf9bfe47141707334c97a2f0167b797f1b6820bec99f660d688d99636102a14a7eafd5e4f08f23a6cd8c8d7f90bfdcadfb34e2ab66762c784e90ac15b28027ebed1e3d83ff439a9ca12b366c896eae960d5daf73cebbaacaac06e21a309"}}}) 334.385328ms ago: executing program 2 (id=3): openat$bpf(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) r0 = openat$bpf(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) (async) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000180)={0x3, &(0x7f0000000240)=[{0x20}, {0x4c, 0x8}, {0x6}]}) syz_emit_ethernet(0x36, &(0x7f00000001c0)=ANY=[]) mkdir(&(0x7f0000000180)='./file0\x00', 0x1e2) mkdir(&(0x7f0000000000)='./file0/file0\x00', 0x0) chroot(&(0x7f0000000100)='./file0/file0\x00') (async) chroot(&(0x7f0000000100)='./file0/file0\x00') openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) unveil(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='c\x00') mknod(&(0x7f0000000280)='./file0\x00', 0x1ffa, 0x0) (async) mknod(&(0x7f0000000280)='./file0\x00', 0x1ffa, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) socket$inet(0x2, 0x0, 0x0) (async) socket$inet(0x2, 0x0, 0x0) setrlimit(0x0, 0x0) (async) setrlimit(0x0, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000001000/0x3000)=nil) shmat(r1, &(0x7f0000001000/0x3000)=nil, 0x0) select(0x2a, 0x0, &(0x7f0000000340), &(0x7f0000001900), &(0x7f0000000440)) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x1022, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000100)=0xc) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='.\x00') openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) fchown(r0, r2, r3) (async) fchown(r0, r2, r3) syz_emit_ethernet(0x7c, &(0x7f00000001c0)={@random="45254534c742", @local, [{[], {0x8100, 0x1, 0x1, 0x4}}], {@generic={0x1814, "9749c81eb2d20c20c7da1d6cb48b956b0674182b04bc95e14aa0443db2e72e201cac8606f5850ace98c48f53d126385295a35b4d992049e205144176ee917e80cca8b2c196ed52e92669d2c9edde27ec5fc5491048f86d1b98123e9a5333e05affa68a3839834ec670df"}}}) 322.434662ms ago: executing program 3 (id=4): ioctl$WSDISPLAYIO_DELFONT(0xffffffffffffffff, 0x8058574f, &(0x7f0000000040)={'./file0\x00', 0x0, 0x4, 0xfffffffe, 0x1, 0x9, 0x3, 0x5, 0x2, 0x1, 0x2, 0x8}) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)=@abs, 0x8) r0 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) ioctl$WSKBDIO_GETMODE(r0, 0x40045714, &(0x7f0000000100)) sysctl$ddb(&(0x7f0000000000)={0x9, 0x5}, 0x2, 0x0, 0x0, 0xfffffffffffffffe, 0x0) 320.513743ms ago: executing program 5 (id=6): r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) (async) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f00000001c0)={0x3, &(0x7f0000000140)=[{0x1d}, {0x80, 0x0, 0x0, 0x2}, {0x416, 0x0, 0x0, 0xfffffffe}]}) (async) syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[]) (async) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async, rerun: 32) mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) (async, rerun: 32) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000640)=[{0x0}, {0x0}, {&(0x7f0000000540)=""/239, 0xef}], 0x3, 0x0}, 0x0) (async) setreuid(0xee00, 0x0) r4 = getuid() setreuid(0x0, r4) r5 = socket(0x2, 0x1, 0x2) (async) fchmod(0xffffffffffffffff, 0x3218b84e33509d91) ioctl$FIONREAD(r5, 0x80206979, &(0x7f0000000000)) setsockopt$sock_int(r3, 0xffff, 0x1004, &(0x7f00000000c0)=0x8000, 0x4) sendto(r2, &(0x7f0000000440)="df", 0xa, 0x0, 0x0, 0x0) (async) sendmmsg(r2, &(0x7f0000000500)={0x0}, 0x10, 0x0) recvmsg(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)=""/218, 0x11d}], 0x1, 0x0}, 0x0) (async, rerun: 32) sendto(r2, &(0x7f0000000280)="e61d6921d404904850d48de053d6d14ee63d8e254c600111c457a9af65b83aeb21", 0x21, 0x0, 0x0, 0x0) (rerun: 32) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff}) getsockopt$sock_cred(r6, 0xffff, 0x1022, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) chown(&(0x7f0000000080)='./file1\x00', 0x0, r7) r8 = openat$diskmap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$DIOCMAP(r8, 0xc0106477, &(0x7f0000000280)={&(0x7f0000000100)='./file1\x00', r1, 0x2}) (async, rerun: 32) chmod(&(0x7f00000000c0)='./file1\x00', 0x13) (async, rerun: 32) chdir(&(0x7f0000000200)='./file1\x00') setreuid(0x0, 0xee01) getuid() (async, rerun: 32) rename(&(0x7f00000003c0)='.