last executing test programs:

1.458839651s ago: executing program 1 (id=2):
r0 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$WSDISPLAYIO_GBURNER(r0, 0x400c5752, &(0x7f0000000040))
ioctl$KDENABIO(r0, 0x20004b3c)
r1 = syz_open_pts()
ioctl$TIOCNXCL(r1, 0x2000740e)
ioctl$WSMUXIO_ADD_DEVICE(r0, 0x80085761, &(0x7f0000000080)={0x1, 0x4})
ioctl$WSDISPLAYIO_SMODE(0xffffffffffffff9c, 0x8004574c, &(0x7f00000000c0)=0x2)
r2 = openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$WSDISPLAYIO_DELSCREEN(r2, 0x80085754, &(0x7f0000000140)={0x5, 0x518d919c7cd65a26})
r3 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$WSDISPLAYIO_GETEMULTYPE(r3, 0xc014575e, &(0x7f00000001c0)={0x10, './file0\x00'})
r4 = semget$private(0x0, 0x0, 0x310)
semctl$IPC_STAT(r4, 0x0, 0x2, &(0x7f0000000200))
r5 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0)
ioctl$VT_SETMODE(r5, 0x80087602, &(0x7f0000000280)={0x1, 0x1, 0x101, 0x8001})
ioctl$TIOCOUTQ(r1, 0x40047473, &(0x7f00000002c0)=0x1ff)
ioctl$TIOCSCTTY(r1, 0x20007461)
ioctl$KDENABIO(r0, 0x20004b3c)
sendmsg$unix(r2, &(0x7f0000000740)={&(0x7f0000000300)=@abs={0x1, 0x0, 0x1}, 0x8, &(0x7f00000006c0)=[{&(0x7f0000000340)="1f7d2ecf6c4da4be41ee259811fc9bef24df227037bda32f53dfd6723a522944782b7453315a9f1651ce1a2a3bad5e4d15760a21a81e1466535aa6920f14fdcdcf70192c0be198353b46054a9d3ce2a933008978fb043c2b7f74d63d3f6300f35ec510a85774a37ac24869bd96564be4b72b3f7af39191170f51eb86e6ab80a8155872374a740dcd3e17f57abb2534571103818a06f82dd996f91a321f9b21ae1ae129c3d2ded532d24126d71f57f63f1a832642d5658f61987ef84f5a2118b47305400c346b54c8a55a845671bf5513d39bdb6c366c2f2238e43bb75cef3569738d43dfc4def4701b221915", 0xec}, {&(0x7f0000000440)="b0da53453cdabb0ba65c7df65c3045ccf79d817434af96324eaee7aa3e0fcc8d3d9bd0fc68daff912c66317ab7957cea302d5b35c1a18d85ea50196f3b218ab1e0c807fc09", 0x45}, {&(0x7f00000004c0)="e5247690f5897b19fbb476353ccce85a3f84f99210161a0713039f5c78ebc9efe7e12fe5a8438798e9ee2603b07d41195d5a5955c428b0ede177989178f53fcdc2014ee9a3645c2aab0f2fffe8d16ec7e0d62acdee13e28c24d3649a08b6ecc203e0b18185e33ed4a1991ee59ce8692efa5eaa2f4432308b3ff6cbf1ed1ccd504db2deec86ab23605f2f78f3d1048477fb83d4483af56bbde8baf85ec566d8b4e578006cf9c93ff6a9ff4568056ff8a63161a28315c3b600d99ee16b1442994a", 0xc0}, {&(0x7f0000000580)="7b5ebff0afed664551b3dcffeab32bc937aa86d620c24321ed5c630f4ef55a39edc7ded3ea645e55db90c222431bbea44ba11c02a269e15bf83ac43156af2c044a9283af4ff6f92385b0d08ad5bbfc62bd3162583c04bb4ddca7fb2c23b5d3954b143ed0072790316fc9c6908731d506c8f7a4df76bcc810963a6e21706d3d31cc8f1651f4650cecebc2d394561f911b", 0x90}, {&(0x7f0000000640)="c2aa40221a50a707e5d41b3b7dbddc0210b05b94ed90a6e94e21fe49e6fc1fc1c6e807a22297e0a12595ad6f35e86fa83224ea0507734862c04712961b9b82ddf707188b6ff3e662969b864d6f5b2ee575", 0x51}], 0x5, 0x0, 0x0, 0x9}, 0x400)
getsockopt$sock_cred(r2, 0xffff, 0x1022, &(0x7f0000000780)={0x0, <r6=>0x0}, &(0x7f00000007c0)=0xc)
r7 = getegid()
getsockopt$sock_cred(r2, 0xffff, 0x1022, &(0x7f0000000800)={0x0, <r8=>0x0, <r9=>0x0}, &(0x7f0000000840)=0xc)
r10 = getegid()
semctl$IPC_SET(r4, 0x0, 0x1, &(0x7f0000000880)={{0x8e, r6, r7, r8, r10, 0x186, 0xf447}, 0x4, 0x174d, 0x3})
r11 = semget(0x2, 0x2, 0x288)
semctl$IPC_SET(r11, 0x0, 0x1, &(0x7f0000000900)={{0x0, r6, r9, r8, r9, 0xe8, 0x81}, 0x5, 0x8a, 0x1})
semctl$SETALL(r11, 0x0, 0x9, &(0x7f0000000980)=[0x5, 0xfffe, 0x8, 0xfff9, 0x100, 0x5])
ioctl$TIOCCDTR(r2, 0x20007478)
ioctl$BIOCGETIF(r2, 0x4020426b, &(0x7f00000009c0)={""/16, @ifru_flags})
ioctl$WSKBDIO_GETDEFAULTBELL(r2, 0x40105706, &(0x7f0000000a00))

1.382913276s ago: executing program 7 (id=8):
sysctl$net_inet_ah(&(0x7f0000000000)={0x4, 0x2, 0x33, 0x2}, 0x31, 0x0, 0x0, 0x0, 0xffffffffffffff7c)

1.381916668s ago: executing program 0 (id=10):
chmod(0x0, 0x35e)
setuid(0xee01)
mkdirat(0xffffffffffffff9c, 0x0, 0xc4)
syz_emit_ethernet(0x3e, &(0x7f0000000140)=ANY=[@ANYBLOB="e33a176ed02400000000000086dd634584d100086103fe8000e30000000000000000000000aa00000000ffffff"])
faccessat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mknod(0x0, 0x1000, 0xf1a2)
r0 = shmget$private(0x0, 0x3000, 0x386, &(0x7f0000ffa000/0x3000)=nil)
ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000000)={0x4, 0x4100001, 0x8, 0x545, "225e196f00000000000000000edd0000f400", 0xfffffffc, 0x400})
sendto$unix(0xffffffffffffffff, &(0x7f0000000000)="b10005040000040000", 0x9, 0x400, 0x0, 0x0)
unveil(&(0x7f0000000080)='.\x00', 0x0)
r1 = socket(0x11, 0x3, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendto$unix(r1, &(0x7f0000000000)="b1000504000004000000000001000000331c13fecea10500fef96ec0c72fd3357ae30200004e3003000000acf20b7804be38164991f7c8cf5f882b297be1aa0500000051e2f0ad3ebbc257699a1f139b672f4d335c223e7d0c032bfa896443a42102000000720fd18bfbb670c1f5a872c881ea6e2ec5890400000000008000361b4cc702fac500002021fbfa0c0f00008abfba221554f4e0f668246c0900000008e371a378343712051eea040000000000", 0xb1, 0x0, 0x0, 0x0)
shmctl$IPC_SET(r0, 0x1, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x0, 0x140, 0x98, 0x6}, 0x4, 0x20d, 0x0, 0xffffffffffffffff, 0xeffffffffffffffd, 0x1, 0x80000001})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
ioctl$FIOSETOWN(r2, 0x8004667c, &(0x7f0000000300)=0x1)
recvmmsg(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x6}, 0x10, 0x20, 0x0)
mknod(&(0x7f0000000040)='./bus\x00', 0x2000, 0x6384)
select(0x40, &(0x7f0000000180)={0xfffffffffffffff5, 0x44809e9d, 0xffffffffffffffff, 0xfffffffffffffffe, 0x2800000000000000, 0x181c, 0x8, 0x2000000000000004}, 0x0, 0x0, 0x0)
r3 = kqueue()
kevent(r3, &(0x7f00000000c0), 0x8, &(0x7f00000001c0), 0x15, 0x0)
mknod(&(0x7f0000000000)='./file1\x00', 0x2000, 0x285b98)
r4 = open(&(0x7f0000000800)='./file1\x00', 0x800, 0x41)
ioctl$FIONBIO(r4, 0x82907003, &(0x7f0000000140)=0x2)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x40, 0x100)
ioctl$FIONBIO(r5, 0x82907003, &(0x7f0000000140)=0x1)
ioctl$BIOCSRTIMEOUT(r4, 0xc0307006, &(0x7f0000000080)={0x2, 0x10})
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x3000)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x1000)
shmctl$IPC_SET(r0, 0x1, &(0x7f0000000140)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x101, 0xdc5}, 0x4, 0x1, 0x0, 0x0, 0x8000, 0x3, 0x1000})

