last executing test programs: 68.582572ms ago: executing program 1 (id=2): r0 = open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2, 0x0) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000000), 0x2cfea}], 0x1000000000000013) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x10, r0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f00000001c0)={0x48, &(0x7f0000000100)}) r2 = socket(0x1, 0x2, 0x0) readlinkat(r0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=""/35, 0x23) ioctl$FIONREAD(r2, 0xc0106924, &(0x7f00000001c0)) r3 = socket(0x18, 0x3, 0x0) ioctl$FIONREAD(r3, 0xc1206925, &(0x7f0000000100)) ftruncate(r1, 0xb) 54.426017ms ago: executing program 0 (id=1): r0 = shmget$private(0x0, 0x3000, 0x28d, &(0x7f00003e4000/0x3000)=nil) shmctl$IPC_STAT(r0, 0x2, 0x0) semop(0x0, &(0x7f00000000c0)=[{0x0, 0x3}, {0x4, 0x1ff}], 0x27fd) ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0x0, 0x0, {0x0, 0x4000000000000003}}) r1 = openat$pf(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TIOCSETA(r1, 0xc028445a, &(0x7f0000000000)={0x0, 0xa, 0x0, 0x0, "97a22259000000000008002300", 0xfffffffc, 0x44}) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r2 = socket(0x18, 0x1, 0x0) close(r2) r3 = socket(0x18, 0x2, 0x0) r4 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0) seteuid(0xffffffffffffffff) ioctl$BIOCLOCK(r4, 0x20004276) ioctl$BIOCVERSION(r4, 0x40044271, &(0x7f0000000000)) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000000)={{0x81fe, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff}, 0x557a, 0x7, 0x1}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001700)={&(0x7f0000000080), 0x1c, 0x0}, 0x0) ioctl$WSMUXIO_LIST_DEVICES(0xffffffffffffffff, 0xc1045763, &(0x7f0000000040)={0x0, [{0x2, 0x100}, {}, {}, {0x2, 0xffffffff}, {0x3, 0x4}, {0x0, 0xfffffffc}, {0x0, 0x3ffffd}, {0x0, 0x7}, {0x3}, {0x1, 0x4}, {0x0, 0x3}, {0x0, 0x1}, {0x0, 0x4}, {0x1, 0xfffffffd}, {}, {0x0, 0x8}, {0x3, 0x3}, {0x1}, {0x2, 0x7f}, {0x2, 0x7}, {0x0, 0xfffffff7}, {0x3}, {}, {0x0, 0x1c}, {0x1, 0xfffffffd}, {0x0, 0x9}, {0x2}, {0x2, 0x8}, {0x1}, {0x0, 0xfffffffe}, {0x1, 0x8}, {0x1, 0x3}]}) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)=@in6={0x18, 0x1, 0x0, 0x1ff}, 0xc) bind$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs={0x1f95d27d48731892}, 0x1c) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r5 = socket(0x18, 0x2, 0x0) setsockopt(r5, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) sendmsg$unix(r5, &(0x7f0000001700)={0x0, 0xffffffb3, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0) setsockopt(r3, 0x1000000000029, 0xa, &(0x7f0000000040)="03000000", 0x4) setsockopt(r2, 0x1000000029, 0x2, &(0x7f0000000280)="ebffcbf71864865df04a907f518b975c266968a4ded2040c13b9fd812eaa4e710300e699319296480000", 0x2a) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) setsockopt(r1, 0x40, 0xe9e8, &(0x7f0000000180)="29c7fa6445b47c2cd65c0fc305c1e29b9c159598153a8f4141c44c5686b85da384d9e64c3b20a3082d92944183bd07f2f2a99dee344db68498561e89d42718c6030da786c2bcb3638b58447bcc1ef00ed8e05d0d24d688912b084ba3c9c05b57768d733f004c39e2479adf57cee94a8a3e048749c455a370829aff352e7952a2cb9c6b25dd472fc1aef2e3395df6e400b100b7a9502f2e5abfc638458bfa731d1672cfe4811e2c8c43657f96bec8d7226b4b4887df54b7381364faa44346fd7ea1313f8182cb4a978f568ac969", 