last executing test programs:

1.195028523s ago: executing program 2 (id=3):
r0 = syz_open_pts()
ioctl$WSMUXIO_LIST_DEVICES(0xffffffffffffffff, 0xc1045763, &(0x7f0000000040)={0x0, [{0x7}, {}, {0x3}, {0x3, 0xfffffffc}, {}, {0x3}, {0x0, 0xaa59}, {}, {0x1, 0xffffffff}, {0x0, 0x100000}, {0x2, 0x4}, {}, {}, {}, {0x0, 0x80000001}, {0x2, 0xffffffff}, {0x3, 0x3}, {0x3, 0x7218}, {0x0, 0x2}, {0x0, 0x6}, {0x2}, {}, {0x3}, {}, {0x2}, {0x2, 0x80001}, {}, {0x0, 0x200}, {0x2}, {0x2, 0x2}, {0x2, 0xa}, {0x2}]})
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001700)={&(0x7f00000000c0), 0x1c, 0x0}, 0x0)
semop(0x0, &(0x7f00000000c0)=[{0x2}, {0x0, 0x2ff, 0x800}], 0x2)
connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c)
sysctl$net_inet_udp(&(0x7f0000000080)={0x4, 0x2, 0x11, 0x5}, 0x4, 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r1 = socket(0x18, 0x1, 0x0)
close(r1)
socket(0x18, 0x2, 0x0)
sendmsg$unix(r1, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0)
syz_open_pts()
syz_open_pts()
fsync(r0)

1.166439748s ago: executing program 5 (id=6):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
recvmmsg(r1, &(0x7f0000000440)={&(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/90, 0x5a}], 0x3, 0x0}, 0x1}, 0x10, 0x0, 0x0) (async)
execve(0x0, 0x0, 0x0) (async)
sendmmsg(r1, &(0x7f0000000400)={0x0, 0x4}, 0x10, 0x1)

1.159500264s ago: executing program 1 (id=2):
mknod(&(0x7f00000000c0)='./file0\x00', 0x1ffa, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x70e, 0x88)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x18289, 0x110)
r2 = open$dir(&(0x7f0000000140)='.\x00', 0x80, 0x4)
r3 = kqueue()
r4 = dup2(r2, r3)
r5 = geteuid()
readv(0xffffffffffffffff, 0x0, 0x0)
r6 = getgid()
fchown(r4, r5, r6)
syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff"])
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
mknod(&(0x7f0000000000)='./file0\x00', 0x1ffa, 0x0)
write(r1, &(0x7f00000004c0)="b96abcf5ac7cffa09ea845315c0d853a14", 0xffffff1c)
r7 = kqueue()
sysctl$net_inet_tcp(&(0x7f0000000300)={0x4, 0x2, 0x6, 0x17}, 0x4, &(0x7f0000001540)="9b0209c3", &(0x7f00000002c0)=0x4, 0x0, 0x0)
kevent(r7, &(0x7f0000000000)=[{{}, 0xfffffffffffffff9, 0x17, 0x1, 0x40000000000000}], 0x29f, 0x0, 0x7ffd, 0x0)
close(r0)

1.158866081s ago: executing program 4 (id=5):
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffff06000000aa"])
bind(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x0}, 0xc)
r0 = socket(0x18, 0x2, 0x0)
setsockopt$sock_int(r0, 0xffff, 0x1021, &(0x7f0000000040)=0xfffffffd, 0x4)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0)
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0})
syz_extract_tcp_res$synack(&(0x7f00000000c0), 0x1, 0x0)
r1 = socket(0x2, 0x2, 0x0)
ioctl$FIONREAD(r1, 0x8218694a, &(0x7f00000001c0))
r2 = socket(0x18, 0x2, 0x0)
setsockopt(r2, 0x1000000000029, 0xb, &(0x7f0000003680)='\x00\x00\x00\x00', 0x4)
poll(&(0x7f0000000000)=[{}], 0x20000000000000fe, 0x0)
setsockopt(r2, 0x1000000029, 0xd, &(0x7f0000000000), 0x14)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="00001c00ac14"])
syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"])
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r3 = socket(0x18, 0x1, 0x0)
setsockopt(r3, 0x1000000029, 0xc, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14)
setsockopt(r3, 0x1000000000029, 0x9, &(0x7f0000000100)='\x00\x00\x00\x00', 0x4)
syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"])
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r4 = socket(0x2, 0x1, 0x0)
bind(r4, &(0x7f0000000000), 0x10)
listen(r4, 0x0)
r5 = socket(0x2, 0x1, 0x0)
connect$unix(r5, &(0x7f0000000000), 0x10)
select(0x40, &(0x7f0000000000)={0x17, 0x6, 0x4, 0x8, 0x0, 0xfffffffffffffff5, 0x200, 0xfffffffffffffffc}, 0x0, 0x0, 0x0)

1.14454413s ago: executing program 6 (id=7):
r0 = socket(0x2, 0x1, 0x0)
shutdown(r0, 0x1)
ioctl$WSMOUSEIO_SCALIBCOORDS(0xffffffffffffffff, 0x81205724, &(0x7f0000000040)={0x200, 0xffff63de, 0x7, 0x2, 0x8, 0x100003, 0x40, 0x10, [{0x5, 0x2, 0x775, 0x80000201}, {0x2, 0x0, 0x7, 0xfff}, {0x2, 0x0, 0x2006}, {0x6, 0x7, 0x51}, {0x0, 0x7, 0xf11, 0x7}, {0x7, 0xffff, 0x80d2}, {0x24, 0x1, 0x85, 0x5}, {0x8d00000, 0x40009, 0xfffffff8, 0xfbffe2e9}, {0x8, 0xffa, 0x6, 0x7fff}, {0x0, 0xfffffff8, 0x400005, 0x8bfb}, {0xfffff0d1, 0x8000000, 0x8, 0x7}, {0x4, 0xc7cb, 0x800003, 0x2}, {0x401, 0x106, 0x8000009, 0x40}, {0x200003, 0x6e6, 0x2, 0x6f5fc48b}, {0x3, 0x5, 0x7, 0x5}, {0x3, 0x108001, 0x6, 0x69}]})
r1 = socket$unix(0x1, 0x2, 0x0)
poll(&(0x7f0000000000), 0x35, 0x0)
fchdir(r1)
syz_emit_ethernet(0x3e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600035ba00082c0c000000000000000086def3b60000000000000000000000000000000000000001"])
r2 = open(&(0x7f0000000380)='./file0\x00', 0x80000000000206, 0x4ebfac6bbaf7949)
syz_extract_tcp_res(&(0x7f00000001c0), 0x0, 0x3)
writev(r2, &(0x7f0000000280)=[{&(0x7f0000000040)='#!', 0x2}], 0x1)
write(r2, &(0x7f0000000140)="092020098900d60000ff4278ad535c2a415642010000005624b77b6a0a", 0x1d)
setsockopt$sock_linger(r1, 0xffff, 0x80, &(0x7f0000000180)={0x4, 0x4}, 0x8)
ioctl$VT_SETMODE(r2, 0x80087602, &(0x7f0000000000)={0x0, 0x1, 0x9, 0x5})
select(0x40, &(0x7f00000000c0)={0x9, 0x0, 0x4, 0x9fb0, 0x3, 0x2, 0x2, 0x9}, 0x0, 0x0, 0x0)

930.040048ms ago: executing program 2 (id=9):
setrlimit(0x8, &(0x7f00000000c0)={0x45, 0x56}) (async, rerun: 32)
r0 = getppid() (rerun: 32)
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={{}, 0x0, 0x0, r0}) (async)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff})
fcntl$setown(r1, 0x6, r0) (async, rerun: 32)
ioctl$WSKBDIO_GETMAP(r1, 0x80047476, &(0x7f0000000100)={0x0, 0x0}) (async, rerun: 32)
sysctl$kern(&(0x7f0000000040)={0x1, 0x21}, 0x2, 0x0, 0x0, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r2 = syz_open_pts()
ioctl$WSMOUSEIO_SCALIBCOORDS(0xffffffffffffffff, 0x81205724, &(0x7f0000000040)={0x80000000, 0xffff63de, 0x7, 0x2, 0xff, 0x100003, 0x40, 0x10, [{0x5, 0x3, 0xc, 0x80000201}, {0x2, 0x8, 0x6, 0xfff}, {0x7, 0xfffffffe, 0x2006, 0x1}, {0x2, 0x7, 0xf}, {0xfffffff8, 0x7, 0xf11, 0x7}, {0x3, 0xffff, 0x80d2}, {0x24, 0x1, 0x85, 0x5}, {0x0, 0x40009, 0xfffffff8, 0xfbffe2e9}, {0x8, 0xffa, 0x6, 0x7fff}, {0x0, 0xfffffff8, 0x400005, 0x8bf7}, {0xfffff0d1, 0x8000000, 0x8, 0x7}, {0x4, 0xc7cb, 0x3, 0x2}, {0x401, 0x106, 0x9, 0x40}, {0x200003, 0xee6, 0x2, 0x6f5fc48b}, {0x7e, 0x5, 0x3, 0x5}, {0x9be2, 0x108001, 0x6, 0x69}]}) (async)
poll(&(0x7f0000000000), 0x35, 0x0) (async)
writev(r2, &(0x7f0000001600)=[{&(0x7f0000000240)='r', 0x1}], 0x1)

929.559976ms ago: executing program 6 (id=10):
setrlimit(0x65d53b4a325a1946, &(0x7f0000000040)={0xffffffffffffffff, 0x1000})
r0 = socket$inet(0x2, 0x2, 0x0)
r1 = socket(0x11, 0x3, 0x0)
sendto$unix(r1, &(0x7f0000000180)="b1000504000004000000940a6c289ff38b8110e6adc6a695080003000000331c1302000000d5170ef7df9fea0b2a99b100fef96ec0c72fd3357ae30200004e3091f7c8cf5fb003000000000000000051e2f0ad3ebbc257699a1f139b672f4d335c223ee61a0aebc27d0c032bfa896443a42102d30ee8491ac673a17a4b7a86ba609ddfdb000000720fd18bfbb670c1f5a872c881ea6e2ec5890000eeff7f0036b7b9e00825e764b4761b4cc702fac5000028000000000000008abfba2200000000", 0x5, 0x0, 0x0, 0x0)
close(r0)
r2 = socket$inet(0x2, 0x2, 0x0)
socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r2, 0x0, 0x200000000000b, &(0x7f0000000080)='\x00', 0x1)
setsockopt$inet_opts(r0, 0x0, 0xd, 0x0, 0x0)
mknod(&(0x7f0000000000)='./file0\x00', 0x1ffa, 0x0)
syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"])
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r3 = socket(0x2, 0x2, 0x0)
connect$unix(r3, &(0x7f0000000000), 0x10)
write(r3, &(0x7f0000000080)="d99aca906c", 0x1dd6)
syz_open_pts()
socket(0x1e, 0x0, 0x0)
socket(0x11, 0x3, 0x0)

928.019253ms ago: executing program 5 (id=11):
r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x1, 0x0, 0x2, 0x7}) (async, rerun: 64)
sysctl$kern(&(0x7f00000000c0)={0x1, 0x54}, 0x3, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8f5f84cf71b59c7a00c37082", &(0x7f0000000080)=0x3d, 0x0, 0xffffffffffffff57) (rerun: 64)
sysctl$net_inet_ip(&(0x7f0000000040)={0x4, 0x2, 0x0, 0x1c}, 0x4, &(0x7f00000001c0), 0x0, 0x0, 0x0)
close(r0)

923.926286ms ago: executing program 2 (id=12):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0xe8, 0x0)
fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x23, 0x0, 0xfffffffffffffffe, 0x1000300000084, 0xffffffffffffffff})
ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, &(0x7f0000000180)={0x7, 0x4, 0x1252, 0x3, "ffffffffffe600000000000000ff00", 0x1, 0x671})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000ffff000001", @ANYRES32=r1], 0x10, 0x4}, 0x40a)
r3 = dup(r2)
setitimer(0x3, &(0x7f0000000040)={{0x9, 0x2}, {0x2ab8000000000000, 0x1}}, &(0x7f0000000100))
recvmsg(r3, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001200)=""/7, 0x7}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r4 = socket(0x2, 0x1, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r5 = semget(0x0, 0x1, 0x281)
semctl$SETVAL(r5, 0x0, 0x8, &(0x7f0000000080)=0x4)
semop(r5, &(0x7f0000000000)=[{0x0, 0xfff9, 0x1000}], 0x1)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0)
setsockopt(0xffffffffffffffff, 0x1000000029, 0xd, 0x0, 0x0)
semctl$SETALL(r5, 0x0, 0x9, &(0x7f0000000080)=[0x6])
setrlimit(0x8, &(0x7f0000000080)={0xe, 0x51})
r6 = syz_open_pts()
close(r6)
syz_open_pts()
ioctl$FIOASYNC(r6, 0x80047469, &(0x7f00000000c0)=0x5)
writev(r6, &(0x7f00000019c0)=[{&(0x7f0000000100)="33f57cbd9b7a3dce024abd0a4458ebe67b9601edd864f01b7384118224bac83dd8e2f9bac9fcf5581b498f230fc2c56937691faa0a6fbc6ec7d970f3e70feb02fcbb032f1cd77197", 0x48}], 0x1)
setsockopt$sock_int(r4, 0xffff, 0x1, &(0x7f00000000c0)=0x2, 0x4)
connect$unix(r4, &(0x7f0000000000), 0x10)
r7 = syz_open_pts()
ioctl$TIOCCDTR(r7, 0x20007478)
r8 = kqueue()
kevent(r8, &(0x7f0000000200)=[{{}, 0xfffffffffffffff6, 0x9, 0xf0000000, 0xfd, 0x10000}], 0x1, 0x0, 0x9b68, 0x0)
kevent(r8, &(0x7f0000000000), 0x3c383fcb, 0x0, 0x405, 0x0)

