last executing test programs:

372.725873ms ago: executing program 1 (id=2):
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001700)={&(0x7f00000000c0), 0x1c, 0x0}, 0x0)
r0 = socket(0x18, 0x2, 0x0)
connect$unix(r0, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c)
sysctl$kern(&(0x7f00000000c0)={0x1, 0x56}, 0x2, &(0x7f0000000100)="71f95f84cf71b59c7afec37582", &(0x7f0000000080)=0xff0b, 0x0, 0x0)
getsockname$inet(r0, &(0x7f00000000c0), &(0x7f0000000380)=0xffffffffffffff24)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r1 = socket(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0xffff, 0x1001, &(0x7f0000000100)=0x20000, 0x4)
pledge(0x0, &(0x7f00000000c0)='\x00')
pledge(&(0x7f0000000000)='tty   \x00\x02\x00!\a\x9bp^|#\xcbhl\x97\xa3_\xbc\x04\x9d!\xd9\x9f\x9f\xb4\x96\x13\x12\xe0\r\xe7\xb9E\b\x00\x00\x00B\xaaY\xe1Q<\x19\xc0\xf6Yf\x9au^\xa0\xc9j\xdd-I\x01R\x00w\xf7\x15\x04\xa6\x82aY\x1d\xd7\f>Y\x06\"\xad\xb6\x88_\xeb\at\x91\xd3\xbf\xea\xddt\xe0\bt\x06S,\x1f\x1fj\xa5H\x01nz\x947\xf8Q|o\x80\xdbH\xa7-\xaaw\xcet\x044\xc5\xa9e\xa9\xf6\x1b\x8e\x05\x86\x91IsC\xb9ul\xaeu\xad\x9b\xaf\x04\xc4\x03\"F\x8f\xd5\xe8\r\x8d\xa1\x00\xcc\xd7\xa0\xe1\xeb\xc1>\xbd\t\xc8\x15\v\xb0, \xee\xa4\xa6\xb9a\x01&\xadrj\xd5\xc26p\xa14\xe0\xbf\xa0\x1es\x01=\xdbd\xf0?=<l\x8c\x01\xe3\x05$\x1c\x04B\x00\xa4P\x04\xcf\x87\xaa\x96iP\x14{4\xe6\x87\x9d\x8f\bz9$\x10_\xd8E\x93\x92\xf5\x8au\xab\xf9)\xf5\xa6\xc7\xc8\xed\xb9\x1f:\x03K\xa2\xdbUshx\xbe\\\x19\xdax\xeb_W\xbb\'\x00G\xbb\xfd\xe2\xd58\xf4:)\x10|r\x1e\x06p>\x8afcJ\x8e\xf7\nn\xd4<\x00\xec\xe4^\x00\x00\x00\xca\x90\xfa\x98\xc9gty\xce\xab\xd2\xa1\x85E\xe4\xa9\xd5\xab\x83\xda?w\x83\xbc\xcf\xd20(L&b\xed\x8c\x1d\x1a\x9fd\x99H\x9e\x82\x10\xea\x05\xf8\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xa6\x8c\x05n\x83\x83\x12+\x16\xc1\x00\x04\x00\x00\x13:o\x0f\x1fB\xa4\xddwB\x92h\xde\xfal3\x88e\x04J\\\x00D\xae`\x8e\xadd\xa8;\xee\xc4K\xe8]\x84\x90\xb8d\xfb\x95\xb3\xe9(x_\x80]\xadW\xd5\xa9\xaa\x03\x9c6\xa9\xc4\x01\x03\xea\xe5\x90\x85\x16\xb0DV\x13\x01\xab\x01\xf0\x8f\x02\xc2\xc89\x19o\xf5zJ\x9b\x03\x1f\xd7\xdbN\\\xc0\xcd?Pg\xd5q\x13\xbd \xfa\xab\xccJK\x11\\\x16~#P.\xc9K\x15r\xab\xda\xe2\xd4\xec8\x8b\xb6e\x96\xe9\xc3\x93\xed\x94.\xc2\xa0\x1fU#\x96\xe6\xb6C\xfa\x03/\x8b\x0e2\xec\x96v\x9b/.\v\x9e\x80\x18s\xae.\xf4\x14KS`\x87\x8b4\t\x00\x87{\xa8@e\xbfe\xeb\xee\xa2\xe72\xb8Q:\x9f\xc2ym\x86\xc4\xcbm\x80%\xfc\x9e\x9f', &(0x7f0000002840)='tty   \x00\x02\x00!\a\x9bp^|#\xcbhl\x97\xa3_\xbc\x04\x9d!\xd9\x9f\x9f\xb4\x96\x13\x12\xe0\r\xe7\xb9E\b\x00\x00\x00l\xaaY\xe1Q<\x19\xc0\xf6Yf\x9au^\xa0\xc9j\xdd-I\x01R\x00w\xf7\x15\x04\xa6\x82aY\x1d\xd7\f>Y\x06\"\xad\xb6\x88_\xeb\at\x91\xd3\xbf\xea\xddt\xe0\bt\x06S,\xdbH\xa7-\xaaw\xcet\x044\xc5\xa9e\xa9\xf6\x1b\x8e\x05\x86\x91IsC\xb9ul\xaeu\x94\x9b\xaf\x04\xc4\x03\"F\x8f\xd5\xe8\r\x8d\xa1\x00\xcc\xd7\xa0\xe1\xeb\xc1>\xbd\t\xc8\x15\v\xb0, \xee\xa4\xa6\xb9a\x01&\xadrj\xd5\xc26p\xa14\xe0\xbf\xa0\x1es\x01=\xdbd\xf0?=<l\x8c\x01\xe3\x05$\x1c\x04B\x00\xa4P\x04\xcf\x87\xaa\x96iP\x14{4\xe6\x87\x9d\x8f\bz9$\x10_\xd8E\x93\x92\xf5\x8au\xab\xf9)\xf5\xa6\xc7\xc8\xed\xb9\x1f:\x03K\xa2\xdbUshx\xbe\\\x19\xdax\xeb_\x10|r\x1e\x06p>\x8afcJ\x8eYEn\xd4<\x00\xec\xe4^\x00\x00\x00\xca\x90\xfa\x98\xc9gty\xce\xab\xd2\xa1\x85E\xe4\xa9\xd5\xab\x83\xda?w\x83\xbc\xcf\xd20(L&b\xed\x8c\x1d\x1a\x9fd\x99H\x9e\x82\x10\xea\x05\xf8\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xa6\x8c\x05n\x83\x83\x12+\x16\xc1\x00\x04\x00\x00\x13:o\x0f\x1fB\xa4\x00wB\x92h\xde\xfal3\x88e\x04J\\\x00D\xae`\x8e\xadd\xa8;\xee\xc4K\xe8]\x84\x90\xb8d\xfb\x95\xb3\xe9(x_\x80]\xadW\xd5\xa9\xaa\x03\x9c6\xa9\xc4\x01\x03\xea\xe5\x90\x85\x16\xb0DV\x13\x01\xab\x01\xf0\x8f\x02\xc2\xc8\x9b\x03\x1f\xd7\xdbN\\\xc0\xcd?Pg\xd5q\x13\xbd \xfa\xab\xccJK\x11\\\x16~#P.\xc9K\x15r\x04\xd9Z;\xc0\x8dOze\x96\xe9\xc3\x93\xed\x94.\xc2\xa0\x1fU#\x96\xe6\xb6C\xfa\x03/\x8b\x0e2\xec\x96v\x9b/.\v\x9e\x80\x18s\xae.\xf4\x14KS`\x87\x8b4\t\x00\x87{\xa8@e\xbfe\xeb\xee\xa2\xe72\xb8Q:\x9f\xc2b\x897\xbe\r\x04\xdf\xe2\xc0\xf0FV\'m\xcbm\x80%\xfc\x9e\x9f\x87\x80A\xbe\xc2\x00\x00\x00\x00\x00\x006\x96\xbb\x9f\x85\x98\xbb\xbc;\xaa\x97c\xfe\x82jz&t\xa7\xc4\xcd\xb0\b9G\xcag\fY\xe6\r\xcdT\xd3\x1c(\xef\xc0\x038\xbd\xdd\xd9\xc9\x93a]q\xd2\x9b\a\x1e\xf8\xc3\"\xc8:\xb8$\x9f\'P\x17\xfa\xf3Xa\trB-\xf2g\xe6Z\xd5F\xd2\x80\xe0\x99\"\xc12\xe8\b\xc58\x00'/659)
ioctl$FIOASYNC(0xffffffffffffffff, 0x80047460, &(0x7f00000000c0)=0x80b7e)
syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"])
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
connect$unix(r1, &(0x7f0000000000), 0x10)
setsockopt$inet_opts(r1, 0x0, 0x1, &(0x7f00000000c0)="9876d692a3ef9c7ab923a2f0", 0xc)
write(r1, &(0x7f0000000240)="14bdfa5d1d34e2fecb284a6498307dcda9aec43050036123339a346f737850551408753f95b7688ad4c4e1dd5489e7bafc58d3e5823757ae8b630719ef187ccad995f13dbe19a6dd4e6902bd8297b0799b426aabe9fad9db6996571c6d9f8bb5d542c2148aa42be940970fe88d34d8f99afe7e7820237400000000008000000100"/138, 0xfc7e)
r2 = socket(0x18, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c)
ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0xffffffff, 0xb, {0x0, 0x1}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r3 = socket(0x18, 0x1, 0x0)
close(r3)
socket(0x18, 0x2, 0x0)
setsockopt(r3, 0x1000000029, 0x7, &(0x7f0000000300)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14)
connect$unix(r3, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c)
setsockopt(r2, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14)
sendmsg$unix(r2, &(0x7f0000001700)={0x0, 0xffffffb3, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0)