0xcd) sendto$unix(r2, 0x0, 0x0, 0x404, 0x0, 0x0) 46.905656ms ago: executing program 3 (id=4): setrlimit(0x2, &(0x7f0000000100)={0x60000000, 0x60000000}) sysctl$kern(&(0x7f0000000100)={0x1, 0x4b}, 0x2, &(0x7f00000011c0)="71f91e3471ac2358bc5a81501d94a3fbb65f96cf71b59c7afec37082", &(0x7f0000000000)=0x1c, 0x0, 0x0) setitimer(0x2, &(0x7f0000000040)={{0x34, 0x46b}, {0xfffffffffffffffb, 0x8000000000000001}}, &(0x7f0000000080)) 39.65636ms ago: executing program 7 (id=8): r0 = socket(0x11, 0x3, 0x0) syz_emit_ethernet(0x3e, 0x0) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0}) r1 = socket(0x2, 0x1, 0x0) ioctl$FIONREAD(r1, 0xc0206921, &(0x7f00000001c0)) ioctl$FIONREAD(r1, 0x8040691a, &(0x7f00000001c0)) r2 = socket$inet(0x2, 0x2, 0x0) writev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000000c0)}], 0x1) setsockopt$inet_opts(r2, 0x0, 0x9, &(0x7f0000000240)="ea00000100000000", 0xc) setsockopt$inet_opts(r2, 0x0, 0xd, 0x0, 0x0) sendto$unix(r0, &(0x7f0000000000)="b1000501600000041600000007000000087c156610c18125d7f96ecfc73fd38c23781fd6c61a27ddb06b36ac970bff03000000000000000000000000ebe1aa5323edeb51e2f0ca3ebbc2c4699a09000000acb5b302000d7d010000000100000021020000742fe2458bfbb770c1f5a8aec872ea772ec58904000000008d9810361b1257aba8c500002012010000de5000000000000000000000000000000000000000000000000000001f00000000000800", 0xb1, 0x808, 0x0, 0x0) getsockopt$SO_PEERCRED(r0, 0xffff, 0x1022, 0x0, 0x0) sysctl$net_inet6_icmp6(&(0x7f0000002980)={0x4, 0x18, 0x3a, 0xb}, 0x4, &(0x7f00000029c0)="158f69ab91aa", &(0x7f0000002ac0)=0x6, &(0x7f0000002b00), 0x0) 21.790309ms ago: executing program 2 (id=3): open(&(0x7f0000000140)='./file0\x00', 0x78e, 0x8) r0 = getpid() setgroups(0x0, 0x0) nanosleep(&(0x7f0000000080)={0x1, 0x9}, &(0x7f0000000100)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) execve(0x0, 0x0, 0x0) ktrace(&(0x7f0000000000)='./file0\x00', 0x0, 0x510, r0) setuid(0xffffffffffffffff) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)) setrlimit(0x1, &(0x7f0000000180)={0x200, 0x95f}) select(0x7, &(0x7f0000000000)={0x400}, &(0x7f0000000040), &(0x7f0000000080)={0xcb}, &(0x7f0000000180)) 17.501997ms ago: executing program 4 (id=5): setrlimit(0x8, &(0x7f0000000580)={0xa, 0x56}) r0 = syz_open_pts() ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, 0x0) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0}) r1 = socket(0x18, 0x1, 0x0) ioctl$FIONREAD(r1, 0x80206982, &(0x7f00000001c0)) close(r0) (async) close(r0) r2 = socket$unix(0x1, 0x5, 0x0) bind$unix(r2, &(0x7f0000000200)=@file={0xd570d0466b6018f, './file0\x00'}, 0xa) (async) bind$unix(r2, &(0x7f0000000200)=@file={0xd570d0466b6018f, './file0\x00'}, 0xa) sysctl$kern(0x0, 0x0, &(0x7f0000000080)="b9d55a", 0x0, 0x0, 0x0) sysctl$hw(&(0x7f0000000040)={0x6, 0xb}, 0x2, 0x0, 0x0, 0x0, 0x0) (async) sysctl$hw(&(0x7f0000000040)={0x6, 0xb}, 0x2, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) sysctl$hw(&(0x7f0000000040)={0x6, 0xb}, 