923.133755ms ago: executing program 0 (id=1):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x70e, 0xa0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r1, &(0x7f0000000000)="ed", 0x1)
sysctl$kern(&(0x7f00000000c0)={0x1, 0x27}, 0x4, &(0x7f0000000000)="71f91e3471ac0058bc5a91501d942400b5e1a0757cb9af769c7afec37082", &(0x7f0000000080)=0x306, 0x0, 0x2e)
recvmmsg(r2, &(0x7f0000000880)={&(0x7f0000000040)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000140)=""/173, 0xad}], 0x1, 0x0}, 0xffffffff}, 0x10, 0xc2, 0x0)
shutdown(r2, 0x2)
close(r2)
close(r1)
ktrace(&(0x7f0000000840)='./file0\x00', 0x1, 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/19, 0x13}], 0x1)
poll(0x0, 0x0, 0xf7fffff9)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendmmsg(r0, &(0x7f00000000c0)={0x0, 0x9}, 0x10, 0x400)

915.919625ms ago: executing program 6 (id=13):
socket(0x6, 0x8000, 0x7)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sysctl$net_inet6_ip6(&(0x7f0000000480)={0x4, 0x1e, 0x29, 0x7}, 0x4, 0x0, 0x0, 0x0, 0x0) (async)
sysctl$net_inet6_ip6(&(0x7f0000000480)={0x4, 0x1e, 0x29, 0x7}, 0x4, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000880)={&(0x7f0000000080)={0x0, 0xfffffffffffffe8e, &(0x7f0000000ac0)=[{&(0x7f0000000200)=""/173, 0xad}], 0x1, 0x0}}, 0x10, 0x2842, 0x0)
setsockopt(r0, 0x7, 0x1c8, &(0x7f0000000100)="c6ae9ad51f592a994ad491cf7f5b3a238af4c9ebf8d806671913e36535834580eed750897f08deee600f7e151b053c751f866243af91d1664fc9bcc01d7805c878db547142fc5c88d7faf177e245beef558795d078ffe62b6daf6bbbb08237593cf04530c01899703cd3bfd962ad2b3ebb21e4350becf531b5aa3eeef48c864253c0a09d17e06a79a4a6e7", 0x8b)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

856.311198ms ago: executing program 5 (id=14):
select(0x40, &(0x7f0000000040)={0x5, 0x8, 0xe60, 0x8001, 0x986, 0x8, 0x8, 0x40}, 0x0, 0x0, 0x0)
ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000000)={0x6, 0x4, 0x9, 0x549, "22f006000000009ba340c3000000000000007600", 0x3, 0xf})
sendto$unix(0xffffffffffffffff, &(0x7f0000000000)="b10005040000040000", 0x9, 0x400, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r0 = socket(0x11, 0x3, 0x0)
sendto$unix(r0, &(0x7f0000000000)="b1000504000004000000000001000000331c13fecea10500fef96ec0c72fd3357ae30200004e3003000000acf20b7804be38164991f7c8cf5f882b297be1aa0500000051e2f0ad3ebbc257699a1f139b672f4d335c223e7d0c032bfa896443a42102000000720fd18bfbb670c1f5a872c881ea6e2ec5890400000000008000361b4cc702fac500002021fbfa0c0f00008abfba221554f4e0f668246c0900000008e371a378343712051eea040000000000", 0xb1, 0x0, 0x0, 0x0)
semctl$GETPID(0xffffffffffffffff, 0x7, 0x4, 0x0)

855.96483ms ago: executing program 1 (id=15):
r0 = msgget$private(0x0, 0x7fc)
msgrcv(r0, &(0x7f00000000c0)={0x0, ""/34}, 0x2a, 0x0, 0x1000)
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0})
r1 = socket(0x18, 0x1, 0x0)
ioctl$FIONREAD(r1, 0x808c694d, &(0x7f0000000000))
msgsnd(r0, &(0x7f00000010c0)=ANY=[], 0x0, 0x0)

665.203395ms ago: executing program 7 (id=8):
ioctl$VMM_IOC_RESETCPU(0xffffffffffffff9c, 0x82405605, &(0x7f0000000100)={0xfffffffc, 0x0, {[0x6, 0x0, 0x2, 0x100000000, 0x0, 0xffff, 0x2e, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x7053, 0x2000000000, 0x2, 0x100], [0x2, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x80000000, 0x3, 0x0, 0x0, 0xfffffffffffffff0], [0x0, 0x2, 0x4], [0x100, 0x20000000000, 0x0, 0x100000020, 0xfffffffffffffffe], [{0x0, 0xa, 0x0, 0x7d06}, {0x0, 0x2, 0x9}, {0x0, 0x0, 0xfffffffe, 0x1000}, {0x8, 0x0, 0x6, 0xfffffffffffffffe}, {0xfffc, 0x400, 0x0, 0x4}, {0x0, 0xfffffff7, 0x40003, 0x1}, {}, {0x2, 0x3, 0xa, 0x8}], {0x0, 0x5}, {0x3, 0xfffffffd, 0x4, 0x2}}}) (async)
pipe(&(0x7f0000000280)={<r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$sock_cred(r1, 0xffff, 0x1022, 0x0, 0x0) (async, rerun: 32)
r2 = socket(0x18, 0x2, 0x0) (async, rerun: 32)
shmctl$SHM_LOCK(0x0, 0x3)
setsockopt(r2, 0x1000000000029, 0xa, &(0x7f0000003680)='\x00\x00\x00\x00', 0x4) (async, rerun: 32)
setsockopt(r2, 0x1000000029, 0xb, 0x0, 0x0) (async, rerun: 32)
r3 = socket$unix(0x1, 0x5, 0x0) (async, rerun: 32)
r4 = kqueue() (rerun: 32)
fcntl$setflags(r0, 0x2, 0x1) (async)
fchmod(r4, 0x40)
fchdir(r3)
sysctl$kern(&(0x7f0000000200)={0x1, 0x32}, 0x2, &(0x7f0000000380), 0x0, 0x0, 0x0)
ioctl$WSKBDIO_GETMAP(r0, 0x80047476, &(0x7f0000000100)={0x0, 0x0})