\x00', &(0x7f0000000400)='.\x00') (rerun: 32) ioctl$BIOCSETF(r1, 0x80104267, &(0x7f0000000240)={0x3, &(0x7f00000000c0)=[{0x1, 0xf3, 0x1, 0x4}, {0x87, 0x0, 0x8c}, {0x16, 0xff}]}) 121.104397ms ago: executing program 0 (id=9): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) ioctl$BIOCGBLEN(r0, 0x40044266, &(0x7f00000000c0)) setitimer(0x2, &(0x7f0000000000)={{}, {0xffffffff}}, 0x0) 120.518917ms ago: executing program 4 (id=5): syz_emit_ethernet(0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaa4c77b99cbb86dd60c6ea090000000000000100000000e01f00000000000000ff0200000000000000000000000000010001"]) (async) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff}) (async, rerun: 64) r0 = socket(0x18, 0x1, 0x0) (async, rerun: 64) setrlimit(0x8, &(0x7f0000000980)={0x8, 0x51}) r1 = syz_open_pts() close(r1) (async) syz_open_pts() r2 = kqueue() kevent(r2, &(0x7f0000000040)=[{{r1}, 0xfffffffffffffffc, 0x1}], 0x3, 0x0, 0x8, 0x0) (async) bind$inet(r0, &(0x7f0000000140)={0x2, 0x3}, 0xc) syz_emit_ethernet(0x2e, &(0x7f0000000400)={@local, @broadcast, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x14, 0x0}, @remote={0xac, 0x14, 0x0}, {[@lsrr={0x83, 0x3}]}}, @icmp=@echo_reply}}}}) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) (async, rerun: 32) connect$unix(r0, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) (rerun: 32) getsockname(r0, &(0x7f0000000080)=@in6, &(0x7f0000000100)=0xc) (async) syz_emit_ethernet(0x66, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60360b07003028030000000000001c000000000000000000fe80cb650000000000000000000000aa0103907800000000606cdf0000000000312b0d53da5668133292ff"]) (async) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f00000001c0)={0x48, &(0x7f0000000100)}) (async, rerun: 64) sysctl$net_inet_ip(0x0, 0x0, &(0x7f0000000100)="d7a8aac106fa1bee91c724b89283c1477dab85e783af4189a1eaf5f6e8251b1147b330f604ff639b9acd6202c9d8b1aef98ce6eefe", 0x0, 0x0, 0x0) (rerun: 64) r3 = socket(0x1, 0x2, 0x0) (async) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="6c25a03ae7b27b4e7fc0924a22334b9b619f09f993c214bf34de94ee6f878793a443c48892901b940ff2189ae976bd635aa66dd55818d1ca20a7f88c2ad799df41ea701f32e36ab928f0ea3b00ddc5613e3590c04b342a5ec356d4f406e612653d7338e1b59ec0f00de4b65b3f18", 0x6e, 0x0, 0x0, 0x0) ioctl$FIONREAD(r3, 0xc0106924, &(0x7f00000001c0)) (async) r4 = socket(0x18, 0x3, 0x0) ioctl$FIONREAD(r4, 0x8080691a, &(0x7f0000000100)) (async, rerun: 64) r5 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000040), 0x462, 0x0) (rerun: 64) ioctl$BIOCSETIF(r5, 0x8020426c, &(0x7f0000000080)={'tap', 0x0}) (async, rerun: 32) ioctl$BIOCSETWF(r5, 0x80104277, &(0x7f0000000280)={0x3, &(0x7f00000000c0)=[{0x5, 0x65}, {0x5}, {0x6, 0xac, 0x0, 0xffffffff}]}) (async, rerun: 32) write(r5, &(0x7f0000000140)="0000000000009cb8e7b6242a091f", 0xe) (async, rerun: 32) r6 = socket(0x18, 0x1, 0x0) (rerun: 32) poll(&(0x7f0000000040)=[{r6, 0x149}], 0x1, 0x5) (async) syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[]) 119.438659ms ago: executing program 6 (id=7): ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, "ff0107002015c8a32d00000065c0bdf9c6f04aaf"}) sysctl$kern(&(0x7f00000000c0)={0x1, 0x42}, 0x6, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8e5f84cf71b59c7afec37082", &(0x7f0000000080)=0x1918, 0x0, 0x37) mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x40000802) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) unveil(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='r\x00') ioctl$TIOCCONS(r0, 0x80047462, &(0x7f0000000180)=0x3) r1 = socket(0x18, 0x3, 0x0) setsockopt(r1, 0x1000000029, 0x26, &(0x7f0000000000)="5ab7776a", 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r2, 0x0, r3) recvmsg(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)=""/152, 0x98}, {&(0x7f0000000200)=""/76, 0x4c}], 0x2, 0x0}, 0x0) ioctl$LIOCSFD(r4, 0x80046c7f, &(0x7f0000000040)=r1) 110.461016ms ago: executing program 7 (id=10): sysctl$net_inet_tcp(&(0x7f0000000040)={0x4, 0x2, 0x6, 0x1f}, 0x4, 