0x3, &(0x7f00000005c0)="f1a42138cd18da8b26d7eefbeea93a3c0f70544fe00a8b1eaf558632116bb3d5df98c5917270301b52440e423f9df70000000080c4883320caaf634e6e1e6a4ea71e3f5a599315bbd6391f0313171c7ee65e9dd3203e4bfdea8bc367fad5e7f53923619f42e4806ff9e91249cbdb69529d7353cc49463b2929c538035bf4341b583f44287e8c4af81f18805a7e145f6a835cd1c99019d5fd29760b5f4cf339770401725b38249a198bada2ee8f39031fbc3a5b1451be45e66cad7f5d258f2a217b262c0d3e4dd2af23ed9bacb4412b4df11c8de6522f9881a09c9a9656f449149ad666513db557f70c026596835926d3a1491710fb8298e0b510eb07606391f26cb469dc3ba618b9949f925a218601d4e315d2763b6c7c002ac34f8ce41631e116c9ddd091d5e3f7f3c7dd2c08dc8ce2948c027ac30fbfef6665ef75e88700ffcc6738765e9bfb255711133eda05e0608f7b1eee8d4c1c350fcf50e6b42d5574c0e557840a722b7f3144451f1d2b614b550bd4b71c9ccf51abf21845ca3db2db28c362cbbd3f7cea906cc8002c35a46fdfd2c0fb3c9637907310f4237e412303e4bfd2a14abe1654b49293f5d98d5c9d7e866da306d90948e5ca0110db985dbf317ccefbf9cfd109a727098c303b9dede6ff353c7723b9c7f5d9f4f09f30af7f46e7c08d3e45972ae7ac599d5f0122b90ecc356dbe2a89afe87299dde139533d8cb6f37cda034e0d6167f9cac40c899b7d8b64bf636db8836c697f2a1fb3f87204ff6816857dab19f8f0420e1765dab91436948c34e0440162426ffb6c62361ff850623b9ac622d60ce44b4d12bba83f4bca51c339c595d00d4d4c428aed47c5e0fe740701d617f79f616dc43980775bb0e90f1cbd0ece20b44d9c8563459aed4d6adaf817fd1dec4596c73d1c1f9bee8d19c5455d0b3e0c7e00"/678, &(0x7f0000000080)=0xd4, 0x0, 0x0) listen(r2, 0x0) r3 = socket(0x18, 0x3, 0x0) sendto$unix(r3, &(0x7f0000000040)="b1000516000000ae05000701072000000008000000000500fef9e5e2ec5dd3357ae30200004e30ffecb92819f20bf404be01000000f7c8cf5f882b297de1aa050400ce9462f0ad3ebbc257e4411f139b672f335c22db830c032bfa896443c32118210000720fd38bfb21399ba0c125191b1257aea8c500001602fbfe0c2300000100be1f25a2e791505c47f8343712cc11fffffffffffffc00"/177, 0xb1, 0x0, 0x0, 0xfffffffffffffe48) fcntl$setstatus(r2, 0x4, 0x4) accept$unix(r2, 0x0, 0x0) (async) accept$unix(r2, 0x0, 0x0) syz_open_pts() r4 = kqueue() open$dir(&(0x7f0000000040)='./file0\x00', 0x200, 0x0) (async) r5 = open$dir(&(0x7f0000000040)='./file0\x00', 0x200, 0x0) kevent(r4, &(0x7f0000000180)=[{{r5}, 0xffffffffffffffff, 0x17, 0x1, 0x3ae, 0xa}], 0x8c0, 0x0, 0x0, 0x0) (async) kevent(r4, &(0x7f0000000180)=[{{r5}, 0xffffffffffffffff, 0x17, 0x1, 0x3ae, 0xa}], 0x8c0, 0x0, 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x615, 0x0) (async) open(&(0x7f00000000c0)='./file0\x00', 0x615, 0x0) ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000180)={0x20e, 0x19, 0xffffdf82, 0xffffff8d, "08ed95bb1cfa0400d43c8d71bf6b00d90cf2c000", 0x4000000, 0x1a3}) (async) ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000180)={0x20e, 0x19, 0xffffdf82, 0xffffff8d, "08ed95bb1cfa0400d43c8d71bf6b00d90cf2c000", 0x4000000, 0x1a3}) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000080)='\x00', 0xffaa}], 0x1) 10.820501ms ago: executing program 5 (id=6): r0 = socket(0x18, 0x3, 0x0) setsockopt(r0, 0x1000000029, 0x24, &(0x7f0000000000)="5ab7776a", 0x4) syz_emit_ethernet(0x1000e, &(0x7f00000011c0)={@broadcast, @random="e04b1c561ac4", [], {@ipv6={0x86dd, {0x0, 0x6, "36e282", 0x30, 0x3b, 0x0, @rand_addr="01984b0e23742b40c3fa3d76af5fc1fa", @local={0xfe, 0x80, '\x00', 0x0}, {[], @icmpv6=@dest_unreach={0x1, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "5adf00", 0x0, 0x0, 0x0, @local={0xfe, 0x80, '\x00', 0x0}, @mcast1}}}}}}}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r1 = socket$inet(0x2, 0x4000, 0x0) setsockopt(r1, 0x80000000, 0x1e, &(0x7f0000000340)="15337ac0", 