296.388274ms ago: executing program 0 (id=1):
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0})
r0 = socket(0x18, 0x1, 0x0)
ioctl$FIONREAD(r0, 0x802069b4, &(0x7f00000001c0))
r1 = openat$tty(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0})
r2 = socket(0x2, 0x2, 0x0)
ioctl$FIONREAD(r2, 0x80047308, &(0x7f00000001c0))
r3 = socket(0x18, 0x1, 0x0)
close(r3)
setsockopt(r3, 0x1000000029, 0x2e, &(0x7f0000000140)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14)
connect$unix(r3, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c)
poll(&(0x7f0000000300)=[{0xffffffffffffffff, 0x8}, {r3, 0x40}, {r0, 0x100}, {r0, 0x4}, {r0, 0x4}, {r1, 0x40}, {r0}, {r1, 0x4}, {r0, 0x4}], 0x9, 0x45e)
ioctl$TIOCSETAF(r1, 0x802c7416, &(0x7f0000000040)={0xffff, 0x7, 0xbfc, 0x56af, "63a34d88b55e80ee1f2c199343c85fb557130257", 0x3, 0x7})
r4 = socket(0x11, 0x3, 0x0)
sendto$unix(r4, &(0x7f0000000000)="b1000504000004000000000007000000331c13fecea10500fef96ec0c72fd3357ae30200004e3039d2d236acf20b7804be38164991f7c8cf5f882b297b61aa0500000051e2f0ad3ebbc257699a1f139b672f4d335c223e7d0c032bfa896443a421210000ed710fd18bfbb670c1f5a8a40000006e2ec5890400000000008000361b1257aea8c500002002fbfe0c2300008abfba090000001de371a3f8343732051ed6b71989e00004051b0000ff13000000", 0xb1, 0x2, 0x0, 0x0)
r5 = kqueue()
r6 = openat$bpf(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
readlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000200)=""/239, 0xef)
ioctl$BIOCSRSIG(r6, 0x80044272, &(0x7f0000000140)=0x4)
syz_emit_ethernet(0x14, &(0x7f0000000100)={@local, @remote, [], {@generic={0x8864}}})
ioctl$FIOASYNC(r5, 0x8004667d, &(0x7f0000000000)=0x3)
mkdirat(0xffffffffffffff9c, &(0x7f00000011c0)='./file0\x00', 0x1b0)