0x0, 0x0, &(0x7f0000000000)="99ff2cde", 0x4) 109.879447ms ago: executing program 4 (id=11): ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000440)={0x2, &(0x7f00000000c0)=[{}, {0x1}]}) sysctl$kern(&(0x7f00000000c0)={0x1, 0x4f}, 0x3, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8efdb4cf71c37082", &(0x7f0000000000)=0x2, 0x0, 0x37) semop(0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x1, 0x0) close(r0) socket(0x18, 0x3, 0x3a) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) mknod(&(0x7f0000000280)='./file0\x00', 0x1ffa, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x2, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fcntl$lock(r1, 0x7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000300010008, 0xffffffffffffffff}) write(r0, &(0x7f0000000100)="00003226a4a9000064e7c803d2a423735d33a4dd", 0x14) bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0xa) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f0000000440)={0x2, &(0x7f00000000c0)=[{}, {0x1}]}) (async) sysctl$kern(&(0x7f00000000c0)={0x1, 0x4f}, 0x3, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8efdb4cf71c37082", &(0x7f0000000000)=0x2, 0x0, 0x37) (async) semop(0x0, 0x0, 0x0) (async) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) socket(0x18, 0x1, 0x0) (async) close(r0) (async) socket(0x18, 0x3, 0x3a) (async) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) (async) mknod(&(0x7f0000000280)='./file0\x00', 0x1ffa, 0x0) (async) open$dir(&(0x7f0000000000)='./file0\x00', 0x2, 0x0) (async) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) (async) fcntl$lock(r1, 0x7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000300010008, 0xffffffffffffffff}) (async) write(r0, &(0x7f0000000100)="00003226a4a9000064e7c803d2a423735d33a4dd", 0x14) (async) bind$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0xa) (async) 109.593057ms ago: executing program 7 (id=12): sysctl$kern(&(0x7f0000000280)={0x1, 0x44}, 0x3, &(0x7f00000003c0)="8b5ea54a413c745995d4a95b979bb64d0541e6a50849f2861cc5f3e014d9ea6bba61da747d3cd9a068b38d0bb67a985e46184f42a6c16a68078392dee63af6e601c0865da92ccdbbf8b85cb74d593a4d771ba5adb1403ae15565ef56d99f35fcc544e7a02a6c038ad8350c06a67bb9150e72e4f7e3084bf8a8cd1f65c4f707722236a4bc53e00f6e41aaea38a0c4e09508e1e439d617879713ed556c9f38b1213fe3ebb3d05a1fb9af890b38975b0a67fee19a5840f6e655d79e6d8596f328b0a7315e826f5b2d2ef536e5c9fa3e6af4a8c312e71e7da86dd5ea55f5a6a153b43941fab0217cbe2a5fbfc598f2f1bdd630558d225116d927d6d4c600418246ac0b6dde68455e73bcbe8a3d", &(0x7f00000002c0)=0x12, &(0x7f0000000300)="6675ce01f40d6aca4f5b680c7e17a4db799bb2480f1b4e922dd582704df696f66891b95981f7d920436699f59f5bcdb142bd08777d3dfee17dabe90c8f0d3defb72a65e0583485bfd0ab622d2267677a928d2d3d84731c57b234e88df06caf4fee4aa32022541c8c057f1c601f54d25fec982caee472cbce44bb86c6d5b25c6ba673915108c6f254cc12f9287a60000fbbf686386e3e", 0x96) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/254, 0xfffffc47}, {&(0x7f00000003c0)=""/171, 0xab}, {&(0x7f00000002c0)=""/243, 0xe2}], 0x134, 0x0) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$BIOCSETF(r1, 0x80104267, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x14}, {0x16}]}) ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@broadcast, @local, [], {@ipv6={0x86dd, {0x4, 0x6, "c64351", 0x8, 0x29, 0x2f, @empty, @ipv4={'\x00', '\xff\xff', @remote={0xac, 0x14, 0x0}}, {[], @icmpv6=@ndisc_rs}}}}}) mquery(&(0x7f00003e0000/0x2000)=nil, 0x2000, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket(0x18, 0x2, 0x0) setsockopt(r2, 0x1000000000029, 0x9, &(0x7f0000000140)="03000000e57537d36da1ba138cbc14b8725b94f2d0b04062f320fbf380062467a7293cd87f376a32b8574cb39eba79cca9fdce63a5b6c9e76cbd28abb5499e220e873b381c93fdcc3b4e717c18f134a3d9a36885a40f23aaac90517cb40d6e607f08cb75fe4663bd27b6ec3bb04d8c784e5929853d52a3053af07d89b06d091d8ac1610086d2c6615083747b952eb72eb79ed9898864268e7b408766e4cc25652cf4c8649dad4135166f82af127cc2a6df993ea3b6b1", 0xb6) 109.070383ms ago: executing program 0 (id=13): syz_emit_ethernet(0x2e, &(0x7f0000000000)={@random="217ede030b4e", @local, [], {@ipv4={0x800, {{0x8, 0x4, 0x0, 0x0, 0x20, 0xfffc, 0x0, 0x0, 0x3b, 