1.380797578s ago: executing program 1 (id=11):
r0 = syz_open_pts()
ioctl$TIOCSTAT(r0, 0x20007465, 0x0) (async)
ioctl$TIOCSTAT(r0, 0x20007465, 0x0)
ioctl$TIOCSETD(r0, 0x8004741b, &(0x7f0000000000)=0x8)
ioctl$TIOCSETD(r0, 0x8004741b, &(0x7f0000000240)=0x8)
unveil(0x0, &(0x7f00000003c0)='c\x00')
ioctl$TIOCMBIS(r0, 0x8004746c, &(0x7f0000000040)=0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
dup(0xffffffffffffffff)

1.375203198s ago: executing program 7 (id=12):
r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xf02, 0x186) (async)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x18289, 0x110)
write(r1, &(0x7f00000004c0)="b96abcf5ac7cffa09ea845315c0d853a14", 0xffffff48)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x2012, r0, 0x0)
pipe2(&(0x7f0000000100)={<r2=>0xffffffffffffffff}, 0x0)
writev(r2, &(0x7f0000000280)=[{&(0x7f0000001040)="bd", 0x1}], 0x1) (async)
write(r2, &(0x7f0000000080)="c30516845e", 0xff55) (async)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0)

1.305615668s ago: executing program 4 (id=5):
ioctl$WSMUXIO_LIST_DEVICES(0xffffffffffffffff, 0xc1045763, &(0x7f0000000040)={0x0, [{0x3, 0x9}, {0x1}, {0x2}, {}, {0x2}, {0x3}, {0x0, 0xaa59}, {0x3, 0xb3d0}, {0x1, 0xffffffff}, {0x0, 0x100}, {0x2, 0x2}, {0x0, 0x80000000}, {}, {}, {0x0, 0x7}, {0x2, 0xffffffff}, {0x2, 0x1}, {0x1}, {0x0, 0x2}, {0x0, 0x7ff}, {0xbb08c0840fa32129}, {}, {0x2}, {0x0, 0x104}, {0x2}, {0x1, 0x1}, {}, {0x0, 0x200}, {0x2, 0xffffffff}, {0x0, 0xfffffffd}, {0x3, 0x4}, {0x3}]})
r0 = socket(0x1, 0x2, 0x5)
getsockname$inet(r0, 0xfffffffffffffffe, &(0x7f00000000c0))
ioctl$VMM_IOC_RESETCPU(0xffffffffffffffff, 0x82405605, &(0x7f0000000180)={0x4, 0x40, {[0x0, 0x81, 0x403, 0x4, 0x0, 0xfffffffffffffff9, 0xd9, 0x100, 0xfff, 0x8000, 0x7fffffff, 0x9, 0x7, 0x8, 0x9, 0x2, 0x4000000000ff, 0xd2], [0x7ffffffd, 0x5bd11eb9, 0x5, 0x80000001, 0x6, 0x1ff, 0x8001, 0x10, 0x9, 0x4000000000001], [0x7, 0x4, 0x8, 0x0, 0x7, 0x1c53], [0x498, 0x7, 0x7, 0x7ff, 0xec3, 0x7], [{0x6, 0x2f, 0x2, 0x6}, {0x7, 0x6, 0x2, 0x4000000}, {0x3, 0x1, 0x3, 0x1}, {0x1ff, 0x7ff, 0x51, 0x10001}, {0xf, 0xf, 0x200, 0xe0}, {0x1ca4, 0x1, 0x80000000, 0x5}, {0x4ecc, 0x917, 0x7, 0x8}, {0xfff, 0x1, 0x5, 0xb67}], {0x353e, 0x4, 0x6, 0x45ba000000000000}, {0x1, 0x3, 0x1, 0x5}}})
r1 = openat$pci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sysctl$hw(&(0x7f0000000080)={0x6, 0x2}, 0x2, 0x0, 0x0, 0x0, 0x0)
ioctl$PCIOCREAD(r1, 0xc0107002, &(0x7f0000000080))
setitimer(0x2, &(0x7f0000000080)={{0xfffffffffffffffd, 0x2}, {0x4, 0x8}}, 0x0)
sysctl$kern(&(0x7f0000000080)={0x1, 0x27}, 0x4000000000000004, 0x0, 0x0, 0x0, 0x0)
sysctl$kern(&(0x7f00000000c0)={0x1, 0x37}, 0x4, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8e5f84cf71b59c7afec37082", &(0x7f0000000140)=0x2c, 0x0, 0x2e)

1.260649476s ago: executing program 2 (id=3):
sysctl$net_inet_tcp(&(0x7f0000000040)={0x4, 0x2, 0x6, 0xd}, 0x4, &(0x7f0000000180)="a410403fd952e4df7272e2a9090fdd45d5986574a337ee6f0f7d7d0ed10df18ea86dc421ba7bc91c44c307d9980013d8c8ccc4820000d26e0fb1d3bf4e39d75d2c4672a854d9e38e47995c2d302cfb12d0fdbd493e9845eb23066c6764fda1c0b3c92a9b84b0168638f58f9d79fc0c18b498266d74f67ce1b2c7c20fdd002d080063f66ebd145eef9769fe84be3dcc311749febf0668ba0600232cd34a83708122b658e3ffd3440238575320fcc5e3bad99231cec7666a2aae00acdea76bee219a3c04a306fa6f247a06a03d2d236fd6d3f535d785aada81d48c592625639a1595efdbd9d9621fabc823cd0eed3fbf96dea8908eb15f714d1c04f21eb3583f73b836335249cb263fcd00b199c45657801ab10b3c36000000e93415822d5a9cd8929e92e7ad7b64f05b978002a5aa3a444d0ffd555baaedd5872f1183b3994a1d97597a76a5da561b7d162eada0d43844c0065c28f06a2ed986b4ea2de68c17565c8f", 0x0, 0x0, 0xfffffffffffffe3c)
sysctl$net_inet_tcp(&(0x7f0000000000)={0x4, 0x2, 0x6, 0x14}, 0x4, &(0x7f0000000080)="98f534d12ef10d9d68", &(0x7f00000000c0)=0x9, &(0x7f0000000300)="11f27869972204ebd53f4cc2d09316988aee040d1d752a621b8c659226dd209ccf63ebaab864840f044d56a98d0a119f00a4e9a3721e2e7e98e8c28703009408275cfa49c7b719cce3aaa6a6430dc494428391798b3144c4788b15c5e30403184c59896c3bb6d44e5005e42d2000ca157ef5c28577f4672c67ac80b5a4a50175ba6022fea2067125ec51d3fd5d45a6eae239a916e9c3f4c59386cbe7dd443d377b76972248307c74bb41f83f4e39aef973f184058df2d5a7f9ee3cc838f02890f36bd5f3445e2a39d4aafb943d7fadc6c7ec2e872690b48be54201a9c5b3a5c5e38f2fcf02e29851ecd5d0c34b9997b2e9460f99fa29a9719084", 0xfa)