254.286659ms ago: executing program 4 (id=5):
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000100)={'tap', 0x0})
syz_emit_ethernet(0x4e, &(0x7f0000000500)={@random="3deebe72c64e", @local, [], {@ipv6={0x86dd, {0x0, 0x6, "826e03", 0x18, 0x0, 0x5, @rand_addr="feffc65db6cc000000007400000500", @mcast2, {[], @icmpv6=@mld={0x83, 0x0, 0x0, 0x4, 0x5, @remote={0xfe, 0x80, '\x00', 0x0}}}}}}}) (async)
syz_emit_ethernet(0x4e, &(0x7f0000000500)={@random="3deebe72c64e", @local, [], {@ipv6={0x86dd, {0x0, 0x6, "826e03", 0x18, 0x0, 0x5, @rand_addr="feffc65db6cc000000007400000500", @mcast2, {[], @icmpv6=@mld={0x83, 0x0, 0x0, 0x4, 0x5, @remote={0xfe, 0x80, '\x00', 0x0}}}}}}})
fcntl$lock(0xffffffffffffffff, 0x9, &(0x7f0000000140)={0x0, 0x0, 0xfffffffffffffff6, 0x1000100010008, 0xffffffffffffffff})
r0 = kqueue()
kevent(r0, 0x0, 0xffffffff, &(0x7f0000000000), 0x7, 0x0)
kevent(r0, &(0x7f00000000c0), 0x3ff, 0x0, 0x8000800, 0x0)
setitimer(0x0, &(0x7f0000000080)={{0xb, 0x7}, {0x0, 0x6}}, 0x0) (async)
setitimer(0x0, &(0x7f0000000080)={{0xb, 0x7}, {0x0, 0x6}}, 0x0)
setitimer(0x0, 0x0, 0xffffffffffffffff) (async)
setitimer(0x0, 0x0, 0xffffffffffffffff)
syz_emit_ethernet(0x3e, &(0x7f0000000500)=ANY=[@ANYBLOB="3deebe72c64eaaaaaaaaaaaa86dd60"])
r1 = kqueue()
kevent(r1, &(0x7f0000000000), 0x400, &(0x7f00000002c0), 0x5f, 0x0) (async)
kevent(r1, &(0x7f0000000000), 0x400, &(0x7f00000002c0), 0x5f, 0x0)
r2 = kqueue()
kevent(r2, &(0x7f0000000000), 0x3ff, 0x0, 0x8000800, 0x0)
socket$inet(0x2, 0x2, 0x0) (async)
r3 = socket$inet(0x2, 0x2, 0x0)
r4 = open(&(0x7f0000000080)='./file0\x00', 0x18289, 0x190)
open(&(0x7f0000000040)='./file0\x00', 0x18289, 0x110) (async)
r5 = open(&(0x7f0000000040)='./file0\x00', 0x18289, 0x110)
write(r5, &(0x7f00000004c0)="b96abcf5ac7cffa09ea845315c0d853a14", 0xffffff1c)
ftruncate(r4, 0x10003)
r6 = open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x10, r6, 0x0)
r7 = kqueue()
kevent(r7, &(0x7f0000000000), 0x3ff, 0x0, 0x8000801, 0x0)
r8 = kqueue()
kevent(r8, &(0x7f00000000c0), 0x101, &(0x7f0000000180), 0x6, 0x0) (async)
kevent(r8, &(0x7f00000000c0), 0x101, &(0x7f0000000180), 0x6, 0x0)
ioctl$FIONREAD(r3, 0xc02069a0, &(0x7f00000001c0))
sysctl$kern(&(0x7f0000000000)={0x1, 0x2c}, 0x2, &(0x7f0000000200)="914b256ad93999db5bb21ed85ffce6dded2c1d66f52c985c2a3691a5ba199a2180406f82b828f125e2b1a9b0de55924527b81735de395dc1106b307f6e2212b414ca0730577013dadfed038aeeb4b68d6fc593e32826e55260cb0c99741c7705cceaa6830db276bac48784ecb9887a44c38b08c7c5c85586e0b5584a3947cd13060074287ef90a04ad389f2e0e9cedf591aee9c6e07ded46a213ddf100098a32a642dc71cde6679cd95920f515c0e16adba2ecdf4d83f8238eef2e68cd48d08252b07b51bb3e374b969e2df7178a8e107038f99acbd5b05f096aa93f", &(0x7f0000000040)=0xdc, &(0x7f0000000300)="47e4d4cf7349abffb25ad3c445cfd1ce75df62b710bda1889b7abd8262453bed33010ef298062658261b83e01a1d7d3e92eb6060121c6686d7d65caa5af088cae1c9d9b85fd6894766bfa4eacb5738b1a446a2572aefa9de8ced185b4406c2411b8a6a68b90e3037e80b88cdd994445b986fa8f9aedcb7c27f52b12eee75e5fbb8a209f52637b505c0eea0d54e895cf7dda3db7e7aa0081ed68a62eee03047bdcd502f29fd02ba047211", 0xaa) (async)
sysctl$kern(&(0x7f0000000000)={0x1, 0x2c}, 0x2, &(0x7f0000000200)="914b256ad93999db5bb21ed85ffce6dded2c1d66f52c985c2a3691a5ba199a2180406f82b828f125e2b1a9b0de55924527b81735de395dc1106b307f6e2212b414ca0730577013dadfed038aeeb4b68d6fc593e32826e55260cb0c99741c7705cceaa6830db276bac48784ecb9887a44c38b08c7c5c85586e0b5584a3947cd13060074287ef90a04ad389f2e0e9cedf591aee9c6e07ded46a213ddf100098a32a642dc71cde6679cd95920f515c0e16adba2ecdf4d83f8238eef2e68cd48d08252b07b51bb3e374b969e2df7178a8e107038f99acbd5b05f096aa93f", &(0x7f0000000040)=0xdc, &(0x7f0000000300)="47e4d4cf7349abffb25ad3c445cfd1ce75df62b710bda1889b7abd8262453bed33010ef298062658261b83e01a1d7d3e92eb6060121c6686d7d65caa5af088cae1c9d9b85fd6894766bfa4eacb5738b1a446a2572aefa9de8ced185b4406c2411b8a6a68b90e3037e80b88cdd994445b986fa8f9aedcb7c27f52b12eee75e5fbb8a209f52637b505c0eea0d54e895cf7dda3db7e7aa0081ed68a62eee03047bdcd502f29fd02ba047211", 0xaa)

235.088001ms ago: executing program 5 (id=6):
syz_emit_ethernet(0x26, &(0x7f0000000300)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x6, 0x18, 0x64, 0x5, 0xa, 0x269386801f57e8dd, 0x0, @rand_addr=0x4, @multicast2, {[@generic={0x1, 0x2}]}}}}}}) (async)
syz_emit_ethernet(0x26, &(0x7f0000000300)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x6, 0x18, 0x64, 0x5, 0xa, 0x269386801f57e8dd, 0x0, @rand_addr=0x4, @multicast2, {[@generic={0x1, 0x2}]}}}}}})
r0 = dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000480)='./file0\x00', 0x80000000000206, 0x4ebfac6bbaf7959)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000000)="7f454c4602df7a264ee4975f55011a49b70cb710aa950000000a52e92a24d18fcf8fd1f9794ffa08bb11bafcdc24ff4c5d0b5c7b1ad1a2ec434c500191", 0x3d}, {&(0x7f0000000340)="1551e6", 0x3}], 0x2)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x2010, r0, 0x0) (async)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x2010, r0, 0x0)

223.352816ms ago: executing program 2 (id=3):
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff}, 0x8004)
close(r0) (async)
fsync(r0) (async)
chdir(0x0)