664.222013ms ago: executing program 0 (id=19):
symlink(&(0x7f0000000f00)='./file0\x00', &(0x7f0000000f40)='./file0\x00')
lstat(&(0x7f0000001c40)='./file0\x00', 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0xe8, 0x0)
chflagsat(r0, &(0x7f0000001140)='./file0\x00', 0x0, 0x2)
sysctl$kern(&(0x7f00000000c0)={0x1, 0x48}, 0x2, 0x0, 0x0, 0x0, 0x0)
sysctl$kern(&(0x7f0000000000)={0x0}, 0x0, &(0x7f0000000040)="f59b55015d93fe3ab0368f2a0b8ce4cbcb4a4661c1ed5230113c3bab846e77b7132f36b65678b5787c427c6f34125b2b13972f5f9ade7a6f88e44c0fa50d95671c397aa0c627bc3f9082aed244591ce2a6b390e6fa7e33", &(0x7f0000000100)=0x57, &(0x7f0000000140)="d524d43830ec8bfe32c6f5a77552a7efe8f7574c273d7b12e5aee1a0b95f0b0173ebe27aacb787d494febc24f57dded3ee676bfb26ab30e78708827a2a969ca19150e23ee300294aba678e936f7e47c213fd56db0c7312bc1b3423d8ca276b1b46f4d442e198d15fff71b5b586f87aed26c2765aea80527b7b3e0e375013fcbb83c6119f506bee9cadb1d320b0cb7cc1baa14d709fc79e3733d1f326d8a01cd610f2d90ea5b139b2ca692b83103b2661d3d6097e0b75f634c646ddbe2834661a59aefcbd5527726e0a25999f5752f83669a77b6e027f2f612fc8748d40145ac67ba72cded31b9cbf58a8ef1d67bfce204d1ec50a0b401ef56a51efc7f1e59333f84eadc7a92325c977a5a04bf69b6ef5f72f5572cfaa752a4fc8392720a99c8160becccd06a83596a67930ac06f93dfd8b135e867811b174d6c7101f7de8d9662dee44f0122a5df22c69a4cf4ebabea86622fce8c4eb80b634b450b34d2d36522f041074dc40991effd637fd8353653e375194893f942b5779c2d864b7ba9b43cee393f14035059b4975cdf85b0eb031b53e84b688b0ae290c112c9ad9daed299dea9ef368be3e1ae5b7e5293e61b147da4ab78a998470c6017bcc16f29776b18426ab56a24d3ecf0baa7a99bdf1cbade42d2eb924dfcc5bb0fac51539e061780990b185e6c919e1682dc073c2379907cd97f5bc1d797f79e9c82f2c66dcaaf4258ffe1dffa7952053fd4f2a772774be3f85337893f469868a65f8d05c32d71a7a65a70d86fee02c80c87db1a462250cb57219f8e09ed7953185f39f35ea454da299a9c6a3b18b523bfe8350afff96acab860b2696c6ba43ecaa9cf1037c4293cc3a5b2cd44fe9b37d2a5bc506f51c1e49865138b257527fcce077f15c8f55d9291acb4040c768c05635e6cde2968d8aab3adfb99c701d8da3cbeff78ff7af4282977d68b6b1fa68919aa49b18219c0027f4c6aa677b7b594f098fb051a97df83caf8d98226be37038b731530f6d859c73fa8096d7f5c9ba0e19e1caadbaad4e73f5cd7f25137c790c841b75e1b5a21c1a5601514d84014db25c539813de0daafaa6a59b6e562b49e2144b40688d3d7ecb2e0e0a92f6dc5c6730bb785edd42ce6d3b42889f066373ac23045022556941c1f5d4a98cb65f10f5f455bec5ff28a1b4e250ed147d5d2f3e21a25b5f040b936b68a3b406c1a7f5a32bc6753543338efa584db54abc8f32e98cf5928d72723ac321ad2ad74a79397bb7527b6fa2767ddd165458e0e7eef8f9fc8d7dea9a8de0ed87a14352f23b3f87665564b5bcfcba78ef2af2e3f96249f6489a3db14d9f15647f80415336682f1de14ef2c94f73cb053869a3ea01997a3086061303b7e8b549d038cd2d4ec25d32101be80dabb0548006ecc0ccdc911230db123dd85dec628cf8ac562fd43c898b381ef450cede4007b84a69108b9fe705978692fac526e8f4b1303f1fdf1d2dc5ae2b3dd8de3ec1a47685b157d0c6e706e1ca796a298a27fc9bf566686c61146e72393e3084ce73d1737bba72a697c83db56718f55f07f638a99f6d6693f647f86d4e09380af830236a85a35b9ce2faf3f3553d9daa0172142dd0e1aab3431a97e25d52c5648ceda06a2f3428b777fa01f968f7de94af2ceff70e35f6b77d1f7ded9cc26830e73079964d44f5de44763d0bb604644c68a7408416c1b89d3d4ef4923a9ebaf4e16c50c0ab55903de9e55a78a754e8e66ebc5256701bfa3d80665ba77763a3599011cf15117994950e189319defd7e9a355c8e5fc08830e96935dd1fd2a13488a06efa0a6062072a3dce2330d43715eccf0534ce63b1e48be5eef09448d73c78bd6298824a53aa034f55e4f7013baa5d7bb2bc240d5ca6218bd401e8ac77341778fe1cc91b1a79e5e66e9889e81bf3d3a1e8c9d2c4c83f74f34a24914e7bf70309019cdd440dc492dcd95c43aeb6967588c35f3174179a37f8492baf6bb31be0786ead56b670e70d27f03e9c327fa82fa54ee27413bbea88c76cee56b72ef60736630e40e422b254e7bb402048fcc673c352981d4b54069cd3e7a10381eb4797db62008e39607e48cf26dbea25c7102d2fa48efeea82a00a76649cacf416f75e634bd3a6ae5003e9357963e82562fd31397d997159636bcfd4957fe87e94b97a55ae4cb852a3829233607e785d84efd49e04ed7a4bb39970595ab072239d8689b8d53d9e714eb27e061574f7a84b8e252d0733d14f77a16d608265ffdf0ee75bb1fcb9a8e4da383834bbb0142684d4207905f6c9204aefb66e72a7b77e38ead213a8a1133cd454de5bf8e2aa2449401decfeb2cd1c64ede1bfa28788818695d5372d3ae4e2cce8601fff2af529d5dda607750aa3bc1fdd4821956277da630376a276c15d2f866282500522566ead8efdfd6e0dadae4bb5a99bdf298e298006bfa3e7bc1dc0a6f0e897c7daf7411e96490aef90d06fe313c1636709383deb2b9c1acf0fbd32123a1704785d05a4d2aba68b5342e1dba5088108b26600ab8d92e461b314e7b64e41af4612a135ede2e022229632627a0a41bfe127f3b8161879d040eec499cfdcf18355b4d257c60b84f5450a2cadba6c8b32e461bdec5a4ca51f36fd1c454ae30caf86f39c43fd5da91cb8405b793115c3a26d11db83b55a0d758f730f572c28742c8492a27bef9425b9d8487705c4215f39cc4b8d2a8261c1fd7f8480fc21c7673d36a39988c32ce41187f351484089ed743521e8d66c5ded55a4243f25be3605c4b7ba1f4a92ce36a45f6b4985266ffb55cc759770d165b198fe9a4c52bb73dd9282f823d745c0f68f82031931355adee931c37746aa5cff0eb8b845474157f03ab2a1033bb8e51ad1eafd4423791d9b0284f3cf15349adae10a999327048ef9ef3c49d2affc72005637f9d05f3bbceb1597e8152221347abb8422246bc3f85311e6bd11187f2645a875cfecaf1c70e667e8f261c76ebe6ae74019b1dafebd55c0ac4749e24e587ddf9cd06e75a9b6b3e14505db1ad7b7d8fecb04f8ad1cb3a8f702eb8a3807a52fab797dee5a0ac598ce863504c519761ddd8f16e6e853769f664e414336761086ee04b356d074c235c8bf9ca37997aa88960d419c362279c1212fe5350e5b417d675a9bed5f70aded73365e729e827da0494d017e865a7a4d564daf20bbba11839d96b16869b6a9549d350a80a55eda962ebcbde8fcfd1dbbfee85cb9a01c87030683c35b02671fa012d01419de9ebc5bbd48ac5a74a9db9feb08a74a3dc3c398d75017474172ba3895ce65d8fc300231a43df41691062ba483dd72df5641b77e85ab15f3944fd7bab778eff64e03abc35f78848c1fc25787ebe045f805991965f53a83fb8d80063e5e731347f56fe13dde92b1b724c4eb66f9f3e63ac9fdb8d9fb94fd6773b85d728a1ef5a4a050817670993e16be36fb48ee82598ccbd19d6b63e8bbc4a054dea983c70b2e9d821b2fbceb21f9a0b48071bbbb5ce0a1d640c741d669bacd4ce61c2e330a68eb6968b60ddb6af21987e5d97206d8da6132a7367991c40643a7bab31aa2dad9a21c7b0f032217ae89301ee68b40cf9344d142eb1e210e052985eb91f11fd13325fd09dda82bc2e81a396ce357cdf05facacd561bb29913181e3a5306c619f181ba3745b97719c6903b4504dbb8df23d1dbd2792b4a757254bebe414d64654b989b340c6373ef05c35ec40126d587c2bae341e7cae5cbda7053d5d5a0cdfaf5b2c9f74fa6f8fcdaaff1c79f57ba746c24467703775d76310f3e0af01fde108095cfd77745e1eb9692a6c0c6f5947300e24c7952aeb3f86ed332e1d6330e0e420fa8a3b85ab7c9a96c25ea99f55ca11ee7cf600facc8c5a97a2576762b7c09777b759af3f9345cf16d780f4dd1f1abe4370909814308ac9c4fddf1fb360a70b9ef3d74f85c68f78ad59b94620025be5114fb3a26914b679e7224b66e6a628e4482aef5ad8f85fbe4527a2470dc1d754df8e677b713743182259c726e019b53f8ee2294d1eaebca8178cfc31fb7e1b815ad22d2712f148da0520ac09ed82c50d979bf853554e7190532369a7e2fd33fff5d511b7474afa99f3c3548c52e381715aca6b90dcc45ab73151e1dc4962b329ed1eef384b4a87d60f1cb9540ec4e08043f34698147569eef4161f8532df70c15f4a137cfd1f74114eb90227c3e7493e7f12d08bf5a270cba6b08ab6094376d9e9ba13ef30bf2e772816c89d07126812065e5e34de8d7e447e5b8ebd61559dfb60747033abd391ac42cf35f37ffc15bf5f93f10608ae6fa088fbf9280e36b933d6709143b36d815318013863c9e70e8983936be35f5536af199ba3bd21a20208861f6bb79bae61198b910ebf7641cb3f3f49f71e884ca13632a93ea198e6f290a0c08960c6b073c2ebbf46af4b9d59f423764d3d2a3509f763363e92952e51585269dee471775d77b9d90efb9902cf6625f3dfef5f720de3b32c3037e320d3e01d069fcc4b05568c3915f61248aa01cb4591934acfbde7f0dac46d06109cb61e9e001ad94dbccc8f3ae0fb345c7934294b138adab33b0fd1473af914941c6374edb3314c39525f17d1e30de4c3e9f3d105892e0e5fc08dd976448fbe18af582b566dce96a9b6f08e375f0a8fba435ea6585eece491c98dfbd7afdca44cc62d24e326291bf247345dd3b6195c58ee1bda2e60ab17ee2f08171676abd7b994f9fc06799466b0ecafcd5271030574e2397ac0dfceaa4ae17e78f00c86ebdf91ff0eb0d0e10b4f1215663311c9f2013ff1918478100f265528201ca50566b2a6836a44d719b751e1aef01aaf9c2438bd13998341c4b7ddd135a29f5c211cbc7056aff58d6e5026a38a2f3c7b521051995f62c24653be7b07ae6e183546f291642b5c9e72b8a53c1897ec1186ce5a89d5aa4eb996546f27bf4c20b2a387de318f7929ff5ccbd124aed503949bc74cf8168dbe3f58440d1193099169b3c056467612e0f0f5c17a59e6969df630999e83f92f9c1e9d06e30b12a5e4a556e53d6e2b04bef06bdbe90306dbdbb4d9d6a08b9505ac36b3b11fbe6213db0d5e6d22a0cfc704944250dcd71da7302edf13b3ea22a6ff5a64ad73f42e302e28e02e655b12de9aef30137a7edb8dc04826ff05e8f4505ea2a1d7eab9beb39e622c39d728bb73c80116bbc37da7a941225508cf4ec13006feb0ba780d8791c88cbd6dbec63bc699b8eef85f663feac134ad1b975e88af96f8ecacf79dc8d9bdd97a1cebf6442a00224ca61a6feeca992d5fe59190ea594fd3ebafe2da460ffb234f186389da2efcb7987bc6e6853606fac19f20e001f59e1cde4b2a443291892fc5d3ab6ccbf6abc4df248f13681f42a660c50901484258728340913740d770616337a93a3a17ce9c397654a0d8a1dfc4a18a41b6a2544fd17b468f2413d72216adee6bbcef0af2606700ea711e7ae5bf1a42300b94a1cd8ec350af9c64f71e74bd9d2b62434dfd6d29fa5629e4bd688d336fe9a8b9b936f9db14a5430bd6656f25ca4ccc15183485ccbdc932ee1b87547b8992c64395a129ad2daaf385bfbfb7ce2cc16347bd378092176a64bc54e33990c3e2a000b5867987994241e4b8dbcdba98fa285d975f66daf8fb0ab32f0dcfa36d1d2ae8d5ae78335bcd6f980fe73e32c6973813559e27eca301c4883629abc07351219c74b13d7c4f58971c27d5621bdd5b9037b0ea2c8b2f72cdcf62ce0482d52445cb2db9f2189d9f97c1d63878ec52566d2da4e0ca2a297da9cf2de8f730bec07fe488d164f1a99e13edf853", 0x1000)

663.972304ms ago: executing program 7 (id=20):
r0 = socket$unix(0x1, 0x2, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
shutdown(r1, 0x0)
bind$unix(r1, &(0x7f0000000040)=@file={0xd19450564dee018c, './file0\x00'}, 0xa) (async, rerun: 32)
sendmsg$unix(r0, &(0x7f0000000080)={&(0x7f0000000040)=@file={0x1, './file0\x00'}, 0xa, 0x0}, 0xc) (rerun: 32)

571.110701ms ago: executing program 7 (id=22):
r0 = open(&(0x7f0000000040)='./file0\x00', 0x18289, 0x110)
ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x0, 0x0, 0x5, 0x483}, {0x4, 0x0, 0x0, 0x2d}]})
sysctl$kern(&(0x7f0000000080)={0x1, 0x31}, 0x4000000000000004, 0x0, 0x0, 0x0, 0x0)
write(r0, &(0x7f00000004c0)="b96abcf5ac7cffa0b5a845315c0d853a14", 0x11)

570.397545ms ago: executing program 7 (id=23):
syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"])
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r0 = socket(0x2, 0x2, 0x0)
connect$unix(r0, &(0x7f0000000000), 0x10)
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0})
r1 = socket(0x18, 0x1, 0x0)
ioctl$FIONREAD(r1, 0x802069c3, &(0x7f00000001c0))
setrlimit(0x8, &(0x7f0000000580)={0x1, 0x3})
r2 = syz_open_pts()
socket$unix(0x1, 0xad26bc1c7fb17713, 0x0)
sysctl$net_inet6_ip6(&(0x7f0000000480)={0x4, 0x18, 0x29, 0x7}, 0x4, &(0x7f00000004c0)="8e6fc6103a14677901f13a3540cfc71741898b9d9f39a1b6c978be97e37d4e1b84a62b39e817654c906af8799dfd595e38d52bf74ae7ba5fb98e710dd2bd680012ed918a3be1f765fe64f415d1c4c0776ea9b86b2c1643235ff3469cb68e942d7688d205a35f21d2", &(0x7f0000000580)=0x68, 0x0, 0x0)
close(r2)
syz_open_pts()
ioctl$TIOCSETA(r2, 0x802c7414, &(0x7f0000000380)={0x7fffffff, 0xd, 0x4347e793, 0xdfffff8d, "0dc80d7f1f4317aba3ab001100", 0x1, 0x20001})
writev(r2, &(0x7f0000000300)=[{&(0x7f00000005c0)="8eb5cad3b33ea7c93cd5e57e1297facf30f9a61f9f9cb2aa2ea2ed2451327c34ec12f0bf07fa7ac525ff315a83173e4f3196d7f3b08fb94005000000000000004e03005f4060a0c23089ddbffdd149db7758519eef60fd70b3f1dd8a37c6badb9042827d240dfe1ea0707226ff8962277c3b8bbed6ab3576af069635cfa21dcca550e3b672b4161e862db83fe37f886a25d71b67b62764be2e1e1a945c7c2065540f73cf9bd1874312f6c540ad715a8cd5e22b90566b9b22190708aea26f3639171e0ba232dc804d25c0e664efa27cad096ee6cb1db7fdd2e119be8a8a", 0xdd}], 0x1)
syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"]) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) (async)
socket(0x2, 0x2, 0x0) (async)
connect$unix(r0, &(0x7f0000000000), 0x10) (async)
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0}) (async)
socket(0x18, 0x1, 0x0) (async)
ioctl$FIONREAD(r1, 0x802069c3, &(0x7f00000001c0)) (async)
setrlimit(0x8, &(0x7f0000000580)={0x1, 0x3}) (async)
syz_open_pts() (async)
socket$unix(0x1, 0xad26bc1c7fb17713, 0x0) (async)
sysctl$net_inet6_ip6(&(0x7f0000000480)={0x4, 0x18, 0x29, 0x7}, 0x4, &(0x7f00000004c0)="8e6fc6103a14677901f13a3540cfc71741898b9d9f39a1b6c978be97e37d4e1b84a62b39e817654c906af8799dfd595e38d52bf74ae7ba5fb98e710dd2bd680012ed918a3be1f765fe64f415d1c4c0776ea9b86b2c1643235ff3469cb68e942d7688d205a35f21d2", &(0x7f0000000580)=0x68, 0x0, 0x0) (async)
close(r2) (async)
syz_open_pts() (async)
ioctl$TIOCSETA(r2, 0x802c7414, &(0x7f0000000380)={0x7fffffff, 0xd, 0x4347e793, 0xdfffff8d, "0dc80d7f1f4317aba3ab001100", 0x1, 0x20001}) (async)
writev(r2, &(0x7f0000000300)=[{&(0x7f00000005c0)="8eb5cad3b33ea7c93cd5e57e1297facf30f9a61f9f9cb2aa2ea2ed2451327c34ec12f0bf07fa7ac525ff315a83173e4f3196d7f3b08fb94005000000000000004e03005f4060a0c23089ddbffdd149db7758519eef60fd70b3f1dd8a37c6badb9042827d240dfe1ea0707226ff8962277c3b8bbed6ab3576af069635cfa21dcca550e3b672b4161e862db83fe37f886a25d71b67b62764be2e1e1a945c7c2065540f73cf9bd1874312f6c540ad715a8cd5e22b90566b9b22190708aea26f3639171e0ba232dc804d25c0e664efa27cad096ee6cb1db7fdd2e119be8a8a", 0xdd}], 0x1) (async)