117.936699ms ago: executing program 4 (id=13):
setrlimit(0x8, &(0x7f0000000000)={0x8, 0x54}) (async)
setrlimit(0x8, &(0x7f0000000000)={0x8, 0x54})
syz_open_pts() (async)
r0 = syz_open_pts()
close(r0)
r1 = open(&(0x7f0000000480)='./file0\x00', 0x80000000000206, 0x4ebfac6bbaf7949)
ioctl$VNDIOCCLR(r1, 0xc0a86b03, &(0x7f0000000200)={0x0, 0x10000, 0x0})
ioctl$VMM_IOC_RESETCPU(r1, 0x82405605, &(0x7f00000001c0)={0x0, 0x4, {[0xffffffff, 0x5, 0x6, 0x1, 0x5, 0x401, 0x1, 0xd248, 0xc6, 0x101, 0x8, 0x178, 0x9, 0x1, 0x9, 0x6, 0xf, 0x62ef], [0x6, 0x17, 0x4, 0x5d8, 0x4, 0x358, 0xcf02, 0x7, 0x562, 0x7fffffffffffffff], [0x2, 0x4b, 0xfffffffffffffff9, 0x9, 0x6, 0x9, 0x2], [0x4, 0x4, 0x28, 0x8, 0x8, 0x5], [{0x27, 0x8, 0x2, 0x3}, {0x8, 0x800, 0xac6}, {0x9, 0x6, 0x8000000, 0x49c8c03a}, {0x6, 0x400, 0x1, 0x7fffa3d}, {0x1, 0x3, 0x7ff}, {0x6, 0x0, 0x89, 0x1c}, {0x417, 0x0, 0x6}, {0x7ff, 0x8, 0xe59, 0xfffffffffffffffb}], {0x1, 0x9, 0xff, 0x24}, {0x1, 0x1, 0x3, 0x8}}}) (async)
ioctl$VMM_IOC_RESETCPU(r1, 0x82405605, &(0x7f00000001c0)={0x0, 0x4, {[0xffffffff, 0x5, 0x6, 0x1, 0x5, 0x401, 0x1, 0xd248, 0xc6, 0x101, 0x8, 0x178, 0x9, 0x1, 0x9, 0x6, 0xf, 0x62ef], [0x6, 0x17, 0x4, 0x5d8, 0x4, 0x358, 0xcf02, 0x7, 0x562, 0x7fffffffffffffff], [0x2, 0x4b, 0xfffffffffffffff9, 0x9, 0x6, 0x9, 0x2], [0x4, 0x4, 0x28, 0x8, 0x8, 0x5], [{0x27, 0x8, 0x2, 0x3}, {0x8, 0x800, 0xac6}, {0x9, 0x6, 0x8000000, 0x49c8c03a}, {0x6, 0x400, 0x1, 0x7fffa3d}, {0x1, 0x3, 0x7ff}, {0x6, 0x0, 0x89, 0x1c}, {0x417, 0x0, 0x6}, {0x7ff, 0x8, 0xe59, 0xfffffffffffffffb}], {0x1, 0x9, 0xff, 0x24}, {0x1, 0x1, 0x3, 0x8}}})
openat$wskbd(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
r2 = open(&(0x7f0000000040)='./bus\x00', 0x40, 0x100)
ioctl$FIONBIO(r2, 0x82907003, &(0x7f0000000140)=0x1)
ioctl$BIOCSRTIMEOUT(r2, 0xc0307006, &(0x7f0000000080)={0x1, 0x10}) (async)
ioctl$BIOCSRTIMEOUT(r2, 0xc0307006, &(0x7f0000000080)={0x1, 0x10})
ioctl$WSKBDIO_SETENCODING(r1, 0x80045710, &(0x7f00000000c0)=0x2e8)
r3 = syz_open_pts()
getpgid(0xffffffffffffffff) (async)
r4 = getpgid(0xffffffffffffffff)
ktrace(&(0x7f0000000040)='./file0\x00', 0x1, 0x40000002, r4)
ioctl$TIOCSETAF(r3, 0x802c7416, &(0x7f0000000180)={0x7777, 0x3, 0xfffffffd, 0x80a19a, "bb080006020900d91050080000000f00", 0x3e, 0x9})
writev(r0, &(0x7f0000000700)=[{&(0x7f0000000080)="34eb4cd59e8456ebc0881681c60e1cd9e0bf01b618b3cb934394c5951c1db0fd943a", 0xff99}], 0x1)

117.245816ms ago: executing program 3 (id=4):
r0 = msgget$private(0x0, 0x144)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
mknodat(0xffffffffffffff9c, 0x0, 0xc0e99db6de761f86, 0x0)
close(0xffffffffffffffff)
r2 = open(&(0x7f0000000080)='./file1\x00', 0x0, 0x132)
ioctl$FIONBIO(r2, 0x82907003, &(0x7f0000000140)=0x2)
ioctl$VMM_IOC_CREATE(r2, 0xc2585601, &(0x7f00000000c0)={0x10, 0x9, [{&(0x7f000073b000/0x3000)=nil, &(0x7f00000dc000/0x12000)=nil, 0x200007fffffffffe}, {&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000628000/0x3000)=nil, 0x1000}, {&(0x7f00000a3000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0xf}, {&(0x7f00006b5000/0x2000)=nil, &(0x7f00000eb000/0x4000)=nil, 0xfdfffffffffff7f9}, {&(0x7f00000f4000/0x3000)=nil, &(0x7f0000266000/0x4000)=nil, 0x8000000000000000}, {&(0x7f000060b000/0x2000)=nil, &(0x7f0000095000/0x3000)=nil, 0x1}, {&(0x7f0000123000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x4}, {&(0x7f00002f3000/0x3000)=nil, &(0x7f000063b000/0x2000)=nil, 0x5}, {&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, 0xffffff7ffffffff9}, {&(0x7f000013e000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, 0xc8}, {&(0x7f000064b000/0x2000)=nil, &(0x7f00000eb000/0x3000)=nil, 0x9}, {&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000688000/0x4000)=nil, 0x6}, {&(0x7f00003ca000/0x1000)=nil, &(0x7f0000273000/0xe000)=nil, 0x8}, {&(0x7f0000271000/0x1000)=nil, &(0x7f0000484000/0x2000)=nil, 0x6}, {&(0x7f0000148000/0x1000)=nil, &(0x7f00001ae000/0x3000)=nil, 0x8}, {&(0x7f0000ffd000/0x2000)=nil, &(0x7f000048d000/0x2000)=nil, 0x1001}], './file0\x00', 0xfffffffa})
setsockopt$sock_timeval(0xffffffffffffffff, 0xffff, 0x1006, 0x0, 0x0)
r3 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000140), 0x900, 0x0)
ioctl$BIOCSETIF(r3, 0x8020426c, &(0x7f0000000100)={'tap', 0x0})
ioctl$BIOCSETF(r3, 0x80104267, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x20, 0xf4, 0x5, 0x10006}, {0x6, 0x0, 0x8, 0x10000}]})
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0})
r4 = socket(0x18, 0x3, 0x50)
r5 = getuid()
getsockopt$SO_PEERCRED(r4, 0xffff, 0x1022, &(0x7f0000000300)={0x0, 0x0, <r6=>0x0}, 0xc)
fchown(r3, r5, r6)
ioctl$FIONREAD(r4, 0x8020699f, &(0x7f00000001c0))
syz_extract_tcp_res(&(0x7f0000000080), 0x5, 0x401)
sendmmsg(r1, &(0x7f0000001fc0)={0x0, 0x3}, 0x10, 0x202)
msgctl$IPC_SET(r0, 0x1, &(0x7f00000001c0)={{0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x1ff, 0x11, 0x0, 0x0, 0xffffffffffff75ba, 0xfffffffffffffff9, 0x8abd, 0x5})
msgrcv(r0, 0x0, 0x0, 0x3, 0x0)
msgctl$IPC_STAT(r0, 0x2, &(0x7f00000002c0)=""/49)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$FIONREAD(r7, 0x80047308, &(0x7f0000000040))

116.917162ms ago: executing program 2 (id=14):
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$pci(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
ioctl$PCIOCWRITE(r1, 0xc00c7007, &(0x7f00000005c0)={{0x0, 0x0, 0x2}, 0x5, 0xfffffffe, 0x2})
setsockopt(r0, 0x11, 0x2, &(0x7f0000000000), 0x4)