215.503172ms ago: executing program 6 (id=7):
r0 = socket(0x2, 0x2, 0x0)
r1 = dup(r0)
setsockopt$inet_opts(r1, 0x0, 0x1d, &(0x7f0000000040)="fd0cc085", 0x4)
setrlimit(0x8, &(0x7f0000000980)={0xa, 0x54})
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x10091, 0x0)
poll(&(0x7f0000000000)=[{r2, 0x4}], 0x1, 0x2) (async)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x10091, 0x0)
fcntl$lock(r3, 0x9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x300000023}) (async)
close(r2)
syz_open_pts()
r4 = syz_open_pts()
close(r4) (async)
r5 = syz_open_pts()
ioctl$TIOCSETA(r5, 0x802c7414, &(0x7f0000000380)={0x750, 0x6b, 0xd, 0xa, "03cc000001c2c9212d2ce659db0020000080f600", 0x2000008a, 0x5})
write(r4, &(0x7f0000000c40)="c71380d0d8eb0f07e824070f2163f10c095d2d00dea11e2bdd381a0e0586749e5abfe27ceb4160ff1873cbd9314f26433f05825a3a6763f6f99b3d69be91507bf22ea108db0cdab55a1005500a86b9d782e4113e2558611360f672b492d0c1802b4763c9d35eda4983f4d080f16a82c32ad7f97735b63b1f808176942ee4fe290e851e03e03d42650c5fed69701a5a7010500f77d6e9437d8d463a919cadcefe710183396434c7b8565647a31b881f1401ee179c8c5b09785e395ee7a281d3db45a9cfa9967a4a62c30cca63be0016e131b82e3e4efbdac3b7776d2cb1453b85a04c9d6efd1295d067bc1cb5f959214d7191c74f8d48ec5bd8c468c32c7ba38e4bf9c4f869212ccd75f49047fc24868ed75f49b25454b46019555ed78ad60ef30b32554bf5abd39e22d20942c048d4c82b063ff8d2dd5f1d6fecdf1b6c31e7aa3743213a4a510142daecefe98a24cbf698e9550d99ff9b80eb80048fbcf629a4397d44430a622fb0b406454e4aae0e469ccfcba08245fae9538362e174cb4752a86bdf8754afb50e49e691128f82b5f73e050ea810bb065ced3dd49973a46516c42f818f3ef3cefa1ed19dc332093985d0e0df4537c6f7e39c8691dd2736f31270ccf886b60384174b473529c36778c5d9935201bee37a54e0870d98837a26f9e3b30b7678c2aedb6309f947d5f83b74c881abd86ad4041883c5520780df260cf7ac3eaf2d23b7ba4a01ae80921bce10dce5b544285470e8a82edbddb4332c040a1849ea87c516969907ecd7149b38404fdbecfc3ad119b4c5b632ada4dfa4e24a91accf90d64596f49d54fb08e82e76a8b53b0ad4011294f80c7d9a46e7ad920a18b92ef8a80683a5f38f25f3ad023301677e22e5298e0de8ce144ad4bf4d68057e4bb6e1e245125c1e5d93319b0f87572bc51aeeb7a6aea9864f4fa3dffea725df0de9b4eb71616cf28dde1f2d7ce8fad56da7e7a0062ef090862f94f48965cc34aab2a412107ad86c078248a9f91ee96a442d3cf2220498c2db640dc190874af896333f004986b4cef17db3ddea3749f22be260bc3f3b219d9a95f4a4f6ac764bbb0f0c318d5a6fca696d8f9ff427fa0e49cb0a379c16f3a8e8510166f713b9ab8f4cbe73b633f572919addcb155ebc395797e66188cd0e07349d1c4f21d98ced49ea0fd0a28171e16c2c07c62d157312e13a177d321e5b5d618076ac7779706dada52b00ce878989537abecd7584f253cb0e82ad0920d904ca1afb01a10e6656b274ceb9c7b0dff211d593a987796e45761e9441ffb5fe3c3acac5194546ca7865106beff9809b986fd9736ed696917aeca6e8506c5ce2708149d449d1b5663f1978091751ba3436dfd0dea23b253497d42cf89efc63fe3a4e7b4e90fba289c8f198ddf1006bea29d46be7c2b8cf8d58a0a7ee455d36c48967642119f4af66cb8269d52eb65e0dbf61cd9f2e2ac78d5591f3d6041529e101a890a483b164f3f39400ce8e4ee75e29d1acb97a2bd1a70cac4d3039c796bb020b151403c5f911c8afd059943decd7074e0a9657c4e95a38c5b4bf13e92547c3e8ec0b2dd224c2b2c10f5ecf377c2009ddf39c45bc535e25b1d5f99be876b6646608adead1809d3b3e53d39843a228c5dbdeb53442f0e95353ed46e86e8c6712a0b6b5378bd20b1b1407f5dad7f452533743b2f390eefb06823a127e84f28c1833b6c12101e0af4aa8e54fefd41250729675f7d77dd21ce461ffa197243a894980b38f2c0b41a4804eb60e3db159825ccd80165d1752cd4fe2e05083a0aaf23978774ae56adeaf9b42559260a7c928526787929d01ef85d4726a09db5da6ef93eef6c22993f6fb38083505e67eed96e883f03a9ea19bcf3721d0f2f193e6a93a8ddf6d4a0276c93d3feb4e79c07c64ac7fbef2ff3b0eec3caa108c99d05e8a719d43ae8c043b351647d2e64c6e58f0b131788c0055cd320b7ecc46fae52b25085bdf59935976feed727048afcfdde948ff43d4c2488eb9f5d325b45c6651aa5c63f82ed60dcfdd333e62bde869df6ed33fa87ce24cfee4ed562c8427f83251b3d4aeef296d005ba8abae3ae0050d7be092f18337a6f3347b582b92580fad161a8c927798e6e429cf592fb96847042c9b1e145c17a579861b9ee2f80ef2b095bc2692995ca4e1cb33604dd049033b436113ece5217cfb589c422ba6ffbd893aaa9b3cd16353672e9e4c7c815a9692dcce64cd98fd4fc78ed06400d4024a7c27e564d28035402b64c0d0fec2f25d7d107ea574a1261990cf6ae52e31abaf8405cc11a1d7e7afa2da6ea67f3e43f7de1eeb3f3c71d8549191c7091ed6fb7650599842d5fb3e6548c0c70b4c5a94e24454f6b4145a85650083ab3ba3a910468be0f45d144799bb5a5768c52dbaf1483d59f866f950f3c06807a3e7fd76a60db1a357bf4ad64e070fb1a6fcb4fbbca3183c2ea771f4ab7dcb260d7ea44a2357bc72e1e940dc55b7442f73ce2cc4d5fb3773f1f941c6b988d0377cbc9f1727f5ae16cc51d34be7e9b1959b2293bccf024403ccffd9862a4aa0e74e6d72cb543c90547618d40ee7012c450181921a7a110dfbd01f93144e36704c909eee14a69420db5d81f3f9a33ef347dd87733e865bcdd8f5657a3098880e7a46a12081629d4fb689f5f05a0b04c82c12c0778fd875d8d66d53a33fd9d634774dd9af5b9ce9e6720de2026505cf50c999fd0f0555e80d38dd897c749dd93480e197fe3eee7b8b7ee2d5225e5dfc2e3ec397891c6a8daa385fb3501482a8a797017852c78a50d2aff63c1586542ef67f4f75ce4a", 0x7c5) (async)
write(r4, &(0x7f0000000240)="c570a4a5bbebc12d2a91854a3269facb1316b1dbefdc29ce59a480cfbf608dea9c620e5c769e41325bb05beb095558da1082977cecf0ae7465d33a476b2bf8d8323faf622b829cdd2def3aebda43f9d65bdedac3153eaa24e781fe6c886078dc1997598181a8a2b44b588cefa7fe886b4990181ebd182952bc83b084eeaf3c75abd47f349f01f6", 0xfead)

208.060538ms ago: executing program 2 (id=9):
mprotect(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1)
sysctl$net_inet_tcp(&(0x7f0000000300)={0x4, 0x2, 0x6, 0x9}, 0x4, &(0x7f0000001540)="9b0209c3eb987ab7fe4189c99e805e6e84d356960798a69242e3303eac3846528d050712f838130efce33f523ba44706983a3bce4ed2c723e4c005d86d65f5f6915b0227390ed95bd9dc6d4dc7e149d4d6d06a3f23616e773302d9cae75e39a5a11e32e0e6ebd635450b2eba540af7f2aa5dbfbdd900a0dad2b74fd0acd76b5c567049ef436dbea0d7562f52950fa5ef6e84c513252ddd8680a944d5c2bd02adc7f1fe850c00000000000000062ab475cca257352828a76e5334be562995e894238b96ca5d4d3e670feac9b4e8aa9bef19525cb6f7e8570b2a374f1400041ed45bb7ad3fe963cb9a8bd949ee0fc6dbceb7d956015947b3e88aa810f8ed7cca10ff010000000000001345daa49507756f49775275ca390b94e85d5a95b8bdacb9429c25483a9275d0da3b561c6adc3c141f26a88016dd6b436218bdbdc9ac0a623855e941dc1872fcb045e0d9df1ecc6357ee21e2b0802cb60eec6add5e94723235f06715e7eecc3e0760c70e1dd7873e27142bbae1a7e44de453a073fe3426f334b80f043ba9136d57c799353d46dd81439b111a511a288bee5dfb2e353e3bb073e3342273216b07e49ca4df0fd2dbe9a8eb377010ee678aad0bd8e9fb7d82693a096344671843a1f20823d0bef9177103145eb54a2612b0ff237c6e505ff5f5ba932954d7ff630fdb791f833a1da5af0704f687e196f4f7859e071fc98111cc9024f790ce16ceaa7d0104e39789d910", &(0x7f00000002c0)=0x210, 0x0, 0x0)
select(0xe, &(0x7f0000000000)={0x7}, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x2})
sysctl$net_inet_ip(&(0x7f0000000000)={0x4, 0x2, 0x0, 0x20}, 0x4, 0x0, 0x0, 0x0, 0x0)