0x4) r2 = socket(0x6, 0x2, 0x0) accept(r2, &(0x7f0000000000)=@un=@abs, &(0x7f0000000040)=0x8) 6.951559ms ago: executing program 6 (id=7): r0 = socket(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0xffff, 0x1021, &(0x7f0000000040)=0x5, 0x4) recvmsg(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)=""/198, 0xc6}, {&(0x7f0000000000)=""/6, 0x6}, {&(0x7f0000000280)=""/119, 0x77}], 0x3, &(0x7f0000000440)=""/212, 0xd4}, 0x2) r1 = socket$inet(0x2, 0x2, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x800) close(0xffffffffffffffff) r2 = openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$WSMUXIO_ADD_DEVICE(r2, 0x80085761, &(0x7f0000000100)={0x3}) ioctl$VMM_IOC_RESETCPU(0xffffffffffffff9c, 0x82405605, 0x0) r3 = socket(0x2, 0x1, 0x0) ioctl$FIONREAD(r3, 0xc0206921, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000580)=@abs={0x1, 0x0, 0x1}, 0x8) setsockopt$sock_int(r1, 0xffff, 0x100, &(0x7f00000006c0)=0xb, 0x4) sysctl$kern(&(0x7f0000000040)={0x1, 0x4f}, 0x4, &(0x7f00000000c0)="3bf2ee74e747c82dad6eb2a36fa755e1a3925fe49afca7e63b52fa65ccaa74d6e6b85b6cdced70357ef201f97842b1068dca31553fa2d7031f38c03e56ad0e24dfc4f97b8b7f81499647e6e7725765d61436c85e43c15d12a78cb8c57ddde87021d7b685507fd3e0652f35e45bdaa3afd86c4fe557433e4c2b632de71c951516adff26aa2e48b45f8ce92bcefd3eceefabee7e3ebe806fdb4f6af569ae94b5d127", &(0x7f0000000080)=0x4, &(0x7f0000000340)="5a67923ef0cb189971421989ebcff78831a7581e2f27caa362f1363042efb27688b2c899220fb2fe37e467d974592496856ca7b78060998608c2f952e43bc0bf11555cc5cb0fe17b2ec1be389871829bfe10dd4c4d2c8f9da2bd2868fd86791dc09dc4fa89a217458bdaed31003fdc3a7323189ba3ccbad6c8af17516e4557f61ad20180000000000000125f568ca7d3396b9057255f381855110eb3a673713716cdf010ddfa7977f92cf061ad125ca670353b45d53aae196b00271f9d3452b523b3dea22d6027625614312183724b71c7eb02083a410c1c99fa455013521f98686e472b70b560f7021f567adf4d", 0xfffffdfd) socket(0x2, 0x1, 0x0) (async) setsockopt$sock_int(r0, 0xffff, 0x1021, &(0x7f0000000040)=0x5, 0x4) (async) recvmsg(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)=""/198, 0xc6}, {&(0x7f0000000000)=""/6, 0x6}, {&(0x7f0000000280)=""/119, 0x77}], 0x3, &(0x7f0000000440)=""/212, 0xd4}, 0x2) (async) socket$inet(0x2, 0x2, 0x0) (async) mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x800) (async) close(0xffffffffffffffff) (async) openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) (async) ioctl$WSMUXIO_ADD_DEVICE(r2, 0x80085761, &(0x7f0000000100)={0x3}) (async) ioctl$VMM_IOC_RESETCPU(0xffffffffffffff9c, 0x82405605, 0x0) (async) socket(0x2, 0x1, 0x0) (async) ioctl$FIONREAD(r3, 0xc0206921, 0x0) (async) connect$unix(0xffffffffffffffff, &(0x7f0000000580)=@abs={0x1, 0x0, 0x1}, 0x8) (async) setsockopt$sock_int(r1, 0xffff, 0x100, &(0x7f00000006c0)=0xb, 0x4) (async) sysctl$kern(&(0x7f0000000040)={0x1, 0x4f}, 