116.741368ms ago: executing program 4 (id=15):
r0 = socket$inet(0x2, 0x8367671687be4e8c, 0x4)
r1 = kqueue()
kevent(r1, &(0x7f0000000380), 0xe4a, 0x0, 0xa9fa, 0x0)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x40, 0x100)
r3 = openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$WSMUXIO_ADD_DEVICE(r3, 0x80085761, &(0x7f0000000440)={0x1})
readv(r2, 0x0, 0x0)
r4 = openat$wskbd(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
kevent(r2, &(0x7f00000001c0)=[{{r0}, 0xfffffffffffffff9, 0x8, 0x2, 0x6, 0x1000}, {{r0}, 0x3, 0x8a, 0x10, 0x4d27fc1a, 0x5}, {{r0}, 0xfffffffffffffff9, 0x80, 0x10, 0x1, 0x3}, {{r0}, 0xffffffffffffffff, 0x8, 0xf0000000, 0x3, 0xff}, {{r0}, 0xfffffffffffffffd, 0xb0, 0xf0000000, 0x1, 0x1}], 0x8, &(0x7f0000000280)=[{{r0}, 0xfffffffffffffff8, 0x20, 0x1, 0x3, 0x2}, {{r0}, 0xfffffffffffffffa, 0x1a, 0x20000000, 0x7f, 0x7}, {{r2}, 0xfffffffffffffffa, 0x22, 0x1, 0x8, 0x12d3}, {{r0}, 0xfffffffffffffff8, 0x0, 0x2, 0x3, 0x1}, {{r0}, 0xfffffffffffffffc, 0x8, 0x10, 0x4, 0xb17}, {{r4}, 0xffffffffffffffff, 0x0, 0x4, 0x1000, 0x89e}, {{r0}, 0xfffffffffffffffb, 0x41, 0x2, 0xce, 0x401}], 0x8, &(0x7f00000000c0)={0x9, 0x9})
sysctl$kern(&(0x7f0000000180)={0x1, 0x41}, 0x2, &(0x7f0000000080)="61ab5de0a9", &(0x7f0000000040)=0x5, 0x0, 0x0)
setsockopt(r0, 0x0, 0x2, &(0x7f0000000140)="ec746da1847a8fa41270617c278b6cf1cda23d6ed2014b3efd1506e4f48083a27c5b2f954e32acde7d2460602e153784ef0fe2af16c1011051d3d04e52f309f7bb49ac2ebbc1", 0x46)
sysctl$vm(&(0x7f0000000100)={0x2, 0x2}, 0x2, &(0x7f0000000080)="e40306a3ed3b7ca230cb1491ff7a0ded546c0f66d31540ba", &(0x7f0000000040)=0x18, 0x0, 0x0)

116.231391ms ago: executing program 5 (id=6):
r0 = kqueue()
kevent(r0, &(0x7f0000000040)=[{{}, 0xfffffffffffffff9, 0x10d, 0x3, 0xffffffffffff564e}], 0x1, 0x0, 0x0, 0x0)
poll(&(0x7f0000000180)=[{r0, 0x91cbd8417f6167d9}], 0x1, 0x8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$sock_cred(r1, 0xffff, 0x1022, &(0x7f00000000c0), &(0x7f0000000040)=0xc)
sysctl$kern(&(0x7f00000000c0)={0x1, 0x4e}, 0x2, 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sysctl$kern(&(0x7f00000000c0)={0x1, 0x33}, 0x3, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8e5f84cf71b59c7afec37082", &(0x7f0000000080)=0x3414, 0x0, 0x37)
sysctl$vm_swapencrypt(0x0, 0x0, &(0x7f0000000780)='\b', &(0x7f0000000080)=0x1, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xa7210e10bc3c9de9)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
pread(r2, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
sendmsg(r3, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[{0x10, 0x1, 0x7}], 0x10}, 0x0)
setrlimit(0x8, &(0x7f0000000980)={0xb, 0x54})
r4 = socket(0x21, 0x0, 0x0)
r5 = syz_open_pts()
ioctl$PCIOCREAD(r2, 0xc0107002, &(0x7f00000000c0))
close(r5)
r6 = syz_open_pts()
writev(r5, &(0x7f0000000440)=[{&(0x7f0000000080)='\x00', 0xffaa}], 0x1)
r7 = socket(0x2, 0x1, 0x0)
connect$unix(r7, &(0x7f0000000000), 0x10)
connect$unix(r7, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0xa)
poll(&(0x7f00000001c0)=[{r0, 0x80}, {r6, 0x40}, {r2, 0x2}, {r2, 0x10}, {r4, 0x2}, {r7, 0x100}, {r0, 0x20}, {r5, 0x4}, {r0, 0x8}], 0x9, 0x0)
readv(r5, &(0x7f0000000100)=[{&(0x7f0000003f40)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/4099, 0x1003}, {&(0x7f0000000000)=""/53, 0x35}], 0x3)

115.966282ms ago: executing program 2 (id=16):
open$dir(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000080)="76e5eac907f9ccf7a251ceddcec7d6aa45cffe2c63a56077123a276d3ba4e9d17eb3eb5db12a3783a8e0620d357de1fe04fa9465b5bd1286e9624dec06a00c222f", 0x41}], 0x1)
rename(&(0x7f0000000100)='./file0\x00', 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='.\x00')
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
unlink(&(0x7f0000000300)='.\x00')
ioctl$TIOCSETA(0xffffffffffffffff, 0x802c7414, 0x0)
socket(0x18, 0x1, 0x0)
sysctl$kern(&(0x7f00000000c0)={0x1, 0x14}, 0x2, &(0x7f0000000100)="4ba7841143", &(0x7f0000000040)=0x5, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r0 = socket(0x2, 0x1, 0x0)
setsockopt(r0, 0x6, 0x4, &(0x7f0000000080)="f8ed967a", 0x4)
select(0x40, &(0x7f0000000180)={0xfffffffffffffff9, 0x44809e9d, 0xffffffffffffffff, 0xfffffffffffffffd, 0x2800000000000000, 0x181c, 0x8, 0x2000000000000004}, 0x0, 0x0, 0x0)
r1 = kqueue()
kevent(r1, &(0x7f00000000c0), 0x8, &(0x7f00000001c0), 0x15, 0x0)
ioctl$WSDISPLAYIO_USEFONT(0xffffffffffffffff, 0x80585750, &(0x7f0000000140)={'./file0\x00', 0x1, 0xef, 0x61, 0x1, 0x5, 0xd87, 0x8000000c, 0x0, 0x0, 0xaf, 0xffffffffffffffcb})
mknod(&(0x7f0000000000)='./file1\x00', 0x2000, 0x637d)
r2 = open(&(0x7f0000000800)='./file1\x00', 0x800, 0x120)
ioctl$FIONBIO(r2, 0x82907003, &(0x7f0000000140)=0x1)
mknod(&(0x7f0000000000)='./file0\x00', 0x8000, 0x2)
r3 = open(&(0x7f0000000040)='./file0\x00', 0x40, 0x100)
ioctl$WSMOUSEIO_SCALIBCOORDS(0xffffffffffffffff, 0x81205724, &(0x7f0000000100)={0x4, 0x1, 0x7, 0x6, 0x3, 0x80002001, 0x8, 0x10, [{0x0, 0x7, 0x4, 0x3}, {0x7, 0x4, 0x101, 0x7}, {0x6, 0xf86, 0x100, 0xaf9}, {0x5, 0x8, 0xb, 0x3}, {0x7, 0xfffffffb, 0xe, 0x7}, {0x2, 0x7, 0xffffffff, 0x9c}, {0x80000cdf, 0x1, 0x5, 0x6d}, {0x2000a, 0x803, 0x14, 0x8}, {0x2, 0x81, 0x1, 0x9}, {0x3ff, 0x8001, 0xc7, 0x87}, {0x4, 0x5, 0x9, 0x10aeb}, {0x803, 0x40, 0x1, 0x5}, {0xe0, 0x4, 0x5, 0x3ff}, {0x29a71717, 0xfffffffa, 0x6, 0x100006}, {0x4, 0x9, 0x7}, {0x0, 0x5, 0x4, 0x30000}]})
select(0x40, &(0x7f0000000180)={0xfffffffffffffff9, 0x44809e9d, 0xffffffffffffffff, 0xfffffffffffffffd, 0x2800000000000000, 0x181c, 0x8, 0x2000000000000004}, 0x0, 0x0, 0x0)
ioctl$FIONBIO(r3, 0x82907003, &(0x7f0000000140)=0x2)
sysctl$kern(0x0, 0x0, &(0x7f00000000c0)="3bf2ee74e747c82dad6eb2a36fa755e1a3925fe49afca7e63b52fa65ccaa74d6e6b85b6cdced70357ef201f97842b1068dca31553fa2d7031f38c03e56ad0e24dfc4f97b8b7f81499647e6e7725765d61436c85e43c15d12a78cb8c57ddde87021d7b685507fd3e0652f35e45bdaa3afd86c4fe557433e4c2b632de71c951516adff26aa2e48b45f8ce92bcefd3eceefabee7e3ebe806fdb4f6af569ae94b5d127", 0x0, 0x0, 0x0)
ioctl$FIONBIO(r3, 0x82907003, &(0x7f0000000140)=0x1)
setsockopt(r0, 0x6, 0x8, &(0x7f0000000280)="c2c2e9a2", 0x4)
sysctl$kern(&(0x7f0000000100)={0x1, 0x2}, 0x2, 0x0, 0x0, &(0x7f0000000080)="33108a5b", 0x4)

76.238131ms ago: executing program 0 (id=17):
setitimer(0x3, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
munmap(&(0x7f0000131000/0x2000)=nil, 0x2000)
r0 = socket(0x18, 0x1, 0x0)
setsockopt(r0, 0x29, 0xe, &(0x7f0000000000)="02000000", 0x4)