167.093373ms ago: executing program 0 (id=10):
r0 = socket$unix(0x1, 0x2, 0x0)
shutdown(r0, 0x2)
bind$unix(r0, &(0x7f0000000000)=@file={0xd19450564dee018c, './file0\x00'}, 0xa)
r1 = socket$unix(0x1, 0x0, 0x0)
sendmsg$unix(r1, &(0x7f0000000080)={&(0x7f0000000040)=@file={0x170, './file0\x00'}, 0xa, 0x0}, 0xe)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000080)='#', 0x1}], 0x1)
ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000000)={0x6, 0xfffffffe, 0xe5, 0x543, "22f00600000000e714db9b0e13edbe0000037600", 0xffff, 0x7498})
sendto$unix(0xffffffffffffffff, &(0x7f0000000000)="b10005040000040000", 0x9, 0x400, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
socket(0x11, 0x3, 0x0)
sendto$unix(r1, &(0x7f0000000000)="b1000504000004000000000001000000331c13fecea10500fef96ec0c72fd3357ae30200004e3003000000acf20b7804be38164991f7c8cf5f882b297be1aa0500000051e2f0ad3ebbc257699a1f139b672f4d335c223e7d0c032bfa70c1f5a872c881ea6e2ec5890400000000008000361b4cc702fac500002021fbfa0c0f00008abfba221554f4e0f668246c0900000008e371a378343712051eea0400"/177, 0xb1, 0x0, 0x0, 0x0)
r2 = socket(0x2, 0x2, 0x0)
ioctl$FIONREAD(r2, 0xc0106924, &(0x7f00000001c0))
ioctl$FIONREAD(r2, 0xc0206921, &(0x7f00000001c0))
getpeername$unix(r2, &(0x7f00000000c0)=@abs, &(0x7f0000000100)=0x8)

51.204179ms ago: executing program 5 (id=11):
sysctl$net_inet_esp(&(0x7f0000000240)={0x4, 0x1e, 0x2, 0x6}, 0x4, 0x0, 0x0, 0x0, 0x11)
r0 = kqueue()
kevent(0xffffffffffffff9c, &(0x7f0000000240), 0xde0, 0x0, 0x8, 0x0)
kevent(r0, &(0x7f0000000480)=[{{}, 0xfffffffffffffff9, 0x5b, 0x1, 0x0, 0x6}], 0x4, &(0x7f0000000500)=[{{r0}, 0xfffffffffffffff9, 0x8, 0x80, 0x97, 0xc}, {{r0}, 0xfffffffffffffffe, 0x52, 0x4, 0x5, 0x3}], 0x5, &(0x7f0000000540)={0x7ff, 0x4})
kevent(0xffffffffffffffff, &(0x7f0000000200)=[{{}, 0xfffffffffffffff6, 0x13, 0xf0000000, 0xfd, 0x8000010000}], 0x1, 0x0, 0x9b68, 0x0)
kevent(r0, &(0x7f0000000040), 0xe4a, 0x0, 0xa9fa, 0x0)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x18289, 0x190)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x18289, 0x110)
write(r2, &(0x7f00000004c0)="b96abcf5ac7cffa09ea845315c0d853a14", 0xffffff1c)
ftruncate(r1, 0x10003)
r3 = open(&(0x7f0000000080)='./file0\x00', 0x18289, 0x138)
socket$inet(0x2, 0x4002, 0xfe)
pwrite(r3, &(0x7f0000000180)="10", 0x1, 0x8001)
chflags(&(0x7f0000000000)='./file0\x00', 0x0)
r4 = open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x10, r4, 0x0)
kqueue()
r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x100, 0x186)
mmap(&(0x7f0000324000/0x1000)=nil, 0x1000, 0x4, 0x10, r5, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0)
ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f00000001c0)={0x48, &(0x7f0000000100)})
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000100)={&(0x7f0000000240)=@un=@file={0x0, ""/529}, 0x52, 0x0, 0x0, 0x0}, 0x4000}, 0x10, 0x4, 0x0)
recvmmsg(0xffffffffffffff9c, &(0x7f0000000700)={&(0x7f00000001c0)={0x0, 0x49, 0x0, 0x0, 0x0}, 0x1003f8e}, 0x6e, 0xc00, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$FIONBIO(r6, 0x8004667e, &(0x7f0000000000)=0x9)
sendmmsg(r6, &(0x7f0000000080)={0x0}, 0x6a, 0x0)
r7 = socket(0x1, 0x2, 0x0)
ioctl$FIONREAD(r7, 0xc0106924, &(0x7f00000001c0))
socket(0x2, 0x2, 0x9)

50.587205ms ago: executing program 3 (id=4):
r0 = open(&(0x7f0000000080)='./file0\x00', 0x18289, 0x190)
ftruncate(r0, 0x10000) (async)
ftruncate(r0, 0x10000)
open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0) (async)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x200, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x10, r1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40)
open(&(0x7f0000000080)='./file0\x00', 0x18289, 0x190)
r2 = open(&(0x7f0000000240)='./file0\x00', 0x615, 0x0)
renameat(r1, &(0x7f0000000100)='./file0\x00', r1, &(0x7f0000000140)='./file0\x00') (async)
renameat(r1, &(0x7f0000000100)='./file0\x00', r1, &(0x7f0000000140)='./file0\x00')
ftruncate(r2, 0x8531)
r3 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x40000400001803c1, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000080)={@broadcast, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "975203", 0x1c, 0x3c, 0x3, @remote={0xfe, 0x80, '\x00', 0x0}, @mcast2, {[@hopopts], @tcp={{0x1, 0x1, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x20, 0x1e6, 0x0, 0x8001}}}}}}})
pwritev(r3, &(0x7f0000000080)=[{&(0x7f00000006c0), 0xf0f75}], 0x1, 0x0)
kqueue() (async)
r4 = kqueue()
sysctl$kern(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)="55f8f5782087a02819d8165f78d14780d518", 0x12) (async)
sysctl$kern(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)="55f8f5782087a02819d8165f78d14780d518", 0x12)
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0}) (async)
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0})
r5 = socket(0x18, 0x2, 0x0)
ioctl$FIONREAD(r5, 0xc1206949, &(0x7f00000001c0))
kevent(r4, &(0x7f00000000c0), 0x138, 0x0, 0x2, 0x0)

47.854498ms ago: executing program 2 (id=12):
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
unveil(&(0x7f00000000c0)='./file0/file0/..\x00', 0x0)
ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000180)={0x7377, 0x3, 0xfffffffd, 0x80a1ba, "bb08a5590209ff0100000800001b0f00", 0x3f, 0x9})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = accept$inet6(0xffffffffffffff9c, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
r1 = fcntl$dupfd(0xffffffffffffff9c, 0xa, 0xffffffffffffffff)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r3 = open$dir(&(0x7f0000000000)='./file0\x00', 0x10212, 0xc9)
flock(r3, 0x5)
poll(&(0x7f0000000240)=[{r0, 0x8}, {r1, 0x10}, {0xffffffffffffffff, 0x10}, {r2, 0xc4}, {r3, 0x4}], 0x5, 0x1)
unveil(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='x\x00')
r4 = socket(0x2, 0x1, 0x0)
setsockopt$sock_int(r4, 0xffff, 0x1, &(0x7f00000000c0)=0x8001, 0x4)
recvmmsg(r4, &(0x7f0000000600)={0x0, 0x3}, 0x10, 0x41, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x20246, 0x181)
r5 = getppid()
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={{0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x101, 0x0, r5, r5, 0x0, 0x0, 0x0, 0xffffffffffffffff})
setpgid(0x0, 0x0)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$WSKBDIO_GETMAP(r6, 0x80047476, &(0x7f0000000100)={0x0, 0x0})
r7 = fcntl$getown(r6, 0x5)
ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0x0, 0x80, {0x1000001000000ff}})
sysctl$hw(&(0x7f0000000000)={0x4, 0x18}, 0x2, 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sysctl$vm_swapencrypt(&(0x7f0000000000)={0x6, 0xb}, 0x5, &(0x7f0000000500), 0x0, 0x0, 0xffffffffffffff10)
r8 = getppid()
setpgid(0x0, r8)
ktrace(&(0x7f0000000000)='./file0\x00', 0x4, 0x1726, r7)
sendto$unix(r4, &(0x7f0000000100)="78e56ec441a5b5289f5895bb866ce33737d07b9762e18fb87cb03057c1364863546d327bbc04931a934c60e51924387a83ad7ceb9a59ed655fd6f167a6ce8e905ee0b4622ae1", 0x46, 0x6, 0x0, 0x0)