570.102715ms ago: executing program 7 (id=24):
r0 = socket(0x18, 0x1, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
setsockopt(r0, 0x1000000029, 0x37, &(0x7f0000000080)="03100000", 0x4)
r1 = socket(0x11, 0x3, 0x0)
sendto$unix(r1, &(0x7f0000000100)="b1000504000004000000000001050000331c13fecea10500fef96ec0c72fd3357ae30200004e3003000000acf20b7804be38164991f7c8cf5f882b297be1aa0500000051e2f0ad3ebbc257699a1f139b672f4d335c223e7d0c032bfa896443b42102000000720fd18bfbb670c1f5a872c881ea6e2ec5890400000000008000361b4cc702fac50000202129fa0c0f00008abfba221554f4e0f668246c0900000008e371a3f8343703051eea040000000000", 0xb1, 0x406, 0x0, 0x0)
r2 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000000), 0x82, 0x0)
ioctl$WSDISPLAYIO_GETEMULTYPE(r2, 0xc014575e, &(0x7f0000000040)={0x0, './file0\x00'})
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000400)="61848b04df", 0x5}], 0x1)
sysctl$kern(&(0x7f00000000c0)={0x1, 0x3e}, 0x3, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8e5f84cf71b59c7afec37082", &(0x7f0000000080)=0x1, 0x0, 0x37)
minherit(&(0x7f0000594000/0x4000)=nil, 0x4000, 0x3)

568.5847ms ago: executing program 7 (id=25):
setrlimit(0x8, &(0x7f0000000040)={0xa, 0x50})
r0 = kqueue()
fcntl$setstatus(r0, 0x4, 0x40) (async)
sysctl$hw(&(0x7f0000000040)={0x6, 0xb}, 0x3, &(0x7f0000000080)="bd0f192e", &(0x7f00000000c0)=0x74, 0x0, 0x0)
r1 = socket$inet(0x2, 0x2, 0x0)
ioctl$VMM_IOC_RUN(r1, 0xc0205602, &(0x7f0000000480)={0x8001, 0x6, 0xd, 0x8, &(0x7f0000000200)={{0x6, 0x1, 0x9, 0x37, 0x81, 0x8, 0x1}, {[0x1, 0x6, 0xcf, 0x10, 0x4, 0x0, 0x7, 0x400, 0x7, 0xd290, 0x5, 0xe, 0x2, 0x4, 0xf915, 0x9, 0x7ff, 0x9], [0x20d, 0x81, 0x1ff, 0x8, 0x9, 0x10001, 0x2, 0x9, 0x0, 0x1], [0x8, 0xf87, 0x5, 0x6, 0x2, 0x0, 0x6], [0x100000000, 0x401, 0x7, 0xfffffffffffffff9, 0x4, 0x90], [{0x8001, 0x10001, 0x10001, 0x401}, {0x6, 0x35, 0x0, 0x8}, {0x9, 0x79a, 0x7, 0x33}, {0xa, 0x225b9268, 0x4, 0x9}, {0x5c75, 0x7, 0xffff, 0x28000000}, {0x1, 0x4, 0xfffffffd}, {0x4c0a, 0x2, 0x7, 0x9}, {0x0, 0x80000000, 0x5, 0x80}], {0x9e, 0x7, 0x5fb48b8e, 0xff}, {0x6, 0x5, 0x8ef, 0xf7}}}, 0x5, 0x7}) (async)
getsockopt(r1, 0x0, 0xc, 0x0, 0x0) (async)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r3 = open$dir(&(0x7f00000004c0)='./file0\x00', 0x8000, 0x82) (async)
sysctl$net_inet_ip(&(0x7f0000000080)={0x4, 0x2, 0x0, 0x1c}, 0x4, &(0x7f0000000140)="e33745e84d", &(0x7f0000000000)=0x5, 0x0, 0x0)
renameat(r3, &(0x7f0000000500)='./file0\x00', r2, &(0x7f0000000540)='./file0\x00') (async)
r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) (async)
fcntl$lock(r2, 0x9, &(0x7f0000000040)={0x2, 0x1, 0x7, 0x100000003})
ioctl$BIOCSETWF(r4, 0x80104277, &(0x7f0000000100)={0x3, &(0x7f00000000c0)=[{0x1, 0x4, 0x7, 0x9}, {0x8, 0x0, 0x8, 0x3}, {0xd, 0x0, 0x1b, 0x1}]}) (async)
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x6f8, 0x0)
getsockopt$SO_PEERCRED(r5, 0xffff, 0x1022, &(0x7f0000000180)={<r6=>0x0}, 0xc)
fcntl$lock(r5, 0x7, &(0x7f00000001c0)={0x3, 0x2, 0x800, 0x7fff0, r6}) (async)
r7 = syz_open_pts()
fcntl$lock(r7, 0x9, &(0x7f0000000140)={0x0, 0x0, 0xfffffffffffffff6, 0x1000100010008, 0xffffffffffffffff}) (async)
fcntl$lock(r2, 0x9, &(0x7f0000000000)={0x3, 0x1, 0xffffffff00000000, 0x2ff7dfffc})

473.493436ms ago: executing program 3 (id=27):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$VMM_IOC_RESETCPU(0xffffffffffffff9c, 0x82405605, &(0x7f0000000100)={0x0, 0x9, {[0xfffffbfffffffffb, 0x1, 0x2, 0x100200000, 0x6, 0x7, 0xdf60, 0xffffffffffffffff, 0x0, 0x2f01, 0x93, 0x3, 0xffffffffffffffff, 0x200000000002, 0xd, 0x4, 0xfffffffffffffffe, 0x400000000100], [0xfffffffffffffffe, 0x80000001, 0xfffffffffffffffa, 0x20200001, 0x5e, 0x100000000007b98, 0x800, 0x9, 0x0, 0xfffffffffffffffe], [0x100000001, 0x8000, 0x40000000, 0x0, 0xb, 0x11000, 0xffffffff00000000], [0x9, 0x1fffffffffb, 0x80000001, 0x4000000, 0xfffffffffffffffe, 0x90000000], [{0x0, 0x0, 0x0, 0x7d06}, {0x9, 0x22, 0x5}, {0x4, 0x0, 0xfffefffe, 0x280}, {0x3, 0x4, 0x5, 0xffffffffffffffff}, {0x0, 0x2, 0x7f, 0x8}, {0x0, 0x9, 0x9, 0x2000000000000000}, {0x5, 0x0, 0xfffffff9, 0xb}, {0xe, 0x100, 0xfffffffe, 0xb}], {0x1, 0x8, 0x80000006, 0x3}, {0xfffe, 0x5, 0x6d5, 0x6}}})
r1 = kqueue()
kevent(r1, &(0x7f00000000c0), 0x138, 0x0, 0xffffffff, 0x0)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
bind$unix(r3, &(0x7f0000000040)=@file={0xd19450564dee018c, './file0\x00'}, 0xa)
connect$unix(r3, &(0x7f0000000000)=@file={0xd1653077bafa0114, './file0\x00'}, 0xa)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000000)=@file={0xd1653077bafa0114, './file0\x00'}, 0xa)
dup2(r4, r2)

473.005722ms ago: executing program 3 (id=28):
ioctl$WSMOUSEIO_SCALIBCOORDS(0xffffffffffffffff, 0x80047476, &(0x7f00000001c0)={0x80000000, 0xb, 0x0, 0xfffffff0, 0x3c, 0x6, 0x16, 0x10, [{0x0, 0x7, 0x3, 0x800}, {0x7, 0x6, 0x4, 0x1}, {0x5d8abc9f, 0xffffffff, 0x1, 0x9}, {0x80002, 0x3, 0xffffffef, 0xffff}, {0x7, 0x20005, 0x10000007, 0xa}, {0x3, 0x6, 0x400009, 0x5}, {0xb, 0x5, 0x7, 0x56d6}, {0x404, 0x100, 0x3, 0x17}, {0x0, 0x13, 0x6, 0xf}, {0xfffffffa, 0x4, 0x2000a63d, 0x83}, {0x421, 0x5, 0x7f, 0x2001}, {0x3, 0x7, 0x5}, {0x7, 0x5, 0xfffffffd, 0xd8}, {0x8eb, 0x101, 0x200, 0xde17}, {0x2, 0xfbfd, 0x793a, 0x2}, {0x3, 0x101, 0x6, 0x5}]})
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0)
r0 = socket(0x18, 0x1, 0x0)
setsockopt(r0, 0x1000000000029, 0x25, &(0x7f0000000040)='\x00\x00\x00\x00', 0x4)
socket(0x11, 0x4, 0x0)
syz_open_pts()
unveil(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340)='W\x00')
r1 = syz_open_pts()
r2 = socket(0x18, 0x2, 0x0)
close(r2)
socket(0x800000018, 0x1, 0x0)
bind$unix(r2, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0xa)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x22, 0x411}, 0x4, 0x10003, 0x0, 0x0, 0x0, 0x2, 0x9, 0x100000000e63})
connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x8)
r3 = socket(0x800000018, 0x1, 0x0)
bind$unix(r3, &(0x7f0000000080)=@abs={0x1f95d27d48731892, 0x7}, 0x1c)
close(r1)
r4 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xf02, 0x186)
r5 = open(&(0x7f0000000000)='./file0\x00', 0x9cab835cfdc52675, 0x0)
ftruncate(r5, 0x79c7)
r6 = getegid()
fchown(r4, 0xffffffffffffffff, r6)
syz_open_pts()
ioctl$TIOCSETA(r1, 0x802c7414, &(0x7f0000000040)={0x27ffb, 0x1, 0x405, 0x21d8b78d, "102e2618007bf533e2942a6c3ceb00", 0xc, 0x5})
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc0e99db6de761f86, 0x0)
ioctl$VMM_IOC_CREATE(0xffffffffffffffff, 0xc5005601, &(0x7f0000000000)={0x10, 0x0, [{&(0x7f00001d0000/0x4000)=nil, &(0x7f0000663000/0x4000)=nil, 0x5}, {&(0x7f00006ac000/0x4000)=nil, &(0x7f0000826000/0x4000)=nil}, {&(0x7f0000060000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil}, {0x0, &(0x7f0000ffb000/0x3000)=nil}, {0x0, &(0x7f0000ffb000/0x1000)=nil}, {&(0x7f0000000000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil}, {0x0, 0x0, 0xfffffffffffffffc}, {&(0x7f00001c9000/0xb000)=nil, &(0x7f0000ffe000/0x2000)=nil}, {&(0x7f000000d000/0x4000)=nil, &(0x7f0000826000/0x1000)=nil, 0x40}, {&(0x7f0000110000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil}, {0x0, &(0x7f0000156000/0x1000)=nil, 0x16}, {&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil}, {0x0, &(0x7f0000ffd000/0x3000)=nil, 0x100000000}, {&(0x7f00004c1000/0x2000)=nil, 0x0, 0x9bbf}, {&(0x7f00001cf000/0x4000)=nil}, {&(0x7f0000573000/0x2000)=nil, &(0x7f0000358000/0x2000)=nil}], './file0\x00'})
open$dir(&(0x7f00000001c0)='./file0\x00', 0x2, 0x101)
ioctl$FIONREAD(r2, 0xc0106978, &(0x7f0000000140))
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0})
socket(0x2, 0x1, 0x0)

458.723553ms ago: executing program 3 (id=29):
r0 = openat$wsmuxkbd(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
sendmmsg(r0, 0x0, 0x0, 0x400)