0x0, @broadcast, @local={0xac, 0x14, 0x0}, {[@timestamp={0x44, 0xc, 0x5, 0x3, 0x7, [{[@local={0xac, 0x14, 0x0}], 0x9}]}]}}}}}}) syz_emit_ethernet(0x3b, &(0x7f00000000c0)={@local, @broadcast, [{[{0x88a8, 0x1, 0x1, 0x4}], {0x8100, 0x6}}], {@arp={0x806, @generic={0x1, 0x7000, 0x6, 0x1, 0x8, @local, 'l', @local, "9aca841f872ba69df7aa57620924a413"}}}}) sysctl$vm(&(0x7f0000000040)={0x2, 0xb}, 0x2, 0x0, 0x0, &(0x7f0000000080)="87d7f25cbcfd1df9b37a38734a376f7c", 0x10) 24.508803ms ago: executing program 0 (id=14): r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f00000003c0)={0x3, &(0x7f0000000140)=[{0x28, 0x0, 0x0, 0x2}, {0x44, 0x2, 0x0, 0xffffffff}, {0x40e, 0x8, 0x6}]}) syz_emit_ethernet(0xe, &(0x7f0000000100)=ANY=[]) 22.887987ms ago: executing program 7 (id=15): open(0x0, 0x80000000000206, 0x115) (async) open(0x0, 0x80000000000206, 0x115) syz_emit_ethernet(0x46, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000380000000000019078ac1400bbe00000010c009078000000004500007d000000f9ff060000e00000017f0000"]) mknod(&(0x7f00000000c0)='./bus\x00', 0x2000, 0xd02) (async) mknod(&(0x7f00000000c0)='./bus\x00', 0x2000, 0xd02) r0 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$WSMUXIO_INJECTEVENT(r0, 0x80185760, &(0x7f0000000240)={0x9, 0x2, {0x6, 0x7}}) syz_emit_ethernet(0x592, &(0x7f0000000780)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd60cbe4c8d1ca9ce6f92530b867db95476966055c0000ff020000000000000000000000000001ff01000000000000000000000000000100000000000000000001000000000000000800000000000000000000000000000000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000bbff0200000000000000000000000000010000000000000000000e0000000000001a47c3d9ecf6d9e681110e71aa428bd4ff02000000000000000000000000000100000000000000000000ffff7f00000100000000000000000000000000000000ff0200000000000000000000000000010000000000000000000000000000000100000000000000000000ffffffffffff4e214e23", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="60000000907800000303000025519b9bf62d4104ebffa0129a45c74375c7da5af43a77565503e7df9cad892673f22f8a175241ad5a65e438baeef3dd91a797e6abc24ee0f61e74c940daa6cd941c981cc0b3ecf8ce512e2133a242b5c562d672dfcde899c9b0e3351a69b0302dc6dc9b0826850b2a094cbb794ed13e8d0ba7d51e9e895f8a4c58845e9c477ecfd462c2729625e28d28416ef10cbb78d6a2e44eeeccef4c515594890b6aaea10df999d60c23f243737724779122b4601524b5e926e08aba131b09cea33580d1066580da17e9df243ff5384758c44f8237905330412e3b3b35df85acc22ae1d2d71755d8010b289f33a91c65ef3181003767d22a2a10a2e69a75a09f6a76df96f651474886a59973477e2060cff855e15ccdfae50b135843fadfa16c6931d26fb37d3078ea825b97ae5c81dea9e2b3c4ce83482615776df2f9629bbe1a7bb8324f78eff85051389ea3130b006e04d04fdefaa311e3e74b33884f4d4db272f30836b52bb545ee57a1510a6afadd46da758fe3a3561e066ea6b3761963ab57add771a4e2f2de77556d5ec0366942783c401f4590cf4b08182c3455159f52d6c8c5c419f11d36efdded8b209b3104e826eb1e58cf3aeda05fd34921017896c6912abf2218cd89f903968fb383f8c9da00e5ff2b427600856fe5f57bf1b68b5c5143aae714fac59f626346e93a72d15d0c0d98820c886ce1ccd5cc9c08ab22c39e2c70cd52fa2f3a9f776862c2304c72c3297ea89968b4aebea7292655f7dd1d773c30d0b73586d7e049b494ad3dc3db6c14518b8d56b343dae39ff1f4abe6a18adb8f3568b3ee8fc3d319523482cb418141a75c8f1270fabeaf325dfd5eb39934f5a07a969a3e24ec36332961e8927ab668cf110f1ff0bd44aca538ea07a7666d4e68bf6ebba95fb3c90b97aed3529e343f7e088a8eb52c584c8bd28a7743e946d05cb86150823701e67d63774842958b8e289b8cd1ea1f88a79e6f55b59ab51853b1faf3d86173ab8adc96dd7ac768041e3566f8376b12598ee3e738e2941159cfb961eeb50c2568fc0d37e9e3c346d427e68e3603c6b5ecb3b8da7345dc7fff1907325818ac5f253f4cf1139acdd623b45025b779dab9f4b29372306666cc43c98efe82b15194d3fe9c616daebb2d9fafcc8401f964c11316293a417067a5ad442ba7638e61dce30d8cbc57e4dd68a1c243615f93c490765e48baf29ef8aad87793eea516b8096e052e52bdcc57097a91c29b5fa2ad9668e615d596cb1965ea69e6ff89faa24c54f209261693e95a2b3cd2b0e584321651ac2ba756c94e0ad184b76e01dae0edcbfb5f97d3f87b143925cb00ca4438ce6b8935cbb02aba359dc2435351d2bf42c1d9b1096933fc752aa836555111decf1a5f00f6fa88d1754076c21859d6afc17fb84f19517a5bd05179154a3039bd25529d5123d63cb98b0c9941d8ab6df2a4a377d4540b782d026b1d72d76c46b80c326f614e69aa605f00e2d669f34073de508466176afa4067b142f5d1758237c179c97a8e18f80a0d714996e17ec699c625590063ac12cd74b346c63730d0702db1afaa956779a87b95128f965c8fce6408dec00beb3e"]) openat$pf(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async) r1 = openat$pf(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$TIOCSETA(r1, 0xc0504417, &(0x7f0000000740)={0x13, 0xa04, 0x0, 0x0, "0000000000000001000000000000000900"}) r2 = openat$vnd(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$VNDIOCSET(r2, 0x81946466, &(0x7f0000000040)={0x0, 0x0, 0x0}) ioctl$WSMOUSEIO_SETPARAMS(0xffffffffffffffff, 0x80105728, 0x0) (async) ioctl$WSMOUSEIO_SETPARAMS(0xffffffffffffffff, 0x80105728, 0x0) r3 = openat$vnd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$VNDIOCSET(r3, 0x20006473, 0x0) (async) ioctl$VNDIOCSET(r3, 0x20006473, 0x0) fchdir(0xffffffffffffffff) (async) fchdir(0xffffffffffffffff) r4 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x1, 0x10, r4, 0x0) r5 = openat$bpf(0xffffffffffffff9c, &(0x7f00000000c0), 0x462, 0x0) ioctl$BIOCSETIF(r5, 0x8020426c, &(0x7f0000000100)={'tap', 0x0}) ioctl$BIOCSETWF(r5, 0x80104277, &(0x7f0000000040)={0x3, &(0x7f0000000080)=[{0x81}, {0x4c}, {0x16}]}) (async) ioctl$BIOCSETWF(r5, 0x80104277, &(0x7f0000000040)={0x3, &(0x7f0000000080)=[{0x81}, {0x4c}, {0x16}]}) write(r5, &(0x7f0000000140)="7f23a3c23cce2575e1dd92c25678", 0xfef3) setsockopt(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="fcffd2079638", 0x6) socket(0x1, 0x2, 0x0) (async) r6 = socket(0x1, 0x2, 0x0) ioctl$FIONREAD(r6, 0x80206979, &(0x7f0000000000)) r7 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$BIOCSETIF(r7, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) ioctl$BIOCSETF(r7, 0x80104267, &(0x7f00000002c0)={0x3, &(0x7f0000000000)=[{0x1d}, {0x40}, {0x406, 0xfe}]}) syz_extract_tcp_res$synack(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000300)='./file0\x00') (async) rename(&(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000300)='./file0\x00') 22.286898ms ago: executing program 2 (id=16): syz_emit_ethernet(0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0) ioctl$VMM_IOC_CREATE(0xffffffffffffffff, 0xc5005601, &(0x7f0000000000)={0x10, 0x0, [{&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x1000}, {}, {0x0, &(0x7f0000ffb000/0x3000)=nil}, {0x0, &(0x7f0000158000/0x3000)=nil}, {&(0x7f000003d000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil}, {&(0x7f00002fd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil}, {&(0x7f0000157000/0x1000)=nil}, {0x0, &(0x7f00001eb000/0x2000)=nil}, {&(0x7f0000fff000/0x1000)=nil}, {&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil}, {&(0x7f00000e0000/0x1000)=nil, &(0x7f00000d8000/0x3000)=nil}, {&(0x7f00000ca000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil}, {&(0x7f00000f8000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil}, {}, {&(0x7f0000ffd000/0x3000)=nil, 0x0, 0xffffffffffffffff}, {0x0, &(0x7f0000ffd000/0x3000)=nil}], './file0\x00'}) r0 = openat$vmm(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$VMM_IOC_RUN(r0, 0xc2585601, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa}) r1 = syz_open_pts() syz_open_pts() syz_open_pts() fcntl$lock(r1, 0x9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x20002fffffffa}) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0) r2 = openat$pf(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0xf8ffffffffffffff}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0}) r3 = socket(0x18, 0x1, 0x0) ioctl$FIONREAD(r3, 0xc038694e, &(0x7f00000001c0)) close(r2) syz_extract_tcp_res(&(0x7f0000000280), 0x4, 0x401) ioctl$KDSETMODE(r2, 0x20004b0a, &(0x7f0000000240)=0x1) 1.620516ms ago: executing program 0 (id=17): r0 = syz_open_pts() ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f00000000c0)={0x5, &(0x7f0000000140)=[{}, {}, {0x0, 0x0, 0x0, 0xef}, {0x0, 0x0, 0xc, 0x7}, {}]}) syz_emit_ethernet(0x5e, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd60000900002800006e1aa4058b74adad9a4e721f5b293380ff02000000000000000000000000000100010502"]) ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000340)={0x1, 0x4, 0x8d, 