47.525516ms ago: executing program 1 (id=13):
connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1, 0x0, 0x3}, 0x8)
setrlimit(0x0, &(0x7f0000001b00)={0x7fffffffffffffff, 0x7fffffffffffffff})

46.240108ms ago: executing program 0 (id=14):
socketpair(0x18, 0x8003, 0x9, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
getsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f00000000c0)={0x0, <r1=>0x0}, &(0x7f0000000040)=0xc)
ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0})
r2 = socket(0x2, 0x2, 0x0) (async)
getsockopt$sock_int(r0, 0xffff, 0x1002, &(0x7f0000000000), &(0x7f0000000100)=0x4)
ioctl$FIONREAD(r2, 0xc0206925, &(0x7f00000001c0))
setuid(r1)
sysctl$net_inet_ip(&(0x7f00000002c0)={0x4, 0x2, 0x0, 0x16}, 0x4, &(0x7f0000000340)="f6188b6cf3bc8e406090e462f032bc7045e9dd71c10c3803d8f190903bfdd2732c573ce1c43f96c57325bf047518932bffa7634d079151203ec71e0d4e5db048ec370b0815ca30b878c797a6215dee116de6631b39557427090a97e312f0", &(0x7f0000000140)=0x5e, 0x0, 0x0)

45.25735ms ago: executing program 3 (id=15):
mkdir(&(0x7f0000000040)='./file2\x00', 0xc1)
unveil(&(0x7f0000000140)='./file2/file0\x00', &(0x7f00000002c0)='x\x00')
r0 = syz_open_pts()
ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000000)={0x2, 0xe, 0xfffffffe, 0xfffffff8, "f314e7130b1e588ba64000000000000400", 0x3e, 0x803effc})
ioctl$TIOCSTAT(r0, 0x20007465, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x11)