457.737533ms ago: executing program 3 (id=30):
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x8, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0xa}, 0x6, 0x8000000000000000, 0x0, 0x0, 0x5, 0x100000000000009, 0xa0, 0x800000000001})
sendto$unix(0xffffffffffffffff, &(0x7f0000000000)="b1000504600000000000000007000000331c13fecea10500fef9e906c72fd3357ae320b37b673039d2d236073705ae04be38164991f7accf5f882b297be1aa5b236deb51e2f0ac3ebbc257699a5f139b672f4d335d223e7d029d6ba8af630037282102000000720f70c1f5a472c881ea6e69e0bb76d907c400000200361b1257aea8c5000020020000000000008abfba09", 0x91, 0x404, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r0 = socket(0x11, 0x3, 0x0)
openat$bpf(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
sendto$unix(r0, &(0x7f0000000000)="b1000504000004000000000001000000331c13fecea10500fef96ec0c72fd3357ae30200004e3003000000acf20b7804be38164991f7c8cf5f882b297be1aa0500000051e2f0ad3ebbc257699a1f139b672f4d335c223e7d0c032bfa896443a42102000000720fd18bfbb670c1f5a872c881ea6e2ec5890400000000008000361b4cc702fac500002021fbfa0c0f00008abfba221554f4e0f668246c0900000008e371a3f8343712051eea040000000000", 0xb1, 0x2, 0x0, 0x0)

219.519288ms ago: executing program 3 (id=31):
r0 = socket$unix(0x1, 0x5, 0x0) (async, rerun: 32)
clock_getres(0x4, 0x0) (async, rerun: 32)
r1 = shmget$private(0x0, 0x800000, 0x95a999646a72d594, &(0x7f0000005000/0x800000)=nil)
r2 = shmat(r1, &(0x7f0000001000/0x3000)=nil, 0x2000) (async, rerun: 64)
r3 = kqueue() (rerun: 64)
kevent(r3, &(0x7f0000000000), 0x203ff, 0x0, 0x8000800, 0x0) (async)
shmctl$IPC_RMID(r1, 0x0) (async, rerun: 32)
shmdt(r2) (async, rerun: 32)
bind$unix(r0, &(0x7f0000000200)=@file={0xd570d0466b6018f, './file0\x00'}, 0xa)
listen(r0, 0x0) (async, rerun: 32)
r4 = socket$unix(0x1, 0x5, 0x0) (async, rerun: 32)
select(0x40, &(0x7f0000000300)={0xfffffffffffffffd, 0x0, 0xdc6, 0x564, 0x9ce0, 0x0, 0x5, 0xfffffffffffffffd}, 0x0, 0x0, 0x0)
connect$unix(r4, &(0x7f0000000000)=@file={0xd1653077bafa0114, './file0\x00'}, 0xa) (async)
accept(r0, 0x0, 0x0)

218.605013ms ago: executing program 4 (id=32):
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f00000000c0)={0x0, 0x4, 0x6, 0x100010000000a})
sysctl$kern(&(0x7f00000000c0)={0x1, 0x42}, 0x6, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8e5f84cf71b59c7afec37082", &(0x7f0000000080)=0x1918, 0x0, 0x37)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x100000000000000, 0xffffffffffffffff})
r0 = socket(0x18, 0x2, 0x0)
sysctl$net_inet6_icmp6(&(0x7f0000001bc0)={0x4, 0x18, 0x3a, 0xb}, 0x4, &(0x7f0000000000)="196f0004", &(0x7f0000001c80)=0x4, 0x0, 0x0)
close(r0)
r1 = socket(0x18, 0x2, 0x0)
connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c)
r2 = getegid()
setgid(r2)
r3 = geteuid()
semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000000c0)={{0xfffffffc, r3, r2, 0x0, r2, 0x48, 0xfff9}, 0xa80b, 0x2, 0xfffffffffffffffc})
connect$unix(r0, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c)

182.414248ms ago: executing program 2 (id=33):
r0 = socket(0x11, 0x3, 0x0)
setsockopt(r0, 0x11, 0x4, &(0x7f0000000140), 0x0)
r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xf02, 0x186)
ioctl$WSMOUSEIO_SCALIBCOORDS(0xffffffffffffffff, 0x81205724, &(0x7f0000000040)={0x80000000, 0xffff63de, 0x2, 0x2, 0x8, 0x100003, 0x40, 0x10, [{0x5, 0x3, 0x775, 0x80000201}, {0x2, 0x8, 0x6, 0xfff}, {0x7, 0xfffffffe, 0x2006, 0x1}, {0x2, 0x7, 0xf}, {0x0, 0x7, 0xf11, 0x7}, {0x3, 0xffff, 0x80d2}, {0x24, 0x1, 0x85, 0x5}, {0x0, 0x40009, 0xfffffff8, 0xfbffe2e9}, {0x8, 0xffa, 0x6, 0x7fff}, {0x0, 0xfffffff8, 0x400005, 0x8bfb}, {0xfffff0d1, 0x8000000, 0x8, 0x7}, {0x4, 0xc7cb, 0x3, 0x2}, {0x401, 0x106, 0x9, 0x40}, {0x200003, 0xee6, 0x2, 0x6f5fc48b}, {0x7e, 0x800, 0x3, 0x5}, {0x9be2, 0x108001, 0x6, 0x69}]})
poll(&(0x7f0000000000), 0x35, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0)
r2 = dup(r1)
ioctl$FIONBIO(r2, 0x8004667e, &(0x7f0000000000)=0x4)

181.821481ms ago: executing program 3 (id=34):
mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x6381)
setsockopt(0xffffffffffffffff, 0x1000000000029, 0x9, &(0x7f0000000040)="03", 0x1)
syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"])
setrlimit(0x8, &(0x7f0000000580)={0xa, 0x56})
r0 = syz_open_pts()
close(r0)
r1 = syz_open_pts()
ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000180)={0x3, 0x7, 0xffffdf84, 0xfffffbff, "ffff0201000480000000ff00", 0x4000000, 0xfd8})
writev(r0, &(0x7f0000000480)=[{&(0x7f00000005c0)="43bac2417f5c32f753fa7644985f28c9f260676a73ae0b9c999c3777c4238bb28740a75578afde9cda65326167e8fdaaf17689e0b22ad556360c82e41d5ca93f9c6d1368f86874a47f44b2f6d813fa27d35cb7dedc1268872f8f18b8fd733fdd9515daf1d93b4bbfde3db48a3ed1d77fab1c83736c67f07520e781c21ef3760ebd14586363866aa13315fa32cbf0a391be4b997f2e6bd7014e2e46a880ff1119a3f405eaadf3d26b4da76a522d107bb7fe1651b803328c9b4ceb455292c3e492ad9846b0c8716b256a2ed19a0dfeaaee527500b03456ae9f1ca07af39f8cd74290adec487fa30be04c1e7f94194862aa2e1d0a", 0xf3}], 0x1)
read(r1, &(0x7f0000001340)=""/200, 0xc8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket(0x2, 0x4001, 0x0)
r3 = dup(r2)
r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff)
close(r4)
r5 = socket(0x2, 0x1, 0x0)
connect$unix(r5, &(0x7f0000000000), 0x10)
setsockopt$sock_int(r4, 0xffff, 0x1023, &(0x7f0000000040), 0xe0)

181.258422ms ago: executing program 4 (id=35):
openat$bpf(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f0000000300)={0x0, 0x1}, 0x10, 0x0, 0x0)
writev(r0, &(0x7f0000000280)=[{&(0x7f0000000080)="76e5eac907f9ccf7a251ceddcec7d6aa45cffe2c63a56077123a276d3ba4e9d17eb3eb5db12a3783a8e0620d357de1fe04fa9465b5bd1286e9624dec06a00c222f", 0x41}], 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sysctl$kern(&(0x7f00000000c0)={0x1, 0x27}, 0x4, &(0x7f0000000000)="71f91e3471ac0058bc5a91501d942400b5e1a0757cb9af769c7afec37082", &(0x7f0000000080)=0x306, 0x0, 0x2e)
unveil(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='W\x00')
execve(&(0x7f0000000440)='./file0\x00', 0x0, 0x0)

179.964886ms ago: executing program 2 (id=36):
setrlimit(0x5, &(0x7f0000000080)={0x103, 0x54}) (async)
getrlimit(0x1, &(0x7f0000000040)) (async)
r0 = syz_open_pts()
close(r0) (async)
setrlimit(0x4, &(0x7f00000000c0)={0x8, 0xc}) (async)
r1 = syz_open_pts()
ioctl$TIOCSETA(r1, 0x802c7414, &(0x7f0000000180)={0x7fffffff, 0xcacf, 0xdffdff7e, 0x160350a, "04e4577e01c39921e9d8ffff0fe0ff0405080800", 0x1, 0x9})
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000c40)="3308dda1705aa0cb519ccd85c57be6e01d09ce87154e35663a4e47a69e68b309eeda47d3be79a9b1b19c6507603f4d4185c74fd77defbaa103ff651f08379c7eb8439ec846f9aa299346c94cc11b9015ca91500d5d2521278a6d720910b2cf751926872460084ae77682bd7ad136b4a4a4c1420bd228a2df6c6c0039aea44dee309d0e815abbf926b95db73db2cb4f9cda3e89d2f6bfb89610ef82e7c95cf074e72470a36158dde691f01263345e382fa552b0b511e58db414d67ed0adcf690ddef7c88c24e87b3b876ca884745c93efeccb36dd7203aa7a0520c087dfa7c67cdfb8ce08ff8e730b4c145e43460d404af831988c53b9a6199be8682bcf2db091cefd7bfc7bac3379f5c361ca9242a5b1b3df2a397d2f51da49fa66f6b8bc948bcd4b831128f11faeba1c19d13b869f9036f4c27201aabde8b809624ec8560d9725bf1d5ad2ca6f6f409c4d85f0f590e7a4fdcca35a66df94635fb53f416cb93907c6101e3a4997659a0300f09f84f4502403b3cb1070551bf39567a61b61dfd938e4a494f38df5de7301fdd106ea4196c2c368fc1433a005996e978a791cedae97740d86b75ed319f105da9d8f4415933b9814c4602eb7bd22995de233366b94b060e9115ce1b69e3aa2cea6e2f451c4228f5de039a1b36ae8128c7d9434dc38746cb0286e0795b94f99b00165cc87b3ee1dd9aa9a8c809e103504c20f572671e3164ee8b34d667621e1e3d33d49ca161ebea3a74c72012faea1f6230254d6296f4f081870f956c7fe83d4ee4be1424ae59cbc0819391b2db838f63b6cf1b186dac5e07520cd758f06ed08b4465d1984cb76d578fb8ff74419f8ea1cd3e86fc3f0819e3cfefb32303031e57bba284cd742d54d266c6fb0d2b3e1aa9e58528ee32a6cd67144b92106b7589cc7e668a265a188bc2183ad2ef8ddd8210608a369f9d9608baef5bf5d344b63bb59a60a32b840e7816bacd8865d86640feb4f5fba2fb9c3bd74cdaa162d3fdf132f18e8db1056f36bbc39ffc0220a3bdc7d4b2fe382613110b89b32c76dc79f503e49e3d0b676fe3fa7e8269ea6a8d2807a5d56406ed75fc13a037773118f229838204886ccc494cb5fcd41027a4c9fb291a3a657a80de74bc78fc8ae899b56266a809543c2f5a62c7b1b1b745ce7be0bb396115e2202b4a5bb968d456841167b3c48ac3ca9b77251332ec7e611786f18d7e1f6efe782467250242f09ed087bc37d5f799a23a31bba1b6c4fd57b2b97279d374eb31922c6e676178c1d6aeecdb3e525f7e3c4d7edded71c02a2da1019a6651ef300c824bee38eebf31d6f942a5e11fb988a0df6a604e615d454c19401a2fdc55f44397e5006bbb5443e20608754ae6f44afdf336c8ecde522c509c3a7862e90f8c113f4fa885f4a2fdd3324080de2688cc6a545ca2d25ec3c3760dc5f2aca5b3792682a8484f605bb408fab836f10be73ea7b06ec242169ba3495abed04cb6f8cdd372caea5284183e03d1d1b469586f46b7a376bc884684232969b27d4ba9f5ccdb82fa6cf9a83b1d5c4f598c0717f1dc44d3fdc5e", 0x453}], 0x1)