0x4, &(0x7f00000000c0)="3bf2ee74e747c82dad6eb2a36fa755e1a3925fe49afca7e63b52fa65ccaa74d6e6b85b6cdced70357ef201f97842b1068dca31553fa2d7031f38c03e56ad0e24dfc4f97b8b7f81499647e6e7725765d61436c85e43c15d12a78cb8c57ddde87021d7b685507fd3e0652f35e45bdaa3afd86c4fe557433e4c2b632de71c951516adff26aa2e48b45f8ce92bcefd3eceefabee7e3ebe806fdb4f6af569ae94b5d127", &(0x7f0000000080)=0x4, &(0x7f0000000340)="5a67923ef0cb189971421989ebcff78831a7581e2f27caa362f1363042efb27688b2c899220fb2fe37e467d974592496856ca7b78060998608c2f952e43bc0bf11555cc5cb0fe17b2ec1be389871829bfe10dd4c4d2c8f9da2bd2868fd86791dc09dc4fa89a217458bdaed31003fdc3a7323189ba3ccbad6c8af17516e4557f61ad20180000000000000125f568ca7d3396b9057255f381855110eb3a673713716cdf010ddfa7977f92cf061ad125ca670353b45d53aae196b00271f9d3452b523b3dea22d6027625614312183724b71c7eb02083a410c1c99fa455013521f98686e472b70b560f7021f567adf4d", 0xfffffdfd) (async) 0s ago: executing program 3 (id=9): pwritev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f00000006c0), 0xf0f75}], 0x1, 0x0) (async) pwritev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f00000006c0), 0xf0f75}], 0x1, 0x0) r0 = openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = socket(0x800000018, 0x1, 0x0) setsockopt$sock_int(r1, 0xffff, 0x200, &(0x7f0000000040)=0xfffffc89, 0x4) listen(r1, 0x8e71) (async) listen(r1, 0x8e71) ioctl$WSMOUSEIO_SETPARAMS(r0, 0x80105728, &(0x7f0000000300)={0x0}) r2 = syz_open_pts() fcntl$lock(r2, 0x9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000300000000}) flock(r2, 0x1) flock(r2, 0x2) r3 = getpid() syz_open_pts() (async) r4 = syz_open_pts() setuid(0xee01) r5 = getppid() msgctl$IPC_SET(0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x400000002, 0x3}) (async) msgctl$IPC_SET(0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x400000002, 0x3}) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) ioctl$WSKBDIO_GETMAP(r6, 0x80047476, &(0x7f0000000100)={0x0, 0x0}) fcntl$getown(r6, 0x5) (async) r7 = fcntl$getown(r6, 0x5) ktrace(0x0, 0x5, 0x128, r7) ioctl$TIOCSETA(r4, 0x802c7414, &(0x7f0000000080)={0x80, 0x0, 0xfbfffffe, 0xfffffffe, "d76c1f46000000ef1f0160fbff2000404b00", 0x800}) syz_open_pts() (async) syz_open_pts() ioctl$TIOCSTAT(r4, 0x20007465, 0x0) ktrace(&(0x7f0000000000)='./file0\x00', 0x0, 0x510, r3) (async) ktrace(&(0x7f0000000000)='./file0\x00', 0x0, 0x510, r3) fcntl$lock(r2, 0x9, &(0x7f0000000080)={0x3, 0x1, 0x0, 0x400000100000001, r3}) ioctl$WSMOUSEIO_SCALIBCOORDS(0xffffffffffffffff, 0x81205724, &(0x7f0000000100)={0x7ff, 0x17, 0x2000007, 0x101, 0x80000001, 0x80000081, 0x5, 0x10, [{0x0, 0x7, 0x4, 0x71000}, {0x7, 0x88, 0x8, 0x7}, {0x8, 0x6, 0x0, 0x9}, {0x1, 0x0, 0xe, 0x7fff}, {0x401, 0x200326, 0x2800, 0x7}, {0x2, 0x27f3, 0x3, 0x99}, {0xce1, 0x4, 0x4f8, 0x6d}, {0x6, 0x0, 0x5, 0x9}, {0x2, 0x82, 0x5, 0x9}, {0x3, 0x100, 0xd1b, 0x1088}, {0x1e6, 0x10001, 0xa, 0x6}, {0x800, 0x9, 0xa, 0xb}, {0xb8e, 0x4, 0x8, 0x4}, {0x29a7171a, 0x8, 0x1, 0x4}, {0xc, 0x7, 0x1, 0xfffffffd}, {0x0, 0x1, 0x1002, 0x30004}]}) r8 = socket(0x18, 0x3, 0x0) ioctl$FIONREAD(r8, 0xc0106978, &(0x7f0000000100)) syz_open_pts() (async) syz_open_pts() syz_open_pts() (async) syz_open_pts() kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.247' (ED25519) to the list of known hosts. uvm_fault(0xffffffff83923328, 0xffff80000149802a, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x657: movzwl 0xc(%rcx,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *182029 21849 0 0 0x4000000 0 syz-executor arp_rtrequest(ffff800000039058,1,fffffd806ba2c898) at arp_rtrequest+0x657 rtrequest(1,ffff80003c57b190,0,ffff80003c57b100,16) at rtrequest+0xf08 rtm_output(ffff800001495c00,ffff80003c57b238,ffff80003c57b190,0,16) at