0s ago: executing program 7 (id=8):
r0 = fcntl$dupfd(0xffffffffffffff9c, 0xa, 0xffffffffffffffff)
ioctl$WSMOUSEIO_SETMODE(r0, 0x80045726, &(0x7f0000000080)) (async)
r1 = syz_open_pts()
sysctl$net_inet_ah(&(0x7f0000001740)={0x4, 0x1e, 0x2, 0x3}, 0x3, 0x0, 0x0, 0x0, 0x0) (async)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x18289, 0x190)
ftruncate(r2, 0x10000) (async, rerun: 64)
r3 = open(&(0x7f0000000040)='./file0\x00', 0x10, 0x18) (rerun: 64)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x10, r3, 0x0) (async)
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0xd) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async, rerun: 64)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x6) (async, rerun: 64)
r4 = kqueue()
kevent(r4, &(0x7f00000000c0), 0x138, 0x0, 0xffffffff, 0x0) (async, rerun: 32)
r5 = semget(0x0, 0x1, 0x281) (async, rerun: 32)
msync(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4)
semop(r5, &(0x7f0000000100)=[{0x1, 0x1ff, 0x1000}], 0x1) (async, rerun: 64)
syz_open_pts() (async, rerun: 64)
ioctl$FIOASYNC(r1, 0x8004667d, &(0x7f0000000040)=0x800003) (async, rerun: 32)
syz_open_pts() (async, rerun: 32)
getitimer(0x1, 0xffffffffffffffff)
utimensat(r2, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)={{0x3, 0x5}, {0xffff, 0x8}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.29' (ED25519) to the list of known hosts.
panic: kernel diagnostic assertion "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIVE)) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_page.c", line 1236
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
* 20406  20010  32767        0x10  0x4000000    1  syz-executor
 211542  54034  32767        0x10          0    0  syz-executor
db_enter() at db_enter+0x25
panic(ffffffff833b03e7) at panic+0x1e5
__assert(ffffffff833f1046,ffffffff8333fc7a,4d4,ffffffff8341c20c) at __assert+0x29
uvm_pagewire(fffffd80088d6700) at uvm_pagewire+0x1cd
uvm_fault_upper(ffff80003a402970,ffff80003a4029a8,ffff80003a402870) at uvm_fault_upper+0x409
uvm_fault(fffffd806c720400,200000000000,2,3) at uvm_fault+0x198
uvm_fault_wire(fffffd806c720400,200000000000,200000200000,3) at uvm_fault_wire+0x73
uvm_map_pageable_wire(fffffd806c720400,fffffd806c6714c8,fffffd806c671030,ffff800032fe2028,0,0) at uvm_map_pageable_wire+0x3dc
sys_mlock(ffff800032fe2028,ffff80003a402c90,ffff80003a402be0) at sys_mlock+0x23d
syscall(ffff80003a402c90) at syscall+0xb17
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa003f2c70a0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIVE)) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_page.c", line 1236
ddb{1}> trace
db_enter() at db_enter+0x25
panic(ffffffff833b03e7) at panic+0x1e5
__assert(ffffffff833f1046,ffffffff8333fc7a,4d4,ffffffff8341c20c) at __assert+0x29
uvm_pagewire(fffffd80088d6700) at uvm_pagewire+0x1cd
uvm_fault_upper(ffff80003a402970,ffff80003a4029a8,ffff80003a402870) at uvm_fault_upper+0x409
uvm_fault(fffffd806c720400,200000000000,2,3) at uvm_fault+0x198
uvm_fault_wire(fffffd806c720400,200000000000,200000200000,3) at uvm_fault_wire+0x73
uvm_map_pageable_wire(fffffd806c720400,fffffd806c6714c8,fffffd806c671030,ffff800032fe2028,0,0) at uvm_map_pageable_wire+0x3dc
sys_mlock(ffff800032fe2028,ffff80003a402c90,ffff80003a402be0) at sys_mlock+0x23d
syscall(ffff80003a402c90) at syscall+0xb17
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa003f2c70a0, count: -11
ddb{1}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80003a4026b0
rbx               0xffff8000299eee07
rdx                                0
rcx               0xffff800032fe2028
rax               0xffff8000299edff0
r8                 0x101010101010101
r9                0x8080808080808080
r10               0x6a23ec040694da0a
r11               0xa6ccaecc350b7849
r12               0xffff8000299eec08
r13                                0
r14                                0
r15                              0x1
rip               0xffffffff81e1ce35    db_enter+0x25
cs                               0x8
rflags                         0x246
rsp               0xffff80003a4026a0
ss                              0x10
db_enter+0x25:  addq    $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor) tid=20406 pid=20010 tcnt=3 stat=onproc
    flags process=10<SUGID> proc=4000000<THREAD>
    runpri=32, usrpri=86, slppri=36, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff800032fe3cb0,0xffff800032fe2d30
    process=0xffff8000fffe5830 user=0xffff80003a3fd000, vmspace=0xfffffd806c720400
    estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 85939  323528  70338  32767  2        0x10                syz-executor
 85939  515372  70338  32767  3   0x4000090  fsleep        syz-executor
 59268   83023  50437  32767  2        0x10                syz-executor
 59268  183892  50437  32767  3   0x4000090  ttyout        syz-executor
 59268  310750  50437  32767  3   0x4000090  ttyout        syz-executor
 20010  411183  94705  32767  3        0x10  vmmapbsy      syz-executor
*20010   20406  94705  32767  7   0x4000010                syz-executor
 20010  247263  94705  32767  2   0x4000010                syz-executor
 85914  471917  80676  32767  2        0x10                syz-executor
 85914  150538  80676  32767  3   0x4000090  fsleep        syz-executor
 85914  300038  80676  32767  3   0x4000090  fsleep        syz-executor
 46703  327421  54034  32767  2        0x10                syz-executor
 46703  519086  54034  32767  3   0x4000090  fsleep        syz-executor
  8426  288348  55452  32767  2        0x10                syz-executor
  8426  522164  55452  32767  3   0x4000090  fsleep        syz-executor
  8426  194899  55452  32767  3   0x4000090  fsleep        syz-executor
 83894  161305  13898  32767  2       0xc90                syz-executor
 83894  132300  13898  32767  3   0x4000090  lockf         syz-executor
 83894  136065  13898  32767  3   0x4000090  fsleep        syz-executor
 83894   57402  13898  32767  3   0x4000090  fsleep        syz-executor
 45740    2380   1506  32767  2        0x10                syz-executor
 45740  172277   1506  32767  3   0x4000090  fsleep        syz-executor
 45740  387746   1506  32767  3   0x4000090  fsleep        syz-executor
 45740  384463   1506  32767  3   0x4000090  fsleep        syz-executor
 50437    6836  29502  32767  2       0xc90                syz-executor
 55452  458327   3613  32767  2       0xc90                syz-executor
 13898  367420  58206  32767  2       0xc90                syz-executor
 54034  211542  60106  32767  7        0x10                syz-executor
 80676  464392  54649  32767  2       0xc90                syz-executor
 94705  502563  78711  32767  2       0xc90                syz-executor
  1506  431559  15439  32767  2       0xc90                syz-executor
 70338  490519  92830  32767  2       0xc90                syz-executor
 78711  161774  56190      0  3        0x82  wait          syz-executor
 58206   10309  56190      0  3        0x82  wait          syz-executor
  3613  231686  56190      0  3        0x82  wait          syz-executor
 15439  151648  56190      0  3        0x82  wait          syz-executor
 29502   19191  56190      0  3        0x82  wait          syz-executor
 60106    3079  56190      0  3        0x82  wait          syz-executor
 92830  234654  56190      0  3        0x82  wait          syz-executor
 54649  481066  56190      0  3        0x82  wait          syz-executor
 56190   58775  85121      0  3        0x82  kqread        syz-executor
 85121   41711  73535      0  3    0x10008a  sigsusp       ksh
 73535   94229  41133      0  3        0x98  kqread        sshd-session
 41133  157446  79093      0  3        0x92  kqread        sshd-session
 93809  349319      1      0  3    0x100083  ttyin         getty
 79093    1043      1      0  3        0x88  kqread        sshd
 47784  333205  11463     73  3   0x1100090  kqread        syslogd
 11463  354204      1      0  3    0x100082  sbwait        syslogd
 98104  271313      1      0  3    0x100080  kqread        resolvd
 99667  443529  67638     77  3    0x100092  kqread        dhcpleased
 39177   89765  67638     77  3    0x100092  kqread        dhcpleased
 67638  116540      1      0  3        0x80  kqread        dhcpleased
   250   30384      0      0  3     0x14200  bored         smr
 38724  310189      0      0  2     0x14200                zerothread
 63729  433692      0      0  3     0x14200  aiodoned      aiodoned
 31640  442160      0      0  3     0x14200  syncer        update
 93360   46484      0      0  3     0x14200  cleaner       cleaner
 40006  426184      0      0  3     0x14200  reaper        reaper
 15471  200912      0      0  3     0x14200  pgdaemon      pagedaemon
 95547  186227      0      0  3     0x14200  bored         viomb
 23419  191291      0      0  3  0x40014200  acpi0         acpi0
 34894  162193      0      0  3  0x40014200                idle1
 94533  236083      0      0  3     0x14200  bored         softnet1
 55438    1682      0      0  3     0x14200  bored         softnet0
 22051  321366      0      0  3     0x14200  bored         systqmp
 47212  432138      0      0  3     0x14200  bored         systq
 22424  135485      0      0  3     0x14200  tmoslp        softclockmp
 64556  169483      0      0  3  0x40014200  tmoslp        softclock
 78908   74838      0      0  3  0x40014200                idle0
     1  513868      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
Process 20010 (syz-executor) thread 0xffff800032fe2028 (20406)
exclusive rwlock amaplk r = 0 (0xfffffd806c8c5ec8)
#0  witness_lock+0x5f1
#1  rw_do_enter_write+0x419
#2  uvm_fault_check+0x8a9
#3  uvm_fault+0x106
#4  uvm_fault_wire+0x73
#5  uvm_map_pageable_wire+0x3dc
#6  sys_mlock+0x23d
#7  syscall+0xb17
#8  Xsyscall+0x128
shared rwlock vmmaplk r = 0 (0xfffffd806c720500)
#0  witness_lock+0x5f1
#1  rw_do_enter_read+0x3e8
#2  uvmfault_lookup+0x122
#3  uvm_fault_check+0x4f
#4  uvm_fault+0x106
#5  uvm_fault_wire+0x73
#6  uvm_map_pageable_wire+0x3dc
#7  sys_mlock+0x23d
#8  syscall+0xb17
#9  Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a129c8)
#0  witness_lock+0x5f1
#1  syscall+0xaf4
#2  Xsyscall+0x128
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10186  10957K   10973K 166960K     11277        0
            pcb    17     12K      12K 166960K        17        0
         rtable   237      6K       7K 166960K       348        0
             pf    31     16K      16K 166960K        31        0
         ifaddr    42      7K       7K 166960K        44        0