178.111239ms ago: executing program 4 (id=37):
ioctl$VMM_IOC_CREATE(0xffffffffffffffff, 0xc5005601, &(0x7f0000000000)={0x10, 0xffffffffffffffff, [{&(0x7f00001d0000/0x4000)=nil, &(0x7f0000663000/0x4000)=nil, 0xfffffffffffff801}, {&(0x7f00006ac000/0x4000)=nil, &(0x7f0000826000/0x4000)=nil, 0x8}, {&(0x7f0000060000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil}, {0x0, &(0x7f0000ffd000/0x3000)=nil, 0x4bb6}, {0x0, &(0x7f0000ffb000/0x1000)=nil}, {&(0x7f0000000000/0x2000)=nil, &(0x7f00001f5000/0x4000)=nil, 0x6}, {0x0, 0x0, 0xfffffffffffffffc}, {&(0x7f00001cf000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil}, {&(0x7f0000ad4000/0x2000)=nil, &(0x7f0000826000/0x1000)=nil, 0x40}, {&(0x7f0000110000/0x2000)=nil, &(0x7f0000501000/0x1000)=nil}, {0x0, &(0x7f0000156000/0x1000)=nil, 0x1}, {&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil}, {0x0, &(0x7f0000ffd000/0x3000)=nil}, {&(0x7f00004c1000/0x2000)=nil, 0x0, 0x9bc0}, {&(0x7f00001cf000/0x4000)=nil}, {&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000358000/0x2000)=nil}], './file0\x00'})
ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0x0, 0x0, {0x0, 0x10000000000001}})
connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r0 = socket(0x18, 0x1, 0x0)
close(r0)
r1 = socket(0x18, 0x2, 0x0)
setsockopt(r1, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14)
connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c)
unveil(&(0x7f0000000040)='./file0\x00', &(0x7f0000000d40)='x\x00')
open(&(0x7f0000000000)='./file0\x00', 0x200, 0x0)

4.724754ms ago: executing program 0 (id=38):
r0 = msgget$private(0x0, 0x362)
msgrcv(r0, 0x0, 0x0, 0x2, 0x800)
socket(0x2, 0x5, 0x2e)
mknod(&(0x7f0000000000)='./file0\x00', 0x20, 0xfffffffe)
setrlimit(0x8, &(0x7f0000000980)={0xb, 0x54})
r1 = syz_open_pts()
close(r1)
syz_open_pts()
ioctl$TIOCSETA(r1, 0x802c7414, &(0x7f0000000380)={0xf66b, 0xfffffffd, 0x9, 0x5fffff5c, "e77fb4046e126438330400", 0x3fd, 0xfffff196})
writev(r1, &(0x7f0000000000)=[{&(0x7f00000009c0)="f284547ec87ae3ad1aad0ee27ee88eacb67a08038280f2a01ae7a48358ae16e2fba4ee0ddad57fa2b502658b5723516552c4349404b44e61906eb367dd016164244e321c3f3fa4a301cca907a63fe5682806e86f7b9ed732b01c843a7c13b71430810706a94f10d2cb6414e1fffa7b8cceb21a5bb7f7e286998196fa9ddbf1180a09fbdfb5fa39c5351cac68378d67e9655cdbf971126f853c896ee40a964e51b93e9f8cd2761da19460ae1277fee651ab0c75d0c5b1bf66cfd5838c158d811facece8dcef640f9c9eb9530e6d8ee418a92276e3f27224433eef1cb72de8961a15ff100acd28426503cae730e81dafef5299f8cae80f54b022a9ae3164b69a08b6460d25fba9fe6c6d07c1d5893bbd9f8b78b80fa1c3bf9209558ad46ae1f00a2ee2221f62071fc8687045f65f847000e0bcff4de28560bc948c5f780cc109d10a8fdad1599932daa727ee06845b7bb5d0462606567e6827a47aeaf012f8ebcc6007d3733a5230347e33c24e68fbf757c7fba0f3f9097dd6c24c6732753aac4cc5aa43378d32e28fad0dda633e1362a5e3a1da302e5c1b07103d306d92c663aa9717d106f6f9c944e2c7de93d0fc0ab40b4a4d6416c476337bf94f4a9a6248abfd8e612758b0167f5a0a002b405bc30f8b6e9f9778db29d03789e7293f6d5049bdd713a9ca84764fa65433f3c35334a05b1bf10b14d73506495614913013f2120359ab76806bfc6c5d597786da32ae3d2868d5c692e6bb98413ae8e822b002f3ecdc844354e3eafa64f9a2a90a6f1bff8c9b8ba073203b2396221ca58d38ceb75f42fc4a0c72dc0dc2349bcc3681ca430908cf926861f0aec3b28d2ea59d0ee36f14ea06345e7136dec7c9ba6e3925c4ef813a2c83d4b213b266c26f04e204fbda47ee410ee0ae002e7163492e1929b9279b29e6ed90986de6d05f40b50248f7aa97f03cc09c1082e5119f9491e0f980e9d6bc7407c2a2ec625b902e39085f792fa9217f143349b1b08fb1647b1b694e544d9f33f3bdc4f77f55858cf9f2751ec683512630fa72236d127bff3449692fffb710d8dfe730df8733bb1d59202f2e126e8a77479d461910dfa5664b6fb27fe479774c0ae1190fe35b40c831e6a77f02da283b96686a47adcfbb07950e99dfe251ec21e20d36f868f2ddbb532de5fff1ffbfcede623df3517fb836ba8c48d8848784614ed65a0cf6dfe38b1ecf79942c185c7fb4110f2113794c96e5ecaa33df181357743c2047c01a856846e6f23465b340cc35d88f9ddb966492562f05245ee167b7a97f26a460b3e1632aeb18779cacfbe57a79ef107aa8d9304a45dc195143cacae3e78b1606408d5465d80600d6683fe41838f6212025a9f82a31602775d09d1b8892090bfe17c2269e27682ef898852c65d54c720559b8c4a05c9858c0a1b380824b0282609e7f0dc597f30047d0be06d2c4a44d894d44bd9463d43a795fd2a13bbed1c213602a3fc8931ab00e45a1d0fd2160741ae3868023f4f633eda272a117bf38a1d094f8fb75e55856b6f5fbb7a5595ddc4d9ce6a10e87ce", 0x44f}], 0x1)
open(&(0x7f0000000040)='./file0\x00', 0x9cab835cfdc52675, 0x109)

2.891173ms ago: executing program 4 (id=39):
sysctl$hw(&(0x7f0000000000)={0x6, 0xc}, 0x2, &(0x7f0000000680), 0x0, 0x0, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@broadcast, @broadcast, [], {@ipv6={0x8863, {0x0, 0x6, "998add", 0x0, 0x11, 0x0, @rand_addr="46f1d6cecbee8af869a782329501a45e", @mcast2}}}})

2.207187ms ago: executing program 4 (id=40):
r0 = socket(0x1, 0x2, 0x0)
select(0x40, &(0x7f00000001c0)={0xc, 0x4, 0x2, 0x7, 0xfffffffffffffffa, 0x4, 0x4, 0x8000000000002}, 0x0, 0x0, 0x0)
ioctl$FIONREAD(r0, 0xc0106978, &(0x7f00000001c0))
r1 = open(&(0x7f0000000040)='./file0\x00', 0x18289, 0x110)
write(r1, &(0x7f00000004c0)="b96abcf5ac7cffa09ea845315c0d853a14", 0xffffff1c)
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000000)=@file={0xd570d0466b6018f, './file0\x00'}, 0xa)
sendmsg$unix(r2, &(0x7f0000000080)={&(0x7f0000000040)=@file={0x170, './file0\x00'}, 0xa, 0x0}, 0xe)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff})
fcntl$getown(r3, 0x5)
pledge(0x0, &(0x7f00000000c0)='\x00')
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r4, 0x0, 0x200000000000b, &(0x7f0000000080)='=', 0x1)
open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$TIOCSETA(0xffffffffffffffff, 0xc0284457, &(0x7f00000000c0)={0xffffffff, 0xfffffffe, 0xfeffffff, 0xfffffffc, "080000000000000000010000000000000f1e0400", 0x0, 0x10000})
sysctl$net_inet_ip(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)="53f26aef7623ba3c93334d8028df9ef5ea234abf5ea8361356fc962ad17ade4d7dc249ea77aae57a39db576b16027c1a64a5beaba2001c5b2d7b453de5f7424c4c62d4a67fb459311f1e9c4e6571f58fcddf60ce42fc125005877a91ba6ce4f1d95e5c1f9a862ade829bcac5d45bbf9fd8747282663997f4a2e5848cd9449e9f1eb2", 0x82)
ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0x0, 0x0, {0x0, 0x10000000000001}})
connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r5 = socket(0x18, 0x1, 0x0)
close(r5)
r6 = socket(0x18, 0x2, 0x0)
setsockopt(r6, 0x1000000000029, 0x3f, &(0x7f0000000040)="00fb6c4f", 0x4)
setsockopt(r6, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14)
connect$unix(r5, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c)
sendto(r6, &(0x7f0000000200)="0e330b4bede90af3", 0x69, 0x0, 0x0, 0x21)
pledge(&(0x7f0000000000)='tty   \x00\x02\x00!\a\x9bp^|#\xcbhl\x97\xa3_\xbc\x04\x9d!\xd9\x9f\x9f\xb4\x96\x13\x12\xe0\r\xe7\xb9E\b\x00\x00\x00B\xaaY\xe1Q<\x19\xc0\xf6Yf\x9au^\xa0\xc9j\xdd-I\x01R\x00w\xf7\x15\x04\xa6\x82aY\x1d\xd7\f>Y\x06\"\xad\xb6\x88_\xeb\at\x91\xd3\xbf\xea\xddt\xe0\bt\x06S,\x1f\x1fj\xa5H\x01nz\x947\xf8Q|o\x80\xdbH\xa7-\xaaw\xcet\x044\xc5\xa9e\xa9\xf6\x1b\x8e\x05\x86\x91IsC\xb9ul\xaeu\xad\x9b\xaf\x04\xc4\x03\"F\x8f\xd5\xe8\r\x8d\xa1\x00\xcc\xd7\xa0\xe1\xeb\xc1>\xbd\t\xc8\x15\v\xb0, \xee\xa4\xa6\xb9a\x01&\xadrj\xd5\xc26p\xa14\xe0\xbf\xa0\x1es\x01=\xdbd\xf0?=<l\x8c\x01\xe3\x05$\x1c\x04B\x00\xa4P\x04\xcf\x87\xaa\x96iP\x14{4\xe6\x87\x9d\x8f\bz9$\x10_\xd8E\x93\x92\xf5\x8au\xab\xf9)\xf5\xa6\xc7\xc8\xed\xb9\x1f:\x03K\xa2\xdbUshx\xbe\\\x19\xdax\xeb_W\xbb\'\x00G\xbb\xfd\xe2\xd58\xf4:)\x10|r\x1e\x06p>\x8afcJ\x8e\xf7\nn\xd4<\x00\xec\xe4^\x00\x00\x00\xca\x90\xfa\x98\xc9gty\xce\xab\xd2\xa1\x85E\xe4\xa9\xd5\xab\x83\xda?w\x83\xbc\xcf\xd20(L&b\xed\x8c\x1d\x1a\x9fd\x99H\x9e\x82\x10\xea\x05\xf8\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xa6\x8c\x05n\x83\x83\x12+\x16\xc1\x00\x04\x00\x00\x13:o\x0f\x1fB\xa4\xddwB\x92h\xde\xfal3\x88e\x04J\\\x00D\xae`\x8e\xadd\xa8;\xee\xc4K\xe8]\x84\x90\xb8d\xfb\x95\xb3\xe9(x_\x80]\xadW\xd5\xa9\xaa\x03\x9c6\xa9\xc4\x01\x03\xea\xe5\x90\x85\x16\xb0DV\x13\x01\xab\x01\xf0\x8f\x02\xc2\xc89\x19o\xf5zJ\x9b\x03\x1f\xd7\xdbN\\\xc0\xcd?Pg\xd5q\x13\xbd \xfa\xab\xccJK\x11\\\x16~#P.\xc9K\x15r\xab\xda\xe2\xd4\xec8\x8b\xb6e\x96\xe9\xc3\x93\xed\x94.\xc2\xa0\x1fU#\x96\xe6\xb6C\xfa\x03/\x8b\x0e2\xec\x96v\x9b/.\v\x9e\x80\x18s\xae.\xf4\x14KS`\x87\x8b4\t\x00\x87{\xa8@e\xbfe\xeb\xee\xa2\xe72\xb8Q:\x9f\xc2ym\x86\xc4\xcbm\x80%\xfc\x9e\x9f', &(0x7f0000002840)='tty   \x00\x02\x00!\a\x9bp^|#\xcbhl\x97\xa3_\xbc\x04\x9d!\xd9\x9f\x9f\xb4\x96\x13\x12\xe0\r\xe7\xb9E\b\x00\x00\x00l\xaaY\xe1Q<\x19\xc0\xf6Yf\x9au^\xa0\xc9j\xdd-I\x01R\x00w\xf7\x15\x04\xa6\x82aY\x1d\xd7\f>Y\x06\"\xad\xb6\x88_\xeb\at\x91\xd3\xbf\xea\xddt\xe0\bt\x06S,\xdbH\xa7-\xaaw\xcet\x044\xc5\xa9e\xa9\xf6\x1b\x8e\x05\x86\x91IsC\xb9ul\xaeu\x94\x9b\xaf\x04\xc4\x03\"F\x8f\xd5\xe8\r\x8d\xa1\x00\xcc\xd7\xa0\xe1\xeb\xc1>\xbd\t\xc8\x15\v\xb0, \xee\xa4\xa6\xb9a\x01&\xadrj\xd5\xc26p\xa14\xe0\xbf\xa0\x1es\x01=\xdbd\xf0?=<l\x8c\x01\xe3\x05$\x1c\x04B\x00\xa4P\x04\xcf\x87\xaa\x96iP\x14{4\xe6\x87\x9d\x8f\bz9$\x10_\xd8E\x93\x92\xf5\x8au\xab\xf9)\xf5\xa6\xc7\xc8\xed\xb9\x1f:\x03K\xa2\xdbUshx\xbe\\\x19\xdax\xeb_\x10|r\x1e\x06p>\x8afcJ\x8eYEn\xd4<\x00\xec\xe4^\x00\x00\x00\xca\x90\xfa\x98\xc9gty\xce\xab\xd2\xa1\x85E\xe4\xa9\xd5\xab\x83\xda?w\x83\xbc\xcf\xd20(L&b\xed\x8c\x1d\x1a\x9fd\x99H\x9e\x82\x10\xea\x05\xf8\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xa6\x8c\x05n\x83\x83\x12+\x16\xc1\x00\x04\x00\x00\x13:o\x0f\x1fB\xa4\x00wB\x92h\xde\xfal3\x88e\x04J\\\x00D\xae`\x8e\xadd\xa8;\xee\xc4K\xe8]\x84\x90\xb8d\xfb\x95\xb3\xe9(x_\x80]\xadW\xd5\xa9\xaa\x03\x9c6\xa9\xc4\x01\x03\xea\xe5\x90\x85\x16\xb0DV\x13\x01\xab\x01\xf0\x8f\x02\xc2\xc8\x9b\x03\x1f\xd7\xdbN\\\xc0\xcd?Pg\xd5q\x13\xbd \xfa\xab\xccJK\x11\\\x16~#P.\xc9K\x15r\x04\xd9Z;\xc0\x8dOze\x96\xe9\xc3\x93\xed\x94.\xc2\xa0\x1fU#\x96\xe6\xb6C\xfa\x03/\x8b\x0e2\xec\x96v\x9b/.\v\x9e\x80\x18s\xae.\xf4\x14KS`\x87\x8b4\t\x00\x87{\xa8@e\xbfe\xeb\xee\xa2\xe72\xb8Q:\x9f\xc2b\x897\xbe\r\x04\xdf\xe2\xc0\xf0FV\'m\xcbm\x80%\xfc\x9e\x9f\x87\x80A\xbe\xc2\x00\x00\x00\x00\x00\x006\x96\xbb\x9f\x85\x98\xbb\xbc;\xaa\x97c\xfe\x82jz&t\xa7\xc4\xcd\xb0\b9G\xcag\fY\xe6\r\xcdT\xd3\x1c(\xef\xc0\x038\xbd\xdd\xd9\xc9\x93a]q\xd2\x9b\a\x1e\xf8\xc3\"\xc8:\xb8$\x9f\'P\x17\xfa\xf3Xa\trB-\xf2g\xe6Z\xd5F\xd2\x80\xe0\x99\"\xc12\xe8\b\xc58\x00'/659)
mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4)
r7 = syz_open_pts()
ioctl$TIOCSETAW(r7, 0x802c7415, &(0x7f0000000000)={0x25f57364, 0x7, 0xd, 0xfffffff9, "0064004c2860267edcc7021000060000008700", 0xfffffffd, 0x4})