75.669033ms ago: executing program 0 (id=18):
mknod(&(0x7f0000000040)='./bus\x00', 0x2000, 0xd02)
setrlimit(0x8, 0x0)
r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000100)={'tap', 0x0})
ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x2, 0x25, 0x2, 0x8000}, {0x1e, 0x10, 0x3, 0x40000003}]}) (async)
ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x2, 0x25, 0x2, 0x8000}, {0x1e, 0x10, 0x3, 0x40000003}]})
sendto$unix(0xffffffffffffffff, &(0x7f0000000000)="b1", 0x1, 0x0, 0x0, 0x0) (async)
sendto$unix(0xffffffffffffffff, &(0x7f0000000000)="b1", 0x1, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f0000000040)={0x0, 0x0})
ioctl$FIONREAD(0xffffffffffffffff, 0x8020690e, 0x0)
write(r0, &(0x7f0000000740)="002020c9c5e943ca8bf2eeebece66b7e4229ba53cde5e4090900db00d206000000a11f077f9575159a6b5aba577d4b8fceb3677ab3e90000000000000000e8500a8ae2bb16939750384e4165de6e35a7303966506ddfa487941243ffa688b24c27b497c73090dc15f3f43818dbd82478ae7d22485f3c5772a5ea11f38e3c670993d3167ed0206d93c0975d27ef46192d06128154dc1574580a2493b65cbb9e64d649ef608ac0ffe0aa75e3097a2497ea94ade8639669ad6284c2f885d3447b30cfeb856035f61ec2061c384486482ef155e02a4a7aeb07af63d189081a64568850fbec9eb9181c1f82324a6f65b45df3065994737d924991cfaa8f54b7edb4a78796f73bb756fbb9b01ef85ed707b6c53892344f2d7dbf7f0e0f1336e02d4593d9aca4a7b755d25e9d98f164e4e0a6e42100cf8fc700000000009ef204d53167dd0b1d1942bd757d19478cc3a212c6d0dcd2b1f6763d0f0df87b99684a8b5776562ba4b861debb57b5a874047b67b1ffffdd9f0781d900240eebde4cff265cd47e8e2d678a", 0x185) (async)
write(r0, &(0x7f0000000740)="002020c9c5e943ca8bf2eeebece66b7e4229ba53cde5e4090900db00d206000000a11f077f9575159a6b5aba577d4b8fceb3677ab3e90000000000000000e8500a8ae2bb16939750384e4165de6e35a7303966506ddfa487941243ffa688b24c27b497c73090dc15f3f43818dbd82478ae7d22485f3c5772a5ea11f38e3c670993d3167ed0206d93c0975d27ef46192d06128154dc1574580a2493b65cbb9e64d649ef608ac0ffe0aa75e3097a2497ea94ade8639669ad6284c2f885d3447b30cfeb856035f61ec2061c384486482ef155e02a4a7aeb07af63d189081a64568850fbec9eb9181c1f82324a6f65b45df3065994737d924991cfaa8f54b7edb4a78796f73bb756fbb9b01ef85ed707b6c53892344f2d7dbf7f0e0f1336e02d4593d9aca4a7b755d25e9d98f164e4e0a6e42100cf8fc700000000009ef204d53167dd0b1d1942bd757d19478cc3a212c6d0dcd2b1f6763d0f0df87b99684a8b5776562ba4b861debb57b5a874047b67b1ffffdd9f0781d900240eebde4cff265cd47e8e2d678a", 0x185)
r1 = shmget$private(0x0, 0x3000, 0x120, &(0x7f0000ff9000/0x3000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmctl$SHM_LOCK(r1, 0x3) (async)
shmctl$SHM_LOCK(r1, 0x3)
openat$vmm(0xffffffffffffff9c, &(0x7f0000000500), 0x8, 0x0) (async)
r2 = openat$vmm(0xffffffffffffff9c, &(0x7f0000000500), 0x8, 0x0)
ioctl$VMM_IOC_INTR(r2, 0xc0285602, &(0x7f0000000040)={0x1, 0x40000000, 0x1})
socket(0x2, 0x3, 0x0) (async)
r3 = socket(0x2, 0x3, 0x0)
r4 = dup(r3)
r5 = dup(r4)
execve(0x0, &(0x7f00000001c0)=[0x0, &(0x7f00000000c0)='/dev/speaker\x00'], 0x0)
r6 = socket(0x1, 0x2, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000200)={@local, @local, [], {@ipv4={0x800, {{0x17, 0x4, 0x2, 0x1, 0x80, 0x64, 0x3, 0x6, 0x9d, 0x0, @broadcast, @loopback, {[@rr={0x7, 0xb, 0x1e, [@local={0xac, 0x14, 0x0}, @local={0xac, 0x14, 0x0}]}, @timestamp={0x44, 0x30, 0x8, 0x2, 0x3, [{[], 0x8}, {[@local={0xac, 0x14, 0x0}], 0xce82}, {[], 0x5}, {[@multicast1], 0x81000000}, {[@loopback], 0xfffffffd}, {[], 0xd5b0}, {[], 0x1000}, {[], 0x1ff}]}, @end, @generic={0x89, 0xb, "a7aa7f25ac0bc50690"}]}}, @tcp={{0x3, 0x3, 0x41424344, 0x41424344, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5896, {[@generic={0x2, 0xb, "cf39edd697f1746030"}]}}, {"6aa09120"}}}}}})
ioctl$FIONREAD(r6, 0xc0106924, &(0x7f00000001c0))
kqueue() (async)
r7 = kqueue()
kevent(r7, &(0x7f00000000c0), 0x8, &(0x7f00000001c0), 0x15, 0x0) (async)
kevent(r7, &(0x7f00000000c0), 0x8, &(0x7f00000001c0), 0x15, 0x0)
r8 = socket(0x18, 0x3, 0x50)
setuid(0xffffffffffffffff) (async)
setuid(0xffffffffffffffff)
ioctl$FIONREAD(r8, 0x802069c1, &(0x7f00000001c0))
setsockopt$inet_opts(r5, 0x0, 0x16, &(0x7f0000000080)="fd0cc085", 0x4)
select(0x40, &(0x7f0000000040)={0x40009, 0x5, 0x4008, 0x5, 0x3, 0x1000000000090, 0x89ce, 0x40000000000}, 0x0, 0x0, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) (async)
open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)

15.708632ms ago: executing program 4 (id=19):
ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f00000001c0)={0x48, &(0x7f0000000100)})
r0 = socket(0x2, 0x2, 0x0)
getsockopt(r0, 0xffff, 0x4, &(0x7f00000001c0)=""/233, &(0x7f00000002c0)=0xe9)
mknod(&(0x7f0000000200)='./file0\x00', 0x2000, 0x412dff)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0)
ioctl$VMM_IOC_CREATE(0xffffffffffffffff, 0xc2585601, &(0x7f0000000340)={0x10, 0x0, [{&(0x7f000005f000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil}, {&(0x7f00000a7000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x9}, {&(0x7f0000528000/0x4000)=nil, &(0x7f000032c000/0x2000)=nil}, {&(0x7f00000a7000/0x1000)=nil, &(0x7f000009a000/0x2000)=nil, 0x3}, {&(0x7f00000a3000/0x2000)=nil, &(0x7f000009e000/0x2000)=nil}, {&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x3}, {&(0x7f0000091000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil}, {&(0x7f000009d000/0x4000)=nil, &(0x7f000008e000/0x2000)=nil}, {&(0x7f0000ffa000/0x2000)=nil, &(0x7f000063e000/0x4000)=nil, 0x1}, {&(0x7f00002ef000/0x3000)=nil, &(0x7f000009d000/0x2000)=nil}, {&(0x7f00000a6000/0x3000)=nil, &(0x7f00003cf000/0x3000)=nil}, {&(0x7f00000a1000/0x1000)=nil, &(0x7f00000d6000/0x3000)=nil, 0x1}, {&(0x7f0000ff9000/0x1000)=nil, &(0x7f000037d000/0x4000)=nil}, {&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000099000/0x1000)=nil}, {&(0x7f000009a000/0x4000)=nil, &(0x7f0000090000/0x2000)=nil}, {&(0x7f000009e000/0x4000)=nil, &(0x7f000009a000/0x2000)=nil, 0x2}], './file0\x00', 0x6})
writev(r1, &(0x7f0000000340)=[{&(0x7f0000000000), 0x2cfea}], 0x1000000000000013)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
ioctl$WSDISPLAYIO_USEFONT(0xffffffffffffffff, 0x80585750, &(0x7f0000000140)={'./file0\x00', 0x4, 0xc0, 0x3, 0x0, 0x7ff, 0x1, 0x2, 0x1, 0x2, 0x2004007, 0xff})
r2 = socket(0x1, 0x2, 0x0)
ioctl$FIONREAD(r2, 0xc0106924, &(0x7f00000001c0))
setitimer(0x1, &(0x7f0000000140)={{0x20000000008000, 0x100800000000009}, {0xffffffffffffffff, 0xfffd}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000040)={@broadcast, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x14, 0x0}, @multicast1=0xe000ffe1}, @icmp=@parameter_prob={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast1, @loopback}}}}}})
setuid(0xffffffffffffffff)
r3 = socket(0x2, 0x2, 0x0)
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0})
ioctl$WSMUXIO_REMOVE_DEVICE(0xffffffffffffffff, 0x80085762, &(0x7f0000000040)={0x1})
r4 = socket(0x18, 0xc003, 0x3a)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd61ef307d00000612000000000000000000005c13000000000000000000000000000000000001"])
setsockopt(r4, 0x29, 0x6c, &(0x7f0000000040), 0x4)
setsockopt$inet6_MRT6_ADD_MIF(r4, 0x29, 0x66, &(0x7f00000003c0)={0x0, 0x1, 0x13, 0x3}, 0xc)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setsockopt$inet6_MRT6_ADD_MFC(r4, 0x29, 0x68, &(0x7f0000000100)={{0x18, 0x2, 0xffff}, {0x18, 0x0, 0x5, 0x1}, 0xb, [0xf03, 0xfffffffe, 0x9, 0x5, 0xff, 0x800, 0x9, 0x67f]}, 0xca)
r5 = socket(0x800000018, 0x1, 0x0)
ioctl$FIONREAD(r5, 0xc050756a, &(0x7f0000000100))
ioctl$FIONREAD(r3, 0x80206980, &(0x7f00000001c0))
ioctl$FIONREAD(0xffffffffffffffff, 0x81206919, &(0x7f0000000100))
ioctl$FIONREAD(0xffffffffffffffff, 0x8080691a, &(0x7f0000000100))
dup(0xffffffffffffffff)