        ifgroup    50      2K       2K 166960K        50        0
         sysctl     1      1K       9K 166960K         5        0
       counters    70     37K      37K 166960K        70        0
       ioctlops     0      0K       2K 166960K        30        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1335     84K      84K 166960K      1355        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K       1K 166960K         2        0
         VM map     2      1K       1K 166960K         2        0
            sem     2      0K       0K 166960K         2        0
        dirhash    12      2K       2K 166960K        12        0
           ACPI  1692    195K     286K 166960K     12470        0
      file desc    26     97K     129K 166960K       156        0
          sigio     0      0K       0K 166960K         1        0
           proc    58     99K     163K 166960K       475        0
        subproc    72      4K       4K 166960K        72        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
       in_multi    99      7K       7K 166960K        99        0
    ether_multi     1      0K       0K 166960K         1        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys    49    228K     228K 166960K        49        0
           exec     0      0K       1K 166960K       349        0
   fusefs mount     1     32K      32K 166960K         1        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   271    146K     152K 166960K      3058        0
       UVM aobj     3      2K       2K 166960K         3        0
     pinsyscall    47     94K     114K 166960K      1197        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
            NDP    27      2K       2K 166960K        27        0
           temp    34   8666K    8730K 166960K      3799        0
         kqueue    18     25K      25K 166960K        29        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       26    0        0     1     0     1     1     0     8    0
rtpcb      120       35    0       32     1     0     1     1     0     8    0
rtentry    176      111    0        1     5     0     5     5     0     8    0
unpcb      144       34    0       19     1     0     1     1     0     8    0
syncache   336        3    0        3     1     0     1     1     0     8    1
tcpcb      736       10    0        5     1     0     1     1     0     8    0
arp        136       18    0        0     1     0     1     1     0     8    0
inpcb      328       67    0       57     1     0     1     1     0     8    0
nd6        152       24    0        0     1     0     1     1     0     8    0
kcovpl      48        8    0        0     1     0     1     1     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      452    0        0    29     0    29    29     0     8    0
art_table   40      453    0        0     5     0     5     5     0     8    0
art_node    32      111    0       11     1     0     1     1     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino2pl    256     1572    0       62    95     0    95    95     0     8    0
ffsino     296     1572    0       62   117     0   117   117     0     8    0
nchpl      144     1785    0       88    63     0    63    63     0     8    0
vnodes     216     1653    0        0    92     0    92    92     0     8    0
namei      1024    5149    0     5149     2     0     2     2     0     8    2
percpumem   16       50    0        0     1     0     1     1     0     8    0
kstatmem   264       24    0        0     2     0     2     2     0     8    0
scxspl     216     5967    0     5967     3     1     2     2     1     8    2
plimitpl   152       36    0       11     1     0     1     1     0     8    0
sigapl     424      437    0      383     7     0     7     7     0     8    0
knotepl    120       61    0        0     2     0     2     2     0     8    0
kqueuepl   224       30    0       14     1     0     1     1     0     8    0
pipepl     344      110    0       83     3     0     3     3     0     8    0
fdescpl    528      421    0      383     4     0     4     4     0     8    0
filepl     160     1475    0     1182    13     0    13    13     0     8    0
lockfpl    104       78    0        9     2     0     2     2     0     8    0
lockfspl    48        7    0        3     1     0     1     1     0     8    0
sessionpl  144       21    0        5     1     0     1     1     0     8    0
pgrppl      48       30    0        5     1     0     1     1     0     8    0
ucredpl    104       99    0       80     1     0     1     1     0     8    0
zombiepl   144      383    0      383     1     0     1     1     0     8    1
processpl  1232     437    0      383     5     0     5     5     0     8    0
procpl     664      465    0      395     6     0     6     6     0     8    0
sockpl     752      137    0      109     4     0     4     4     0     8    0
mcl64k     65536      1    0        0     1     0     1     1     0     8    0
mcl16k     16384      1    0        0     1     0     1     1     0     8    0
mcl12k     12288      1    0        0     1     0     1     1     0     8    0
mcl8k      8192       2    0        0     1     0     1     1     0     8    0
mcl4k      4096     118    0        0    15     0    15    15     0     8    0
mcl2k      2048      17    0        0     3     0     3     3     0     8    0
mtagpl      96        3    0        0     1     0     1     1     0     8    0
mbufpl     256      165    0        0    11     0    11    11     0     8    0
bufpl      280     2358    0      119   160     0   160   160     0     8    0
anonpl      32     5508    0        0    45     0    45    45     0   246    0
amapchunkpl 152    8806    0     7944    34     0    34    34     0   158    0
amappl16   200     1971    0     1954     5     0     5     5     0     8    3
amappl15   192       12    0       12     1     0     1     1     0     8    1
amappl14   184        9    0        9     1     0     1     1     0     8    1
amappl13   176      393    0      392     1     0     1     1     0     8    0
amappl12   168      750    0      703     3     0     3     3     0     8    0
amappl11   160        6    0        5     1     0     1     1     0     8    0
amappl10   152       43    0       33     1     0     1     1     0     8    0
amappl9    144      248    0      248     1     0     1     1     0     8    1
amappl8    136       30    0       29     1     0     1     1     0     8    0
amappl7    128       72    0       71     1     0     1     1     0     8    0
amappl6    120      282    0      271     1     0     1     1     0     8    0
amappl5    112       69    0       62     1     0     1     1     0     8    0
amappl4    104      363    0      340     1     0     1     1     0     8    0
amappl3     96     1340    0     1202     4     0     4     4     0     8    0
amappl2     88      503    0      447     2     0     2     2     0     8    0
amappl1     80     8711    0     8138    14     0    14    14     0     8    0
amappl      88     2398    0     2194     5     0     5     5     0    92    0
uvmvnodes   80       99    0        0     3     0     3     3     0     8    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      72        2    0        0     1     0     1     1     0     8    0
uaddrrnd    24      421    0      383     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24      421    0      383     1     0     1     1     0     8    0
vmmpekpl   168     4945    0     4913     2     0     2     2     0     8    0
vmmpepl    168    34683    0    32578    94     0    94    94     0   357    1
vmsppl     488      420    0      383     7     1     6     6     0     8    0
rwobjpl     80    13071    0    12112    22     0    22    22     0     8    0
pdppl      4096     850    0      766   110    10   100   100     0     8   16
pvpl        32    13921    0        0   113     0   113   113     0   265    0
pmappl     256      420    0      383     4     1     3     3     0     8    0
extentpl    40       45    0       27     1     0     1     1     0     8    0
phpool     112      281    0       13     8     0     8     8     0     8    0
ddb{1}> machine ddbcpu 0
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
x86_ipi_db(ffffffff837cfff0) at x86_ipi_db+0x27
x86_ipi_handler() at x86_ipi_handler+0xd9
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83a127c0) at __mp_lock+0x192
syscall(ffff800034bfc260) at syscall+0xaf4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c9cf53a92b0, count: 9
ddb{0}> trace
x86_ipi_db(ffffffff837cfff0) at x86_ipi_db+0x27
x86_ipi_handler() at x86_ipi_handler+0xd9
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83a127c0) at __mp_lock+0x192
syscall(ffff800034bfc260) at syscall+0xaf4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c9cf53a92b0, count: -6
ddb{0}> machine ddbcpu 1
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
db_enter() at db_enter+0x25
panic(ffffffff833b03e7) at panic+0x1e5
__assert(ffffffff833f1046,ffffffff8333fc7a,4d4,ffffffff8341c20c) at __assert+0x29
uvm_pagewire(fffffd80088d6700) at uvm_pagewire+0x1cd
uvm_fault_upper(ffff80003a402970,ffff80003a4029a8,ffff80003a402870) at uvm_fault_upper+0x409
uvm_fault(fffffd806c720400,200000000000,2,3) at uvm_fault+0x198
uvm_fault_wire(fffffd806c720400,200000000000,200000200000,3) at uvm_fault_wire+0x73
uvm_map_pageable_wire(fffffd806c720400,fffffd806c6714c8,fffffd806c671030,ffff800032fe2028,0,0) at uvm_map_pageable_wire+0x3dc
sys_mlock(ffff800032fe2028,ffff80003a402c90,ffff80003a402be0) at sys_mlock+0x23d
syscall(ffff80003a402c90) at syscall+0xb17
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa003f2c70a0, count: 4
ddb{1}> trace
db_enter() at db_enter+0x25
panic(ffffffff833b03e7) at panic+0x1e5
__assert(ffffffff833f1046,ffffffff8333fc7a,4d4,ffffffff8341c20c) at __assert+0x29
uvm_pagewire(fffffd80088d6700) at uvm_pagewire+0x1cd
uvm_fault_upper(ffff80003a402970,ffff80003a4029a8,ffff80003a402870) at uvm_fault_upper+0x409
uvm_fault(fffffd806c720400,200000000000,2,3) at uvm_fault+0x198
uvm_fault_wire(fffffd806c720400,200000000000,200000200000,3) at uvm_fault_wire+0x73
uvm_map_pageable_wire(fffffd806c720400,fffffd806c6714c8,fffffd806c671030,ffff800032fe2028,0,0) at uvm_map_pageable_wire+0x3dc
sys_mlock(ffff800032fe2028,ffff80003a402c90,ffff80003a402be0) at sys_mlock+0x23d
syscall(ffff80003a402c90) at syscall+0xb17
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa003f2c70a0, count: -11