820.687µs ago: executing program 6 (id=41):
r0 = socket(0x18, 0x2, 0x0)
r1 = socket(0x2, 0x1, 0x0)
syz_emit_ethernet(0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000000001"])
writev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="6dc100167f", 0x5}], 0x1)
syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"])
setsockopt$sock_int(r1, 0xffff, 0x1, &(0x7f00000000c0)=0x8001, 0x4)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
open(&(0x7f0000000140)='./file0\x00', 0x78e, 0xd9)
ktrace(&(0x7f00000003c0)='./file0\x00', 0x4, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000080)=@abs={0x1, 0x0, 0x3}, 0x8)
setitimer(0x0, &(0x7f0000000000)={{0x2, 0x2}, {0x213, 0xffffffffffffffff}}, 0x0)
sysctl$kern(&(0x7f0000000000)={0x1, 0x42}, 0x6, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_pts()
ioctl$TIOCSETD(r2, 0x8004741b, &(0x7f0000000000)=0x8)
setsockopt$inet_opts(r1, 0x0, 0x1, &(0x7f0000000100)="f91cc592d3cea10ba7f0e36604e79b41c8df9f0fa7b42dc6b699c732f7cae152b972dadb5ac0ce2bbc2252837da281d8897b736d19410474e74b2920a689c8cadb6ec003347ada4173397ad35953741c4c5f3fe3067da92ccc38160691e423d4add4bfe73b1aee092801cd205bb8922a2c77c29735bc3ef88e0919f785526a3a7fbc2ea3b627cc4c49420452b7d1e5791e56f8c87322d6b684ee4887905c99f6a888581f0a142e2254b650a6c14c9d699f6c865a8b0ea4cb402cffc2be9c568055671ac8", 0xc4)
sendmmsg(r1, &(0x7f0000001300)={0x0}, 0x10, 0x7)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r3 = socket(0x18, 0x1, 0x0)
setsockopt(r3, 0x1000000000029, 0x3d, &(0x7f0000000040)="00000080", 0x4)
getsockopt(r3, 0x29, 0x3d, 0x0, 0x0)
ioctl$FIONREAD(r0, 0x4004667f, &(0x7f0000000000))