0xfffffffe, "3c00510900000000000015000000000000002000", 0x3, 0x9}) ioctl$TIOCSTART(r0, 0x2000746e) 0s ago: executing program 4 (id=18): mknod(&(0x7f0000000280)='./file0\x00', 0x2000, 0x3e61) setrlimit(0x6, &(0x7f00000000c0)) (async) open(&(0x7f0000000100)='./file0\x00', 0x70e, 0x0) (async) r0 = getpid() ktrace(&(0x7f0000000000)='./file0\x00', 0x0, 0x100, r0) (async, rerun: 32) r1 = socket(0x800000018, 0x1, 0x0) (async, rerun: 32) r2 = socket(0x18, 0x2, 0x0) (async) r3 = socket(0x800000018, 0x1, 0x0) bind$unix(r3, &(0x7f0000000080)=@abs={0x0, 0x7}, 0x1c) (async) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) bind$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0xa) r4 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x13000)=nil, 0x13000, 0x5, 0x10, r4, 0x0) (async) setrlimit(0x3, &(0x7f0000000140)) mlockall(0x1) sysctl$kern(&(0x7f0000000000)={0x1, 0x32}, 0x2, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (rerun: 64) mknod(&(0x7f0000000000)='./file0\x00', 0x6000, 0xe02) r5 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) sysctl$kern(&(0x7f0000000380)={0x1, 0x54}, 0x2, &(0x7f00000003c0)="fcde538d80d1b34c8f7df9", &(0x7f0000000400)=0xb, &(0x7f0000000440)="d30a75c3039b1dca74786dbe27151869ee0189d9db220929621064acfe58e97137084b9cf22f52e5969fd79c7130292b37660f1b37c3fdf9f66d0e9c139d11c1ed3382ae3ac4cf110c8a0ea30bdd4e9601920cdd514e1d1126205b6e0171489523", 0x61) (async, rerun: 32) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x10, r5, 0x8000000000000000) (rerun: 32) sysctl$kern(&(0x7f0000000000)={0x0}, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sysctl$kern(&(0x7f0000000000)={0x1, 0x4d}, 0x2, &(0x7f0000000040)="b3ae9808", &(0x7f0000000140)=0x4, &(0x7f0000000180)="2493aa3d", 0x4) sysctl$kern(&(0x7f00000000c0)={0x1, 0x34}, 0x2, &(0x7f00000001c0)="eafefabab8b8105287107ba043e2bf774ac40925a447f020c4b86940371e3187bd143f6b0dc93e2ab37b535202befe3a6a4a1bbdd1a4556b0c9d3b3e4f7cc561749e8ca22824322e0fe66439d0b8a5af40384c2a99cd81ec979d13e744181d8046aadd2e1a9ca238d1724c1696537168be361ca0c8348f8a52f068424d65b2250abb7a77ec5a3164b4a3f7e56f09560293988f55d56b1d538cea464f31f087a4dfffbfb2999d9a7736d606dad0f339", &(0x7f0000000100)=0xaf, &(0x7f00000002c0)="bf1482e878a62d8afaa223983cf34f8495c9a727d4c7a25c7cffcd6271fc0140c63b68673e6a43650443d24d7a30dfa477691419344c829a1ffc739dcc9b5a1db208194e50976054b7c5505b21e7839bc51a61cc3b6f33e5806080c6794ad497da600c018bb34d347ffc318208fbe4b112812c57bdbc1f636cc22ddc45731d6a0aff47826fa76bf71a094695b40ffe7576b2c6c7bc669d5e153c608bada2f7c71393435ba5193071551e1fd4b373e10cecaf61f559aff1271a19c8", 0xbb) readlink(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.181' (ED25519) to the list of known hosts. mode = 040755, inum = 130103, fs = / panic: ffs_valloc: dup alloc Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *175375 95602 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 panic(ffffffff830ab318) at panic+0x1cf ffs_inode_alloc(fffffd807d906878,8000,fffffd807f7d7548,ffff800037648d60) at ffs_inode_alloc+0x96c ufs_makeinode(8000,fffffd806c83dd98,ffff800037649098,ffff8000376490c8) at ufs_makeinode+0xcb ufs_create(ffff800037648e10) at ufs_create+0x4e VOP_CREATE(fffffd806c83dd98,ffff800037649098,ffff8000376490c8,ffff800037648e98) at VOP_CREATE+0xff vn_open(ffff800037649068,70f,0) at vn_open+0x491 doopenat(ffff80002a48c018,ffffff9c,20000040,70e,0,ffff800037649210) at doopenat+0x31d syscall(ffff8000376492c0) at syscall+0x97e Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc7f93affe30, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: ffs_valloc: dup alloc ddb> trace db_enter() at db_enter+0x25 panic(ffffffff830ab318) at panic+0x1cf ffs_inode_alloc(fffffd807d906878,8000,fffffd807f7d7548,ffff800037648d60) at ffs_inode_alloc+0x96c ufs_makeinode(8000,fffffd806c83dd98,ffff800037649098,ffff8000376490c8) at ufs_makeinode+0xcb ufs_create(ffff800037648e10) at ufs_create+0x4e VOP_CREATE(fffffd806c83dd98,ffff800037649098,ffff8000376490c8,ffff800037648e98) at VOP_CREATE+0xff vn_open(ffff800037649068,70f,0) at vn_open+0x491 doopenat(ffff80002a48c018,ffffff9c,20000040,70e,0,ffff800037649210) at doopenat+0x31d