14.610591ms ago: executing program 0 (id=20):
setrlimit(0x1, &(0x7f0000000040)={0x3f, 0x6})
r0 = syz_open_pts()
close(r0)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x2, 0x10, r1, 0x0)
r2 = socket(0x800000018, 0x3, 0x0)
bind$unix(r2, &(0x7f0000000080)=@abs={0x1f95d27d48731892, 0x7}, 0x1c)
r3 = socket(0x24, 0x3, 0x6)
syz_open_pts()
ioctl$TIOCSETD(r0, 0x8004741b, &(0x7f0000000000)=0x8)
writev(r3, &(0x7f0000000280)=[{&(0x7f00000000c0)="cff5c05664db486cda974a82388ef359025250129bdb3b8c2c5e8156eb32d47209b2a02c3bb43bea0300", 0x2a}], 0x1)

12.733926ms ago: executing program 0 (id=21):
r0 = open(&(0x7f0000000400)='./file0\x00', 0x2, 0x0)
fcntl$lock(r0, 0x9, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x269000000, 0xffffffffffffffff})
ftruncate(r0, 0xa3c4)
sysctl$kern(&(0x7f0000000000)={0x1, 0x4d}, 0x2, 0x0, 0x0, &(0x7f0000001440)="02000000", 0x4)

12.261447ms ago: executing program 6 (id=7):
r0 = openat$pf(0xffffffffffffff9c, &(0x7f0000000700), 0x82, 0x0) (async)
writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000100)="12faa0", 0x3}], 0x1)
ioctl$TIOCSETA(r0, 0xc4504442, &(0x7f0000000000)={0x32, 0x6c6deb0d, 0x6, 0x4000, "97a2224ff1c14a06ebb178926cc9795a6b47c191", 0x1, 0xfffff7fe}) (async)
r1 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r2 = openat$pci(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) (async)
pipe(&(0x7f0000003800)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000003c40)="f63285", 0x3) (async)
rmdir(&(0x7f0000000280)='./file0\x00')
kevent(r0, &(0x7f0000000140)=[{{r0}, 0xfffffffffffffffa, 0x22, 0xfffff, 0x4, 0x8}, {{r0}, 0xfffffffffffffffc, 0x14, 0x8, 0x3}, {{r1}, 0xfffffffffffffffb, 0x1, 0x0, 0xffffffffffff8000, 0x9}, {{r0}, 0xffffffffffffffff, 0x90, 0x10, 0xffff, 0x4a1}, {{r0}, 0xfffffffffffffffd, 0x14, 0xd000008b, 0x3}, {{r2}, 0xfffffffffffffffc, 0x42, 0x1, 0x1000, 0x1}, {{r0}, 0xfffffffffffffffe, 0x20, 0x2, 0xff, 0x6bdb}, {{r3}, 0xffffffffffffffff, 0x81, 0x4, 0x213, 0x5e2b}, {{r0}, 0xfffffffffffffffe, 0x1b, 0xf00fffff, 0x80000001, 0xad}, {{r0}, 0xfffffffffffffff9, 0x60, 0x40000022, 0x7fffffff, 0x6}], 0x4, &(0x7f00000000c0)=[{{r0}, 0xfffffffffffffffa, 0xa8, 0x8, 0x4, 0x8}], 0x1, 0x0)

0s ago: executing program 0 (id=22):
symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mknod(&(0x7f0000000280)='./file0\x00', 0x2000, 0x1e5f)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x80, 0x2a)
unveil(&(0x7f0000001180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000240)='c\x00')
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1)
mknod(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xc0e99db6de761f86, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1)
link(&(0x7f0000000940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000d40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
link(&(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000a80)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x6381)
rename(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000280)='./file2\x00')
rename(&(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
link(&(0x7f0000000940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000d40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
link(&(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$WSMOUSEIO_SCALIBCOORDS(r0, 0x81205724, &(0x7f0000000100)={0x20ad, 0x6, 0x2000007, 0x101, 0x80000001, 0x6, 0x80, 0x10, [{0x1000000, 0x7, 0x0, 0x71003}, {0xd8, 0x8, 0x8, 0xfffffff9}, {0x0, 0x8, 0x8, 0x8}, {0x8, 0x800, 0x3, 0xfffffffd}, {0xf, 0xf2b, 0x9, 0x6}, {0x40000002, 0x1, 0x8, 0x95}, {0x82ce1, 0x800, 0x9c29, 0x400006d}, {0x3, 0x803, 0x14, 0x6}, {0xffffffff, 0x82, 0x4, 0x400009}, {0x5, 0x7fffffff, 0xd1b, 0x88}, {0x1d0, 0x10001, 0x2c, 0x4}, {0x7fc, 0x9, 0x8, 0x80000000}, {0x81f, 0x4, 0x4, 0xffe}, {0x29a71713, 0xfffffffa, 0x6, 0x3}, {0xc, 0x9, 0x6}, {0x0, 0x3, 0x2}]})
fcntl$lock(0xffffffffffffffff, 0x9, &(0x7f0000000040)={0x2, 0x2, 0x9, 0x300000003})
mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x204)
open(&(0x7f0000000040)='./file0\x00', 0x8000, 0xa)
r1 = socket$inet(0x2, 0x3, 0x1)
setsockopt$inet_opts(r1, 0x0, 0x200000000000a, &(0x7f0000000000)="ea", 0x1)
setsockopt$inet_opts(r1, 0x0, 0x200000000000b, &(0x7f0000000080), 0x0)
sysctl$net_inet_ip(&(0x7f0000000040)={0x4, 0x11}, 0x6, &(0x7f0000000080), 0x0, 0x0, 0x0)
setrlimit(0x8, &(0x7f00000008c0)={0x42, 0x61})
r2 = syz_open_pts()
close(r2)
syz_open_pts()