567.331µs ago: executing program 5 (id=42):
syz_emit_ethernet(0x20, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff88e7"])
sysctl$kern(&(0x7f0000000200)={0x1, 0x32}, 0x2, &(0x7f0000000380), 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=43):
shmctl$SHM_UNLOCK(0xffffffffffffffff, 0x4)
ioctl$VMM_IOC_WRITEREGS(0xffffffffffffffff, 0x82485608, &(0x7f0000000100)={0xaa, 0x0, 0x0, {[0x5, 0x0, 0xffffffffffffffd, 0x1, 0xe, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffde, 0xfffffffffffffffc, 0x1], [0x63, 0x5, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x80000000], [0x6], [0x4, 0x0, 0x0, 0x165, 0xfffffffffffffffc, 0xa], [{0x0, 0x10, 0x0, 0x8000000000000}, {0x0, 0x0, 0xfffffff9}, {0x1000, 0xa, 0x0, 0xfffffffffffffffc}, {0x0, 0x1000, 0xfffd}, {0x0, 0x0, 0xc8, 0x7fffffffffffffff}, {0x9, 0x5, 0x0, 0x1}, {0x0, 0x0, 0x101}, {0x0, 0xfffffff5}], {0xfffc, 0xfffffffd, 0x20000003}, {0x0, 0x5}}})
r0 = kqueue()
kevent(r0, &(0x7f0000000040), 0x30, 0x0, 0x57d, 0x0)
close(r0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts.
panic: pool_do_get: shmpl free list modified: page 0xfffffd805f94b000; item addr 0xfffffd805f94bd90; offset 0x40=0x68a6f9b4
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
  73750  84015  32767        0x10          0    0  syz-executor
*505506  84015  32767        0x10  0x4000000    1K syz-executor
db_enter() at db_enter+0x25
panic(ffffffff8336cdbf) at panic+0x1e5
pool_do_get(ffffffff838ec720,1,ffff80003c4b6d78) at pool_do_get+0x5df
pool_get(ffffffff838ec720,1) at pool_get+0x162
shmget_allocate_segment(ffff80003b01efc0,ffff80003c4b6fd0,113,ffff80003c4b6f20) at shmget_allocate_segment+0x1af
sys_shmget(ffff80003b01efc0,ffff80003c4b6fd0,ffff80003c4b6f20) at sys_shmget+0x195
syscall(ffff80003c4b6fd0) at syscall+0xb17
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x65d09823390, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pool_do_get: shmpl free list modified: page 0xfffffd805f94b000; item addr 0xfffffd805f94bd90; offset 0x40=0x68a6f9b4
ddb{1}> trace
db_enter() at db_enter+0x25
panic(ffffffff8336cdbf) at panic+0x1e5
pool_do_get(ffffffff838ec720,1,ffff80003c4b6d78) at pool_do_get+0x5df
pool_get(ffffffff838ec720,1) at pool_get+0x162
shmget_allocate_segment(ffff80003b01efc0,ffff80003c4b6fd0,113,ffff80003c4b6f20) at shmget_allocate_segment+0x1af
sys_shmget(ffff80003b01efc0,ffff80003c4b6fd0,ffff80003c4b6f20) at sys_shmget+0x195
syscall(ffff80003c4b6fd0) at syscall+0xb17
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x65d09823390, count: -8
ddb{1}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80003c4b6ba0
rbx               0xffff8000299eeddf
rdx               0xffff800001428740
rcx               0xffff80003b01efc0
rax               0xffff8000299edff0
r8                 0x101010101010101
r9                0x8080808080808080
r10               0x485cbaee5f18ab82
r11               0x128f297ad55dc9bd
r12               0xffff8000299eebe0
r13                                0
r14                                0
r15                              0x1
rip               0xffffffff81d85995    db_enter+0x25
cs                               0x8
rflags                         0x246
rsp               0xffff80003c4b6b90
ss                              0x10
db_enter+0x25:  addq    $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor) tid=505506 pid=84015 tcnt=2 stat=onproc
    flags process=10<SUGID> proc=4000000<THREAD>
    runpri=50, usrpri=86, slppri=17, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff80003b01fa20,0xffffffff83875c30
    process=0xffff80003c478500 user=0xffff80003c4b2000, vmspace=0xfffffd806b6caba0
    estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 84015   73750  47103  32767  7        0x10                syz-executor
*84015  505506  47103  32767  7   0x4000010                syz-executor
 37949   26328  70399  32767  2        0x10                syz-executor
 37949  386890  70399  32767  3   0x4000090  fsleep        syz-executor
 39059  324308  93190  32767  2        0x10                syz-executor
 39059  242931  93190  32767  3   0x4000090  fsleep        syz-executor
  2161    3817  18892  32767  2        0x10                syz-executor
  2161  387548  18892  32767  3   0x4000090  kqread        syz-executor
 59197  381126  82863  32767  3        0x90  nanoslp       syz-executor
 59197  159305  82863  32767  3   0x4000090  ttyretype     syz-executor
 59197  345225  82863  32767  3   0x4000090  fsleep        syz-executor
 67933  473550      0      0  3     0x14200  bored         sosplice
 26157  263930  20478  32767  3        0x90  nanoslp       syz-executor
 26157  119368  20478  32767  3   0x4000090  ttyout        syz-executor
 26157  184920  20478  32767  3   0x4000090  fsleep        syz-executor
 26157  228956  20478  32767  3   0x4000090  fsleep        syz-executor
  5004   55946  97144  32767  3        0x90  nanoslp       syz-executor
  5004  155695  97144  32767  3   0x4000090  netcon        syz-executor
  5004  340870  97144  32767  3   0x4000090  fsleep        syz-executor
 12697  250666  95018  32767  3        0x90  nanoslp       syz-executor
 12697   79702  95018  32767  3   0x4000090  lockf         syz-executor
 12697  471200  95018  32767  3   0x4000090  fsleep        syz-executor
 82863    9819  70636  32767  3        0x90  nanoslp       syz-executor
 95018  446263  57486  32767  3        0x90  nanoslp       syz-executor
 20478  434844  63413  32767  3        0x90  nanoslp       syz-executor
 47103  422217  79346  32767  3        0x90  nanoslp       syz-executor
 93190  446341    639  32767  3        0x90  nanoslp       syz-executor
 70399   67698  30328  32767  3        0x90  nanoslp       syz-executor
 18892  469713  16122  32767  3        0x90  nanoslp       syz-executor
 97144  208692  48782  32767  3        0x90  nanoslp       syz-executor
 57486  314383  70663      0  3        0x82  wait          syz-executor
   639  432297  70663      0  3        0x82  wait          syz-executor
 30328  153465  70663      0  3        0x82  wait          syz-executor
 16122   53874  70663      0  3        0x82  wait          syz-executor
 48782  223633  70663      0  3        0x82  wait          syz-executor
 63413  516382  70663      0  3        0x82  wait          syz-executor
 79346   84729  70663      0  3        0x82  wait          syz-executor
 70636  411188  70663      0  3        0x82  wait          syz-executor
 70663   24411  70581      0  3        0x82  kqread        syz-executor
 70581  168361  76399      0  3    0x10008a  sigsusp       ksh
 76399  207957  25691      0  3        0x98  kqread        sshd-session
 25691   35230  88995      0  3        0x92  kqread        sshd-session
 24546  400675      1      0  3    0x100083  ttyin         getty
 88995  507452      1      0  3        0x88  kqread        sshd
 88815  228694  61651     73  3   0x1100090  kqread        syslogd
 61651   94586      1      0  3    0x100082  sbwait        syslogd
 66572  499539      1      0  3    0x100080  kqread        resolvd
 54016  368121  10051     77  3    0x100092  kqread        dhcpleased
 70124  336508  10051     77  3    0x100092  kqread        dhcpleased
 10051  515618      1      0  3        0x80  kqread        dhcpleased
 51576  157865      0      0  3     0x14200  bored         smr
 70225   88075      0      0  2     0x14200                zerothread
 98978  500808      0      0  3     0x14200  aiodoned      aiodoned
  6406  463833      0      0  3     0x14200  syncer        update
 85297   71171      0      0  3     0x14200  cleaner       cleaner
 79656  300883      0      0  3     0x14200  reaper        reaper
 82831  407106      0      0  3     0x14200  pgdaemon      pagedaemon
 78315  190912      0      0  3     0x14200  bored         viomb
 67908  129801      0      0  3  0x40014200  acpi0         acpi0
 26836  209091      0      0  3  0x40014200                idle1
 27606  303947      0      0  3     0x14200  bored         softnet7
 24085   71512      0      0  3     0x14200  bored         softnet6
 77919  233623      0      0  3     0x14200  bored         softnet5
 32172  352812      0      0  3     0x14200  bored         softnet4
 71123  455855      0      0  3     0x14200  bored         softnet3
 86459  251031      0      0  3     0x14200  bored         softnet2
 20317  461700      0      0  3     0x14200  bored         softnet1
 91928  462975      0      0  3     0x14200  bored         softnet0
 75384  256140      0      0  3     0x14200  bored         systqmp
 31983  512396      0      0  3     0x14200  bored         systq
 36694  113536      0      0  3     0x14200  tmoslp        softclockmp
 85799  179094      0      0  3  0x40014200  tmoslp        softclock
 24272  483305      0      0  3  0x40014200                idle0
     1  425802      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex shmpl r = 0 (0xffffffff838ec738)
#0  witness_lock+0x5f1
#1  mtx_enter_try+0x1ad
#2  mtx_enter+0x62
#3  pool_get+0x124
#4  shmget_allocate_segment+0x1af
#5  sys_shmget+0x195
#6  syscall+0xb17
#7  Xsyscall+0x128
Process 84015 (syz-executor) thread 0xffff80003b01efc0 (505506)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839950f0)
#0  witness_lock+0x5f1
#1  syscall+0xaf4
#2  Xsyscall+0x128
exclusive mutex shmpl r = 0 (0xffffffff838ec738)
#0  witness_lock+0x5f1
#1  mtx_enter_try+0x1ad
#2  mtx_enter+0x62
#3  pool_get+0x124
#4  shmget_allocate_segment+0x1af
#5  sys_shmget+0x195
#6  syscall+0xb17
#7  Xsyscall+0x128
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10192  10956K   10968K 166960K     11270        0
            pcb    17     12K      12K 166960K        17        0
         rtable   209      5K       6K 166960K       261        0
             pf    31     16K      16K 166960K        31        0
         ifaddr    42      7K       7K 166960K        44        0
        ifgroup    50      2K       2K 166960K        50        0
         sysctl     1      1K       9K 166960K         5        0
       counters    68     36K      36K 166960K        68        0
       ioctlops     0      0K       2K 166960K        31        0
            iov     0      0K       8K 166960K         3        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1334     84K      84K 166960K      1352        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K       5K 166960K         3        0
         VM map     2      1K       1K 166960K         2        0
            sem     3      0K       0K 166960K         5        0
        dirhash    12      2K       2K 166960K        12        0
           ACPI  1692    195K     286K 166960K     12470        0
      file desc    26     97K     125K 166960K       183        0
          sigio     0      0K       0K 166960K        67        0
           proc    58     99K     163K 166960K       474        0
        subproc    72      4K       4K 166960K        72        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K         6        0
       in_multi    99      7K       7K 166960K       102        0
    ether_multi     1      0K       0K 166960K         1        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys    55    254K     254K 166960K        55        0
           exec     0      0K       1K 166960K       340        0
   fusefs mount     1     32K      32K 166960K         1        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   266    168K     176K 166960K      3131        0
       UVM aobj     3      2K       3K 166960K         4        0
     pinsyscall    47     94K     110K 166960K      1185        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       0K 166960K         2        0
            NDP    13      0K       2K 166960K        27        0
           temp    37   8638K    8702K 166960K      3800        0
         kqueue    14     22K      29K 166960K        33        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       26    0        0     1     0     1     1     0     8    0
rtpcb      120       41    0       38     1     0     1     1     0     8    0
rtentry    176       97    0        1     5     0     5     5     0     8    0
unpcb      144      134    0      118     2     0     2     2     0     8    1
syncache   336        3    0        3     1     0     1     1     0     8    1
tcpcb      736       23    0       17     2     0     2     2     0     8    1
arp        128       12    0        0     1     0     1     1     0     8    0
inpcb      328      122    0      110     4     0     4     4     0     8    2
nd6        144       16    0        0     1     0     1     1     0     8    0
kcovpl      48        8    0        0     1     0     1     1     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      438    0        0    28     0    28    28     0     8    0
art_table   40      439    0        0     5     0     5     5     0     8    0
art_node    32       97    0       11     1     0     1     1     0     8    0
sysvmsgpl   40        1    0        1     1     0     1     1     0     8    1
semapl     112        2    0        1     1     0     1     1     0     8    0
shmpl      112        1    0        1     1     0     1     1     0     8    1
pool(0xffffffff838ec720:shmpl): page inconsistency: page 0xfffffd805f94b000; 34 on list, 0 missing, 35 items per page
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino2pl    256     1596    0       92    95     0    95    95     0     8    0
ffsino     296     1596    0       92   116     0   116   116     0     8    0
nchpl      144     1829    0      151    63     0    63    63     0     8    0
uvmvnodes   80     1677    0        0    35     0    35    35     0     8    0
vnodes     216     1677    0        0    94     0    94    94     0     8    0
namei      1024    5302    0     5302     2     0     2     2     0     8    2
percpumem   16       49    0        0     1     0     1     1     0     8    0
kstatmem   264       24    0        0     2     0     2     2     0     8    0
scxspl     216     6504    0     6504     3     1     2     2     1     8    2
plimitpl   152       74    0       47     2     0     2     2     0     8    0
sigapl     424      461    0      400     8     0     8     8     0     8    0
knotepl    120      323    0        0    10     0    10    10     0     8    0
kqueuepl   224      128    0      117     5     0     5     5     0     8    4
pipepl     344       99    0       72     3     0     3     3     0     8    0
fdescpl    528      438    0      400     4     0     4     4     0     8    0
filepl     160     1661    0     1440    14     0    14    14     0     8    4
lockfpl    104       17    0       12     1     0     1     1     0     8    0
lockfspl    48        8    0        4     1     0     1     1     0     8    0
sessionpl  144       21    0        5     1     0     1     1     0     8    0
pgrppl      48       29    0        5     1     0     1     1     0     8    0
ucredpl    104      142    0      123     1     0     1     1     0     8    0
zombiepl   144      400    0      400     1     0     1     1     0     8    1
processpl  1232     461    0      400     7     1     6     6     0     8    0
procpl     664      544    0      470     7     0     7     7     0     8    0
sockpl     752      297    0      266    11     0    11    11     0     8    7
mcl64k     65536      1    0        0     1     0     1     1     0     8    0
mcl8k      8192       2    0        0     1     0     1     1     0     8    0
mcl4k      4096     126    0        0    16     0    16    16     0     8    0
mcl2k      2048      36    0        0     5     0     5     5     0     8    0
mtagpl      96        1    0        0     1     0     1     1     0     8    0
mbufpl     256      217    0        0    14     0    14    14     0     8    0
bufpl      280     2855    0      112   196     0   196   196     0     8    0
anonpl      32     4391    0        0    36     0    36    36     0   246    0
amapchunkpl 152    9092    0     8493    28     3    25    25     0   158    0
amappl16   200     1989    0     1969     5     0     5     5     0     8    2
amappl15   192        3    0        3     1     0     1     1     0     8    1
amappl14   184      103    0       93     1     0     1     1     0     8    0
amappl13   176        5    0        5     1     0     1     1     0     8    1
amappl12   168     1039    0     1001     2     0     2     2     0     8    0
amappl11   160       47    0       37     1     0     1     1     0     8    0
amappl10   152       41    0       41     1     0     1     1     0     8    1
amappl9    144      289    0      288     1     0     1     1     0     8    0
amappl8    136       42    0       41     1     0     1     1     0     8    0
amappl7    128      171    0      161     1     0     1     1     0     8    0
amappl6    120      203    0      199     1     0     1     1     0     8    0
amappl5    112      114    0      108     1     0     1     1     0     8    0
amappl4    104      262    0      246     1     0     1     1     0     8    0
amappl3     96     1472    0     1334     4     0     4     4     0     8    0
amappl2     88      590    0      536     2     0     2     2     0     8    0
amappl1     80     7915    0     7341    13     0    13    13     0     8    0
amappl      88     2514    0     2313     5     0     5     5     0    92    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      72        3    0        1     1     0     1     1     0     8    0
uaddrrnd    24      438    0      400     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24      438    0      400     1     0     1     1     0     8    0
vmmpekpl   168     4982    0     4948     2     0     2     2     0     8    0
vmmpepl    168    34447    0    32302    98     0    98    98     0   357    3
vmsppl     488      437    0      400     7     1     6     6     0     8    0
rwobjpl     80    13954    0    11424    54     0    54    54     0     8    0
pdppl      4096     884    0      800   110    20    90    98     0     8    6
pvpl        32    11147    0        0    90     0    90    90     0   265    0
pmappl     256      437    0      400     4     1     3     3     0     8    0
extentpl    40       45    0       27     1     0     1     1     0     8    0
phpool     112      286    0       23     8     0     8     8     0     8    0
ddb{1}> machine ddbcpu 0
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
x86_ipi_db(ffffffff83855ff0) at x86_ipi_db+0x27
x86_ipi_handler() at x86_ipi_handler+0xd9
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83994ee8) at __mp_lock+0x192
softintr_dispatch(0) at softintr_dispatch+0x125
dosoftint(0) at dosoftint+0x54
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x7e8bf9213d90, count: 8
ddb{0}> trace
x86_ipi_db(ffffffff83855ff0) at x86_ipi_db+0x27
x86_ipi_handler() at x86_ipi_handler+0xd9
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83994ee8) at __mp_lock+0x192
softintr_dispatch(0) at softintr_dispatch+0x125
dosoftint(0) at dosoftint+0x54
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x7e8bf9213d90, count: -7
ddb{0}> machine ddbcpu 1
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
db_enter() at db_enter+0x25
panic(ffffffff8336cdbf) at panic+0x1e5
pool_do_get(ffffffff838ec720,1,ffff80003c4b6d78) at pool_do_get+0x5df
pool_get(ffffffff838ec720,1) at pool_get+0x162
shmget_allocate_segment(ffff80003b01efc0,ffff80003c4b6fd0,113,ffff80003c4b6f20) at shmget_allocate_segment+0x1af
sys_shmget(ffff80003b01efc0,ffff80003c4b6fd0,ffff80003c4b6f20) at sys_shmget+0x195
syscall(ffff80003c4b6fd0) at syscall+0xb17
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x65d09823390, count: 7
ddb{1}> trace
db_enter() at db_enter+0x25
panic(ffffffff8336cdbf) at panic+0x1e5
pool_do_get(ffffffff838ec720,1,ffff80003c4b6d78) at pool_do_get+0x5df
pool_get(ffffffff838ec720,1) at pool_get+0x162
shmget_allocate_segment(ffff80003b01efc0,ffff80003c4b6fd0,113,ffff80003c4b6f20) at shmget_allocate_segment+0x1af
sys_shmget(ffff80003b01efc0,ffff80003c4b6fd0,ffff80003c4b6f20) at sys_shmget+0x195
syscall(ffff80003c4b6fd0) at syscall+0xb17
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x65d09823390, count: -8