syscall(ffff8000376492c0) at syscall+0x97e Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc7f93affe30, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800037648b00 rbx 0xfffffd807d97e100 rdx 0 rcx 0 rax 0xffff80002a48c018 r8 0 r9 0x8080808080808080 r10 0x5a3459258305cc87 r11 0x829db664ba56ac96 r12 0 r13 0xfffffd807d9064b8 r14 0 r15 0x1 rip 0xffffffff81c57035 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800037648af0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=175375 pid=95602 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=17, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a48d458,0xffff80002a4d1c08 process=0xffff8000ffff4cf0 user=0xffff800037644000, vmspace=0xfffffd806c267d80 estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 95602 101794 89648 0 2 0 syz-executor *95602 175375 89648 0 7 0x4000000 syz-executor 95602 361133 89648 0 3 0x4000080 fsleep syz-executor 66139 229163 91747 0 2 0 syz-executor 66139 82703 91747 0 3 0x4000080 sbwait syz-executor 444 273045 65819 0 2 0x490 syz-executor 444 122474 65819 0 3 0x4000090 sbwait syz-executor 444 146028 65819 0 3 0x4000090 fsleep syz-executor 444 279812 65819 0 3 0x4000090 fsleep syz-executor 97264 60488 54054 0 2 0 syz-executor 97264 463095 54054 0 2 0x4000000 syz-executor 97264 122944 54054 0 2 0x4000000 syz-executor 35935 398073 35679 0 2 0x480 syz-executor 35935 213261 35679 0 2 0x4000000 syz-executor 35935 187431 35679 0 3 0x4000080 fsleep syz-executor 89648 176589 78372 0 3 0x82 nanoslp syz-executor 91747 104915 78372 0 2 0x482 syz-executor 65819 106362 78372 0 2 0x482 syz-executor 54054 335739 78372 0 2 0x482 syz-executor 77649 47124 78372 0 2 0x82 syz-executor 35679 36222 78372 0 2 0x482 syz-executor 78372 152419 3780 0 3 0x82 wait syz-executor 3780 178683 35851 0 3 0x10008a sigsusp ksh 35851 455349 32953 0 3 0x98 kqread sshd-session 32953 467789 32414 0 3 0x92 kqread sshd-session 55212 118725 1 0 3 0x100083 ttyin getty 32414 171555 1 0 3 0x88 kqread sshd 69013 344857 36702 73 3 0x1100090 kqread syslogd 36702 248397 1 0 3 0x100082 sbwait syslogd 41484 435891 1 0 3 0x100080 kqread resolvd 58071 209186 6476 77 3 0x100092 kqread dhcpleased 15738 146563 6476 77 3 0x100092 kqread dhcpleased 6476 400786 1 0 3 0x80 kqread dhcpleased 77336 21050 0 0 3 0x14200 bored smr 82276 276579 0 0 2 0x14200 zerothread 81289 388873 0 0 3 0x14200 aiodoned aiodoned 1889 232017 0 0 3 0x14200 syncer update 32065 372095 0 0 3 0x14200 cleaner cleaner 26491 102260 0 0 3 0x14200 reaper reaper 27101 400900 0 0 3 0x14200 pgdaemon pagedaemon 32775 408630 0 0 3 0x14200 bored viomb 66549 465913 0 0 3 0x40014200 acpi0 acpi0 30937 64097 0 0 3 0x14200 bored softnet3 12494 86231 0 0 3 0x14200 bored softnet2 45882 302313 0 0 3 0x14200 bored softnet1 28387 182126 0 0 3 0x14200 bored softnet0 4259 343700 0 0 3 0x14200 bored systqmp 99377 354982 0 0 3 0x14200 bored systq 96601 304120 0 0 2 0x40014200 softclock 2035 189 0 0 3 0x40014200 idle0 1 412677 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10217 10292K 10292K 166960K 11302 0 pcb 18 12K 12K 166960K 22 0 rtable 239 7K 7K 166960K 367 0 pf 30 12K 12K 166960K 30 0 ifaddr 42 7K 7K 166960K 44 0 ifgroup 50 2K 2K 166960K 50 0 counters 30 17K 17K 166960K 30 0 ioctlops 0 0K 2K 166960K 32 0 iov 0 0K 8K 166960K 2 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1403 88K 88K 166960K 1426 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 97K 166960K 147 0 proc 60 75K 124K 166960K 477 0 subproc 104 6K 6K 166960K 104 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1 0 in_multi 99 7K 7K 166960K 99 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 37 175K 175K 166960K 37 0 exec 0 0K 1K 166960K 344 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 213 78K 78K 166960K 2832 0 UVM aobj 4 2K 2K 166960K 4 0 pinsyscall 36 72K 98K 166960K 1170 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 27 2K 2K 166960K 27 0 temp 33 6802K 6866K 166960K 3718 0 kqueue 13 20K 20K 166960K 22 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 38 0 35 1 0 1 1 0 8 0 rtentry 112 112 0 1 4 0 4 4 0 8 0 unpcb 144 39 0 16 