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.50' (ED25519) to the list of known hosts.
panic: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/multicore/kernel/sys/net/rtable.c", line 132
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*421915  76604      0           0  0x4000000    1K syz-executor
 225659   1162      0           0          0    0  syz-executor
db_enter() at db_enter+0x25
panic(ffffffff8339449e) at panic+0x1e5
__assert(ffffffff833d3634,ffffffff833cd0ba,84,ffffffff83427871) at __assert+0x29
rtmap_grow(6,21) at rtmap_grow+0x24f
rtable_add(5) at rtable_add+0x2d9
route_output(fffffd806e9c5500,ffff8000015314a0) at route_output+0x532
route_send(ffff8000015314a0,fffffd806e9c5500,0,0) at route_send+0xd7
sosend(ffff8000015314a0,0,ffff80003c44e478,0,0,0) at sosend+0x804
sendit(ffff8000fffed248,3,ffff80003c44e570,0,ffff80003c44e620) at sendit+0x5a5
sys_sendto(ffff8000fffed248,ffff80003c44e6d0,ffff80003c44e620) at sys_sendto+0x8d
syscall(ffff80003c44e6d0) at syscall+0xbd4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x651aadc7c10, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "map->limit == rtmap_limit" failed: file "/syzkaller/managers/multicore/kernel/sys/net/rtable.c", line 132
ddb{1}> trace
db_enter() at db_enter+0x25
panic(ffffffff8339449e) at panic+0x1e5
__assert(ffffffff833d3634,ffffffff833cd0ba,84,ffffffff83427871) at __assert+0x29
rtmap_grow(6,21) at rtmap_grow+0x24f
rtable_add(5) at rtable_add+0x2d9
route_output(fffffd806e9c5500,ffff8000015314a0) at route_output+0x532
route_send(ffff8000015314a0,fffffd806e9c5500,0,0) at route_send+0xd7
sosend(ffff8000015314a0,0,ffff80003c44e478,0,0,0) at sosend+0x804
sendit(ffff8000fffed248,3,ffff80003c44e570,0,ffff80003c44e620) at sendit+0x5a5
sys_sendto(ffff8000fffed248,ffff80003c44e6d0,ffff80003c44e620) at sys_sendto+0x8d
syscall(ffff80003c44e6d0) at syscall+0xbd4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x651aadc7c10, count: -12
ddb{1}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80003c44e070
rbx               0xffff8000299eeddf
rdx               0xffff800001581e40
rcx               0xffff8000fffed248
rax               0xffff8000299edff0
r8                 0x101010101010101
r9                0x8080808080808080
r10               0xdc57319b6c362830
r11               0x4bed3b4791c4ffcd
r12               0xffff8000299eebe0
r13                                0
r14                                0
r15                              0x1
rip               0xffffffff82d16555    db_enter+0x25
cs                               0x8
rflags                         0x246
rsp               0xffff80003c44e060
ss                              0x10
db_enter+0x25:  addq    $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor) tid=421915 pid=76604 tcnt=2 stat=onproc
    flags process=0 proc=4000000<THREAD>
    runpri=50, usrpri=50, slppri=32, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff8000fffeda10,0xffffffff839f1b80
    process=0xffff8000fffeb510 user=0xffff80003c449000, vmspace=0xfffffd8073b6e9a0
    estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 76604  265278  76476      0  2           0                syz-executor
*76604  421915  76476      0  7   0x4000000                syz-executor
 36799  145318  84760      0  2           0                syz-executor
 36799  196075  84760      0  3   0x4000080  fsleep        syz-executor
  1162  225659  45431      0  7           0                syz-executor
  1162  208380  45431      0  3   0x4000080  kqsel         syz-executor
 57899  271148  28284      0  2           0                syz-executor
 57899  379229  28284      0  2   0x4000000                syz-executor
 98904  424160  11630      0  2           0                syz-executor
 98904  168971  11630      0  2   0x4000000                syz-executor
 77903  416839  97868      0  2           0                syz-executor
 77903  165862  97868      0  3   0x4000080  fsleep        syz-executor
 77903  506523  97868      0  3   0x4000080  fsleep        syz-executor
 77903  351414  97868      0  2   0x4000000                syz-executor
 97868   34699  98214      0  3        0x82  nanoslp       syz-executor
 76476  286167  98214      0  3        0x82  nanoslp       syz-executor
 28284    4650  98214      0  3        0x82  nanoslp       syz-executor
 84760  334167  98214      0  3        0x82  nanoslp       syz-executor
 11630  126306  98214      0  3        0x82  nanoslp       syz-executor
 45431  365543  98214      0  3        0x82  nanoslp       syz-executor
 54541  225117  98214      0  3        0x82  nanoslp       syz-executor
 31158   41976  98214      0  3        0x82  nanoslp       syz-executor
 98214  331259   2339      0  3        0x82  kqread        syz-executor
  2339  234539  89608      0  3    0x10008a  sigsusp       ksh
 89608  111560  91086      0  3        0x98  kqread        sshd-session
 91086   60810  34833      0  3        0x92  kqread        sshd-session
 30649  467403      1      0  3    0x100083  ttyin         getty
 34833  178716      1      0  3        0x88  kqread        sshd
 72370  510818  93498     74  3   0x1100092  bpf           pflogd
 93498  345488      1      0  3        0x80  sbwait        pflogd
 15470     820  51542     73  3   0x1100090  kqread        syslogd
 51542  123856      1      0  3    0x100082  sbwait        syslogd
 87523   84530      1      0  3    0x100080  kqread        resolvd
 89230  119335   2404     77  3    0x100092  kqread        dhcpleased
 71307  277059   2404     77  3    0x100092  kqread        dhcpleased
  2404  407917      1      0  3        0x80  kqread        dhcpleased
 49846  213858      0      0  3     0x14200  bored         smr
 54417   26548      0      0  2     0x14200                zerothread
 64253   12010      0      0  3     0x14200  aiodoned      aiodoned
 16518   87730      0      0  3     0x14200  syncer        update
 86340  464437      0      0  3     0x14200  cleaner       cleaner
 95291  211630      0      0  3     0x14200  reaper        reaper
 55489  296533      0      0  3     0x14200  pgdaemon      pagedaemon
 60622  299232      0      0  3     0x14200  bored         viomb
 14722  522693      0      0  3  0x40014200  acpi0         acpi0
 94888  488849      0      0  3  0x40014200                idle1
  4659  427474      0      0  3     0x14200  bored         softnet1
 14618  523170      0      0  3     0x14200  bored         softnet0
 50088   57888      0      0  3     0x14200  bored         systqmp
 35535  348448      0      0  3     0x14200  bored         systq
 10182   66320      0      0  3     0x14200  tmoslp        softclockmp
 15491  360864      0      0  3  0x40014200  tmoslp        softclock
 39018  429955      0      0  3  0x40014200                idle0
     1  412679      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
Process 76604 (syz-executor) thread 0xffff8000fffed248 (421915)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83971cc8)
#0  witness_lock+0x5f1
#1  __mp_acquire_count+0x58
#2  malloc+0xe3
#3  rtmap_grow+0xb2
#4  rtable_add+0x2d9
#5  route_output+0x532
#6  route_send+0xd7
#7  sosend+0x804
#8  sendit+0x5a5
#9  sys_sendto+0x8d
#10 syscall+0xbd4
#11 Xsyscall+0x128
exclusive rwlock sbufsnd r = 0 (0xffff800001531688)
#0  witness_lock+0x5f1
#1  rw_do_enter_write+0x419
#2  sblock+0xb6
#3  sosend+0x2e9
#4  sendit+0x5a5
#5  sys_sendto+0x8d
#6  syscall+0xbd4
#7  Xsyscall+0x128
Process 57899 (syz-executor) thread 0xffff8000fffedca8 (379229)
exclusive rwlock unix r = 0 (0xffff8000015a2618)
#0  witness_lock+0x5f1
#1  rw_do_enter_write+0x419
#2  socreate+0x214
#3  sys_socketpair+0xcc
#4  syscall+0xbd4
#5  Xsyscall+0x128
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 11059  12150K   12212K 166960K     12164        0
            pcb    18     12K      12K 166960K        22        0
         rtable   247      7K       7K 166960K       368        0
             pf    36     17K      18K 166960K        47        0
         ifaddr    44      7K       7K 166960K        46        0
        ifgroup    57      2K       2K 166960K        57        0
         sysctl     1      1K       9K 166960K         5        0
       counters    70     37K      37K 166960K        70        0
       ioctlops     0      0K       4K 166960K      1487        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1343     85K      85K 166960K      1371        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K       5K 166960K         3        0
         VM map     2      1K       1K 166960K         2        0
            sem     3      0K       0K 166960K         3        0
        dirhash    15      2K       2K 166960K        15        0
           ACPI  1692    195K     286K 166960K     12470        0
      file desc    18     65K      93K 166960K       154        0
           proc    71    115K     180K 166960K       529        0
        subproc    72      4K       4K 166960K        72        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     2      0K       0K 166960K         2        0
       in_multi    99      7K       7K 166960K        99        0
    ether_multi     1      0K       0K 166960K         1        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys    43    201K     201K 166960K        43        0
           exec     0      0K       1K 166960K       375        0
   fusefs mount     1     32K      32K 166960K         1        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   253    143K     153K 166960K      3210        0