rtm_output+0x91a route_output(fffffd806cd14b00,ffff800001405c08) at route_output+0xa2b route_send(ffff800001405c08,fffffd806cd14b00,0,0) at route_send+0xd7 sosend(ffff800001405c08,0,ffff80003c57b3e8,0,0,808) at sosend+0x804 sendit(ffff80002a7f9ca8,3,ffff80003c57b4e0,808,ffff80003c57b580) at sendit+0x5a5 sys_sendto(ffff80002a7f9ca8,ffff80003c57b630,ffff80003c57b580) at sys_sendto+0x8d syscall(ffff80003c57b630) at syscall+0x962 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x47559364df0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff83923328, 0xffff80000149802a, 0, 1) -> e ddb> trace arp_rtrequest(ffff800000039058,1,fffffd806ba2c898) at arp_rtrequest+0x657 rtrequest(1,ffff80003c57b190,0,ffff80003c57b100,16) at rtrequest+0xf08 rtm_output(ffff800001495c00,ffff80003c57b238,ffff80003c57b190,0,16) at rtm_output+0x91a route_output(fffffd806cd14b00,ffff800001405c08) at route_output+0xa2b route_send(ffff800001405c08,fffffd806cd14b00,0,0) at route_send+0xd7 sosend(ffff800001405c08,0,ffff80003c57b3e8,0,0,808) at sosend+0x804 sendit(ffff80002a7f9ca8,3,ffff80003c57b4e0,808,ffff80003c57b580) at sendit+0x5a5 sys_sendto(ffff80002a7f9ca8,ffff80003c57b630,ffff80003c57b580) at sys_sendto+0x8d syscall(ffff80003c57b630) at syscall+0x962 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x47559364df0, count: -10 ddb> show registers rdi 0xffff800038152000 rsi 0x92f rbp 0xffff80003c57afe0 rbx 0xde rdx 0xffff800038152000 rcx 0xffff800001497f40 rax 0xfffffd806cd141e0 r8 0x1000 __ALIGN_SIZE r9 0 r10 0x63c7bb31ab66a08e r11 0x495c534b059ebc16 r12 0x19 r13 0xfffffd806cd14100 r14 0xfffffd806ba2c898 r15 0xffff800000039058 rip 0xffffffff81e9e627 arp_rtrequest+0x657 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c57af60 ss 0x10 arp_rtrequest+0x657: movzwl 0xc(%rcx,%rbx,1),%ecx ddb> show proc PROC (syz-executor) tid=182029 pid=21849 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a822d10,0xffff80002a7f82c8 process=0xffff80003c98a010 user=0xffff80003c576000, vmspace=0xfffffd806bf06010 estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 54421 295870 56838 0 2 0 syz-executor 17107 284582 73921 0 2 0 syz-executor 17107 211747 73921 0 3 0x4000080 fsleep syz-executor 79668 363620 88216 0 2 0 syz-executor 5295 291998 76607 0 2 0 syz-executor 5295 410115 76607 0 3 0x4000080 fsleep syz-executor 75011 151206 41307 0 2 0x10 syz-executor 75011 367439 41307 0 3 0x4000090 fsleep syz-executor 21849 185409 5345 0 2 0 syz-executor *21849 182029 5345 0 7 0x4000000 syz-executor 13324 393270 60175 0 2 0 syz-executor 13324 151586 60175 0 3 0x4000080 fsleep syz-executor 75251 118945 92007 0 2 0 syz-executor 75251 170808 92007 0 2 0x4000000 syz-executor 5345 322591 6503 0 3 0x82 nanoslp syz-executor 73921 324543 6503 0 2 0xc82 syz-executor 88216 77107 6503 0 2 0xc82 syz-executor 76607 161005 6503 0 3 0x82 nanoslp syz-executor 56838 425245 6503 0 3 0x82 nanoslp syz-executor 41307 59834 6503 0 3 0x82 nanoslp syz-executor 92007 330272 6503 0 3 0x82 nanoslp syz-executor 60175 149870 6503 0 2 0xc82 syz-executor 6503 135450 79547 0 2 0x2 syz-executor 79547 221665 64598 0 3 0x10008a sigsusp ksh 64598 22123 57773 0 3 0x98 kqread sshd-session 57773 498653 11925 0 3 0x92 kqread