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 808 20 0 15 2 0 2 2 0 8 1 arp 88 18 0 0 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 1 0 0 1 0 1 1 0 8 0 inpcb 336 74 0 66 2 0 2 2 0 8 1 nd6 104 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 452 0 0 29 0 29 29 0 8 0 art_table 32 454 0 0 4 0 4 4 0 8 0 art_node 16 111 0 10 1 0 1 1 0 8 0 shmpl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1567 0 64 95 0 95 95 0 8 0 ffsino 240 1567 0 64 89 0 89 89 0 8 0 nchpl 144 1761 0 83 63 0 63 63 0 8 0 uvmvnodes 80 1719 0 0 36 0 36 36 0 8 0 vnodes 216 1719 0 0 96 0 96 96 0 8 0 namei 1024 5298 0 5297 2 0 2 2 0 8 1 vcpupl 3904 1 0 0 1 0 1 1 0 8 0 vmpool 664 1 0 0 1 0 1 1 0 8 0 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 4956 0 4956 2 0 2 2 1 8 2 plimitpl 152 27 0 10 1 0 1 1 0 8 0 sigapl 424 427 0 383 7 0 7 7 0 8 1 futexpl 64 224 0 220 1 0 1 1 0 8 0 knotepl 120 3007 0 2960 2 0 2 2 0 8 0 kqueuepl 184 19 0 10 1 0 1 1 0 8 0 pipepl 288 102 0 75 2 0 2 2 0 8 0 fdescpl 432 411 0 384 5 0 5 5 0 8 1 filepl 120 1416 0 1131 9 0 9 9 0 8 0 lockfpl 104 8 0 6 1 0 1 1 0 8 0 lockfspl 48 5 0 3 1 0 1 1 0 8 0 sessionpl 144 21 0 13 1 0 1 1 0 8 0 pgrppl 48 29 0 13 1 0 1 1 0 8 0 ucredpl 104 65 0 53 1 0 1 1 0 8 0 zombiepl 144 386 0 383 1 0 1 1 0 8 0 processpl 1096 427 0 383 4 0 4 4 0 8 0 procpl 648 453 0 399 5 0 5 5 0 8 0 sockpl 504 151 0 117 5 0 5 5 0 8 0 mcl8k 8192 7 0 7 1 0 1 1 0 8 1 mcl4k 4096 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 4836 0 4740 26 5 21 26 0 8 6 mtagpl 96 5 0 4 1 0 1 1 0 8 0 mbufpl 256 6463 0 6305 14 0 14 14 0 8 2 bufpl 280 4692 0 89 329 0 329 329 0 8 0 anonpl 24 175305 0 167524 48 0 48 48 0 187 0 amapchunkpl 152 9983 0 9273 30 0 30 30 0 158 0 amappl16 200 5119 0 5108 5 0 5 5 0 8 4 amappl15 192 10 0 10 1 0 1 1 0 8 1 amappl14 184 102 0 92 1 0 1 1 0 8 0 amappl13 176 10 0 10 1 0 1 1 0 8 1 amappl12 168 1121 0 1093 3 0 3 3 0 8 0 amappl11 160 55 0 45 1 0 1 1 0 8 0 amappl10 152 14 0 14 1 0 1 1 0 8 1 amappl9 144 129 0 129 1 0 1 1 0 8 1 amappl8 136 28 0 27 1 0 1 1 0 8 0 amappl7 128 95 0 84 1 0 1 1 0 8 0 amappl6 120 165 0 164 1 0 1 1 0 8 0 amappl5 112 131 0 123 1 0 1 1 0 8 0 amappl4 104 290 0 275 1 0 1 1 0 8 0 amappl3 96 1813 0 1709 3 0 3 3 0 8 0 amappl2 88 613 0 560 2 0 2 2 0 8 0 amappl1 80 7575 0 7039 14 0 14 14 0 8 2 amappl 88 2488 0 2331 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 412 0 384 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 412 0 384 1 0 1 1 0 8 0 vmmpekpl 168 5382 0 5338 2 0 2 2 0 8 0 vmmpepl 168 36125 0 34490 79 0 79 79 0 357 2 vmsppl 344 411 0 384 4 0 4 4 0 8 1 rwobjpl 24 17494 0 14932 17 0 17 17 0 8 1 pdppl 4096 830 0 769 96 14 82 82 0 8 21 pvpl 32 302544 0 277313 210 0 210 210 0 265 2 pmappl 216 411 0 384 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 373 0 19 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 panic(ffffffff830ab318) at panic+0x1cf ffs_inode_alloc(fffffd807d906878,8000,fffffd807f7d7548,ffff800037648d60) at ffs_inode_alloc+0x96c ufs_makeinode(8000,fffffd806c83dd98,ffff800037649098,ffff8000376490c8) at ufs_makeinode+0xcb ufs_create(ffff800037648e10) at ufs_create+0x4e VOP_CREATE(fffffd806c83dd98,ffff800037649098,ffff8000376490c8,ffff800037648e98) at VOP_CREATE+0xff vn_open(ffff800037649068,70f,0) at vn_open+0x491 doopenat(ffff80002a48c018,ffffff9c,20000040,70e,0,ffff800037649210) at doopenat+0x31d syscall(ffff8000376492c0) at syscall+0x97e Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc7f93affe30, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 panic(ffffffff830ab318) at panic+0x1cf ffs_inode_alloc(fffffd807d906878,8000,fffffd807f7d7548,ffff800037648d60) at ffs_inode_alloc+0x96c ufs_makeinode(8000,fffffd806c83dd98,ffff800037649098,ffff8000376490c8) at ufs_makeinode+0xcb ufs_create(ffff800037648e10) at ufs_create+0x4e VOP_CREATE(fffffd806c83dd98,ffff800037649098,ffff8000376490c8,ffff800037648e98) at VOP_CREATE+0xff vn_open(ffff800037649068,70f,0) at vn_open+0x491 doopenat(ffff80002a48c018,ffffff9c,20000040,70e,0,ffff800037649210) at doopenat+0x31d syscall(ffff8000376492c0) at syscall+0x97e Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc7f93affe30, count: -10