       UVM aobj     4      2K       2K 166960K         5        0
     pinsyscall    43     86K     104K 166960K      1281        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
            NDP    13      0K       2K 166960K        29        0
           temp    36   8646K    8710K 166960K      4166        0
         kqueue    16     22K      24K 166960K        28        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       26    0        0     1     0     1     1     0     8    0
rtpcb      120       36    0       32     1     0     1     1     0     8    0
rtentry    176      111    0        1     5     0     5     5     0     8    0
unpcb      144       48    0       25     1     0     1     1     0     8    0
syncache   336        3    0        3     1     1     0     1     0     8    0
tcpcb      736       12    0        6     1     0     1     1     0     8    0
arp        136       18    0        0     1     0     1     1     0     8    0
inpcb      328       76    0       65     1     0     1     1     0     8    0
nd6        152       24    0        0     1     0     1     1     0     8    0
kcovpl      48        8    0        0     1     0     1     1     0     8    0
ppxss      1192       1    0        0     1     0     1     1     0     8    0
pfosfp      40     1428    0     1005     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfstitem    24       16    0        0     1     0     1     1     0     8    0
pfstkey    128       16    0        0     1     0     1     1     0     8    0
pfstate    384       16    0        0     2     0     2     2     0     8    0
pfrule     1344      21    0       16     2     1     1     2     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      452    0        0    29     0    29    29     0     8    0
art_table   40      453    0        0     5     0     5     5     0     8    0
art_node    32      111    0       11     1     0     1     1     0     8    0
semapl     112        1    0        0     1     0     1     1     0     8    0
shmpl      112        2    0        1     1     0     1     1     0     8    0
dirhash    1024      19    0        0     3     0     3     3     0     8    0
dino2pl    256     1592    0       73    95     0    95    95     0     8    0
ffsino     296     1592    0       73   117     0   117   117     0     8    0
nchpl      144     1806    0      102    64     0    64    64     0     8    0
vnodes     216     1683    0        0    94     0    94    94     0     8    0
namei      1024    5440    0     5440     2     1     1     1     0     8    1
percpumem   16       50    0        0     1     0     1     1     0     8    0
kstatmem   264       28    0        0     2     0     2     2     0     8    0
scxspl     216     5910    0     5910     3     2     1     2     1     8    1
plimitpl   152       31    0       13     1     0     1     1     0     8    0
sigapl     424      463    0      415     7     1     6     7     0     8    0
knotepl    120       55    0        0     2     0     2     2     0     8    0
kqueuepl   224       29    0       17     1     0     1     1     0     8    0
pipepl     344      118    0       90     3     0     3     3     0     8    0
fdescpl    528      447    0      415     3     0     3     3     0     8    0
filepl     160     1584    0     1355    10     0    10    10     0     8    0
lockfpl    104        6    0        4     1     0     1     1     0     8    0
lockfspl    48        4    0        2     1     0     1     1     0     8    0
sessionpl  144       22    0       13     1     0     1     1     0     8    0
pgrppl      48       30    0       13     1     0     1     1     0     8    0
ucredpl    104       94    0       81     1     0     1     1     0     8    0
zombiepl   144      421    0      419     1     0     1     1     0     8    0
processpl  1232     463    0      415     5     0     5     5     0     8    0
procpl     664      499    0      442     6     0     6     6     0     8    1
sockpl     752      160    0      122     4     0     4     4     0     8    0
mcl8k      8192       2    0        0     1     0     1     1     0     8    0
mcl4k      4096     115    0        0    15     0    15    15     0     8    0
mcl2k      2048      37    0        0     5     0     5     5     0     8    0
mtagpl      96        2    0        0     1     0     1     1     0     8    0
mbufpl     256      193    0        0    13     0    13    13     0     8    0
bufpl      280     2400    0      130   163     0   163   163     0     8    0
anonpl      32     3832    0        0    31     0    31    31     0   246    0
amapchunkpl 152    8838    0     8316    21     0    21    21     0   158    0
amappl16   200     1784    0     1749     5     3     2     5     0     8    0
amappl15   192        3    0        2     1     0     1     1     0     8    0
amappl14   184       43    0       43     1     1     0     1     0     8    0
amappl13   176      429    0      428     1     0     1     1     0     8    0
amappl12   168      802    0      759     3     0     3     3     0     8    0
amappl11   160      118    0      118     1     1     0     1     0     8    0
amappl10   152       51    0       37     1     0     1     1     0     8    0
amappl9    144      252    0      252     1     1     0     1     0     8    0
amappl8    136       24    0       22     1     0     1     1     0     8    0
amappl7    128       96    0       95     1     0     1     1     0     8    0
amappl6    120      279    0      266     1     0     1     1     0     8    0
amappl5    112       78    0       68     1     0     1     1     0     8    0
amappl4    104      413    0      385     1     0     1     1     0     8    0
amappl3     96     1405    0     1306     4     1     3     3     0     8    0
amappl2     88      548    0      473     2     0     2     2     0     8    0
amappl1     80     9097    0     8500    14     0    14    14     0     8    0
amappl      88     2482    0     2306     5     0     5     5     0    92    1
uvmvnodes   80     1683    0        0    35     0    35    35     0     8    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      72        4    0        1     1     0     1     1     0     8    0
uaddrrnd    24      447    0      415     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24      447    0      415     1     0     1     1     0     8    0
vmmpekpl   168     5543    0     5505     2     0     2     2     0     8    0
vmmpepl    168    36440    0    34470    86     0    86    86     0   357    0
vmsppl     488      446    0      415     5     0     5     5     0     8    0
rwobjpl     80    15062    0    12442    55     1    54    55     0     8    0
pdppl      4096     902    0      830   100    28    72    88     0     8    0
pvpl        32    10144    0        0    82     0    82    82     0   265    0
pmappl     256      446    0      415     3     0     3     3     0     8    0
extentpl    40       45    0       27     1     0     1     1     0     8    0
phpool     112      272    0       32     8     0     8     8     0     8    0
ddb{1}> machine ddbcpu 0
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
x86_ipi_db(ffffffff837e0ff0) at x86_ipi_db+0x27
x86_ipi_handler() at x86_ipi_handler+0xd9
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83971ac0) at __mp_lock+0x192
softintr_dispatch(0) at softintr_dispatch+0x125
dosoftint(0) at dosoftint+0x54
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x794401e37330, count: 8
ddb{0}> trace
x86_ipi_db(ffffffff837e0ff0) at x86_ipi_db+0x27
x86_ipi_handler() at x86_ipi_handler+0xd9
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83971ac0) at __mp_lock+0x192
softintr_dispatch(0) at softintr_dispatch+0x125
dosoftint(0) at dosoftint+0x54
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x794401e37330, count: -7
ddb{0}> machine ddbcpu 1
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
db_enter() at db_enter+0x25
panic(ffffffff8339449e) at panic+0x1e5
__assert(ffffffff833d3634,ffffffff833cd0ba,84,ffffffff83427871) at __assert+0x29
rtmap_grow(6,21) at rtmap_grow+0x24f
rtable_add(5) at rtable_add+0x2d9
route_output(fffffd806e9c5500,ffff8000015314a0) at route_output+0x532
route_send(ffff8000015314a0,fffffd806e9c5500,0,0) at route_send+0xd7
sosend(ffff8000015314a0,0,ffff80003c44e478,0,0,0) at sosend+0x804
sendit(ffff8000fffed248,3,ffff80003c44e570,0,ffff80003c44e620) at sendit+0x5a5
sys_sendto(ffff8000fffed248,ffff80003c44e6d0,ffff80003c44e620) at sys_sendto+0x8d
syscall(ffff80003c44e6d0) at syscall+0xbd4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x651aadc7c10, count: 3
ddb{1}> trace
db_enter() at db_enter+0x25
panic(ffffffff8339449e) at panic+0x1e5
__assert(ffffffff833d3634,ffffffff833cd0ba,84,ffffffff83427871) at __assert+0x29
rtmap_grow(6,21) at rtmap_grow+0x24f
rtable_add(5) at rtable_add+0x2d9
route_output(fffffd806e9c5500,ffff8000015314a0) at route_output+0x532
route_send(ffff8000015314a0,fffffd806e9c5500,0,0) at route_send+0xd7
sosend(ffff8000015314a0,0,ffff80003c44e478,0,0,0) at sosend+0x804
sendit(ffff8000fffed248,3,ffff80003c44e570,0,ffff80003c44e620) at sendit+0x5a5
sys_sendto(ffff8000fffed248,ffff80003c44e6d0,ffff80003c44e620) at sys_sendto+0x8d
syscall(ffff80003c44e6d0) at syscall+0xbd4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x651aadc7c10, count: -12