sshd-session 92768 339362 1 0 3 0x100083 ttyin getty 11925 346713 1 0 3 0x88 kqread sshd 70211 199119 79914 73 3 0x1100090 kqread syslogd 79914 221845 1 0 3 0x100082 sbwait syslogd 11371 182509 1 0 3 0x100080 kqread resolvd 55906 426112 49028 77 3 0x100092 kqread dhcpleased 55338 338728 49028 77 3 0x100092 kqread dhcpleased 49028 488428 1 0 3 0x80 kqread dhcpleased 91256 267573 0 0 3 0x14200 bored smr 2991 273394 0 0 2 0x14200 zerothread 72821 284707 0 0 3 0x14200 aiodoned aiodoned 86558 220737 0 0 3 0x14200 syncer update 98425 137354 0 0 3 0x14200 cleaner cleaner 27758 366177 0 0 3 0x14200 reaper reaper 35352 190940 0 0 3 0x14200 pgdaemon pagedaemon 48559 269711 0 0 3 0x14200 bored viomb 60481 194587 0 0 3 0x40014200 acpi0 acpi0 456 351833 0 0 3 0x14200 bored softnet7 39106 74964 0 0 3 0x14200 bored softnet6 79126 455167 0 0 3 0x14200 bored softnet5 90862 387198 0 0 3 0x14200 bored softnet4 54018 473186 0 0 3 0x14200 bored softnet3 39234 141582 0 0 3 0x14200 bored softnet2 71972 328897 0 0 3 0x14200 bored softnet1 58995 53479 0 0 2 0x14200 softnet0 48919 256695 0 0 3 0x14200 smrbar systqmp 13065 223070 0 0 3 0x14200 bored systq 95163 313096 0 0 3 0x40014200 tmoslp softclock 4117 64026 0 0 3 0x40014200 idle0 1 82224 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10170 11040K 11053K 166960K 11247 0 pcb 18 12K 12K 166960K 18 0 rtable 214 7K 7K 166960K 272 0 pf 30 12K 12K 166960K 30 0 ifaddr 42 7K 7K 166960K 44 0 ifgroup 50 2K 2K 166960K 50 0 sysctl 1 1K 9K 166960K 5 0 counters 32 17K 17K 166960K 32 0 ioctlops 0 0K 2K 166960K 30 0 iov 0 0K 0K 166960K 1 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1335 84K 84K 166960K 1351 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 97K 166960K 139 0 proc 57 58K 124K 166960K 472 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 4 0 in_multi 99 7K 7K 166960K 99 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 31 148K 148K 166960K 31 0 exec 0 0K 1K 166960K 341 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 204 142K 152K 166960K 2681 0 UVM aobj 4 2K 2K 166960K 4 0 pinsyscall 39 78K 96K 166960K 1151 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 27 2K 2K 166960K 27 0 temp 33 8630K 8694K 166960K 3624 0 kqueue 13 20K 20K 166960K 21 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 36 0 32 1 0 1 1 0 8 0 rtentry 136 96 0 1 4 0 4 4 0 8 0 unpcb 144 32 0 16 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 736 9 0 2 1 0 1 1 0 8 0 arp 88 10 0 0 1 0 1 1 0 8 0 inpcb 328 59 0 47 2 0 2 2 0 8 1 nd6 104 16 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 437 0 0 28 0 28 28 0 8 0 art_table 40 439 0 0 5 0 5 5 0 8 0 art_node 32 96 0 4 1 0 1 1 0 8 0 shmpl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1546 0 41 95 0 95 95 0 8 0 ffsino 256 1546 0 41 95 0 95 95 0 8 0 nchpl 144 1731 0 48 63 0 63 63 0 8 0 uvmvnodes 80 1628 0 0 34 0 34 34 0 8 0 vnodes 216 1628 0 0 91 0 91 91 0 8 0 namei 1024 5028 0 5028 2 0 2 2 0 8 2 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 6236 0 6236 8 0 8 8 1 8 8 plimitpl 152 28 0 11 1 0 1 1 0 8 0 sigapl 424 417 0 367 7 0 7 7 0 8 1 knotepl 120 3208 0 3161 2 0 2 2 0 8 0 kqueuepl 184 17 0 8 1 0 1 1 0 8 0 pipepl 304 97 0 70 3 0 3 3 0 8 0 fdescpl 448 397 0 367 5 0 5 5 0 8 1 filepl 120 1271 0 1055 7 0 7 7 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 21 0 13 1 0 1 1 0 8 0 pgrppl 48 29 0 13 1 0 1 1 0 8 0 ucredpl 104 68 0 56 1 0 1 1 0 8 0 zombiepl 144 367 0 367 1 0 1 1 0 8 1 processpl 1168 417 0 367 5 0 5 5 0 8 1 procpl 664 424 0 368 5 0 5 5 0 8 0 sockpl 552 127 0 95 3 0 3 3 0 8 0 mcl8k 8192 4 0 4 1 0 1 1 0 8 1 mcl4k 4096 2416 0 2363 14 0 14 14 0 8 5 mcl2k 2048 147 0 146 1 0 1 1 0 8 0 mtagpl 96 4 0 4 1 0 1 1 0 8 1 mbufpl 256 3715 0 3583 9 0 9 9 0 8 0 bufpl 280 2820 0 117 194 0 194 194 0 8 0 anonpl 24 61077 0 58162 23 0 23 23 0 187 3 amapchunkpl 152 7092 0 6672 17 0 17 17 0 158 0 amappl16 200 383 0 371 3 0 3 3 0 8 2 amappl15 192 3 0 3 1 0 1 1 0 8 1 amappl14 184 130 0 120 1 0 1 1 0 8 0 amappl13 176 7 0 7 1 0 1 1 0 8 1 amappl12 168 993 0 965 2 0 2 2 0 8 0 amappl11 160 41 0 31 1 0 1 1 0 8 0 amappl10 152 2 0 2 1 0 1 1 0 8 1 amappl9 144 255 0 255 1 0 1 1 0 8 1 amappl8 136 16 0 15 1 0 1 1 0 8 0 amappl7 128 89 0 79 1 0 1 1 0 8 0 amappl6 120 180 0 177 1 0 1 1 0 8 0 amappl5 112 110 0 103 1 0 1 1 0 8 0 amappl4 104 271 0 256 1 0 1 1 0 8 0 amappl3 96 1139 0 1044 3 0 3 3 0 8 0 amappl2 88 607 0 554 2 0 2 2 0 8 0 amappl1 80 7751 0 7202 13 0 13 13 0 8 0 amappl 88 2060 0 1918 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 397 0 367 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 397 0 367 1 0 1 1 0 8 0 vmmpekpl 168 4687 0 4662 2 0 2 2 0 8 0 vmmpepl 168 30614 0 28819 79 0 79 79 0 357 0 vmsppl 368 396 0 367 4 0 4 4 0 8 1 rwobjpl 40 11855 0 9422 26 0 26 26 0 8 0 pdppl 4096 801 0 734 97 14 83 83 0 8 16 pvpl 32 169400 0 161333 67 0 67 67 0 265 1 pmappl 216 396 0 367 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 366 0 14 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace arp_rtrequest(ffff800000039058,1,fffffd806ba2c898) at arp_rtrequest+0x657 rtrequest(1,ffff80003c57b190,0,ffff80003c57b100,16) at rtrequest+0xf08 rtm_output(ffff800001495c00,ffff80003c57b238,ffff80003c57b190,0,16) at rtm_output+0x91a route_output(fffffd806cd14b00,ffff800001405c08) at route_output+0xa2b route_send(ffff800001405c08,fffffd806cd14b00,0,0) at route_send+0xd7 sosend(ffff800001405c08,0,ffff80003c57b3e8,0,0,808) at sosend+0x804 sendit(ffff80002a7f9ca8,3,ffff80003c57b4e0,808,ffff80003c57b580) at sendit+0x5a5 sys_sendto(ffff80002a7f9ca8,ffff80003c57b630,ffff80003c57b580) at sys_sendto+0x8d syscall(ffff80003c57b630) at syscall+0x962 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x47559364df0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace arp_rtrequest(ffff800000039058,1,fffffd806ba2c898) at arp_rtrequest+0x657 rtrequest(1,ffff80003c57b190,0,ffff80003c57b100,16) at rtrequest+0xf08 rtm_output(ffff800001495c00,ffff80003c57b238,ffff80003c57b190,0,16) at rtm_output+0x91a route_output(fffffd806cd14b00,ffff800001405c08) at route_output+0xa2b route_send(ffff800001405c08,fffffd806cd14b00,0,0) at route_send+0xd7 sosend(ffff800001405c08,0,ffff80003c57b3e8,0,0,808) at sosend+0x804 sendit(ffff80002a7f9ca8,3,ffff80003c57b4e0,808,ffff80003c57b580) at sendit+0x5a5 sys_sendto(ffff80002a7f9ca8,ffff80003c57b630,ffff80003c57b580) at sys_sendto+0x8d syscall(ffff80003c57b630) at syscall+0x962 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x47559364df0, count: -10